privacy policy



Thank you for visiting our website. Below we would like to inform you which data relating to your visit will be used for what purposes.


1. Data controller
1.1 The data controller under Article 4(7) of the EU General Data Protection Regulation (GDPR) is

BROOK Rechtsanwälte Rechel Aghamiri Burkart Burke & Ziehm Partnerschaft mbB
Am Sandtorkai 75, 20457 Hamburg
Tel. +49 (0) 33 46 596 – 0
Fax +49 (0) 33 46 596 – 11

1.2 If you have any questions or suggestions concerning this information or wish to exercise your rights, please submit your enquiry to the above-mentioned e-mail/postal address.

2. General information

2.1 Personal data in the meaning of Article 4 No. 1 GDPR is any data that can be personally associated with you, e.g. name, address, e-mail addresses, user behaviour.
2.2 The processing of personal data (see Article 4 No. 2 GDPR) is lawful under Article 6 GDPR if one of the following conditions is fulfilled:
2.2.1 The data subject has consented to the processing of the personal data relating to him/her for one or more specific purposes (Article 6(1) a) GDPR);
2.2.2 The processing is necessary for the purpose of performing a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1) b) GDPR);
2.2.3 The processing is necessary for the purpose of compliance with a legal obligation to which the controller is subject (Article 6(1) c) GDPR);
2.2.4 The processing is necessary to protect vital interests of the data subject or another natural person (Article 6(1) d) GDPR);
2.2.5 The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1) e) GDPR.
2.2.6 The processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or basic rights or freedoms of the data subject are outweighed by the need to protect personal data, particularly if the data subject is a child (Article 6(1) point f) GDPR).

2.3 Unless stated otherwise further in this privacy policy, your personal data will only be stored by us as long as it is necessary for the achievement of the purpose of the processing or for the fulfilment of our contractual or statutory obligations (e.g. tax or commercial law regulations).

2.4 You are entitled to the following general rights as a data subject:
    right to information;
    right to rectification or erasure;
    right to restriction of the processing;
    right to object to the processing;
    right to data portability.
These rights are based on Articles 15-21 GDPR.

2.5 If a processing operation is based on your consent, under Article 7(3) sentence 1 GDPR you have the right to withdraw the consent you granted us with effect for the future.

2.6 If a processing operation is based on public or legitimate interests, under Article 21(1) GDPR you have the right, for reasons that arise from your particular situation, to at any time lodge an objection to the processing of personal data relating to you.

2.7 If, in the event that you object, we are unable to provide proof of compelling grounds meriting protection for the processing that outweigh your interests, rights and freedoms, we will no longer process your personal data. Compelling grounds meriting protection opposed to a successful objection may also be deemed to pertain if the processing of your personal data serves the purpose of the assertion or defence of legal claims.

2.8 You also have the right to lodge a complaint with a competent data protection supervisory authority regarding the processing of your personal data by us. The competent supervisory authority for us is:

The Hamburg Commissioner for Data Protection and Freedom of Information,
Ludwig-Erhard-Str. 22, 20459 Hamburg.

Generally speaking, you may also contact any other data protection authority.

2.9 As a rule, your data will not be transmitted to third parties.

2.10 For the operation and optimisation of our website various services companies work for us by way of contract data processing. These also include, for example, central IT services and the hosting of our website (maintenance, support). Such companies work for us by way of contract data processing (Article 28 GDPR) and may only use any viewable or provided data exclusively in accordance with our instructions. We meet our legal responsibility for adequate data protection precautions at the companies engaged by us in this context by agreeing specific data security measures with those companies, carrying out regular inspections and concluding contract data processing agreements with them from the start of the utilisation of the services. The following categories of recipients within the meaning of Article 13(1) e) in conjunction with Article 4(9) GDPR can be classified at our company: IT and hosting service providers.

3. Data processing when you contact us

3.1 If you have questions of any kind we provide you with the option of contacting us by e-mail or through our contact form, in which case we process the following data:
3.1.1 Your name consisting of your given and surname;
3.1.2 Your e-mail address;
3.1.3 The subject specified by you (“Subject”);
3.1.4 Your message;
3.1.5 The date and time the enquiry was sent;
3.1.6 Any further information that you provide in your e-mail (e.g. your telephone number).

3.2 We use your data to contact you and advise you insofar as you grant us a mandate. We erase all the data collected in this context once storage it is no longer necessary, or we restrict the processing if statutory retention obligations apply. The legal basis for the processing initially consists of your voluntary consent (see Article 6(1) sentence 1 a) GDPR) and thereafter the basis is Article 6(1) sentence 1 b) GDPR, if you grant us a mandate. 

4. Processing of personal data when you visit our website

4.1 When you access our website the browser used on your device will automatically send information to our website’s server. That information is saved temporarily in a log file. The following data is recorded and stored until it is automatically deleted, without any action on your part:
4.1.1 Date and time of access;
4.1.2 Name and URL of the accessed file;
4.1.3 The website from which access occurred (referrer URL);
4.1.4 The browser used and possibly the operating system of your computer and the name of your access provider.

4.2 We process that data for the following purposes:
4.2.1 to ensure trouble-free establishment of a connection with the website;
4.2.2 to ensure convenient use of our website;
4.2.3 technical management and security of the website;
4.2.4 to evaluate system security and stability; and
4.2.5 for further administrative purposes.

4.3 The legal basis for data processing is Article 6(1) sentence 1 f) GDPR. Our legitimate interest arises from the purposes of data collection listed above. We will in no event use the collected data for the purposes of drawing conclusions about your person. The stored data will be erased after 14 days. This will not occur only in the event that, based on tangible evidence on our part, there are justified grounds for suspecting that unlawful use has occurred. Longer storage of the above data is then necessary in this exceptional case for further assessment.

4.4 We also use cookies on our website. Cookies are small files which are automatically created by your browser and stored on your device (laptop, tablet, smartphone etc.) when you visit our site.

4.5 Cookies do not cause any damage to your device and contain no viruses, Trojan horses or other malware.

4.6 In the cookie, information is stored that arises in connection with the specifically used device. However, this does not mean that we directly gain knowledge of your identity as a result.

4.7 We employ for the use of our website exclusively “technical cookies”.

4.8 The use of cookies serves the purpose, on the one hand, of making the use of our service more enjoyable for you. For example, we use session cookies to detect that you have already visited individual pages of our website. They are automatically erased when you leave our site.

4.9 In addition, we use temporary cookies, also in order to enhance user-friendliness, which are stored on your end for a specific, defined period of time. When you visit our site again to take advantage of our services, it will automatically be recognised that you have previously visited us and what information you entered and settings you made, so you do not have to repeat this process.

4.10 The data processed by cookies is necessary for the aforementioned purposes, in order to protect our legitimate interests under Article 6(1) sentence 1 f) GDPR.

4.11 Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notification always appears before a new cookie is saved. However, if you fully disable cookies you may not be able to use all the functions of our website.

5. Integration of Google Maps

5.1 On this website we use the service of Google Maps. This enables us to display interactive maps directly in the website and enables you to conveniently use the maps function.

5.2 Through your visit to the website Google is notified that you have accessed the specific page on our website. This occurs irrespective of whether Google provides a user account through which you are logged on or if no user account exists.

5.3 If you are logged into Google, your data will be directly assigned to your account. If you do not wish the data to be associated with your Google profile, you must log out before pressing the button.

5.4 Google processes that data as usage profiles and uses it for the purposes of market research and/or tailoring Google Maps to users’ needs.

5.5 The processing of the data occurs on the basis of Article 6(1) f) GDPR. We have a legitimate interest in showing you our location in the HafenCity on our website and thus making it easier for you to find us. Finally, the integration also serves the purpose of providing you with guidance.

6. Integration of Google Web Fonts

6.1 External fonts are integrated into our website. We use Google Fonts for this purpose. Google Fonts is a service of Google Inc. (“Google”). These Google Fonts are integrated by accessing a server, generally a Google server in the USA.

6.2 The IP address of the device used by the visitor to this website will also be stored by Google (Google’s privacy policy can be accessed at

6.3 The information provided above on the integration of Google Maps also applies here. The data is processed on the basis of Article 6(1) f) GDPR. Our legitimate interest is in providing you, both in technical and graphic terms, with a smoothly operating, easily readable website and thus enhanced usability.

7. Social media

7.1 We also use within the framework of our website social media platforms, namely, and

7.2 We maintain corporate profiles on both LinkedIn and Twitter. We do not use social media plugins to link to our company profiles, either from LinkedIn or from Twitter. However, we do provide links to the respective corporate websites, which are operated in the case of LinkedIn by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and in the case of Twitter by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

7.3 You can find further information on the processing of personal data by LinkedIn at

7.4 As a rule Twitter Inc. (USA) is solely responsible for the processing of personal data when you visit our Twitter profile. For further information on the processing of personal data by Twitter Inc., please visit​​​​​​​.

As at August 2020