Data protection

We are pleased that you are visiting our website and thank you for your interest in it. The protection of our users’ personal data is a matter of great importance to us. We therefore ask you to please take note of the information provided below.

In the provisions below we advise you of the collection, processing and use of your personal data in connection with the visit and with your use of the services offered on our website.

This data protection statement can be stored and printed out.

1. Controller / Data Protection Officer

1.1. Controller

The controller responsible for the data collection, processing and use is the operator of the website

HAVER & MAILÄNDER Rechtsanwälte Partnerschaft mbB
Lenzhalde 83-85
70192 Stuttgart
Tel: +49 (0) 711 22744 0
Fax: +49 (0) 711 29919 35

The two managing partners of HAVER & MAILÄNDER Rechtsanwälte Partnerschaft mbB, Dr. Timo Alte and Dr. Peter O. Mailänder, are jointly authorized to represent the law firm.

Register: Amtsgericht Stuttgart PR 720629
(hereinafter „HAVER & MAILÄNDER“ or „we“)

1.2. Data Protection Officer

The contact data of the Data Protection Officer are as follows:
HAVER & MAILÄNDER Rechtsanwälte Partnerschaft mbB
Die Datenschutzbeauftragte [The Data Protection Officer]
Lenzhalde 83-85
70192 Stuttgart
Tel: +49 (0) 711 22744 31
Fax: +49 (0) 711 29919 35

2. Basic Principles

We collect and process your personal data in compliance with the relevant provisions of statute, in particular the General Data Protection Regulation (hereinafter: “GDPR”) and the German Federal Data Protection Act (hereinafter: “BDSG”) and in accordance with the provisions below.

3. Definitions

3.1. Personal data

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, name, address, telephone number, e-mail address, IP address, user name, password, and information on the websites which are being viewed by a visitor.

3.2. Data subject

The data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing or by the controller’s processor.

3.3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting the processing thereof in the future.

3.5. Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. .

3.6. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3.7. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

3.8. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

3.9. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Collection, processing and use of your personal data

4.1. Log files

Every time our website is accessed, specific usage data are transmitted by the respective Internet browser and stored in log files, so-called server log files. This applies to the following data

  • Time and date when you accessed our website
  • IP address of the accessing computer
  • Name and URL of the file retrieved
  • Volume of data transmitted
  • Notification of whether the retrieval was successful
  • Identification data of the browser and operating system used
  • Website which the access came from
  • Name of your Internet access provider

These data are collected and processed for the purpose of enabling you to use our website (setting up the connection), guaranteeing system security, technical administration of the network infrastructure, providing information to law enforcement authorities in the event of a cyber-attack or misuse and for optimizing our Internet presence.

These data will be erased when you leave our website – subject to any statutory or official retention obligations.

The legal basis for the collection, storage and use of these data is our legitimate interest in providing you with the information on our website without any impairment and in guaranteeing the necessary security (point f) of Art. 6 (1) sentence 1 GDPR).

4.2. Contact

If you contact us via e-mail, we collect, store and process your e-mail address, your name and the content of your communication. If you provide your postal address and additional contact data, then we also store and process these data.

Please note that in order to answer your communications we do not need to have these additional data you provide us with on a voluntary basis and please consider carefully whether you wish to disclose these data to us.

We store and use your personal data for the purpose of answering your questions and/or processing your messages or other subsequent queries or communications.

These data will be erased once the communications with you have been concluded – subject to any statutory or official retention obligations or if processing the data is lawful based on a different legal ground. This is performed at the latest after we have had no further communications with you for a period of one year.

The legal basis for processing your personal data is our legitimate interest in being able to communicate with you to respond to your communications (point f) of Art. 6 (1) sentence 1 GDPR).

4.3. Newsletter / E-mail advertising

You have the possibility of subscribing to our free Newsletter and of obtaining further information on our law firm by e-mail. The Newsletter provides information on our law firm from time to time and legal information which is relevant to you. In addition, we also send you, by e-mail in connection with the Newsletter, topical information on our offers, activities, invitations and legal information relevant to you.

We apply the so-called double opt-in process to enable us to send you this information by e-mail in the form of the Newsletter and to use the correct form of address for you. Firstly, we collect your e-mail address, the form of address you have selected and your name. These are mandatory details. If you have provided us with your e-mail address for the purpose of receiving the information described above, we will contact you by e-mail. After giving your consent to subscribing to our Newsletter by clicking on the button “consent” in our e-mail, you agree to our sending you a confirmation e-mail to the e-mail address you provided, with a link containing respective explanations. Once you have activated the link by clicking on it after receipt of the e-mail, we have the right to send you our electronic Newsletter and also the other information described. Your consent and your e-mail-address are thus verified again by means of the second act (clicking on the link).

