Privacy Policy

The controller within the meaning of data protection law is: Julius Grimm, Seelower Str. 5, 10439 Berlin, julius.grimm@ipm.law. Full contact details are available in our Legal Notice.

This privacy policy informs you (referred to below also as "user" or "data subject") in general terms about the processing of personal data in our law firm and in particular about the processing of data when you visit our website, contact us via our website contact form, contact us by email or telephone, or register to receive our newsletter. We also inform you about our social media presence and your rights in relation to the processing of your data. The term "data processing" always refers to the processing of personal data.

1. General information on data processing

1.1 Categories of personal data

We process the following categories of personal data:

  • Master data (e.g. names, addresses, roles, organisational affiliation, etc.)
  • Contact data (e.g. email addresses, telephone/fax numbers, etc.)
  • Content data (e.g. text input, image files, videos, etc.)
  • Usage data (e.g. access data)
  • Meta/communication data (e.g. IP addresses)

1.2 Recipients or categories of recipients of personal data

Where we disclose, transmit or otherwise grant access to personal data to other persons or companies (such as web hosts, processors or third parties) in the course of our processing activities, this is done on the basis of a legal permission (e.g. where transmission to third parties is necessary for the performance of a contract pursuant to Art. 6(1)(1)(b) GDPR), where data subjects have consented, or where a legal obligation requires it.

1.3 Duration of storage of personal data

The criterion for the duration of storage of personal data is the applicable statutory retention period. After expiry of the relevant period, the data concerned is deleted, provided it is no longer required for the fulfilment of the purpose, performance of a contract, or initiation of a contract.

1.4 Transfers to third countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in the context of using third-party services or disclosing or transferring data to third parties, this only takes place where it is necessary for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we only process or permit the processing of data in a third country where the specific conditions of Arts. 44 et seq. GDPR are met, i.e. on the basis of specific guarantees, such as an officially recognised finding of a level of data protection equivalent to that of the EU, or compliance with officially recognised specific contractual obligations (so-called "standard contractual clauses").

2. Data processing in connection with visits to our website

2.1 Log files

Each time a data subject accesses our website, general data and information are stored in the log files of our system:

  • Date and time of access (timestamp)
  • Information about the browser type and version used
  • The operating system (system configuration) of the user
  • IP address of the device used to access the website
  • The website previously visited by the user
  • Request details and target address (protocol version, HTTP method, referrer, user agent string)
  • Name of the retrieved file and volume of data transferred (requested URL including query string, size in bytes)
  • Confirmation of whether the retrieval was successful (HTTP status code)

We do not draw any conclusions about the data subject from the use of this general data and information. No personal evaluation, evaluation for marketing purposes, or profiling takes place.

The legal basis for the temporary storage of data is Art. 6(1)(1)(f) GDPR. The collection of data to provide the website and the storage of data in log files is strictly necessary for the secure operation of our website. The data subject therefore has no right to object.

2.2 Malware detection and log data analysis

We collect log data generated during the operation of our law firm's communication technology and analyse it in an automated manner to the extent necessary to detect, contain or eliminate disruptions or errors in the communication technology or to defend against attacks on our information technology or to detect and defend against malicious software.

The legal basis for the temporary storage and analysis of data is Art. 6(1)(1)(f) GDPR. The storage and analysis of data is strictly necessary for the provision and secure operation of the website. The data subject therefore has no right to object.

2.3 Cookies

Our website uses so-called cookies. Cookies are small text files exchanged between the web browser and the hosting server. Cookies are stored on the user's computer and transmitted to our site. You can restrict or generally prevent the use of cookies through the appropriate settings in your browser. Cookies already stored can be deleted at any time. If cookies are disabled for our website, it may not be possible to display or use the website in its full scope.

The legal basis for the processing of personal data using cookies is Art. 6(1)(1)(f) GDPR.

2.4 Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the purpose of operating our website.

In this context, we or our processors process master data, contact data, content data, contract data, usage data, and meta and communication data of users of our website on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

3. Data processing in connection with contact

3.1 Contact by email

You may contact our law firm by email using the email addresses published on our website. Where you use this means of contact, the data you transmit (e.g. name, first name, address), at minimum your email address and the information contained in the email together with any personal data you transmit, will be stored for the purpose of handling your enquiry. In addition, the following data is collected by our system:

  • IP address of the accessing computer
  • Date and time of the email

The legal basis for the processing of personal data transmitted to us by email is Art. 6(1)(1)(b) or (f) GDPR.

