A. Name and contact details of the controller

The controller for data processing within the meaning of Art. 4 (7) DSGVO is:

Rechtsanwalt Jörn Tröber
Am Mittelhafen 10

48155 Münster

Tel.: +49 (0) 251 975 993-0

We are not obliged to appoint a data protection officer.

B. Visiting our website

On our website ( we inform you about our law firm and our consulting services.

For security reasons and to protect your personal data, our website is encrypted using SSL/TLS technology. The encryption technology is visible to you by "https://" and the lock symbol in your browser line.

For the operation of the website, we work with an external hoster, STRATO AG from Berlin, which we have carefully selected and obligated in accordance with data protection law.

When you visit our website and use the various offers, we process your personal data as described in detail below:

I. Informational use of our website

During the informative use of our website, i.e. the mere viewing without registration and without communication of other information, we process the personal data that your browser transmits to our server.

The data described below is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO:

- IP address

- Date and time of the request

- Time zone difference from Greenwich Meantime (GMT)

- Content of the request (visited page)

- access status / HTTP status code

- amount of data transferred in each case

- previously visited page

- browser

- operating system

- language and version of the browser software.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of this website, this is the case when the respective session has ended. The log files are kept for up to 24 hours directly and exclusively accessible to administrators.

II. Cookies

In addition to the above data, we use cookies when you use our website, which may be stored on your terminal device.

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make the Internet offer faster and more user-friendly.

On our website we use only necessary cookies. Without these cookies, the website cannot function properly. The legal basis for the processing of your personal data in the context of the necessary cookies is Art. 6 para. 1 p. 1 lit. f. DSGVO. We have a legitimate economic interest in the data processing. This lies in the functionality of our website. These are basically transient cookies that are deleted after the end of your visit, at the latest when you close your browser.

If you do not wish necessary cookies to be set, you have the option of deactivating the setting of cookies by means of your browser settings. Please note that this may limit the functionality of our website

III. Contact form

When you contact us via our contact form, the data you provide (name, e-mail, your message) will be stored by us in order to process your request.

To answer the contact request via the contact form, it is necessary that you provide your personal data, which we need to answer your contact request.

We process your personal data collected via the contact form exclusively to respond to your contact request. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate economic interest in contacting (potential) clients and applicants via the contact form. Our contact form is a service provided by us to enable you as a (potential) client or applicant to contact us quickly and easily. If the contact serves to initiate a client relationship, Art. 6 para. 1 sentence 1 lit. b. DSGVO is the corresponding legal basis

C. Communication with us

If a client-lawyer relationship is established between you and the law firm, we will inform you separately about the data processing within the scope of the client-lawyer relationship via our "Data Protection Information for Clients". This information will be provided to you separately together with our client agreement.

We process personal data of (potential) clients and their employees, opposing parties, insurers, experts and employees of authorities and courts in particular for the following purposes:

  • Establishing contact, initiating client relationships (Art. 6 para. 1 p.1 lit. f. DSGVO)
  • Collision check before the establishment of client relationships (Art. 6 para. 1 p.1 lit. f. DSGVO)
  • Advice and representation of our clients, in particular for the assertion, enforcement and defense of legal claims (Art. 6 para. 1 S.1 lit. b. DSGVO)

We pass on your data to third parties within the framework of the fulfillment of our obligations from the underlying contracts in accordance with Art. 6 (1) p. 1 lit. b DS-GVO, insofar as this is necessary for the processing of the client relationship. This concerns in particular the disclosure to opposing parties and their representatives as well as courts and other public authorities for the purpose of correspondence as well as for the assertion and defense of your rights, and banking institutions for the processing of payments.

D. Social Media

We maintain presences on the following social media platforms in order to communicate with users of the platforms or to provide information about our law firm there:

We use the technical platform and services of the providers for these information services. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your terminal device in the form of cookies. This information is used to provide us, as operators of the accounts, with statistical information about interaction with us.

The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers maintain an adequate level of data protection equivalent to the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies (with the exception of Xing, as this provider is based within the EU). We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties.

Data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies present on your device and restart your browser.

