Privacy notice

November 26, 2025

This English version of the privacy policy is a machine translation provided for your convenience. In the event of any discrepancies or inconsistencies between the English version and the original German version, the German version shall prevail and be legally binding. We recommend referring to the German version for the most.

A. Scope of application

Thank you for your interest in Hartmann + Keutner Partnerschaft von Patentanwälten mbB (“Hartmann + Keutner,” “we,” or “us”). With this privacy policy, we would like to provide you, as the person affected by the processing of personal data (“you,” “client,” or “user”), with comprehensive information about how we handle your personal data.

1. Terms

a. “Personal data”

is any information that can be used to directly or indirectly identify a natural person or that is suitable for making a person identifiable. For example, a person can be identified by reference to an identifier such as a name, an identification number, location data, or by reference to individual physical, physiological, economic, or cultural identity characteristics. For personal reference, it is sufficient that individualization is possible by means of “sorting.” It is therefore possible that we process personal data without knowing your identity (e.g., when we process purely technical data such as your IP address).

b. “Data subject”

is a natural person who is identified or identifiable.

c. “Restriction of processing”

is the marking of stored personal data with the aim of restricting its future processing.

d. „Profiling“

is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

e. “Controller”

is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

f. “Processor”

is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

g. “Recipient”

a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

h. “Third party”

is a natural or legal person, public authority, agency, or other body, other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

i. “Consent”

of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

j. “Processing”

personal data means any operation or set of operations which is performed on personal data or on sets of personal data. It does not matter whether the data processing is automated or not. Processing may include, for example, the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, and destruction of personal data.

2. Scope of application

This privacy policy applies to the processing of your personal data when
• you visit our website www.hartmann-keutner.de or our social media pages,
• you contact us by mail, email, or phone,
• we process your personal data in connection with the handling of a mandate,
• we advertise (e.g., online, by mail, or by phone), or
• we process your personal data in the course of ongoing business transactions.

B. General information

1. Responsible person

We are responsible for the processing of personal data described in this privacy policy. This means that Hartmann + Keutner determines the purposes and means of processing your personal data. If you have any questions regarding data protection, please contact us as follows:
Hartmann + Keutner Partnerschaft von Patentanwälten mbB
Kurfürstenstraße 20
47906 Kempen
Germany
Phone: +49 176 353 67 447
Email: mail@hartmann-keutner.de

2. Purposes and legal bases of processing

The purposes and legal bases for processing your personal data may vary from case to case. The purposes are often related to the legal bases under the General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (“BDSG”), which we explain briefly here:

a. Fulfillment of a contract or in the run-up to a contract

We process your personal data in order to fulfill contractual or quasi-contractual obligations towards you, or to provide you with information in advance of a possible contract conclusion at your request, e.g., to advise you on our services or to respond to inquiries. The legal basis for processing is Art. 6 para. 1 lit. b GDPR (DSGVO).

b. Compliance with a legal obligation

We are subject to certain legal obligations that require the processing of your personal data. For example, professional and tax law obligations require certain personal data to be stored for specified periods of time. The legal basis for processing is Art. 6 (1) (c) GDPR (DSGVO).

c. Legitimate interests

We also process your personal data when we pursue legitimate interests. These may be our own interests or those of third parties (such as our clients). Legitimate interests can be of various kinds (e.g., legal or economic interests). Legitimate interests can justify processing if they outweigh your conflicting interests or fundamental rights and freedoms that require the protection of your personal data. The legal basis for processing is Art. 6 (1) (f) GDPR (DSGVO).

d. Consent

In some cases, we process your personal data on the basis of your consent. If we need your consent, we will inform you in advance about which personal data we intend to use and how we will use it. If you have given us your consent to collect, use, or disclose your personal data in a specific manner, you have the right to withdraw your consent at any time with effect for the future. You are not obliged to give us your consent. Please note that without your consent, we may not be able to provide certain services that require data processing. The legal basis for your consent is Art. 6 (1) (a) GDPR (DSGVO).
If we process special categories of personal data based on your consent, the legal basis is Art. 9 (2) (a) GDPR (DSGVO).

e. Assertion, exercise, or defense of legal claims

Special categories of personal data that we process within the scope of the mandate serve to assert, exercise, or defend the legal claims of our clients. The legal basis is Art. 9 (2) (f) GDPR.
Detailed information on the respective purposes of processing can be found under the respective processing activities in Section C.

