Data protection

Privacy policy

The protection of your data is very important to us, which is why we would like to inform you about the type, scope and purpose of the collection and processing of your personal data when using this website. The legal basis for data protection can be found in the Federal Data Protection Act (BDSG) and in the General Data Protection Regulation (GDPR).

If you have any questions, please contact the controller and/or our data protection officer.


Data Controller

The Controller for the processing of your personal data is:

KJK Kolmann Jakobs Kramer Rechtsanwälte PartGmbB

Marienstraße 14-16

80331 München

Phone: +49 (89) 255 49 38-0

Fax: +49 (89) 255 49 38-38




Data Protection Officer

You can contact our data protection officer at the above contact details, if necessary with the addition “To the data protection officer”, as well as by e-mail to:


Data processing for the provision of contractual services

You can use our website and our contact details provided there to send us enquiries about mandating or commissioning other contractual services offered by us. Insofar as personal data is transmitted to us in this manner or in any other way for inquiries regarding mandating/commissioning, we process your data in order to answer your inquiries and to carry out the mandate. For this purpose we require your complete name and address data as well as information for enforcing or defending your rights. Furthermore, we need your name and address for invoicing. In order to communicate with you within the scope of the mandate, we also require – at least – your telephone number. Without this data, the contractual relationship cannot be carried out. In case of suppliers/service providers, we process any personal data provided in this manner or in any other way for our orders and service requests and to pay for the services provided. For this purpose we require the name, the address and the bank account details. Depending on the service/contract, we may require additional data which we then clarify on a case-by-case basis.

The legal basis for processing your data is Article 6 para. 1 sentence 1 lit. b GDPR which permits the processing of data for the performance of a contract or pre-contractual measures.


Data processing for communication with you

Any communication data provided by you (name, address, telephone number, e-mail address, and fax number) will be processed by us in order to contact you, to communicate and to answer your inquiries. Any personal data that you provide to us will only be processed for correspondence and answers to your enquiries or only for the purpose for which you have made the data available to us.

The legal basis for processing data is Article 6 para. 1 sentence 1 lit. b GDPR which permits the processing of data for the performance of a contract or pre-contractual measures.


Data processing for applications

You can send us your application for jobs in our law firm via our website and the contact details provided there. If you submit personal data to us in this manner or in any other way, we process your data to assess, process and reply to your application and, if necessary, to prepare your employment.

The legal basis for processing data is Article 6 para. 2 GDPR, § 26 para. 1 BDSG which permits the processing of data for the decision on the establishment, for the establishment and the implementation of employment relationships.


Access data and logging

By visiting our website, any information about accessing the website, such as date, time, pages viewed, IP address, browser type, browser system, provider, referrer URL (the original URL from which you came to the website), the amount of data transferred and other data in this category, may be stored. This data is anonymized and is stored temporarily for statistical purposes and for technical security reasons only, in particular to prevent attempts to attack the web server. It is not possible for us to draw conclusions about individual persons on the basis of this data. A comparison of this data with other data stocks or a transmission to third parties, whether for commercial or non-commercial purposes, will not occur.

The legal basis for processing data is Article 6 para. 1 sentence 1 lit. f GDPR which permits the processing of data to protect the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the person concerned do not prevail. Our aim is to ensure data security on our website and to optimize our website


Website analysis and advertising tools

No analysis and/or advertising tools are used on our website.


Accessing our webpages (IP address, cookie ID, cookies)

We use so-called logfiles to guarantee for the connection establishment to our website and in order to improve usability of our website. We perform evaluations for system safety and stability as well as for administrative purposes. Processing these data is neither required by law nor by contract. But without collecting these data, access to our website would either not be possible or only restricted. Collecting these logfiles guarantees for the safety of the webserver (Article 6 para. 1 lit. f) GDPR). We host our web servers in the data centers of SRATO AG. Our logfiles (including your IP address) are automatically deleted after 3 days. We do not use cookies.



Our website also uses fonts provided by “Google” for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to the servers of Google ( This enables these providers to know that our website has been accessed via your IP address. The use of web fonts is in the interest of a uniform and attractive presentation of our online offers (Art. 6 pa-ra. 1 lit. f) GDPR).

Further information on Google Web Fonts can be found at and in the Google privacy policy:


Data processing for the fulfillment of legal obligations

Additionally, we may process your data to comply with legal obligations (e.g. regulatory requirements, commercial and tax retention and verification obligations).

The legal basis for processing data is Article 6 para. 1 sentence 1 lit. c GDPR which permits processing for compliance with a legal obligation.


Categories of recipients of personal data

Your mandate and communication data will be forwarded to the responsible lawyer or employee within our law firm for answers to your inquiries, for communication or for the implementation of the mandate/commission. The legal basis for this is Article 6 para. 1 sentence 1 lit. b GDPR which permits the processing of data for the performance of a contract or pre-contractual measures.

In case of applications, the data will also be forwarded to the relevant office and the relevant staff within our law firm. The legal basis for this is Article 6 para. 2 GDPR, § 26 para. 1 GDPR which permits the processing of data for the decision on the establishment, for the establishment as well as for the implementation of employment relationships.