For this purpose, notably to send you the personally-addressed Newsletter and topical information on our law firm and on legal subjects, as well as invitations, and for the purpose of documenting your declaration of consent, we will store and process your e-mail address, your name and form of address and your IP address, and also the time and date of your declaration of consent. If you have already registered, then you have given us the following declaration of consent which we reiterate here for your information:

I agree to receiving information, invitations and/or advertisements, also in the form of Newsletters, from HAVER & MAILÄNDER Rechtsanwälte Partnerschaft mbB.

You can withdraw this consent to the use of your personal data at any time. It suffices for you to send us a communication to our Data Protection Officer in text form (by e-mail, letter, telefax). If you send it by electronic transmission or telefax, then no transmission costs are incurred apart from those of your standard tariff.

The legal basis for the processing of your data is your consent (point a) of Art. 6 (1) sentence 1 GDPR).

4.4. Cockies

We use just one technically essential cookie in order to be able to edit and update our website. Cookies are small text files that are stored locally in your browser’s cache. We do not use cookies, which allow us to improve user’s comfort and to track the user.

The cookie is a session-cookie, which means that it is deleted when you log out or close the browser. The information stored in the cookie is not used to identify users and is not merged with any other stored personal data about users.

We use the following technically essential cookie:

name: grav-site-3dcf942
provider: Grav
description: ensures the functionality of logging into the backend
storage duration: session

In your browser settings, you can refuse to allow cookies in general, erase them from your computer, block them or activate the function that ensures you are always asked before a cookie is set. You do not have to allow cookies to visit our website. We do point out, however, that the use of the offer on our website, especially the convenience of use, might be restricted if you have deactivated cookies.

The following examples show you how to deactivate cookies:

Internet Explorer browser:

  1. Open the Internet Explorer.
  2. Select “Internet Options” in the menu “Tools”.
  3. Click on the “Privacy” tab.
  4. Click on “Advanced” under the sub-heading “Settings”
  5. You can now choose whether to accept all cookies, block all cookies or prompt approval of the cookies.
  6. You confirm your setting by pressing “OK”.

Firefox browser:

  1. Open the Firefox browser.
  2. Select “Options” from the main menu (three lines) in the top right corner
  3. Click on the “Privacy & Security” tab.
  4. In the section “Enhanced Tracking Protection” select “Custom” and choose a setting from the cookies dropdown menu.
  5. You can now choose which types of sites to accept cookies from, if any.
  6. You may need to restart the browser for the changes to be applied.

Safari browser:

  1. Open the Safari browser.
  2. Select “Preferences” under the Safari menu tab.
  3. Click “Privacy” and choose any of the following:
  4. Select “Prevent cross-site referencing”.
  5. Select “Block all cookies”.
  6. Select “Remove” or “Remove All” to remove stored cookies from the selected websites or all websites.
  7. Click “Manage Website Data” to see which websites store cookies or data.

Google Chrome browser:

  1. Open the Chrome browser.
  2. Select “Settings” from the main menu (three dots) in the top right corner.
  3. Under “Privacy & Security” select “Cookies and other site data”.
  4. You can either select to allow all sites to use cookies, to block cookies on all sites or to block third party cookies. Third party cookies are cookies that are not set from our domain.
  5. You can also allow and block individual sites by clicking “Add” under the subheading of the action you want to perform.

Other browsers:
If you use any other browsers, information on cookie settings can be found by clicking the browser’s “assist” button.

Please note that browser functionalities change frequently. If the above instructions are no longer up to date, please follow the instructions provided by your browser.

The legal basis for processing personal data with the help of cookies is our legitimate interest of editing our website and presenting an updated version of our website (point f) of Article 6 (1) sentence 1 GDPR).

5. Processing on commission/Transferring data

5.1. Processing

Notwithstanding the other provisions, we reserve the right to transmit your data to processors acting on our behalf on the basis of the legal grounds set out above (e.g. in connection with IT support, data destruction or for dispatching the Newsletter). We always have agreements on data processing on commission with the service providers thus engaged. Such agreements ensure that the data transferred are only used by the processors acting on our behalf to perform tasks stipulated by us in accordance with the above purpose and in compliance with the technical and organizational measures necessary for data security and data protection.

5.2. Transferring data to third parties

Otherwise your personal data are not transferred to third parties for any purposes other than those set forth hereinbelow. We only transfer your personal data to third parties if:

  • you have explicitly given your consent to this in accordance with point a) of Art. 6 (1) sentence 1 GDPR;
  • the transfer is necessary pursuant to point f) of Art. 6 (1) sentence 1 GDPR for the establishment, exercise and defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being transferred;
  • in the event that the transfer is subject to a legal obligation pursuant to point c) of Art. 6 (1) sentence 1 GDPR or
  • processing is lawful and is necessary for handling contractual relationships with you pursuant to point b) of Art. 6 (1) sentence 1 GDPR.

