Pri­va­cy po­li­cy


Thank you for your in­te­rest in our firm! Da­ta pro­tec­tion is of very high im­portance to the ma­nage­ment of LE­BUHN & PUCH­TA. The web pa­ges of the firm can be used wi­t­hout any in­di­ca­ti­on of per­so­nal da­ta. Ho­we­ver, if a da­ta sub­ject wants to use par­ti­cu­lar ser­vices of the via our web­site, pro­ces­sing of per­so­nal da­ta can be­co­me ne­ces­sa­ry. If pro­ces­sing of per­so­nal da­ta is ne­ces­sa­ry and the­re is no other le­gal ba­sis for such pro­ces­sing, we will ge­ne­ral­ly ob­tain the con­sent of the da­ta sub­ject.

The pro­ces­sing of per­so­nal da­ta, such as the na­me, ad­dress, email ad­dress, or te­le­pho­ne num­ber of a da­ta sub­ject al­ways ta­kes place in ac­cordance wi­th the coun­try-spe­ci­fic da­ta pro­tec­tion re­gu­la­ti­ons ap­pli­ca­ble to LE­BUHN & PUCH­TA. This da­ta pro­tec­tion state­ment ex­plains why, how and for what pur­po­se LE­BUHN & PUCH­TA pro­ces­ses per­so­nal da­ta, and what rights da­ta sub­jects have in re­la­ti­on to such pro­ces­sing.

As da­ta con­trol­ler, LE­BUHN & PUCH­TA has im­ple­men­ted num­e­rous tech­ni­cal and or­ga­ni­sa­tio­nal me­a­su­res to en­su­re the pro­tec­tion of per­so­nal da­ta pro­ces­sed th­rough this web­site. Nevert­hel­ess, In­ter­net-ba­sed da­ta trans­mis­si­ons can al­ways be sub­ject to se­cu­ri­ty vul­nerabi­li­ties, so that ab­so­lu­te pro­tec­tion can­not be gua­ran­teed. For this re­ason, every da­ta sub­ject is free to trans­mit per­so­nal da­ta to us by al­ter­na­ti­ve me­ans, for ex­am­p­le by te­le­pho­ne.

Na­me and ad­dress of the da­ta con­trol­ler

LE­BUHN & PUCH­TA Part­ner­ship of La­wy­ers and So­li­ci­tors mbB
Am Sand­tor­park 2, 20457 Ham­burg

In ad­di­ti­on, you can cont­act our ex­ter­nal da­ta pro­tec­tion of­fi­cer:

Ex­ter­nal da­ta pro­tec­tion of­fi­cer:
Swet­la­na Win­ter - Com­pany­Check Deutsch­land GmbH
Schil­ler­str. 47/49
22767 Ham­burg
Pho­ne: 0 40 - 54 09 03 15 0

De­pu­ty Ex­ter­nal Da­ta Pro­tec­tion Of­fi­cer:
In­go Pas­soth - Com­pany­Check Deutsch­land GmbH
Schil­ler­str. 47/49
22767 Ham­burg
Pho­ne: 0 40 - 54 09 03 15 0

Coll­ec­tion and sto­rage of per­so­nal da­ta
as well as kind and pur­po­se of use

Be­low, we ex­plain how we hand­le your per­so­nal da­ta when you in­ter­act wi­th our on­line pre­sence, such as our web­site. This al­so ap­pli­es when you in­ter­act wi­th us on­line using mo­bi­le de­vices, e.g. smart­phones or ta­blets. Per­so­nal da­ta is any da­ta wi­th which you can be per­so­nal­ly iden­ti­fied or which makes you iden­ti­fia­ble via an iden­ti­fier, such as your IP ad­dress.

Da­ta coll­ec­tion on this web­site

How do we coll­ect your da­ta?

Your da­ta is coll­ec­ted when you pro­vi­de it to us. This can be, for ex­am­p­le, da­ta that you send to us by email or pro­vi­de to us over the te­le­pho­ne. Other da­ta is coll­ec­ted au­to­ma­ti­cal­ly or wi­th your con­sent by our IT sys­tems when you vi­sit our web­site. This main­ly con­sists of tech­ni­cal da­ta (e.g. in­ter­net brow­ser, ope­ra­ting sys­tem or time of pa­ge view). This da­ta is coll­ec­ted au­to­ma­ti­cal­ly as so­on as you en­ter this web­site.

  1. a) When you vi­sit the web­site

    When you vi­sit our web­site, in­for­ma­ti­on is au­to­ma­ti­cal­ly sent to our web­site ser­ver by the brow­ser used on your de­vice. This in­for­ma­ti­on is tem­po­r­a­ri­ly stored in a so-cal­led log file. The fol­lo­wing in­for­ma­ti­on is coll­ec­ted wi­t­hout your in­ter­ven­ti­on and stored un­til au­to­ma­tic de­le­ti­on:

  • IP ad­dress of the re­ques­t­ing com­pu­ter,
  • date and time of ac­cess,
  • na­me and URL of the re­trie­ved file,
  • web­site from which the ac­cess is ma­de (re­fer­rer URL),
  • the brow­ser used and, if ap­pli­ca­ble, the ope­ra­ting sys­tem of your com­pu­ter as well as the na­me of your ac­cess pro­vi­der.