3. Storage period

We only process your personal data for as long as is necessary to fulfill the purposes for which it was collected. This also applies to the fulfillment of our legitimate interests or legal storage and documentation obligations that we must observe. When determining the retention period required in each individual case, we take into account the scope, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and the applicable legal provisions.
The statutory retention and documentation obligations are generally between two and ten years and arise, for example, from Section 147 of the German Fiscal Code (Abgabenordnung) or Section 44 of the German Patent Attorney Regulations (Patentanwaltsordnung).
We will carry out the deletion ourselves within a certain cycle, unless there is a particular interest in continued storage in individual cases, e.g., in the event of cyber attacks.
If legal storage and documentation obligations or the protection of our legitimate interests require longer storage, for example in the event of legal disputes, your personal data will also be stored and processed for a longer period of time.

4. Disclosure to third parties

As is customary in the course of business, we also pass on your personal data to third parties depending on the processing:

a. Service providers

We share your personal data with contractors and service providers who need your personal data to provide you with services. These service providers act on our behalf and follow our instructions regarding your personal data. We enter into appropriate confidentiality and non-disclosure agreements with service providers. Service providers include, for example, web hosting and maintenance providers, software and technology support providers, email communication providers, data storage providers, shipping service providers, and developers.

b. Consultant

In some cases, we also use the services of providers who perform their services independently and are not strictly bound by our instructions. This is the case, for example, with tax advisors, lawyers, banks, payment service providers, and similar parties. They process your personal data themselves as controllers.

c. Business partners

In some cases, we share your personal data with our business partners, who also use it for their own purposes. Although these business partners also work on our behalf, they may also pursue other interests with the data (e.g., when subcontracting (patent) attorneys abroad). They are also independent controllers.

d. Public authorities

We may disclose your personal data to courts, law enforcement agencies, criminal prosecution authorities, other authorities and government agencies, and other public bodies. This will be done either when required by law or when we reasonably believe that such action is necessary to:
• comply with applicable laws and respond to requests from law enforcement agencies,
• detect or respond to potential civil or criminal violations, such as violations of agreements or laws, or
• otherwise protect the rights, property, or personal safety of us, our team members, or others.

e. Third parties involved in the mandate

In the course of handling your mandate, it will regularly be necessary to pass on your data to third parties involved so that we can examine and enforce your legal claims. These may include, for example, legal expenses insurers, witnesses, or other parties involved in the proceedings.

f. With your consent

We may share your personal data with third parties or publish it if you give your consent. For example, with your consent, we may publish your experience report on our website or in service-related publications.
Detailed information about the service providers we use can be found in the appendix.

5. Origin of personal data

In most cases, we collect personal data directly from you, e.g. when you communicate with us or share documents with us. As with most digital platforms, we and our third-party providers automatically collect your personal data when you use our services.
We may receive personal data from third parties, such as other parties involved in proceedings or authorities.
In some cases, we collect your personal data from third parties, for example when your employer provides us with your contact details as a contact person.

6. Transfers to third countries

As a matter of principle, we take care to keep your personal data as local as possible. However, in order to provide you and our clients with the best possible service, we also use service providers and business partners who process data in so-called third countries or access it from such countries (e.g., to perform maintenance work). Third countries are countries outside the European Economic Area.
For some of these third countries, there is an adequacy decision by the European Commission. This may apply either to the entire country (e.g., the United Kingdom) or to the respective company (e.g., companies certified under the EU-US Data Privacy Framework). With such a decision, the European Commission determines that a level of data protection equivalent to that in the EU can be expected. An overview of the adequacy decisions can be found here.
Where no such adequacy decision exists, we ensure that your personal data is still subject to an adequate level of protection by applying one or more of the following security mechanisms:
• We conclude the standard contractual clauses adopted by the European Commission, in conjunction with appropriate additional safeguards where necessary.
Where no such adequacy decision exists, we ensure that your personal data is still subject to an adequate level of protection by applying one or more of the following safeguards:
• We conclude the standard contractual clauses adopted by the European Commission, in conjunction with appropriate additional measures where necessary. The decision and the model text of the standard contractual clauses can be found here.
• The transfer is carried out within the framework of appropriate safeguards, such as binding corporate rules.

