Thank you for visiting our website. As patent attorneys and attorneys-at-law, the protection of personal data is very important and taken very seriously by us. In the following, we would like to inform you about the processing of personalized data when using our website under the web address: (hereafter referred to as “website”), as well as to inform you about your rights as the data subject.

1. Definitions

In this data privacy policy, terms according to the definitions of the General Data Protection Regulation (GDPR) are used. We use the following definitions, among others, which we would first like to further explain to you, in excerpts:

  • Personal Data
    Personal data is any information that relates to an identified or identifiable living individual (hereinafter “data subject”). A natural person is seen as someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data Subject
    Data Subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
  • Processing
    Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not with the assistance of automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Controller
    Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Further definitions are to be found in the GDPR, in particular in Art. 4.

2. Name and Contact Details of the Data Controller in the sense of the GDPR


Hafner & Kohl
Patent Attorneys and Attorneys-at-Law
Schleiermacherstr. 25
90491 Nuremberg
Telephone: +(49) (0)911 / 53 99 2 — 0
Mobile: +(49) (0)911 / 53 99 2 — 29

Pursuant to GDPR Art. 37 Paragraph (1) and (4) in connection with §38 Paragraph (1) of the Federal Data Protection Act (BDSG) (new), we are not obligated to appoint a Data Protection Officer. A Data Protection Officer is not named.

3. Processing of Personal Data, Manner and Purpose of the Usage Thereof, Legal Grounds for the Processing and Storage Duration until Erasure

a) visiting the website
Upon calling up the website, data is sent to the server of this website through the browser being used on your device. This data is temporarily stored in logfiles. The following information is thereby collected without your intervention and is stored until automated erasure:
– date and time of the accessing
– URL of the referring website
– file retrieved
– quantity of data sent, browser type and version
– operating system, as well as IP address
Cookies are not used on our website.

The data mentioned is processed for the following purposes:
– ensuring a trouble-free establishment of connection,
– ensuring the correct displaying of the contents of the website on your device,
– ensuring a secure and functional operation and use of the website,
– securing the system security and stability.

The legal basis for the data processing is Art. 6, Para. 1, Lit. f GDPR. We have a legitimate interest in the secure, stable, and functional operation of the website. In this respect, our legitimate interest pursuant to Art. 6, Para. 1, Letter F GDPR also arises from the aforementioned purposes.

The storage duration is 3 days.

The provision of the personal data is not legally or contractually mandated and is not necessary for a conclusion of a contract. You are not required to provide personal data. The non-provisioning of the data can, however, have as a consequence that you cannot, or only limitedly use our website.

Profiling or automated decision-making are not conducted on this website.

b) using the contact details on this website, in particular our provided email address, address and telephone and fax numbers
If you establish contact with us by sending an email, a letter, by telephone call or fax, the establishment of contact and the transmission of personal data possibly disclosed by you therein occurs voluntarily by you. We process the personal data thereby disclosed by you depending on the means of establishing contact.

This can, in particular, be your email address, your address data (name, last name, street and place of residence with post code), your telephone and fax number (sender’s identification), the time of the contact, as well was the contents of your message (incl. attachments).

The purpose of processing the personal data is to react to your establishing contact, to get in contact with you, and to be able to reply to your inquiries.

The legal basis for the data processing is Art. 6, Para. 1, letter f GDPR. We have a legitimate interest in providing you with an opportunity for contact, in reacting to your establishing contact and in reply to your inquiries. Art. 6, Para 1, letter f adds further legal basis if your establishment of contact occurs with a view to conclusion of contract or initiation of a contract.

We will erase your personal data in principle if no requirement for further storage exists. If the contacting has been finished because the processing of your request is concluded, the corresponding personal data is erased, as long as no legitimate interest exists for us in further storage, and no legal retention obligations apply which make a longer storage necessary.

The provision of your personal data is not legally or contractually mandated. You are not obligated to provide personal data. The non-provisioning can, however, have the consequence that you cannot use the opportunity to contact us. In the event that you contact us with a view to conclusion of a contract, processing of the personal data, which are necessary for the conclusion and completion of a contact, are necessary. Non-provisioning can have the consequence that conclusion of a contract can not occur.

We do not conduct profiling or automated decision-making.

Attention: emails that you send unencrypted via the Internet are not secured and can easily be retrieved. Third parties can access the received data without authorization. We offer you various possibilities for encrypted communication by email at any time. For example, we will happily send you our public PGP key upon request.

4. Disclosure of Data

A disclosure of your personal data to third parties does not occur for purposes other than that listed in the following, in particular not to third parties for advertising purposes.
We only forward your personal data to third parties,
– if you have explicitly given consent therefor pursuant to Art. 6, Para. 1, letter a GDPR,
– if this is necessary for the development of a contractual relationship you with pursuant to Art. 6, Para. 1, letter b GDPR,
– in the event that a legal obligation exists the forwarding pursuant to Art. 6, Para. 1, letter c GDPR,
– if the forwarding is necessary pursuant to Art. 1, Para. 1, letter d GDPR in order to protect your vital interests or those of another natural person,
– if the forwarding is necessary to safeguard our legitimate interests pursuant to Art. 6, Para. 1, letter f GDPR, provided your interests or fundamental rights and freedoms for the non-forwarding of your data override this.

