Part A: Data Processing on Our Website

Part B: Privacy Notice for Clients and Business Customers

Part C: Your Rights as a Data Subject

1. General

The following statement provides an overview of what personal data is processed, for what purpose, and on what legal basis when you visit our website or contact us. Personal data refers to any information relating to an identified or identifiable natural person, such as name, address, email address, or IP address.

In addition, we inform you about your rights in relation to us as the data controller.

Information regarding the processing of personal data by the notaries employed at GvW Graf von Westphalen is available in the separate: Notaries’ Privacy Policy.

2. Data Controller and Data Protection Officer

The controller responsible for the processing of personal data within the meaning of Article 4(7) of the EU General Data Protection Regulation (GDPR) is 

GvW Graf von Westphalen Rechtsanwälte Steuerberater Partnerschaft mbB (“we/us”)
Poststraße 9 - Alte Post
20354 Hamburg
Phone +49 40 35922-0
Email hamburg@gvw.com 

For more information about us, please see our Legal Notice

If you have any questions regarding data protection, please contact our Data Protection Officer at any tim.

Email datenschutz@gvw.com

3. Data Processing on This Website

When you visit our website, data is automatically collected and stored in so-called server log files, which your browser automatically transmits to us. This includes:

• IP address (in anonymized form)
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (page accessed/URL)
• HTTP status code / access status
• Amount of data transferred
• Website from which the request originated (referrer URL)
• Browser type and version
• Operating system and its interface
• Language of the browser software
• Hostname of the accessing computer

This data is technically necessary for us to display the website to you and to ensure its stability and security. The system temporarily stores your IP address in order to serve the website to your device. We do not associate this data with any specific person and do not link it to other sources of information.

Legal basis: Section 25(2)(2) TDDDG, Article 6(1)(f) GDPR. Our legitimate interest lies in providing you with a functional and secure website.

The data is stored exclusively on servers in Germany. It is deleted as soon as it is no longer required for the purpose of collection - for session data, at the end of the respective session; for log files, no later than seven (7) days.

4. Newsletter Distribution

4.1 Distribution and Analysis via CleverReach

We use the CleverReach service provided by CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany, for the distribution and analysis of our newsletters.

If you have consented to receive our newsletter, we process the following personal data to regularly inform you via email about events, legal developments, and current topics:

Required information:

• First name
• Last name
• Email
• Zip code
• Company
• Industry

Optional information:

• Title
• Gender
• Role / Position
• Area of interest

4.2 Double-Opt-In

We use the so-called double opt-in procedure for subscribing to our newsletter: After you subscribe, you will receive a confirmation email at the address you provided, asking you to verify your subscription by clicking on a confirmation link. Only after this confirmation will your email address be added to our mailing list. If you do not confirm your subscription within 24 hours[GvW1] , your data will be blocked and automatically deleted after one month. In addition, we store the IP address used as well as the time of registration and confirmation.

4.3 Newsletter Tracking

To measure effectiveness, newsletters sent via CleverReach contain a so-called tracking pixel. When the email is opened, this establishes a connection to CleverReach’s servers and allows us to determine whether and when an email was opened. In addition, we use tracking links to analyze your click behavior within the newsletter. As part of this effectiveness measurement, the following data, among others, is processed:

• Browser type and operating system
• IP address
• Time of newsletter delivery
• Interactions with the newsletter (e.g., opens, clicks on links)

Legal basis: Art. 6(1)(a) GDPR (consent). You may revoke your consent at any time with future effect - by clicking the unsubscribe link provided in every newsletter, by email to datenschutz@gvw.com, or by sending a message to the contact details listed in our legal notice. The lawfulness of the processing carried out prior to revocation remains unaffected.

The data processed in connection with the newsletter will be deleted as soon as you cancel your subscription. Mandatory legal retention obligations remain unaffected.

For more information on data protection at CleverReach, please visit: https://www.cleverreach.com/de-de/datenschutz/. 

