Privacy Notice

The protection of your personal data is important to us. With this privacy notice, we inform you about the type, scope and purpose of the processing of personal data when you visit our website www.bk-law.de and when communicating with us. 

The legal bases are the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). 

Controller

Bottermann Khorrami, Katharina-Heinroth-Ufer 1, 10787 Berlin, Tel: +49 30 240899-444, Email: datenschutz[at]bk-law.de 

Data Protection Officer

Reachable at the above address or by email at: datenschutz[at]bk-law.de 

Access Data and Server Log Files

When you visit our website, certain information is automatically stored temporarily, including: 

  • IP address
  • Date and time of access
  • Accessed page
  • Browser type/version
  • Operating system
  • Referrer URL
  • Provider

This data is processed in anonymised form to ensure technical stability, IT security, and to optimise the website. Our legitimate interest lies in ensuring uninterrupted operation, detecting and preventing attacks, and improving our web offering (Art. 6(1)(f) GDPR). No conclusions about your identity are drawn. 

Cookies

Our website uses cookies that are necessary to make it more user-friendly. We use:

  • Session cookies: Deleted automatically after your session ends. 
  • Temporary cookies: Store user settings for limited period.

The legal basis for technically necessary cookies is Art. 6(1)(f) GDPR. Our legitimate interest lies in user-friendly design and the functional provision of our website. 

Contact and Mandate Requests

If you contact us by email, phone or via our website, we process the data you provide to respond to your request or to carry out a mandate. 

Required data:

  • Name
  • Contact details
  • Information about your matter

Legal basis: Art. 6(1)(b) GDPR. The processing is carried out to take pre-contractual steps or to fulfil a mandate relationship. 

Online forms

Our website has a button linked to online data collection, which allows you to send us data via an online form. If you use this online service provided by NotarNow (LegalNow GmbH, Lena-Christ-Straße 2, 82031 Grünwald), your details, including the contact details you provide there, will be stored automatically on the NotarNow servers for a short period of time for the purpose of processing your enquiry and in the event of follow-up questions, and will then be forwarded to us. The data is transmitted in encrypted form using transport encryption via Secure Socket Layer (SSL/TLS).

The storage is solely for the purpose of processing or contacting the data subject. The data will not be passed on to other third parties. The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, provided that your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that this has been requested.
The data you enter in the online form will remain with us until you request its deletion, revoke your consent to its storage or the purpose for which it was collected no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

When you use the ‘cached’ function, your online form entries are encrypted and stored anonymously for 30 days. If the online form is not submitted to us within these 30 days, the form entries will be automatically deleted in their entirety. In this case, you do not need to request deletion.

Communication

We process your communication data (name, email, phone number, etc.) to respond to your enquiries. 

Legal basis: Art. 6(1)(b) GDPR 

Applications

We process your data as part of applications to review and, if necessary, establish an employment relationship. 

Legal basis: Art. 6(1)(b) GDPR, Section 26 BDSG 

Legal Obligations

We process personal data to fulfil statutory retention, documentation or reporting obligations. 

Legal basis: Art. 6(1)(c) GDPR 

Data Transfers

Only authorised staff within our firm have access to your data. We only share data with third parties if: 

  • it is necessary for mandate processing;
  • there is a legal obligation; or
  • you have given consent.

Examples: courts, opponents, external service providers (e.g. IT, hosting, accounting). All service providers are bound by confidentiality. 

Legal basis: Art. 6(1)(b) and (c) GDPR. 

Storage Period

We store your data only as long as necessary for the purposes stated or to comply with legal retention periods. 

Data Security

Your data is transmitted using SSL encryption and protected through technical and organisational measures. Please note that internet data transmission (e.g. via email) may have security vulnerabilities. 

External Links

Our website contains links to external providers. Those providers are responsible for any data processing that occurs on their websites. 

Social Media

We maintain online presences on platforms such as LinkedIn to interact with clients, prospects and applicants. When you visit our LinkedIn page, personal data (e.g. IP address, user behaviour) is processed by LinkedIn and may be transferred to third countries such as the USA. 

We are jointly responsible with LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, for the processing of your data on our LinkedIn company page in accordance with Art. 26 GDPR. The agreement on joint responsibility is available here: https://legal.linkedin.com/pages-joint-controller-addendum 

More information on LinkedIn’s data processing: https://www.linkedin.com/legal/privacy-policy 

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the effective public presentation of our firm, professional networking, and targeted interaction with clients, applicants and interested parties via contemporary communication channels. 

Data Transfers to Third Countries

Some services mentioned in this privacy notice (e.g. LinkedIn) may transfer personal data to third countries outside the European Union, particularly the USA. 

Currently, there is no adequacy decision by the EU Commission for data transfers to the USA under Art. 45 GDPR. We point out that there may be no level of data protection equivalent to that of the EU – especially as US authorities may access data under certain circumstances without effective legal remedies for data subjects. 

Unless an explicit consent is given (Art. 49(1)(a) GDPR), such transfers are based on appropriate safeguards under Art. 46 GDPR, in particular the EU Commission’s Standard Contractual Clauses (SCC). 

Please contact us if you have questions about specific safeguards.

Your Rights

You have the right to: 

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)
Withdrawal and Objection

You can withdraw your consent at any time (Art. 7(3) GDPR). 

You may also object to data processing based on Art. 6(1)(f) GDPR for reasons arising from your particular situation (Art. 21 GDPR). 

No Automated Decision-Making

We do not use automated decision-making in accordance with Art. 22 GDPR. 

Language Note

The German version of this privacy notice is legally binding. The English version is for information purposes only. 

Updates to this Privacy Notice

This privacy notice may be updated if necessary. The current version is available on our website. 

Effective: July 2025