Statements on Data Protection

The statements on Data Protection are structured as follows

  • General Remarks and provisions which do apply to all kind of data processing under the following figures (I.)
  • Remarks t on Data Protection which relates to the visit  of and concerned data processing on this website (II.)
  • Remarks on Data Protection, which relates to data processing with respect to all mandate work  for clients in our business (III.)
  • Remarks on data protection with respect to non-mandate-related correspondence and contacts via e-mail through a “” e-mail address (IV.)


I. General remarks

  1. Name and contact details of the controller

This statement on data protection is made for data processing by

Controller: Rechtsanwälte Kierdorf (GbR), Am Hof 28, 50667 Köln

  1. No data protection officer

A data protection officer is neither required due to Art. 37 GDPR nor due to § 38 BDSG (German Act on Data protection) and therefore not installed.

3.Actuality and developments

This statement is made in accordance with the legal requirements as of May 2019. It may be subject of future amendments and changes due to legal developments and/or due to the a change of the website`s content or due to a change of scope of our services.

  1. Subject data rights

As the data subject you have the following rights:

  • to withdraw any consent given to us at any time (according to Art. 7, sec. 3 GDPR). This effects that may not continue the processing of data on the basis of your consent;
  • to access and obtain information about your personal data processed at us (according to Art. 15 GDPR). You may amongst others obtain information about the kind of personal data, the purposes of processing, the categories of recipients, the expected duration of storage, your subject data rights, the origin of data (if not originally stored by us),the existence of profiling or other automated processing including details about such processing, if any;
  • to rectify inaccurate personal data (according to Art. 16 GDPR);
  • to erase your personal data (according to Art. 17 GDPR), if and in so far the data processing is not necessary for the right of freedom of expression and information, for compliance with legal obligations, for reasons of public interests or for the establishment, exercise or defence of legal claims;
  • to restrict the processing of your personal data (according to Art. 18 GDPR), as far as you contest the accuracy of data, or the processing is unlawful and you claim for restriction instead of deletion, or you require data, which we do not longer need, for the establishment, exercise or defence of your legal claims or if you did object under Art. 21 GDPR with overriding legitimate grounds
  • data portability (according to Art. 20 GDPR), which means to get a transfer of all data to another controller in a structured, commonly used and machine-readable format ;
  • to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or our place of business (according to Art. 77 GDPR)
  • in relation to personal data processed by us due to our legitimate interests (according to Art. 6, sec. 1, paragraph (f) GDPR), you may have the right to object to the processing of your personal data (according to Art. 21 GDPR), if you got overriding interest out of your personal situation or if you object against direct marketing purposes (for which you do not need to present overriding legitimate interests).

For more details about these rights, the restrictions on these rights and the legal effects resulting from the execution of these rights, we draw your attention to the GDPR provisions mentioned above.

Should you wish to exercise any of these rights please contact us at  and let us know.

  1. Data Security

We provide appropriate technical and organizational measures to protect your data against manipulation, loss, destruction or unauthorized access. These safety measures are continually improved in accordance with technological developments.


II. Data Processing with respect to the visit on our website

  1. Visiting our website

If visiting our website your Internet Browser will automatically send information to the server of our website. The following information will be temporarily stored and processed in a “logfile” until it is automatically deleted:

  • IP Address of the contacting computer
  • Date, time of access
  • name and URL of the requested data
  • Website from which access has been made (referrer URL)
  • Browser used and the operating system of your computer and name of your access provider

The abovementioned data is processed at SDI for the following purposes:

  • To ensure a smooth connection and
  • a comfortable use of, and visit to our website
  • To evaluate security aspects, and
  • for administrative purposes

The processing of this data is lawful in accordance with Art.6 , sec. 1, 1st sent.,lit. (f) of the General Data Protection Regulations (GDPR). Our legitimate interests are justified by the purposes listed above. We will never use this data to draw conclusions about your identity.

Beyond that we do use Cookies. Details about these cookies are explained below under fig. 4 of this Statement.

  1. Use of the mail contact section of our website

Should you wish to contact us with any queries, you may use the mail contact section of our website. For such contact, you must provide,

  • your email address

to let us know who is asking for information and to enable us to answer your questions.

  • You may add additional personal data by free will

Due to the fact that most people have not the knowledge or avoid the time to encode e-mails, the contact through the mail contact of our website is not encoded. We may draw your attention on potential risks resulting from. We may of course offer you the ability to communicate with us by encoded e-mail. Please contact us by phone about such encoded correspondence to check all details for compatibility. If you provide us with your certificate we may send e-mail encoded and provide you with our certificate. We may stress that any data transfer between us via the internet (such as by e-mail) may never be totally safe and a third party’s access to that data may never totally be excluded.

Personal data provided to us in this way (e.g. name, address etc) is provided by your free will.

The processing of your personal data is lawful in accordance with Art 6, sec.1, 1st sent., lit (a), GDPR due to the consent given by you when submitting a mail contact request.

The data processed following your mail contact inquiry will be periodically and permanently deleted, except we are otherwise requested or allowed by law to store or process such data, especially if a business relationship results from such an inquiry.

  1. Data transfer to third parties

A transfer of your personal data to third parties will only take place:

  • If and in so far as you have given your consent (Art.6, sec..1, 1st sent, lit a GDPR)
  • If the transfer is necessary for the legitimate interests pursued by us or by a third party according to Art 6 sec. 1, 1st sentence, paragraph (f), GDPR, provided such interests are not overridden by your interests or by the fundamental rights that require protection of personal data
  • If the transfer is legally required (Art. 6 sec.1,1st Lit.(c) GDPR)
  • If the transfer is lawful and required for the execution of contractual relationships with you (Art.6, sec.1, 1st, lit. (b) GDPR)
  1. Cookies

We use cookies on our website, which are small Data created by your Browser which are stored on your device (PC, Notebook, Tablet, Smartphone). Cookies do not effect damages at your device and do not contain virus, malware etc.

