Privacy Policy

1. Data Controller

The controller responsible for processing your personal data is:

Hartmann & Partners Rechtsanwaltsgesellschaft mbH
Königsallee 14
40212 Düsseldorf, Germany
HRB 145231 Düsseldorf
Phone: +49 211 880 6120
Email: info@hartmann-partners.com

For data protection enquiries, please contact our Data Protection Officer at: dpo@hartmann-partners.com

2. Data Collected

We may collect and process the following categories of personal data:

• Identity data: First name, last name, title, date of birth, nationality.
• Contact data: Email address, telephone number, postal address.
• Immigration data: Passport details, visa status, immigration history, employment information — provided to us in the course of legal representation.
• Communication data: Messages sent through our contact form, emails and telephone records (where applicable).
• Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system, pages visited and time spent (collected via cookies and server logs).
• Usage data: Information about how you use our website.

3. Purposes of Processing

We process your personal data for the following purposes:

• To respond to your enquiries submitted through our contact form or by email/telephone.
• To provide legal advice and representation in immigration matters.
• To comply with our professional obligations as attorneys (Rechtsanwälte) under German law.
• To manage our client relationships and maintain accurate records.
• To send you updates relevant to your matter (not marketing communications without your explicit consent).
• To improve our website functionality and user experience.
• To comply with legal and regulatory obligations.

4. Legal Basis (GDPR Art. 6)

We rely on the following legal bases for processing your personal data:

• Art. 6(1)(b) GDPR – Contract: Processing necessary for the performance of a contract or to take steps prior to entering into a contract (e.g., when you engage us for legal representation).
• Art. 6(1)(c) GDPR – Legal obligation: Processing necessary to comply with our legal obligations as attorneys, including anti-money laundering requirements (GwG).
• Art. 6(1)(a) GDPR – Consent: Where you have freely given, specific and informed consent, e.g., for analytics cookies or newsletter communications.
• Art. 6(1)(f) GDPR – Legitimate interests: Processing necessary for our legitimate interests, including improving our services and protecting our legal rights, provided these do not override your fundamental rights.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting or reporting requirements:

• Client matter files: 10 years after the conclusion of the matter, in accordance with professional conduct rules (BRAO) and fiscal retention obligations (§ 257 HGB, § 147 AO).
• Contact enquiries (non-clients): 6 months from receipt of enquiry unless a client relationship is established.
• Website technical data and server logs: Up to 90 days.
• Analytics data: Up to 26 months, in line with standard analytics tool configurations.

6. Third Party Sharing

We do not sell, rent or trade your personal data. We may share your data with the following categories of third parties, only to the extent necessary:

• German immigration authorities (Ausländerbehörde, BAMF, German embassies/consulates) — for the purpose of your immigration matter.
• IT service providers — hosting, email, and website maintenance providers acting as data processors under Art. 28 GDPR agreements.
• Professional advisors — accountants, auditors and insurers, bound by confidentiality obligations.
• Law enforcement or regulatory authorities — where required by law or court order.

7. International Transfers

Your data is primarily processed within the European Economic Area (EEA). Where any transfer to a third country is necessary (e.g., when liaising with embassies or foreign authorities in connection with your immigration case), we ensure appropriate safeguards are in place in accordance with Chapter V GDPR, including reliance on adequacy decisions or Standard Contractual Clauses where applicable.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include:

• TLS/SSL encryption for all data transmitted via our website and email.
• Access controls limiting data access to authorised personnel only.
• Regular security assessments and staff training on data protection.
• Encrypted storage of client files and regular backups.

However, no internet transmission is entirely secure. We encourage you to contact us directly for sensitive communications.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): The right to obtain a copy of your personal data and information about its processing.
• Right to rectification (Art. 16 GDPR): The right to have inaccurate data corrected or incomplete data completed.
• Right to erasure (Art. 17 GDPR): The right to have your data deleted where there is no longer a lawful basis for processing ("right to be forgotten"), subject to our legal retention obligations.
• Right to data portability (Art. 20 GDPR): The right to receive your data in a structured, commonly used and machine-readable format.
• Right to object (Art. 21 GDPR): The right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to restriction of processing (Art. 18 GDPR): The right to request that we restrict the processing of your data in certain circumstances.
• Right to withdraw consent: Where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at dpo@hartmann-partners.com. We will respond within one month.

10. Cookies

Our website uses cookies and similar tracking technologies. For detailed information on the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

11. Minors

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will promptly delete such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. We will post the updated policy on this page with a revised "last updated" date. We encourage you to review this policy periodically.

13. Complaints

If you believe we have not processed your personal data in accordance with applicable law, you have the right to lodge a complaint with the competent supervisory authority. For Germany, the relevant authority is:

You may also contact the data protection authority for North Rhine-Westphalia:

14. Contact

For any questions or requests relating to this Privacy Policy or your personal data, please contact:

Hartmann & Partners — Data Protection
Königsallee 14, 40212 Düsseldorf, Germany
Email: dpo@hartmann-partners.com
Phone: +49 211 880 6120