1. name and contact details of the data controller

This Privacy Notice applies to data processing by:

Person responsible: GoldbergUllrich Rechtsanwälte PartG mbB (hereinafter: GoldbergUllrich), Friedrichstraße 51, 42105 Wuppertal, Germany, E-Mail: info@goldberg.de, Phone: +49 (0)202 - 9422900 Fax: +49 (0)202 - 454505 (see also our imprint)

2. processing of personal data and the nature and purpose of data processing

a) When Visiting the Website

When you access our website www.goldberg.de, information is automatically sent to our website's server by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

•     IP address of the requesting computer,
•     Date and time of access,
•     Name and URL of the retrieved file,
•     Website from which access is made (referrer URL),
•     Browser used and, if applicable, the operating system of your computer,
•     Name of your access provider.

The aforementioned data is processed by us for the following purposes:

•     Ensuring the smooth display of our website,
•     Ensuring a user-friendly experience on our website,
•     Evaluating system security and stability, as well as
•     for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

Furthermore, when you visit our website, we utilize cookies and analytics services. Detailed explanations regarding these can be found under sections 4 and 5 of this privacy policy.

b) Upon registration for our newsletter

With your consent, you can subscribe to our newsletter, which will inform you about our current interesting offers and legal news from case law, legislation and legal literature.

For newsletter registration, we employ the double opt-in procedure. This means that after your registration, we send an email to the provided email address, requesting your confirmation that you wish to receive the newsletter at that address. If you do not confirm your registration within 14 days, your information will be blocked and automatically deleted after one month. Furthermore, we store your IP addresses and the timestamps of both registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any potential misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your email address will be stored for as long as your newsletter subscription remains active.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to info@goldberg.de or by sending a message to the contact details given in the imprint.

c) Upon contact via email or the contact form

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data provided. The legal basis for the processing of data transmitted in the course of sending an e-mail or via the contact form is Art. 6 (1) lit. f GDPR. If the e-mail contact or the contact via the contact form aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. The mandatory information required to answer your questions and messages in the contact form is marked separately with an asterisk, all other information is voluntary.

The data will be deleted, or its processing will be restricted if legal retention obligations exist, as soon as it is no longer required for the purpose for which it was collected. For personal data from the contact form's input mask and data transmitted to us via email, this occurs when the respective conversation with the user is concluded. A conversation is deemed concluded when it can be inferred from the circumstances that the matter in question has been definitively resolved.

In the case of client-related data, these emails are stored in our firm's software and in the client file/case file. We are required to retain case files for 6 years. The retention period begins at the end of the year in which the respective client mandate was concluded. The legal basis for processing is the initiation or execution of the client relationship.

To ensure confidential communication with you, we utilize encryption programs based on the use of a key pair. We make our public keys available exclusively to you as clients. Upon request, we also employ our qualified electronic signatures. Through these measures, we guarantee secure email communication with you.

For the aforementioned reasons, we only send unencrypted emails upon your specific request.

d) When visiting our company profiles on LinkedIn, Xing, Twitter, and Facebook

We maintain company profiles on LinkedIn, Xing, Twitter, and Facebook (social media networks) and, within this framework, process data of the users of these social media networks to communicate with active users there or to provide information about our firm.

User data is generally processed within the social media networks by the platform providers for market research and advertising purposes. The providers of the platforms evaluate the behavior of the users in order to be able to place advertising in a more targeted manner. Furthermore, it is intended to enable us as the provider of the company website to obtain statistics that the provider of the social media network compiles based on the visits of users of our company website.

The purpose of this is to control the marketing of our activity. For example, this enables us to gain knowledge of the profiles of users who visit, view, read posts or use applications of the site on our corporate presence on the social media network in order to provide users with more relevant content and to develop features that may be of greater interest to users. In turn, these usage profiles may also be used, for example, to serve advertisements within and outside of the social media networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the end devices of the users, in which the usage behavior and the interests of the users are stored. Furthermore, data independent of the end devices used by the users may also be stored in the usage profiles. This is particularly the case if the users are members of LinkedIn and are logged in.

To better understand how we can make our company profiles on social media networks more engaging for users, demographic and geographic evaluations are generated by the social media network providers based on the collected information and made available to us. We can also utilize this information to display targeted, interest-based advertisements without obtaining direct knowledge of the user's identity. If users of social media networks employ multiple end devices, data collection and evaluation can also occur across devices, provided they are registered users logged into their respective profiles.

The generated user statistics are transmitted to us by the social media platform providers exclusively in anonymized form. We do not have access to the underlying data.

We operate our corporate presences on social media networks in order to present ourselves to and communicate with the users of the social media network as well as other interested persons who visit our corporate presence on the social media network. We want to know what content and information interests the users of our corporate presence on the social media network in order to make our corporate presence more and more attractive. The processing of the users' personal data is based on our legitimate interests in an optimized corporate presentation. The legal basis for the data processing is Art. 6 para. 1 lit. f DSGVO.

The operators of the social media networks state that some of the collected information may also be processed outside the European Union (including in the USA). This may entail risks for you, particularly making the enforcement of your rights more difficult.

We do not disclose any personal data to third parties.

For a detailed overview of the respective forms of data processing for users of social media networks and users' objection options (opt-out), we refer to the privacy policies and information provided by the respective social media network providers. Users can also influence and adjust their advertising settings on social media networks. Furthermore, the processing of information via cookies employed by the social media network can be prevented by disallowing third-party cookies or those from social media networks in your own browser settings; please refer to section 4 of this privacy policy for more information.

Also, in the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers of the social media networks. Only the providers have access to user data and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you are welcome to contact us.