To the extent that we employ IT server providers, such as providers for the operation and administration of the website, as well as for email, which can, within the framework of providing a service, receive knowledge of personal data, we meet all steps necessary for data protection for permitted data processing.

Data processing outside of the European Union does not occur.

5. Your Rights as a Data Subject

As the data subject within the framework of the legal requirements, you have:
the right to revoke your previously-given consent, at any time, with regard to us, with effect for the future, pursuant to Art. 7, Para. 3 GDPR. The lawfulness of the processing having occurred until then is not affected by the revocation. This has as consequence that we may no longer continue to proceed with the data processing that rested upon this consent in the future, unless a different legal basis, other than your consent, exists for the data processing after the time of the revocation.
the right of access, pursuant to Art. 15 GDPR. You may, at any time, request a confirmation from us as to if we are processing personal data from you. If this is the case, you have a right of access over this personal data, and the following information:

– the purpose(s) of the processing,
– the categories of personal data being processed,
– the recipient or categories of recipient, to whom your personal data was or is being disclosed, in particular in the case of recipients in third countries, or international organizations,
– the planned storage duration, or if this is not possible, the criteria for the storage duration,
– the existence of the right to rectification, erasure or restriction of processing of personal data concerning you, or the existence of the right to object to such processing,
– the existence of the right to lodge a complaint with a supervisory authority,
– the origin of your personal data, insofar as this were not collected by us,
– the existence of an automated decision-making, including profiling, and, if necessary, meaningful information about the details, the significance and the anticipated consequences of such manner of processing for your person.
The following limitations apply pursuant to §34 BSDG-new;
If personal data are transferred to a third country or an international organization, you additionally have the right to be informed about the appropriate guarantees according to Article 46 GDPR, in conjunction with the transfer.

– pursuant to Art. 16 GDPR, the right to immediately demand the rectification or the completion of your personal data stored by us;
the right, pursuant to Art. 17 GDPR, in the presence of one of the pre-conditions named there, to demand the erasure of your personal data stored with us. You are in particular not entitled to a right to erasure insofar as the processing by us is necessary for the exercise of the right to freedom of expression and information, for the compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims. The limitations pursuant to §35 BDSG-new apply;
– the right to demand restriction of processing of your personal data, pursuant to Art. 18 GDPR,

– if the accuracy of the personal data is contested by you, for a duration enabling us to verify the accuracy of the personal data,
– the processing is unlawful, but you oppose the erasure of the personal data and instead request the restriction of the use of the personal data,
– if we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or
– if you have objected to processing pursuant to Article 21(1), so long as verification is pending as to whether our legitimate grounds are overriding relative to your grounds.

– the right (right to data portability), pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us, insofar as the pre-conditions of Art. 20 GDPR are present. You may ensure that your personal data is transferred directly from us to a different controller, as long as this is technically achievable.
– the right to lodge a complaint with a supervisory authority, pursuant to Art. 77 GDPR, in particular in the member country of your place of habitual residence, place of work or place of the alleged infringement, if you are of the view that the processing of personal data relating to you infringes against the GDPR. The right lodge a complaint is present without prejudice to any other administrative or judicial remedy.

You may, for example, lodge a complaint with the with our responsible supervisory authority, the Bavarian State Office for Data Protection (Bayerischen Landesamt für Datenschutzaufsicht) at:, Promenade 27, 91522 Ansbach, Tel: +49 (0) 981 53 1300, Fax: +49 (0) 981 53 98 1300, E-Mail:
To exercise your rights as the data subject, you may contact the controller responsible for processing, named above in Clause 2, at any time.

6. Right to Object

To the extent we are processing your personal data on the basis of legitimate interests pursuant to Art. 6, Para. 1, letter f GDPR, or Art. 6, Para. 1 letter e GDPR (data processing in the public interest), you have the right, in accordance with Art. 21 GDPR, to object at any time to processing of your personal data, as long as grounds are present for this which result from your particular situation. This also applies to profiling based on those provisions. We no longer process personal data after an objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

You have the right to object at any time to the processing of your personal data for the purposes of direct marketing as well as to a related profiling. After an objection, the personal data concerned will no longer be processed for these purposes.

Furthermore, you have the right to object, based on grounds which result from your particular situation, to the processing of your personal data purposes of scientific or historical research and for statistical purposes pursuant to Article 89, Para. 1 GDPR, unless the processing is necessary to fulfill one of the objectives lying in the public interest.
To exercise your right to object, you may contact the controller responsible for the processing, named above in Clause 2, at any time, e.g. an email to: would be sufficient.

7. Data Security

To protect the transfer of personal data on the website, we use SSL (Secure Socket Layer) Protocol encryption protocols. You can recognize if a site of our Internet page is being transferred in encrypted form by the closed design of the key symbol or lock symbol, and by the character string https:// in the address bar of your internet browser.

Furthermore, we take appropriate measures in order to protect the confidentiality and integrity of your personal data stored with us based on the state-of-the-art.

8. Currency and Changes Regarding this Privacy Policy

This data privacy policy is revised as warranted. The respectively current version can respectively be found on this Internet site.

This data privacy policy is current as of 9th January 2019.