Privacy Policy

Privacy Policy for this website

1. Information on collection of personal data

Below you will find information about the collection of personal data when using our website. Personal data means any information that can be related to you personally, such as name, address, e-mail, user behavior.


2. Name and address of the controller

BHO Legal – Baumann, Heinrich, Ortner Rechtsanwälte Partnerschaft mbB, Hohenstaufenring 29-37, 50674 Cologne, Germany, phone: +49 221 956-0, e-mail: cologne@bho-legal.com for further information see our Imprint) is the controller according to Art. 4 para. 7 General Data Privacy Regulation (GDPR).

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are monitored regularly. If we wish to use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.


3. Contact details of the data protection officer

You can reach our data protection officer at datenschutz@bho-legal.com or at our postal address with the addition “the data protection officer”. Every person concerned can contact our data protection officer directly at any time with all questions and suggestions concerning data protection.


4. Your rights

a) You can object to the processing of personal data for advertising purposes including the analysis of customer data or the transfer to third parties for advertising purposes at any time without giving reasons.

b) In addition, you have the following rights in relation to the personal data concerning you:

  • Right of access to information (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object to processing of personal data (Art. 21 GDPR),
  • Right to data portability (Art. 20 GDPR).

c) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.


5. Collection of personal data when visiting our website in general

When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security (based on Art. 6 para. 1 sentence 1 lit. f) GDPR):

  • IP address
  • date and time of the request
  • time zone difference to Greenwich Mean Time (GMT)
  • content of the request (concrete page)
  • access status/http status code
  • amount of data transferred in each case
  • website from which the request was received
  • browser
  • operating system and interface
  • language and version of the browser software.


6. Use of personal data when contacting by e-mail or contact form

When you contact us by e-mail or via a contact form, the data you provide (e-mail address and name as well as any further data) will be stored by us to answer your questions. We will delete the data arising in this connection once the storage is no longer necessary or we will restrict processing if there are provisions on storage obligations. Mandatory data when contacting us via the contact form are marked as such, all other data are voluntary. The legal basis for the above-mentioned processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.


7. Processing of applicant data

We collect and process personal data for the purpose of handling the application procedure. The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail. If we conclude an application for employment with the applicant, the transmitted data will be stored for the purpose of processing in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents are automatically deleted six months after notification of the rejection decision, provided that there are no other legitimate interests that stand in the way of deletion. Other legitimate interests in this sense include, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). The legal basis for the processing of applicant data is § 26 German Federal Data Protection Act (BDSG), as applicable since 25 May 2018.

In the course of handling application procedures in our company, we work together with the application platform of the service provider Workwise GmbH, Imprint (https://www.workwise.io/impressum). The recruitment of personnel on behalf of job seekers or employers is not commissioned processing, but the use of an external specialist service of an independently responsible person (LDA-Bayern, FAQ list dated 20.07.2018). Further information on the data protection of the service provider Workwise GmbH can be found in the data protection declaration (https://www.workwise.io/datenschutz).


8. General information on the duration for which personal data are stored

We process and store personal data of the person concerned only for the period required to achieve the purpose of storage or due to a legal obligation. If the storage purpose ceases to apply or the prescribed storage period ends, the personal data is routinely blocked or deleted in accordance with the statutory provisions.


9. Legal or contractual provisions for making the personal data available; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences for failure to provide personal data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Occasionally, it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded. Before the person concerned makes personal data available to us, the person concerned must contact the contact point mentioned in Section 3. Our Data Protection Officer will inform the person concerned on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.


10. Cookie Policy

a) Subject of this declaration

In addition to our above data policy, we inform you with the present declaration about the use of cookies on our website and give you the opportunity to inform yourself about the status of the consent you have given, or to change or revoke them.

b) General information about cookies and their use on our website

Cookies are small text files that are used by websites and stored on users’ end devices to make the user experience more efficient, for example by storing certain settings made or user behavior. Cookies cannot run programs or deliver viruses to your computer. This website uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

Without your express consent, we only use cookies on this website that are necessary to display the page (the purpose is to present the website in an appealing way) or to store the status of the consents you have given or not given (the purpose is to ensure that cookies are used on our website in accordance with data protection regulations). The legal basis for the use of the necessary cookies is Article 6 para. 1 sentence 1 lit. f) GDPR.