The abo­ve da­ta will be pro­ces­sed by us for the fol­lo­wing pur­po­ses:

  • en­su­ring a smooth con­nec­tion to the web­site,
  • en­su­ring a com­for­ta­ble use of our web­site,
  • eva­lua­ti­on of sys­tem se­cu­ri­ty and sta­bi­li­ty and
  • other ad­mi­nis­tra­ti­ve pur­po­ses.

The le­gal ba­sis for da­ta pro­ces­sing is Art. 6(1)(f) of the Ge­ne­ral Da­ta Pro­tec­tion Re­gu­la­ti­on (GD­PR). Our le­gi­ti­ma­te in­te­rest fol­lows from the pur­po­ses of da­ta coll­ec­tion lis­ted abo­ve. In no ca­se do we use the coll­ec­ted da­ta for the pur­po­se of dra­wing con­clu­si­ons about your per­son.

  1. b) Ana­ly­sis of sur­fing be­ha­viour (Ma­to­mo)

We use a soft­ware cal­led Ma­to­mo on our web­site to ana­ly­se the sur­fing be­ha­viour of our users. The soft­ware runs ex­clu­si­ve­ly on the ser­vers hos­ting our web­site. The fol­lo­wing da­ta is stored on the ser­vers hos­ting our web­site when an in­di­vi­du­al pa­ge is vi­si­ted:

  • an­ony­mi­sed IP ad­dress of the re­ques­t­ing com­pu­ter (two bytes),
  • date and time of ac­cess,
  • na­me and URL of the ac­ces­sed web­site,
  • fre­quen­cy of ac­cess to the web­site,
  • dwell time on the web­site,
  • web­site from which the ac­cess is ma­de (re­fer­rer URL),
  • the brow­ser used and, if ap­pli­ca­ble, the ope­ra­ting sys­tem of your com­pu­ter as well as the na­me of your ac­cess pro­vi­der.

To im­pro­ve the ana­ly­sis, a coo­kie may be set wi­th your con­sent.

The abo­ve da­ta will be pro­ces­sed by us for the fol­lo­wing pur­po­ses:

  • im­pro­ving the user-fri­end­li­ne­ss of our web­site and
  • en­su­ring com­for­ta­ble use of our web­site.

The le­gal ba­sis for da­ta pro­ces­sing is Art. 6(1)(f) GD­PR. Our le­gi­ti­ma­te in­te­rest fol­lows from the pur­po­ses of da­ta coll­ec­tion lis­ted abo­ve. In no ca­se do we use the coll­ec­ted da­ta for the pur­po­se of dra­wing con­clu­si­ons about your per­son. By an­ony­mi­sing the IP ad­dress, we ta­ke in­to ac­count the in­te­rest of users re­la­ting to the pro­tec­tion of their per­so­nal da­ta. The da­ta is not pas­sed on to third par­ties. The da­ta stored for the ana­ly­sis of sur­fing be­ha­viour is de­le­ted af­ter 90 days.

You can de­ac­ti­va­te the an­ony­mi­sed ana­ly­sis in your brow­ser by set­ting a coo­kie:

You may choo­se to pre­vent this web­site from ag­gre­ga­ting and ana­ly­zing the ac­tions you ta­ke he­re. Do­ing so will pro­tect your pri­va­cy, but will al­so pre­vent the ow­ner from lear­ning from your ac­tions and crea­ting a bet­ter ex­pe­ri­ence for you and other users.

Plea­se no­te that de­le­ting this coo­kie re­ac­ti­va­tes the an­ony­mi­sed ana­ly­sis.

  1. c) En­qui­ries by email, te­le­pho­ne or fax

If you cont­act us by email, te­le­pho­ne or fax, your en­quiry in­clu­ding all per­so­nal da­ta re­sul­ting from it (na­me, en­quiry) will be stored and pro­ces­sed by us for the pur­po­se of pro­ces­sing your en­quiry. We will not pass on this da­ta wi­t­hout your con­sent.

The pro­ces­sing of this da­ta is ba­sed on Art. 6(1)(b) GD­PR if your re­quest is re­la­ted to the per­for­mance of a con­tract or is ne­ces­sa­ry for the im­ple­men­ta­ti­on of pre-con­trac­tu­al me­a­su­res. In all other ca­ses, the pro­ces­sing is ba­sed on our le­gi­ti­ma­te in­te­rest in the ef­fec­ti­ve pro­ces­sing of the en­qui­ries ad­dres­sed to us (Art. 6(1)(f) GD­PR) or on your con­sent (Art. 6(1)(a) GD­PR) if this has be­en re­ques­ted.

