back
back

Privacy policy

This is to inform you in accordance with the requirements of the General Data Protection Regulation (GDPR) about how we handle the data that can be personally related to you, e.g. name, address, email addresses, user behaviour, and which you – knowingly or unknowingly – leave behind when you visit our website; where applicable, we also inform you about how long the data are stored, as well as about the rights to which you are entitled as a data subject in the relationship with us.

I. Entity responsible for data processing (“controller”)

The controller as defined by Art. 4 No. 7 GDPR is Reusch Rechtsanwaltsgesellschaft mbH (hereinafter “Reusch Rechtsanwälte”, “reuschlaw” or “we”), Joachimsthaler Str. 20, 10719 Berlin, Germany, telephone: + 49 30 2332 895 0, fax: + 49 30 2332 895 11, email: info@reuschlaw.de.

II. Data protection officer

You can reach our data protection officer at dsb@kertos.io or by post at Kertos GmbH, Brienner Str. 41, 80333 Muenchen.

III. Data processing

1. Access to our website

When you access our website, data that your browser transmits to the server on which the website content is hosted are automatically stored and possibly processed in log files.

Purposes and legal basis of data processing

However, only the last 90 accesses are recorded. The following data are processed during access:

  • Date and time of access;
  • IP address of the accessing end device;
  • Website that is being accessed;
  • URL from which the file was requested/the desired function was initiated;
  • Size of the transmitted data volume and
  • Transmitted browser identifier.

These data are processed solely for the purpose of providing content from our website and for the purpose of identifying and tracing unauthorised access to the web server and other criminal offences. The legal basis for the data processing is Art. 6 (1) 1 (f) GDPR.

Legitimate interests in data processing

Our legitimate interests are to ensure IT security and to guarantee the operation of our internet presentation.

Categories of data recipients

The recipient of the data is a processor from the IT sector.

Duration of data storage

The data are deleted no later than seven days after recording.

Right to object to data processing

The data processing is absolutely necessary for securing and operating the website. You can therefore only implement your right to object if you do not visit our website.

Basis of data provision

You are not obliged – neither by law nor by contract – to provide us with the aforementioned personal data. However, without the IP address and the cookie identifier, the service and functionality of our website cannot be guaranteed. In addition, individual services and features may not be available or may be restricted.

2. Usercentrics Consent Management Platform (CMP)

We use the Usercentrics Consent Management Platform (CMP) on our website to obtain our users‘ consent to the storage of certain cookies or the use of specific technologies and to document this in accordance with data protection regulations. This platform is provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany.

Purpose and legal basis of data processing

When you visit our website, a connection is established to the Usercentrics servers in order to obtain the consents and other declarations regarding the use of cookies. Usercentrics then stores a cookie in your browser in order to be able to assign the consents given or their revocation. The legal basis for the processing is Art. 6 (1) (c) GDPR in conjunction with § 25 (1) TDDDG. The processing serves to fulfill our legal obligation to provide evidence of consent.

Recipients of the data

The recipient of the collected data is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Further information on the handling of your data can be found in the Usercentrics privacy policy: https://usercentrics.com/us/privacy-policy/.

Duration of data storage

The collected data will be stored until you request us to delete it, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.

3. MapTiler

We use the MapTiler service on our website. The provider of this service is MapTiler AG, Höfnerstrasse 98, Unterägeri, Zug 6314, Switzerland.

Purposes and legal basis of data processing

The MapTiler service enables the display of map material on our website. The integration of the map material helps to improve the geographical display and makes it easier to find our law firm locations. The IP addresses of MapTiler cloud visitors are only stored for a limited time, a maximum of 20 minutes, and are then destroyed automatically. The collection and short-term storage are necessary for logging security-related activities on the MapTiler infrastructure. MapTiler does not record how you use the map itself. Further information on data protection by MapTiler is available at: www.maptiler.com/privacy-policy/index.html.

Purposes and legal basis of data processing

The legal basis for this data processing is Art. 6 (1) 1 (f) GDPR.

Legitimate interests in data processing

Our legitimate interest lies in the graphical display and the simplified location of our law firm offices.

