Privacy Policy

Last updated: 27 February 2024

The following notes contain information on the processing of personal data of users of our website, when providing our legal services and for the initiation and execution of other contractual relationships. We, paxa (hereinafter "us", "we", "our" or “paxa”) are committed to protecting the privacy and security of your personal information. We treat the personal data transmitted by you in the context of the use of our website, the provision of legal services and for the initiation and execution of other contractual relationships confidentially and in accordance with the legal provisions of the data protection law of the European Union, in particular the General Data Protection Regulation (hereinafter “GDPR”) and further applicable regulations.

In the following, we inform you about which of your personal data we process, for which purposes it is used, with whom it is shared and explain the rights you may be entitled to under data protection law.

1. Controller and contact

Responsible for this website is Rechtsanwalt Konstantin Heilmann, Paul-Lincke-Ufer 8D, 10999 Berlin.

If you have any questions or concerns about this privacy policy or about the collection, processing or use of your personal data, you can contact us by email at contact@paxapartners.com.

2. Definitions

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Processing of personal data when visiting the website

When visiting our website, the browser used on your end device will automatically send information to the server of our website. This information is temporarily stored in a so-called log file. This includes information on:

  • internet protocol (IP) addresses

  • browser type

  • internet service provider (ISP)

  • date and time stamp

  • referring/exit pages

  • and possibly the number of clicks.

This data is processed by us for the following purposes:

  • providing and maintaining our website

  • ensuring smooth establishment of the website’s connection

  • ensuring comfortable use of our website

  • evaluation of system safety and stability, as well as

  • other administrative purposes

The legal basis for data processing activities shall be Article 6 (1)(f) GDPR. Our legitimate interests follow from the purposes listed above for data collection. In no case shall we use any collected data for the purpose of drawing conclusions about you as a person.

In addition, we use cookies and other tracking technologies when you visit our website. Detailed explanations on this can be found in Section 4.

4. Cookies

This website uses cookies. Cookies are small files or pieces of text that download to a device when a visitor accesses a website or app. We use cookies in order to ensure the functionality of our website and to make the website as user-friendly as possible for you.

Depending on their function and purpose, the cookies used on our website can be divided into two types:

  • Functional and necessary cookies: these are cookies that are required in order for you to navigate our website and use the basic functions of the website. The legal basis for the use of technically required cookies is Article 6 (1)(f) GDPR.

  • Analysis cookies: these cookies enable us to determine how visitors interact with our website. We use these cookies to improve the user-friendliness of our website and thus the user experience. The legal basis for the use of analysis cookies is your consent in accordance with Article 6 (1)(a) GDPR.

We also collaborate with other service providers who help us to improve our website or offer additional functions. Such service providers may use their own cookies. You can find more information on this in section 5.

You can set your browser so that you are informed about the setting of cookies, allow cookies only in individual cases, restrict the acceptance of cookies to certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser.

If you do not allow necessary cookies, we would like to inform you that certain functionalities on our website are no longer available or are only available to a limited extent.

5. Processing of personal data when providing our legal services and for the initiation and execution of other contractual relationships

We process your data to conclude, execute and process engagement and fee agreements and to provide our legal services. The legal basis for this is Art. 6 para. 1 lit. b GDPR. Insofar as we have concluded the engagement agreement with your employer, we process your data on the basis of Art. 6 para. 1 lit. f GDPR for the fulfilment of the engagement. We also process personal data for internal administrative purposes; to conduct judicial and official proceedings; other communication purposes and to fulfil legal obligations in accordance with Art. 6 para. 1 lit. c GDPR, in particular to carry out money laundering checks, to compare with sanctions lists and to comply with statutory retention periods and conflict checks. Furthermore, we may also process personal data to plan and organise events and send out newsletters (Art. 6 para. 1 lit. f GDPR).

For the fulfilment of the aforementioned purposes, we process in particular

  • Salutation

  • Title

  • Surname, first name

  • Contact details

  • Bank details

  • Professional activity

  • Other personal data required for the provision of our services. 

This data is generally collected from you or your employer. The data may also be collected from publicly accessible sources or, if necessary, from third parties.

If you do not provide us with your personal data, we will not be able to perform the contractual relationship or fulfill the above-mentioned communication purposes.

6. Data Sharing and Disclosure

The following categories of recipients may have access to your personal data:

  • Companies and individuals (e.g. freelancer, consultants) who assist us in providing our services. The legal basis is Article 6 (1)(b) or Article 6 (1)(f) GDPR.

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems. The legal basis for the transmission is Article 6 (1)(b) or Article 6 (1)(f) GDPR, insofar as the service providers are not processors.

  • Government agencies/authorities, insofar as this is necessary to fulfil a legal obligation. The legal basis for the transmission is Article 6 (1)(c) GDPR.

  • To the extent necessary for the fulfilment of the above-mentioned purposes, your personal data may be transferred to sub-contractor data processors such as, without limitation, e-discovery platforms, translators, tracing and collection agents who will process the data on paxa’s behalf and at paxa’s direction.

Personal data will only be transferred to countries outside the EU if this is necessary in individual cases to comply with the requirements of the engagement.

7. Deleting your personal data

Your personal data will be retained as long as necessary to fulfill the legitimate purpose(s) for the processing and as long as required by law.

We delete your data after termination of the client relationship and insofar as there are no further post-contractual obligations or statutory retention obligations.

8. Rights of the data subject

We would like to make sure that you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to withdraw your consent (Art. 7 (3) GDPR) - You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future. Please note that the withdrawal has no effect on the lawfulness of the previous data processing.

The right of access (Art. 15 GDPR) - You have the right to request paxa for copies of your personal data.

The right to rectification (Art. 16 GDPR) - You have the right to request that we correct any information you believe is inaccurate. You also have the right to request paxa to complete information you believe is incomplete.

The right to erasure (Art. 17 GDPR) - You have the right to request that we erase your personal data, under certain conditions.

The right to restriction of processing (Art. 18 GDPR) - You have the right to request that paxa restrict the processing of your personal data, under certain conditions.

The right to object to processing (Art. 21 GDPR) - You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability (Art. 20 GDPR) - You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

You may contact us at any time to assert your rights as a data subject. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: contact@paxapartners.com

You also have the option of lodging a complaint with a data protection supervisory authority (see Art. 77 GDPR). The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

9. Data security

We have appropriate, state-of-the-art security measures in place to protect your data from loss, misuse and alteration. For example, our security guidelines and data protection declarations are regularly reviewed and improved where necessary. Although we cannot ensure or guarantee that data will never be lost, misappropriated or altered, we do everything in our power to prevent this. Please bear in mind that data transmission over the Internet is never completely secure. We cannot guarantee the security of the data entered on our website during transmission via the Internet. This is at your own risk. Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from 'http://' to 'https://' and by the lock symbol in the lower status bar of your browser. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10. Third Parties

Our website may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this privacy policy does not apply to your activities on these third party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

11. Children’s Privacy

We also prioritize adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

We do not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

12. Consent

By using the website, you agree to the terms of this privacy policy.

13. Changes to this privacy policy

We may update our privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page.