With the following information, we would like to give you an overview of the processing of your data in the context of the use of our website.
As part of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) in order to ensure the protection of your personal data (we also address you as “user”, “you”, “your”, “client” or “data subject”).
Insofar as we make decisions on the purposes and means of data processing, either alone or jointly with others, this includes, in particular, the obligation to inform you transparently about the type, scope, purpose, duration, and legal basis of the processing (Art. 13 and 14 GDPR). With this statement (hereinafter: “Privacy Policy”), we inform you about the way in which your personal data is processed by us.
These notices concern data processing:
When you visit our website
When using an appointment booking form
In case of telephone, email, letter, fax, or other contact
1. Contact details of the party responsible for data processing
The party responsible for the processing of personal data on our website is:
Rechtsanwalt Dr. Hans-Jürgen Homann
Marienstraße 2
10117 Berlin
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of such natural person.
The information you provide about your case or the files sent or uploaded may contain other personal data, including those that fall under “special categories of personal data” within the meaning of Article 9 of the GDPR (also referred to as “sensitive data”). This is personal data revealing a natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, state of health, or information about the person’s sex life or sexual orientation.
We recommend that you minimize the disclosure of data when sending inquiries, etc., for instance, by not sending any files yet and not submitting any personal data that falls under the aforementioned special categories according to Art. 9 GDPR.
3. Collection and storage of personal data as well as the nature and purpose of their use
a) Collection of data when you visit our website
When you visit our website https://www.homann.com, the browser of your device (e.g., personal computer, notebook, mobile device) automatically sends certain information to our server. Our web hosting provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. This information is stored for a limited time period. These files are so-called “log files” of the server. The log files are deleted from our server automatically. Such information includes:
name and URL of the stored file
IP address used
date and time of the visit
referrer URL (the website you visited before our website)
type and version of the browser used and, if appropriate, the operating system of your device
name of your access provider
We process the aforementioned data for the following purposes:
guaranteeing a technically stable connection to the website
guaranteeing comfortable and functional use of our website
evaluation for the purpose of safety and stability, error searching, and correcting of errors
further administrative or technical purposes
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest arises from the above-mentioned purposes (ensuring a smooth connection to the website, ensuring comfortable use of our website, evaluating system security and stability as well as for other administrative purposes, furthermore for the purpose of informing you about my law firm, answering your inquiries and, if necessary, preparing or processing client relationships. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
b)Analysis tools, social media plugins, cookies
(1) Analysis tools
Our web hosting provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. In the configuration of our web hosting package, the latter uses certain analysis tools that enable us to evaluate user behavior. This includes the tool 1 & 1 WebAnalytics for visitor statistics. This records referrer website (previously visited website), requested website or file, browser type and browser version, operating system used, device type used, time of access, IP address in anonymized form. The tracking measures used are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. We have also concluded a data processing agreement with IONOS SE. With this contract, we have committed IONOS SE to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
(2) Social media platforms
We use no social media plugins on our website (e.g., Facebook, Twitter, Instagram). However, we have a presence on various social media platforms. These include the following platforms: LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Grand Canal Dock, Dublin 2, Ireland), Facebook (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland).
If you visit one of our social media profiles, we will be jointly responsible for data processing together with the third-party providers. You can then assert your rights (information, correction, deletion, restriction of processing, data portability, and complaints) against us as well as the third-party providers. If one party is not responsible for answering or needs to receive the information from the other party, the other party will then forward your request to the other party. Please contact the operator of the social media platform directly if you have any questions about profiling or processing of your data when using the social media platform. However, our influence on the third-party providers is also based on the provisions of the third-party providers. The respective contact options of the social media platforms can also be found under the links given above.
We use these information services and their technical platforms and services for our social media presence. We would like to point out that you use our presence on social media platforms and their functions at your own risk. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
Once you visit these sites, the third-party service providers will process information about you. We do not know how the social media platform uses the data from your visit to our account and interaction with our posts for its own purposes, how long this data is stored, and whether data is passed on to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as an unregistered user and/or user who is not logged in. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection is carried out, for example, via cookies that are stored on your device or by recording your IP address. Cookies on your device can be used by the third-party provider to track how you have moved around the net. The providers may also create user profiles of you, e.g., to show you interest-based advertising. Interest-based advertising may be shown to you on and off the respective social media presence. If you have an account with the respective provider, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in. Please note that we are not aware of all data uses by these providers or that we cannot trace them. Please familiarize yourself with the privacy policies of these providers.
LinkedIn is certified according to the “EU-US Data Privacy Framework” (DPF). LinkedIn’s data transfer to the US is also based on the EU Commission’s Standard Contractual Clauses. Meta is certified according to the “EU-US Data Privacy Framework” (DPF). The data transfer from Facebook and Instagram (Meta) to the USA is also based on the EU Commission’s standard contractual clauses.
