Data Protection declaration

Below you can find all the necessary information regarding the handling of your personal data and the data protection practices at my firm.

The following is applicable to all users of and visitors to this website, as well as clients or any other person who comes into contact with my firm.

I. Use of terminology

In regard to the terminology used, refer to the definitions provided by Article 4 of the European GDPR regulation (DSGVO), including the following:

“Personal data” means all information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means. The term is widely applicable and covers practically all dealings with data.

“Controller” means the natural or legal person, public authority, agency or other body to which personal data is disclosed, which alone or together with others decides on the purpose and method of processing said personal data.

II. Responsible entity


Cornelia M. Bauer (specialist lawyer for copyright and media law)

Sonnenallee 34, 12045 Berlin

III. The following types of processed data are concerned:

  • Stock data (e.g. name and surname, address)
  • Contact data (e.g. email address, telephone number)
  • Content data (e.g. textual content, images, contracts)
  • Usage data (e.g. websites visited, time of access)
  • Communication data (e.g. device information, IP addresses)

IV. Data processing occurs for the following purposes

  • Making online advertisements available
  • Facilitating and responding to contact requests and allowing communication with users
  • Working for clients and processing orders
  • Security measures

V. Collection, processing and use of personal data

Visits to the website will not generally require the input of personal data. No cookies are used on the website.

1. Log data

The provider of my website collects the log data of visitors who access the website. Log data includes:

  • IP addresses of devices which have been used to access the website
  • Type of browser with which it was accessed
  • The website which was visited directly before accessing this one
  • System configuration as well as data and time of access

IP addresses are only saved when absolutely necessary for service delivery; otherwise they are deleted or anonymised. Your IP address at the time of visiting my website will be saved by the provider for a maximum of 7 days, for the purposes of identification and security.

This data will never be collated with other sources of data.

Processing of IP addresses is necessary for the technical and administrative purposes of building and maintaining stable connections, in order to guarantee the secure functioning of the website and to be able to track any unlawful attacks if need be.

The legal grounds for the processing of IP addresses may be found under Article 6 Paragraph 1 of the European GDPR. My interest is justified by the previously mentioned security concerns and the necessity of ensuring that the website is able to function without disturbance.

2. Making contact and commissioning legal work

Personal data is otherwise only collected when it is voluntarily submitted in the context of a query or a particular mandate that has been issued to me. I use the collected data exclusively for the purpose for which it was shared, such as for inquiries put to me regarding work for clients.

In particular, I process the

  • stock data and contact data (e.g. name, address, telephone number)
  • contract data (e.g. the subject of a brief)
  • numerical data (e.g. IBAN/SWIFT bank accounts)

of my clients, interested parties and business partners for the purposes of delivery and development of contractual services and briefs. Personal data is never exploited for the purposes of advertising.

VI. Legal basis for data processing

In accordance with Article 13 of the European GDPR, the legal basis for data processing must be made available. Provided that no other legal basis is expressly given, the justification for processing which is necessary to the fulfilment of my client services may be found under Article 6 Paragraph 1 GDPR. Aside from this, Article 6 Section 1 stands as the legal basis for data processing for the preservation of my legitimate interest (e.g. for the fulfilment of retention requirements or for the examination or enforcement of ongoing claims).

In cases where the vital interests of the personal concerned or of another natural person mean that processing personal data becomes necessary, please refer to Article 6 Paragraph 1 GDPR for legal justification. Provided that an agreement to data processing is given from your side, Article 6 Paragraph 1 serves as a sufficient legal basis.

VII. Confidentiality and technical and organisational security measures

Your personal data is treated as strictly confidential and is never passed on to third parties, except for when they are part of the immediate context of a brief or it is necessary for the implementation of a contract.

I offer encrypted email communication with a PGP key. Alternatively, by prior agreement I can send confidential content as a password protected Pdf.

In order to prevent unauthorised access or unauthorised publication or disclosure, I use TLS encryption to ensure the security of the website.

I take appropriate technical and organisation security measures in order to protect your personal data against manipulation, loss or unauthorised access by third parties. These security measures are regularly adjusted to ensure they are up to date and compatible with current technology.

Nevertheless, the security of electronic communication can never be entirely guaranteed. This means that data and voluntarily submitted electronic information is always at risk of being illegal obtained by third parties. I cannot be held responsible or liable for the disclosure of information as a result of errors or unauthorised access to data transmission by third parties.

VIII. Requests for information, rectification and deletion 

You may obtain free data about yourself which has been saved by my firm, such as its origin and purpose for its being stored, at any time and with no obligation to state the reason. By means of a simple message, you can ask for data about yourself which has been collected by my firm to be locked, rectified or deleted. At any time and with no obligation to state the reason, you may withdraw your permission for your data to be collected and used.