The da­ta you send to us by cont­ac­ting us re­mains wi­th us un­til you re­quest us to de­le­te it, re­vo­ke your con­sent for it be stored or un­til the pur­po­se for sto­ring the da­ta no lon­ger ap­pli­es (e.g. on­ce your en­quiry has be­en ful­ly pro­ces­sed). This is sub­ject to man­da­to­ry sta­tu­to­ry pro­vi­si­ons - in par­ti­cu­lar sta­tu­to­ry re­ten­ti­on pe­ri­ods.

  1. d) Pro­ces­sing of per­so­nal da­ta from on­line ap­pli­ca­ti­ons

We pro­cess the ap­pli­ca­ti­on do­cu­ments you send us, in­clu­ding the files you pro­vi­de to us, ex­clu­si­ve­ly for the pur­po­se of the ap­pli­ca­ti­on pro­cess (Art. 6(1)(b) GD­PR). We will cont­act you du­ring the ap­pli­ca­ti­on pro­cess to in­form you about the pro­gress of your ap­pli­ca­ti­on or to in­vi­te you to an in­ter­view. Af­ter com­ple­ti­on of the ap­pli­ca­ti­on pro­cess, your da­ta will be de­le­ted af­ter six months at the la­test, un­less you have con­sen­ted to us kee­ping your da­ta and in­forming you about sui­ta­ble job of­fers in the fu­ture. (Art. 6(1)(a) GD­PR).

Why do we use your da­ta?

Part of the da­ta is coll­ec­ted in or­der to en­su­re er­ror-free func­tio­ning of the web­site. Other da­ta may be used to com­mu­ni­ca­te wi­th you.

Pas­sing on da­ta

Your per­so­nal da­ta will not be trans­fer­red to third par­ties for pur­po­ses other than tho­se lis­ted be­low.

We will on­ly share your per­so­nal in­for­ma­ti­on wi­th third par­ties if:

  • you have gi­ven your ex­press con­sent in ac­cordance wi­th Art. 6(1)(a) GD­PR,
  • the dis­clo­sure co­mes wi­thin Art. 6(1)(f) GD­PR as be­ing ne­ces­sa­ry for the as­ser­ti­on, exer­cise or de­fence of le­gal claims and the­re is no re­ason to as­su­me that you have an over­ri­ding in­te­rest wort­hy of pro­tec­tion in the non-dis­clo­sure of your da­ta,
  • we are sub­ject to a le­gal ob­li­ga­ti­on to make the dis­clo­sure in ac­cordance wi­th Art. 6(1)(c) GD­PR, as well as if

this is le­gal­ly per­mis­si­ble and ne­ces­sa­ry ac­cor­ding to Art. 6(1)(b) GD­PR for the pro­ces­sing of con­trac­tu­al re­la­ti­onships wi­th you.

Da­ta se­cu­ri­ty

We use the wi­de­spread SSL pro­ce­du­re (Se­cu­re So­cket Lay­er) in con­nec­tion wi­th the hig­hest en­cryp­ti­on le­vel sup­port­ed by your brow­ser when vi­si­ting the web­site. As a ru­le, this is 256-bit en­cryp­ti­on. If your brow­ser does not sup­port 256-bit en­cryp­ti­on, we use 128-bit v3 tech­no­lo­gy in­s­tead. You can tell whe­ther an in­di­vi­du­al pa­ge of our web­site is en­crypt­ed by the clo­sed dis­play of the key or lock sym­bol in the lower sta­tus bar of your brow­ser.
We al­so have ap­pro­pria­te tech­ni­cal and or­ga­ni­sa­tio­nal se­cu­ri­ty me­a­su­res in place to pro­tect your da­ta against ac­ci­den­tal or in­ten­tio­nal ma­ni­pu­la­ti­on, par­ti­al or com­ple­te loss, de­s­truc­tion or against un­aut­ho­ri­sed ac­cess by third par­ties. Our se­cu­ri­ty me­a­su­res are con­ti­nuous­ly im­pro­ved in li­ne wi­th tech­no­lo­gi­cal de­ve­lo­p­ments.

Lin­king wi­th so­cial me­dia plat­forms

In­te­gra­ti­on of Lin­ke­dIn and XING

We do not use so­cial plug-ins as ac­ti­ve but­tons in our on­line pre­sence. We on­ly re­fer to our pre­sence in the fol­lo­wing so­cial net­works via icons:

  • Lin­ke­dIn, Lin­ke­dIn Ire­land Un­li­mi­t­ed Com­pa­ny, Wil­ton Place, Dub­lin 2, Ire­land
  • Xing: New Work SE, Damm­tor­stra­ße 30, 20354 Ham­burg, Ger­ma­ny

We on­ly dis­play the so­cial me­dia icons on our web­site. They are de­si­gned as in­ac­ti­ve icons wi­th a link to the re­spec­ti­ve so­cial me­dia plat­form.

