Data protection information
1 Preamble
Below we inform you about the details of data protection when visiting our website.
The use of our website is generally possible without providing personal data.
Insofar as personal data is collected when you visit our website, we process it exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG).
The processing of personal data takes place exclusively in accordance with this privacy policy.
This privacy policy applies to the use of the website at the address www.notar-heinze.de. For linked content from other providers, the data protection declaration on the linked website is authoritative.
We would like to point out that security gaps can occur during data transmission via the Internet, which cannot be prevented by the technical design of this website. Complete protection of personal data is not possible when using the Internet.
2 Responsible body, Art. 13 para. 1 lit. a GDPR
is responsible for the processing of personal data in the context of the use of this website:
Notary Dr. Stefan Heinze
Gereonshof 2
50670 Cologne
Phone: +49 (0)221/179360
Fax: +49 (0)221/1793666
E-mail: info@notar-heinze.de
3 Data protection officer
We have appointed a data protection officer:
Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstrasse 45
58095 Hagen (NRW)
Phone: +49 (0)2331/356832-0
E-mail: datenschutz@gdi-mbh.eu
Internet: www.gdi-mbh.eu
4 Hosting
Our website is operated on servers of LegalNow GmbH, Lena-Christ-Straße 2, 82031 Grünwald (host).
We have concluded an order processing contract with LegalNow GmbH.
When you visit our website, data is automatically collected and stored in log files on our host's server. This data may have a personal reference. The data collected includes
- IP address of the requesting computer (in anonymized form)
- Date and time of access to our website
- Time zone of the requesting computer
- Access log
- Browser types and versions used
- the operating system of the requesting computer (referrer)
- other similar data and information that serve to avert danger in the event of attacks on our information technology systems
The hoster uses the collected data to ensure the trouble-free operation of the website as well as to ensure IT security and to improve our offer. If there are concrete indications, the log data may be subsequently analyzed. The temporary storage of the IP address by the hoster is necessary to enable the website to be delivered to the user's computer. For this purpose, your IP address must remain stored for the duration of the session.
This data is not merged with other data sources.
The legal basis for data collection is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in data collection arises from the aforementioned purposes.
The data is deleted by the host as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this technical information is deleted or made unrecognizable after seven days at the latest.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, you do not have the option to object.
5 Cookies
No (own) cookies are currently used to provide our website.
6 SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties (end-to-end encryption). The protocols authenticate the communication partner and ensure the integrity of the transmitted data.
7 Online forms
Our website is linked to a button for online data collection, which gives you the opportunity to send us data via an online form. If you use this online service from NotarNow (LegalNow GmbH, Lena-Christ-Straße 2, 82031 Grünwald, Germany), your details, including the contact details you provide there, will be automatically stored on the NotarNow servers for a short time for the purpose of processing the request and in the event of follow-up questions and then forwarded to us. Data transmission is encrypted using transport encryption via Secure Socket Layer (SSL/TLS).
The data is stored solely for the purpose of processing or contacting the data subject. The data will not be passed on to other third parties. The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested.
We will retain the data you provide on the online form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
When using the "cache" function, your online form entries are encrypted and stored anonymously for 30 days. If the online form is not sent to us within these 30 days, the form entries will be deleted automatically. A request for deletion on your part is not necessary in this case.
8 Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.
9 Own services/functions
9.1 Contact options (form / e-mail)
You can contact us by e-mail or using the contact form on our website.
In this context, your details from the form and/or from the e-mail, including the contact details you provide there, will be stored and processed by us for the purpose of processing the request and in the event of follow-up questions. This data (e.g. name, address, telephone number, e-mail address, IP address) will not be passed on to third parties without your consent.
The data is not merged with other data collected on this website.
The data may be stored as part of the notarial activity, provided that an appointment or commissioning has taken place.
The contact form is sent encrypted using TLS technology. The encryption serves to prevent unauthorized access to your personal data by third parties.
This data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 sentence 1 lit. f GDPR).
We will retain the data you provide on the contact form or in the email until you request its deletion, object to its processing or the purpose for its storage no longer pertains (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
9.2 Applications (e-mail)
On our website you have the opportunity to apply for a job in our company.
For this purpose, we accept digital applications, regardless of whether you are applying for a position advertised by us or whether it is an unsolicited application. You can find the separate data protection information for applicants under this Link
10 Cloudflare
Our website uses a so-called "Content Delivery Network" (CDN), offered by Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA.
The Content Delivery Network (CDN), as offered by Cloudflare, is a service that enables the content of our online offering, in particular large media files such as graphics or scripts, to be delivered more quickly via regionally distributed servers connected via the Internet. Scaling storage and delivery capacities are made available via the CDN. This ensures optimum data throughput even at high load peaks.
