Privacy Policy

Introduction

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process for what purposes and to what extent. The data protection declaration applies to all processing of personal data that we carry out, both in the context of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as e.g. B. our social media profiles (hereinafter collectively referred to as “online offer”).

The terms used are not gender specific.

Status: March 14, 2026

Summary of the contents

• Introduction
• responsible
• Processing overview
• key legal bases
• Safety measures
• Transmission of personal data
• Data processing in third countries
• Deletion of data
• Use of cookies
• business services
• Provision of the online offer and web hosting
• contact
• Presence in social networks (Social Media)
• Plug-ins and services used
• Modification and update of the data protection declaration
• rights of data subjects
• Definitions

Responsible

Creydt Law Rechtsanwälte Rechtsanwaltsgesellschaft mbH
Managing Director: Attorney Dr. Matthias Creydt
Hinschauer Str. 12
80538 Munich

Authorized person: Dr. Matthias Creydt

Email address:
matthias.creydt@creydtlaw.de

Processing overview

The following overview summarizes the types of data processed and the purposes of its processing and refers to the persons concerned.

Types of processed data

• Inventory data (e.g. names, addresses).
• Contact details (e.g. email, phone numbers).
• Content data (e.g. entries in online forms or e-mails).
• Use data (e.g. websites visited, access times, interest in content).
• Meta/communication data (e.g. device information, IP addresses, browser type).

Categories of affected persons

• client.
• interested parties.
• communication partner.
• Users (e.g. website visitors, users of online services).
• business and contractual partner.

Purposes of processing

• Provision of our online offer and user-friendliness.
• contact requests and communication.
• Provision of contractual services and customer service.
• office and organizational procedures.
• security measures.
• Range measurement and marketing, if actually used and consented.

Key legal bases

Below you will find an overview of the legal basis of the GDPR, on the basis of which we process personal data. Please note that, in addition to the regulations of the GDPR, national data protection regulations can apply in your country of residence or our country of residence. If more specific legal bases are relevant in individual cases, we will inform you of them in the data protection declaration.

• Consent (Art. 6 Para. 1 S. 1 lit. a GDPR)– The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
• Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR)– The processing is necessary for the fulfillment of a contract to which the data subject is the party or to carry out pre-contractual measures that take place on request of the person concerned.
• Legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR)– The processing is required to fulfill a legal obligation to which the person responsible is subject.
• Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR)– The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and fundamental freedoms of the person concerned predominate.

National data protection regulations in Germany:In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection in Germany apply. This includes in particular the Federal Data Protection Act (BDSG).

Safety measures

We shall apply in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, suitable technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring confidentiality, integrity and availability of data by controlling physical and electronic access to data, access, input, disclosure, availability and separation.

SSL/TLS encryption (HTTPS):In order to protect your data transmitted via our online offer, we use SSL or TLS encryption. You can recognize such encrypted connections by the prefix “https://” in the address bar of your browser.

Transmission of personal data

As part of our processing of personal data, it is possible that the data is transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. To the recipients of this data, e.g. B. service providers or providers of services and content commissioned with IT tasks who are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU)) or the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies This is only in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, or we only process data in third countries with a recognized level of data protection or on the basis of special guarantees, such as B. contractual obligations through so-called standard protection clauses of the EU Commission.

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permits are no longer applicable. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be limited to these purposes.

This applies e.g. B. for data that must be kept for reasons of commercial or tax law or the storage of which is necessary for the assertion, exercise or defense of legal claims.

Use of cookies

Cookies are text files that contain data from visited websites or domains and are stored on the user’s end device by a browser. A cookie is primarily used to store information about a user during or after his visit within an online offer. For the stored information, e.g. B. Language settings on a website that include login status, security settings or consent status.

The following cookie types and functions are distinguished:

• Temporary cookies (session cookies):These will be deleted at the latest after a user has left an online offer and closed his browser.
• Permanent cookies:These remain saved even after the browser is closed.
• First Party Cookies:Cookies set by ourselves.
• Third Party Cookies:Cookies set by third parties.
• Necessary cookies:Cookies required to operate the website.
• Statistics and Marketing Cookies:Cookies for analysis and range measurement and, if applicable, for marketing purposes, insofar as there is appropriate consent.