7. Obligation to provide your personal data

There is no contractual or legal obligation to provide us with your personal data. However, if you wish to contact us or use our services, certain information may be required so that we can process your request or mandate.

8. Automated decision-making and profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, if
• the decision is not necessary for the conclusion or performance of a contract,
• it is not required by mandatory legal provisions, or
• it is not based on your explicit consent. Hartmann + Keutner does not use automated decision-making processes, including profiling, unless we have explicitly informed you about such processes.

C. Information on individual processing activities

We collect and process various personal data from you depending on the specific processing situations.

1. Website

a. Visiting our website (log data)

When you visit our website, we collect log data.

Categories of personal data

Internet Protocol address (IP),
Technical information, such as operating system, browser details such as type, ID, and configuration, individual identifiers, device type and version (e.g., manufacturer, device, screen size, resolution, operating system, browser and its version), your internet speed, or the referring URL.
Date and time of your visit, the time you spent using our services
Errors that may occur during your visit to our services

Processing purposes

To ensure the smooth functioning of our website
To analyze errors
To ensure that users can use the website conveniently, including improving the website (including content)
To ensure the security and stability of our website
For further administrative purposes

Legal bases

Our legitimate interest in the above-mentioned purposes.

Retention period (storage period)

The log data is deleted after 7 days.

b. Communication & Contact Form

If you contact us via our contact form or any other means of communication, we will process your personal data as follows:

Categories of personal data

Always:

Information you have provided to us in order to contact us (such as the content of your message)
Name and title
Date and time of communication
Company details (company name, registered office)

Additionally, depending on the communication channel:

E-Mail

email address
Log data (as described above)

By telephone

phone number

By post

return address

Contact form

email address
phone number

Processing purposes

Processing your request
Communication, in particular for the purpose of preparing a contractual relationship (e.g., preparation of offers or pre-contractual information)
Analysis of errors and optimization of our services
Prevention of spam

Legal bases

Depending on the reasons why you are contacting us:

The processing is necessary for the performance of a contract or in the course of taking steps at your request prior to entering into a contract.

our legitimate interests, namely processing your request and communicating with you.

Retention period (storage period)

Up to four years after your request has been answered.
If the request is relevant to tax law, up to 10 years.

2. Social Media

We use social media to present ourselves and our brand in a contemporary way. In doing so, we also process your personal data.
As the operator of these pages, we are jointly responsible with the respective operators of the social media networks for evaluating your use of our pages. There is separate responsibility for the content (us) and the subsequent use, including personalized advertising (network operators).

• LinkedIn:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, hereinafter referred to as “LinkedIn”
We have entered into an agreement with the network operator that regulates, among other things, the terms and conditions for the use of pages and similar sites.
The regulations can be found here:
• LinkedIn:
• LinkedIn Data Processing Agreement (DPA),
• which is supplemented by the Page Insights Joint Controller Addendum: https://legal.linkedin.com/pages-joint-controller-addendum.
• The Terms of Use, available at: https://legal.linkedin.com/linkedin-pages-terms, also apply.

For the purposes of joint responsibility, the operators of social media networks also use tracking technologies. A general description of tracking technologies can be found below in Section D. The specific technologies used can be obtained from the respective operators of the social media networks.
In accordance with the agreements made, the respective operators of the social media networks are your contact persons for data subject rights. However, you can also exercise your rights vis-à-vis us for activities that fall under joint responsibility. We will then forward your request accordingly.