Transfer to a third country

In case personal data are transferred to MapTiler servers in Switzerland and stored and further processed there, the basis for the transfer to a third country is the EU Commission’s adequacy decision for Switzerland, which confirms that data protection in Switzerland is equivalent to the EEA standard.

Right to object to data processing

You have the right to object to the processing of your data. Whether the objection is successful must be determined by weighing up the interests involved.

Obligation/duty to provide data

The provision of your data is voluntary. Of course, you can also view our website without using the maps.

Please note, however, that individual functions of our website may not work afterwards.

4. Analytics

a) Matomo

On this website, we use the web analysis service Matomo to analyse how our website is used. The statistics obtained help us to improve our offer and make it more interesting for you as a user. The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.

Purposes and legal basis of data processing

By using Matomo, we are able to collect and analyse data about how our website is used by website visitors (e.g. how often certain pages or posts were accessed). In addition, we collect various log files, such as referrers, browsers and operating systems used and we can measure whether our website visitors perform certain actions (e.g. clicks).

The legal basis for the use of Matomo is your consent in accordance with Section 25 (1) TDDDG.

Duration of data storage

We can view the data processed by Matomo for 14 months.

Withdrawal of consent

You can withdraw the consent you have given at any time with effect for the future in our Cookie Consent Tool by clicking the fingerprint button, which you will find at the bottom right of every reuschlaw website page, thus calling up our Cookie Consent Tool. You can then deselect the checkbox for the data processing for which you wish to withdraw your consent.

b) LinkedIn

This website uses conversion tracking provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA (hereinafter referred to as: ‘LinkedIn’). LinkedIn uses ‘cookies’ and similar tracking methods such as device fingerprinting.

The information stored in these cookies, e.g., about the time, place and frequency of your use of our website, is usually forwarded to a LinkedIn server in the USA and stored there. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU‑U.S. Data Privacy Framework. ‘LinkedIn’ is certified within this framework, which is why such transfers are based on the legal basis of Article 45 of the GDPR.  In addition, standard contractual clauses (SCC) were concluded with LinkedIn.

When using LinkedIn, it cannot be ruled out that the cookies set by LinkedIn may also collect other personal data in addition to an IP address. We would like to point out that LinkedIn may transfer this information to third parties if this is required by law or if third parties process this data on behalf of LinkedIn. LinkedIn will use the information generated by the cookie on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. As a rule, you can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

Further information on data protection at LinkedIn can be found at: LinkedIn Privacy Policy.

5. Contact

You can contact us via the contact data on our website.

Purposes and legal basis of data processing

If you contact us by email, telephone or via our contact form, your request including all personal data resulting from it (name, request) will be stored and processed by us for the purpose of processing your enquiry.

The legal basis for the processing of these data is Art. 6 (1) 1 (b) GDPR if your request is related to the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the legal basis is Art. 6 (1) 1 (f) GDPR. Our legitimate interest lies in the effective processing of the requests addressed to us.

Duration of data storage

We will retain the data you have provided until the purpose of data storage ceases to exist (e.g. after the processing of your request has been completed).

Right to object

You have the right to object to the processing of your personal data based on Art. 6 (1) 1 (f) GDPR at any time. If you wish to exercise your right to object, please contact us either at datenschutz@reuschlaw.de or at the above address by adding “For the attention of the data protection officer”. We will then process your request immediately.

6. Planning and execution of events

Registration for our event is possible via the Eventbrite ticket system. In order to hold the event, and in particular to know who has registered for it, we receive your personal data entered there from Eventbrite.

This includes:

  1. First name and last name
  2. Company
  3. Billing or business address
  4. Email adress
  5. Payment details

Purposes and legal basis of data processing

Data processing is necessary in order to offer you participation in our events and to plan and carry out the event.
Data processing is based on Art. 6 (1) (b) GDPR and, in all other respects, on Art. 6 (1) (f) GDPR.

Legitimate interests in data processing

Insofar as data processing is based on Art. 6 (1) (f) GDPR, our legitimate interest lies in the planning and execution of the event.

Categories of data recipients

For registration and ticket provision, the data is transferred to the Eventbrite ticket system. Eventbrite Inc. is a Delaware-registered company headquartered at 95 Third Street, 2nd Floor, San Francisco, California, 94103 USA. Accordingly, personal data will be transferred to the USA in connection with participation in an event. The legal basis for this is, on the one hand, the EU Commission’s adequacy decision for the US (according to which Eventbrite Inc. has been certified) and, on the other hand, standard contractual clauses pursuant to Art. 46 GDPR have been concluded with the provider.