When you click on such a so­cial me­dia icon on our web­site, a con­nec­tion to the­se third-par­ty pro­vi­ders is es­tab­lished via your web brow­ser in a se­pa­ra­te tab (tab card). The­se third-par­ty pro­vi­ders can ther­eby track your vi­sit to our pa­ges. If you are a mem­ber of one of the so­cial net­works, you can share the con­tent of our web­page wi­th other mem­bers from your so­cial net­work by ac­ti­vat­ing the but­ton.

Th­rough your par­ti­ci­pa­ti­on in so­cial net­works or by vi­si­ting or ac­ces­sing our so­cial me­dia sites, your da­ta may be pro­ces­sed out­side the EU. This may re­sult in risks, for ex­am­p­le be­cau­se it may be mo­re dif­fi­cult to en­force your rights.

When you ac­cess a so­cial net­work, coo­kies are usual­ly stored on your de­vice to re­cord user be­ha­viour. If you have a user ac­count on the re­spec­ti­ve net­work and are log­ged in the­re, your usa­ge be­ha­viour can be sa­ved to your user ac­count. So­cial net­works can ana­ly­se usa­ge be­ha­viour and use it for mar­ket re­se­arch and ad­ver­ti­sing pur­po­ses. This may re­sult in ad­ver­ti­sing be­ing dis­play­ed to you wi­thin and out­side the­se so­cial net­works. We have no in­fluence on this.

We have no in­fluence on the per­so­nal da­ta coll­ec­ted and stored by so­cial net­works. We re­cei­ve eva­lua­tions of user da­ta via our abo­ve-men­tio­ned so­cial me­dia pre­sen­ces and can ad­dress users wi­th in­te­rest-ba­sed ad­ver­ti­sing. If users in­ter­act wi­th our so­cial me­dia pre­sence and are log­ged in wi­th a user ac­count, we can in prin­ci­ple al­so re­co­g­ni­se the user pro­fi­le and see the con­tent of comm­ents or pos­tings on our pre­sence. This da­ta pro­ces­sing is the­r­e­fo­re car­ri­ed out un­der joint re­spon­si­bi­li­ty wi­th the re­spec­ti­ve pro­vi­der of the so­cial net­work. For the eva­lua­ti­on of da­ta in con­nec­tion wi­th our so­cial me­dia pre­sen­ces, we have the­r­e­fo­re con­cluded a joint re­spon­si­bi­li­ty agree­ment wi­th the pro­vi­ders in each ca­se (Art. 26 GD­PR). You can find fur­ther in­for­ma­ti­on in the da­ta pro­tec­tion pro­vi­si­ons of the re­spec­ti­ve so­cial net­works. You can al­so as­sert the rights to which you are en­tit­led against us. Ho­we­ver, the pro­vi­der of the so­cial net­work can ful­fil your rights mo­re com­pre­hen­si­ve­ly be­cau­se the da­ta for use and eva­lua­ti­on is al­so stored the­re.

In­te­gra­ti­on of You­tube vi­de­os

We have em­bedded You­Tube vi­de­os on our web­site which can be play­ed the­re di­rect­ly if you have cli­cked on “I ac­cept”.

In­iti­al­ly, you will on­ly see an in­ac­ti­ve pre­view image. Your da­ta will on­ly be trans­mit­ted to You­Tube wi­th your con­sent (“I ac­cept”) (Art. 6(1)(a) GD­PR).

You­Tube is a ser­vice of­fe­red in the EU, the EEA and Switz­er­land by Goog­le Ire­land Li­mi­t­ed Gor­don House, Bar­row Street Dub­lin 4. Ire­land, and in the USA by Goog­le LLC, 1600 Am­phi­theat­re Park­way, Moun­tain View, CA 94043, USA.

If you have gi­ven this con­sent or ac­cess a vi­deo di­rect­ly on You­Tube, your da­ta may be trans­fer­red to a Goog­le ser­ver in the USA and stored the­re. In this way, Goog­le eva­lua­tes the use of the vi­deo of­fe­ring on You­Tube in or­der to com­pi­le an­ony­mi­sed re­ports on vi­deo views for us and to pro­vi­de other ser­vices as­so­cia­ted wi­th vi­deo use.

