In this privacy policy AV LEGAL Boutique Law Firm (“we”) inform you about the processing of personal data when using our website und the other offers described below. 

Personal data means any information relating to an identified or identifiable person. In particular, this includes information that enables us to draw conclusions about your identity, such as your name, your telephone number, your address or email address. But also, certain identifiers such as your IP address or the device ID of your used end device belong to personal data.

1. Contact

The point of contact and so-called controller for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is

Attorney-at-Law Aleksandra Vujinović

Mathildenstrasse 17

63065 Offenbach

Germany

Phone: +49 151 5522503

E-Mail: vujinovic@avlegal.de

2. Data processing on our website

2.1. Visiting our website /connection data

Every time you use our website, we collect the connection data automatically transmitted by your browser in order to make visiting the website possible. This connection data includes the so-called HTTP header information, including the user agent, and contains in particular:

• IP address of the requesting device;
• method (e.g. GET, POST), date and time of the request;
• address of the website visited and the path of the requested file;
• if applicable, the previously accessed or requested website
• information about the browser used and the operating system;
• HTTP protocol version, HTTP status code, size of the delivered file;
• request information such as language, type of content, encoding of content, character sets.

It is strictly necessary to process this connection data and to store the security cookie to make it possible to visit the website and to guarantee the long-term functionality and security of our systems and to maintain our website administratively in general. The connection data is also stored temporarily and limited to the necessary content in internal log files for the purposes described above, for example in order to find the cause of repeated or criminal calls that endanger the stability and security of our website and to take action against them.

The legal basis for this is Art. 6(1)(b) GDPR, if the page view occurs in the course of the initiation or performance of a contract, and otherwise Art. 6(1)(f) GDPR due to our legitimate interest in enabling website access and permanent functionality and security of our systems. In this case, access to and storage of information in the device is strictly necessary and based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 (2) No. 2 TDDDG.

We do not use your data to draw conclusions about you personally. Information of this kind is statistically evaluated by us . anonymously, if necessary, in order to optimize our website and the technology behind it.

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website when the respective session has ended. In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are anonymized, so that an assignment of the calling client is no longer possible.

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited. For this reason, an objection is excluded.

2.2. Making contact

There are a number of ways for you to contact us. This includes in particular the contact form, a phone call or an e-mail by means of the contact addresses mentioned above. In this context we process data exclusively for the purpose of communicating with you.

The legal basis for this is Art. 6(1)(b) GDPR, insofar as your information is required to answer your inquiry or to initiate or perform a contract, and otherwise Art. 6(1)(f) GDPR due to our legitimate interest that you contact us and that we can answer your inquiry.

The data we collect when you contact us will be automatically erased once we have finished processing your enquiry, unless we still require your enquiry to fulfill contractual or legal obligations (see „Storage period“).

2.3. Use of cookies and similar technologies for usage analysis and marketing

Like many other websites, we also use so-called “cookies”. Cookies are small text files that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. You can delete individual cookies or the entire cookie inventory. 

In order to improve the presentation of the content on our website, we use cookies and similar technologies for statistical recording and analysis of general usage behavior based on access data. In addition, we use services from external service providers who process the access data generated when using our website in order to enable the display of interest-based advertising, for example in the context of search queries.

You can delete individual cookies or the entire cookie inventory. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you can find the necessary information under the following links:

• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
• Opera: http://www.opera.com/de/help
• Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE

We only use optional cookies and similar technologies for marketing and analysis purposes if you have given your consent for data processing in accordance with Art. 6 (1)(a) GDPR Access to and storage of information in the device is based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 (1) TDDDG.

2.4. Embedded YouTube videos

We embed YouTube videos on our website. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter “YouTube”). YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA (hereinafter “Google”). When you visit a page with the YouTube plugin, a connection to YouTube servers is established. In the process, YouTube is informed which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand. 

If a YouTube video is started, the provider uses cookies that collect information about user behavior. For more information on the purpose and scope of data collection and processing by YouTube, please refer to the provider’s privacy policy, There you will also find further information on your rights in this regard and settings options to protect your privacy (https://policies.google.com/privacy).

