As the operator of the website www.it-rechtsberater.de, the law firm Costard, Lina-Ammon-Straße 9, 90471 Nuremberg, is the controller in the sense of the EU General Data Protection Regulation (GDPR) who makes decisions individually or in conjunction with others on the purposes and means of the processing of personal data, hereafter referred to as “data.”
According to the GDPR, personal data is any information concerning an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).
Processing of data is defined as any operation or set of operations performed on personal data or on sets of personal data either through manual or automated procedures, such as the collecting, recording, organising, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or making available in a different manner, comparing or combining, restriction, erasure or destruction.
Using our website does not require you to provide data. However, in certain cases, we will need your name, address and additional information to perform your requested services.
The same applies to, e.g. the sending of information material and to replies to individual enquiries. We will notify you should any further data be necessary. Furthermore, we only process data you provide to us voluntarily and data that is collected automatically when visiting our website (e.g. your IP address and the names of the pages you opened, your browser and operating system, time and date of access, used search engines or names of downloaded files).
When using our services, usually only data required to perform the service will be collected. Any additional data we may request is provided voluntarily by you.
Data will only be processed to perform requested services and to safeguard our legitimate business interests.
Thank you for your interest in our law firm and our services. We want you to feel safe about your data when visiting our website. We take the protection of your data very seriously and strictly adhere to the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in its respectively valid form.
We have implemented technical and organisational measures to ensure compliance with data protection regulations by both us and our commissioned external service providers. We require our employees and commissioned service providers to maintain confidentiality and adhere to the GDPR and the German Federal Data Protection Act in its respectively valid form. Furthermore we at all times respect our obligation to confidentiality as stated in § 43a subsection BRAO and § 2 BORA.
As part of our obligation to provide information, we want this data privacy statement to be as transparent as possible and we will explain the purposes for processing your data and use of any tracking or analysis tools, cookies and social media plugins hereafter.
We process the data you provide in accordance with the principles of data economy and purpose limitation. The principle of purpose limitation states that data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is not considered to be incompatible with the initially stated purposes.
We process your data only in order to answer your enquiries, to attend to your assignments or to provide certain information. We will only process the data you provide online for the stated purposes. Your data will not be transferred to third parties without your express consent.
Data will only be collected or transmitted to authorised state institutions and public authorities in accordance with applicable laws or if we are required to do so due to a court order.
We will not sell your data to third parties or otherwise market your data.
When using our website, the following data may be processed for technical or organisational reasons: the names of the pages you opened, your browser and operating system, time and date of access, used search engines or names of downloaded files as well as your IP address.
When visiting our website, we may save information on your computer in form of a (session) cookie. Cookies are small text files transmitted by a web server to your browser and saved on your computer’s hard disk.
Except for your IP address, no personal user data will be saved. This information allows you to be automatically recognized during your next visit to our website and makes navigation easier. Cookies enable us to, e.g. adjust our website to your interests and to save your password so that you won’t have to re-enter it every time you visit our website.
You may also visit our website without using cookies. If you do not want us to recognize your computer, you can prevent cookies from being saved on your hard disk by setting your browser to “disable cookies.” For detailed instructions, please see your browser’s help function. However, please note that disabling cookies may prevent you from fully using every function on website.
Our website features functions of www.linkedin.com, operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, U.S.A. We want to notify you that LinkedIn plugins are installed on our website. The LinkedIn plugin is identified by white letters “in” on a blue logo.
If you activate the LinkedIn button, the plugin will establish a direct connection to LinkedIn. LinkedIn transmits the contents of the plugin used by you directly to your browser. We have no influence on the contents of the transmitted data. Nonetheless, we want to inform you about which data is transmitted to LinkedIn to the best of our knowledge.
If you use the stated plugin, i.e. by activating the button, information on the fact that you opened a certain page on our website will be transmitted to the servers of LinkedIn. For users who are logged in to LinkedIn at the same time as visiting our website, data on their usage behaviour will be assigned to their personal accounts on LinkedIn. If you activate the LinkedIn button this information will be transmitted directly by your browser to LinkedIn where it will be saved. Even if you do not have an account on LinkedIn, LinkedIn may obtain and save your IP address.
For the purpose and scope of data collection, further processing and use of this data by LinkedIn and your according rights and privacy setting options, please see LinkedIn’s data privacy statement at https://www.linkedin.com/legal/privacy-policy.
If you do not want LinkedIn to assign the data collected through our website to your LinkedIn account, please log out of your LinkedIn account before visiting our website. You can also block LinkedIn plugins by installing add-ons for your browser.
