Privacy Notice

On our website (www.troeber.de) we inform you about our law firm and our consulting services.

For security reasons and to protect your personal data, our website is encrypted using SSL/TLS technology. The encryption technology is visible to you by "https://" and the lock symbol in your browser line.

When operating the website, we work together with Hetzner Online GmbH, Gunzenhausen as a processor. We have duly obligated the processor in accordance with Section 43a (3) BRAO and, in particular, informed it of the consequences under criminal law of a breach of confidentiality obligations.

When you visit our website and use the various offers, we process your personal data as described below:

During the informative use of our website, i.e. the mere viewing without registration and without communication of other information, we process the personal data that your browser transmits to our server.

The data described below is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR:

- IP address

- Date and time of the request

- Time zone difference from Greenwich Meantime (GMT)

- Content of the request (visited page)

- access status / HTTP status code

- amount of data transferred in each case

- previously visited page

- browser

- operating system

- language and version of the browser software.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the provision of this website, this is the case when the respective session has ended. The log files are kept for up to 24 hours directly and exclusively accessible to administrators.

In addition to the data mentioned above, we use cookies when you use our website, which may be stored on your terminal device.

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the entity that sets the cookie. Cookies cannot execute programs or transfer malware to your computer, but are primarily used to make the Internet offer faster and more user-friendly.

We only use necessary cookies (session cookies) on our website. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. These are used to ensure the security of our website, in particular to prevent cross-site request forgery attacks.

They are absolutely necessary in order to provide our website accessed by the visitor (§ 25 para. 2 no. 2 TDDDG). The legal basis for the processing of your personal data in the context of the necessary cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR. We have a legitimate economic interest in data processing. This lies in the functionality of our website.

If you do not wish necessary cookies to be set, you have the option of deactivating the setting of cookies via your browser settings. Please note that this may limit the functionality of our website.

When using our chatbot, in addition to the data that we process when you access the website (B. I.), we process all data that you transmit via the chatbot in individual cases. In particular, this may include personal data or trade and business secrets. No other personal data is collected by using the chatbot.

The data will not be passed on to third parties or otherwise analyzed unless required by a legal obligation ( Art. 6 para. 1 sentence 1 lit. c GDPR). This data is also not merged with other data sources (e.g. as training data).

We process your data on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), which is to provide you with general inquiries about our law firm (for example, information about services or business hours) in a simple and uncomplicated manner.

The chat messages are stored in the local memory (web storage) of your browser. Since the chatbot needs to know the previously exchanged messages in order to conduct conversations, this is the only way the chatbot can be provided at all (Section 25 (2) No. 2 TDDDG).

The transfer of your data to the chatbot takes place securely via SSL encryption (transport encryption). Content data is not encrypted.

We use Microsoft Ireland Ltd, South County Business Park, One Microsoft Place, Carmanhall And Leopardstown, Dublin D18 P521, Ireland, as a processor. The processor has been duly obligated in accordance with Section 43a (3) BRAO and, in particular, has been informed of the criminal consequences of a breach of confidentiality obligations.

When you contact us via our contact form, the data you provide (name, e-mail, your message) will be stored by us in order to process your request.

To answer the contact request via the contact form, it is necessary that you provide your personal data, which we need to answer your contact request.

We process your personal data collected via the contact form exclusively to respond to your contact request. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate economic interest in contacting (potential) clients and applicants via the contact form. Our contact form is a service that enables you as a (potential) customer or applicant to get in touch with us quickly and easily. If the contact serves to initiate a client relationship, Art. 6 para. 1 sentence 1 lit. b. DSGVO is the corresponding legal basis.

If you work with us as a client or a party involved, we will process your personal data on various occasions. We consider all persons whose data we process in the course of our legal work who are not our clients to be involved parties. In particular, these may be contact persons, representatives or lawyers of the opposing party in court proceedings or negotiations. We also process your personal data if you are an interested party.

If you communicate with us by e-mail, we process personal data from you and/or your employees, namely the sender and recipient of the e-mail, the content of the e-mail, any attachments and any personal data contained therein.