The following service providers operate the social media networks we use:

Facebook: Social network; service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https: //www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out: Settings for advertisements: https: //www.facebook.com/settings?tab=ads; Additional privacy notices: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy notices for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; opt-out: https: //www.linkedin.com/psettings/guest-controls/retargeting-opt-out; help pages: https: //www.linkedin.com/help/linkedin?trk=microsites-frontend_legal_privacy-policy&lang=de or https://www.linkedin.com/help/linkedin?trk=microsites-frontend_legal_user-agreement&lang=de.

Twitter: Social network; Service provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy policy: https: //twitter.com/de/privacy, (settings) https://twitter.com/personalization.

Xing: Social network; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; website: https: //www.xing.de; privacy policy: https: //privacy.xing.com/de/datenschutzerklaerung.

3. Disclosure of Data

We do not transmit your personal data to third parties for purposes other than those listed below.

We only disclose your personal data to third parties if:

• you have given your express consent to this in accordance with Art. 6 para. 1 p. 1 lit. a GDPR,

• the disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

• in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, as well as

• this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b GDPR for the processing of contractual relationships with you.

4. Cookies

We use cookies on our website. These are small files that your internet browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device, nor do they contain viruses, Trojans, or other malicious software.

The cookie stores information that is generated in connection with the specific device used. However, this does not mean that we gain direct knowledge of your identity.

On the one hand, the use of cookies serves to make your experience of our offering more pleasant. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our website.

Furthermore, to optimize user-friendliness, we also use temporary cookies that are stored on your device for a specific, defined period. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made, so you do not have to re-enter them.

Without your explicit consent, we only use technically necessary cookies. If you give us explicit consent to use additional cookies, we will also use these additional cookies.

If you give us explicit consent, we also use cookies to statistically record and evaluate the use of our website in order to optimize our offering for you (see Section 5). These cookies are automatically deleted after a defined period.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a notification always appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all functions of our website.

The legal basis for the use of technically necessary cookies is Art. 6 para. 1 p. 1 lit. f GDPR. If you have given us your consent to the use of cookies, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

You can change your cookie settings at any time via our cookie banner. To do this, click on the button below:

5. Analysis Tools

a) Tracking Tool / Analysis Tool

The tracking measure listed below and used by us is used on the basis of Art. 6 para. 1 p. 1 lit. a GDPR (consent). The tracking tool is only used if you give us explicit consent to use the tracking tool. With the use of the tracking tool, we want to ensure that the design and ongoing optimisation of our website is tailored to your needs. On the other hand, we use the tracking measure to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you.

The respective data processing purposes and data categories can be found in the following information on the tracking tool.

b) Matomo

We use the open source software Matomo with your express consent to analyse and statistically evaluate the use of the website. Cookies are used for this purpose (see section 4). The information generated by the cookie about website usage is transmitted to our servers and compiled in pseudonymous usage profiles. The information is used to evaluate the use of the website and to enable us to design our website in line with requirements. The information is not passed on to third parties.

In no case will the IP address be linked with other data relating to the user. The IP addresses are anonymized, making attribution impossible (IP masking).

Your visit to this website is currently being recorded by Matomo web analysis. Click here (https://matamo.org/docs/privacy/) so that your visit is no longer recorded.

The legal basis for the use of Matomo is Art. 6 para. 1 p. 1 lit. a GDPR.

6. OpenStreetView

We use the open source map service "OpenStreetMaps" of the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom on our website. OpenStreetMaps is an interactive map on our website that you can use to find your way to us, among other things.

When using OpenStreetMaps, your IP address and your usage behavior on our website are transmitted to the OpenStreetMap Foundation. Furthermore, OpenStreetMaps may place cookies on your terminal device. Please note that your location will also be transmitted to OpenStreetMaps if you have granted the corresponding permission in your terminal device.

We use OpenStreetMaps so that you can easily find the places indicated on our website. The aforementioned purpose also represents our legitimate interest according to Art. 6 para. 1 p. 1 lit. f DSGVO. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a DSGVO in the presence of your active consent.

Details on data processing by the OpenStreetMap Foundation are available at https://wiki.osmfoundation.org/wiki/Privacy_Policy.

7. application for job vacancies

We publish job offers on our website. Interested parties can apply to us for this position by e-mail. If we conclude an employment contract with the applicant, we process their personal data for the purpose of implementing the employment relationship in compliance with Section 26 of the German Federal Data Protection Act (BDSG). If we do not conclude an employment contract with the applicant, we will delete his or her application documents no later than six months after we have rejected the applicant, provided that the deletion does not conflict with our legitimate interests or the applicant has consented to longer storage. A legitimate interest on our part exists, for example, in a possible obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

8. Data Subject Rights

You have the right to:

• in accordance with Art. 15 DSGVO to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

• in accordance with Art. 16 DSGVO to immediately demand the correction of incorrect or completion of your personal data stored by us;

• pursuant to Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

• to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;

• pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;

• revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future, and

• complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.

9. Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

Should you wish to exercise your right of revocation or objection, an email to info@goldberg.de will suffice.

10. Data Security

During your visit to our website, we employ the widely used SSL (Secure Socket Layer) protocol in conjunction with the highest encryption level supported by your browser. Typically, this involves 256-bit encryption. Should your browser not support 256-bit encryption, we will revert to 128-bit v3 technology. You can identify whether an individual page of our website is transmitted encrypted by the closed key or lock symbol displayed in the lower status bar of your browser.

Furthermore, we implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously enhanced in line with technological advancements.

11. Currency and Amendments to this Privacy Policy

This privacy policy is currently valid and has the status: October 2022.

Due to the ongoing development of our website and its offerings, or changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The most current version of the Privacy Policy can be accessed and printed by you at any time on the website at https://www.goldberg.de/datenschutzhinweise/.