You are entitled to request a confirmation of whether personal data has been processed and to request information concerning this data as well as further information and copies of the data, in accordance with Article 15 GDPR. In accordance with Article 16 GDPR you have the right to request completion of data concerning yourself or the rectification of any inaccurate data relating to your person.

Pursuant to Article 17 GDPR, you have the right to request that any relevant data be immediately deleted; alternatively, according to Article 16 GDPR, you may request restrictions on the processing of your data. You have the right to request to obtain data relating to you which you have shared with me, in accordance with Article 20 GDPR, and to request its transmission to other responsible persons.

To this end, you can send an email with the corresponding request to . I am also happy to be contacted by telephone, fax or post.

IX. Right of data portability

You have the right to request that data which I have automatically processed on the basis of your agreement or in the interests of contract fulfilment be issued to yourself or to a third party in a standard, machine-readable format. Please note that requests to communicate data to another responsible person are subject to technical capacity and may not always be possible.

X. Right of revocation 

You are entitled to revoke your consent for your data to be processed, with immediate future effect, according to Article 7 Paragraph 3 GDPR. Legality on the grounds of previously given consent up to the point of revocation is not retrospectively affected by this.

XI. Right of objection

You have the right to object at any time to the future processing of data concerning your person, in accordance with Article 21 GDPR, if the data processing takes place on the grounds laid out in Article 6 Paragraph 1 Section e or f GDPR. The current legal basis on which processing takes place can be inferred from this data protection declaration. If you submit an objection, I will subsequently refrain from processing your personal data, unless there are urgent or protection-related reasons for such processing which outweigh your interests, or if such processing serves the enforcement, implementation or defence of judicial claims.

XII. Duration of storage of personal data 

I process and store personal data only for the period of time necessary to fulfil the purpose of its storage or for as long as the storage is legally prescribed, unless you have given your explicit consent to a different means of data usage.

Any data processed by me is deleted or its processing restricted, pursuant to Article 17 and 18 GDPR. Provided that nothing else is expressly communicated, the data stored by me is deleted as soon as is it no longer needed for its intended purpose and can be deleted without contravening any legal retention obligation. In the case that the data is not deleted, because it is needed for other legally admissible purposes, the amount of processing it undergoes will be restricted. The data is locked and never used for other purposes. This applies to data which, for example, must be retained for reasons relating to tax law.

XIII. Processing, storage and deletion of data in the context of delivery of contractually agreed services

I process stock data and contract data which is communicated to me in the interests of completing work for my clientsandin order to fulfil my contractual duties and offer my services as a solicitor in accordance with Article 6 Paragraph 1 Section b. GDPR.

At the point of making contact with me (e.g. by email or telephone) the user’s data is processed to allow for work on the initial query and development of the case.

Deletion of data occurs after the expiration of legal warranty and other comparable obligations.

According to legal specifications in Germany (50 I S. 2+3 BRAO) client reference files should be retained for the duration of 6 years after the end of the calendar year in which the contract was completed.

Certain tax-related documents (books and records or receipts) must be retained for over 10 years, pursuant to 147 Paragraph 1 AO.

I delete requests which have not resulted in a client relationship or any other business relationship and for which there are no legitimate reasons for their storage at the latest 1 year after they are received. A re-evaluation of the necessity of storing data is conducted annually; in cases where there is a legal duty to archive data, deletion will occur after the expiration of this.

XIX. Transferral of data to third parties

I only ever disclose or transfer personal data to other persons or corporations, or guarantee them access in any way, if you have expressly given your legally binding consent for this to take place (e.g. when such an action is necessary for the implementation of a contract, in accordance with Article 6 Paragraph 1 lit. b GDPR), when it is stipulated as a legal duty, or on the basis of my legitimate interest in it (e.g. legitimate interest in the usage of my web host).

Those who may receive personal data in the context of contractual work are typically:

  • Opponents and opposing lawyers
  • Courts and authorities

Provided nothing to the contrary is expressly indicated, transferrals of personal data to third countries are not envisaged.

XX. Processing of contract data

Commissioning third parties to undertake the processing of data on the basis of a processing contractmay take place exclusively on the basis of Article 28 GDPR.

XXI. No profiling or automated decision-making procedures

Your data will never be used for the purposes of data profiling or any other type of automated decision making.

XXII. Right of complaint

In cases of infringements of data protection rights, the victim is entitled to a complaint in accordance with Article 77 GDPR, to be made to the responsible supervisory authority. The relevant authority for questions relating to data protection for firms located in Berlin is the State Data Protection Commissioner of the federal state of Berlin.