Neuer Wall 80 20354 Hamburg, Germany
Contact address
Fax +49 (40) 605 901 93-8

Law Firm for Medical Law

Privacy Information / Privacy Policy


1. Controller

1.1 The controller pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is the law firm:

Medizin.Legal Logo

Dr. Juliane Winter
Neuer Wall 80
20354 Hamburg, Germany

Phone. +49.40.605 901 93-1
Fax +49.40.605 901 93-8
E-Mail Data Protection Contact address
Website www.medizin.legal

1.2 If you have any questions or suggestions regarding this information, or if you wish to exercise your rights, please direct your inquiry to the aforementioned email address or postal address.


2. General Information

2.1 Personal data within the meaning of Art. 4(1) GDPR refers to all data that can be related to you personally, e.g., name, address, email addresses, user behavior.

2.2 The processing of personal data (see Art. 4(2) GDPR) is lawful under Art. 6 GDPR if one of the following conditions is met:

  • 2.2.1 The data subject has given their consent to the processing of their personal data for one or more specific purposes (Art. 6(1)(a) GDPR);
  • 2.2.2 The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR);
  • 2.2.3 The processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6(1)(c) GDPR);
  • 2.2.4 The processing is necessary to protect the vital interests of the data subject or another natural person (Art. 6(1)(d) GDPR);
  • 2.2.5 The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6(1)(e) GDPR);
  • 2.2.6 The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Art. 6(1)(f) GDPR).

2.3 Unless otherwise specified in this privacy policy, your personal data will only be stored for as long as is necessary to achieve the purpose of the processing or to fulfill our contractual or legal obligations (e.g., tax or commercial law requirements).

2.4 As a data subject, you have the following general rights:

  • Right of access;
  • Right to rectification or erasure;
  • Right to restriction of processing;
  • Right to object to processing;
  • Right to data portability.

These rights are based on Articles 15 – 21 GDPR.

2.5 If a processing activity is based on your consent, you have the right to withdraw your consent at any time with future effect, pursuant to Art. 7(3) GDPR.

2.6 If a processing activity is based on public or legitimate interests, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, pursuant to Art. 21(1) GDPR.

2.7 If there are no compelling legitimate grounds for processing that override your interests, rights, and freedoms, your personal data will no longer be processed. Compelling legitimate grounds that prevent a successful objection may exist if the processing of your personal data is necessary for the establishment, exercise, or defense of legal claims.

2.8 You also have the right to lodge a complaint with a competent data protection supervisory authority regarding the processing of your personal data by the law firm. The supervisory authority responsible for us is:

The Hamburg Commissioner for Data Protection and Freedom of Information,
Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany.

You may also contact any other data protection authority.

2.9 Your data will generally not be transferred to third parties.

2.10 Various service providers act on our behalf for the operation and optimization of the website through data processing under contract. This includes central IT services as well as the hosting of our website (maintenance, support). These companies act on our behalf in accordance with Art. 28 GDPR and may only use the data provided to them as per our instructions. We ensure compliance with legal data protection measures by agreeing on specific data security measures with these companies, conducting regular checks, and entering into data processing agreements from the start. The following categories of recipients under Art. 13(1)(e) in conjunction with Art. 4(9) GDPR are generally classified by us: IT and hosting service providers.


3. Data Processing When Contacting Us

3.1 For inquiries, the law firm offers the option to contact us via email or contact form. The following data will be processed in this case:

  • 3.1.1 Your name, consisting of first and last names;
  • 3.1.2 Your email address;
  • 3.1.3 The subject ("subject") you provided;
  • 3.1.4 Your message;
  • 3.1.5 The date and time of sending;
  • 3.1.6 Any further details you provide in your email (e.g., your phone number).

3.2 Your data will be used by the law firm to contact you and provide advice if you assign us a task. The data collected will be deleted once storage is no longer required, or processing will be restricted if statutory retention obligations apply. The legal basis for processing is your voluntary consent (Art. 6(1)(a) GDPR), and thereafter Art. 6(1)(b) GDPR if you assign us a task.


4. Processing of Personal Data When Visiting This Website

4.1 When you visit the website medizin.legal, information is automatically sent from the browser on your device to the server of our website. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automated deletion:

  • 4.1.1 Date and time of access;
  • 4.1.2 Name and URL of the retrieved file;
  • 4.1.3 Website from which access is made (referrer URL);
  • 4.1.4 Browser used and, if applicable, your computer's operating system and the name of your access provider.

4.2 This data is processed for the following purposes:

  • 4.2.1 Ensuring a smooth connection to the website;
  • 4.2.2 Ensuring convenient use of our website;
  • 4.2.3 Technical management and security of the website;
  • 4.2.4 Evaluation of system security and stability;
  • 4.2.5 For other administrative purposes.

4.3 The legal basis for data processing is Art. 6(1)(f) GDPR. The legitimate interest arises from the purposes listed above for data collection. Under no circumstances will the collected data be used to draw conclusions about your identity. The stored data will be deleted after 14 days, except in cases where specific indicators suggest illegal use. In this exceptional case, the longer storage of the aforementioned data is required for further examination.


5. Integration of Google Web Fonts

5.1 External fonts are integrated on the website, using Google Fonts. Google Fonts is a service of Google Inc. ("Google"). The integration of these Google Fonts is carried out by a server call, usually a Google server in the USA.

5.2 The IP address of the browser of the visitor's end device is also stored by Google (Google's privacy policy is available at www.google.com/policies/privacy/).

5.3 The previously mentioned information on the integration of Google Maps also applies here. Data processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest is to provide you with a technically and visually smooth and readable website and thus an optimized user experience.


6. Social-Media

6.1 We also use social media platforms as part of our website, namely LinkedIn.de and XING.de.

6.2 We maintain company profiles on LinkedIn. Although we do not use social media plugins from LinkedIn, we do link to our company page, which is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

6.3 Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

6.4 For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is generally the sole data controller. Further information on the processing of personal data by Twitter Inc. can be found at https://twitter.com/en/privacy.


LAST UPDATED August 2024