Privacy Policy of Tavanti, Redeker & Partner Rechtsanwälte Partnerschaft mbB

This is an English translation of our Privacy Policy provided for informational purposes only. The legally binding version is the original German version available at https://www.tavanti-redeker.com/de/datenschutz/.

Table of Contents

• 1 General Information
  • 1.1 Purpose and Responsibility
  • 1.2 Legal Bases
  • 1.3 Data Subject Rights
  • 1.4 Data Deletion and Retention Period
  • 1.5 Processing Security
  • 1.6 Data Transfers to Third Parties, Subcontractors and Third-Party Providers
• 2 Processing Within the Scope of Our Online Offering
  • 2.1 Collection of Information Related to Use of the Online Offering
  • 2.2 CCM19 Cookie Management
  • 2.3 Information on Google Services
  • 2.4 Google Analytics
  • 2.5 Google Fonts
  • 2.6 Google Tag Manager
  • 2.7 Location Map (OpenStreetMap)
  • 2.8 Links to Other Websites
• 3 Processing for the Execution of Our Business Processes
  • 3.1 Contact via Email and Contact Form
  • 3.2 Notarial Services
  • 3.3 Electronic Correspondence
  • 3.4 Job Applications
  • 3.5 Data Sheets
• 4 Cookie Policy
  • 4.1 General Information
  • 4.2 Cookie Overview and Opt-out Options
• 5 Amendments to This Privacy Policy

1 General Information

1.1 Purpose and Responsibility

1. This Privacy Policy informs you about the type, scope, and purpose of processing personal data in connection with our online offering https://www.tavanti-redeker.com/ and the associated websites, features, and content (hereinafter collectively referred to as "Online Offering" or "Website"). Details of these processing activities can be found in Section 2.
2. Details regarding data processing activities for the execution of our business operations are described in Section 3.
3. The provider of the Online Offering and the entity responsible under data protection law is TAVANTI & REDEKER Rechtsanwälte Partnerschaft mbB (Gutenbergstraße 2, 10587 Berlin, Germany) – hereinafter referred to as "TAVANTI & REDEKER", "we", or "us".
4. Our Data Protection Officer is: Sven Meyzis – IT.DS Beratung (Phone: +49 40-21091514 / Email: s.meyzis@itdsb.de).
5. The term "user" includes all customers and visitors to the Online Offering.

1.2 Legal Bases

We generally collect and process personal data based on the following legal bases:

1. Consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR). Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Necessity for contract performance or pre-contractual measures pursuant to Article 6(1)(b) GDPR, i.e., the data is necessary for us to fulfill our contractual obligations to you or to prepare a contract with you.
3. Processing to comply with a legal obligation pursuant to Article 6(1)(c) GDPR, e.g., if processing is mandated by law or other regulations.
4. Necessity to perform a task carried out in the public interest or in the exercise of official authority vested in the controller (cf. Article 6(1)(e) GDPR).
5. Processing for the purposes of legitimate interests pursuant to Article 6(1)(f) GDPR, i.e., the processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

The specific legal bases for individual processing activities are listed in the relevant sections below.

1.3 Data Subject Rights

You have the right to:

1. request access to your personal data processed by us pursuant to Article 15 GDPR, including information on the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if not collected by us, and the existence of automated decision-making, including profiling, and meaningful information about the logic involved;
2. request the immediate rectification of inaccurate or completion of your personal data stored by us pursuant to Article 16 GDPR;
3. request the erasure of your personal data stored by us pursuant to Article 17 GDPR, unless processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
4. request restriction of processing pursuant to Article 18 GDPR if you contest the accuracy of the data, if the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR;
5. receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller pursuant to Article 20 GDPR;
6. withdraw your consent at any time pursuant to Article 7(3) GDPR. This means that we will no longer process data based on this consent in the future; and
7. lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. You may generally contact the supervisory authority at your habitual residence or place of work or our office.

Competent supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin / Visitor Entrance: Puttkamerstr. 16-18 (5th Floor)
Phone: +49 30 13889-0
Fax: +49 30 2155050
Email: mailbox@datenschutz-berlin.de

8. b. Right to Object:
   If your personal data is processed based on legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are reasons arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object which we will implement without requiring a particular situation.