5. Event Registrations

When you register for an event via our website, we process the personal data you provide during registration, in particular:

• First and last name
• Email address
• Zip code
• Company / Institution
• Industry
• University (if applicable, for academic events)

We process this data to plan and conduct the event and to create participant lists.

Legal basis: Art. 6(1)(b) GDPR, insofar as the registration relates to a pre-contractual or contractual relationship; additionally, Art. 6(1)(a) GDPR, provided you have consented to the processing of further data, e.g., for updates on similar events.

If we use external service providers to carry out the event, we will inform you of this separately during registration.

The data will be deleted after the event has concluded, provided that no legal retention obligations prevent this.

6. Contact

6.1 Contact Form

You have the option to contact us via the contact form provided on our website. When you use the contact form, we process only the data you provide in the input fields:

• Title (optional)
• Gender (optional)
• First name and last name
• Email address
• Zip code (optional)
• Company
• Role / Position
• Industry (optional)
• Subject and your message to us

In addition, the following data is processed during the submission process for technical reasons:

• Time of the request
• Anonymized IP address

This data is used to prevent any misuse of the contact form and to ensure system security. It is automatically deleted from our web servers after six (6) months.

We use the content data you provide exclusively to process and respond to your inquiry.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding to your inquiry) or Art. 6(1)(b) GDPR, to the extent that your inquiry is aimed at initiating a contractual relationship.

The personal data processed in the context of establishing contact will be deleted as soon as your inquiry has been conclusively answered. Storage beyond this will only occur to the extent that this is necessary to assert or defend legal claims or where statutory retention periods apply.

6.2 Contact by Phone

When you contact us by phone, we collect your name, your contact information, and other details necessary to properly handle your inquiry. We use the data you provide exclusively to respond to your inquiry and to document and track your request.

Legal basis: Art. 6(1)(b) GDPR, insofar as your inquiry is aimed at the conclusion or performance of a contract (e.g., initiation of a mandate); in all other cases, Art. 6(1)(f) GDPR (legitimate interest in effective communication).

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Any further storage will only take place to the extent that this is necessary to assert or defend legal claims or where statutory retention periods apply.

7. Cookies and Other Technologies

7.1 General

We use cookies and similar technologies on our website. Cookies are small text files that are stored on your device and associated with the browser you are using.

You can adjust or revoke your cookie settings at any time using the cookie management tool provided on our website.

7.2 Categories of Cookies Used

We use the following cookie categories:

• Technically necessary cookies: These are essential for the operation of the website and cannot be disabled. Legal basis: Section 25(2)(2) TDDDG in conjunction with Article 6(1)(f) GDPR.
• Preference cookies: Save your individual settings (e.g., language). Legal basis: Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR (consent).
• Statistical cookies: Collect anonymized usage data to improve our service. Legal basis: Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR (consent).
• Marketing cookies: Enable interest-based advertising via third-party providers. Legal basis: Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR (consent).

For all cookie categories requiring consent, you may revoke your consent at any time with future effect via our cookie management tool. Please also refer to the cookie management tool for a complete overview of all cookies used.

8. Google Services

8.1 General Information and Transfers to Third Countries

We use various services provided by the third-party provider Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 (“Google”) on our website. 

You can find Google’s privacy policy at: http://www.google.de/intl/de/policies/privacy.  

There you will also find further information regarding your rights in this regard and settings options to protect your privacy. 

We generally use Google’s services in what is known as Basic Consent Mode. This means that we do not transmit any personal data to Google or set cookies unless you have given us your consent in accordance with Section 25(1) sentence 1 TDDDG and Article 6(1)(a) GDPR. You may revoke your consent at any time with future effect. 

To exercise your right of revocation, please deactivate the relevant service via the “cookie banner” provided on our website. 

If you consent to the processing or setting of cookies in connection with Google’s services, you thereby grant both us and Google consent to process your data and set cookies for the purposes specified here. Further information on the respective Google services can be found in the following sections.