The cookie stores information on your device,   among other things, the computer and operating system you are using. This does not enable us to become aware of your identity.

The use of cookies enables a smoother connection and a more comfortable use of our website. The Session-Cookies we use do recognize if parts of our website have already been visited by you. These cookies will be deleted after your visit..

We also use cookies that remain temporarily on your computer. This enables us to recognize that your computer has already visited our website and to use inputs and settings from your last visit.

In addition, we use cookies for statistical purposes, to optimize our website and its content. These cookies will be automatically deleted after a defined period and additionally can be actively deleted using your browser settings.

The personal data processed by cookies is a lawful pursuit of our legitimate interests under Art. 6, sec. 1, 1st sent., lit. (f), GDPR.

Most internet browsers automatically accept cookies. You may change the settings in your browser so that no cookies will be stored on your computer or so that before your computer stores any cookie you will be asked to accept the storage of cookies on your computer. Totally deactivating cookies may affect the smooth and comfortable use of our website and some functions on our website may not be operable.

  1. Data Security website

We use the widely used SSL-encoding for your website visit and the highest encoding level supported by your Internet Browser. Usually it will be a 256- bit-encoding. If Your Browser does not support 256- bit encoding, we use a 128-bit v3 technology. You may be aware if a transfer is encoded from the key logo in your Browser-Status.

III.   Storing and processing of data related to mandate business

  1. Kind, purpose and duration of processing

If you contact us as a client or you are named as (potential) opponent or involved person or you contact our client or us as opponent, we may store and process the following data:

  • Name
  • e-mail address
  • postal address
  • phone number(s)
  • information about the mandate and all details relevant for our clients legal position

Data processing is provided

  • To identify you as client/opponent/involved person
  • To allow us to represent and advise our client effectively
  • To enable us to correspond with you
  • To invoice our services
  • For any potential warranties or claims against you

The data processing is caused by our clients mandate and in accordance with Art. 6, sec.1, 1st sent., lit. (b) GDPR necessary for a reasonable fulfilling of all obligations out of the mandate.

These data processed will be stored until the legal storing obligation for lawyers (which is actually 6 Years after the end of the year, the mandate has been terminated) and deleted than if no other legal provisions (e.g. :Trade, Tax or criminal law)requests or allows us a longer storage (Art. 6 Abs.1, 1st sent. , lit.(c) GDPR  or if you agree to a longer storage.

  1. Data transfer to third parties

Data transfer to third parties will not take place, if not mentioned in the following:

As far as it is necessary for mandate purposes, we may in accordance with Art. 6 sec.1,1st sent., lit. (b) GDPR forward data to third parties. This includes especially, but not limited to, transfer to opponent, authorities, courts, insurances, which are necessary for the realization of or to defend our clients rights. The data forwarded to third parties may be used by these parties only for the aforementioned purposes.

The client attorney privilege is not affected thereby. As far as it is concerned, we forward any data only in harmonization with the client.

  1. Data subject rights

We may draw your attention to the fact that -beyond all general legal provisions- the client attorney privilege  may effect restrictions of data subjects rights (as referred to under I.4. of this statement) of involved persons and opponents .

IV. Data protection in case of non –mandate-related communication/correspondence through a “ e-mail address 

  1. Kind, purpose and duration of processing

We and our employees are allowed to use the “” e-mail address for non mandate related (private) purposes. As far as this opportunity is taken, at least the e-mail address of the recipient/sender of such private correspondence is processed. Further data may be provided by free will. We may draw your attention on the fact, that we do not offer encoding of such private e-mail correspondence. The resulting risks are known by our employees and us and you may be aware of these risks if corresponding privately through a “” e-mail account. We take efforts to inform data subjects about the temporary storage and processing of data out of such private e-mail correspondence prior to the first e-mail contact.

The processing of your personal data is therefore lawful in accordance with Art 6, sec.1, 1st sent., lit (a), GDPR due to the consent given by you.

We and all our employees are obliged to delete all private e-mail correspondence after 1 month latest. As far as you have got a private e-mail from the sender or any other “kanzlei-kierdorf” employee  from his/her “kanzlei-kierdorf” e-mail account, or as far as you have sent a private e-mail to such e-mail account, this e-mail including all personal data in its content will be subject of a final deletion after 40 days  latest (regarding our  back up policy). This proceeding may allow us to a reasonable (private) use of business e-mail addresses without disregarding a high standard of data protection of the data subjects.

  1. Data transfer to third parties

A transfer of your personal data to third parties with respect to non-mandate-related e-mail correspondence will generally not take place if you did not give your consent (Art.6, sec..1, 1st  sent., lit. (a) GDPR).

Since theoretically a transfer may not be totally excluded, we assure, that any potential transfer of such data to third parties will only take place

  • If the transfer is necessary for the legitimate interests pursued by us or by a third party according to Art 6 sec. 1, 1st , lit.  (f), GDPR, provided such interests are not overridden by your interests or by the fundamental rights that require protection of personal data
  • If the transfer is legally required (Art. 6 sec.1,1st lit. (c) GDPR)
  • If the transfer is lawful and required for the execution of contractual relationships with you (Art.6, sec.1, 1st , lit. (b) GDPR)


Cologne, May 2019

Copyright © 2019 Rechtsanwälte Kierdorf (GbR). Alle Rechte vorbehalten.
Imprint Privacy Policy