If you wish to exercise your right of withdrawal or objection, simply send an email to berlin@tavanti-redeker.com

1.4 Data Deletion and Retention Period

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other legal provisions to which the controller is subject. Blocking or deletion of the data will also occur when a retention period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.

1.5 Processing Security

1. We have implemented appropriate technical and organizational security measures (TOMs) in line with the state of the art. This ensures that data processed by us is protected against accidental or intentional manipulation, loss, destruction, as well as unauthorized access.
2. Among the security measures is, in particular, the encrypted transmission of data between your browser and our server.

1.6 Data Transfers to Third Parties, Subcontractors and Third-Party Providers

1. Transfer of personal data to third parties:

   We only disclose your personal data to third parties if:

   • you have given your explicit consent pursuant to Article 6(1)(a) GDPR,
   • the disclosure is necessary pursuant to Article 6(1)(f) GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest in not disclosing your data,
   • there is a legal obligation for the disclosure pursuant to Article 6(1)(c) GDPR, or
   • the disclosure is legally permissible and necessary for the performance of a contract with you pursuant to Article 6(1)(b) GDPR.
2. If we use subcontractors for the processing of personal data or if it cannot be excluded that subcontractors may access personal data, we have concluded appropriate contractual agreements and implemented technical and organizational measures with these companies.
3. If we use content, tools or other means from other companies (hereinafter collectively referred to as "third-party providers") and their place of business is in a third country, it must be assumed that a data transfer to the countries of residence of the third-party providers will occur. We only transfer personal data to third countries if an adequate level of data protection, user consent, or another legal basis is in place.

2 Processing Within the Scope of Our Online Offering

2.1 Collection of Information Related to Use of the Online Offering

1. When you access our website, information is automatically sent to our server by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your input and stored until automatic deletion:
   • IP address of the requesting computer,
   • date and time of access,
   • name and URL of the requested file,
   • website from which the request was made (referrer URL),
   • browser used and, where applicable, your computer’s operating system and the name of your access provider.
2. This data is processed for the following purposes:
   • ensuring a stable connection to the website,
   • ensuring user-friendly operation of our website,
   • evaluation of system security and stability, and
   • other administrative purposes.
3. Data is processed on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR (e.g., website optimization), and to ensure the security of processing pursuant to Art. 5(1)(f) GDPR (e.g., detection and prevention of cyberattacks). Under no circumstances do we use the collected data to draw conclusions about you personally.
4. The information is automatically deleted at the latest after 30 days, provided no legal retention periods prevent this.
5. Collection and storage of this data in log files is essential for the operation of the online offering. Therefore, there is no possibility for the user to object, delete or correct this data.

2.2 CCM19 Cookie Management

1. Our website uses the cookie consent technology "CCM19" to obtain your consent for cookies and cookie-based applications that require it and to document this consent in accordance with data protection laws. This technology is provided by Papoo Software & Media GmbH – Dr. Carsten Euwens. Bornschein, Auguststr. 4, 53229 Bonn (hereinafter: CCM19).
2. When you visit our website, a banner is displayed via an embedded JavaScript code that allows you to grant consent for certain cookies and cookie-based applications. As long as you have not given your consent, the tool blocks the use of cookies that require it. The cookie consent tool collects certain user information including the IP address when our site is accessed, to assign page views to individual users and store the consent settings for the session. This data is not shared with CCM19.
3. The data collected will be stored until you request deletion or delete the CCM19 cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.
4. The use of CCM19 is necessary to comply with legal requirements for obtaining consent for cookies. The legal basis for this is Art. 6(1)(c) GDPR.
5. Further information on data processing by CCM19 can be found at: https://www.ccm19.de/datenschutzerklaerung.html.

2.3 Information on Google Services

1. We use various services from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

   Details about specific Google services used on this website can be found in the following sections of this privacy policy.

2. By embedding Google services, Google may collect and process information (including personal data). It cannot be excluded that this data may also be transmitted to a server in a third country, including the USA.

   Transfers to the USA depend on the role under which personal data is transferred. We may transmit data directly to Google for further processing.

