Privacy Policy

On every visit, the hosting provider automatically records server log data (IP address in shortened form, date and time, URL accessed, referrer, user agent). The legal basis is Art. 6 Abs. 1 lit. f DSGVO (legitimate interest in operational security, abuse prevention and technical optimisation). The logs are deleted after 14 days, unless they are required to investigate a specific security incident.

Data processed: name, email address, phone number, postal code, city (optional), preferred language, details about your concern (e.g. length of residence, residence title, language certificate) as well as, where applicable, nationality and specific details on residence status.

Purpose: initiating and carrying out the referral to a licensed lawyer to handle your concern; sending a confirmation message; providing a deletion link.

Legal bases:

• For general contact data: Art. 6 Abs. 1 lit. b DSGVO (initiation of a lawyer engagement at your request) and Art. 6 Abs. 1 lit. a DSGVO (consent).
• For special categories of personal data within the meaning of Art. 9 Abs. 1 DSGVO (in particular nationality, residence status): Art. 9 Abs. 2 lit. a DSGVO, your explicit consent, which you give when submitting the form via the mandatory checkbox.

Recipient: exactly one lawyer selected by us, licensed by the Federal Bar Association (Bundesrechtsanwaltskammer) and based in Germany. With the transmission of your data to the lawyer, the lawyer becomes the data controller in their own right within the meaning of Art. 4 Nr. 7 DSGVO. The lawyer's duty of confidentiality under § 43a Abs. 2 BRAO and § 203 StGB additionally applies. We do not pass data on to any further third parties, in particular not to authorities. An obligation to disclose to authorities exists only where we are legally required to do so, or required by an enforceable order of an authority or court.

Retention period: Your data is deleted on our side 60 days after submission of the request, unless you have already deleted it yourself beforehand. After referral to a lawyer, further storage at the lawyer's office is subject to that lawyer's own professional retention obligations (as a rule six years after the end of the engagement, § 50 Abs. 1 BRAO).

Encryption: Your entries are encrypted before storage using an asymmetric scheme (libsodium “crypto_box_seal”, AES-256-GCM). The private key required for decryption is stored outside the database and is not used by the provider operationally to inspect the content of individual requests. Plain-text access to your case details is granted only to the referred lawyer after purchase.

Obligation to provide: Providing your data is voluntary but necessary in order to enable a referral to a lawyer. Without these details and your consent we cannot provide the lawyer referral service.

Withdrawal: You can withdraw your consent at any time with effect for the future. The confirmation email contains a link to immediately delete your request on our side. Data that has already been transmitted to a lawyer cannot be recalled by our withdrawal. In that case, please contact the law firm directly.

After submitting the form, you receive a confirmation email with a deletion link. The legal basis is Art. 6 Abs. 1 lit. b DSGVO (performance of the referral relationship).

Where we use external service providers, this takes place on the basis of a data processing agreement within the meaning of Art. 28 DSGVO. These processors may only process your data on our behalf and under our instructions:

Where data is transferred to a third country outside the EU/EEA, this takes place on the basis of standard contractual clauses under Art. 46 Abs. 2 lit. c DSGVO and, where applicable, further supplementary safeguards.

This website uses no tracking cookies, no analytics, no advertising tags. We run a simple language A/B test in which assignment of the test variant happens statelessly per request and stores or reads no personal data whatsoever.

You have the following rights vis-à-vis us regarding the data concerning you:

• Right of access (Art. 15 DSGVO)
• Right to rectification (Art. 16 DSGVO)
• Right to erasure (Art. 17 DSGVO)
• Right to restriction of processing (Art. 18 DSGVO)
• Right to data portability (Art. 20 DSGVO)
• Right to object to processing based on legitimate interests (Art. 21 DSGVO)
• Right to withdraw consents given, with effect for the future (Art. 7 Abs. 3 DSGVO)

To exercise these rights, please contact datenschutz@culibrk.de.

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 DSGVO). The competent authority is the supervisory authority of the federal state of your residence or the supervisory authority responsible for us:

Die Landesbeauftragte für den Datenschutz Niedersachsen
lfd.niedersachsen.de

Transmission takes place encrypted via TLS (HTTPS). Form content is stored on the server using an asymmetric encryption scheme (libsodium sealed-box, AES-256-GCM). The key required for decryption is stored outside the database; the provider does not carry out any content inspection of individual requests.

We may amend this Privacy Policy to reflect changes in the law or in our processing activities. The latest version is always available with a date on this page.