We have no in­fluence on the da­ta coll­ec­ted and stored about you by so­cial net­works. Fur­ther in­for­ma­ti­on on da­ta pro­tec­tion per­tai­ning to the Goog­le “You­Tube” app can be found in the pri­va­cy po­li­cy of the pro­vi­der at: https://​po​li​ci​es​.goog​le​.com/​p​r​i​v​a​c​y​?​h​l​=​d​e​&​g​l​=de or https://​po​li​ci​es​.goog​le​.com/​t​e​c​h​n​o​l​o​g​i​e​s​/​c​o​o​k​i​e​s​?​h​l​=​d​e​&​u​t​m​_​s​ource=ucb The sto­rage pe­ri­od for your con­sent is 1 day. Af­ter that, you can gi­ve your con­fir­ma­ti­on again.

If you want to can­cel the con­sent ear­lier, press the lock next to the do­main na­me and de­le­te the cor­re­spon­ding coo­kie.

Plug-ins and tools

Goog­le Web Fonts (lo­cal hos­ting)

This site uses so-cal­led web fonts pro­vi­ded by Goog­le for the uni­form dis­play of fonts. The Goog­le Fonts are in­stal­led lo­cal­ly. A con­nec­tion to Goog­le ser­vers does not ta­ke place.

Fur­ther in­for­ma­ti­on on Goog­le Web Fonts can be found at https://​de​ve​lo​pers​.goog​le​.com/​f​o​n​t​s​/​faq and in Goo­g­le’s pri­va­cy po­li­cy:

Word­fence Se­cu­ri­ty

The “Word­fence Se­cu­ri­ty” ser­vice ope­ra­ted by De­fi­ant Inc, 800 5th Ave, Suite 4100, Se­at­tle, WA 98104, USA, is used to se­cu­re our on­line pre­sence.

Our web­site uses the plug-in to pro­tect against vi­ru­s­es and mal­wa­re and to de­fend against at­tacks by cy­ber cri­mi­nals. In or­der to re­co­g­ni­se whe­ther the vi­si­tor is a hu­man or a ro­bot, the plug-in sets coo­kies. For the pur­po­se of pro­tec­tion against bru­te force and DDoS at­tacks or com­ment spam, IP ad­dres­ses are stored on the Word­fence ser­vers. IP ad­dres­ses clas­si­fied as harm­less are pla­ced on a white list.

Word­fence Se­cu­ri­ty se­cu­res our web­site and thus pro­tects you as a vi­si­tor to the web­site from vi­ru­s­es and mal­wa­re. This con­sti­tu­tes a le­gi­ti­ma­te in­te­rest wi­thin the mea­ning of Art. 6(1)(f) GD­PR.

Fur­ther in­for­ma­ti­on on the coll­ec­tion, use and sto­rage pe­ri­od of the da­ta by Word­fence Se­cu­ri­ty can be found in De­fi­an­t’s da­ta pro­tec­tion in­for­ma­ti­on: https://​www​.word​fence​.com/​p​r​i​v​a​c​y​-​p​o​l​i​cy/.

Coo­kies set by the Word­fence plug-in


What it does: This coo­kie is used by the Word­fence fire­wall to per­form a check of the cur­rent user’s per­mis­si­ons be­fo­re Word­Press loads.

This coo­kie is on­ly set for users who can log in to Word­Press (i.e. in the ba­ckend of our web­site).

Pur­po­se of this coo­kie: This coo­kie en­ables the Word­fence fire­wall to re­co­g­ni­se log­ged-in users and gi­ve them ex­ten­ded ac­cess. It al­so al­lows Word­fence to de­tect users who are not log­ged in and rest­rict their ac­cess to se­cu­re are­as. The coo­kie al­so lets the fire­wall know what ac­cess rights a vi­si­tor has to help the fire­wall make in­tel­li­gent de­cis­i­ons about whom to al­low and whom to block.


What it does: This coo­kie is used to no­ti­fy the Word­fence ad­mi­nis­tra­tor when an­o­ther ad­mi­nis­tra­tor logs in from a new de­vice.

Pur­po­se: This coo­kie is on­ly set for users who log in and on­ly if the web­site ad­mi­nis­tra­tor has en­ab­led the op­ti­on “I will on­ly be no­ti­fied if this ad­mi­nis­tra­tor logs in from a new de­vice” or a si­mi­lar op­ti­on for non-ad­mi­nis­tra­tor users. This coo­kie helps us know if a user has log­ged in from a new de­vice.


What it does: Word­fence of­fers a func­tion that al­lows a web­site vi­si­tor to by­pass the coun­try lock by ac­ces­sing a hid­den URL. This coo­kie can be used to track who is al­lo­wed to by­pass the coun­try lock.

Who re­cei­ves this coo­kie: When a hid­den URL de­fi­ned by the web­site ad­mi­nis­tra­tor is ac­ces­sed, this coo­kie is set to check whe­ther the user can ac­cess the web­site from a coun­try rest­ric­ted by coun­try blo­cking. This coo­kie is set for an­yo­ne who knows and vi­sits the hid­den URL. This coo­kie is not set for an­yo­ne who does not know the hid­den URL in or­der to by­pass the coun­try blo­cking.