For the United States, the European Commission adopted its Adequacy Decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (such as Singapore) cannot be completely ruled out, we have also entered into the EU Standard Contractual Clauses with the provider.

8.2 Google Analytics 4

We use the Google Analytics 4 service on our website, which allows us to analyze your use of our website. 

Provided you have given your consent, we use Google Analytics to regularly analyze your user interactions on our website. The statistics and reports obtained allow us to improve our services and enhance your user experience.

By default, when you visit the website, Google Analytics 4 sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, though Google truncates the last digits to prevent direct personal identification. Only in exceptional cases is the full IP address transmitted to a Google server in the U.S. and truncated there. We use Google Analytics with the “_anonymizeIp()” extension. This ensures that IP addresses are processed in a truncated form, thereby preventing any personal identification.

Google uses the collected information on our behalf to evaluate your use of our website, compile reports on website activity for us, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics and truncated is not merged with other data from Google. The data collected through the use of Google Analytics 4 is stored for a period of two months and then deleted. 

8.3 Google Ads

Our website uses Google Ads services to display targeted advertising and analyze the effectiveness of our advertising campaigns. In doing so, information about your use of this website is collected and combined with other data from Google to enable interest-based advertising on Google services and third-party websites. 

To implement this, Google Ads uses so-called ad servers through which advertisements are delivered. Cookies and similar technologies are used in this process, which track parameters such as ad impressions, clicks, and so-called post-view conversions. This information enables Google to evaluate user behavior and assess the effectiveness of advertising campaigns.

As part of this processing, personal data such as your IP address, location data, device information, browser type, and your interactions with our ads (e.g., clicks and page views) may be collected. 

8.4 Google Maps

We use the “Google Maps” map service on our website. When you visit our website with an embedded Google Maps map, Google receives information about your usage, specifically that you have visited the corresponding subpage of our website. The following data, among others, is collected as part of this processing:

• IP address (anonymized)
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• The amount of data transferred
• Website from which the request originates
• Browser, operating system, and its interface
• Language and version of the browser software

If you are logged into your Google account, the data can be directly associated with your user profile. If you do not wish this, we recommend logging out of your Google account before using the map feature.

Embedding of YouTube Videos

Our website embeds videos published on the YouTube platform that can be played directly from our website. These are all embedded in “enhanced privacy mode,” meaning that no data about you as a user is transmitted to YouTube unless you play these videos. Your personal data is only transmitted when you click on a video. We have no influence over this data transfer. The processing includes, among other things, the following data: 

• IP address (anonymized)
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• The amount of data transferred
• Website from which the request originates
• Browser, operating system, and its interface
• Language and version of the browser software

YouTube videos are embedded on our website to provide you with multimedia content and to make our website appealing and informative. By providing video content, we aim to convey additional information about our services or current topics and to enhance the user experience.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data listed above is transmitted. This occurs regardless of whether you are logged into a YouTube account or not. If you are logged in to Google, your data is directly associated with your account. If you do not wish for this data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research, and/or to tailor the website to your needs. Such analysis is carried out in particular (even for users who are not logged in) to deliver targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and must contact YouTube directly to exercise this right.

In addition, a corresponding link to YouTube may be provided on our website. If you click this link, you will leave our website and be redirected to YouTube. In this case, the processing of personal data—in particular your IP address and, if applicable, other usage data—by Google takes place only there. We have no influence over this data processing.

9. Social Media

In addition to our website, we are also active on various social media platforms. We currently maintain profiles on the following platforms: 

• LinkedIn: https://www.linkedin.com/company/graf-von-westphalen
• YouTube: https://www.youtube.com/GvWGrafvonWestphalen
• Instagram: https://www.instagram.com/gvwkarriere/

Please note that when you visit these external sites, a connection is established to servers that are outside our control. The handling of your personal data is governed by the privacy policies of the respective platform operator. We have no influence over how your data is processed there.

