Privacy Policy

1. Contact Details of the Person Responsible

DR. SCHMIDT LEGAL // Rechtsanwältin Dr. Hanna Schmidt
Jakordenstraße 8
50668 Cologne

Germany
Email: datenschutz@drschmidt-legal.de
Phone: +49 (0) 221 292 40 370

Fax: +49 (0) 221 292 40 372

2. Hosting via Wix.com

The website www.drschmidt-legal.de is operated via the platform Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv, Israel (hereinafter referred to as "Wix"). An adequacy decision by the EU Commission exists for Israel, which guarantees an adequate level of data protection.

When transferring personal data to a location outside Europe, Wix ensures that (i) a level of protection deemed adequate by the European Commission is in place, or (ii) appropriate standard contractual clauses are implemented (i.e. the applicable module of the standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 4 June 2021, available here, and the ICO International Data Transfer Addendum to the EU Commission Standard Contractual Clauses Version B1.0, in force as of 21 March 2022, as revised pursuant to Section 18 of the mandatory clauses).

If Wix transfers personal data from the EU to a third country which, in the opinion of the European Commission, does not adequately protect your data, Wix ensures that it has taken supplementary measures to comply with European data protection laws.

The collection and use of personal data (see Section 4) is carried out for the purpose of enabling a connection to be established and ensuring the smooth use and functionality of the website, as well as to guarantee the security and stability of the information technology systems. Without the processing of this data, access to internet services cannot take place and a website cannot be displayed. This procedure constitutes a legitimate interest of DR. SCHMIDT LEGAL; the processing of the aforementioned data is therefore carried out in accordance with Art. 6 (1) (f) GDPR.

In addition, this website uses Wix Analytics, a web analysis tool provided by Wix. This involves collecting data about the use of the website (e.g. visitor numbers, duration of visit). Insofar as this is done via analysis cookies, it occurs exclusively on the basis of your express consent pursuant to Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG. No analysis data will be collected from you by Wix Analytics without your consent.

Further information can be found in Wix's Privacy Policy: https://www.wix.com/about/privacy

3. Other Recipients of Personal Data

As part of the data processing activities described in this Privacy Notice, DR. SCHMIDT LEGAL shares personal data with service providers who process such data on behalf of DR. SCHMIDT LEGAL for specific purposes, based on a data processing agreement in accordance with Article 28 GDPR.

These service providers include, in particular, IT providers (especially in connection with the technical infrastructure used for email servers, and for data storage and backup), as well as providers of financial accounting and bookkeeping services.

All service providers engaged by DR. SCHMIDT LEGAL who may gain access to information or personal data subject to legal confidentiality obligations are contractually bound to strict confidentiality, unless an equivalent statutory duty of confidentiality applies.

In addition, personal data may be disclosed to third parties who are not processors, in the context of managing and fulfilling a client mandate. Potential recipients in this regard may include, in particular: courts, public authorities, opposing parties and their legal representatives, corresponding counsel and legal sub-agents, translation service providers, and others.

Personal data will only be transferred to such third parties where and to the extent that:

the transfer is necessary for the performance of the mandate agreement pursuant to Article 6(1)(b) GDPR;
the transfer is covered by your explicit consent pursuant to Article 6(1)(a) GDPR;
there is a legal obligation to disclose the data pursuant to Article 6(1)(c) GDPR; or
the transfer is necessary for the purposes of the legitimate interests pursued by DR. SCHMIDT LEGAL or a third party (in particular you), and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, pursuant to Article 6(1)(f) GDPR.

4. Collection and Processing of Personal Data

4.1 Visit the Website

When you visit this website, personal data is automatically collected (e.g. IP address, browser used, operating system, date and time of access).

This website also uses cookies. Cookies are small text files that are stored on your terminal device. I distinguish between:

Strictly necessary cookies: These are essential for the operation of the site (Legal basis: Section 25 (2) TDDDG).
Analytical cookies (Wix Analytics): These help me to statistically evaluate the use of the website. These are only set if you agree via the cookie banner (Legal basis: Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG).

A detailed overview of the cookies used can be found in the appendix to these notices.

4.2 Use of the Contact Form

The following data is collected when you use the contact form on the DR. SCHMIDT LEGAL website:

Name
Email address
Message text

The processing is carried out either on the basis of your consent (Article 6(1)(a) GDPR) or for the purpose of taking steps prior to entering into a contract (Article 6(1)(b) GDPR). Personal data collected in the context of your inquiry will be erased once the communication has been concluded, unless statutory retention obligations require otherwise. A communication is considered concluded when it can be reasonably inferred from the circumstances that the matter has been definitively resolved.