Pur­po­se: This coo­kie al­lows web­site ow­ners to al­low cer­tain users from blo­cked count­ries to vi­sit their web­site, even if the coun­try they are in has be­en blo­cked.


Ex­ter­nal hos­ting

This web­site is hos­ted by an ex­ter­nal ser­vice pro­vi­der (hos­ter). The per­so­nal da­ta coll­ec­ted on this web­site is stored on the hos­ter’s ser­vers. This may in­clude, but is not li­mi­t­ed to, IP ad­dres­ses, cont­act re­quests, me­ta and com­mu­ni­ca­ti­on da­ta, con­trac­tu­al da­ta, cont­act de­tails, names, web­site ac­ces­ses and other da­ta ge­ne­ra­ted via a web­site.

The hos­ter is used for the pur­po­se of con­tract ful­film­ent vis-à-vis our po­ten­ti­al and exis­ting cus­to­mers (Art. 6 pa­ra. 1 lit. b DSGVO) and in the in­te­rest of a se­cu­re, fast and ef­fi­ci­ent de­li­very of our on­line pre­sence by a pro­fes­sio­nal pro­vi­der (Art. 6 pa­ra. 1 lit. f DSGVO).

Our hos­ter will on­ly pro­cess your da­ta to the ext­ent that this is ne­ces­sa­ry for the ful­film­ent of its ser­vice ob­li­ga­ti­ons and will fol­low our in­s­truc­tions wi­th re­gard to this da­ta.

We use the fol­lo­wing hos­ter:

do­main­fac­to­ry GmbH
Os­kar-Mess­ter-Str. 33
85737 Is­ma­ning

Da­ta pro­ces­sing

We have con­cluded a da­ta pro­ces­sing agree­ment (DPA) wi­th the abo­ve-men­tio­ned pro­vi­der. This is a con­tract re­qui­red by da­ta pro­tec­tion law, which en­su­res that the pro­vi­der on­ly pro­ces­ses the per­so­nal da­ta of our web­site vi­si­tors in ac­cordance wi­th our in­s­truc­tions and in com­pli­ance wi­th the GD­PR.


Your brow­ser sets a ses­si­on coo­kie when you vi­sit our web­site. A ses­si­on coo­kie stores in­for­ma­ti­on that as­so­cia­tes on­line ac­ti­vi­ty wi­th a sin­gle brow­ser ses­si­on. Ses­si­on coo­kies are on­ly used to fa­ci­li­ta­te the use of a web­site. The ses­si­on coo­kie is usual­ly de­le­ted again when the brow­ser is clo­sed. You do not have to ac­tively al­low ses­si­on coo­kies. Ses­si­on coo­kies can be di­s­ab­led cen­tral­ly in your brow­ser set­tings and this set­ting then ap­pli­es to all web­sites that you vi­sit in suc­ces­si­on. Un­der cer­tain cir­cum­s­tances, cer­tain are­as or func­tions of other web­sites wi­th de­ac­ti­va­ted ses­si­on coo­kies can­not be used (e.g. on­line shops).

Iden­ti­fi­ca­ti­on ob­li­ga­ti­ons un­der mo­ney laun­de­ring law

1. Why iden­ti­fi­ca­ti­on?

In con­nec­tion wi­th cer­tain tran­sac­tions and cer­tain ad­vi­so­ry ser­vices, we are le­gal­ly ob­li­ged to iden­ti­fy our con­trac­tu­al part­ners, the per­sons ac­ting on their be­half and the be­ne­fi­ci­al ow­ners. In the ca­se of na­tu­ral per­sons, we are ob­li­ged in par­ti­cu­lar to coll­ect the first na­me and sur­na­me, place of birth, date of birth, na­tio­na­li­ty, iden­ti­ty card num­ber, the aut­ho­ri­ty is­suing the iden­ti­ty card and the re­si­den­ti­al ad­dress and to ve­ri­fy this in­for­ma­ti­on using a va­lid of­fi­ci­al pass­port or iden­ti­ty card. Dri­ving li­cen­ces or ex­pi­red iden­ti­ty do­cu­ments are not suf­fi­ci­ent for the ve­ri­fi­ca­ti­on.

The­se ob­li­ga­ti­ons are ba­sed on Sec. 2, 8, 10, 11, 12 of the Ger­man Mo­ney Laun­de­ring Act.

We can on­ly pro­vi­de our ser­vices if all per­sons to be iden­ti­fied in ac­cordance wi­th the law agree to the sto­rage of co­pies of their iden­ti­fi­ca­ti­on do­cu­ments.

2. What are the al­ter­na­ti­ves?

We can car­ry out this ve­ri­fi­ca­ti­on th­rough an on-site check of the ID do­cu­ment by us or a la­wy­er or no­ta­ry ap­poin­ted by us.