3.2 Contact via website contact form

Where you use the contact form provided on our website, you are required to provide your first name, surname and email address. Without this information, your enquiry submitted via the contact form cannot be processed. The provision of your postal address is optional and, where requested by you, enables us to process your enquiry by post. In addition, the following data is collected by our system:

  • IP address of the accessing computer
  • Date and time of registration

The legal basis for the processing of personal data transmitted to us via contact forms is Art. 6(1)(1)(b) or (f) GDPR.

3.3 Contact by letter or fax

Where you send us a letter or fax, the data you transmit (e.g. name, first name, address) and the information contained in the letter or fax together with any personal data you transmit will be stored for the purpose of handling your enquiry.

The legal basis for the processing of personal data contained in letters and faxes sent to us is Art. 6(1)(1)(b) or (f) GDPR.

4. Data processing in connection with our newsletter

Where you subscribe to our newsletter, your email address and the newsletter you have selected are stored by us on a server. In addition, the following data is collected by the system upon registration:

  • IP address of the accessing computer
  • Date and time of registration

Your consent is obtained during the registration process and reference is made to this privacy policy. The data is processed on the basis of your consent pursuant to Art. 6(1)(1)(a) GDPR and in the context of our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR.

We use this data exclusively for the purpose of sending the newsletter. We do not pass your data on to third parties or use it for any other purposes of our own. Upon registration, your data is stored on our servers. A message is then generated containing a link to confirm the registration sent to the email address provided (so-called double opt-in procedure). If you do not confirm the registration by clicking the link in this email, the data will be deleted after 24 hours. Only upon confirmation of the link in the email will your data be stored for the purpose of sending the newsletter for the duration of your use of our service. This ensures that the newsletter was requested by you and not by a third party.

If you no longer agree to the storage of your data for this purpose and therefore no longer wish to use our service, you may unsubscribe from our newsletter at any time. A corresponding link can be found in each newsletter. The personal data you provided for the purpose of receiving the newsletter will then be deleted.

5. Social media presence

We maintain a presence on social networks (including LinkedIn) in order to inform users active on those platforms about our services and to communicate via those platforms where there is interest. Our social media channels can only be accessed via an external link. Once you access our social media profile on the relevant network, the terms and conditions and data processing policies of the respective operator apply.

We have no influence over the collection of data and its further use by social networks. We have no knowledge of the extent to which, where, or for how long data is stored, whether the networks comply with existing deletion obligations, what analyses and links are made with the data, or to whom the data is passed on. We therefore expressly draw attention to the fact that your data (e.g. personal information, IP address) is stored by the network operators in accordance with their data usage policies and used for commercial purposes.

We process data in relation to social media presences insofar as comments or direct messages are directed to us via those presences. The legal basis for the processing of data following consent by the user is Art. 6(1)(1)(a) GDPR.

6. Your rights

As a data subject, you have the following rights in connection with the processing of your personal data:

6.1 Right of access pursuant to Art. 15 GDPR

(1) The data subject has the right to obtain from the controller confirmation as to whether personal data concerning them is being processed; where this is the case, they have a right of access to such personal data and to the following information: a) the purposes of processing; b) the categories of personal data being processed; c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request rectification or erasure of personal data or restriction of processing by the controller, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data is not collected from the data subject, any available information as to its source; h) the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.

(2) Where personal data is transferred to a third country or an international organisation, the data subject has the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

6.2 Right to rectification pursuant to Art. 16 GDPR

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

6.3 Right to erasure pursuant to Art. 17 GDPR

(1) The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies: a) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed. b) The data subject withdraws consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and where there is no other legal basis for the processing. c) The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR. d) The personal data has been unlawfully processed. e) The erasure of personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject. f) The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

(2) Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase it, the controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure of any links to, or copies or replications of, that personal data.

(3) Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; c) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR; d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1), in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise or defence of legal claims.

6.4 Right to restriction of processing pursuant to Art. 18 GDPR

(1) The data subject has the right to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; c) the controller no longer needs the personal data for the purposes of processing, but it is required by the data subject for the establishment, exercise or defence of legal claims; or d) the data subject has objected to processing pursuant to Art. 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.

(2) Where processing has been restricted pursuant to paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

6.5 Right to data portability pursuant to Art. 20 GDPR

(1) The data subject has the right to receive the personal data concerning them which they have provided to a controller in a structured, commonly used and machine-readable format, and has the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where: a) the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and b) the processing is carried out by automated means.

(2) In exercising the right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6.6 Right to object pursuant to Art. 21 GDPR

The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, the data subject may exercise the right to object by automated means using technical specifications, notwithstanding Directive 2002/58/EC.

6.7 Right to withdraw consent pursuant to Art. 7(3) GDPR

The data subject has the right to withdraw their consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them infringes this Regulation.