Duration of data storage

We store your personal data until the respective event has been completed and beyond that only to the extent required by statutory retention periods.

Obligation/duty to provide data

The provision of your personal data and registration for the event are voluntary. However, without this information, we cannot conclude the contract and enable you to participate. We need this information to fulfill our obligations and to be able to assign you as a duly registered participant.

7. Photo and video recordings

During the event, photos and videos of you may be taken and published in analog and digital form for external presentation and advertising purposes.

Purposes and legal basis of data processing

The purpose of data processing is documentation, external presentation, and advertising in connection with the event.

The legal basis for the production and publication of detailed recordings of event participants is voluntary consent given in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. If you do not give your consent or revoke it, you will not suffer any disadvantages.

The legal basis for the creation and publication of overview photos of the event is Art. 6 (1) sentence 1 lit. f) GDPR.

Legitimate interests in data processing

Insofar as data processing is based on Art. 6 (1) sentence 1 lit. f) GDPR, our legitimate interest lies in the documentation, external presentation, and advertising in connection with the event.

Categories of recipients

As part of our press and marketing work, we send photos and videos to the press and publish them on our websites, in brochures and advertising flyers, in our newsletter, and on social networks.

Transfer to a third country

Insofar as personal data in connection with social networks is transferred to a third country and stored and further processed there, we have, in the absence of an adequacy decision by the EU Commission, concluded the standard data protection clauses adopted by the EU Commission, which allow the transfer of personal data to the third country in individual cases. Details can be found in the reuschlaw data protection information.

Duration of data storage

The photos and videos taken during the event will be stored for an unlimited period of time. If you revoke your declaration of consent, the photos and videos taken on this basis will be removed and deleted.

Revocation of consent

You can revoke your consent to the creation and publication of detailed recordings at any time with future effect. You can declare your revocation by email to datenschutz@reuschlaw.de or by post to the above address.

Right to object to data processing

To exercise your right to object to us, please contact either datenschutz@reuschlaw.de or the above address by mail or telephone. We will then process your request immediately.

Obligation/duty to provide data

The provision of the aforementioned personal data is neither legally nor contractually required. It is also possible to participate in the event without having photos or videos taken of you.

8. Microsoft Teams

IIn order to conduct webinars, telephone conferences, and video conferences, we use the video conferencing service of our data processor “Microsoft Teams,” offered by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, and Microsoft Corporation, One Microsoft Way, Redmond, WA 98052–6399, USA. To use Microsoft Teams, you can install the desktop/mobile app or use the web version in your browser. When participating, you will be asked for your name (and optionally your email address); Microsoft also processes your IP address and technical metadata to provide the service.

Further information, in particular Microsoft’s privacy policy and terms of use, can be found here: https://www.microsoft.com/en-us/privacy/privacystatement.

Purposes and legal basis of data processing

The processing of your name (and email address, if applicable), IP address, and technical metadata is necessary to enable you to participate in the webinars and video conferences we offer.

Data processing is based on Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.

Legitimate interests in data processing

Our legitimate interest lies in conducting video conferences and webinars using Microsoft Teams. Participation in these is entirely voluntary.

Transfer to a third country

As far as personal data is transferred to servers of Microsoft Corporation in the USA and stored or further processed there, we base the transfer on the adequacy decision pursuant to Art. 45 GDPR (EU‑U.S. Data Privacy Framework), as Microsoft is certified for this. In addition, we have concluded a data processing agreement with Microsoft that includes the standard data protection clauses adopted by the EU Commission.

Duration of data storage

We store the data until the webinar or video conference has been completed. Recordings are only made if this has been expressly announced in advance and separately consented to.

Basis of data provision

The provision of your data and registration for an event are voluntary. However, if you wish to participate in one of our webinars or video conferences, the processing of your data may be necessary in order for us to fulfill our obligations.

Note

Should technical problems arise when conducting webinars with Microsoft Teams, we reserve the right to use the Zoom tool from Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA, as an alternative.