   An adequacy decision under Art. 45 GDPR exists. Additionally, Google has committed to comply with the Standard Contractual Clauses (SCCs) for international data transfers.

   More information on SCCs:
   https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_de
   and
   https://policies.google.com/privacy/frameworks?hl=en

3. We have no control over what data Google actually collects and processes. According to Google, the following information may be processed:
   • Log data (especially IP addresses),
   • location-related information,
   • unique application numbers,
   • cookies and similar technologies.

   Information on the types of cookies used by Google: https://policies.google.com/technologies/types

4. If you are logged into your Google account, Google may associate the collected information with your account and treat it as personal data.
5. According to Google:
   “If you are not signed into a Google Account, we store the information we collect with unique identifiers tied to the browser, application, or device you are using. This allows us, for example, to maintain your language preferences across sessions.
   If you are signed into a Google Account, we also collect information that we store with your Google Account and treat as personal data.”
   (https://privacy.google.com/take-control.html)
6. You can prevent this by logging out of your Google account or adjusting your account and cookie settings (e.g., blocking or deleting cookies).
7. Further information can be found in Google’s privacy policy: https://www.google.com/policies/privacy/
8. Information on Google’s privacy settings: https://privacy.google.com/take-control.html

2.4 Google Analytics

1. We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland – "Google"), based on your consent for the purpose of analyzing, optimizing, and economically operating our online offering pursuant to Art. 6(1)(a) GDPR. Google uses cookies and other technologies. The information generated about the use of this website is usually transmitted to and processed by Google servers in the USA.
2. Google acts on our behalf within the scope of a data processing agreement pursuant to Art. 28 GDPR. We have concluded a data protection agreement with Google including EU Standard Contractual Clauses.
3. We use Google Analytics with IP anonymization enabled.
4. Google Analytics stores cookies in your browser for a period of up to two years since your last visit. These cookies contain a randomly generated user ID that allows you to be recognized upon future visits. Users can prevent the storage of cookies by configuring their browser settings. Additionally, you can prevent the collection and processing of data by downloading the browser plugin from https://tools.google.com/dlpage/gaoptout?hl=en.
5. Collected data is stored along with a randomly generated user ID, allowing analysis of pseudonymous user profiles. These user-level data are automatically deleted after 14 months. Aggregate data may be retained indefinitely.
6. Further information on how Google uses data, settings, and opt-out options:
   https://policies.google.com/technologies/partner-sites?hl=en
   https://policies.google.com/technologies/ads
   https://adssettings.google.com/authenticated

2.5 Google Fonts

1. To make our website visually appealing, we use fonts provided by Google, known as Google Fonts.
2. We have embedded these fonts locally on our web server. No connection to Google servers is established and no data is transferred to Google.

2.6 Google Tag Manager

1. We use Google Tag Manager on our website, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
2. Google Tag Manager allows us to organize and manage various scripts and services on our website. Google Tag Manager triggers the integration of tags. When a tag is triggered, Google may process information (including personal data). A data transfer to a third country cannot be excluded.
3. See section 2.3 of this privacy policy for information on standard contractual clauses and transfers to the USA.
4. The following personal data may be processed by Google Tag Manager:
   • Online identifiers (including cookie IDs)
   • IP address
5. More information about Google Tag Manager can be found at:
   https://www.google.de/tagmanager/use-policy.html
   https://www.google.com/intl/en/policies/privacy/
6. We have concluded a data processing agreement with Google under Art. 28 GDPR. Google processes the data on our behalf for managing and displaying the services used on our website. Google may transfer this data to third parties where required by law or when third parties process data on Google’s behalf.
7. If you have disabled tracking services (e.g., via opt-out cookies), this deactivation applies to all tracking tags managed via Google Tag Manager.
8. The purpose of using Google Tag Manager is to integrate and manage services in a structured and efficient way. It also improves loading times of various tools.
9. Legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR.
10. Legal basis for storing the proof of your consent is our legitimate interest pursuant to Art. 6(1)(f) GDPR in demonstrating that we obtained valid consent (Art. 7(1) GDPR).