6. Encryption/data security

6.1. The collection, processing and use of your data via our website is solely undertaken by means of state-of-the-art transport security (currently TLS - Transport Layer Security). TLS is used to encrypt the continuous flow of data between the server and a user’s browser on the Internet and to thus prevent “illicit interception and retrieval” – insofar as is technically possible. A TLS connection can be identified, among other things, by the fact that the URL in the address bar of your browser starts with “https://” and/or by a “padlock symbol” or “key symbol” (icon) in the status bar at the bottom of your web browser. By clicking on the icon, you can obtain further information on the encryption and/or on the TLS certificate used, depending on which browser you use.

6.2. Please note that when you communicate with us by e-mail and you have not informed us otherwise, we will assume that you agree to communicate by e-mail. Although we work with state-of-the-art transport security (currently TLS), it is not possible to fully guarantee data security and confidentiality of communication by e-mail communication. For transmission of confidential information, postal service or delivery by courier service may be preferable. In any case, please make sure that your software can receive TLS-secured messages. This is usually the case with current products. If you require secure electronic communication, we can provide you with appropriate transmission channels on request.

6.3. Moreover, we use all reasonable, suitable, technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss or destruction and against unauthorized access by third parties. Our security measures are continually improved and further evolved in accordance with technological development.

7. Erasure of the data/restriction of data processing

In principle, your data will be erased if your consent has lapsed or if the data are no longer required for the purpose of the data processing and if there is no longer a legitimate interest in further storage and processing. If these data have to continue to be stored thereafter, however, due to existing statutory, official or contractual obligations (e.g. warranty, financial accounting), the data processing will be restricted by means of marking these data and making them unavailable.

8. Rights of the data subject

As the person affected by the data processing (data subject) you have the following rights:

Right of access (Art. 15 GDPR) You have the right to obtain from us information on the personal data stored on you. This encompasses, in particular, information on the purposes of the processing, the categories of the processed personal data, the categories of recipients to whom your personal data have been or will be disclosed, the storage period, the existence of a right to rectification, or erasure or restriction of processing or to object to such processing, the existence of the right to lodge a complaint, where the data are not collected from you, information as to their source, and on the existence of automated decisionmaking, including profiling and, if applicable, meaningful information on the details thereof. Further, you have the right to receive a copy of your personal data undergoing processing by us.

Right to rectification (Art. 16 GDPR) You have the right to obtain from us without undue delay the rectification of inaccurate personal data and the right to have incomplete personal data completed.

Right to erasure “Right to be forgotten” (Art. 17 GDPR) You have the right to obtain from us the erasure of your personal data subject to the statutory requirements. If the erasure is opposed by statutory or official retention obligations or to the extent that the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims, the processing of the data shall be restricted (see below).

Right to restriction of processing (Art. 18 GDPR) You have the right to obtain from us, subject to the statutory requirements, the restriction of the processing of your personal data, i.e. by marking the personal data and restricting the future processing thereof (blocking).

Right to data portability (Art. 20 GDPR) You have the right to require of us, subject to the statutory requirements, that the personal data you provided be transmitted in a structured, commonly used and machine-readable format to you or to a controller named by you.

Right to object to direct marketing (Art. 21 GDPR) You have the right to object at any time to the processing of your personal data for advertising purposes (“objection to advertising”).

Right to object to data processing in the event of the legal ground of “legitimate interest” (Art. 21 GDPR) You have the right to object at any time to the processing of your data by us if this is based on the legal ground of “legitimate interest”. We will then discontinue processing the data unless we can demonstrate – in accordance with the statutory requirements – compelling legitimate grounds for the continued processing which override your interests.

Right to withdraw consent (Art. 7 (3) GDPR) If you have given us your consent to the collection and processing of your data, you have the right to withdraw this consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of the processing of your data based on consent before its withdrawal.

Right to lodge a complaint with the supervisory authority (Art. 77 GDPR) You have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of your personal data infringes applicable law. In this respect you have the possibility of lodging a complaint with the data protection authority responsible at your habitual residence or in your country, or with the data protection authority with responsibility for us.

9. Current Data Protection Statement, changes to it

This Data Protection Statement is up-to-date at the current time and is valid as per January 2020. It can become necessary to modify this Data Protection Statement as a consequence of further developments of our website and offers or due to a change in statutory or official requirements. The Data Protection Statement currently valid can be retrieved, stored and printed out from our website at:

10. Supervisory authority responsible

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg The State Officer for Data Protection and Freedom of Information of the German State of Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, Germany, Tel: +49 (0)711/615541-0, Fax: +49 (0)711/615541-15, E-Mail:

Version: June 2023