If the purpose of the contact is to initiate pre-contractual measures or leads to the engagement of DR. SCHMIDT LEGAL, the following section shall apply with regard to the further processing and erasure of the personal data collected.

4.3 Instructing DR. SCHMIDT LEGAL by You

In the event that DR. SCHMIDT LEGAL is retained, your name, address, and other contact details (e.g., telephone number, email address), as well as information regarding the facts you disclose in connection with the engagement—which may also include personal data—will be collected. The processing of this data serves the purpose of carrying out pre-contractual measures, performing the mandate agreement, and invoicing the services provided.

The legal basis for this processing is Article 6(1)(b) GDPR.

Pursuant to Section 50 of the German Federal Lawyers' Act (Bundesrechtsanwaltsordnung – "BRAO"), DR. SCHMIDT LEGAL is legally required to retain files and documentation related to a mandate (“client file”) for a period of six (6) years, calculated from the end of the calendar year in which the mandate was terminated. In addition, general statutory retention periods under tax and/or commercial law apply. DR. SCHMIDT LEGAL will retain the personal data related to the mandate for at least the duration of these statutory retention periods.

Based on Article 6(1)(f) GDPR, personal data related to a mandate may, in individual cases, be processed beyond these statutory retention periods in order to identify and avoid potential conflicts of interest in connection with the acceptance of new mandates. The legitimate interest in such cases lies in the fulfilment of professional duties incumbent upon attorneys under Section 43a(4) BRAO.

4.4 Client of DR. SCHMIDT LEGAL, You Are a Third Party

In the course of providing legal services to a client, DR. SCHMIDT LEGAL may process your personal data as a third party (e.g., opposing party, opposing counsel, contact person at public authorities, courts, or service providers, business contacts).

The personal data processed in this context typically includes contact details (such as name, address, telephone number, email address) as well as mandate-related information, which may also contain personal data. Such data may be collected either directly from you or from other sources.

The purpose of this processing is, as a rule, the proper provision of legal services to the client of DR. SCHMIDT LEGAL, including the related correspondence and documentation. This also constitutes DR. SCHMIDT LEGAL’s legitimate interest in processing such data within the meaning of Article 6(1)(f) GDPR. In individual cases, the processing may also be necessary for the performance of a contract to which you are a party (Article 6(1)(b) GDPR) or for compliance with a legal obligation (Article 6(1)(c) GDPR).

In accordance with Section 50 of the German Federal Lawyers’ Act (BRAO), DR. SCHMIDT LEGAL is legally required to retain files and documentation (“client file”) related to a mandate for a period of six years, beginning at the end of the calendar year in which the mandate was concluded. In addition, general statutory retention periods under tax and/or commercial law apply. DR. SCHMIDT LEGAL retains mandate-related personal data for at least the duration of these statutory periods.

Based on Article 6(1)(f) GDPR, mandate-related personal data may, in individual cases, be processed beyond these statutory retention periods in order to identify and prevent potential conflicts of interest in connection with the acceptance of new mandates. The legitimate interest in this regard lies in the fulfilment of professional duties under Section 43a(4) BRAO.

5. Social Media – Facebook, Instagram and LinkedIn

DR. SCHMIDT LEGAL maintains profiles on the platforms Facebook ("Dr. Hanna Schmidt"), Instagram ("drschmidt_legal") and LinkedIn ("Dr. Hanna Schmidt") for the purpose of engaging with clients, interested individuals, and the public, and to provide information about the firm. In this context, personal data is processed—both by DR. SCHMIDT LEGAL and by the respective platform operators.

Joint Controllership under the GDPR

For the processing of certain data (e.g., page statistics), DR. SCHMIDT LEGAL is considered a joint controller together with the respective platform provider within the meaning of Article 26 GDPR:

For Facebook and Instagram, jointly with:
Meta Platforms Ireland Ltd. („Meta“), 4 Grand Canal Square, Dublin 2, Ireland
Joint Controllership Agreement:
https://www.facebook.com/legal/terms/page_controller_addendum
For LinkedIn, jointly with:
LinkedIn Ireland Unlimited Company („LinkedIn“), Wilton Plaza, Dublin 2, Ireland
Joint Controllership Agreement:
https://legal.linkedin.com/pages-joint-controller-addendum

What Data Is Processed?