Al­ter­na­tively, we of­fer the op­ti­on of car­ry­ing out di­gi­tal self-iden­ti­fi­ca­ti­on quick­ly and ea­si­ly. For this ser­vice, we use IDENTT Sp. z o. o., Gen. Ro­mu­al­da Trau­gut­ta 45, 50-416 Wro­cław, Pol­and as a da­ta pro­ces­sor.

If you de­ci­de in fa­vour of self-iden­ti­fi­ca­ti­on, you con­sent to the pro­ces­sing of your da­ta by us and the da­ta pro­ces­sor for the pur­po­se of iden­ti­fi­ca­ti­on. Fur­ther in­for­ma­ti­on can be found in the pri­va­cy po­li­cy of IDENTT Sp. z o. o.: https://​www​.identt​.pl/​i​d​e​n​t​t​-​p​r​i​v​a​c​y​-​p​o​l​i​cy/.

3. How does the iden­ti­fi­ca­ti­on pro­cess work?

Du­ring iden­ti­fi­ca­ti­on, the da­ta from the ID do­cu­ment is coll­ec­ted. In ad­di­ti­on, the ID do­cu­ment is che­cked for va­li­di­ty and com­pared wi­th the per­son.

For self-iden­ti­fi­ca­ti­on, we will send you a link that leads to an au­to­ma­ted iden­ti­fi­ca­ti­on pro­cess. The­re is no vi­deo chat. Each link can on­ly be used for one na­tu­ral per­son at a time. The link leads to the web­site of our da­ta pro­ces­sor. The con­nec­tion is en­crypt­ed.

You need a mo­bi­le de­vice wi­th a ca­me­ra (smart­phone, ta­blet) for self-iden­ti­fi­ca­ti­on. Iden­ti­fi­ca­ti­on starts by cal­ling up the link di­rect­ly on the mo­bi­le de­vice. A brow­ser is suf­fi­ci­ent. A se­pa­ra­te app is not re­qui­red. Iden­ti­fi­ca­ti­on ta­kes about 5 mi­nu­tes.

As part of the self-iden­ti­fi­ca­ti­on pro­cess, images (pho­tos and short vi­deo se­quen­ces) are ta­ken of the ID do­cu­ment (front and back) and of the per­son to be iden­ti­fied. The vi­deo se­quen­ces are used to check the se­cu­ri­ty fea­tures (e.g. ho­lo­grams) and to check whe­ther a re­al per­son is ac­ting.

The­se re­cor­dings are first au­to­ma­ti­cal­ly che­cked by our da­ta pro­ces­sor. The images and the ver­fi­ca­ti­on re­sult are trans­mit­ted to us and stored by us. The re­sults and the se­cu­ri­ty fea­tures are che­cked again by Le­buhn & Puch­ta.

In the ca­se of an on-site check, the de­tails are che­cked using the ori­gi­nal ID do­cu­ment. In ad­di­ti­on, a pho­to­co­py of the ID do­cu­ment is ma­de and stored by us.

4. Le­gal ba­sis for pro­ces­sing

The le­gal ba­sis for da­ta pro­ces­sing is Art. 6 pa­ra. 1 sen­tence 1 lit. c GD­PR. The pro­ces­sing is ne­ces­sa­ry to ful­fil a le­gal ob­li­ga­ti­on to which we are sub­ject. If you de­ci­de in fa­vour of self-iden­ti­fi­ca­ti­on, the le­gal ba­sis for da­ta pro­ces­sing is ad­di­tio­nal­ly Art. 6 pa­ra. 1 sen­tence 1 lit. a GD­PR.

5. Sto­rage pe­ri­od

We are le­gal­ly ob­li­ged un­der Sec. 8 of the Ger­man Mo­ney Laun­de­ring Act to keep the re­cor­dings and/​or co­pies of ID do­cu­ments for at least 5 ye­ars. The sto­rage pe­ri­od be­g­ins at the end of the ca­len­dar year in which the re­spec­ti­ve in­for­ma­ti­on was ob­tai­ned. Our da­ta pro­ces­sor ge­ne­ral­ly stores the per­so­nal da­ta trans­mit­ted to it for on­ly 60 days.