Via Cloudflare, user requests on our website are initially routed via Cloudflare servers in the USA. Statistics are compiled from these data streams. As a result, potential threats to our website from malware can be detected at an early stage and the loading times of our website are optimized.
The legal basis for the use of Cloudflare is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, insofar as you give us your consent to this when you first access the site.
We also have a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in using Cloudflare to optimize our online service and make it more secure. Nevertheless, we only use Cloudflare if you have given your consent.
We have concluded an order processing contract with Cloudflare, according to which Cloudflare is authorized and obliged to evaluate the information obtained and to create statistical reports for us on the type and scope of website use. These statistics enable us to continuously improve our offering and make our website more interesting and user-friendly for you as a user.
Cloudflare also processes data in the USA, among other places. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Deletion: The data obtained is automatically deleted by Cloudflare after 4 hours.
Further information can be found in Cloudflare's privacy policy: https://www.cloudflare.com/security-policy and https://www.cloudflare.com/de-de/privacypolicy/.
11 Google
11.1 Google Maps
On this website we use the offer of "Google Maps", operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Maps is integrated on the website via the Google API in order to visualize location information and display it in the form of a map. The files required for this purpose are requested via the Google domains maps.googleapis.com, maps.gstatic.com, fonts.googleapis.com and/or fonts.gstatic.com.
Gstatic is a domain used by Google to load static content into a different domain name to reduce bandwidth usage and increase network performance for the end user.
The processing of the IP address by Google Maps is technically necessary to display the map. With regard to the other web services integrated via Google Apis, the regulations in the respective section of this data protection declaration for Google Apis apply.
The legal basis for the use of Google Maps is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, insofar as you have given us your consent to this when you first access the site.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition
- the IP address,
- Date and time of the request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific page),
- Access status/HTTP status code,
- the amount of data transferred,
- the website from which the request originates (so-called referrer),
- Type and version of the browser used together with the language version used and
- Type and version of the operating system and the interface used
transmitted. This information (including your IP address) is transmitted directly from your browser to a Google server in the USA and stored there.
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
The transmission takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google profile before using our website. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
You can revoke your consent to data processing and transmission at any time without giving reasons by deleting the cookies in your browser.
The legality of data processing that has already taken place is not affected by the withdrawal of consent.
We have concluded a joint processing agreement with Google with regard to Google Maps. You can find the content at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.
Further information on the purpose and scope of data collection and its processing by Google can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.
11.2 Google Fonts
By integrating "Google Maps", "Google Fonts" are loaded, offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
We have no influence on this.
The files required for this purpose may be requested via the Google domains fonts.googleapis.com, maps.gstatic.com, maps.googleapis.com and/or fonts.gstatic.com.
Gstatic is a domain used by Google to load static content into a different domain name to reduce bandwidth usage and increase network performance for the end user.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition
- the IP address,
- Date and time of the request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific page),
- Access status/HTTP status code,
- the amount of data transferred,
- the website from which the request originates (so-called referrer),
- Type and version of the browser used together with the language version used and
- Type and version of the operating system and the interface used
transmitted directly from your browser to a Google server. According to its own information, Google does not store this information and only uses it to deliver the requested fonts and to recognize and, if necessary, ward off attacks on the IT system.
If you have given your consent for the aforementioned tools to be activated and for Google Fonts to be reloaded, the legal basis for data processing is this consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de
12 Your rights and assertion of rights
You are entitled to the rights listed below. You can assert these claims against us. To assert your rights, please use the above data or contact us by e-mail at: info@notar-heinze.de
Information:
In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
Correction:
In accordance with Art. 16 GDPR, you have the right to demand the immediate correction of incorrect or incomplete personal data stored by us;
Deletion:
In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Restriction of processing:
In accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
Data portability:
In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
Withdrawal of your consent:
In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. As a result, we may no longer continue the data processing based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Please send your revocation to the data given above or by e-mail to: info@notar-heinze.de
Right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performance of, a contract between you and the controller, is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
Complaint to a supervisory authority:
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at the registered office of our law firm.
13 Links to third-party websites
We link to third-party websites on our website. These websites have their own data protection notices.
We have no influence on the content of these linked websites.
We are not responsible for these websites. However, we have selected them carefully.
If you click on such a link, you leave our domain and open the external website in your browser. Data, usually at least your IP address, is transmitted to the server of the linked website.
If we become aware of illegal content, e.g. through notification by third parties, we will remove the link immediately.
14 Status of the data protection information
The constant development of the Internet makes it necessary to adapt our privacy policy from time to time. We reserve the right to make corresponding changes at any time.
Status: July 2025