The Instagram images embedded on our website are stored locally on our web server. A connection to Instagram’s servers is only established when you actively click on an image and are thereby redirected to Instagram.

For the purpose and scope of data collection as well as further processing by the platform operators, please refer to their privacy policies:

• Instagram Privacy Policy: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect&__coig_consent=1&hl=de 
• YouTube Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de 
• LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy 

10. Routine Deletion and Blocking of Personal Data

Your personal data will only be stored for as long as necessary to achieve the respective processing purpose or as required by statutory retention obligations. Once the purpose of storage no longer applies and statutory retention periods have expired, the data will be routinely deleted or blocked.

11. No Automated Decision-Making and Profiling

We do not use fully automated decision-making pursuant to Art. 22 GDPR. As general rule, profiling does not take place.

Part B: Privacy Notice for Clients and Business Customers 

1. Preliminary Note

GvW Graf von Westphalen Rechtsanwälte Steuerberater Partnerschaft mbB processes personal data in the context of client relationships and the initiation of such relationships. With this privacy notice, we fulfill our information obligations toward clients, client-side contacts, contacts of opposing parties, and other natural persons involved in the client relationship in accordance with Articles 13 and 14 of the GDPR.

2. Data Controller and Data Protection Officer

The controller responsible for processing your personal data within the scope of the client relationship is:

GvW Graf von Westphalen Rechtsanwälte Steuerberater Partnerschaft mbB
Poststraße 9 – Alte Post
20354 Hamburg
Phone +49 40 35922-0
Email hamburg@gvw.com 

If you have any questions regarding data protection, please contact our Data Protection Officer at any time:
Email: datenschutz@gvw.com 

3. Categories of Personal Data processed 

Within the scope of a client relationship, we process the following categories of personal data, depending on the specific mandate:

Basic and contact information:

• Last name, first name, title, academic degree
• Address (business and/or home address)
• Phone and fax numbers
• Email address
• Role/position within the company

Order-related data:

• Details regarding the matter (e.g., contract, corporate, dispute, or transaction data)
• Correspondence and written communications related to the mandate
• Court and administrative pleadings, decisions, and rulings
• Information regarding parties to the proceedings, contracting parties, and other involved persons

Financial data:

• Invoicing and payment data
• Information regarding beneficial ownership (particularly in the context of anti-money laundering checks)
• Bank details / IBAN

Special categories of personal data (Art. 9 GDPR):

In certain cases, it may be necessary to process special categories of personal data within the meaning of Article 9(1) of the GDPR, for example:

• Health data (e.g., in labor law, insurance law, or liability law matters)
• Data on criminal convictions and offenses (e.g., in criminal defense or regulatory advisory matters)
• Trade union membership (e.g., in collective labor law matters)
• Other categories of data listed in Article 9(1) of the GDPR, to the extent necessary for the mandate

The processing of such data is carried out exclusively on the basis of Article 9(2)(b) or (f) of the GDPR (for the establishment, exercise, or defense of legal claims or to fulfill obligations under labor and social security law) or—where necessary—on the basis of your explicit consent pursuant to Article 9(2)(a) of the GDPR.

4. Purposes and Legal Bases of Data Processing

We process your personal data for the following purposes:

4.1 Establishment and Execution of the Client Relationship

We process your data for the preparation, establishment, performance, and settlement of the client relationship, as well as for the provision of the commissioned legal and tax advisory and representation services. This includes, in particular, communication with you, the preparation of pleadings and legal opinions, representation before courts and authorities, and the billing of our services.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract and pre-contractual measures).