The link to these third-party providers serves the purpose of and our legitimate interests in the user-friendliness and functionality of our website and information about our statutory activities, in particular to offer the widest possible presence on the Internet. The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 f) GDPR.
The respective third-party service providers may base their data processing on other purposes and legal bases.
(3) Cookies
We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware.
The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we will become aware of your identity.
On the one hand, the use of cookies serves to make the use of our site easier for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a certain set period of time. If you visit our site again to use our services, it will automatically recognize that you have visited us before and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for you for the purpose of optimizing our offer. These cookies allow us to automatically recognize that you have been with us before when you visit our site again. These cookies are automatically deleted after a defined period of time.
Cookies that are necessary to provide our website, to carry out electronic communication, to optimize the website, and to provide the functions required (necessary cookies) are processed on the basis of Art. 6 para. 1. sentence 1 lit. f) GDPR, unless we specify another legal basis in this privacy policy. The legitimate interest lies in particular in optimizing user-friendliness and providing a technically functional system for the website. We collect other cookies (non-necessary cookies) exclusively on the basis of consent (Art. 6 para. 1 sentence 1 lit. a) GDPR and § 25 para. 1 TDDDG). Consent is given via our consent banner (Consent Tool) and can be revoked at any time.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website.
(4) Real Cookie Banner
We use the consent technology from Real Cookie Banner (hereinafter “Real Cookie Banner”) on our website. The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling. Real Cookie Banner serves to inform you about the storage of certain cookies on your device or the use of certain technologies and, if necessary, to obtain your consent and document this in accordance with data protection regulations.
The Real Cookie Banner is installed locally on our servers, so no connection is established to the servers of the Real Cookie Banner provider. The Real Cookie Banner then stores a cookie in your browser to record your consent or its withdrawal. This data is stored until you request its deletion, delete the Real Cookie Banner cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected. Further information on data storage and retention periods can be found in the Real Cookie Banner and the privacy settings on this website. The legal basis for the use of Real Cookie Banner is Art. 6 para. 1 sentence 1 lit. c) GDPR, in order to fulfill our legal obligation to provide information and obtain consent for data processing.
(5) SolidWP
We use SolidWP on our website. The provider is iThemes Media LLC, 1720 South Kelly Avenue, Edmond, OK 73013, USA (hereinafter “SolidWP”). We use SolidWP to protect our website from unauthorized access and malicious cyberattacks. For this purpose, SolidWP collects, among other things, your IP address, the time and source of login attempts, and log data (e.g., the browser used). SolidWP is installed locally on our servers. Further information on data storage and retention periods can be found in the Real Cookie Banner and the privacy settings on this website.
The legal basis for the use of SolidWP is Article 6 para. 1 Sentence 1 lit. f) GDPR. We have a legitimate interest in protecting our website from cyberattacks as effectively as possible. If we have obtained the necessary consent, processing is based on Article 6 para. 1 sentence 1 lit. a) GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be withdrawn at any time.
(6) WPML
We use WPML on our website. WPML is provided by OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong (hereinafter “WPML”). WPML is a multilingual plugin for WordPress. We use WPML to display our website in different languages. When you visit our website, WPML stores a cookie on your device to save your chosen language setting. According to WPML, no personal data is transmitted to WPML in this process. You can prevent WPML from collecting and processing your personal data by blocking third-party cookies on your computer, using the “Do Not Track” function of a compatible browser, disabling the execution of script code in your browser, or installing a script blocker. Further information on storage and retention periods can be found in the Real Cookie Banner and the privacy settings on this website. The legal basis for data processing is Article 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in offering our website in multiple languages and being able to address users in their native language.
c) When using an appointment booking tool
If we use an online appointment booking tool on our website, we will enter into an order processing agreement with the provider in which we oblige the provider to protect our customers’ data in accordance with legal requirements.
For the purpose of making an appointment, we usually collect the following data (not all of them are mandatory):
First and last name
Company name
Email address
Phone number
Address
File number (for existing mandates)
Voluntary information about your request
Names and email addresses of possible other participants in online meetings
Files you uploaded
Consents to fields in the booking form
In accordance with Art. 6 para. 1 sentence 1 lit. b), c), and f) GDPR, this data is transmitted to the provider on the basis of our legitimate interest in effective customer management, efficient appointment management, and the performance of our services, and is stored there for the purpose of arranging appointments. After the appointment has been made or after the agreed appointment period has expired, your data will be deleted. In particular, the data is used for the purpose of answering your inquiries and, if necessary, preparing or processing client relationships.