The processing takes place:

• with interested parties for the purpose of establishing contact and initiating client relationships on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), which lies in the acquisition of new clients and
• with clients for the purpose of establishing contact to coordinate the existing mandate and to fulfill the mandate agreement (Art. 6 para. 1 sentence 1 lit. b GDPR) and to inform you of relevant offers, on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), which lies in the improvement and strengthening of the client-lawyer relationship and in the initiation of further mandates,
• for other parties involved for the purpose of completing the mandate on the basis of the legitimate interest of our client (Art. 6 para. 1 sentence 1 lit. f GDPR), which results from the respective individual order,
• if the messages in question are commercial letters, on the basis of a legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR), namely from the retention obligations under commercial law and the German Fiscal Code, insofar as these apply to lawyers.

We use Microsoft Ireland Ltd, South County Business Park, One Microsoft Place, Carmanhall And Leopardstown, Dublin D18 P521, Ireland, as a processor. We have duly obliged the processor in accordance with Section 43a (3) BRAO and, in particular, instructed the processor about the criminal law consequences of a breach of confidentiality obligations.

If you communicate with us as a customer or prospective customer by telephone, we process personal data from you and/or your employees, namely incoming/outgoing telephone number and time data.

The processing takes place:

• with interested parties for the purpose of establishing contact and initiating client relationships on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), which lies in the acquisition of new clients and
• with clients for the purpose of establishing contact to coordinate the existing mandate and to fulfill the mandate agreement (Art. 6 para. 1 sentence 1 lit. b GDPR) and to inform you of relevant offers, on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), which lies in the improvement and strengthening of the client-lawyer relationship and in the initiation of further mandates,
• for parties involved for the purpose of completing the mandate on the basis of the legitimate interest of our client (Art. 6 para. 1 sentence 1 lit. f GDPR), which results from the respective individual order,

We use NFON AG, Zielstattstraße 36, 81379 Munich, Germany, as our data processor.

If you have a business relationship as a client with you or if a business relationship is initiated with you or if you are an interested party, we process personal data of you and/or your employees, namely name and address (also of contact persons), communication data (telephone, cell phone, e-mail address), details of orders/invoices, bank details and all documents that we have received from clients or other parties in connection with the mandate.

The processing takes place:

• with interested parties at for the purpose of establishing contact and initiating client relationships on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), which lies in the acquisition of new clients and
• with clients for the purpose of
  • general client care on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), which lies in the strengthening of the relationship of trust between lawyer and client, as well as the initiation of further mandates,
  • the billing of services provided and accounting on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) and on the basis of a legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR), namely from the storage and accounting obligations under the German Fiscal Code,
  • the provision of services under the mandate agreement for the performance of a contract (Art. 6 para. 1 sentence 1 lit. b GDPR),
  • file management, if the documents concerned are components of files, on the basis of a legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR), namely from the retention obligations under the Federal Lawyers' Act (in particular Section 50 BRAO).
• with participants for the purpose of
  • for the purpose of fulfilling the mandate on the basis of the legitimate interest of our client (Art. 6 para. 1 sentence 1 lit. f GDPR), which results from the respective individual order,
  • file management, if the documents concerned are components of files, on the basis of a legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR), namely from the retention obligations under the Federal Lawyers' Act (in particular Section 50 BRAO).

We use it's mind IT-Service GmbH, Danziger Str. 6, 51399 Burscheid , as our processor. We have duly obligated the processor in accordance with Section 43a (3) BRAO and, in particular, instructed it about the criminal law consequences of a breach of confidentiality obligations.

It may be necessary to disclose your personal data to third parties in the course of handling a mandate. These are in particular

• The client of the respective client relationship,
• Contract negotiating partner,
• Defendants and their representatives ,
• Courts, and
• other public bodies (e.g. bailiffs, authorities such as the German Patent and Trademark Office, etc.).