No option for a simple opt-out or blocking of data transmission is currently offered by the provider. If you wish to prevent tracking of your activities on our website, please revoke your consent for the relevant cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website or may only be able to use it to a limited extent.

3. Online presences in social networks

We maintain various online presences in social networks in order to communicate with interested parties and to inform them about our products and services:

• Instagram Fanpage of Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland („Instagram“)
• LinkedIn company page of LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland („LinkedIn“)

As part of the operation of our online presences in social networks, it is possible that we may access information such as statistics on the use of our online presences provided by the operator of the social network. These statistics are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country), employment-related information (e.g., job, function, industry, work experience, company size), and data on interaction with our online presence (e.g., likes, shares, subscriptions, viewing of images and videos) and the posts and content distributed via it. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information may also be used by us to adapt the design and our activities and content on the online presences and to optimize them for our audience. The collection and use of these statistics is subject to joint controllership with the operator of the social network.

For more information on joint controllership, the nature and scope of these statistics, and how to contact the social network, please see:

• Facebook and Instagram: Information about Page Insights data, Information about Page Insights;
• LinkedIn: Page Insights Joint Controller Addendum (the “Addendum”).

The legal basis for this data processing is Art. 6(1)(b) GDPR, in order to stay in contact with our customers and to inform them as well as for the implementation of pre-contractual measures with interested parties, and Art. 6(1)(f) GDPR based on our legitimate interest in effective information and communication with users.

We have no control over the data that the social network processes on its own controllership in accordance with the terms of use. However, we would like to point out that when you visit the online presence, data about your usage behaviour is transferred to the operator of the social network. The operator of the social network itself processes the aforementioned information possibly in order to compile more detailed statistics and for its own market research and advertising purposes over which we have no control. For this purpose, cookies and other identifiers are stored on the computers of the data subjects. Based on these usage profiles, advertisements are then displayed within the social network, for example, but also on third-party websites. You can find more detailed information on this in the privacy policies of the socal networks:

• Instagram
• LinkedIn

If we receive your personal data while operating the online presence of the social network, you are entitled to the rights stated in this data protection statement. If you also wish to assert your rights against the operator of the social network, the easiest way to do this is to contact them directly. The operator knows the details of the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can implement appropriate measures on request if you make use of your rights. We are happy to support you in asserting your rights to the extent possible and forward your requests to the operator of the social network.

4. Online meetings via “Teams”

We use „Teams“ to conduct online meetings, teleconferences and/or webinars (collectively, „Meetings“). Teams is software from Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18, Ireland („Microsoft“), which is available as a desktop, web and mobile app.

The legal basis for the processing of data to conduct meetings via teams is our legitimate interest in the effective and simple conduct of online meetings, discussion rounds and presentations pursuant to Art. 6(1)(f) GDPR. Insofar as the meetings are conducted in the context of existing contractual relationships with you, the legal basis is Art. 6(1)(b) GDPR. We are not responsible for any further data processing on the Teams product website, where the desktop software can be downloaded and the web app can be used.

During a meeting, the following data may be processed under certain circumstances:

• Participant details: Display name, if applicable, first name, last name, phone, email address, password (encrypted for authentication), profile picture;
• Metadata: Meeting topic and description, IP address, participant’s phone number, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of participant’s last activity on Teams, number of chat and channel messages, number of meetings attended, duration of time for audio, video, and screen sharing;
• For chat, or channel message usage: text data for display and logging if necessary;
• For audio usage: recording data of the microphone;
• For video use: recording data of the video camera;
• For recordings: Audio, video and screen sharing for storage in the cloud / Microsoft Stream;
• For telephone use: incoming and outgoing phone numbers, country name, start and end time, possibly other connection data such as the IP address of the device.

Before a meeting, you must register via our website or by e-mail. Your registration data will be processed by us. Before the meeting you will receive a confirmation email with an invitation link or a calendar date.

To participate in a meeting, you must at least provide information on your name and – in the case of telephone use – your telephone number, unless we enable anonymous participation in meetings. In the latter case, we will inform you of this possibility of anonymous participation in the course of the invitation. You can deactivate the transmission via microphone and camera at any time via the corresponding settings. Only with your consent and prior notification do we record meetings or log text data. Microsoft stores and uses the metadata to enable us to analyze and report on the use of Teams.