9. Zoom

In order to conduct webinars, telephone conferences, video conferences, live streaming, and translation, we use the video conferencing service of our data processor “Zoom,” offered by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA. You can use Zoom by installing the desktop/mobile app or via the web version in your browser. When participating, you will be asked for your display name (and optionally your email address); Zoom also processes your IP address and technical metadata to provide the service. If you use interactive or accessibility features, Zoom may process audio/video data, chat and Q&A content, polling data, live transcription, and translated captions. Human interpreters (if engaged) act as processors and access the audio stream solely for translation purposes.

Purposes and legal basis of data processing

The processing of your display name (and email address, if applicable), IP address, technical metadata, and—depending on usage—audio/video, chat/Q&A, transcription, and translated captions is necessary to enable your participation in our digital events (including streaming and translation). Data processing is based on Art. 6 (1) (b) GDPR (performance of the event/contract) and Art. 6 (1) (f) GDPR (efficient and secure execution). Recordings and any publication of content are only made if expressly announced in advance and separately consented to (Art. 6 (1) (a) GDPR).

Legitimate interests in data processing

Our legitimate interests lie in the efficient and secure conduct of webinars and video conferences, broader accessibility through transcription/translation, and the prevention of misuse and disruptions. Participation is entirely voluntary.

Transfer to a third country

Personal data may be transferred to and processed on servers in the USA by Zoom Video Communications, Inc. The transfer is based on the adequacy decision pursuant to Art. 45 GDPR (EU‑U.S. Data Privacy Framework), as Zoom participates in this framework. In addition, we have concluded standard contractual clauses pursuant to Art. 46 GDPR with Zoom. Where available, we use regionalization/data‑locality settings to process content data within the EEA; nonetheless, certain support, routing, or telemetry processes may involve the USA.

Duration of data storage

We store participation and event metadata until completion of the event. Live content (audio/video/chat/Q&A/transcripts/translated captions) is not stored beyond the live session unless you have consented to a recording; recordings are deleted after [xx] months unless statutory retention periods require longer storage.

Basis of data provision

Providing technical metadata and—if you speak or appear—audio/video data is necessary to participate in digital events. Using transcription/translation features and consenting to recordings/publications is voluntary.

Note

Should technical problems arise when conducting webinars with Zoom, we reserve the right to use Microsoft Teams, offered by Microsoft Ireland Operations Limited and Microsoft Corporation, as an alternative under comparable data protection safeguards.

IV.    Your data subject rights

1. Right of access

You have the right under Art. 15 GDPR to request access to and information about your personal data that we process.

2. Right to rectification

You have the right under Art. 16 GDPR to request rectification if the information concerning you is not (or no longer) correct. If your data are incomplete, you have the right to request completion.

3. Right to erasure

You have the right under Art. 17 GDPR to request the erasure of your personal data.

4. Right to restriction of processing

You have the right under Art. 18 GDPR to request restriction of processing of your personal data.

5. Right to data portability

If the requirements of Art. 20 (1) GDPR are met, you have the right to receive data that we process by automated means on the basis of your consent or in performance of a contract or to have such data directly transmitted to third parties. The collection of the data for the provision of the website and the storage of log files are absolutely necessary for us to operate the website. This processing is therefore not based on consent according to Art. 6 (1) 1 (a) GDPR or on a contract according to Art. 6 (1) 1 (b) GDPR, but is justified under Art. 6 (1) 1 (f) GDPR. The requirements of Art. 20 (1) GDPR are therefore not fulfilled.

6. Right to lodge a complaint

If you consider that the processing of your personal data infringes data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your own choice as provided for by Art. 77 (1) GDPR. This also includes the data protection supervisory authorities responsible for the controller:

  • Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Officer for Data Protection and Freedom of Information), telephone: +49 (0)30 13889–0, fax: +49 (0)30 2155050, email: mailbox@datenschutz-berlin.de and
  • Unabhängiges Datenschutzzentrum Saarland (Independent Data Protection Centre Saarland), telephone: +49 (0)681 94781 0, fax: +49 (0)681 94781 29, email: poststelle@datenschutz.saarland.de.

V.    Right to object under Art. 21 (1) GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) 1 (f) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The collection of the data for the provision of the website and the storage of log files are absolutely necessary for us to operate the website.

As amended in February 2026