Privacy Policy

Thank you for visiting our website. The protection of your personal data is of high priority for us. This Privacy Policy (“Policy”) informs you how your personal data is processed by us. Your “personal data” means any information relating to you that identifies you or can be used to identify you, for example your name and contact information.

1. Responsibility

The person responsible for the processing of personal data within the meaning of the European Union’s General Data Protection Regulation (GDPR) through this website is Philipp Nuernberger, c/o Botor Trojan, Friedrichstraße 187, 10117 Berlin, Germany. You can contact us via our contact form or our contact information listed in the imprint.

2. Data Collection When Visiting Our Website; Cookies

When you visit our website without using the contact form provided on the website, we only collect data that your browser transmits to the page server (so-called "server log files"). In this case, we may collect the following data:

• Date and time of the page visit;

• Amount of data sent;

• Page and/or link from which you access our site;

• browser and operating system used;

• IP address used, possibly in anonymized form.

This data is processed in accordance with Art. 6 para. 1 lit. f GDPR, i.e. on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

For security reasons and to protect the transmission of personal data and other confidential content (e.g. inquiries), this website uses SSL encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in the address bar of your browser.

Cookies

To enable us to correctly display our website we use cookies. “Cookies” are small text files that are stored on your device (computer, smartphone, etc.). Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”) while others remain on your device for longer and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can see the storage period in the cookie settings of your web browser.

To the extend personal data is processed by us using cookies, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interest in ensuring the full technical functionality of our website and thereby, a visitor-friendly user experience.

You can set your web browser setting such that you are informed about cookies and/or the acceptance of cookies is excluded for certain cases or in general. Excluding technically necessary cookies may limit the usability of our website. Further information on restricting cookies in commonly used web browsers can be found here:

• Google Chrome

• Firefox

• Microsoft Edge

• Safari (on Mac) or Safari (on iPhone, iPad or iPod Touch)

3. Data Collection When You Contact Us

When you contact us, you share personal data with us which we will process to respond to your query. Typically, the data shared includes your name, email address and possibly other contact details, as well as other personal data that you send to us in your message to us.

This data is processed in order to be able to process your request. The legal basis for the processing of this data is your consent (Art. 6 para. 1 lit. a GDPR) and, if necessary, steps in preparation of a possible contract between you and us (Art. 6 para. 1 lit. b GDPR) as well as our legitimate interest in answering your request (Art. 6 para. 1 lit. f GDPR). Your data will be deleted as soon as all legal bases for processing have fallen away and no statutory retention period applies.

4. Your Rights

Under the GDPR, you have the following rights concerning your personal data:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to withdraw consent granted in accordance with Art. 7 Para. 3 GDPR;

• Right to lodge a complaint in accordance with Art. 77 GDPR.

• Right to object (see point 5. below).

To exercise your rights, please contact us here or through one of the additional contact details provided in the Imprint / Legal Notice. Please include sufficient information with your request so that we can confirm your identity.

5. Right of Objection

If, after balancing your and our interests, we process your personal data based on our overriding legitimate interest, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation. To exercise your right of objection, please contact us here or through one of the additional contact details provided in the Imprint / Legal Notice. If you exercise your right of objection and your interest outweighs our interests, we will stop processing the data in question. We reserve the right to further process the data in question in particular if we can demonstrate compelling, legitimate reasons for the processing that outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If we process your personal data in order to conduct direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. If you exercise your right of objection, we will stop processing the data concerned for direct marketing purposes.

6. Data Transfer to Third Parties

In connection with the legal bases for processing personal data stated in this Policy, we may also transfer your data to third parties. We do this in strict compliance with the GDPR and the professional obligations imposed on us. Third parties in this sense can be:

• IT service providers: We use software and the server/cloud infrastructure of various providers, including

  • Microsoft OneDrive to store and exchange data on and via Microsoft servers. These servers are maintained by companies in the Microsoft group (including Microsoft Corporation and its subsidiaries Microsoft Ireland Operations Limited and Microsoft Deutschland GmbH).

