• Clients and their employees and board members (e.g. employees, freelancers, board members, managing directors, supervisory board members, advisory board members),
• third parties whose personal data we require for the processing of the mandate. These include shareholders, partners, board members or employees of the client, business and contractual partners as well as consultants of the client, (potential) opponents in a legal dispute and their legal advisors as well as the employees and board members of the aforementioned persons and bodies,
• employees of authorities and courts,
• witnesses and experts,
• business partners and their employees,
• interested parties and participants of our events.

• Contact information, in particular salutation, first and last name, title if applicable, address, telephone number (landline and/or mobile), e-mail address,
• details of professional activity,
• bank account details,
• information on income and financial circumstances,
• other personal data that are required in the context of the processing of the mandate for the determination and legal assessment of the facts and the appropriate legal advice and representation of the client.

• Clients,
• business partners,
• courts and authorities (e.g. in the context of file inspection and/or information),
• publicly accessible sources (public registers, Internet searches),
• other third parties (e.g. parties to proceedings, witnesses).

We process personal data pursuant to Art. 6 para. 1 sentence  1 lit. b of the EU General Data Protection Regulation (hereinafter “GDPR”) which is necessary to process the relevant order and to satisfy the obligations under the mandate agreement or notary’s duties, particularly for our consultancy activities, correspondence, invoicing and for drawing up notarized documents and implementing these. This includes title, first name, last name, a valid email address, street address, phone number (landline and/or mobile), account information. The notary will also usually process the civil status as well as the nationality of the customer.

We can process personal data for advertising our own services; this is a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. You can object to this processing at any time.

If you make use of your right of objection, we save the address data mentioned in order to implement your objection in a “blocking” list. If you wish your data to be completely deleted, we would like to point out that in the event of a new collection of your data, your objection may not be known and your data may again be processed for advertising purposes.

The personal data collected will be stored until the statutory retention periods (inter alia, under the German Commercial Code, hereinafter “HGB”, the German Penal Code, hereinafter “StGB”, or the German Tax Code, hereinafter “AO”)expire and will then be deleted unless you have consented to retention beyond this period in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or if the purpose of data processing has not yet ceased to apply; in these cases, the personal data will be locked until the purpose ceases to exist and will then be deleted.
For attorneys, the statutory retention requirement is six years after the end of the calendar year in which the mandate ended.

For notaries, §5 (4) of the Official Regulations for Notaries provides that the register of documents, inheritance testaments, list of names for registration and record keeping including separately stored inheritance contracts are to be kept for a period of 100 years. Other notarial files, books and directories are subject to retention periods of between five and 20 years.

• concerning real estate law: to municipalities and cities, the tax office, land registry, third-party beneficiaries to be ascertaine from the land register, financing banks, administrators of a condominium community and, where appropriate, other competent authorities responsible for granting statutory permits;
• concerning company law: to the commercial register, tax office, financing banks;
• concerning family and inheritance law: to the Federal Chamber of Notaries (pension register, wills register), the respective district court (property rights register) and / or probate court.

Subject to certain conditions, you have the right to receive information free of charge concerning the personal data stored by us, to have incorrect data rectified and to demand the erasure, restriction of processing and portability of your personal data. 

You can object to the use of your data for direct marketing purposes at any time with effect for the future; you may also object to the use of the data based on Art. 6 para. 1 lit. e or f GDPR for reasons relating to your particular situation at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic tariffs. 

However, in some cases we are not allowed to delete user data completely due to statutory retention requirements. To the extent that we process data based on your consent, you may withdraw the consent at any time with effect for the future.

We also wish to refer you to your right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is the State Commissioner for Data Protection and Freedom of Information (Landesdatenschutzbeauftragter) in Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.