Before the appointment booking process begins, you will also be informed of the provider’s data protection regulations as part of the appointment booking tool and you will be asked for consent. In this case, data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR on the basis of the consent you have given.
d) In case of telephone, email, letter, fax, or other contact
If you contact us in any other way (e.g., by telephone, letter, fax), the relevant service providers (telecommunications companies, post office, courier service, etc.) may gain access to your data if required for the transfer.
Our telephone and fax provider is Deutsche Telekom, Landgrabenweg 151, 53227 Bonn. If you contact us by phone, my secretary or the secretarial service (ebuero AG, Hauptstraße 8, 10827 Berlin) will usually write down your telephone number (if transmitted by the provider) in addition to the data you transmit on the phone (e.g., name, address, request) for the purpose of queries.
Our email and web hosting provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. Your data required for the transmission will be accessible to the latter when you send emails to . We have concluded a data processing agreement with IONOS SE. The same applies to IT service providers in the telephony sector. Here we work with Sehl+Partner Kommunikationsanlagen GmbH (Liebenwalder Straße 31, 13055 Berlin), with whom we have concluded a data processing agreement. Sehl+Partner uses a “Wildix” cloud telecommunications system for telephony. Wildix’s German head office is located at Lichtenbergstraße 8, 85748 Garching near Munich (the holding company Wildix OÜ-Holding Company has its address at Laeva tn. 2, 10111, Tallinn, Estonia). Wildix provides a hosted virtual PBX based on voice over IP technology. It is a cloud solution that is provided exclusively for us in a German data center. Voice and data are protected by the use of native encryption systems. Detailed information about the “Wildix” cloud system can be found on the Internet at www.wildix.com/de/. The company Sehl+Partner has also concluded a data processing agreement with Wildix as a subcontractor.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b), c) and f), Art. 9 para. 2 lit. f) GDPR, Art. 6 para. 1 sentence 1 lit. a) GDPR if consent is given. Our legitimate interest lies in particular in the provision of a functional, high-quality, and secure infrastructure for telephony and telecommunications, in particular for the purpose of informing you about my law firm, answering your inquiries, and, if necessary, preparing or processing client relationships.
4. Disclosure of data
a) General categories of recipients
Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.
We list known recipients in this privacy policy. Incidentally, we will only pass on your personal data to third parties if:
you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit a) GDPR
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR, and
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit b) GDPR
we engage third parties in the context of the performance of contracts (e.g., IT service providers, secretarial services, data centers, providers of telephony and cloud services), and disclosure of the data is necessary for this purpose. In the case of order processing, we contractually oblige the processor to the extent permitted by law to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of data subjects.
With regard to the disclosure of data when using an appointment booking form, see section 2.c. above.
b) Transfer of data to third countries
We make sure that when data is processed by third parties, servers located within the European Union (EU) or the European Economic Area (EEA) are used as a priority. Sometimes, however, they may also be located outside the European Economic Area (EEA), i.e., in third countries. We will inform you about the respective details of the transfer below in the relevant sections.
There is no general adequacy decision for the United States (U.S.). In the past, the EU Commission has concluded various data protection agreements with the U.S. (“Safe Harbor”, “Privacy Shield”), but the European Court of Justice (ECJ) has declared them invalid. Currently, the agreement between the EU and the U.S. on the Data Privacy Framework (DPF) regulates data transfers to the U.S. On 10 July 2023, an adequacy decision was issued by the EU Commission for this agreement, which thus certifies a sufficient level of data protection. This means that those U.S. companies that are listed as certified on the DPF list published by the supervisory authority are considered safe U.S. recipients. If it is declared invalid in the future, it could be replaced by a new data protection agreement or other data protection measures. To the extent that we are aware that the third-party service providers we use as data processors based in the U.S. are certified under the current DPF, we point this out. For more information on the Data Protection Framework (DPF) and certification, visit https://www.dataprivacyframework.gov/.
Personal data may only be transferred to recipients in third countries for which there is no adequacy decision and/or which are not certified under the DPF or an equivalent agreement if other appropriate safeguards are provided for in accordance with the GDPR and enforceable rights and effective remedies are available to the data subject. This is possible via standard contractual clauses of the European Commission for the protection of personal data (Art. 46 GDPR). Standard contractual clauses are model contracts adopted by the European Commission. With the standard contractual clauses, European data protection standards are contractually agreed between data exporters in the European Economic Area and data importers in third countries. When using the model contracts adopted by the Commission, the transfer of personal data to third countries may take place without further authorization from the supervisory authorities. Furthermore, sufficient data protection is possible through binding company regulations (Art. 47 GDPR), certifications or recognized codes of conduct (Art. 46, 47 GDPR), as well as exceptions for certain cases (Art. 49 GDPR). We regularly check the level of data protection in the recipient country. Please contact our contact person and/or data protection officer (see above under 1) if you would like to receive more information on this.