  • Apple iCloud to store and exchange data on and via Apple servers. These servers are maintained by companies in the Apple group (including Apple Inc. and its subsidiary Apple Distribution International Limited in Ireland).

  • Google to store and exchange data on and via Google servers. These servers are maintained by companies in the Google group and Google Ireland Limited and Google LLC are responsible for Google's data processing.

  • Squarespace Inc. and IONOS Cloud Ltd. to administer and host our domains, websites and/or email accounts. Squarespace Inc. uses servers from Amazon Web Services, Inc.

The data is transmitted to these service providers for our administrative purposes, in each case on the basis of one or more data processing agreements in accordance with Art. 28 GDPR and is based on our legitimate business interests (Art. 6 para. 1 lit. f GDPR).

• Payment processing providers: To allow you to choose between different payment methods when paying for our services, we work with payment processors (e.g., Paypal, Stripe). Transmission of personal data to these providers enables us to administer our contractual relationship with you and is based on Art. 6 para. 1 lit. b GDPR as well as on our legitimate business interests within the meaning of Art. 6 para. 1 lit. f GDPR.

• Tax and legal service providers: For administrative purposes or for the purposes of asserting, exercising or defending legal claims and our legitimate business interests in this regard (Art. 6 para. 1 lit. f GDPR), we may share personal data with our tax and legal service providers.

• Cooperation partners: In accordance with our engagement agreement with you, or otherwise with your consent, we may share your personal data with other legal advisors or other service providers if this is relevant to working on your matter. Such sharing is based on Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. b GDPR.

• Courts and other public authorities: In connection with the provision of our services (Art. 6 para. 1 lit. b GDPR) or due to a legal obligation (Art. 6 para. 1 lit. c GDPR), we may share your personal data with courts or other public authorities. In individual cases, this may also be done to protect our own legitimate legal interests, in particular to assert, exercise or defend legal claims, and is then based on Art. 6 para. 1 lit. f GDPR.

7. Transfer of Personal Data to a Third Country

For some of the purposes of data processing stated in this Policy it may be necessary to transfer data to a recipient in a country outside the European Union or the European Economic Area. For some third countries, the European Commission has decided that they offer an adequate level of data protection (e.g. Switzerland, Canada, Argentina). If we transfer data to a country for which such an adequacy decision does not exist, the corresponding data transfer is based on a contract between us and the relevant recipient using the European Union's standard data protection clauses (standard contractual clauses). You can request copies of these standard contractual clauses using our contact form.

8. Duration of Storage of Personal Data

We only process personal data for as long as this is covered or required by the respective legal basis and the purpose of processing is still valid, or as long as required by applicable statutory retention periods (e.g., retention periods under tax or other applicable laws).

If we process your personal data exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, your data will be stored until you revoke your consent.

If we process your personal data to prepare or fulfill a contract and thus in accordance with Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the expiry of statutory retention periods (e.g. retention periods under tax or other applicable laws), unless we have an ongoing legitimate interest in storing it.

If personal data is processed on the basis of a legitimate interest on our part within the meaning of Art. 6 para. 1 lit. f GDPR, this data will be stored until you successfully exercise your right of objection in accordance with Art. 21 para. 1 GDPR (i.e., in particular if we cannot prove compelling, legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims on our part), or until the legitimate interest no longer applies.

When processing personal data for the purpose of direct advertising on the basis of Art. 6 para. 1 lit. f GDPR, your data will be stored until you exercise your right of objection in accordance with Art. 21 para. 2 GDPR.

Unless provided otherwise in this Policy, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed and there are no statutory retention periods.

9. Changes to This Policy

We may update or amend this Privacy Policy from time to time to ensure it continues to accurately reflect our data processing practices as well as applicable law. Please check back regularly to ensure you are aware of the current version of this Policy.