Update: September 19, 2022

1. Disclosure of data to third parties
2. Storage period
3. Your rights

1. Logs
2. Consent Management Tool
3. Cookies to provide the website

1. Matomo

1. Contact
2. Advertising measures

1. General information about company pages, legal basis
2. Agreements according to Art. 26 GDPR

1. Disclosure of data to third parties

Your personal data will only be disclosed to third parties if this is permitted by data protection law, in particular if you have consented to the disclosure (§ 25 para. 1 p. 1 TTDSG or Art. 6 para. 1 S. 1 lit. a GDPR), the disclosure is necessary for the purpose of contract performance (Art. 6 para. 1 S. 1 lit. b GDPR) or is absolutely essential in order to provide you with an expressly requested service (§ 25 para. 2 Nr. 2 TTDSG).

In addition to the recipients mentioned above, personal data may be passed on to our website administrator, anders und sehr GmbH, Heßbrühlstraße 7, 70565 Stuttgart, Germany. The website is hosted exclusively on servers within the EU via a German service provider Host Europe GmbH, Hansestraße 111, 51149 Cologne. In both cases, the service providers are not only bound by instructions in accordance with data protection law but also not permitted to use the data for any other purpose.

2. Storage period

The personal data processed by us will be stored for as long as required for the respective purpose – in particular the processing of your request or your contract – in compliance with the statutory retention periods (e.g. in accordance with the German Commercial Code and the German Fiscal Code, ten years for tax-relevant documents and six years for other business letters) (Art. 6 para. 1 p. 1 lit. c GDPR). Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or § 25 para. 1 p. 1 TTDSG or the purpose of the data processing has not yet ceased.

3. Your rights

3.1 Disable cookies

Some of the processing operations explained previously use cookies. If you do not want this, you can disable the storage of cookies on your hard drive in your browser settings. You can also delete cookies from your browser settings at any time. However, in this case you may not be able to use all functions of our website to their full extent.

3.2 Right of  withdrawal

Some of the processing operations explained above are only carried out with your consent. You can withdraw your consent to the performance of these processing operations at any time with effect for the future. In this case, you may no longer be able to use our services as usual until you have again consented to the respective data processing. You can exercise your right of withdrawal via our Consent Management Tool (CMT). In this way, you can also consent again to individual data processing operations. You can open the CMT at any time via the "fingerprint icon ".

3.3 Right of objection

You may object to the use of personal data for direct marketing purposes at any time; you may also object to the use of personal data on the basis of Art. 6 para. 1 p. 1 lit. f GDPR for reasons arising from your particular situation at any time with effect for the future, without incurring any transmission costs other than those according to the basic rates.

3.4 Right of access, rectification, erasure or restriction and portability

Under the conditions of Art. 15 to 20 GDPR, you have the right to receive information free of charge about the data we have stored about you, to have incorrect data rectified and to demand erasure, restriction of precessing and portability of your personal data. In some cases, however, we are not allowed to delete user data completely due to legal retention obligations.

3.5 Right of appeal

You have a right of appeal to a supervisory authority. The supervisory authority responsible for us is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.

In some cases, the processing of data is absolutely essential in order to be able to provide our website without technical or functional restrictions and in accordance with legal requirements. In these cases, data is also processed if you have refused any additional data processing via the Consent Management Tool.

1. Logs

When our website is visited, a so-called “log file” is automatically created by the server. This contains, among other information, the date and time of access, browser type and version, operating system and version, IP address, requested domain and the previously visited website.

The data processing is absolutely necessary to ensure the availability and correct display of our website on your end device. In addition, the log files can be used to identify cyber attacks and thus ensure the accessibility of our websites. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

2. Consent Management Tool

Our website uses a Consent Management Tool (“CMT”) to obtain and document your consent to data processing by various services.

When you open our website, you can give consent via the CMT for individual data processing, which is stored by the CMT. For this purpose, the CMT generates a so-calles "Controller ID" and also stores information in session storage and local storage of your browser:

Session-Storage:

uc_user_country: Records your country and region in order to display the output language of the Usercentrics interface in the appropriate language; Deleted after the session expires; There is no access by third parties to the processed data.

Local-Storage:

uc_tcf: Helps to request and transmit the user consent; Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.

uc_settings: Contains your settings in Usercentrics for consenting to different data processing operations as well as the time of your consent/refusal; Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.

uc_user_interaction: Stores whether you have already selected a setting for your data processing preferences (i.e. whether you have already interacted with the CMT); Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.