Microsoft may receive knowledge of the above data as part of the data processing in order to process it. All data traffic is encrypted (MTLS, TLS or SRTP) and data processing generally takes place on servers in the European Economic Area (EEA). Where possible, we also enable end-to-end encryption. In the event that data is nevertheless processed in the USA exceptional cases,  the adequacy decision of the USA applies due to the certification of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA according to the EU-US Data Privacy Framework.

For more information, see Microsoft’s privacy policy.

5. Disclosure of data

In principle, we will only pass on the data we collect if:

• you have given your explicit consent pursuant to Art. 6(1)(a) GDPR;
• disclosure is necessary pursuant to Art. 6(1)(f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
• we are legally obliged to do so under Art. 6(1)(c) GDPR; or
• this is permitted by law and is required under Art. 6(1)(b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may in particular include data centres that store our website and databases, IT service providers that maintain our systems, and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfillment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are carefully monitored by us.

In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

6. Data transfer to third countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (such as the USA), i.e. countries whose data protection level does not correspond to that of the European Union. 

Insofar as this applies and the European Commission has not issued an adequacy decision pursuant to Art. 45 GDPR for the respective countries, we have implemented appropriate safeguards to ensure an adequate level of data protection for any data transfers. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay, or the United Kingdom. In the case of the United States, this applies only insofar as the U.S. recipient is certified under the EU–U.S. Data Privacy Framework.

Where no adequacy decision exists for the respective country, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These measures include, in particular, the Standard Contractual Clauses of the European Union or binding internal data protection rules pursuant to Art. 46 GDPR.

Where this is not possible, we base the transfer of data on exceptions of Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the fulfilment of the contract.

If a transfer to a third country is intended and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence agencies) may be able to gain access to the transferred data in order to record and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. You will also be informed of this if consent is obtained for the data transfer via the consent banner.

7. Storage period

In principle, we only store personal data for as long as necessary to fulfill the purposes for which we have collected the data. We then delete the data without delay, unless we still require the data until the end of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

For evidence purposes, we must keep contract data for another three years after the end of the year in which the business relationship with you ends. After the standard statutory period of limitation, any claims become statute-barred at this point in time at the earliest.

Even after that, we are still required to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise on the basis of the German Commercial Code, the Fiscal Code, the Banking Act and the Money Laundering Act. The periods specified there for retaining documents range from two to ten years.

8. Your rights

You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing to you and provide you with an overview of the data stored about you. If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose. You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided. 

In order to assert your rights described here, you can contact us at any time using the contact details provided. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.

Your requests for the enforcement of data subject rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for a longer period if there are grounds for the enforcement, exercise or defense of legal claims. The legal basis is Art. 6 (1)(f) GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligations under Art. 5(2) GDPR.

Finally, you have the right to lodge a complaint with a data protection supervisory authority. You can assert this right for example by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .

9. Right of withdrawal and objection

You have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.

If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.

10. Obligation to Provide Your Data

Where the provision of your data is required for the conclusion of a contract (e.g. for ordering services), for the fulfilment of legal obligations, for contacting us, or for using other services and functions, the corresponding input fields are marked as mandatory (usually by an asterisk (*)). In this case, a contract cannot be concluded, the specific service cannot be provided, or the respective function cannot be used without these data.

All other information that is not marked as mandatory is provided on a voluntary basis. The provision of such data is not required for the conclusion of a contract, for the performance of the service, or for the use of the respective function and has no influence on the execution of the contract.

11. Automated Decision-Making

Automated decision-making, including profiling, within the meaning of Art. 22 GDPR, which produces legal effects concerning you or similarly significantly affects you, does not take place.

12.Amendments to This Privacy Policy

We reserve the right to amend this Privacy Policy in order to ensure that it always complies with the current legal requirements or to reflect changes to our services, for example when introducing new services. The new Privacy Policy shall apply upon your next visit to our website.

If you have any questions regarding data protection, please send us an email or contact the person responsible for data protection within our organisation directly.

Status: January 2026