Privacy policy

Responsible body within the meaning of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

THALES Attorneys at Law, Dr. Christian Szidzek & Partner

Kantstraße 38
97074 Würzburg
Phone: 0931-46599018

Collection of general information when visiting our website

Nature and purpose of the processing

When you merely access our website, if you do not register or otherwise transmit information to us, general information is collected. These (server log files) include the type of browser you are using, the operating system you are using, domain name of your internet service provider, your IP address and other information. They are used solely for the purpose of ensuring a smooth connection to the website and the smooth use of our website. Furthermore, the information is processed for the purpose of evaluating system security and stability or for other purely administrative purposes. Data is used for statistical purposes, but not to draw conclusions about your specific person.

Legal bases of the processing

The processing of your personal data generally takes place on the basis of our overriding legitimate interests (Art. 6 para. 1 f) DSGVO) in optimising the functionality and stability of our website.


Recipients of this data may be technical service providers who are active for the operation and maintenance of our website within the scope of commissioned processing (Art. 28 DSGVO).

Storage period

Your personal data stored by us will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data that is used exclusively to provide our website when the session has ended.


The provision of the aforementioned personal data is not required by law or contract. However, without collecting your IP address, the service and functionality of our website cannot be guaranteed or individual services and services may not be available or may only be available to a limited extent.

Passing on data

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only disclose your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 para. 1 p. 1 a DSGVO
  • the disclosure is necessary in accordance with Art. 6 para. 1 p. 1 f DSGVO for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that a legal obligation exists for the disclosure pursuant to Art. 6 para. 1 p. c DSGVO, as well as
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 b DSGVO for the processing of contractual relationships with you.

Third country transfer

Data transfer to third countries only takes place with your consent and only in the presence of appropriate safeguards in accordance with Articles 44 - 49 of the GDPR.


Nature and purpose of the processing

Our website uses cookies. Cookies are small text files that are stored on your terminal device as soon as you visit our site. We collect certain data via these text files (e.g. IP address, internet browser used, operating system used). These cookies cannot be used by us to launch applications on your end device or to transfer malware and viruses to your device. We do not pass on the data collected in this way to third parties. No reference to your person is made without your consent. As a rule, browsers are preset to accept cookies. If you do not wish cookies to be used, you can deactivate their use via the settings of your respective browser. To do this, we recommend that you use the help function of your browser to find out how to change the settings accordingly. The use of our website is then still possible, but may be limited.

Cookies used and how long they are stored

If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites:

You can delete individual cookies or the entire cookie stock by setting your browser. The procedure you need to follow depends on the browser you are using. You can find the necessary information via the following links, depending on the browser you are using:

Insofar as these cookies process personal data, we will inform you about this separately at the respective point below.

Cookie consent with Consent Manager Provider

This website uses the cookie consent technology of the provider "Consent Manager Provider" in order to obtain the consent of users to store certain cookies on their end device and to document this in a data protection compliant manner. The provider of this technology is:

Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: (hereinafter "Consent Manager Provider").

When you use our website, a connection is established to the servers of Consent Manager Provider in order to obtain your consent and other declarations regarding the use of cookies. Consent Manager Provider then stores a cookie in your browser in order to be able to allocate the consents given to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Consent Manager Provider cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

The Consent Manager Provider is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

Contract on order processing

We have concluded an order processing contract with Consent Manager Provider. This is a contract required by data protection law, which ensures that Consent Manager Provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


Contact form

Nature and purpose of the processing

If you enter and transmit personal data in our contact form, this data will be stored and processed by us for the purpose of communicating with you. In order to be able to assign your enquiry to your person and answer it, we need your first name, your surname and your e-mail address. The other input fields provided in the contact form are optional.

Legal basis

The legal basis for processing your personal data via the contact form is our overriding legitimate interest pursuant to Art. 6 (1) f DSGVO. Our aim is to enable you to contact us easily and quickly. In cases where you request offers from us, the data processing is based on Art. 6 para. 1 b DSGVO (contract initiation).

Notice pursuant to Section 7 (3) UWG

If you enter your personal data in the contact form and a service is purchased, we will also use your data to send you direct advertising for similar services.

Please note that you can object to direct advertising informally at any time. An e-mail or phone call is sufficient. You can also object to advertising measures by post or via the contact form at any time. You will then no longer receive any advertising.


Internal recipients are the responsible employees of THALES Attorneys at Law. External recipients may be order processors. There is a contract with these for commissioned processing in accordance with Art. 28 DSGVO.

Storage period

Your personal data will be stored by us and deleted after six months, unless a contract has been concluded. If you enter into a contractual relationship with us, your data will be stored for the duration of the contractual relationship and then archived for a further three years. The three years correspond to the statutory period of limitation. In addition, we are obliged to comply with retention periods under tax and commercial law. After expiry of these periods (six to ten years) your data will be deleted. If we are obliged under professional law to store your data for a longer period, the retention period is based on these regulations (e.g. § 50 BRAO).


If you use our THALES Data Protection Management System (THALES DSMS) as a client or authorised user, we also process your data as follows:

Nature and purpose of the processing

The THALES DSMS serves to provide you, as our client, with a comprehensible data protection management system via which you have access to all data protection-related documents (e.g. processing directory, risk analyses, order processing contracts, project planning as well as other documents and templates) at any time and can comprehend our activities for you at any time. The auditability of the system makes it possible to trace work steps and to be able to provide information to supervisory authorities at any time.

When you use our THALES DSMS, we process your e-mail address, your first and last name and the password you have assigned. In addition, we log your activities in the DSMS to ensure the auditability of the system and compliance with the documentation obligation for verification purposes vis-à-vis supervisory authorities or to defend against data protection claims by third parties against you or us.