This information, which is linked to the Controller ID, can be used to track which data processing by which services you have consented to or not consented to when you reopen the website. This way, you do not have to enter your settings for consenting to individual data processing operations again with each visit. For this purpose, the storage of the listed information on your end device is absolutely necessary (Section 25 para. 2 nr. 2 TTDSG (German Act to regulate data protection and priacy in telecommunications and telemedia).

Of course, you can also change your selection subsequently via the settings. You can open the CMT at any time via the “fingerprint icon”.

3. Cookies to provide the website

When you open our website, cookies, i.e. small text files, may be stored on your computer:

• PHPSESSID: Assignment of an ID for the current session - this is standard for PHP-based websites; cookie and session ID are deleted again when the website is closed; third parties have no access to the processed data.

1. Matomo

The service Matomo is is an open source software that we have integrated on our website by ourselves. Data processing by the service only takes place after you have consented to this via the CMT.

The service collects this information about your end device and your visit to our website: Your end device's IP address (anonymized immediately after collection), date and time of first, last, and current access to our website, total number of visits to our website, location, and language settings of your end device. In addition, the service assigns a user ID to your terminal device. For this purposes, cookies are stored on your computer. These are the following cookies:

• _pk_id…: Stores the visitor's session ID associated with Matomo; Storage period: 13 months; There is no access by third parties to the processed data.
• _pk_ses…: Stores information about the current session; Deleted after the session expires; There is no access by third parties to the processed data.
• _pk_ref…: Stores the website that the user visited before our website (referrer); storage period: 6 months; There is no access by third parties to the processed data.
• MATOMO_SESSID: Temporary cookie needed for security reasons for the execution of the opt-out; Deleted after the session expires; There is no access by third parties to the processed data.

• matomo.org/gdpr-analytics
• matomo.org/faq/general/faq_18254

Wir haben den nachfolgend aufgeführten Dienst in unsere Website eingebunden. Eine Datenverarbeitung durch diesen Dienst erfolgt nur, soweit Sie über das Consent Management Tool (CMT) eingewilligt haben. Über das CMT können Sie Ihre einmal erteile Einwilligung jederzeit widerrufen, Lesen Sie hierzu auch Ziffer A.3.2.

Read here what data is processed when you contact us or use functions of the website.

1. Contact

We collect personal data when you provide it to us. This can be, for example, data that you transmit to us in the course of contacting us.

The processing of this data is based on Art. 6 para. 1 p. 1 lit. b GDPR, insofar as this is necessary for the execution of a measure requested by you. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 p. 1 lit. f GDPR).

2. Advertising measures

We have a legitimate interest in the use of your data for direct marketing purposes within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR.

If you have consented (Art. 6 para. 1 p. 1 lit. a GDPR), your data will also be processed for the sending of an e-mail-newsletter. CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, is used in part for sending newsletters by e-mail. Winkhardt + Spinder GmbH & Co. KG, Ernsthaldenstraße 53, 70565 Stuttgart, Germany, is used in part for sending newsletters by mail. In each case, this is a service provider bound by instructions, which is obligated in accordance with the data protection regulations and may not use the data for any other purpose.

You can unsubscribe from an e-mail-newsletter at any time and thus withdraw your consent to the sending of the newsletter with effect for the future by contacting us either via the link provided for this purpose in every e-mail-newsletter or directly via newsletter-cancel(at)brp.de. In addition, you can object to the processing of your personal data for advertising purposes with effect for the future in writing, by fax, by e-mail or by telephone, without incurring any costs other than the transmission costs according to the basic rates. The lawfulness of the data processing operations already carried out remains unaffected by this.

If you exercise your right to object, we will store the address data mentioned in a “block list” to implement your objection. If you wish your data to be deleted completely, we would like to point out that if your data is collected again, processing for advertising purposes may occur again due to lack of knowledge of your objection.

• “Facebook”: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
• “LinkedIn”: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
• “Xing”: New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland

1. General information about company pages, legal basis

When visiting a company page, the respective provider collects information that enables it to recognize users and comprehensively analyze user behavior. Based on the data collected in this way, the operator of the social media platform can also create user profiles. If you are logged in with your corresponding social media account when visiting a company page, the respective provider can also assign this visit to your account.