5. Duration of storage
Unless otherwise specified, we only store personal data for as long as is necessary to fulfil the purposes pursued. The storage period of the personal data collected by third parties when visiting our website and using an appointment booking form or during telephone, email, letter, fax, or other contact is based on the data protection regulations of these third parties. The personal data collected by us as part of an appointment booking tool or in the event of other contact will be automatically deleted after the inquiry you have made has been completed, unless it is necessary for technical administration or the establishment or processing of a contract concluded with you or there are contractual or statutory retention obligations.
In any case, the personal data collected by us for the purpose of carrying out our mandate will be stored until the expiry of the statutory retention obligation for lawyers (currently 6 years after the end of the calendar year in which the mandate was terminated), but usually for a total of 10 years, and then deleted, unless we are obliged to retain and document in accordance with Article 6 para. 1 sentence 1 lit c) GDPR due to retention and documentation obligations under tax and commercial law (from HGB, StGB, or AO) or you have consented to further storage in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Applicant data is generally only stored for two months.
In the case of liability-related transactions, storage may be necessary for the purposes of legal defense and preservation of evidence until the expiry of the statutory statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
6. Providing personal data
The providing of personal data is not required by law or by contract. You are not obligated to provide personal data. If you do not provide personal data, you may be partially or entirely unable to use our website. If you do not provide personal data that must be processed in order to reply to a contact inquiry or fulfill a contract with you, we may be unable to answer your contact request or enter into a contract with you.
7. Your rights as a data subject
a) Right of access according to Article 15 GDPR
According to Article 15 GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to such personal data and the following information:
the purposes of the processing
the categories of personal data concerned
the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the right to lodge a complaint with a supervisory authority
where the personal data is not collected from the data subject, any available information as to its source
the existence of automated decision-making, including profiling, referred to in Article 22 para. 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
which guarantees according to Art. 46 GDPR in the case of a transfer of data to third-party countries exist
b) Right to rectification according to Article 16 GDPR
According to Article 16, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
c) Right to erasure according to Article 17 GDPR
According to Article 17, you have the right to obtain from us the erasure of personal data concerning you without undue delay (right to be forgotten) and we shall have the obligation to erase personal data without undue delay if the requirements of Article 17 para. 1 are met. However, this does not apply if the processing is necessary:
for exercising the right of freedom of expression and information
for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 para. 2 as well as Article 9 para. 3 GDPR
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89 para. 1 insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise, or defense of legal claims
d) Right to restriction of processing according to Article 18 GDPR
According to Article 18, you shall have the right to obtain from us restriction of processing where one of the following applies:
the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data
the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead
we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise, or defense of legal claims
you have objected to processing pursuant to Article 21 para. 1 GDPR pending the verification of whether our legitimate grounds override yours
e) Notification obligation regarding rectification or erasure of personal data or restriction of processing according to Article 19 GDPR
According to Article 19 GDPR, you have the right to be informed about the recipients to whom we communicated any rectification or erasure of personal data or restriction of processing.
f) Right to data portability according to Article 20 GDPR
According to Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another responsible party without hindrance from us, where the processing is based on consent pursuant to point (a) of Article 6 para. 1 or point (a) of Article 9, para. 2 or on a contract pursuant to point (b) of Article 6 para. 1, and the processing is carried out by automated means.
g) Right to withdrawal of consent according to Article 7 para. 3 GDPR
According to Article 7 para. 3 GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
h) Right to lodge a complaint with a supervisory authority according to Article 77 GDPR
According to Article 77 GDPR, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR.
8. Right to object according to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on point (e) or (f) of Article 6 para. 1 (including profiling based on those provisions).
We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
In the case of a withdrawal or objection, please send us an email to: .
9. Data security and SSL protocol
Personal data is transmitted via the SSL technology (Secure Socket Layer). You can recognize this by the lock symbol in the browser and the status bar. Your data cannot be read by third parties. Generally, we use a 256-bit encryption or – if your browser does not support this – a 128-bit encryption.
We furthermore use suitable technical and organizational security measures to protect your data from manipulation, loss, destruction, or unauthorized access by third parties. Our security measures are continually improved in accordance with technological developments.
10. No automated decision-making, profiling
We do not use your data for automated decision-making, including profiling within the meaning of Art. 22 GDPR.
11. Validity and changes to this data protection policy
This data protection policy is currently valid and was updated on 1 January 2026.
In the course of the continuing development of our website and our offers or due to legal or official changes or requirements, it may be necessary to update this data protection policy. You can access and print the current data protection policy at any time via our website under https://homann.com/en/data protection-policy/.
