Privacy Policy


Protection of personal data and responsible handling of information that you entrust to us are important and special concerns for us. Reuther Rieche Partnerschaft von Rechtsanwälten mbB (Reuther Rieche) processes personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).

This privacy policy contains information how we process personal data in the case you

  • visit our website (see section 2)
  • conclude contracts with us (see section 3)
  • are involved in legal proceedings as a third party – e.g. as a negotiation partner or party in a court case (see Section 4)
  • apply for a job (see section 5)
  • use internet-based videoconferencing software to contact us (see Section 6)

Further, this privacy policy contains information on recipients of your personal data within the EEA (see section 7) and third countries (see section 8), deletion of your personal data and retention periods (see section 9), your rights as a data subject (see section 10) and automated decision making (see section 11).

1. Controller

Controller in the meaning of data protection law:

Reuther Rieche Partnerschaft von Rechtsanwälten mbB

Palmaille 59

22767 Hamburg


Tel. +49 40 – 30 999 99 – 0

For further information refer to our imprint page.

2. Website Visit

When you visit our websites (, we collect personal data to enable your use (“Usage Data”) to the extent described in section 2.1. In addition, personal data may be processed for other purposes as described under 2.2 et seq. Please find below information on legal basis, purposes and, if applicable, legitimate interests and the necessity of processing your personal data.

2.1 Data Processing to Enable the Use of the Website

Usage Data includes your IP address and information on start, end, your use of the website and identification data. It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

2.1.1 Cookies and Targeting

We also collect information about your use of our website by using so-called browser cookies. These are small text files which are stored on your device and which save certain settings and data in order to exchange them with our system via your browser. Cookies usually contain the name of the website from which the cookie data is sent, information about the date when the cookie was set, the cookie lifetime and an alphanumeric id. Cookies enable our systems to recognise your device and to make your preferred settings available immediately. The cookie will be activated as soon as you are visiting our website.

The cookies we use only store the above-mentioned data about your visit of our website. Such data cannot be associated with you other than with a unique identification number for every cookie (cookie id). It is not possible for us to associate the cookie id with your name, your ip address or similar data that would enable us to identify you.

If you do not wish to use browser cookies, you may change your browser settings so that cookies are not accepted. Please note that it is possible that you may not be able to use all services on our website if you have deactivated cookies in your browser. If you want to accept our cookies, but not the cookies of our service providers, please indicate “block cookies from third parties” in your browser settings.

We use cookies in order to protect our legitimate interest to improve our website and to provide a service to you that is more personalised and more tailored to your needs. Cookies facilitate the recognition of your computer when you return to our website. To this end, cookies:

  • store information about your preferred activities on the website so that we can align the website to you interests
  • store your log-in data and display preferences (e.g. language)
  • speed up the processing of your requests

The legal basis for data processing by cookies is Art. 6 Par. 1 S. 1 lit. f GDPR.

Cookies are stored until you delete them or the lifetime of the respective cookie ends. Once the lifetime of a cookie expires, the cookie will be automatically deleted from your computer.

2.1.2. Analytics

We use Matomo, a web analysis service. Matomoto uses “cookies”, which are text files placed on your computer, to help us analyse your use of the website.

The information generated by the cookie about your use may be transferred and stored by Matomoto on servers in the USA. However, if IP anonymisation is activated on the website, Matomoto will shorten your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a server in the USA and shortened there.

On our behalf, Matomoto will use this information for the purpose of evaluating your use of the website, of compiling reports on website activities and of providing us with further services associated with the use of the website and the internet usage.

The IP address transmitted by your browser in the context of Matomoto is not merged with other data.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, as mentioned above, please note that if you do this you may not be able to use the full functionality of the website. You can also prevent Matomoto from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by clicking on the following link An opt-out cookie is set which prevents future collection of your data when you visit the website. If you delete your cookies, you must click this link again.

We collect this data to protect our legitimate interests to analyse the usage of our website, to improve it and to make it more interesting for you. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

2.1.3 Data Protection and Third-Party Websites

The website may contain hyperlinks to and from other providers. After clicking on a link, we have no influence on the processing of any personal data. Please note that we cannot assume any responsibility or guarantee for the processing of personal data by third parties. Please check the applicable privacy policy before submitting any personal information to these websites.

2.2 Social Networks

Our website contains links to social networks (Twitter, YouTube and Xing). These services are operated exclusively by third parties. If you follow the links, information may be transferred to these providers. The purpose and scope of the data processing by the provider as well as your rights and setting options for the protection of your privacy can be found in the privacy policy of the provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA

Xing AG, Gänsemarkt 43, 20354 Hamburg, DE

3. Conclusion and Performance of Contracts

Insofar as it is necessary order to conclude or to perform contracts with you (e.g. attorney mandate; appointment as data protection officer), we process your personal data. Please find below information on legal basis, purposes and the necessity of processing your personal data. The legal basis for processing your personal Data for this purpose is Art. 6(1)(b) GDPR. We process your personal data to establish and carry out the contractual relationship. This requires provision of your personal data. You are not obliged to provide your personal data, but if you do not provide it, it may not possible to establish and carry out the contractual relationship. Otherwise there will be no consequences for you.

In addition, we also process data of persons with whom no (direct) client relationship exists, insofar as this is necessary for the initiation or execution of client relationships. For example, we may process your data if you are a representative, contact person or employee of a company that is our client. In this case, the legal basis is our legitimate interest in the initiation or execution of the respective client relationship (Art. 6(1)(f) GDPR).

