Privacy Policy

This privacy policy provides mandatory information pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR) regarding the collection and processing of personal data.

1. Name and contact details of the controller

The controller within the meaning of Art. 4 (7) GDPR is:

Schmid Frank Rechtsanwälte PartG mbB

Office address:
Katharinengasse 11b
86150 Augsburg, Germany

Phone: +49 (0)821 45 40 543
Fax: +49 (0)821 45 40 680
Email: wolfgang.schmid@schmid-frank.de

For any questions regarding data protection, please contact us at the above address or using the contact details provided.

2. Collection and storage of personal data, and type and purpose of its use

a) When visiting the website

When using our website for purely informational purposes – i.e. if you do not register, log in or otherwise transmit information – our system automatically collects data transmitted by your browser to enable your visit. These data are also stored in our system’s log files. No link with other visitor data is made.

The following data are collected:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the file retrieved
• Website from which the access was made (referrer URL)
• Browser used and, where applicable, your computer’s operating system as well as the name of your access provider

These data are processed for the following purposes:

• Ensuring a smooth connection to the website
• Ensuring convenient use of our website
• Evaluating system security and stability
• Administrative purposes

The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest follows from the purposes listed above. Under no circumstances do we use the collected data to draw conclusions about your person.

When using our online services, we also store the IP address and the time of each user action, based on our legitimate interest (Art. 6 (1)(f) GDPR) and the user’s interest in protection against misuse or unauthorised use.

The collection and storage of log data necessary for website provision is mandatory for operation. Therefore, the user generally has no right to object. Exceptions apply to log data processed in connection with services beyond purely informational use.

We do not use analytics services on our website. Further details on technically necessary cookies can be found in Section 4 of this privacy policy.

b) When subscribing to our newsletter

If you have expressly consented pursuant to Art. 6 (1)(a) GDPR, we use your email address to send you our newsletter. Only an email address is required to receive the newsletter.

We use the double opt-in procedure: after providing your email address, we send a confirmation email to verify that you wish to receive the newsletter.

In addition to your email address and any optional personal data (e.g. name, title), we collect the date, time and IP address of the registering computer.

These data serve to send the newsletter and to prevent misuse of services or the provided email address.

You may unsubscribe at any time by sending a short notice to schmid@schmid-frank.de or mail@rechtsanwalt-schmid.com.

c) When contacting us

If you actively contact us by email, contact form or telephone, we collect and process the personal data you provide in order to handle your request. This may include your name, contact details (email, phone, address) and any other information you share.

When using the contact form, the transmitted data (e.g. title, first and last name, address, email, date and time of submission) are processed.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in processing the inquiry). If your inquiry aims at concluding or performing a contract, Art. 6 (1)(b) GDPR applies.

We delete email requests and other contact details within a reasonable period, once it can be assumed that no contract or similar engagement will follow.

d) Data transfer via CryptShare

When using CryptShare, no data processing takes place on our website. You will be redirected directly to the secure CryptShare platform.

We only collect the personal data necessary to provide CryptShare and ensure secure, stable operation. This may include log files for protection against misuse, as well as the contact details you provide (name, email, phone).

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in secure provision).

No data are transferred to third parties, as CryptShare runs on our own servers.

e) Reports via Whizzla

When using Whizzla, no data processing occurs on our website. You are redirected to Whizzla, the whistleblowing platform.

Information on data processing there can be found in Whizzla’s own privacy policy.

3. Data sharing and transfers to other countries

(1) We do not transfer your personal data to third parties for purposes other than those listed below.

We share your personal data only if:

• you have given explicit consent (Art. 6 (1)(a) GDPR)
• disclosure is required for the establishment, exercise or defence of legal claims (Art. 6 (1)(f) GDPR) and no overriding interests exist
• there is a legal obligation to disclose (Art. 6 (1)(c) GDPR)
• it is necessary for contract performance (Art. 6 (1)(b) GDPR)

Where we engage third parties under data processing agreements, this is done in accordance with Art. 28 GDPR.

Hosting services of our provider are used to provide infrastructure, platform, computing, storage, database, security and maintenance services. Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in secure website operation).

(2) If data are processed outside the EU/EEA (third country) or transferred to third parties in such countries, this is only done under the special conditions of Arts. 44 et seq. GDPR (e.g. adequacy decision, EU Standard Contractual Clauses).

4. Cookies

Our website uses cookies (small text files stored on your device). Cookies help provide a more user-friendly and efficient online service.

We use:

• Session cookies (transient): deleted once you close your browser.
• Persistent cookies: stored beyond the session, e.g. to save login status or preferences.

Necessary cookies are processed on the basis of Art. 6 (1)(f) GDPR (legitimate interest in error-free and optimised service).

Optional cookies for analytics or marketing are disabled by default.

You can disable cookies in your browser settings. Please note some website functions may not work properly if cookies are disabled.

General opt-outs for online marketing cookies can be made at:

• http://www.aboutads.info/choices/ (USA)
• http://www.youronlinechoices.com/ (EU)

5. Data subject rights

If your personal data are processed, you have the following rights under GDPR:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). A list of German supervisory authorities can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

6. Objection to processing

You may object at any time to processing based on Art. 6 (1)(e) or (f) GDPR, on grounds relating to your particular situation.

If personal data are processed for direct marketing, you have the right to object at any time (Art. 21 GDPR).

You may also withdraw any consent at any time; this does not affect the lawfulness of processing carried out before withdrawal.

7. Data retention

Unless otherwise specified, personal data are deleted once no longer needed for their purpose and no statutory retention periods apply. Under German commercial and tax law, retention may be required for up to 10 years.

8. Data security

We use SSL encryption (typically 256-bit) when you visit our website. You can recognise encrypted connections by the lock symbol in your browser.

We also implement appropriate technical and organisational security measures to protect against manipulation, loss, destruction or unauthorised access.

9. Social media plug-ins

We currently use plug-ins from Instagram and LinkedIn, via a two-click solution (no data transfer until you activate the button).

When activated, your data may be transmitted to the provider (including possibly to the USA). We have no influence on scope, purpose or retention by the provider.

Further details:

• Instagram (Meta Platforms Ireland Ltd., Dublin, Ireland): https://help.instagram.com/519522125107875
• LinkedIn Ireland Unlimited Company, Dublin, Ireland: http://www.linkedin.com/legal/privacy-policy

10. Borlabs Cookie

We use Borlabs Cookie to manage cookie consents. A Borlabs cookie is stored in your browser to record your choices.

This is technically necessary under § 25 (2) No. 2 TDDDG and Art. 6 (1)(f) GDPR.

Further details: https://borlabs.io/borlabs-cookie/

11. Google Maps

We use Google Maps to display interactive maps. The provider is Google Ireland Ltd., Dublin.

Google Maps is deactivated by default and only activated if you consent (Art. 6 (1)(a) GDPR). Once activated, data may be transmitted to Google servers in the USA. Risks include government access without effective legal remedies.

Processed data include IP address, device/browser information, visited page URL, and any route planning data (e.g. entered addresses).

More information: https://policies.google.com/privacy

12. Updates to this privacy policy

This privacy policy is valid as of July 2025. Updates may be necessary due to changes in our website or legal requirements. The current version is always available at: https://www.schmid-frank.de/datenschutzerklaerung/