Our website features functions of the network XING, operated by the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. We want to notify you that XING plugins are installed on our website. The XING plugin is identified by a two-coloured “X” on a white background, resembling the Xing logo. If you activate the button, the plugin will establish a direct connection to XING. XING transmits the contents of the plugin used by you directly to your browser. We have no influence on the contents of the transmitted data. Nonetheless, we want to inform you about which data is transmitted to XING to the best of our knowledge.
If you use the stated plugin, i.e. by activating the button, information on the fact that you opened a certain page on our website will be transmitted to the servers of XING. For users who are logged in to XING at the same time as visiting our website, data on their usage behaviour will be assigned to their personal accounts on XING. If you activate the XING button this information will be transmitted directly by your browser to XING where it will be saved. Even if you do not have a XING account, XING may obtain and save your IP address.
For the purpose and scope of data collection, further processing and use of this data by XING and your according rights and privacy setting options, please see XING’s data privacy statement at https://www.xing.com/privacy.
If you do not want XING to assign the data collected through our website to your XING account, please log out of your XING account before visiting our website. You can also block XING plugins by installing add-ons for your browser.
This website uses Google Maps, a product by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. Google Maps provides information on locations that may be of interest to you based on your search requests and activated maps. Google Maps also helps you calculate the route to our office.
By using this website, you agree to the automated processing of the data collected by Google Inc., its representatives and third parties. We have no influence on Google Inc.’s automated processing when you use Google Maps.
For more information please visit https://policies.google.com/privacy.
For Google Maps’ additional terms of service, please visit https://maps.google.com/help/terms_maps.html.
This website uses the font library Google Fonts, a product of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A, in order to use fonts in a conveniently and user-friendly manner.
In order to do so, your browser will load the web fonts in your browser cache when using our website.
This will automatically make a direct connection to Google Inc. It may then be the case that Google Inc. will be informed about the fact that our website has been opened through your IP address. Google Inc. may process these transmitted data. We have no influence on the processing of this data.
By using this website you consent to the processing of the transmitted data by Google Inc.
You can find further information on Google Fonts at https://developers.google.com/fonts/faq.
For more details on Google Fonts please visit https://developers.google.com/fonts/faq. For general information please note the data privacy statement of Google Inc. at https://www.google.com/policies/privacy/.
In order to guarantee the best functioning of our website we use the service Google APIs, a product by Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, CA 94043, U.S.A.
Google APIs helps us communicate with other Google Services and integrate them with other services such as Google Search or Google Maps. In this context your browser may transmit personal data to Google APIs. The legal basis for the processing of this data can be found in art. 6 subsection 1 lit. f GDPR; as the functioning of the website is regarded as a legitimate interest.
Google APIs is certified within the EU–US Privacy Shield framework. For more information please visit https://www.privacyshield.gov/list.
Data will be deleted as soon as it is no longer needed for its initial purpose.
You can find more information on the processing of your transmitted data in Google LLC’s data privacy statement at https://www.google.com/intl/de/policies/privacy/. You can prevent the processing of your data by Google LLC by deactivating the script code in your browser or by installing a script blocker in your browser. Such blockers can be found at www.noscript.net or at www.ghostery.com.
Our website is aimed exclusively at potential clients, business partners, applicants and interested parties.
Persons under the age of sixteen should not transmit data to us without the permission of a parent or guardian. We do not request data from children or teenagers under the age of sixteen. We do not collect such data or provide such data to third parties.
We have implemented technical and operational protective measures in accordance with the applicable legal regulations to protect your data from loss, destruction, manipulation and unauthorized access. Our security measures are reviewed regularly and adjusted to technological advances. All our employees and all persons participating in our data processing are required to adhere to the GDPR and to the German Federal Data Protection Act in its respectively valid form as well as to other laws relevant for data protection and must treat your data confidentially.
Furthermore, we conclude order processing contracts with any external service providers we commission. Our security measures are regularly reviewed and adjusted in accordance with technological advances.
We reserve the right to make changes to our security and data protection measures if required due to technical developments. In such cases, we will also adjust our data privacy statement. Therefore, please note the respectively current version of our data privacy statement.
Should the processing of your data require your consent, we will ask for your consent and use your data for the purposes for which you have given your consent. Your consent will be digitally documented.
You can revoke your consent at any time with future effect. To do so, please write us to
Law Firm Costard
or e-mail us at
If you contact us through our contact form, we will request certain personal data. Your name and a valid e-mail address are required to respond to your enquiry. Additional personal information may be provided voluntarily.