In individual cases, your personal data may also be transferred to a third country as part of the mandate if this is necessary for the performance of the mandate. This may be the case, for example, if you instruct us to register a trademark in a third country. The legal basis in such a case is Art. 49 para. 1 lit. b, c GDPR.

We maintain presences on the following social media platforms in order to communicate with users of the platforms or to provide information about our law firm there:

• Facebook - Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland - Datenschutzhinweise
• Instagram - Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland - Datenschutzhinweise
• LinkedIn - LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland – Datenschutzhinweise
• Xing - Xing AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland - Datenschutzhinweise

We use the technical platform and services of the providers for these information services. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your terminal device in the form of cookies. This information is used to provide us, as operators of the accounts, with statistical information about interaction with us.

The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers maintain an adequate level of data protection equivalent to the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies (with the exception of Xing, as this provider is based within the EU). We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties.

Data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies present on your device and restart your browser.

Furthermore, we as the provider of the information service only process the data from your use of our service that you provide to us and require interaction. For example, if you ask a question that we can only answer by e-mail, we will store your information in accordance with the general principles of our data processing. The legal basis for processing your data on the social media platform is Art. 6 (1) p. 1 lit. f GDPR.

To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or must obtain the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details provided by us above.

What information the social media platform receives and how it is used is described by the providers in their privacy statements (see link in the above listing). There you will also find information on contact options as well as on the setting options for advertisements.

When you attend office events, we process your personal data as described below:

If you register for an event of our office via the form on our website, we process the data you provide for the organization and implementation of the event. The necessary mandatory information is marked with an *. Other information is voluntary.

If you have been registered by mistake, please let us know shortly.

We use your personal data to confirm your registration. To organize the event, we store your data electronically in a participation list and use it, among other things, to create a name badge and send you a confirmation of participation after the event, if necessary. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. b GDPR. We may pass on the attendance list to the speakers.

By clicking on the checkbox "I agree to the inclusion of my registration data in a list of participants that is made available to the other participants", you consent to us making your registration data available to the other participants in a list of participants. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. You have the right to revoke your consent at any time. To do so, please contact info@troeber.de.

You are neither legally nor contractually obligated to provide your data. However, without the provision of your data required for the event organization, registration for the event is unfortunately not possible.

We use rami.io GmbH, Berthold-Mogel-Straße 1, 69126 Heidelberg, Germany, as a processor.

Our law firm regularly invites you to events on data protection and IT law. We would like to inform you about current events. You can get an impression of our past events via the link https://www.troeber.de/news/events/.

If you are interested, you can subscribe to our newsletter about events by clicking on the checkbox "I would like to be informed about current events of the law firm on IT and data protection law". For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 7 days, your information will be automatically deleted. In addition, we store your IP addresses and the times of registration and confirmation in each case. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

After your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR (consent).

You have the right to revoke your consent at any time. You can declare the revocation by clicking on the link provided in every newsletter email or by email to info@troeber.de.

At our events you can be photographed as a participant of our event. Photos allow us to present the character of our events in their entirety.

We would like to publish the photos in the following media:

- on our website

- in social networks (Facebook, Xing, LinkedIn, Instagram, Twitter)

- in flyers.

For photos in which you are only in the background or not clearly recognizable, i.e. the focus of the photo is not explicitly on your person, the legal basis for taking and publishing the photo is Art. 6 (1) p. 1 lit. f DSGVO. We have a legitimate economic interest in the promotional use of photos of our events. Of course, you can object to the taking and publication of photos in which you are depicted.

In the case of photos in which you are in the foreground or highlighted, we will obtain your (verbal) consent before photographing you. The legal basis in this case is Art. 6 para. 1 p. 1 lit. a DSGVO. Should you give your consent, you have the possibility to revoke it at any time.

Due to the intended use on the Internet, the photos can be accessed and stored worldwide. It cannot be ruled out that other persons or companies use this data for other purposes or link it to other data available on the Internet. Using the archive function of search engines (for example archive.org), photos can often still be retrieved even if they have already been removed from the above-mentioned Internet offerings.