4.2 Compliance with Legal Obligations

As a law and tax consulting firm, we are subject to a number of legal obligations, the fulfillment of which requires the processing of personal data. These include, in particular:

• Anti-money laundering: Under the Money Laundering Act (GwG), we are required to identify clients and, where applicable, beneficial owners, verify their identities, and retain the relevant documentation.
• Professional obligations: We are subject to the requirements of the Federal Lawyers’ Act (BRAO), the Professional Code for Lawyers (BORA), and the Tax Consultancy Act (StBerG), including the resulting documentation and retention obligations.
• Accounting and tax law obligations: Invoices and client-related accounting records must be retained in accordance with the requirements of the German Commercial Code (HGB) and the German Fiscal Code (AO).
• Other statutory reporting obligations: To the extent that we are subject to statutory reporting obligations in certain circumstances (e.g., under the Foreign Trade Act or the Tax Haven Prevention Act), we process your data to the extent necessary for this purpose.

Legal basis: Art. 6(1)(c) GDPR (compliance with legal obligations).

4.3 Protection of Legitimate Interests

To the extent necessary, we process your data to protect our legitimate interests or the legitimate interests of third parties, in particular:

• To assert, exercise, or defend our own legal claims (e.g., to enforce fee claims or to defend against liability claims).
• For internal quality assurance and client management.
• To conduct conflict of interest reviews (conflict screenings) before and during the handling of a mandate.
• To ensure IT security and protect our systems and infrastructure.
• For the internal sharing of client information within GvW Graf von Westphalen, to the extent necessary for effective client representation.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

4.4 Consent

To the extent that we obtain your explicit consent in individual cases—for example, for the transmission of documents via certain communication channels, for the processing of special categories of personal data, or for certain information and marketing measures—processing is based on your consent. You may revoke any consent you have given at any time with future effect, without this affecting the lawfulness of the processing carried out prior to the revocation.

Legal basis: Art. 6(1)(a) GDPR.

5. Source of the Data

We generally receive personal data directly from you as a client or from the contact persons you have designated. In addition, data from the following additional sources may be collected in the course of handling your mandate:

• Publicly accessible sources (e.g., commercial registers, land registers, insolvency notices, publications in the Federal Gazette, court and administrative decisions)
• Courts, authorities, and other public bodies that provide us with information in the context of judicial or administrative proceedings
• Third parties involved in proceedings (e.g., opposing parties, experts, other law firms or notaries involved)
• Credit bureaus or other information service providers, to the extent necessary for the performance of the mandate

6. Recipients and Disclosure of Personal Data

Within the scope of the client-attorney relationship, personal data may be disclosed to the following recipients:

Internal recipients:

Attorneys, tax advisors, specialist attorneys, and employees of GvW Graf von Westphalen at the respective locations who are involved in handling the mandate.

External recipients:

• Courts, government agencies, and other public authorities, to the extent necessary for the performance of the mandate or to fulfill legal obligations.
• Opposing parties and their legal representatives, to the extent necessary to protect your interests within the scope of the mandate.
• External experts, appraisers, notaries, or co-engaged law firms (particularly in international matters), to the extent that you have given your consent or this is necessary for the execution of the mandate.
• Tax advisors, auditors, or other consultants, to the extent necessary for integrated advisory services and provided you have consented.
• Technical service providers and data processors that we engage as part of our firm’s operations (e.g., IT service providers, data center operators, document destruction service providers, and providers of law firm software and document management systems). These parties are contractually bound as data processors pursuant to Article 28 of the GDPR and may process your data exclusively in accordance with our instructions.

Personal data will not be disclosed to third parties beyond what is necessary for the performance of the mandate, unless we are legally obligated to do so or you have expressly consented.

Confidentiality obligations of external service providers—in particular AI providers:

All external service providers we use – including providers of artificial intelligence (AI) and other cloud-based software-as-a-service solutions – are contractually bound to strict confidentiality and are subject to the obligations of data processors under Article 28 of the GDPR. Through appropriate data processing agreements, we ensure that client data is processed by these providers exclusively in accordance with our instructions and may not be used for training AI models, for machine learning processes, or for any other purposes of the providers themselves.

7. Use of Artificial Intelligence and Technical Tools

To support and enhance the efficiency of our work, we use technical tools, including applications based on Artificial Intelligence (AI). The use of such tools is always subject to the professional supervision and responsibility of our attorneys and tax advisors. AI-supported tools do not at any time replace the legal assessment by our advisors, but serve exclusively as a supportive tool.

