Privacy Policy

As at: 25 June 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

WÆRK Rechtsanwälte Borsutzky Rahden Brügger Partnerschaftsgesellschaft mbB
Rathausstraße 12
20095 Hamburg, Germany

Represented by: Prof. Dr. Andreas Borsutzky, Jörn J. Rahden and Daniel Brügger
Telephone: +49 40 334 68 150
E-mail: kanzlei@waerk.de

2. General Information on Data Processing

As a matter of principle, we process the personal data of our users only insofar as this is necessary to provide a functioning website as well as our content. Processing takes place in accordance with the GDPR and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

The legal basis for processing is – depending on the respective processing operation – Art. 6(1) GDPR. The applicable legal basis in each case is specified in the sections below.

3. Provision of the Website and Creation of Log Files

Each time our website is accessed, the system automatically collects data and information from the accessing device. The following data may be collected in this process:

  • the IP address of the requesting device
  • the date and time of access
  • the name and URL of the file accessed
  • the website from which access is made (referrer URL)
  • the browser used and, where applicable, the operating system of your computer

This data is stored in the server's log files. This data is not combined with other personal data.

Purpose: Delivery of the website, ensuring a smooth establishment of the connection, system security and stability, as well as administrative purposes.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the technically error-free presentation and the security of our website.

Storage period: The log files are deleted after 7 days at the latest.

4. Hosting

We host our website with an external service provider:

STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany

On our behalf, the provider processes the data transmitted via the website (in particular the access data referred to in section 3). The basis for this is a data processing agreement pursuant to Art. 28 GDPR which we have concluded with the provider.

The legal basis for using the host is our legitimate interest in the secure and efficient provision of our online offering (Art. 6(1)(f) GDPR).

5. Contact by E-mail

On our website you will find e-mail addresses through which you can contact us. If you make use of this option, the personal data transmitted with the e-mail (in particular your name, your e-mail address and the content of your message) will be stored and used exclusively to process your request.

Legal basis: Art. 6(1)(f) GDPR (processing of your enquiry); where the communication is connected with the initiation or performance of an engagement (mandate) or contractual relationship, additionally Art. 6(1)(b) GDPR.

Storage: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, provided that no statutory retention obligations (in particular under professional, commercial and tax law) conflict with this.

Note on unencrypted communication: Transmission by e-mail is generally unencrypted. We can therefore accept no guarantee for the confidentiality of content transmitted in this way. For the transmission of confidential information, we recommend the postal or telephone route.

6. Cookies and Tracking

Our website does not use cookies and does not employ any tracking or analysis technologies. No entries are stored either in the local storage or in the session storage of your browser. The provision of the various language versions is effected solely via the address structure of the website (e.g. /de and /en) and does not require any data to be stored on your device.

Consent pursuant to Section 25(1) TDDDG is therefore not required; no consent or cookie banner is used.

[Before going live, confirm that no cookies/storage entries will be added even after completion (await feedback from development). If they are, this section must be adapted.]

7. Embedded Fonts and External Resources

Fonts (web fonts) and other resources required for the display are provided locally on our server. When our website is accessed, no connection is therefore established to third-party servers (such as content delivery networks or font services). No transmission of your data to third parties takes place upon merely accessing the page.

8. Links to External Services (Google Maps, LinkedIn)

Our website contains links to external offerings, in particular to Google Maps and to our profile or company page on LinkedIn. These are exclusively links; the content of these services is not embedded in our website and is not automatically loaded when our page is accessed.

Only when you actively click on such a link will you be redirected to the pages of the respective provider and data (in particular your IP address) may be transmitted to that provider. We have no influence on this data processing. The data protection provisions of the respective provider apply:

  • Google Maps (Google Ireland Limited):
    https://policies.google.com/privacy
  • LinkedIn (LinkedIn Ireland Unlimited Company):
    https://de.linkedin.com/legal/privacy-policy

9. SSL/TLS Encryption

For security reasons, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” in the address bar of your browser.

10. Rights of the Data Subject

With regard to the personal data concerning you, you have the following rights vis-à-vis us:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)

Where processing is based on consent, you have the right to withdraw it at any time with effect for the future (Art. 7(3) GDPR).

11. Right to Object

Insofar as we process personal data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to such processing. You may submit your objection informally to the contact details given in section 1.

12. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement (Art. 77 GDPR).

The supervisory authority responsible for us is:
The Hamburg Commissioner for Data Protection and Freedom of Information (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit)
Ludwig-Erhard-Straße 22
20459 Hamburg, Germany

13. Currency and Amendment of this Privacy Policy

This privacy policy is as at 25 June 2026. Due to the further development of our website or as a result of changes in statutory or regulatory requirements, it may become necessary to amend this privacy policy. You can access the current version at any time on this page.