Categories of personal data

Your name (as per profile)
Profile information such as profile picture, information in your profile that is visible to other users
Your posts
Your interaction with our content, such as visits to our site, reactions (such as “likes”), comments, sharing, etc.
Demographic and geographic information
Log data and unique identifiers

Processing purposes

For us:

Presentation of our law firm
Interaction with other users of the respective social media networks
Advertisement
Analyses to measure reach and effectiveness

For the respective social media operators:

Improving the effectiveness of targeted advertising (e.g., through personalization)
Better understanding of your behavior

Legal bases

Our legitimate interest in the above-mentioned purposes.

Retention period (storage period)

The relevant personal data is not stored by us, but by the respective social networks. Please check with the respective social network for information on the storage period.

3. Ongoing business operations

If you work with us in the course of our business operations, e.g. because you or your employer provide services for us or we are subject to reporting obligations, we process your personal data.

Categories of personal data

Name
Address, including email and phone numbers
Employer and position
Communication
Type of cooperation
Information related to cooperation
Any other relevant data

Processing purposes

Initiation and execution of contracts, including receipt of services and payment

Legal bases

If there are legal storage obligations:

Compliance with a legal obligation

If the personal data is processed for the purpose of executing a contract with you or initiating a contract at your request:

adjournment

In all other cases:

Our legitimate interest in fulfilling the aforementioned purpose.

Retention period (storage period)

If statutory retention periods apply, until the expiry of these periods.

Otherwise:

Until the end of the year in which the contract expires, plus three years.

4. Advertising

We use various channels to advertise our brand and services. These may include online advertising, direct mail, or telephone inquiries. In the area of online advertising, we work with partners who process your personal data as independent controllers. We only specify broad target criteria (e.g., demographic information or search terms). Our partners include:
• LinkedIn: LinkedIn Ireland Unlimited, Company Wilton Place, Dublin 2, Ireland
• Google: Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland

Categories of personal data

Name
Address, including email and phone numbers
Employer and position
Communication

For online advertising, additionally:

IP address
log data
Online Identifier

Processing purposes

Promotion of our services and our company
Invitation to events

Legal bases

If you have consented to advertising:

Your consent

Retention period (storage period)

For the duration of the existing business relationship plus four years.

If there is no business relationship, for a period of four years after the last contact.

Opt-out lists are stored permanently unless you wish to receive advertising from us.

5. Mandate conclusion and execution

When you send us an inquiry, schedule an initial consultation, or work with us in the course of a mandate, we collect the following data from you.

Categories of personal data

The specific personal data we process about you depends on the mandate and may vary. We generally collect the following personal data:

Last name, first name
Address details including email, phone numbers
Position/role in the company
Online Identifier
Details of your case, including your relationship with third parties
payment data
Further information relating to the mandate
log data
Profile picture, status, and other information shared on Messenger or social media profiles, if applicable

Processing purposes

Provision of our services
Compliance with our legal obligations, e.g., with regard to conflict checks
Assertion, exercise, or defense of legal claims

Legal bases

Where there is a legal obligation, the fulfillment of legal obligations,

our legitimate interests, namely the provision of our services to our clients.

For special categories of personal data:

Assertion, exercise, or defense of legal claims

Retention period (storage period)

We store your personal data for as long as it is necessary to process the mandate. As a rule, we are subject to a legal storage period of six years after the end of the respective mandate. Due to tax law obligations, tax-relevant data is stored for up to ten years.

6. Enforcement of law

If necessary, we use the personal data we process to enforce our rights or those of third parties.

Categories of personal data

Potentially all of the above-mentioned personal data.

Processing purposes

Assertion, defense, or enforcement of claims by us, our employees, and third parties.

Legal bases

Our legitimate interest in fulfilling the aforementioned purpose.

Retention period (storage period)

Until the final conclusion of the proceedings (including any enforcement measures), plus three years.

D. Tracking & Cookies

We use tracking technologies in our online offering.

