Data Protection Declaration
1. Contact details for the person responsible for data processing and the company’s data protection officer
This data protection information applies to data processing by:
BBL Brockdorff Rechtsanwaltsgesellschaft mbH
Telefon: +49 30 2000334-00
Telefax: +49 30 2000334-99
The data protection officer can be reached at:
Tel.: +49 731 705448-187
2. Collection and storage of personal data, its type and the purpose of its use
a) When visiting the website
When a party visits our website, www.bbl-law.com, the browser used on their device automatically sends information to our website server. This information is temporarily stored in a log file. The following information is recorded and, unless they request otherwise, is stored until it is automatically deleted:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer and the name of your access provider
The abovementioned data is processed by us for the following purposes:
- Ensuring a smooth connection to the website
- Ensuring ease of use for the website
- Evaluation of system security and stability, as well as for other
- Administrative purposes
The legal basis for our data processing is GDPR Article 6 (1)(f). It is in our legitimate interest to glean data for the purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about any individual.
b) When using our contact form
We offer you the opportunity to get in touch with us via a contact form provided on the website. In this case, it is necessary for a user to provide a valid e-mail address and their name, so that we know from which party the request originated and how to answer it appropriately.
Data processing when contacting BBL via the contact form takes place, on the basis of your voluntary consent, in accordance with GDPR Article 6 (1)(f).
The personal data collected when the contact form is used will be deleted after your request has been dealt with.
3. Data sharing
Your personal data will not be handed to third parties for purposes other than those listed below.
We only pass on your personal data to third parties when and if:
- You have given your express consent in accordance with GDPR Article 6 (1)(f)
- The transfer according to GDPR Article 6 (1)(f) is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data
- In the event that there is a legal obligation for the transfer according to GDPR Article 6 (1)(f)
- This is legally permissible and required for the processing of contractual relationships with you in accordance with GDPR Article 6 (1)(f)
When you subscribe to our newsletter and your consent has been obtained, we use the double opt-in procedure. This prevents our e-mail messages from being sent to an e-mail address belonging to someone who has not subscribed to the newsletter. We need a valid e-mail address from the subscriber, which enables us to verify that they are the owner of the e-mail address provided and that they agree to receive the newsletter. For purposes of personalising a newsletter we may store personal data, such as first name, last name, company and address; there is no collection of any further data. We use this data solely to send the information you requested and to document your consent and to maintain blacklists, and also lists of those who unsubscribe. Your personal data will only be stored for as long as your subscription to the newsletter remains active.
You can, at any time, revoke your consent to data storage, in particular, the storage of your e-mail address and its use for sending the newsletter. This can be done via the “unsubscribe” link (or similar) in the newsletter or a short message to email@example.com.
The legal basis for data processing when sending out the newsletter is your consent in accordance with GDPR Article 6 (1)(a). The legal basis for data processing when maintaining your subscription is GDPR Article 6 (1)(f). Our legitimate interest lies in being able to verify that the double opt-in procedure has been implemented properly.
The data processed by cookies is required for the abovementioned purposes and to protect our legitimate interests in having provision of our services optimised and error-free technically in accordance with GDPR Article 6 (1)(f). Insofar as how and when other cookies (e.g. cookies for analysing your user behaviour) are stored, they are treated as a separate case in this data protection declaration (see Section 5).
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears before a new cookie is created.
6. Web analysis by Matomo
We use the open-source software tool Matomo on our website. More information on how Matomo works can be found at, for example: https://de.wikipedia.org/wiki/Matomo. Or at the Matomo website: http://www.matomo.org.
- Scope of processing of personal data
We use Matomo on our website to analyse the browsing behaviour of our users. The software sets a cookie on the user’s computer so, if individual pages of our website are called up, the following data is then stored:
(1) Two bytes from the IP address of the user’s calling system
(2) The accessed website
(3) The website from where the user accessed the accessed website (referrer)
(4) The sub-pages accessed from the accessed website
(5) The duration of the period spent on the website
(6) The frequency of visits to the website
The software runs exclusively on our website servers and the storage of a user’s’ personal data only happens here. The data is not be forwarded on to any third parties.
The software is set in such a way that the IP addresses are not completely saved but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to designate the shortened IP address to the calling computer.
- Legal basis for processing personal data
The legal basis for the processing of a user’s personal data is GDPR Article 6 (1)(f).
- Data processing purpose
The processing of a user’s personal data enables us to analyse their browsing behaviour. By evaluating the obtained data, we are able to compile information about the use of the various individual components of our website. This helps us to constantly improve it and its user-friendliness. Our legitimate interest in the processing of data according to GDPR Article 6 (1)(f) also aligns with this purpose. By making the IP address anonymous, the concern of the user that their personal data be protected professionally is taken into account.
