Privacy Policy

Privacy Policy

This privacy policy explains to you what data we collect, process and use, and for which purposes, when you access and use our website

1. Responsibility and data protection officer

The responsibility for the lawful collection, processing and use of the data vests in

HARTE-BAVENDAMM Rechtsanwälte Partner­schaftsgesellschaft mbB,
Am Sandtorkai 77, 20457 Hamburg, Germany, email:,
Tel: +49 (0)40-60 56 29 30, Fax: +49 (0)40-60 56 29 399.

Our data protection officer is Janna F. Thomsen, Attorney at Law. She may be contacted by email at and under above address.

2. Processed data and purposes of processing

a) Visiting our website

During your visit to our website, certain data that the device you are using automatically transmits to the server of our website are recorded and temporally stored in a log file until such file is automatically deleted. This includes the time of access, the Internet protocol address (IP address), the website by which access is made (referrer URL), the Internet service provider, the webpages or files accessed and the browser and operating system used.

These data are not processed to identify you or to draw any other conclusions about you identity. Rather, we process these data only for administrative purposes, in particular to ensure a trouble-free connection and a comfortable use of our website as well as to monitor, evaluate and continuously improve the general system security and stability.

The legal basis for the processing of these data is Article 6(1) point (f) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). Our legitimate interest follows from the purposes listed above.

b) Contacting us

You can contact us via the e-mail addresses and other contact options shown on our website and send us enquiries or, for example, job applications. If you contact us by e-mail, we record your e-mail address so that we can reply to you. Your e-mail address and any other personal data that you send us in this way will be used only to process your respective enquiry.

Legal basis for the processing of these data are Article 6(1) point (b) or point (f) GDPR and, in the case of voluntary consent, Article 6(1) point (a) GDPR.

3. Cookies

We use cookies to optimize user-friendliness and as part of the security architecture of our website. Cookies are small files that your Internet browser automatically creates and saves when you access our website. The cookies placed by us do not cause any damage to your devices and do not contain viruses, Trojans or other malware.

Specifically, we place a cookie (“pll_language”) that stores the last language setting you made during your last visit of our website. The expiration time of this cookie is one year. In addition, our website management software places certain temporary cookies that are used exclusively for security analysis and defense against malicious attacks on our website. Their expiration time is 30 minutes (“wfvt_[…]”) or 24 hours (“wordfence_verifiedHuman”) respectively.

Most browsers are set by default to accept cookies automatically. However, you can configure your browser to accept no or only certain cookies or to display a message before a new cookie is stored. You can also delete stored cookies manually or have them deleted automatically at any time. Instructions to manage cookies usually can be found via the help function integrated in your browser. Please note that not all functions of our website may be available if you deactivate the acceptance of cookies.

The processing of data by means of cookies for the above-mentioned purposes has its legal basis in Article 6(1) point (f) GDPR as it is necessary for the purposes of legitimate interests pursued.

4. Google Maps/Google Earth

On our website we use the “Google Maps/Google Earth” service to display our location and driving directions (route planning). The service is being operated by Google LLC based in Mountain View (USA). Already when you open the respective webpages Google places its own cookies on your device in order to record and process certain user data when displaying the embedded map and its associated functions, such as the route planner. For further details on the cookies used and the data processed by Google, we refer to the Google Maps/Google Earth Additional Terms of Service and the documents mentioned and linked therein.

Please note that cookies placed by “Google Maps/Google Earth” are not deleted when you close your browser, but only expire after a certain period of time. You can prevent the use of “Google Maps/Google Earth” service and the resulting data processing by Google through deactivating Java script in your browser prior to opening our website. You can also configure your browser so that it does not accept cookies. Please refer to Section 3.

5. Passing on of data

For certain technical processes of data processing we use the support of external service providers (e.g. for programming, maintenance and hosting of our website). Our service providers have been carefully selected and they process data only on our behalf and in accordance with our instructions.

Otherwise, your personal data will not be transmitted to third parties for purposes other than those listed below. We will only pass on your personal data to third parties, if and to the extent

  • you have given consent pursuant to Article 6(1) point (a) GDPR; or
  • it is necessary pursuant to Article 6(1) point (b) GDPR for the performance of a contract with you or in order to take steps at your request prior to entering into a contract; or
  • it is necessary pursuant to Article 6(1) point (c) GDPR for compliance with a legal obligation; or
  • it is necessary pursuant to Article 6(1) point (f) GDPR for the purposes of the legitimate interests pursued, as it may be the case when establishing, exercising or defending legal claims, and there is no reason to assume that you have an overriding legitimate interest that your data is not being passed on.

6. Term of storage

Personal data we collect during your visit of our website will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored for a longer period of time if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. These data will also be blocked or deleted if a storage period set forth by any of the aforementioned provisions expires, unless there is a need to store the data longer in view of concluding or performing a contract.

7. User’s rights

You have the right:

  • pursuant to Article 15 GDPR to request information about your personal data that is processed by us. In particular, you can request information on the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored; the right to request rectification or erasure or restriction of processing or to object to processing; the right to lodge a complaint; the source of data, where the personal data are not collected from you; and the existence of automated decision-making, including profiling, and about the logic involved, as well as the significance and the envisaged consequences;
  • pursuant to Article 16 GDPR, to obtain without undue delay rectification of incorrect or completion of incomplete personal data stored by us;
  • pursuant to Article 17 GDPR, to demand the erasure of your personal data stored by us, except where processing is required for the exercise of the right to freedom of expression and information; for compliance with a legal obligation; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defense of legal claims;
  • pursuant to Article 18 GDPR, to demand the restriction of the processing of your personal data where the accuracy of the personal data is contested by you; the processing is unlawful and you oppose the erasure; we no longer need the data and you need it for for the establishment, exercise or defense of legal claims; or you have objected to processing in accordance with Art. 21 GDPR;
  • pursuant to Article 20 GDPR to receive the personal data that you provided to us in a structured, commonly used and machine-readable format and the right to transmit those data without hindrance from us to another controller;
  • pursuant to Article 7(3) GDPR to withdraw your consent to us at any time. As a result, we will not continue processing data based on this consent in the future; and
  • pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

8. Right to object and withdrawal of consent

In accordance with Article 21 GDPR, you have the right to object at any time to the processing of personal data concerning you,

  • where our processing is based on legitimate interests pursuant to point (e) or (f) of Article 6 GDPR, but there are conflicting grounds relating to your particular situation; or
  • where the processing is for direct marketing purposes, in which case no particular grounds have to exist to implement your objection.

If you would like to exercise your right of objection or withdraw any consent given to us, you can send an email to

9. Data security and location of processing

We use the common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the status bar of your browser.

We also apply suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Unless otherwise described herein, your personal data will be processed on systems located within the territorial scope of the GDPR.

10. Status and changes

This privacy policy is up-to-date and in force since May 2018.

Future changes to our website and offers or to the legal or regulatory requirements may make it necessary to also amend this privacy policy.  We will always publish the most current privacy policy to our website at, from where you can review and print it.