1. General description

There are a variety of different technologies that allow website operators or software providers to personalize end users and track their online behavior. The best known of these technologies are cookies. Below you will find some explanations that illustrate some of these technologies.

a. Cookies

aa. Definition and functioning of cookies

Cookies are small text files that are automatically stored on your device (computer, laptop, tablet, or smartphone) when you visit a website. Your internet browser downloads these files and stores them locally on your device.
Unless a cookie is automatically deleted (for example, immediately after leaving the website), the stored information is transferred back to the website when you visit the same website again using the same device or browser. This enables the website to identify you as a returning visitor.

bb. Distinction based on origin

First Party Cookies werden direkt von der Website erstellt, die Sie besuchen.
Third-party cookies, on the other hand, come from external providers or partner services that work with the website you are visiting.

cc. Purpose and use of cookies

The use of cookies enables websites to provide various functions. They allow your preferences to be stored, your usage behavior to be analyzed, and the content displayed to be customized accordingly. This enables a more personalized and user-friendly website experience, but it also allows advertising to be tailored to you.

dd. Categorization according to intended use

Essential cookies
Essential cookies are necessary for the proper provision of basic website functions. These cookies are used to:
Ensure the basic functionality of the website
Provide services you have requested
Temporarily store your cookie settings
Ensure the technical functionality of the website (e.g., language settings)
Without the use of functional cookies, our website would not be usable or would only be usable with significant functional limitations.

Non-functional cookies
Non-functional cookies are not required for the basic operation of the website, but can provide additional features and enhancements. This category includes: To evaluate user behavior and optimize website performance
Convenience cookies: To improve the user experience, for example by integrating external video content
Marketing cookies: To provide targeted advertising content based on your interests
These cookies are optional and serve to optimize your website experience, but are not necessary for the basic functionality of the website.

b. Tracking pixels

Tracking pixels (also known as web beacons, tracking images, or clear GIFs) are tiny, usually transparent graphic files measuring just 1×1 pixels that are embedded in websites or emails. These invisible image elements are automatically loaded by your browser when you visit a website or open an email containing such a pixel.
When the tracking pixel is loaded, a request is automatically sent to the provider's server, which can transmit various information about your visit or interaction. Since the pixel is virtually invisible to the human eye, users usually do not notice its presence.

c. Fingerprinting

Fingerprinting (also known as browser fingerprinting or device fingerprinting) is a tracking method that collects various technical characteristics and configurations of your device and browser and combines them into a unique digital “fingerprint.” Unlike cookies, no files are stored on your device.
This technology exploits the fact that the combination of hardware characteristics, software configuration, installed components, and browser settings is slightly different for each user. By recording and analyzing these characteristics, a virtually unique profile can be created, which is used for recognition during future visits.

d. Local Storage Objects

Local Storage Objects are a browser technology that allows websites to store data permanently on your local device without having to transfer this information to a server. This locally stored data remains even after you close your browser, allowing websites to remember your settings, preferences, or temporary data such as shopping cart contents. This enables web applications to provide a personalized and continuous user experience without requiring you to register or log in.

2. Cookies on our website

a. Cookie Banner

We use the consent tool “Real Cookie Banner” to manage the cookies and similar technologies (tracking pixels, web beacons, etc.) we use and the related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.
The legal basis for the processing of personal data in this context is Art. 6 (1) lit. f GDPR (DSGVO). Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
Further details can be found in the next section.

b. Essential cookies

We use essential cookies on our website. When we use essential cookies, we process your personal data to provide basic functions of our websites and the services you request, as well as to temporarily store your cookie settings. Without the use of these cookies, we would not be able to provide the website or would only be able to provide it with limited functionality. We use the following essential cookies:

Real Cookie Banner

We use the Real Cookie Banner to request and store your consent. To do this, each website visitor is assigned a unique number (UUID), which remains stored until the cookie expires. Furthermore, your consent is documented and stored (in particular, consent, cookie banner settings, technical circumstances such as the size and visibility of the cookie banner, and user interactions such as clicks on buttons). The data is stored for a total period of 4 years, regardless of the storage period of the cookie. Consent is collected once per language.

real_cookie_banner*

Purpose: Stores cookie consent.

Duration: 1 year