Your personal data will only be disclosed or otherwise transmitted to third parties outside our law firm if this is necessary for the purpose of handling the mandate or for invoicing purposes or if you have given your prior consent or if there is a statutory basis for the disclosure. In the course of handling your mandate, your data will be disclosed to your opponents and their representatives, to your potential contractual partners and their representatives and to courts or authorities, for example, for notifications of representation, contract negotiations and/or assertion or exercise of the defense of your claims. The attorney-client privilege shall remain unaffected. As far as data which are subject to the attorney-client privilege are concerned, a disclosure to third parties shall only takes place in consultation with you.

Additionally, as part of the invoicing process, the service providers assigned by us are provided with the necessary data for accounting and the execution of payments. The data disclosed in this way may only be used by our service providers for the performance of their task. These service providers are also subject to statutory confidentiality obligations.

Insofar as we assign third parties to carry out and perform data processes, the provisions of the General Data Protection Regulation shall be complied with. Service providers who support us in providing our services to you are in particular hosting providers, e-mail service providers/software providers et al. for the production, the processing and handling and the provision of documents and information as well as for the recording of service provision and the invoicing of services, IT service providers, IT specialists, newsletter dispatch service providers, and as the case may be translation companies and foreign law firms.


Duration of data storage

We delete your data as soon as it is no longer required for the above-mentioned purposes unless storage is required because of statutory storage obligations.


Data Security

Your personal data is transmitted securely by encryption. We use the SSL (Secure Socket Layer) coding system. Furthermore, we protect our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Our security measures are continuously improved in accordance with technical developments. We expressly point out that data transmission on the Internet has security gaps and cannot be completely protected from access by third parties which applies in particular and above all to communication via e-mail.


Links to third-party websites

You will find links to third-party websites on our homepage. The respective site operator is responsible for data processing on these websites. Any data processing on those pages begins as soon as you click on the respective link or follow the URL stored there.


Social Media

We operate appearances on several online platforms and social networks in order to interact with potential or existing clients, exchange information with interested parties and users or to create offers and advertise services. This includes the following providers:



LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland;

We operate our appearances in so-called joint (data protection) responsibility with the providers. Data that you directly share or publish via the online platforms and networks (e.g. via comment and chat functions) is processed by us as the responsible party in order to interact with you in this respect or to exchange information with you. In the course of this interaction, we may also receive statistical data from the platform operators regarding the use of our “channels and fan pages”. This includes, for example, information about interactions, likes, comments or summarized information and statistics (e.g. IP address; origin of followers), which help us to learn something about the interactions with our site.

The legal basis for data processing in our area of responsibility is Article 6 para. 1 sentence 1 lit. f) GDPR.

However, the aforementioned providers also process data on their own responsibility. We have no influence on data that is processed by the provider on his own responsibility according to his own terms of use and data protection. We would like to point out that when you call up the above-mentioned providers, additional data (e.g. from your usage and “surfing behavior”) may be collected and, if necessary, transmitted to the provider. Please also note that in the case of interaction via the aforementioned media, data may also be processed outside the area of the European Union. Furthermore, user data is usually processed for market research and advertising purposes. Thus, for example, user profiles can be created from the user behavior and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. More detailed information on this can be found in the data protection information of the respective providers. If we receive personal data from you in connection with the use of the online platforms and networks, please address your concerns to us. Should you wish to assert any further rights against a particular provider, please contact the provider in question.


Rights of the persons affected

You have the right to request information about any data collected and stored about you at any time within the limits of the statutory provisions. In particular, you have the right to:

  • request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of the personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these were not collected by us, and the existence of automated decision-making procedures including profiling and, if applicable, substantive information on the details, Article 15 GDPR;
  • demand without delay the correction of incorrect and/or completion of the personal data stored with us, Article 16 GDPR;
  • request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise and defend legal claims, Article 17 GDPR;
  • request the limitation of the processing of your personal data if the accuracy of the data is objected to by you, the processing is unlawful, but you oppose the deletion of the data, but you need it to establish, exercise and defend legal claims, Article 18 GDPR or you have filed an objection to the processing, Article 21 GDPR;
  • receive the personal data you have provided to us in a structured, common machine-readable format or to request its transfer to another controller, Article 20 GDPR;
  • file a complaint to a supervisory authority pursuant to Article 77 GDPR if you can claim a violation of the collection, processing, use or storage of your data or of your other rights as a person affected.


Right of revocation and objection

You may revoke your consent to the processing of your personal data given to us pursuant to Article 6 para. 1 sentence 1 lit. a GDPR at any time, Article 7 para. 3 GDPR.

In accordance with Article 21 GDPR you also have the right to object to the processing of personal data concerning you, which is carried out on the basis of Article 6, para 1, sentence 1, lit. f GDPR, at any time for any reason arising from your specific situation. Processing will then be omitted unless there are compelling interests requiring protection which outweigh your interest in not processing or the processing serves to assert, exercise and defend legal claims.

If you wish to exercise your right of objection, simply send an e-mail to


No automated individual decision-making

We do not use your personal data for automated individual decision-making within the meaning of Article 22 para. 1 GDPR.


Change of the privacy policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You will always find the latest version on our website.


Status: January 2021

Scroll to Top