All AI providers we use are—as set forth in Section 6—contractually bound to confidentiality and are subject to the obligations of a data processor pursuant to Article 28 of the GDPR. Client data is not used for training AI models or for any other purposes of the providers.

8. Professional Duty of Confidentiality

As attorneys and tax advisors, we are bound by a comprehensive duty of confidentiality (Section 43a(2) BRAO, Section 57(1) StBerG). This professional duty of confidentiality exists independently of the data protection requirements of the GDPR and provides special protection for all information entrusted to us within the scope of the client relationship. All professionals and employees working at GvW Graf von Westphalen are bound by confidentiality. We disclose client-related information only to the extent necessary for the performance of the mandate, expressly required by law, or expressly authorized by you.

9. Data Transfer to Third Countries

Your personal data will only be transferred to third countries (countries outside the European Union or the European Economic Area) if and to the extent that this is necessary for the performance of the mandate—for example, in cross-border transactions, international arbitration proceedings, or cooperation with foreign correspondent lawyers—or if you have expressly consented.

Where a transfer to a third country takes place, we ensure an adequate level of data protection through appropriate safeguards. Appropriate safeguards include, in particular:

• Adequacy decisions by the European Commission (e.g., the EU-US Data Privacy Framework for data transfers to the United States)
• EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR
• Binding Corporate Rules pursuant to Art. 47 GDPR

Upon request, we will be happy to inform you about the safeguards applied in each specific case.

10. Retention Period and Deletion

We store your personal data only for as long as is necessary to carry out the mandate and fulfill our legal and professional obligations. Upon expiration of the respective retention period, your data will be routinely and securely deleted, provided that no further legitimate interests (e.g., to defend against liability claims that have not yet become time-barred) preclude deletion.

Part C: Your Rights as a Data Subject

You have the following rights under the GDPR with respect to your personal data vis-à-vis us as the data controller. To exercise your rights, please contact: datenschutz@gvw.com.

Right of Access (Art. 15 GDPR)

You have the right to request information from us regarding whether we process personal data about you. In the event of processing, you have the right to information regarding the categories of data processed, the purposes of processing, any recipients, and the planned storage period.

Note on restrictions: The right of access and inspection may be restricted in individual cases by our professional duty of confidentiality or by conflicting legitimate interests of third parties (Art. 15(4) GDPR, § 29(1) sentence 2 BDSG). In this case, we will inform you of the restriction to the extent permitted by law.

Right to Rectification and Completion (Art. 16 GDPR)

You have the right to request the immediate rectification of inaccurate personal data and, taking into account the purposes of processing, the completion of incomplete personal data.

Right to Erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data in the cases provided for by law, in particular if the data is no longer necessary for the intended purpose, is being processed unlawfully, or you have withdrawn your consent.

If we have made the data concerning you public and there is an obligation to erase it, we will take reasonable steps, taking into account available technology and implementation costs, to inform other controllers processing the data of your request for erasure.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your data in the cases prescribed by law, provided that erasure is not possible or the obligation to erase is disputed.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another controller, provided that the processing is based on consent or a contract and is carried out by automated means.

Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, provided that the processing is based on Article 6(1)(e) or (f) of the GDPR.

If your personal data is processed for the purpose of direct marketing, you have the right to object to this processing at any time; this also applies to the associated profiling.

Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw your consent at any time with future effect. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority—in particular in the Member State of your residence, your workplace, or the location of the alleged violation.

The supervisory authority responsible for us is:

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
Phone +49 40 428 54-4040

Email: mailbox@datenschutz.hamburg.de 

Notwithstanding the above, you may also contact the supervisory authority in your place of residence or workplace. The supervisory authority will inform you of the status and outcome of your complaint, as well as the possibility of seeking judicial remedy under Article 78 of the GDPR.

As of: April 2026