As part of the application process, we process your personal data that you provide to us in this regard. As a rule, this includes your first and last name, title, your contact details (such as address, telephone number, e-mail address, professional position, if applicable), your application data, consisting of your cover letter, CV and the usual supporting documents and certificates.

We process this data to decide whether we would like to enter into an employment relationship with you. This also includes contacting you by mail, telephone or e-mail, for example to confirm receipt of your application or to invite you to an interview. The legal basis for processing the data is Section 26 (1) BDSG.

If, in exceptional cases, we have not received your data from you ourselves, it will come from the employment agency or from personnel service providers.

Within our firm, only those persons who are entrusted with the preparation and implementation of the application process receive your data. In addition, our IT service providers have access to the data, if necessary to provide the technical infrastructure. This enables us to process incoming applications digitally. As a rule, data is not transferred to countries outside the EU or the EEA.

If necessary, we process and store your personal data for the duration of the application process. If an employment relationship is established following the application process, the data will be transferred to your personnel file. Otherwise, the application process ends when the applicant receives a rejection. If we have received your application documents from you by mail or in person, we will return them to you by mail. Your data will be deleted no later than 6 months after receipt of the rejection. This does not apply insofar as the processing and storage of your personal data is necessary in the specific case for the assertion, exercise or defense of legal claims (duration of a legal dispute) or statutory retention obligations prevent the deletion of your data.

If applicable, despite a rejection in a specific application procedure, you will receive an invitation for a so-called "talent pool" for future job postings of our law firm. In case of your consent, your application data will be stored for one year. The legal basis is Art. 6 (1) p. 1 lit. a GDPR in conjunction with Section 26 (2) BDSG. You can revoke your consent at any time by sending an e-mail to bewerbung@troeber.de.

There is no legal or contractual obligation to provide your data. As part of your application, you should only provide the personal data that is required for the application process. Without this data, however, we will have to reject your inclusion in selection procedures.

Our decision-making in the application process is not based on automated processing pursuant to Art. 22 GDPR. Your data will not be used for profiling. Profiling is any kind of automated processing of personal data that consists in using such data to analyze or predict certain personal aspects, Art. 4 No. 4 GDPR.

In addition to subparagraphs B through F, the following shall apply:

Unless otherwise described in this privacy policy, we store your personal data for as long as it is required for the purpose of collection. After that we will delete the data provided, unless the data was also provided for another purpose and is still required. The deletion may not conflict with any legal proof and retention periods.

Corresponding obligations to provide evidence and to retain records arise in particular from the German Federal Lawyers' Act (Bundesrechtsanwaltsordnung), the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). The retention and documentation periods provided for therein are six years after the end of the calendar year in which the mandate was terminated, pursuant to Section 50 (1) BRAO and commercial law requirements pursuant to Section 257 HGB and up to ten years due to tax requirements pursuant to Section 147 AO. If we process your data due to legal retention obligations, we process your data to fulfill a legal obligation on the basis of Art. 6 (1) p. 1 lit. c GDPR.

Unless otherwise described in this privacy policy, you are not legally or contractually obligated to provide your data.

You have the following rights regarding personal data concerning you:

Right to information:

In accordance with Art. 15 GDPR, you have the right to receive information about the data stored about you.

Right to rectification:

If incorrect personal data has been processed, you have the right to rectification in accordance with Art. 16 GDPR.

Right to erasure and restriction of processing:

If the legal requirements are met, you may request erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR).

Right to object:

If your data is processed on the basis of Art. 6 (1) p. 1 lit. f GDPRor lit. e GDPR, you may object to the processing in accordance with Art. 21 GDPR.

Information about your right of objection according to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and should be addressed to:

Rechtsanwalt Jörn Tröber,
Am Mittelhafen 10,
48155 Münster
Tel.: +49 (0) 251 5395892 0
E-Mail: info@troeber.de

Right to data portability:

According to Art. 20 GDPR, you can assert the right to data portability for data that is processed automatically on the basis of your consent or a contract with you.

If you wish to exercise your rights, please feel free to contact us using the contact details above.