• Home
• Law firm
• Practice Areas
  • Antitrust law and merger control
  • Intellectual property
• Lawyers
  • Dr. Ferdinand Hermanns
  • Dr. Achim Wagner
  • Johann Brück
  • Corinna Neunzig, LL.M.
  • Luana Lindow, LL.M.
• Contact
• Imprint
  • Data Privacy

Privacy Notice pursuant to Articles 13 and 14 GDPR

I. Name and contact details of the controller responsible for processing

Hermanns Wagner Brück Rechtsanwälte Partnerschaft mbB
Kaiser-Wilhelm-Ring 41
D-40545 Düsseldorf
Deutschland

E-Mail: info@dr-hermanns.de
Telephone: +49 (0)211 – 233838-0
Fax: +49 (0)211 – 233838-23

II. Collection and storage of personal data as well as the nature and purpose of their use

1. Visiting the website

a) Accessing the website
When you access our website www.dr-hermanns.de, information is automatically transmitted by the browser used on your device to the server of our website ("log files"). The following information is collected and stored:

• IP address of the requesting computer,
• date and time of access,
• name and URL of the retrieved file,
• website from which access is made (referrer URL),
• browser used and, where applicable, the operating system of your computer and the name of your access provider.

Log files are processed in order to ensure IT security, to ensure the functionality of the website and to detect misuse or attacks and are stored for a minimum duration. The legal basis for the processing is our legitimate interest in the processing purposes stated above (Article 6 (1) lit. f GDPR). Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. Automated decision-making, including profiling within the meaning of Article 22 GDPR, does not take place.

b) Further links

No third-party content is embedded on our website. In some cases, visitors to the website may be redirected to websites of other providers by using a link (e.g. Google Maps). In such cases, the applicable data protection provisions are governed by the privacy notices of the respective third-party provider.

2. Advising clients

a) Purposes of processing

When advising our clients, we process personal data related to the engagement ("matter data") for various purposes, for example in order to be able to advise our clients or for operational reasons. These purposes include in particular:

• advising our clients and handling the respective engagement,
• compliance with our obligations under applicable legal provisions and regulatory requirements (e.g. conflict checks),
• operational purposes (e.g. records, bookkeeping, invoicing and compliance with tax regulations),
• and/or compliance with certain legal obligations (e.g. disclosure obligations and compliance with court orders).

b) Data subjects

Depending on the individual case, we process personal data of various data subjects, including:

• clients and their respective officers, representatives and employees,
• counterparties or contractual partners of our clients and their respective officers, representatives and employees,
• other advisers, consultants and freelancers involved in the engagement, as well as their respective officers, representatives and employees,
• our partners and employees,
• and/or third parties, such as court personnel, witnesses and other natural persons involved in the engagement.

c) Types and sources of personal data

The types of personal data we process in the course of a mandate depend largely on the mandate and the possible course of negotiations or legal proceedings. Mandate data usually includes master and contact data (including name, address, telephone number, e-mail), functional and organizational data (position), communication data, contract and procedural data, correspondence content, billing and payment-related data, and, in individual cases, special categories of personal data. Mandate data is provided to us by our clients and contains the information we need to act for our clients in our capacity as legal advisors.. Without this information, we may not be able to accept or properly process the client relationship. In certain cases, however, we also obtain client data from other sources, such as public directories and databases, court and public records. In some cases, we also receive personal data from third parties familiar with the matter in question.

d) Retention period

We only store client data for as long as there is a legal basis for doing so. In some cases, there are statutory retention periods that require us to store your data. Such retention periods apply, for example, to the following circumstances:

• Section 50 (1) BRAO stipulates that client documents must be kept in reference files for six years after the end of the mandate.
• According to § 147 (3) AO, accounting documents must be retained for a period of 10 years.

We regularly check whether the legal requirements for further storage still apply and delete or anonymize your personal data accordingly. If you would like more detailed information on the storage period for certain data, please feel free to contact us at any time.

e) Legal basis

If the client relationship exists with the data subject themselves, we process the client data relating to this person for the purpose of fulfilling the contract (the legal basis for processing in such cases is Art. 6 (1) lit. b GDPR).

In other cases, our processing of client data is based on our legitimate interest in providing our (legal) services to our clients and the legitimate interest of our clients in receiving legal advice and representation from us. We have a legitimate interest in processing client data to perform administrative tasks, such as maintaining our client relationships, accounting, and for tax purposes (the legal basis for this processing is Article 6 (1) lit. f GDPR).

In addition, we process client data in order to fulfill our legal obligations in accordance with the applicable laws. (The legal basis for processing in such cases is Art. Article 6 (1) lit. c GDPR).

While processing mandates, it may be necessary to process information relating to special categories of personal data pursuant to Art. 9 (1) GDPR (e.g., health data or political opinions). Processing is carried out exclusively to the extent necessary for the establishment, exercise, or defense of legal claims (Article 9 (2) lit. f GDPR) or on the basis of express consent (Article 9 (2) lit. a GDPR). Automated decision-making, including profiling within the meaning of Article 22 GDPR, does not take place.

III. Data transfer

1. Disclosure to third parties

We use external service providers (e.g., web hosts, cloud solution providers) to operate our IT systems and website and to administer our client activities. These service providers process personal data exclusively in accordance with our instructions as processors pursuant to Art. 28 GDPR.

In addition, we share client data with service providers who are subject to their own professional confidentiality obligations, such as tax advisors, where necessary. We have informed such service providers of the criminal liability associated with the protection of client data under client confidentiality.

2. Data transfer to third countries

Personal data is not transferred to entities in countries outside the European Union (so-called “third countries”).

If individual processing operations require the involvement of service providers in third countries (e.g., IT service providers, communication services), the transfer shall only take place in compliance with Articles 44–49 GDPR, in particular on the basis of an adequacy decision by the EU Commission or appropriate safeguards such as standard contractual clauses in accordance with Article 46 GDPR.

IV. Data subject rights

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR,
• to request the immediate correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR,
• pursuant to Art. 17, 18 GDPR, to request the erasure and restriction of the processing of your personal data stored by us, and
• pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller.

You may revoke any consent you have given us at any time in accordance with Art. 7 (3) GDPR. As a result, we will no longer be permitted to continue processing data based on this consent in the future. Revoking your consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to revocation.

In addition, you have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR. For example, you can contact the following authority to lodge such a complaint:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-999
E-Mail: poststelle@ldi.nrw.de

V. Right to object

Where your personal data are processed on the basis of legitimate interests pursuant to Article 6 (1) lit. f GDPR, you have the right, pursuant to Article 21 GDPR, to OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA. If you wish to exercise your right of revocation or objection, please send an e-mail to info@dr-hermanns.de.

VI. Status and changes to this privacy policy

We reserve the right to change this privacy policy at any time with future effect. The latest version is available on the website. Please visit the website regularly to find out about the current privacy policy.

Status: March 2026