This website uses the following types of cookies, the scope and function of which are explained below:

  • Transient Cookies
  • Persistent cookies

“Transient cookies” are automatically deleted when you close the browser. This includes in particular session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the web browser. “Persistent cookies” are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your web browser at any time.

c) How you can configure the use of cookies through the browser settings

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website. However, you will still be able to use the website.

d) Use of cookies with your consent

Below you find an overview of the cookies that are used by us with your consent given at the beginning of the use of the website. You will also find an opt-out option with each explanation of the use of cookies. These are cookies to record the usage behavior of our website and cookies that are used for advertising purposes.

– We currently do not use such cookies –






Information on data processing in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR) for clients, business partners and parties to proceedings


1. Information on processing of personal data

Below you will find information about the processing of personal data if we are in a client relationship, if you contact us out of interest in our legal services or as a business partner, or if you are involved in proceedings with us as a third party, opponent or service provider. With this information we would like to comply with the obligations of the EU General Data Protection Regulation (GDPR) and inform you transparently about our data processing.
Personal data means any information that can be related to you personally, such as name, address, e-mail, information provided by you or made known to us in the course of our legal advice on you. With regard to the other terms used below, such as “controller” or “processing” of personal data, we refer to the catalogue of definitions in Art. 4 GDPR.


2. Name and address of the controller

BHO Legal – Baumann, Heinrich, Ortner Rechtsanwälte Partnerschaft mbB, Hohenstaufenring 29-37, 50674 Cologne, Germany, phone: +49 221 956-0, e-mail: cologne@bho-legal.com (for further information see our Imprint).


3. Contact details of the data protection officer

You can reach our data protection officer at datenschutz@bho-legal.com or at our postal address with the addition “the data protection officer”. Every person concerned can contact our data protection officer directly at any time with all questions and suggestions concerning data protection.


4. Processing of personal data

Within the scope of our professional activity we usually process the following personal data:

  • contact details: first and last name, e-mail, if required also address, telephone and fax numbers, position, client or associated company/unit;
  • consulting data: contents of inquiries, consulting communications, documents, file notes;
  • contract data: service and product descriptions, contract documents, contents of inquiries, offers and invoices, communication within the scope of the business relationship, documents;
  • performance-related data (also for third parties and opponents): consulting documentation, further information necessary for the assertion and defence of your rights within the scope of the mandate;
  • financial data: bank data, data on the financial situation, proof of performance, accounting, tax data (e.g. income tax), if necessary audit documents according to the German Money Laundering Act (Geldwäschegesetz).


5. Scope of data processing and intended use

We process your personal data for the preparation and implementation of our client or business relationship. The scope of the data processing and the specific purposes depend on the respective contract. Within the scope of the preparation and execution of our consulting activities, the processing of personal data regularly includes the following purposes:

  • contact as client,
  • correspondence with you and third parties (e.g. courts, opponents or service providers),
  • legal advice and representation (judicial/extrajudicial),
  • invoicing,
  • handling of any liability claims that may exist,
  • possible assertion of claims.

Furthermore, we may process your personal data for the following purposes and on the basis of the following legal principles:

  • Processing of the mandate: data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR if a mandate or business relationship exists or is to be entered into with you personally. If, on the other hand, you are acting on behalf of a third party, in particular your employer, data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.
  • Establishing contact with us: If you contact us by e-mail, the data you provide will be stored by us in order to process and answer your enquiries. If a client relationship exists, Art. 6 para. 1. sentence 1 lit. b GDPR is the legal basis. In the event that no client relationship exists, our legitimate interests in answering the contact request are the legal basis in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
  • Establishing contact with you: From time to time we may inform our clients about current developments in case law and about current legal problems and solutions. This takes place in long-term client relationships in execution of the existing client relationship as part of our mandate in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, otherwise on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, in order to inform you about current developments relevant to you.
  • Christmas and other greeting cards: If we know you personally and/or you have a client relationship with our firm, it is possible that we may send you greeting cards on special occasions, such as Christmas, due to our legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR. We assume that you will be pleased to receive greetings on special occasions. If this is not the case, you can of course object to greeting cards being sent in accordance with Art. 21 GDPR (see Section 10).
  • Processing from third party sources: Where necessary for the execution of the client or business relationship with you, we also obtain personal data from third party sources (Art. 6 para. 1 sentence 1 lit. b GDPR). This may also include the collection of further personal data from opposing parties and their representatives (e.g. lawyers), experts, courts and other public bodies, as well as from publicly accessible sources (e.g. commercial or association register, land register, residents’ registration office, press, media, internet, debtors’ register).


6. Processing of personal data as opponent or other party to the proceedings

On the basis of our mandate activity, we also process personal data of you as a defendant, your representatives (e.g. lawyers), experts, judges, court employees and clerks of public authorities. This processing is necessary in order to fulfil the contract with our clients and is therefore justified in accordance with Art. 6 para. 1 sentence 1 lit. b, f GDPR. This processing is carried out to fulfil an existing client relationship.

The principles described in this document apply to these processing operations, including your rights as a data subject. Please note, however, that due to the specially protected attorney-client confidentiality that exists between us and our clients, your rights are severely restricted. We are almost completely prohibited from disclosing any information about you if the contracts with our clients are affected, unless it is necessary for the fulfilment of our client relationship with our clients (§ 203 German Criminal Coder [StGB]).

We receive the data processed in this respect primarily from our clients. Furthermore, we may also obtain the information from public sources, e.g. websites, court and authority contact directories, etc. Colleagues and opponents can also provide us with corresponding information.


7. Compliance with legal obligations

We, like any other company/law firm in the European Union, are subject to various legal obligations to carry out checks on our clients’ data. In these cases, we process your personal data only to the extent necessary for these legal requirements. The legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with the relevant statutory provisions. These legal requirements refer in particular to:

  • fraud and money laundering prevention;
  • tax control and reporting obligations;
  • commercial and tax law documentation obligations;
  • comparison with sanctions lists of the Euopean Union.


8. Transfer of personal data to third parties

We only pass on your personal data to external recipients if it is necessary for the execution of the client relationship or our business relationship or if another legal permission exists. External recipients may be:

  • courts and other authorities or state institutions to which we have to transmit personal data for legally binding reasons;
  • defendants and their representatives;
  • service providers commissioned by us to provide services, for example in the areas of technical infrastructure and maintenance of our IT systems (e.g. accounting, tax consultants);
  • other private bodies to which we transmit personal data on the basis of a legal provision, such as lawyers, tax consultants or legal expenses insurance companies.

If your personal data is passed on to service providers commissioned by us, these are carefully selected by us, are bound by our instructions and are regularly checked.

The attorney-client confidentiality remains unaffected by the disclosure of personal data to third parties. As far as data is concerned that is subject to the attorney-client privilege, it will only be passed on to third parties in consultation with you.


9. General information on the duration for which personal data are stored

We process and store personal data of clients, business partners and parties to proceedings only for the period of time required to achieve the purpose of storage or due to a legal obligation. If the storage purpose ceases to apply or the prescribed storage period ends, the personal data is routinely blocked or deleted in accordance with the statutory provisions. As a rule, the legal obligation to retain data ends 6 years after the end of the calendar year in which the mandate was terminated. Longer periods may apply if we are obliged to store data for a longer period of time pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR due to storage and documentation obligations under tax and commercial law. In the case of a legally binding title, there is a longer retention period, usually 30 years.


10. Your rights

a) You can object to the processing of personal data for advertising purposes including the analysis of customer data or the transfer to third parties for advertising purposes at any time without giving reasons.

b) In addition, you have the following rights in relation to the personal data concerning you:

  • Right of access to information (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object to processing of personal data (Art. 21 GDPR),
  • Right to data portability (Art. 20 GDPR).

c) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR).