Data Protection Declaration

Dated 28.04.2023

1. General

Thank you for visiting our website and for your interest in our law firm and in our services. The protection of your personal data is of the utmost importance to us. We treat all your personal data with confidentiality in accordance with applicable data protection regulations and this Data Protection Declaration. As a rule, we use any and all personal data only as required and solely for the effectiveness and user-friendliness of our website, including its contents and services offered on it.

Using this website involves the collection of various personal data. Personal data includes data that can be used for your personal identification. This Data Protection Declaration explains which data we collect, how we collect and use it and for what purpose. Be advised that Internet data transfer (for example, communication by e-mail) in general may pose the risk of security gaps. 

This Data Protection Declaration applies to the website of HEUSSEN Rechtsanwaltsgesellschaft (hereinafter referred to as “Heussen” or “We/Us”). It does not apply to any other Internet offers we refer to merely by a link. 

Responsible Party/Parties
Responsible party in accordance with applicable data protection regulations, especially der EU General Data Protection Regulation (GDPR): 

HEUSSEN Rechtsanwaltsgesellschaft mbH
Brienner Straße 9 / Amiraplatz
D-80333 Munich, Germany
Tel.:         +49 (0)89 29 09 70
Fax:         +49 (0)89 29 09 7200

Data Protection Officer
For any questions, comments, or questions regarding the exercise of your rights pursuant to GDPR, you are welcome to contact our Data Protection Officer anytime:

Lars Beitlich
IfDuS GmbH
Landsberger Str. 396
D-81241 Munich, Germany
Tel.:         +49 (0)89 85 63 34 60
Fax:         +49 (0)89 29 09 7200


Your Rights
When it comes to exercising your rights as described below, please feel free to contact us via the aforementioned contact information. Pursuant to the General Data Protection Regulation, you have the following rights:

  • To be informed of any and all of your data being saved by us and our use thereof (Art. 15 GDPR),
  • To have any incorrect personal data corrected by us (Art. 16 GDPR),
  • To have any of your data saved by us deleted by us (Art. 17 GDPR),
  • To restricted use of your data in as far as legal obligations prevent us from deleting your data without further delay or in as far as we are required to review your data in more detail prior to deleting it (Art. 18 GDPR),
  • To object to the use of your data acc. to Art. 21 GDPR and
  • Unrestricted data transferability as far as you have consented to data management or signed a data management agreement with us (Art. 20 GDPR).

We do not utilize any automated decision-making systems, including any profiling systems, as defined in Art. 13, Sect. 2 (f) GDPR in conjunction with Art. 22 GDPR.

Once you have given us consent to use your data, you can withdraw your consent for any future use thereof any time. In that case, all you need to do is to let us know by sending us an informal message via e-mail. Any use of your data prior to withdrawal of your consent, however, remains legally unaffected thereof.

In case of violation(s) of GDPR, you have the right to file a complaint with the relevant authorities; specifically, in the member state of your habitual residence, your workplace or the location of the suspected violation(s). Your right to file a complaint is protected without prejudice to any other administrative or judicial remedies.

An overview of data protection authorities (DPAs) in the private sector in Germany is available here. The relevant DPA in the State of Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
D-91522 Ansbach, Germany

Postal Address:
P.O. Box 1349, D-91504 Ansbach, Germany
Tel.:                0981/180093-0
Fax:                0981/180093-800

2. Informational Use

Type and Scope of Data Use
As soon as you access our website, informational data automatically starts being collected, even if you never register on our website or if you use our website to otherwise transfer information to us. This informational data (server logfiles) contains the IP address of the computer being used to access our website, the date and time of your access, the page/name of whichever file you access, the data load being transferred, the message confirming successful website access, the Internet address from which the respective page or file was accessed or from which the relevant function was initiated as well as the web browser being used in the process.

Said informational data is specifically used for the following purposes:

  • To guarantee a secure and stable connection to our website,
  • To guarantee the flawless use of our website,
  • To provide analytical data regarding system stability/security as well as
  • For other administrative purposes.

Please be advised that we do not use your personal data to draw conclusions about you as an individual. The only way we use this information is for statistical analysis, which may help us to further optimize our website as well as the technology behind it. 

Legal Basis
Any and all of aforesaid informational data is used in accordance with Art. 6, Sect. 1, Clause 1 (f) GDPR, based on our legit interest in improving the functionality and stability of our website.

Recipients of aforesaid informational data solely include technical service providers hired by us for operation and maintenance of our website.

Storage Period
Once your informational data is no longer required for data collection purposes, it is deleted. Data that merely serves in providing access to our website is generally deleted immediately after you finish visiting our website.

The provision of aforesaid personal data is neither mandated by law nor required under the terms of any contract. However, without an IP address, we cannot guarantee the functionality of our website. Moreover, some of the services or functions may be unavailable or of limited use. For that reason, any possibility of a contradiction is ruled out.

3. Online Applications

a) Type and scope of data processing

On our website, you may use the career portal and apply to us using the online form.

When you apply using the online form, we collect and store the data you enter in our online form and send to us, i.e.:

  • Job *
  • HEUSSEN location *
  • additional title
  • first name *
  • last name *
  • Specialist lawyer title / professional title
  • Place of residence *
  • Relocation possible
  • Email *
  • Telephone number *

You can also upload files, namely:

  • photo
  • curriculum vitae
  • certificates / exams

Finally, you can send us a message.

We need the information in the fields marked with an asterisk to process your application, to confirm receipt of your application electronically and to communicate with you. You can only send us your application if you have completed these fields. If you do not provide us with your data or do not provide it in full, this will not have any adverse consequences for you, but in this case we will generally not be able to process your application or will only be able to do so with a delay.

Our decisions regarding your invitation to an interview and whether or not to hire you will be made by us on a case-by-case basis - in particular, not by automated means - depending on our assessment.

Alternatively, you are free to send us your application by e-mail. If you choose to communicate with us by e-mail, we recommend that you encrypt your documents and provide us with the password in a separate message. If you send us your application by e-mail without encryption, your message including attachments will not be protected against unauthorized access or modification by third parties during data transmission. We recommend that you only use an e-mail box for your communication with us to which only you have personal access.

You can still send us your application by mail. There is no obligation to use our online career portal.

b) Purpose and legal basis

We process your data for the purpose of processing your application (in particular the assessment and selection of applicants, the preparation and conduct of interviews, the evaluation and assessment of the results of these interviews and any further related measures that may be required) including the decision on the establishment of the employment relationship and for communicating with you. We also process some applicant data in order to fulfill certain obligations arising from legal standards.

The legal basis for the processing is Art. 88 (1) GDPR in conjunction with. § Section 26 (1) sentence 1, (8) sentence 2 of the German Data Protection Act (BDSG) and, in addition, Art. 6 (1) sentence 1 letter b GDPR.

Within our company, only those persons who are involved in the decision-making process will have access to your personal data.

Data will only be passed on to third parties if we are obliged to do so by law or if you have given us your consent. For example, we are required by law to disclose your data to public bodies and institutions (e.g. tax administration and social security institutions) in connection with an employment contract with an applicant.

Your personal data is processed within the European Union; it is not transferred to third countries.

c) Storage period

aa) Your applicant data will be stored for the duration of the review of your application.

bb) If the application process ends with a hiring, i.e. the conclusion of an employment contract, our HR department will take your data for the personnel file. In this case, the general time limits for the retention of personal data belonging to the personnel file apply. We will provide you with further information about the processing of your personal data in connection with your employment separately in advance of your employment.

cc) If the application process ends with non-employment (e.g. because your application is unsuccessful or you withdraw your application), our HR department will proceed as follows, unless we are legally entitled or obligated to further retention in individual cases:

We store your data - protected against access by unauthorized persons - taking into account Section 61b (1) of the German Labour Court Act (ArbGG) in conjunction with Section 15 of the German Gernal Act on Equal Treatment (AGG) for a maximum period of six months from receipt of the decision not to hire you, i.e. receipt of the rejection letter. During this period, your data will only be accessed in order to be able to justify our decision documented in this way if necessary upon request.

After this period has expired, we will delete or destroy your data. If you applied by mail, we will return your application documents to you by mail after completion of the application process if you provide us with a domestic postal address and notify us of your request in good time.


4. Client Acquisition

You can use our website to inquire about our law services in a legal matter. In that case, we collect your submitted data for fulfillment of relevant contractual and pre-contractual obligations and save all of it, including, for example:

  • Name, title and academic degrees (if any)
  • Address and contact information
  • Date of birth
  • Payment information
  • Description of case matter 

Legal Basis
Your data is used for fulfillment of contractual and pre-contractual obligations in accordance with Art. 6, Sect. 1, Clause 1 (b) GDPR.

Recipients of your data may include service providers complying with guidelines under Art. 28 GDPR.

Storage Period
Your collected data is saved within the storage periods legally mandated for processing case matters. Generally, Art. 50, Sect. 1 of the German Federal Lawyers’ Act (BRAO) calls for a record-keeping period of six years for contract files. Under this federal guideline, we may be required to maintain your personal data beyond the conclusion of your service agreement with us, in order to fulfill any contractual or legal obligations on our part. 

5. Contact Form

The data you enter on our website is saved in order for us to communicate online with you personally. To this end you, have to enter a valid e-mail address as well as your name. This data, along with a timestamp, serves to facilitate both assignment of your inquiries and follow-up responses to them. Any other data input is optional.

Legal Basis
The data you enter on our Contact Form is used on the basis of a legit interest (Art. 6, Sect. 1, Clause 1 (f) GDPR). Our Contact Form is just our way of making it easier for you to contact us.

When you contact us with an inquiry through our website, the data you enter on our Contact Form is used by our system for performing pre-contractual procedures (Art. 6, Sect. 1, Clause 1 (b) GDPR).

Recipients of your data may include service providers complying with guidelines under Art. 28 GDPR. 

Storage Period
Personal data entered for initial inquiries is deleted after a maximum period of 6 months following the processing and conclusion of inquiries.

If an initial inquiry leads to a signed agreement for services, we are bound to the legal storage periods of the German Commercial code (HGB) and will delete your data following expiration of said periods.

Providing personal data is done on a voluntary basis. However, in order to process your inquiries, we need your name, your e-mail address and the reason for your inquiry. 

6. Cookies

Like many other websites, we utilize computer cookies too. These are small text files that are saved to your device (PC, laptop, tablet, smartphone, etc.) when you open our website.

These cookies provide us with specific data such as the IP address, browser and operating system you’re using. We should point out that cookies cannot be used to start any programs, nor any computer viruses. Instead, the information contained within the cookies allow us to facilitate navigation on our website and insure the correct display of our website. We will never use any of your collected data to pass it on to third parties without your consent, nor will we ever use any of it to create a link to other personal data. 

Naturally, you can always visit our website without activating any cookies. Internet browsers are generally preset to accept cookies. Still, you can usually deactivate cookies anytime using your own browser settings. Please refer to the Help functions of your Internet browser to learn how to change these presets. However, be advised that deactivating cookies may cause you to lose certain functions on our website.

Storage Period and Cookies Used
In as far as you allow our use of cookies by either consent or the means of your personal browser settings, you may see use of the following cookies on our website:





Legal Basis

Storage Period



Maintenance of session variables

Legit interest Art. 6, Sect. 1, Clause 1 (f) GDPR

1 year



Vimeo LLC

Video presentations

Consent Art. 6, Sect. 1, Clause 1 (a) GDPR

2 years



Google LLC

User behavior analysis

Consent Art. 6, Sect. 1, Clause 1 (a) GDPR

2 years


While some of these cookies are essential to the functionality of our website, others require your consent to be activated. In what follows, you can find out more detailed information about cookies and plug-Ins, which can also be used to save personal data.

For more detailed settings, you can apply the menu at the footer of this website anytime.

You can also use your personal browser settings to delete individual cookies or even the entire list of cookies. You can also find information and instructions on how to delete these cookies or how to keep them from being saved in the first place. Depending on the provider of your browser, you can find the necessary information under the following links:

6.1.    Session Cookie “PHPSESSID”

The “PHPSESSID” cookie saves each session of your visit to our website. Anytime you visit our website, we can use this session ID to clearly identify you. 

Legal Basis
The data you enter is used on the basis of our legit interest in the proper display of our website in accordance with Art. 6, Sect. 1, Clause 1 (f) GDPR. 

Recipients of your data may include service providers complying with guidelines under Art. 28 GDPR.

Storage Period
Your personal data is saved for one year. 

Transfer to Third Countries
There are no transfers of personal data to third countries.

Activating this cookie is essential for the operation of this website. Preventing activation of this cookie may prevent the proper display of this website.

7. Links

Our website features links to the external websites of third parties, whose contents are outside of the sphere of our influence. We cannot be held liable for the contents of these linked websites and expressly dissociate ourselves from them. Each of the contents of these websites is the responsibility of the respective website provider/operator. A thorough inspection of the aforesaid websites for any possible infringements immediately prior to being linked revealed no illicit contents of any kind. Should we become aware of any infringements, we will promptly remove the corresponding link. 

We furthermore offer links to the following social and business media platforms: 




LinkedIn Ireland Unlimited Company Wilton Place Dublin 2, Ireland


Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103


New Work SE Dammtorstraße 30 D-20354 Hamburg, Germany


By clicking on the corresponding icons, you open the links to the services of the corresponding providers. This is the only way you can send your data to these providers on this site. If you do not click on the corresponding icons, there can be no data exchange between you and the providers of these platforms. For more detailed information on the collection and use of your data by these social networks, please refer to the relevant terms of use of the corresponding Providers. 

8. SSL Encryption

In order to protect your data security during data transfer, we utilize state-of-the-art HTTPS encryption, such as SSL. 

9. External Service Providers

The following organizations, companies and individuals are hired by the operator of this Website as external service providers for data processing services in accordance with Art. 28 GDPR: IT service providers 

10. Changes to Our Data Protection Policy

We reserve the right to amend this Data Protection Declaration in order to ensure it is continuously up-to-date with the latest data protection requirements and/or with any changes in our services. Your visit to this website is subject to the most recent version of this Data Protection Declaration. 

11. Inquiries to Data Protection Officer

For any further questions about data protection, please contact us by e-mail or apply directly to the person in charge of data protection at our organization.