Privacy Policy

1. General

faltor.legal (hereinafter referred to as “we”) collects, uses, and stores personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunication and Telemedia Data Protection Act (TDDDG). According to Article 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. Below, we provide information about the type, scope, purpose, and legal basis for the collection and use of personal data on our website faltor.legal, on our social media channels, and in connection with our law firm.

3. Categories of Personal Data

We process personal data that we obtain in the course of our professional activities and through our website, either directly or via third parties. The following categories of personal data may be processed by us: cookie data (e.g. user ID, IP address, timestamps), technically necessary data required for the operation of the website (e.g. IP address), first name, last name, company name, contact details (e.g. telephone number, email address, address), professional data (e.g. place of work, industry, professional position), data relating to specific matters in the context of providing legal services, payment information, representations, account information from social media accounts, content entered into free text fields where applicable, and message content. Detailed information on the specific data processed is set out below in connection with the respective processing activities.

Personal data is provided either voluntarily by website visitors or our clients, by submitting the data via the website, in the context of providing legal services, or by other means of communication. Technically necessary data and data from technically necessary cookies are collected automatically when our website is used. Unless otherwise stated, the provision of such data is mandatory for the performance of our services and for the operation of our website.

4. Purpose and Legal Basis of Data Processing

Personal data is processed in order to provide our services pursuant to Article 6 (1) (b) GDPR (e.g. for handling contact requests or providing legal services), to comply with our legal obligations pursuant to Article 6 (1) (c) GDPR and to respond to requests from authorities or courts (e.g. retention, storage, or documentation obligations under Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO), statutory obligations to provide information or disclose data), and on the basis of our legitimate interests pursuant to Article 6 (1) (f) GDPR (e.g. to detect malicious or fraudulent activities or for the operation and optimisation of our website). In rare cases, personal data is processed in order to protect vital interests pursuant to Article 6 (1) (d) GDPR. Specific information on the purposes of the processing and the respective legal bases is set out below in connection with the individual processing activities.

5. Categories of Recipients of Personal Data

We transfer personal data to service providers and agents (e.g. technical service providers, hosting providers, waste disposal companies, payment service providers, postal carriers) and consultants (e.g. tax advisors). Detailed information about the recipients is listed below.

Our service providers, agents, and consultants usually act as our data processors according to our instructions within the framework of a data processing agreement pursuant to Article 28 GDPR. In some cases, the recipients act independently with their own data protection responsibility (e.g. tax advisors).

6. Information on the Transfer of Data Outside the EU/ EEA

We process personal data within the EU and in countries of the EEA. We do not transfer personal data to third countries unless otherwise stated.

7. Retention Period

Unless otherwise stated below, we process and store personal data only for the period necessary to achieve the processing purpose or as long as we are legally obligated to do so. If the storage purpose ceases to apply, a legally prescribed retention period expires, or the data subject requests deletion, the personal data will be routinely blocked, anonymized, or deleted in accordance with legal requirements, unless we are legally obligated to retain it for a longer period.

8. Server Log Files, Security and Hosting

To operate our website, we process information about website visits in so-called server log files, which your browser automatically transmits to us. This includes technically necessary data for website operation, such as IP address, browser type/version, operating system used, referrer URL (the previously visited page), subpage, date and time of the server request, amount of data transferred, and the requesting provider.

The legal basis for this processing is Article 6 (1) (f) GDPR. Our overriding legitimate interest lies in displaying, operating and optimizing our website and ensuring its stability and security.

For security reasons and to protect the transmission of confidential information, we use SSL encryption on our website. With an encrypted connection, the browser’s address bar changes from “http://” to “https://”. When SSL encryption is activated, the transmitted data cannot be read by third parties.

Our website is hosted on our behalf by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany, on servers located within the European Union. The legal basis for this processing is Article 6 (1) (f) GDPR. Our overriding legitimate interest lies in displaying, operating, and optimizing our website and ensuring its stability and security. Technically necessary cookies are set for this purpose. Further information on data processing and privacy at Hetzner can be found on Hetzner’s website at hetzner.com/de/legal/privacy-policy .

9. Use of Technically Necessary Cookies

Our website uses so-called “cookies.” A cookie is a file that stores certain device-related information on the website visitor’s access device (e.g. PC, tablet, smartphone). When our website is accessed by the visitor’s device, our website’s server receives information back from the cookie. We only use cookies that are technically necessary for the operation of the website and process data entered on our website or automatically transmitted by cookies (e.g. user ID, IP address, timestamp).

We use technically necessary cookies based on Article 6 (1) (f) GDPR to manage the session, provide a technically optimized, user-friendly, and needs-based website, and ensure the security and performance of our systems. Most of the cookies we use are “session cookies.” These are automatically deleted after the end of the visit or browser session (so-called transient cookies). Other cookies remain stored on the visitor’s device for a specified period or until the visitor deletes them (so-called persistent cookies). These cookies allow us to recognize the browser on the next visit.

10. Contact Requests and Consultation

In the event of contact by email, telephone, social media, or other means, or in the context of legal advice provided as part of a mandate, we process the transmitted data such as first name, last name, company name, contact details (e.g. telephone number, email address, address), professional data (e.g. place of work, industry, professional position), data relating to specific matters in the context of providing legal services, payment information, representations, account information from social media accounts, content entered into free text fields where applicable, message content, and any other data transmitted.

The legal basis for this processing is Article 6 (1) (b) or (f) GDPR. Our overriding legitimate interest lies in reviewing, processing, and responding to contact requests and inquiries and in providing information about our professional services.

11. Social Networks

We operate a social media channel on LinkedIn to inform visitors about our work and to communicate with them via the platform if they are interested. We process data about our social media profile when comments or messages are sent to us on the platform. The legal basis for this is Article 6 (1) (f) GDPR. Our overriding legitimate interest is to respond to visitors who contact us and to inform them about our work. As soon as our social media profile is accessed on the platform, LinkedIn’s terms of service and privacy policy apply, which can be found at linkedin.com/legal/privacy-policy .

12. Automated Decision-Making

We do not use personal data for automated decision-making processes (including profiling).

13. Rights of the Data Subject

In accordance with Article 15 GDPR, the data subject has the right to request, free of charge, information about the personal data stored about them and the purposes of the processing. In accordance with Articles 16, 17, and 18 GDPR, the data subject has the right to rectification of inaccurate data, as well as the right to restriction of processing and erasure of their personal data. Furthermore, in accordance with Article 20 GDPR, they are entitled to receive the personal data concerning them in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from us. In accordance with Article 21 (1) GDPR, the data subject has the right to object to the processing of personal data concerning them which is based on Article 6 (1) (e) or (f) GDPR. Every data subject has the right to lodge a complaint with a data protection supervisory authority regarding the processing of their data when using the website.

We will fulfill the aforementioned rights of the data subject, provided the legal requirements for asserting these rights are met. The data subject may address any requests concerning personal data to the contact details provided in the legal notice of our website or in this privacy policy.

Last Updated: February 2026