2.7 Location Map (OpenStreetMap)

1. We integrate map material from OpenStreetMap (OSM), a project of the OpenStreetMap Foundation (132 Maney Hill Road, Sutton Coldfield, West Midlands B72 1JU, United Kingdom), which provides freely usable geodata.
2. When you access our website, no immediate connection to OSM servers is made. Instead, a preview image from our own server is initially shown.
3. The actual map is only loaded after you select the option “Load external content.” Legal basis: your consent under Art. 6(1)(a) GDPR.
4. Any further interaction with the map (e.g., zoom) establishes a connection to OSM servers and transmits data to them.
5. The following data may be transferred:
   • IP address,
   • browser and device used,
   • operating system,
   • referring website,
   • date and time of access.
6. If you have an OpenStreetMap user account and are logged in, the following may also be transmitted:
   • user ID,
   • email address associated with your account,
   • blocked content and related messages.
7. Further information: https://wiki.osmfoundation.org/wiki/Privacy_Policy

2.8 Links to Other Websites

1. Some of our services (e.g., “Partner Law Firms”) may redirect you to external websites.
2. Please note that this privacy policy does not apply to those websites. Their own privacy policies may differ substantially.

3 Processing for the Execution of Our Business Processes

3.1 Contact via Email and Contact Form

1. If you contact us, your data (name, contact details if provided) and your message will be processed solely for the purpose of handling and responding to your inquiry. This processing is based on your consent pursuant to Art. 6(1)(a) GDPR.
2. Any further use of the data will only occur based on separate consent from the user.

3.2 Notarial Services

Below you will find our privacy information regarding data processing in the context of handling and administering notarial mandates.

1. Who is responsible, and whom can you contact?
   The data controllers are the notaries Dr. Rolf-Peter Lukoschek and Pascal Tavanti. Each notary is individually responsible for the data processing within their respective area in accordance with data protection law.
2. What data do we process and where does it come from?
   The responsible notary processes personal data that you or third parties acting on your behalf (e.g., attorneys, tax consultants, brokers, financial institutions) provide, such as:
   • Personal details, e.g., first and last name, date and place of birth, nationality, marital status; in some cases, your birth register number;
   • Contact details, e.g., postal address, telephone and fax numbers, email address (please note that email correspondence is unencrypted);
   • Your tax identification number (for real estate contracts);
   • In specific cases (e.g., marriage contracts, wills, inheritance contracts, or adoptions), information about your family and assets, as well as possibly sensitive data (e.g., health information) as per Art. 9 GDPR, where such data is required to document legal capacity;
   • Information from your legal relationships with third parties, such as reference numbers or loan/account numbers.

   Additionally, we process data from public registers, e.g., land register, commercial or association registers.

3. For what purposes and on what legal basis do we process your data?
   As notaries, we hold public office. Our activities are carried out in the public interest of a functioning system of preventive legal care and the exercise of official authority, pursuant to Art. 6(1)(e) GDPR.
   
   Your data is processed exclusively for the notarial services you or other involved parties have requested—e.g., drafting deeds, notarization, execution of notarial acts, or consultations.
   
   Processing is governed by applicable professional and procedural rules under the Federal Notarial Code and the Notarization Act. These rules also constitute a legal obligation under Art. 6(1)(c) GDPR. Failure to provide required data may result in refusal to perform the notarial service.
4. Who receives your data?
   Notaries are legally bound to confidentiality, including all employees and agents.
   
   We may only disclose your data when legally required—for example, to tax authorities, land or commercial registers, central will registry, or courts. We may also be required to provide information to the notarial chamber or supervisory authorities, who are likewise bound by official secrecy.
   
   Otherwise, data will only be disclosed with your express consent or at your request.
5. Are data transferred to third countries?
   Transfers to third countries occur only upon your request or if a party to the notarial deed resides in a third country.
6. How long is your data stored?
   We store personal data in accordance with statutory retention periods.
   
   According to § 5(4) of the Notarial Service Regulation (DONot), the following retention periods apply:
   • Deed roll, inheritance contract register, name register for deed roll and deed collection (including inheritance contracts): 100 years,
   • Custody book, mass book, name register for mass book, escrow account list, general files: 30 years,
   • Auxiliary files: 7 years; the notary may set a longer period, e.g., for testamentary dispositions or in case of liability risks.