Notes on legal bases:If we use cookies or similar technologies and obtain your consent for this, the processing is based on Art. 6 Para. 1 S. 1 lit. a GDPR and Section 25 (1) TDDDG. If the use of cookies is absolutely necessary, the processing is based on our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR and Section 25 (2) TDDDG.

Processing of cookie data based on consent:We use a procedure for cookie consent management, in which the user’s consent to the use of cookies or the processing and provider mentioned in the context of the cookie consent management procedure can be obtained and managed and revoked by the users.

• Processed data types:Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• affected persons:Users (e.g. website visitors, users of online services).
• Legal bases:Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR), insofar as technically necessary cookies are used.

Services and service providers deployed

• compliance | GDPR/CCPA Cookie Consent:cookie consent management; Service provider: Compliance B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands; Website:https://complianz.io/; Privacy Policy:https://complianz.io/legal/privacy-statement/. In the context of the use of Compliance, in particular, consent status, time of consent, browser information, device information and a pseudonymous cookie ID are processed and stored in order to be able to prove given consent.

Business services

We process data of our clients, interested parties, business and contractual partners in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with these persons, e.g. B. to answer inquiries or to provide our services.

Legal advice:We process the data of our clients as well as interested parties and other clients or contractual partners in order to be able to provide you with our contractual or pre-contractual services, in particular consulting services. The data processed, the type, scope, purpose and requirement of their processing are determined by the underlying mandate relationship.

• Processed data types:Inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), content data, contract data.
• affected persons:Interested parties, business and contractual partners, clients.
• Processing purposes:Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, management and answering of inquiries.
• Legal bases:Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR), legitimate interests (Art. 6 Para. 1 p. 1 lit. f GDPR).

Provision of the online offer and web hosting

In order to be able to provide our online offer safely and efficiently, we make use of the services of a web hosting provider, from whose servers the online offer can be accessed. For these purposes, infrastructure and platform services, computing capacity, storage space, database services, security services and technical maintenance services can be used.

Collection of access data and log files:We or our hosting provider collect data for each access to the server (so-called server log files). The address and name of the retrieved websites and files, the date and time of the retrieval, transferred data volumes, messages about successful retrievals, browser type and version, the user’s operating system, referrer URL and IP addresses belong.

• Processed data types:Content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• affected persons:Users (e.g. website visitors, users of online services).
• Processing purposes:Providing our online offer and user-friendliness, ensuring the stability and security of the company.
• Legal bases:Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Services and service providers deployed:

• all-inkl.com:Services in the field of providing information technology infrastructure and related services (e.g. storage space, computing capacity, email hosting and security services); Service provider: all-inkl.com – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; Website:https://all-inkl.com/; Privacy Policy:https://all-inkl.com/datenschutzinformation/.

Contact

When contacting us (e.g. by e-mail, telephone or contact form, if used), the information provided by the requesting persons will be processed, insofar as this is necessary to answer the contact inquiries and any measures requested.

• Processed data types:Inventory data, contact details, content data.
• affected persons:Communication partners, prospects, clients.
• Processing purposes:Contact inquiries and communication, management and answering of inquiries.
• Legal bases:Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Presence in social networks (Social Media)

We maintain online presences within social networks to communicate with active users or to offer information about us.

We would like to point out that user data can be processed outside of the European Union. This can result in risks for users, because e.g. B. the enforcement of the rights of the users could be made more difficult.

• Processed data types:Contact data, content data, usage data, meta/communication data.
• affected persons:Users (e.g. website visitors, users of online services).
• Processing purposes:Contact requests and communication, feedback, marketing.
• Legal bases:Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Services and service providers deployed:

• LinkedIn:social network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website:https://www.linkedin.com/; Privacy Policy:https://www.linkedin.com/legal/privacy-policy.
• Xing:social network; Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Website:https://www.xing.com/; Privacy Policy:https://privacy.xing.com/de/dataschutzerklaerung.