- Duration of storage
The stored data will be deleted as soon as it no longer required in the context of recording purposes.
7. Social media plug-ins
In order to increase awareness of our law firm we use social plug-ins on our website from the social network sites Facebook, Twitter, LinkedIn and Xing according to GDPR Article 6 (1)(f), The underlying advertising purpose is to be regarded as a legitimate interest within the context of the GDPR. Respective providers are responsible for guaranteeing data protection-compliant operations. We integrate these plug-ins using the two-click method, so as to provide the best possible protection for visitors to our website.
Media plug-ins from Facebook are used on our website to make use more personal; we employ the “Recommend” button for this purpose. As this is an offer from Facebook, if you access a page on our website that contains a plug-in of this type, your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted directly from Facebook to your browser, which then integrates it into our website. When integrating the plug-in, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plug-ins, for example, by pressing the “Recommend” button, the corresponding information is also transmitted directly to the Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook can use this information for advertising, market research and needs-based design of Facebook pages. Usage, interest and relationship profiles are created by Facebook for this purpose, e.g., to evaluate your use of our website with regard to the advertisements presented to you on Facebook, to inform other Facebook users about your activities on our website and to inform others about the use of related services provided by Facebook. If you do not want Facebook to connect the data collected through our website with your Facebook account, you must log out of Facebook before visiting our website.
The purpose and scope of data collection and further processing and use of the data by Facebook, as well as your rights in this regard, plus setting options for protecting your privacy, can be found in Facebook’s data protection information section: https://www.facebook.com/about/privacy/.
Plug-ins that are part of the short message network run by Twitter Inc. (hereinafter referred to as “Twitter”) are integrated into our website. You can recognise the Twitter plug-ins (tweet button) from the Twitter logo on our site. You can find an overview of tweet buttons here: (https://about.twitter.com/resources/buttons). If you access a page on our website that contains a plug-in of this type, a direct connection is established between your browser and the Twitter server. Twitter receives the information via your IP address that you have visited our site. If you click on the Twitter “tweet button” while you are logged into your Twitter account, you can link the content on our pages to your Twitter profile. This allows Twitter to link your visit to our site with your user account. We would like to point out that BBL, as the provider of the pages, have no knowledge of the nature of transmitted data to Twitter or how they use it.
If you do not want Twitter to designate your visit to our pages, please log out of your Twitter user account. You can find more information on this in Twitter’s data protection declaration: https://twitter.com/de/privacy.
Each time our website, which is equipped with a LinkedIn component (LinkedIn plug-in), is called up, the said component allows the browser used by the person concerned to download a corresponding representation of the LinkedIn component. Further information on LinkedIn plug-ins can be found at: https://developer.linkedin.com/plug-ins. As part of this technical process, LinkedIn is informed of the specific subpage on our website that is being visited by the party concerned (including their IP address).
If the concerned party is logged in to LinkedIn at the same time, LinkedIn recognises which specific subpage of our website the party concerned is visiting each time they call up our website, and for the entire duration of a specific stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the concerned party. If the party clicks on a LinkedIn button integrated into our website, LinkedIn designates this information to the personal LinkedIn user account of the party and saves their personal data.
LinkedIn always receives the information that the party has visited our website via the LinkedIn component, if they are logged in to LinkedIn while they are accessing our website. This will occur regardless of whether the subject clicks on the LinkedIn component or not. If the subject does not want this data to be transmitted to LinkedIn, they can prevent it by logging out of their LinkedIn account before accessing our website.
LinkedIn offers the possibility of unsubscribing from e-mail messages, SMS messages and targeted ads via: https://www.linkedin.com/psettings/guest-controls. You can also change ad setting via this path. LinkedIn also uses partners who may set cookies, such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame. Such cookies can be rejected at: https://www.linkedin.com/legal/cookie-policy
LinkedIn’s applicable data protection regulations are available at https://www.linkedin.com/legal/privacy-policy.
Each time an individual pages on our website is called up – into which a Xing component (Xing plug-in) has been integrated – the Internet browser on the information technology system of the party concerned is prompted to display automatically, by the respective Xing component, the corresponding download component from Xing. For further information on Xing plug-ins please visit: https://dev.xing.com/plug-ins. As part of this technical process, Xing is informed which specific subpage of our website has been visited by the party concerned (including their IP address).
If the person concerned is logged in to Xing while on our website, Xing recognises which specific subpage the party concerned is visiting each time they call up our website and for the entire time they stay on that subpage. This information is collected by the Xing component and designated by Xing to the respective Xing account of the data party. If the latter clicks on one of the Xing buttons integrated into our website, for example, the “Share” button, Xing assigns this information to the personal Xing account of the party and stores that personal data.