   After expiration, your data will be deleted or destroyed unless we are obligated to retain it longer due to tax, commercial, or professional law requirements (Art. 6(1)(c) GDPR).

3.3 Electronic Correspondence

1. Sending and receiving emails can be insecure. If your email account is not adequately protected, third parties may access the content. Unencrypted email transmission can be intercepted by unauthorized parties.
2. You explicitly consented to unencrypted email communication when receiving our data protection notice.
3. You may withdraw this consent at any time, in writing, electronically (e.g., by email), orally, or by phone, with effect for the future. The lawfulness of prior communications remains unaffected.

3.4 Job Applications

1. When you apply for a job with us, we process the information you provide during the application process, e.g., CV, cover letter, certificates, and statements made via phone or email. Relevant information includes your contact details, education, qualifications, experience, and skills. A photo is not required.
2. Your data is processed exclusively for managing your application. If your application is successful, your data will become part of your personnel file and used for the employment relationship. If we are unable to offer you a position, your data will be retained for up to six months after rejection to defend against legal claims (e.g., for alleged discrimination). Where reimbursement or tax-relevant matters arise, documents may be stored up to 11 or 7 years depending on legal obligations.
3. Only individuals who need access to your data will receive it. Our administrators and processors may access data for technical reasons but are strictly bound by our instructions. We may need to share your data with third parties, such as banks or postal services, for administrative purposes.
4. The legal basis for processing applicant data and personnel files is § 26(1) BDSG (Federal Data Protection Act), Art. 6(1)(b) GDPR, and, where consent is given (e.g., inclusion of non-required information), Art. 6(1)(a) GDPR. Data retention after rejection is based on Art. 6(1)(f) GDPR. Retention for tax purposes is based on Art. 6(1)(c) GDPR in conjunction with § 147 AO (German Fiscal Code). Our legitimate interest is legal defense.
5. We typically do not require special categories of personal data under Art. 9 GDPR. Please avoid including such data. If exceptionally relevant (e.g., information on disabilities), we process it only if legally required for fulfilling obligations in labor law and social protection. Legal bases: Art. 9(2)(b) GDPR, §§ 26(3) BDSG, 164 SGB IX. In some cases, we may need health data or a criminal record to assess suitability. Legal basis: § 26 BDSG.
6. We do not use your data for automated decision-making or profiling. Data is processed exclusively in Germany and not shared with third parties unless legally required.

3.5 Data Sheets

1. When using the “Data Sheets” function, you will be redirected to https://datenblatt.notara.de/.
2. Please note that this privacy policy does not apply there. The privacy policy on that site may differ significantly.
3. This service is provided by notara UG (Sudetenweg 64, 89075 Ulm, Germany). See their privacy policy at https://notara.de/datenschutz/
4. If you enter personal data in the online forms, we are the data controller under Art. 4 No. 8 and Art. 28 GDPR. notara UG acts as our processor. The legal basis for processing is Art. 6(1)(b) GDPR (contract).

4 Cookie Policy

4.1 General Information

1. Cookies are pieces of information sent by our web server or third-party web servers to users’ web browsers, where they are stored for later retrieval. Cookies may take the form of small files or other types of data storage.
2. If users do not wish cookies to be stored on their device, they are advised to deactivate the corresponding option in their browser’s system settings. Stored cookies can also be deleted via the browser’s settings. Disabling cookies may lead to functional limitations of this online offering.

4.2 Cookie Overview and Opt-out Options

1. An up-to-date overview of the cookies and similar technologies used on this website can be found in our Consent Management Platform (see Section 2.2 "CCM19 Cookie Management").
2. There you can manage your individual settings and preferences.

5 Amendments to the Privacy Policy

1. We reserve the right to amend this Privacy Policy with regard to data processing, in order to adapt it to changes in the law, our online offering, or the manner in which data is processed.
2. If user consent is required or if elements of this Privacy Policy affect the contractual relationship with users, changes will only be made with the users’ consent.
3. Users are advised to regularly review the contents of this Privacy Policy.

Last updated: December 2024