Plug-ins and services used

We use various plugins and technical services within our online offer to ensure content, functionality, security, multilingualism, e-mail delivery, search engine optimization and the technical maintenance of our website.

• WordPress (self-hosted):Content management system for creating and managing the website; Website:https://wordpress.org/.
• Elementor:Page builder for designing and displaying website content; Service Provider: Elementor Ltd., Tuval St 40, Ramat Gan, Israel; Website:https://elementor.com/; Privacy Policy:https://elementor.com/about/privacy/.
• Polylang:Plugin to provide multilingual content on our website; Service Provider: WP Syntex; Website:https://polylang.pro/; Privacy Policy:https://polylang.pro/privacy-policy/.
• Yoast Seo:Plugin for search engine optimization of our website; Service Provider: Yoast B.V., Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands; Website:https://yoast.com/; Privacy Policy:https://yoast.com/privacy-policy/.
• WP Mail SMTP:Plugin for secure delivery of e-mails via external SMTP servers or the configured mailing; Service Provider: WPForms LLC; Website:https://wpmailsmtp.com/; Privacy Policy:https://wpmailsmtp.com/privacy-policy/.
• UpdraftPlus:Backup plugin to secure website data; Website:https://updraftplus.com/; Privacy Policy:https://updraftplus.com/data-protection-and-privacy-centre/.
• WP Fastest Cache:Plugin to improve loading speed by caching page contents; Website:https://www.wpfastestcache.com/.
• Akismet Anti-Spam (only if activated and used): Spam detection service for forms or comments; Service Provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Website:https://akismet.com/; Privacy Policy:https://automatic.com/privacy/.
• Google Analytics (only if actually included and released via Consent): Range measurement and web analysis; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website:https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy:https://policies.google.com/privacy.
• Google Tag Manager (only if actually included and released via Consent): Tag management system to manage additional services; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website:https://tagmanager.google.com/; Privacy Policy:https://policies.google.com/privacy.
• LinkedIn Insight Tag (only if actually included and released via Consent): conversion measurement and range analysis; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website:https://www.linkedin.com/; Privacy Policy:https://www.linkedin.com/legal/privacy-policy.

Modification and update of the data protection declaration

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the Privacy Policy as soon as changes to the data processing we make make this necessary. We will inform you as soon as the changes require you to cooperate or any other individual notification.

Rights of data subjects

As those affected, you have various rights under the GDPR, which result in particular from Art. 15 to 21 GDPR:

• Right to object:You have the right, for reasons arising from your particular situation, to object at any time to the processing of the personal data relating to you, which is based on Art. 6 Para. 1 letter E or F GDPR.
• Right of withdrawal for consent:You have the right to revoke your consent at any time with effect for the future.
• Right to information:You have the right to request confirmation of the data in question being processed and to provide information about this data as well as further information and copy of the data.
• Right to correction:You have the right to request the correction of incorrect data or the completion of incomplete data.
• Right to delete and restrict processing:You have the right to request the deletion of your data or the restriction of the processing, insofar as the legal requirements are met.
• Right to data portability:You have the right to receive data relating to you in a structured, common and machine-readable format or to request its transmission to another person responsible.
• Complaint to a supervisory authority:You have the right to complain to a data protection supervisory authority if you believe that the processing of personal data relating to your person is in violation of the GDPR.

Definitions

• Personal data:All information related to an identified or identifiable natural person.
• Responsible:The natural or legal person, authority, institution or other body who alone or together with others decides on the purposes and means of processing personal data.
• processing:Any process carried out in connection with personal data, such as B. the collection, recording, organizing, saving, adapting, reading, using, disclosing or deleting.
• Usage data:Data relating to the use of an online offer, e.g. B. visited websites, access times or interactions with content.
• Meta/Communication Data:Data that arises in the context of communication or the use of technical systems, e.g. B. IP addresses, browser information or device identifiers.