This personal data will be processed further by e-mail. Information submitted through the contact form is transmitted through end-to-end encryption.
The same applies to other means of contact, e.g. through e-mail or telephone.
Your data will be saved on safe servers in Germany under adherence to data protection regulations.
Data for contacting us is processed on the basis of your voluntary consent. By activating the “send” button within the contact form, you agree to our processing of your contact data for the stated purposes. If you do not agree to the processing, you should stop the process. No information will then be transmitted through our contact form and no data will be processed.
You may revoke your consent at any time with future effect.
We only use your data to the extent required for handling your enquiry and for further correspondence with you. We save data collected through our contact form to process your enquiry and for subsequent questions and will delete your data in accordance with data protection regulations after completing your request, unless other legal storage obligations apply.
This website uses reCAPTCHA, a product by Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, CA 94043, U.S.A. in order to protect your enquiries you make through our contact form. ReCAPTCHA helps distinguish between enquiries made by humans and enquiries fraudulently generated by automated processing.
Using reCAPTCHA leads to the processing of your IP address and other data needed by Google LLC to run this service. Therefore the input you make will be transmitted to Google LLC and processed further. Before processing your IP address within member states of the European Union and within member states which are parties to the Agreement on the European Economic Area your IP address will partially be blackened.
Only in exceptional cases will your full IP address be transmitted to servers of Google LLC situated in the U.S.A. and blackened there. On behalf of us Google LLC will use this information in order to evaluate your usage of this service. The IP address transmitted while using reCAPTCHA will not be merged with other data Google LLC might have. The data privacy statement of Google LLC applies to this data.
You can find further information on Google LLC‘s data privacy statement at https://www.google.com/intl/de/policies/privacy/.
By transmitting your applicant data, you consent to the processing of your data for the respective application process. You may revoke your consent at any time with future effect.
If we process your data, you, as the data subject, are entitled to the following substantial rights:
a) Right to Information
Under art. 15 of the GDPR, you have the right to information on which data is processed by us.
This includes information on the purposes of the processing, the categories of personal data subject to processing, the categories of possible recipients and the envisaged period for which your personal data will be stored.
Please submit your information requests to
Law Firm Costard
or e-mail us at
b) Right to Rectification
Under art. 16 of the GDPR, you have the right to obtain rectification or completion of your data from us. You can exercise this right by contacting the above-stated address.
c) Right to Erasure
Under art. 17 of the GDPR, you are entitled to have your personal data be deleted if its use is no longer required and if there is no other legal ground for its processing or storage. The same right is given if you object to the processing and if there are no overriding legitimate grounds for the processing, if your data was processed unlawfully or if your personal data has to be deleted for compliance with a legal obligation under EU or national law.
You can exercise this right by contacting the above-stated address.
d) Right to Restriction of Processing
Under art. 18 of the GDPR, you have the right to have the processing of your data be restricted if you are of the opinion that your personal data has been submitted incorrectly. The processing will be restricted for a period of time in which the controller can verify the accuracy of your personal data. The same applies to cases in which you state that the processing of your data is unlawful, but do not wish your data be deleted or in cases in which your data is no longer needed for the intended purpose but rather for exercising or defending any legal claims.
Lastly, the same applies to cases in which you have objected in accordance with art. 21 of the GDPR for the period of time in which it is not yet clear whether the controller’s legitimate interests outweigh your interests.
You can exercise this right by contacting the above-stated address.
e) Right to Data Portability
Under art. 20 of the GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format (data portability). Under certain circumstances and if technically possible you can also receive your data directly from the controller. You can exercise this right by contacting the above-stated address.
You have the right to object to the use of your data for the above-stated purposes at any time (art. 21 of the GDPR). You can object to direct marketing or for reasons that lie in your particular personal situation. If you object to direct marketing, we will comply with your wish irrespective of your particular personal situation.
To exercise your right to object, please write to us at
Law Firm Costard
or e-mail us at
Should you have any questions about our data privacy statement, data protection or the processing of your personal data, please contact us:
Law Firm Costard
Law Firm for Data Protection and IT Law
Attorney at Law Thomas P. Costard
tel.: + 49 (0) 911 / 790 30 34
fax: + 49 (0) 911 / 790 30 35
Feel free to contact Mr. Costard regarding any enquiries, suggestions or complaints you may have.
Please also note that, irrespective of other administrative or legal remedies, you have the right to submit complaints to supervisory authorities, especially in the member state of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.