Xing always receives information via the Xing component that the person concerned has visited our website, if the person concerned is logged in to Xing while they access our website; this is regardless of whether the data party clicks on the Xing component or not. If the data party does not want this information to be transmitted to Xing, they can prevent it by logging out of their Xing account before accessing our website.
Data protection regulations published by Xing, which provide information about the collection, processing and use of personal data by Xing can be accessed at: https://www.xing.com/privacy.
Xing has also published data protection notices for the XING share button at: https://www.xing.com/app/share?op=data_protection.
8. Google Maps
This site uses the Google Maps service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. In order to use the functions of Google Maps, it is necessary to save an IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of our site has no influence on this data transfer. Google Maps is used to create an attractive presentation of our online offers and to make it easier to find locations indicated on our website, which represents a legitimate interest within the context of GDPR Article 6 (1)(f).
You can find more information on handling user data in Google’s data protection declaration at: https://policies.google.com/privacy?hl=de&gl=de.
9. Data protection in employment applications and during the application process
We collect and process the personal data of job applicants for the purpose of supporting the application process. The processing can also take place electronically, which is particularly the case if an applicant sends application documents electronically, for example, by e-mail to the party responsible for processing. If BBL concludes an employment contract with an applicant, the transmitted data will be stored, in compliance with statutory provisions, for the purpose of facilitating the employment relationship. If we do not conclude an employment contract with the applicant, the application documents will be deleted no later than three months after receipt by the applicant of a rejection notice, provided that deletion does not conflict with any other legitimate interests of those responsible for processing applications. Another legitimate interest in this regard is, for example, a burden of proof in proceedings under the General Equal Treatment Act (GETA, or German abbreviation: AGG).
10. Creditor information system
BBL Brockdorff Insolvency and Compulsory Administrator GbR operates our creditor information system (http://gis.bbl-law.de/). The creditor information system is a web system that allows creditors involved in a specific insolvency proceeding to view information about it. As a creditor in a bankruptcy proceeding, you can log in with a user ID to retrieve information about the progress of the bankruptcy proceeding in which you are an interested party. You will receive the user ID at the beginning of the bankruptcy proceedings. The data will only be processed for creditor information purposes.
The legal basis for the processing of your data when using the creditor information system is based on your consent to participate in the creditor information system according to GDPR Article 6 (1)(a), and the processing of your data results from upon completion of the contract between you as creditor and the insolvency debtor according to GDPR Article 6 (1)(b).
11. User data rights
You have the right related to your data with regard to allow for and know the following:
- To request information about your personal data processed by BBL in accordance with GDPR Article 15
- The purpose of the processing
- The personal data category
- The categories of recipients to whom your data was or will be disclosed
- The planned storage period
- The right to correction, deletion and restriction of processing
- The right to object and complain
- The origin of your data (if not collected from BBL)
- The existence of automated decision-making, including profiling and, when necessary, meaningful information about their details
- In accordance with GDPR Article 16, to immediately request the correction of incorrect or incomplete personal data that we have stored
- In accordance with GDPR Article 17, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest and/or to assert, exercise or defend legal claims
- In accordance with GDPR Article 18, to request the restriction of the processing of your personal data if you dispute the accuracy of such data, or the processing is unlawful but you refuse to delete it and we no longer need the data. Or for when it is to be used to assert, exercise or defence of legal claims. Or when you have objected to the processing pursuant to GDPR Article 21.
- In accordance with GPDR Article 20, to receive your personal data that you provided to us in a structured, common and machine-readable format or to request transmission to another responsible entity
- In accordance with GPDR Article 7 (3), to revoke the consent you have given to us at any time, which means we are no longer allowed to continue the data processing based on this consent. You may also complain to a supervisory authority under the same article
- In accordance with GDPR Article 77, you can, as a matter of course, contact the supervisory authority of your usual place of residence or work, or a BBL office
12. Right to object
If your personal data is processed on the basis of legitimate interests in accordance with GDPR Article 6 (1)(e) or (f), you have the right to object to the processing of your personal data in accordance with GDPR Article 21, provided that there are reasons for this, which arise from your particular situation, or if the objection is directed against targeted advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.
If you would like to make use of your right of revocation or objection, then you are requested to send an e-mail to: firstname.lastname@example.org.
13. Data security
When you visit our website, we use the ubiquitous SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser – this is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. You can tell whether an individual page on our website is being transmitted in encrypted form when the key or lock symbol in the lower status bar of your browser is displayed as closed.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are improved continuously in line with technological developments.
14. Updating and changing this data protection declaration
This data protection declaration is currently valid and has had this status since April 2020.
It may become necessary to alter this data protection declaration in cases of further development of our website, for example, or because of offers on it, or change may be needed for legal or official purposes. A print out of the current data protection declaration can be obtained at any time via the website: