Privacy Notice

Version effective 1 August 2025

1. General Information

We take the confidentiality and protection of your personal data very seriously. We therefore process your personal data only insofar as permitted under the statutory data‑protection provisions, in particular the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

This Privacy Notice provides information about how we, Aginom Partnerschaft mbB (“aginom”), process your personal data when you

  • visit our website (see section 3.1),
  • contact or correspond with us by email (see section 3.2),
  • use our services (see section 3.3), or
  • communicate with us by video or audio conference (see section 3.4).

This Privacy Notice contains the general information on our processing of personal data in connection with the above activities. Please also take note of any notices that we may provide for individual collection or processing operations carried out using specific technologies or in connection with particular processes.

Unless already stated specifically for the respective processing operation in section 3, you will find below (in sections 4–6) information that applies to all operations regarding the duration of storage, cooperation with processors, disclosure to third parties and to third countries, as well as your rights.

We may update this Privacy Notice at any time. The version published on this website is the current version.

Should you have any questions about this Privacy Notice or how we handle your personal data, please email us (info@aginom.com).

2. Controller

The controller responsible for the processing is:

Aginom Partnerschaft mbB
Unter den Nussbäumen 16
65779 Kelkheim (Taunus)
Germany
Phone: +49 6195 806 9000
Email: info@aginom.com

3. Data Collection and Processing

3.1 Website Visit

3.1.1 Description and scope of data processing

When you access our website www.aginom.com, the following technical information is automatically collected and anonymized immediately upon collection:

  • Referrer (previously visited website)
  • Requested webpage or file
  • Browser type and version
  • Operating system used
  • Device type used
  • Date and time of access
  • IP address in anonymized form (used only to determine the location of access)

The above data is stored in log files. This information does not allow us to draw any conclusions about your person, nor will we attempt to identify you by combining it with any other information. The visitor’s IP address is transmitted when a page is requested, then anonymized immediately after transmission and processed without personal reference.

In addition, the above data is processed by WebAnalytics: The data is determined either by a pixel or by a log file. To protect personal data, WebAnalytics does not use cookies. WebAnalytics stores no personal data of website visitors, so that no conclusions can be drawn about individual visitors.

The website is provided with TLS (Transport Layer Security) encryption via an SSL (Secure Socket Layer) certificate. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed depiction of the key or lock symbol in the lower status bar of your browser or by the secure protocol reference at the beginning of the URL displayed (“https://[…]” instead of “http://[…]”).

Our website includes links to external services (e.g., LinkedIn). When you follow such a link, you leave our pages; the respective provider is solely responsible for any data processing on their site.

The content of our website is hosted with the following provider: IONOS SE, Elgendorferstraße 57, 56410 Montabaur, Germany. We have concluded a data‑processing agreement with this provider in accordance with Art. 28 GDPR.

Where Google Fonts are used on the website, they are stored locally on the web server hosted for us, i.e. without data transfers to Google.

3.1.2 Purpose of data processing

The data collected is used to enable smooth connection establishment, to ensure the security and stability of our offering and to provide website visitors with the highest possible level of quality.

In WebAnalytics the data are additionally collected for statistical analysis and technical optimisation of the web offering.

3.1.3 Legal basis of data processing

The legal basis for data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

3.1.4 Special information regarding cookies

Our website uses only cookies that are necessary to provide basic functions. These cookies are not used for advertising or tracking. Specifically, we set a session cookie to link your visit technically (this is deleted when you close your browser) and a language‑selection cookie (wp-wpml_current_language) that stores your chosen language throughout the session (and that expires at the end of the session). These cookies are indispensable for operating the website and are exempt from consent under Section 25 (2) no. 2 of the German Telecommunications‑Digital‑Services‑Data‑Protection Act (Telekommunikations-Digitale-Dienste-Datenschutz-Gesetz – TDDDG). The data is processed on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in providing the website in a technically stable, secure and language‑appropriate manner. You can, of course, delete or block cookies at any time via your browser settings. Please note, however, that the website may not function fully without these necessary cookies.

For more in-depth information about cookies and how they work and store date, you may refer to Wikipedia’s entry for “HTTP Cookie”.

3.2 Contact and communication by email

3.2.1 Description and scope of data processing

Our website lists an e‑mail address that you can use for initial contact, and it may also refer to e-mail addresses of individuals working at aginom. You may also correspond with us in general by e‑mail. If you send us an e‑mail, the personal data transmitted with the e‑mail is stored and processed according to the purpose of your communication. (An engagement for legal advice or representation or any other contractual relationship is created only by express acceptance of an engagement by the firm aginom. In that case the provisions set out in section 3.3 apply to the further processing of your personal data.)

Please note: Communication by unencrypted e‑mail entails security risks. Unauthorized third parties could, among other things, gain knowledge of the transmitted content. We therefore recommend the use of secure communication channels for transmitting confidential information—please feel free to contact us about this. Otherwise, we assume that you agree to mutual e‑mail communication with aginom without special signature or encryption procedures.

3.2.2 Purpose of data processing

We process your personal data solely to handle your enquiry or message in accordance with the respective purpose of that communication.

3.2.3 Legal basis of data processing

The legal basis for processing the data transmitted by e‑mail is Art. 6 (1) (f) GDPR (legitimate interest). To the extent the e‑mail aims at concluding a contract or relates to an existing contractual relationship, Art. 6 (1) (b) GDPR (pre‑contractual measures or performance of contract) serves as the legal basis.

3.3 Provision of Our Services

3.3.1 Description and scope of data processing

Once a contract for the provision of services by aginom is concluded—or in the course of initiating such a contract—we collect additional personal data. We employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties, taking into account the state of the art, implementation costs, and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its likelihood and impact) for the data subjects. Our security measures are continuously improved in line with technological developments.

We are happy to provide you with further details upon request.

3.3.2 Purpose of data processing

We collect this data in order to

  • identify you as our (potential) client and contractual partner,
  • check whether any conflict of interest exists that would prevent us from accepting an engagement,
  • advise or represent you appropriately and generally to fulfil our contractual obligations to you,
  • correspond with you,
  • issue invoices,
  • handle any potential liability claims and assert any claims against you,
  • comply with legal obligations, and
  • carry out general administrative activities such as accounting, knowledge management and electronic file keeping.

3.3.3 Legal basis of data processing

Processing is carried out at your request and is necessary pursuant to Art. 6 (1) (b) GDPR to review potential conflicts of interest while initiating a contractual relationship and, if applicable, to handle the engagement and perform mutual obligations under the contract with aginom. Collecting your personal data is indispensable for concluding a contract and fulfilling contractual obligations. If you do not provide the requested information, neither a successful contract conclusion nor further contractual services are possible.

We are also partially obliged by law to process data (Art. 6 (1) (c) GDPR). For certain engagements, for example, under the German Money‑Laundering Act (Geldwäschegesetz – GWG), we are required to identify our clients and therefore need the necessary information from you (Section 11 (6) sentence 1 GwG). Under Section 50 of the German Federal Code for Lawyers (Bundesrechtsanwaltsordnung – BRAO) we are professionally obliged to maintain legal files and may use electronic data processing for this purpose.

Otherwise, the processing of your personal data for administrative purposes is based on Art. 6 (1) (f) GDPR, as it serves our legitimate interest in operating our law firm.

3.3.4 Disclosure of data to third parties

We do not transmit your personal data to third parties for purposes other than those listed below.

Where necessary pursuant to Art. 6 (1) (b) GDPR for handling engagements for legal services and other contractual relationships with you, your personal data is disclosed to third parties. This includes, in particular, disclosure to opposing parties and their representatives (especially their lawyers) as well as courts and other public authorities for the purpose of correspondence and to assert and defend your rights and, where applicable, to arrange cost coverage with your legal expenses insurer. The recipients may use the disclosed data solely for the purposes stated. Attorney‑client confidentiality remains unaffected.

We process engagement‑related data and files electronically using cloud storage services. Such services act as processors on our behalf and are contractually obliged pursuant to Art. 28 GDPR to process your data solely according to our instructions and to implement appropriate security measures. Our primary service provider for such storage services is IONOS SE, Elgendorferstraße 57, D‑56410 Montabaur, Germany (the server location is in Germany and certified to ISO 27001).

3.4 Video and Audio Conferences / Online Chats

3.4.1 Description and scope of data processing

To conduct video or audio conferences and/or online chats, in each case as agreed with you, we use suitable communication software and services provided by external vendors. This generally requires processing the following personal data:

  • Name,
  • E‑mail address,
  • if applicable, telephone number,
  • meeting ID or other session‑specific identifier,
  • if used by you, the video and/or audio data stream relating to your communication and that of other participants in the conference,
  • if used by you, text communication (chat) data, any files you upload and data displayed on your screen if you actively use the “share screen” function.

3.4.2 Purpose of data processing

We collect and process these data solely to communicate about the subject (as stated in the meeting invitation or otherwise agreed).

3.4.3 Legal basis of data processing

Data processing is carried out in the context of contract initiation or performance pursuant to Art. 6 (1) (b) GDPR, otherwise pursuant to Art. 6 (1) (f) GDPR (legitimate interest).

3.4.4 Recordings and further processing

We do not record, transcribe, automatically summarize or otherwise further process the above data without your prior consent (and that of all other participants). Each service uses different methods to indicate the activation and deactivation options for the respective functionality. Please pay attention to the relevant notices.

Otherwise, your data is stored only to the extent technically necessary for the respective session.

3.4.5 Notes on individual providers

In particular, we use the following services for communication and provide the following additional information. Please note that we have no control over any data collection by the respective provider itself (e.g., your login or account information for the relevant service).

Zoom

This service is provided by Zoom Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom’s privacy policy: https://explore.zoom.us/en/privacy/.

Microsoft Teams

This service is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in Microsoft’s privacy statement: https://privacy.microsoft.com/en-us/privacystatement.

The use of both Zoom and Microsoft Teams may involve data transfers outside the EU or EEA, including transfers to the USA. Both companies are certified under the EU‑US Data Privacy Framework (DPF). The DPF is an arrangement between the European Union and the USA that is intended to ensure compliance with European data‑protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these standards. Further information is available from the provider: https://www.dataprivacyframework.gov/.

Data transfers to the USA are additionally based on the EU Commission’s standard contractual clauses, to which both companies refer in their respective privacy notices.

There is a data processing agreement between aginom and Zoom, as well as between aginom and Microsoft, according to Article 28 GDPR.

We are open to using an alternative provider or communication channel of your preference, particularly if you require or wish to further reduce any residual risk of access by authorities outside the EU. Please contact us at any time so that we can meet your requirements, especially with regard to the provider’s registered office and server location.

3.5 No automated decision‑making

We do not use any personal data collected from you in a procedure for automated decision‑making (including profiling).

4. Duration of storage and deletion of data

Your personal data are deleted or blocked as soon as they are no longer required to achieve the purpose for which they were collected and unless statutory regulations (especially retention obligations) require longer storage.

Visitor data collected when the website is accessed are stored for eight weeks and then deleted.

If aginom is engaged to provide services, the personal data we collect are stored until the statutory retention period expires (for lawyers six years after the end of the calendar year in which the engagement was terminated) and then deleted, unless we are obliged to store them for a longer period pursuant to Art. 6 (1) (c) GDPR due to tax and commercial retention and documentation obligations (under the German Commercial Code, Criminal Code or Fiscal Code), the storage is necessary for the assertion of claims or the defense against (threatened) claims (Art. 6 (1) (f) GDPR), or you have given your consent to store your data beyond this pursuant to Art. 6 (1) (a) GDPR.

5. Cooperation with processors

We employ other service providers in the areas of IT, logistics, telecommunications and payment services to conduct our business in addition to those expressly mentioned in this Privacy Notice. They act solely on our instructions and have been contractually obliged pursuant to Art. 28 GDPR to comply with data‑protection regulations.

6. Transfer of personal data to third countries

In the course of our business relationship, your personal data may be disclosed or made available to third‑party companies, which may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing occurs exclusively to fulfil contractual and business obligations and to maintain your business relationship with us (legal basis Art. 6 (1) (b) or (f) in conjunction with Art. 44 et seq. GDPR). We will inform you of the details of any disclosure at the relevant points.

The European Commission has recognised some third countries as having a level of data protection comparable to the EEA standard through so‑called adequacy decisions (a list of these countries and copies of the decisions can be obtained here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). In other third countries to which personal data may be transferred, there may be no consistently high level of data protection due to missing legislation. Where this is the case, we ensure that data protection is adequately guaranteed, for example through binding corporate rules, the European Commission’s standard contractual clauses for the protection of personal data pursuant to Art. 46 (1), (2)(c) GDPR (the 2021 standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915), certificates or recognized codes of conduct. Please contact us if you require further information on this subject.

7. Your rights

With regard to all scenarios described in this Privacy Notice, you have the right to:

  • request information pursuant to 15 GDPR about the personal data we process concerning you;
  • request without undue delay the rectification of inaccurate or completion of your personal data stored by us pursuant to 16 GDPR;
  • request the erasure of your personal data stored by us pursuant to 17 GDPR;
  • request the restriction of processing of your personal data pursuant to 18 GDPR;
  • receive your personal data that you have provided to us in a structured, commonly used and machine‑readable format or request their transmission to another controller pursuant to 20 GDPR;
  • object to the processing pursuant to 21 GDPR if the processing is based on Art. 6 (1) (f) GDPR. When exercising such an objection, please explain the reasons why we should not process your data as we have done. If your objection is justified, we will examine the circumstances and either stop or adjust the data processing or demonstrate our compelling legitimate grounds for continuing the processing. If you object to the storage of your data in the context of an e‑mail correspondence, the conversation cannot be continued and the provision of any services by us may thus become impossible;
  • withdraw your consent at any time pursuant to 7 Abs. 3 GDPR, with the result that we may no longer continue any data processing that was based on this consent in the future;
  • lodge a complaint with a supervisory authority pursuant to 77 GDPR. You can normally contact the supervisory authority at your usual place of residence, place of work or our registered office. The competent supervisory authority for the state of Hessen, which is also responsible for our registered office, is:

Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163
65021 Wiesbaden
Phone: +49 611 1408‑0
Fax: +49 611 1408‑900
Email: Poststelle@datenschutz.hessen.de

Date of last update: 01 August 2025