Furthermore, we as the provider of the information service only process the data from your use of our service that you provide to us and require interaction. For example, if you ask a question that we can only answer by e-mail, we will store your information in accordance with the general principles of our data processing. The legal basis for processing your data on the social media platform is Art. 6 (1) p. 1 lit. f DS-GVO.

To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or must obtain the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details provided by us above.

What information the social media platform receives and how it is used is described by the providers in their privacy statements (see link in the above listing). There you will also find information on contact options as well as on the setting options for advertisements.

E. Events of our law firm

When you attend office events, we process your personal data as described in detail below:

I. Organisation and registration of events

If you register for an event of our office via the form on our website, we process the data you provide for the organization and implementation of the event. The necessary mandatory information is marked with an *. Other information is voluntary.

If you have been registered by mistake, please let us know shortly.

We use your personal data to confirm your registration. To organize the event, we store your data electronically in a participation list and use it, among other things, to create a name badge and send you a confirmation of participation after the event, if necessary. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. b DSGVO. We may pass on the attendance list to the speakers.

By clicking on the checkbox "I agree to the inclusion of my registration data in a list of participants that is made available to the other participants", you consent to us making your registration data available to the other participants in a list of participants. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. You have the right to revoke your consent at any time. To do so, please contact

You are neither legally nor contractually obligated to provide your data. However, without the provision of your data required for the event organization, registration for the event is unfortunately not possible.

II. Event newsletter

Our law firm regularly invites you to events on data protection and IT law. We would like to inform you about current events. You can get an impression of our past events via the link

If you are interested, you can subscribe to our newsletter about events by clicking on the checkbox "I would like to be informed about current events of the law firm on IT and data protection law". For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 7 days, your information will be automatically deleted. In addition, we store your IP addresses and the times of registration and confirmation in each case. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

After your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO (consent).

You have the right to revoke your consent at any time. You can declare the revocation by clicking on the link provided in every newsletter email or by email to

III. Photos of the events

At our events we take photos where you can be photographed as a participant of our event. Through photos we can depict the entirety of the character of our events.

We would like to publish the photos in the following media:

- on our website

- in social networks (Facebook, Xing, LinkedIn, Instagram, Twitter)

- in flyers.

For photos in which you are only in the background or not clearly recognizable, i.e. the focus of the photo is not explicitly on your person, the legal basis for taking and publishing the photo is Art. 6 (1) p. 1 lit. f DSGVO. We have a legitimate economic interest in the promotional use of photos of our events. Of course, you can object to the taking and publication of photos in which you are depicted.

In the case of photos in which you are only in the background or not clearly recognizable, i.e. the focus of the image is not explicitly on your person, the legal basis for taking and publishing the photo is Art. 6 (1) p. 1 lit. f DSGVO. We have a legitimate economic interest in the promotional use of photos of our events. Of course, you can object to the taking and publication of photos in which you are depicted.

In the case of photos in which you are in the foreground or highlighted, we will obtain your (verbal) consent before photographing you. The legal basis in this case is Art. 6 para. 1 p. 1 lit. a DSGVO. Should you give your consent, you have the possibility to revoke it at any time.

Due to the intended use on the Internet, the photos can be accessed and stored worldwide. It cannot be ruled out that other persons or companies use this data for other purposes or link it to other data available on the Internet. Using the archive function of search engines (for example, photos can often still be retrieved even if they have already been removed from the above-mentioned Internet offerings.

F. Application Process

As part of the application process, we process your personal data that you provide to us in this regard. As a rule, this includes your first and last name, title and title, your contact details (such as address, telephone number, e-mail address, professional position, if applicable), your application data, consisting of your cover letter, CV and the usual supporting documents and certificates.

We process this data to decide whether we would like to enter into an employment relationship with you. This also includes contacting you by mail, telephone or e-mail, for example to confirm receipt of your application or to invite you to an interview. The legal basis for processing the data is Section 26 (1) BDSG.

If, in exceptional cases, we have not received your data from you ourselves, it will come from the employment agency or from personnel service providers.