Legal basis

The data processing is carried out to implement the contract concluded with you in accordance with Art. 6 para. 1 b DSGVO.


The recipients of your data are THALES Rechtsanwälte as the responsible party within the meaning of Art. 4 No. 7 DSGVO as well as audatis Consulting GmbH, Luisenstraße 1, 32052 Herford, Germany, the processor supporting us. If other employees of your company are authorised to access your personal data in addition to you, these employees may also be able to view your personal data, depending on the scope of the authorisation granted.

Storage period

The processing of your data begins with your initial registration in the THALES DSMS and ends with the expiry of the mandate and the deletion of the account. Even if your user authorisation should end at an earlier point in time (e.g. leaving the mandating company), your data will remain stored in the DSMS beyond this point until the termination of the mandate with the institution for which you are working. The further storage of data is then based on Art. 6 Para. 1 f DSGVO and the legitimate interest of our client to be able to meet his accountability in data protection (Art. 5 Para. 1 DSGVO). However, the further storage of data is also based on our legitimate interest in a possible defence or assertion of legal claims.

If you wish your data to be deleted prematurely, you may object to this in accordance with Art. 21 DSGVO on grounds relating to your particular situation.

Pursuant to Section 50 (1) sentence 2 of the Federal Lawyers' Act (BRAO), we as lawyers are additionally obliged to keep case files for a period of six years. The period begins with the end of the calendar year in which the assignment was terminated


Google Maps

Nature and purpose of the processing

We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, for example, our location can be shown to you and a possible journey can be made easier.

Legal bases of the processing

These processing operations are only carried out if express consent has been given in accordance with Art. 6 (1) a DS-GVO.


Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there when you call up those sub-pages in which the Google Maps map is integrated. In addition, Google Maps reloads the Google Web Fonts. The provider of the Google WebFonts is also Google Ireland Limited. When you call up a page that integrates Google Maps, your browser loads the web fonts required to display Google Maps into your browser cache. For this purpose, too, the browser you use establishes a connection to Google's servers. In this way, Google learns that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.

You can read Google's terms of use at  view, the additional terms of use for Google Maps can be found at

You can view the privacy policy of Google Maps at: ("Google Privacy Policy"): .


SSL encryption

To protect the security of your data during data transmissions, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Processors used

We sometimes use specialised service providers to process your data. Our service providers are carefully selected and regularly monitored by us. They process personal data only on our behalf and strictly in accordance with our instructions on the basis of corresponding contracts for commissioned processing.

Processing of data outside the EU / EEA

Your data may also be processed in countries outside the European Union ("EU") or the European Economic Area ("EEA"), where a lower level of data protection may generally apply than in Europe. In these cases, we ensure that a sufficient level of data protection is guaranteed for your data, e.g. via contractual agreements with our contractual partners (copy available on request), or we ask for your express consent.

Your rights as a data subject

At the contact address: you can exercise your rights at any time. You have the following rights as a data subject of our data processing:

  • Right to information about your personal data stored by us and its processing (Art. 15 DSGVO)
  • Right to rectification of inaccurate personal data (Art. 16 GDPR),
  • Right to have your data stored by us deleted (Art. 17 DSGVO),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object to the further processing of your data (Art. 21 DSGVO)
  • Right to data portability (Art. 20 GDPR).

If we process your data on the basis of consent, you can revoke this consent at any time with effect for the future. You can also lodge a complaint with the data protection supervisory authorities (competent supervisory authority in the federal state of your residence or the data protection supervisory authority responsible for our company). An overview of the supervisory authorities can be found at: .

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to .


Our activities in social networks

So that we can also communicate with you in social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible for the processing operations triggered by this, within the meaning of Art. 26 DS-GVO, with the provider of the respective social media platform.
We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.
As a precautionary measure, we therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, deletion, objection, etc., and the processing in the social networks often takes place directly for advertising purposes or for the analysis of user behaviour by the providers, without this being able to be influenced by us. If usage profiles are created by the provider, cookies are often used or the usage behaviour is assigned to your own member profile of the social networks.
The described processing of personal data is carried out in accordance with Art. 6 (1) lit. f DS-GVO on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) lit. a DS-GVO in conjunction with Art. 7 DS-GVO. Art. 7 DS-GVO.
As we do not have access to the providers' databases, we would like to point out that it is best to exercise your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks is listed below under the respective social network provider used by us:


(Co-) Responsible for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy:


Web analysis

LinkedIn Analytics

On this website we use the retargeting tool as well as the conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (LinkedIn).
For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, the service serves to be able to show you interest-specific and relevant offers and recommendations after you have informed yourself about certain services, information and offers on the website. The relevant information is stored in a cookie.
As a rule, the following data is collected and processed:

  • IP address
  • Device information
  • Browser information
  • Referrer URL and
  • Timestamp

These processing operations are only carried out when express consent is given in accordance with Art. 6 para. 1 lit. a DS-GVO. Your data will be stored until you withdraw your consent.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited. Personal data are kept for as long as they are necessary to fulfil the purpose of the processing. The data will be deleted as soon as they are no longer necessary to achieve the purpose.
Within the scope of processing via LinkedIn, data may be transferred to the USA and Singapore. The security of the transfer is regularly ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent will be obtained in accordance with Article 49 (1) (a) of the GDPR.
You can find more information about LinkedIn's privacy policy at:


Change to our privacy policy

We reserve the right to adjust this privacy policy if necessary. The new privacy policy will then apply to your new visit.

Contact for data protection concerns

If you have any questions about data protection, please feel free to email us at:


Current status of this privacy policy: 22.02.2021