Da­ta sub­ject rights

You have the right to:

  • re­quest in­for­ma­ti­on about your per­so­nal da­ta pro­ces­sed by us, in ac­cordance wi­th Art. 15 GD­PR. In par­ti­cu­lar, you can re­quest in­for­ma­ti­on about the pro­ces­sing pur­po­ses, the ca­te­go­ry of per­so­nal da­ta, the ca­te­go­ries of re­ci­pi­ents to whom your da­ta has be­en or will be dis­c­lo­sed, the plan­ned sto­rage pe­ri­od, the exis­tence of a right to rec­ti­fi­ca­ti­on, era­su­re, rest­ric­tion of pro­ces­sing or ob­jec­tion, the exis­tence of a right of com­plaint, the ori­gin of your da­ta if it has not be­en coll­ec­ted by us, as well as the exis­tence of au­to­ma­ted de­cis­i­on-ma­king, in­clu­ding pro­fil­ing, and, if ap­pli­ca­ble, meaningful in­for­ma­ti­on about its de­tails;
  • de­mand the cor­rec­tion of in­cor­rect or in­com­ple­te per­so­nal da­ta stored by us wi­t­hout de­lay, in ac­cordance wi­th Art. 16 GD­PR;
  • pur­su­ant to Art. 17 GD­PR, re­quest the era­su­re of your per­so­nal da­ta stored by us, un­less the pro­ces­sing is ne­ces­sa­ry for the exer­cise of the right to free­dom of ex­pres­si­on and in­for­ma­ti­on, for com­pli­ance wi­th a le­gal ob­li­ga­ti­on, for re­asons of pu­blic in­te­rest or for the as­ser­ti­on, exer­cise or de­fence of le­gal claims;
  • re­quest the rest­ric­tion of the pro­ces­sing of your per­so­nal da­ta in ac­cordance wi­th Art. 18 GD­PR, in­so­far as the ac­cu­ra­cy of the da­ta is dis­pu­ted by you, the pro­ces­sing is un­lawful, but you ob­ject to its era­su­re and we no lon­ger re­qui­re the da­ta, but you need it for the as­ser­ti­on, exer­cise or de­fence of le­gal claims or you have ob­jec­ted to the pro­ces­sing in ac­cordance wi­th Art. 21 GD­PR;
  • pur­su­ant to Art. 20 GD­PR, re­cei­ve your per­so­nal da­ta that you have pro­vi­ded to us in a struc­tu­red, com­mon and ma­chi­ne-re­a­da­ble for­mat or to re­quest the trans­fer to an­o­ther con­trol­ler;
  • re­vo­ke your con­sent at any time in ac­cordance wi­th Art. 7(3) GD­PR. This has the con­se­quence that we may no lon­ger con­ti­nue the da­ta pro­ces­sing ba­sed on this con­sent for the fu­ture and
  • com­plain to a su­per­vi­so­ry aut­ho­ri­ty in ac­cordance wi­th Art. 77 GD­PR. As a ru­le, you can cont­act the su­per­vi­so­ry aut­ho­ri­ty of your usu­al place of re­si­dence or work­place.

Right to ob­ject

If your per­so­nal da­ta is pro­ces­sed on the ba­sis of le­gi­ti­ma­te in­te­rests pur­su­ant to Art. 6(1)(f) GD­PR, you have the right to ob­ject to the pro­ces­sing of your per­so­nal da­ta pur­su­ant to Art. 21 GD­PR, pro­vi­ded that the­re are grounds for do­ing so that ari­se from your par­ti­cu­lar si­tua­ti­on or the ob­jec­tion is di­rec­ted against di­rect ad­ver­ti­sing. In the lat­ter ca­se, you have a ge­ne­ral right of ob­jec­tion, which is im­ple­men­ted by us wi­t­hout spe­ci­fy­ing a par­ti­cu­lar si­tua­ti­on.
If you would li­ke to make use of your right to ob­ject, it is suf­fi­ci­ent to send us an email.

Va­li­di­ty and amend­ment of this pri­va­cy po­li­cy

This pri­va­cy po­li­cy is curr­ent­ly va­lid and its ver­si­on date is No­vem­ber 2022.

Due to the fur­ther de­ve­lo­p­ment of our web­site or due to ch­an­ged le­gal or ad­mi­nis­tra­ti­ve re­qui­re­ments, it may be­co­me ne­ces­sa­ry to ch­an­ge this da­ta pro­tec­tion state­ment. You can ac­cess the cur­rent da­ta pro­tec­tion de­cla­ra­ti­on at any time on the web­site.


If you have any ques­ti­ons about da­ta pro­tec­tion, plea­se wri­te us an email set­ting out your ques­ti­on as pre­cis­e­ly as pos­si­ble. This pri­va­cy po­li­cy and our terms of use ch­an­ge over time. We re­ser­ve the right to send you from time to time no­ti­fi­ca­ti­ons about the po­li­ci­es that ap­p­ly to us. Nevert­hel­ess, you should vi­sit our web­site re­gu­lar­ly and ta­ke no­te of any ch­an­ges. Un­less other­wi­se sta­ted, the use of any in­for­ma­ti­on we have about you is sub­ject to this Pri­va­cy Po­li­cy. We assu­re you that ma­te­ri­al ch­an­ges to our pri­va­cy po­li­cy re­sul­ting in wea­k­er pro­tec­tion of cli­ent da­ta al­re­a­dy re­cei­ved will on­ly be ma­de by us wi­th the con­sent of the cli­ents con­cer­ned.