1. Scope, Purposes, and Legal Bases of Processing on This Website
When you visit our website, our web server, operated by a service provider based in Germany, records the following personal communication and usage data in a log file for each access:
# IP address of the requesting device
# Date and time of access
# Name and URL of the retrieved webpage
# Transferred data volume
# Message indicating whether the retrieval was successfully processed or an error status
# Type of requesting browser and operating system
As a rule, this communication and usage data is deleted after 7 days. If there is reason to suspect a security-related incident, the relevant data will be stored until the incident has been fully clarified and will be transmitted to the competent authorities.
We use functional cookies. A cookie is a small text file that our web server stores on your device. This cookie is technically necessary for the correct display of the website and does not permit analysis of your browsing behavior. It is also not stored permanently but is automatically deleted at the end of the session, at the latest when you close your browser. You can disable the setting of cookies at any time in your browser’s settings – however, this website may then not display correctly.
We process this data solely to enable the secure and technically sound use of our online offering (establishing the connection, error-free transmission and display of content, technical security). The legal bases are our legitimate interest in the online presentation of our law firm, legal and professional publication obligations, as well as the legal obligation to protect visitors to our website from potential security issues.
No further processing of personal data takes place on this website. Additional processing only occurs in connection with attorney–client relationships. In such cases, we will inform you separately about the details; however, we already point out that we process the personal data of our clients, their opponents, and other parties involved in a mandate only to the extent contractually or legally necessary, based on the legitimate interests of our clients in legal enforcement, or pursuant to consent that can be withdrawn at any time with future effect.
Contact via Email
If you contact us by email, we will process the personal data you provide (e.g., name, email address, content of your message, any attached documents) solely to respond to your inquiry or handle your stated matter.
The legal basis for this is Article 6(1)(b) GDPR, insofar as the correspondence relates to the execution of a contract or pre-contractual measures, or Article 6(1)(f) GDPR, based on our legitimate interest in the proper handling of incoming inquiries.
The data will be deleted once your inquiry has been fully answered, unless statutory retention obligations require longer storage or there are legal claims for the assertion or defense of which storage remains necessary. Please note that unencrypted emails generally pose security risks. If you wish to send us confidential documents or information, we recommend using encrypted communication channels.
2. Links to Content from Other Providers
This privacy policy applies only to our websites. Where our websites contain links to content from other providers, the following applies: our websites do not automatically load content from third-party servers, and such content is not required for the use of our websites. The links clearly indicate that they lead to another provider. When you follow a link, your data is transmitted to the provider’s web server. We have no influence over other providers and do not monitor whether they comply with the applicable data protection regulations.
No Transfer of Data to Third Countries
No transfer of your personal data to countries outside the European Union or the European Economic Area (“third countries”) takes place in the context of operating this website. Should we, in exceptional cases, consider a transfer to a third country, this will only be carried out in compliance with the legal requirements of Articles 44 et seq. GDPR and after providing you with prior, specific information.
3. Controller, Contact Person, Encryption
Controller within the meaning of the GDPR is:
Kambeck & Partner
Skalitzer Strasse 45
10997 Berlin
Contact person: Attorney-at-Law J. Kambeck
4. Your Rights
Within the scope of the statutory provisions, you have the following rights:
# Access: You can request information from us as to whether and how we process your personal data. This includes the right to receive a copy of this data. Please note that we may not provide information if the data to be disclosed is subject to our professional confidentiality obligations or must be kept secret under other legal provisions or by its nature, in particular owing to the overriding legitimate interests of a third party.
# Rectification: We will correct and complete your personal data upon request.
# Erasure and Restriction: We will erase your personal data or restrict its processing upon request.
# Data Portability: Personal data you have provided to us on the basis of a contract or consent may be received by you in a structured, machine-readable standard format.
# Objection: Where we process your personal data on the basis of a legitimate interest, you may object to the processing.
# Withdrawal of Consent: You may revoke any consent given at any time with effect for the future. When obtaining your consent, we inform you how you can withdraw it.
# Automated Individual Decision-Making: We do not carry out automated individual decision-making within the meaning of Article 22 GDPR.
# Complaint: You may lodge a complaint at any time with the competent supervisory authority, for example at your habitual place of residence, regarding our processing of your personal data.
Unless otherwise stated, please use the contact details provided in Section 3 to exercise your rights.
5. Use of Artificial Intelligence (AI) in Our Law Firm
We use an AI-based text processing system to support our legal work. The AI is used exclusively on the basis of a data processing agreement with the provider in accordance with Article 28 GDPR. The system processes personal data only to the extent required to handle your inquiry or mandate.
a) Types of Data Processed and Purpose
We regularly process text content from mandate documents, communication data (e.g., email contents), and, where applicable, metadata necessary for handling the legal matter.
The purpose of use is to enhance the efficiency and quality of our legal services, e.g., in drafting documents, conducting research, or analyzing documents.
No automated individual decision-making pursuant to Article 22 GDPR takes place.
b) Legal Bases
The processing of personal data in the context of AI use is based on Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures) as well as Article 6(1)(f) GDPR (legitimate interest in efficient handling of your matters).
Where special categories of personal data (e.g., health data) are processed, this is based on Article 9(2)(f) GDPR (establishment, exercise, or defense of legal claims), unless another legal basis (e.g., consent) is applicable.
c) Recipients/Data Processors and Transfer to Third Countries
Processing generally takes place on servers within the European Union. No transfer to third countries occurs. Should this become necessary in the future, we will inform you in advance and ensure that appropriate safeguards (e.g., EU standard contractual clauses) are in place.
All providers used are bound by data processing agreements; use of the data for training the AI by the provider is contractually excluded.
d) Storage Period
Inputs into the AI system are used solely for the processing of your mandate and are deleted after completion of the matter or, at the latest, after expiry of statutory retention periods.
e) Transparency and Data Subject Rights
You may request information at any time about whether and how your data is processed by the AI. Your rights to rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent apply without restriction. No automated decision-making or profiling takes place.