Privacy Policy


1. Name and Contact Information of the Responsible Party

This privacy policy provides information about the processing of personal data on the website of the law firm
Steuerkanzlei Johannes Witzel
Dörnigheimer Straße 2a
63452 Hanau

Phone: 06181/428980

Responsible party: Johannes Witzel

2. Scope and Purpose of Processing Personal Data

2.1 Visiting the Website
When visiting this website, data is automatically sent by the internet browser used by the visitor to the server of this website and temporarily stored in a log file (logfile). Until automatic deletion, the following data is stored without further input from the visitor:

  • IP address of the visitor’s device,
  • Date and time of access by the visitor,
  • Name and URL of the page accessed by the visitor,
  • Website from which the visitor arrived at the law firm’s website (so-called referrer URL),
  • Browser and operating system of the visitor’s device as well as the name of the access provider used by the visitor.

The processing of this personal data is justified according to Art. 6 para. 1 sentence 1 lit. f) GDPR. The law firm has a legitimate interest in data processing for the purpose of

  • quickly establishing a connection to the law firm’s website,
  • enabling user-friendly website usage,
  • recognizing and ensuring the security and stability of the systems, and
  • facilitating and improving website administration.

The processing is explicitly not carried out for the purpose of gaining insights about the visitor’s identity.
2.2 Contact Form

Visitors can send messages to the law firm via an online contact form on the website. To receive a response, it is necessary to provide a first name, last name, and a valid email address. All other information can be provided voluntarily by the inquiring person. By submitting the message via the contact form, the visitor consents to the processing of the transmitted personal data. Data processing is carried out solely for the purpose of handling and responding to inquiries via the contact form. This is based on the voluntarily given consent according to Art. 6 para. 1 sentence 1 lit. a) GDPR. The personal data collected for the use of the contact form is automatically deleted once the inquiry is completed and no reasons for further storage exist (e.g., subsequent engagement of our law firm).

3. Data Disclosure

Personal data is transferred to third parties if

  • the data subject has expressly consented to this according to Art. 6 para. 1 sentence 1 lit. a) GDPR,
  • the disclosure is necessary according to Art. 6 para. 1 sentence 1 lit. f) GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that the data subject has an overriding interest worthy of protection in not disclosing their data,
  • there is a legal obligation for the data transfer according to Art. 6 para. 1 sentence 1 lit. c) GDPR, and/or
  • this is necessary according to Art. 6 para. 1 sentence 1 lit. b) GDPR for the performance of a contractual relationship with the data subject.

In other cases, personal data is not transferred to third parties.

4. Cookies

Cookies are used on the website. These are data packets exchanged between the server of the law firm’s website and the visitor’s browser. These are stored on the devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. Cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other harmful software. The cookies store information that arises in connection with the specific device used. The law firm cannot obtain any knowledge of the identity of the visitor through this.
Cookies are mostly accepted based on the default settings of the browsers. The browser settings can be configured so that cookies are either not accepted on the devices used or a special notification is provided before a new cookie is created. However, it is pointed out that disabling cookies may result in not all functions of the website being used to their full extent.

The use of cookies serves to make the use of the law firm’s web offering more comfortable. For example, session cookies can be used to track whether the visitor has already visited individual pages of the website. These session cookies are automatically deleted after leaving the website.

To improve user-friendliness, temporary cookies are used. These are stored on the visitor’s device for a temporary period. Upon a new visit to the website, it is automatically recognized that the visitor has already accessed the site at an earlier time and which entries and settings were made so that they do not have to be repeated.

Cookies are also used to analyze website calls for statistical purposes and to improve the offering. These cookies make it possible to recognize that the website has already been accessed by the visitor upon a new visit. These cookies are automatically deleted after a specified time.

The data processed by cookies is justified for the aforementioned purposes to protect the legitimate interests of the law firm according to Art. 6 para. 1 sentence 1 lit. f) GDPR.

5. Social Network Plugins (Social Plugins)

Plugins of the following social networks Xing, LinkedIn, Facebook, and Google Maps are integrated into our law firm’s website.
The legal basis for the use of social plugins is Art. 6 para. 1 sentence 1 lit. f) GDPR. A legitimate interest of our law firm and the purpose of using social network plugins is to make our offering known to a broad audience. The social networks are responsible for the data protection-compliant handling of their users’ data.

XING Plugin

By clicking on the XING button, you can share a post with your contacts in your XING profile. As soon as you click on the XING button, a connection to the servers of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, is established, which provides the “XING Share-Button” functions (in particular, the calculation/display of the counter value). According to our knowledge, no personal data is stored in this process. In particular, no IP addresses are stored or usage behavior evaluated. The current data protection information on the “XING Share-Button” and additional information can be found on this website:

LinkedIn Plugin

Our website uses functions of the social network “LinkedIn.” The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time one of our pages containing LinkedIn functions is called up, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click on a LinkedIn plugin while logged into your LinkedIn account, LinkedIn can associate your visit to our website with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data or its use by LinkedIn.

For more information, please refer to LinkedIn’s privacy policy at:

Facebook Plugin

Due to our legitimate interest in the analysis, optimization, and operation of our online offering (in the sense of Art. 6 para. 1 lit. f. GDPR), this website uses the Facebook social plugin. The “Facebook” network is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The plugins are recognizable by one of the Facebook logos (white “f” on a blue tile). The list and appearance of the valid Facebook social plugins can be viewed on Facebook’s websites. Facebook Inc. has joined the Privacy Shield Agreement:

When you click on such a plugin on one of our websites, your browser establishes a direct connection to Facebook servers. The data collected by activating the plugin is transmitted directly from your browser to Facebook; therefore, we have no influence on the scope of the data that Facebook collects with the help of this plugin.

By clicking on the plugin, Facebook may receive the information that you have accessed the corresponding page of our online presence. If you are registered with Facebook, Facebook can associate the visit with your Facebook account. If you interact with the plugins, for example, by pressing the “like” button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. All social plugins are extensions of Facebook and were developed in such a way that none of your data is transmitted to the operators of the websites on which they are displayed. If you are not a Facebook member, it is still possible that Facebook learns your IP address and stores it. For the purpose and scope of data collection and further processing and use of data by Facebook, as well as your related rights and settings options to protect your privacy, please refer to Facebook’s data protection information: If you are a Facebook member and do not want Facebook to collect data about you via our online presence and link it to your membership data stored on Facebook, you must log out of Facebook and delete any existing cookies before visiting our website. You can also use browser add-ons to block the loading of Facebook plugins.

Google Maps Plugin

We use the Google Maps plugin on our website. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites in which Google Maps is embedded, a direct connection to the Google servers is established. The map content is transmitted directly to your browser and integrated into the website by Google. In the process, data is transmitted to Google. We have no influence on the data that Google collects in this way.

For more information, please refer to Google’s privacy policy at:

6. Your Rights as a Data Subject

If your personal data is processed, you are a data subject in the sense of the GDPR, and you have the following rights:

  • Right to Information (Art. 15 GDPR): You have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it has not been collected from us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details.
  • Right to Rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate or incomplete personal data stored by us without undue delay.
  • Right to Erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data if you contest the accuracy of the data, the processing is unlawful, you oppose the erasure of the data, and we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to the processing in accordance with Art. 21 GDPR.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
  • Right to Object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6 para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
  • Right to Withdraw Consent (Art. 7 para. 3 GDPR): You have the right to withdraw your consent at any time. This means that we will no longer be able to continue the data processing based on this consent in the future.
  • Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

7. Data Security

During your website visit, we use the widely used SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock icon in the bottom status bar of your browser.
We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

8. Up-to-dateness and Changes to this Privacy Policy

This privacy policy is currently valid and was last updated in July 2024.
Due to the further development of our website and offerings, or due to changes in legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed out from our website at any time.