As we advise on energy, environmental, real estate and labor law, we do not normally process special types of personal data within the meaning of Art. 9(1) GDPR. However, if processing of special types of personal data is exceptionally necessary for the purposes mentioned in this Section 3 (e.g. processing of health data in connection with claims for damages), the legal basis is the assertion, exercise or defence of legal claims (Art. 9(2)(f) GDPR).

4. Pursuit of our clients’ interests against you; other participation as a third party in a client relationship

If we pursue the interests or claims of our clients against you (or against a company whose representative or contact person you are) in or out of court, we may process your personal data in the course of this. The same applies if you (or a company of which you are a representative, employee or contact person) are involved in other judicial or extrajudicial proceedings (e.g. as a business or negotiating partner, as a party invited to a meeting, as a fellow party in a dispute, or as an employee of an authority or court) and the processing is necessary for the execution of the mandate relationship.

The legal basis for the processing of your personal data in this context is Art. 6(1)(f) GDPR. Our legitimate interest is to effectively implement the interests and claims of our clients. This interest also requires the direct contact and the collection of data from claimants, potential witnesses and other third parties relevant to the case.

As we advise in energy, environmental, real estate and labour law, we do not usually process special types of personal data in the sense of Art. 9(1) GDPR. However, if processing of special types of personal data is, as an exception, necessary for the purposes mentioned in this Section 4 (e.g. processing of health data in connection with claims for damages), the legal basis is processing for the purpose of asserting, exercising or defending legal claims (Art. 9(2)(f) GDPR).

In this context, data will only be passed on to third parties to the extent that this is necessary for the execution of the mandate and insofar as further legal prerequisites to be observed exist.

5. Job Applications

Within the application process, regardless of whether the application is made by e-mail or by post, we process your personal data.

The legal basis for processing your personal Data are Sec. 26(1), (8)(2) BDSG or Sec. 26(2), (8)(2) BDSG. We process your personal data for the purpose of contacting you and assessing whether or not you are the right candidate for the position. It is not possible to apply for a job without providing personal data. You are neither obliged to apply to Reuther Rieche nor to provide personal data. If you do not provide your personal data, you may not be able to apply and/or we may not be able to consider your application. Otherwise there will be no consequences for you.

6. Internet video telephony

You may receive an invitation from us by e-mail or otherwise to a meeting, telephone call or Internet video telephony meeting using software provided by a third party. If you participate in such meetings, information may be transmitted to the respective provider.

The legal basis for the processing of your personal data in this context is Art. 6(1)(b) GDPR (if we hold the meeting for the purpose of carrying out a contractual relationship with you) or Art. 6 (1)(f) GDPR (if we hold the meeting for other business purposes); in the latter case, there is a legitimate interest in being able to use functional and widely used tools for video conferences and the associated Voice over IP telephony in order to be able to communicate efficiently with external partners.

We do not record video conferences and telephone conferences. Video conferences are secured according to the state of the art, but are not encrypted end-to-end.

As far as we use the service “Microsoft Teams” for the technical implementation, the following applies: The service provider used by us is Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). On our behalf, Microsoft processes personal data of the participants, in particular the IP address, the contents of the conversation, e-mail addresses, names and, if applicable, other service-related data, and stores these for the duration of the video conference or, if you use Microsoft Teams in addition, for the duration of the use. Microsoft is duly bound by us as a processor to comply with the privacy policy. The provider may also process the data outside the European Economic Area. In order to ensure a level of data protection that complies with the EU General Data Protection Regulation (GDPR), we have concluded Standard Contractual Clauses with Microsoft in accordance with the resolution of the EU Commission (2010/87/EU).  You can find more detailed information on processing by Microsoft at:

If we use a different provider, you can find more information about the purpose and scope of data collection and the further processing and use of data by the provider, as well as your rights and settings options for protecting your privacy, in the data protection notices of the respective provider.

7. Transfer to Recipients of Personal Data within the EEA

We will only pass on the personal data described here where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR.

In particular, we transfer personal data to the following categories of service providers:

  • accounting, financial institutions and tax advice;
  • IT service and infrastructure,
  • IT support and maintenance;
  • data destruction and facility services;
  • in addition to the categories already mentioned, further categories of service providers may exist or be added at any time;
  • providers of internet-based videoconferencing services.

In other cases, we transfer personal data to recipients only if a there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.

8. Transfer to Recipients of Personal Data in States outside the EEA

In individual cases we may also transfer personal data to recipients outside the EEA. This is in particular the case if we have to transfer this data to recipients in third countries for the purposes of contract performance, due to legal obligations or if necessary for the establishment, exercise or defence of legal claims.

If we transfer data to third countries, we make sure, the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and there are no other interests worthy of protection against the data transfer.

9. Deletion

We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for Reuther Rieche to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.

Job Application-related data is retained until a decision is made and then deleted after a maximum of six months or, in the event of a successful application, transferred to your personnel file.

10. Your Rights

As a data subject of the data processing, you have the right to confirmation as to whether personal data relating to you are processed by Reuther Rieche and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).

In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1) a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

If you have any questions or complaints about data protection at Reuther Rieche, we recommend that you first contact our data protection officer (see contact details under section 1).

11. No automated individual Decision-Making

We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.

12. Amendment of the Privacy Policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website.

Status: February 2024

Log in