The respective provider merely provides us with an anonymized statistical evaluation of the use of our company website based on the information obtained. This enables us to make our contributions even more targeted in the future. In this respect, we have a legitimate interest in collecting and processing this information. In addition, we have a legitimate interest in being able to use as many communication options as possible and thus reach as many interested parties personally as possible. The legal basis for the operation of a company page is in this respect Art. 6 para. 1 p. 1 lit. f GDPR.

We do not ourselves pass on to third parties any personal data that we collect via our company pages. However, we can neither influence nor exclude the possibility that the named providers transmit the collected data to third parties - in particular to their partner companies, which may also be based in countries outside the EU. In many third countries outside the EU, there is currently no level of data protection that corresponds to the EU.

In principle, you can assert your data subject rights (see also under A.5) with regard to data processing by our company pages both against us and against the respective provider. However, we would like to point out that these can be asserted most effectively with the respective provider. This is because only the respective provider has access to the users' data and can take appropriate measures and provide information directly.

For more information on data processing by the respective provider, see:

• www.facebook.com/settings?tab=ads
• Meta Cookies Policy
• Meta Privacy Policy - How Meta collects and uses user data

• https://www.linkedin.com/legal/privacy-policy
• https://www.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
• https://www.linkedin.com/psettings/guest-controls?trk=homepage-basic_footer-guest-controls

• https://privacy.xing.com/de
• https://privacy.xing.com/de/datenschutzerklaerung

2. Agreements according to Art. 26 GDPR

We have concluded an agreement with Facebook and LinkedIn pursuant to Art. 26 GDPR in which the data protection obligations arising from the operation of our company website are divided between us and the respective provider. The providers have thereby assumed a large part of the data protection obligations, such as the fulfillment of the data subject rights pursuant to Art. 12-23 GDPR, the obligation to provide suitable technical and organizational measures to protect the security of personal data, and the reporting and notification obligations in the event of a data protection breach. If you contact us regarding your data subject rights, we will immediately forward your request to the respective provider. We are obligated to do so under the agreement with the respective provider.

For more information on the agreement between us and the respective provider, please see:

• https://www.facebook.com/legal/terms/page_controller_addendum
• https://www.linkedin.com/help/linkedin/answer/124838?lang=de
• https://legal.linkedin.com/pages-joint-controller-addendum

We process personal data that you voluntarily share with us as part of the application process – particularly first and last name, address, email address, date of birth, place of birth, occupation, curriculum vitae, references and other categories of personal data (e.g. information about religious beliefs or health-related data). Additional data relevant to the application could be acquired during the application process, which will also be processed. The legal basis for the data processing is § 26 para. 1 sentence 1 of the German Federal Data Protection Act (hereinafter “BDSG”) and Art. 6 para. 1 sentence 1 lit. b of the EU General Data Protection Regulation (GDPR).

Your personal data will only be processed to carry out the application process. In the event that your application is successful, your personal data is transferred to your personnel file. Otherwise, your personal data will be deleted at the latest six months after the application process has ended, unless it is required that your data be processed to establish, exercise or defend legal claims (cf. Art. 17 para. 3 lit. e GDPR).

Your data will only be processed beyond this specific application process if you have expressly consented to your data also remaining stored in our database after the specific application process so that we can contact you at a later time with open positions, where applicable. If we should not contact you anymore, you can withdraw your consent at any time with effect for the future in writing, by email or by phone. Otherwise, we will delete your data after two years. The period will begin anew each time we contact you concerning new positions during this period.

In principle, your personal data is known only to those persons who handle processing your inquiry and sending the newsletter.

Subject to certain conditions, you have the right to receive information free of charge concerning the data that we store concerning you personally, to have incorrect data rectified and to demand the erasure, restriction of processing and portability of your personal data.

To the extent that we process data based on your consent, you may withdraw the consent at any time with effect for the future.

We also wish to refer you to your right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is the State Commisioner for Data Protection and Freedom of Information (Landesdatenschutzbeauftragter) in Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.