When you visit DR. SCHMIDT LEGAL’s pages on Facebook, Instagram or LinkedIn, the platforms may collect the following information, among others:

Your IP address and device information
Information about your user behavior (e.g., clicks, likes, comments)
Your public profile (if you are logged in)

Some of this data is made available to DR. SCHMIDT LEGAL in anonymised form through so-called "Insights" (user statistics). DR. SCHMIDT LEGAL uses this data exclusively to analyse and optimise its content.

If you contact DR. SCHMIDT LEGAL via direct message or by commenting on posts, your data will be processed for the purpose of responding to your inquiry.

The legal bases for this processing are:

Article 6(1)(f) GDPR – legitimate interest in public relations and communication
Article 6(1)(b) GDPR – where you initiate contact with DR. SCHMIDT LEGAL (e.g., for inquiries)

Data Transfers to Third Countries

Meta and LinkedIn may process data outside the EU, particularly in the United States. Both companies are certified under the EU-U.S. Data Privacy Framework, which is intended to ensure an adequate level of data protection.

Your Rights and Settings

You can manage the data you share and how it is used for advertising and analytics directly within your social media account. You may also access or request deletion of your data. Please note that DR. SCHMIDT LEGAL does not have full visibility into all processing activities carried out by Meta or LinkedIn. For more information on how your data is processed, retention periods, and the privacy settings available to you, please refer to the following resources:

Facebook:
- Privacy Policy: https://www.facebook.com/privacy/policy
- Terms of Service: https://www.facebook.com/terms.php
- Ad & Privacy Settings: https://www.facebook.com/settings?tab=privacy (For ad settings directly: https://www.facebook.com/adpreferences)
- Data Deletion & Retention: https://www.facebook.com/help
Instagram:
- Privacy Policy: https://privacycenter.instagram.com/policy
- Terms of Use: https://help.instagram.com/581066165581870
- Ad & Privacy Settings: https://www.instagram.com/accounts/privacy_and_security/
- Data Deletion & Retention: https://www.facebook.com/help/instagram/196883487377501
LinkedIn:
- Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- Terms of Use: https://www.linkedin.com/legal/user-agreement
- Privacy and Ad Settings: https://www.linkedin.com/psettings/

6. Data Security

To protect the transmission of confidential content that you may send as a visitor to this website, DR. SCHMIDT LEGAL uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock icon displayed in your browser bar.

In addition, DR. SCHMIDT LEGAL implements appropriate technical and organizational security measures to protect personal and/or confidential data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. All security measures are continuously improved in line with technological developments.

7. Data Subject Rights

If your personal data is processed by DR. SCHMIDT LEGAL, you, as the data subject, are entitled by law to the following rights:

Right of access pursuant to Article 15 GDPR (possibly restricted in accordance with Section 34 of the German Federal Data Protection Act – Bundesdatenschutzgesetz, “BDSG”)

Right to rectification pursuant to Article 16 GDPR
Right to erasure pursuant to Article 17 GDPR (possibly restricted in accordance with Section 35 BDSG)
Right to restriction of processing pursuant to Article 18 GDPR
Right to object to processing pursuant to Article 21 GDPR
Right to data portability pursuant to Article 20 GDPR
Right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR in conjunction with Section 19 BDSG

Right to Object
If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, or if the objection concerns direct marketing. In the latter case, you have a general right to object, which will be honored without the need to specify a particular situation.

If you wish to exercise your right to object, you may do so by emailing: datenschutz@drschmidt-legal.de

APPENDIX: OVERVIEW OF COOKIES USED

To provide you with full transparency, here is a list of the most important cookies that may be set by the Wix platform on this website:

Strictly necessary cookies (Essential):

XSRF-TOKEN: Security (Protection against Cross-Site Request Forgery); Duration: Session.
hs: Website security; Duration: Session.
svSession: Identifies unique visitors and tracks sessions; Duration: 2 years.
consent-policy: Stores your chosen cookie settings; Duration: 12 months.
TS / TS01**: Security and server load balancing; Duration: Session.

Analytical cookies:

_wix_browser_sess: Collects information for internal statistics (Wix Analytics); Duration: Session.

Status of this Privacy Policy: 01/2026

Should DR. SCHMIDT LEGAL’s activities and/or services change, or should legal or regulatory requirements be amended, it may become necessary to update this privacy notice. The current version is always available for viewing, saving, and printing on the DR. SCHMIDT LEGAL website.