Privacy Notice

Thank you for your interest in our website (hereinafter referred to as the ‘website’). We respect your privacy, and take the protection of your personal data extremely seriously. The following privacy notice is intended to inform you in particular as to what categories of personal data are collected when you visit our website, the legal basis on which these data are processed, and what rights you may have.

Data Controller

The data controller within the meaning of the EU General Data Protection Regulation (hereinafter referred to as the ‘GDPR’) is Gierschmann Legal, owned by Sibylle Gierschmann, Kattjahren 4, 22359 Hamburg, Germany, email:

What is personal Data

Personal data is any information that can be related to you. This includes for example your name, address, date of birth, email address, and telephone number. By contrast, non-personal data is information of a general nature by means of which your identity cannot be determined. This includes statistical data such as the number of users of a website, for example.

In general, you can visit the website, which is primarily of informational nature, without disclosing any information that identifies you.

Web Server Protocols

When you visit the website, the website’s web server logs the following information for technical reasons: your IP address, the date and time you accessed the website, the pages you visited on the website, the website from which you linked to our site, your browser type (e.g. Mozilla Firefox, Google Chrome, etc.), your operating system (e.g. Windows 10), as well as the domain name and the address of your Internet provider (e.g. Deutsche Telekom). These data are used to process and optimize transmission of the requested web pages.

We may process information collected by the web server in cooperation with your Internet provider and/or local authorities in the case of system misuse in order to identify the originator of such system misuse.

The legal basis for this processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the securing of data transfer and the integrity of the website and our systems. We assume that the interests of our users are of a similar nature, since it is only possible to access our website and ensure its functionality in this manner.

Personal Data That You Make Available Yourself

In addition, personal data can be processed if you yourself make this kind of data available, e.g. if you send us an email. We process this kind of personal data to respond to and process your query.

The legal basis for processing data, that are transferred in the course of a contact request, is Art. 6 para.1 lit. f GDPR (our legitimate interests as the data controller).

Where the contact request is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para.1 lit. b GDPR (fulfillment of a contract).



We do not transfer your personal data to third parties, unless this is necessary for the fulfillment of your request, or where disclosure is permitted based on the relevant statutory provisions (e.g. for purposes of legal defense), or where you have given your consent.

We are supported by external service providers in the provision of our website. These service providers process personal data exclusively on our behalf and upon our instruction.
We have commissioned 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabauer, Germany for the hosting and technical provisioning of our website.
Our data processors are bound to us by means of contracts based on data protection law as required, which in particular ensures that the data processor guarantees confidentiality, acts strictly according to instructions, and implements appropriate technical and organizational measures to protect personal data.
Where these service providers are based outside the European Economic Area (EEA), we ensure that this is either a third-party country providing an adequate level of data protection as determined by the EU Commission (e.g. Switzerland), or that adequate safeguards are in place such as standard  data protection clauses (aka standard contractual clauses). For service providers based in the USA, it may be sufficient that the service provider is certified according to the EU-US Privacy Shield.


We generally only store your personal data for the time necessary to fulfill the purpose for which they were collected or otherwise processed. A longer storage may take place, if required for compliance with a legal obligation according to the law of the Union or of an EU member state (e.g. to meet tax or commercial law retention obligations), or to the extent it is required for establishment, exercise, or defence of legal claims.

Web Server Protocols

Information processed for accessing the website is, as a rule, deleted once the current session has ended. Furthermore, it is possible that previously anonymized data are stored in log files for the purposes of website security. This kind of data is routinely deleted after a maximum of eight weeks.

Personal Data That You Make Available Yourself

Personal data made available to us in the context of contact requests are, as a rule, deleted once the issue has been resolved and the corresponding conversation is terminated.



You have the following rights as per the GDPR, depending on the circumstances of the actual case:

  • Access: You may request access to your personal data and/or copies of these data. This includes inquiries as to the purpose of the use, the category of personal data, the categories of recipients and those entitled to access personal data, as well as (where possible) the planned duration of data storage or, where this is not possible, the criteria for determining its duration. No right of access exists in respect of data that may not be deleted purely based on legal or statutory retention grounds or that exclusively serve the purpose of data backup or privacy control.
  • Rectification, erasure, or restriction of processing: You may request the correction, deletion, or restriction of processing of your personal data to the extent that such use is impermissible in terms of data protection law, in particular because (i) personal data are incomplete or incorrect, (ii) they are no longer necessary for the purposes for which they were collected, (iii) the consent on which the processing is based has been revoked, or (iv) you have successfully objected to the data processing; in cases in which data have been disclosed to third parties, we will communicate the correction, deletion, or restriction of processing to these recipients unless this proves impossible or involves disproportionate effort;
  • Withdrawal of consent: To the extent that processing is based on your consent, you may refuse to provide such consent or later withdraw such consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • No automated decision-making: You have the right not to be subject to a decision that is based solely on automated processing and which produces legal effects concerning you or significantly affects you in a similar manner;
  • Data portability: Where applicable, you may have the right to request to obtain personal data that you have made available to us, in a structured, current, and machine-readable form and to transfer personal data to another data controller without obstruction by us; where applicable, you also have the right to request that we transfer your personal data direct to another data controller to the extent that this is technically possible.

Right to Object: Furthermore, you have the right to object to data processing where it is based on legitimate interests, unless we are able to demonstrate that compelling legitimate grounds override your interests, rights, and freedoms; you may object at any time to processing of personal data for purposes of direct marketing.
To exercise your rights, kindly contact us at Our statutory obligation to maintain confidentiality remains unaffected by this.
Right to lodge a complaint with a supervisory authority: You may lodge a complaint with a competent supervisory authority if you are of the opinion that the processing of your personal data infringes the GDPR. You may assert this right to the supervisory authorities in the Member State of your habitual residence, your place of work, or the location of the alleged infringement. The competent supervisory authority in Hamburg is the Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str 22, 7. OG, 20459 Hamburg, Germany, Tel.: +49 40 428 54 – 4040, Fax: +49 40 428 54 – 4000, email:


We implement appropriate technical and organizational security measures to protect personal data processed by us, in particular against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Our security measures are continually improved in line with technological developments. When using our website, your personal data is encrypted using SSL/TLS technology to prevent unauthorized access by third parties.
Please note that data transmission on the Internet (e.g. when communicating via email) can be subject to security loopholes. Seamless protection of data from access by third parties is, unfortunately, not possible.

Status: June 2020
Gierschmann Legal