Within our firm, only those persons who are entrusted with the preparation and implementation of the application process receive your data. In addition, our IT service providers have access to the data, if necessary to provide the technical infrastructure. This enables us to process incoming applications digitally. As a rule, data is not transferred to countries outside the EU or the EEA.

If necessary, we process and store your personal data for the duration of the application process. If an employment relationship is established following the application process, the data will be transferred to your personnel file. Otherwise, the application process ends when the applicant receives a rejection. If we have received your application documents from you by mail or in person, we will return them to you by mail. Your data will be deleted no later than 6 months after receipt of the rejection. This does not apply insofar as the processing and storage of your personal data is necessary in the specific case for the assertion, exercise or defense of legal claims (duration of a legal dispute) or statutory retention obligations prevent the deletion of your data.

If applicable, despite a rejection in a specific application procedure, you will receive an invitation for a so-called "talent pool" for future job postings of our law firm. In case of your consent, your application data will be stored for one year. The legal basis is Art. 6 (1) p. 1 lit. a DSGVO in conjunction with Section 26 (2) BDSG. You can revoke your consent at any time by sending an e-mail to

There is no legal or contractual obligation to provide your data. As part of your application, you should only provide the personal data that is required for the application process. Without this data, however, we will have to reject your inclusion in selection procedures.

Our decision-making in the application process is not based on automated processing pursuant to Art. 22 DSGVO. Your data will not be used for profiling. Profiling is any kind of automated processing of personal data that consists in using such data to analyze or predict certain personal aspects, Art. 4 No. 4 DSGVO.

G. Additional Information

In addition to subparagraphs B through F, the following shall apply:

I. Duration of Storage

Unless otherwise described in this privacy policy, we store your personal data for as long as it is required for the purpose of collection. Thereafter, we delete the data, provided that the processing for another purpose is not justified and provided that the deletion does not conflict with legal proof and retention periods.

Corresponding obligations to provide evidence and to retain records arise in particular from the German Federal Lawyers' Act (Bundesrechtsanwaltsordnung), the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). The retention and documentation periods provided for therein are six years pursuant to Section 50 BRAO and commercial law requirements pursuant to Section 257 HGB and up to ten years due to tax requirements pursuant to Section 147 AO. If we process your data due to legal retention obligations, we process your data to fulfill a legal obligation on the basis of Art. 6 (1) p. 1 lit. c DSGVO.

II. Obligation to provide your data

Unless otherwise described in this privacy policy, you are not legally or contractually obligated to provide your data.

H. Your data protection rights

You have the following rights with respect to us regarding personal data concerning you:

Right to information:

In accordance with Art. 15 DSGVO, you have the right to receive information about the data stored about you.

Right to rectification:

If incorrect personal data has been processed, you have the right to rectification in accordance with Art. 16 DSGVO.

Right to erasure and restriction of processing:

If the legal requirements are met, you may request erasure (Art. 17 DSGVO) or restriction of processing (Art. 18 DSGVO).

Right to object:

If your data is processed on the basis of Art. 6 (1) p. 1 lit. f DSGVO or lit. e DSGVO, you may object to the processing in accordance with Art. 21 DSGVO.

Information about your right of objection according to Art. 21 DSGVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and should be addressed to:

Rechtsanwalt Jörn Tröber,
Am Mittelhafen 10,

48155 Münster
Tel.: +49 (0) 251 5395892 0

Right to data portability:

According to Art. 20 DSGVO, you can assert the right to data portability for data that is processed automatically on the basis of your consent or a contract with you.

If you wish to exercise your rights, please feel free to contact us using the contact details above.

I. Your right of complaint

If you believe that data processing violates data protection law, you have the right to complain to a data protection supervisory authority of your choice (Art. 77 DSGVO in conjunction with Section 19 BDSG). This includes the data protection supervisory authority responsible for us, which you can reach under the following contact details:

State Commissioner for Data Protection and Freedom of Information

North Rhine-Westphalia

PO Box 20 04 44

40102 Düsseldorf

Phone: +49 (0) 211 38424-0

Fax: +49 (0) 211 38424-10