Privacy Policy | Nieweg Law Firm

1. Controller

The party responsible for data processing on this website is:

Nieweg Law Firm
Attorney-at-law and graduate economist Petra Nieweg
Tulpenstraße 1
33803 Steinhagen
Germany

Phone: +49 5204 9249884
Fax: +49 5204 9249885
Email: info@anwaltskanzlei-nieweg.de

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2. General Information on Data Processing

I process personal data only to the extent necessary to provide this website, process inquiries, communicate with interested parties and clients, or to fulfill legal obligations.

Personal data is any data that can be used to identify you personally. This includes, for example, your name, email address, phone number, IP address, or the content of your message.

Unless a more specific retention period is stated in this privacy policy, I store personal data only for as long as necessary for the respective processing purpose. Thereafter, the data will be deleted, provided that no legal retention obligations prevent this. Such obligations may arise, in particular, from professional, tax, or commercial law regulations.

3. Legal Basis

I process personal data in particular on the following grounds:

Art. 6 (1) (a) GDPR , if you have consented to the processing,
Art. 6 (1) (b) GDPR , if the processing is necessary for the implementation of pre-contractual measures or for the performance of a contract or mandate,
Art. 6 (1) (c) GDPR , if I am legally obligated to process the data,
Art. 6 (1) (f) GDPR , if the processing is necessary to protect legitimate interests.

Insofar as cookies or comparable technologies are used and consent is required for this, processing is additionally carried out on the basis of Section 25 (1) TDDDG . Technically necessary access to your end device may be based on Section 25 (2) TDDDG .

4. Hosting

This website is hosted externally. The provider is:

Telekom Deutschland GmbH
Landgrabenweg 149
53227 Bonn

As part of the hosting, data that is technically necessary for the operation and delivery of the website is processed. This includes, in particular, IP addresses, server log data, and other technical information generated when the website is accessed.

Hosting is carried out in the interest of a secure, stable, and efficient provision of my online services. The legal basis is Art. 6 (1) (f) GDPR . Insofar as contact is established or mandates are initiated via the website, Art. 6 (1) (b) GDPR may also be applicable.

A data processing agreement has been concluded with the host.

Privacy notices of the hoster:
https://www.telekom.de/datenschutzhinweise

5. Server Log Files

When visiting this website, the host automatically collects information in so-called server log files. This includes in particular:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the request
IP address

This data is not merged with other data sources.

Processing is carried out for the technically error-free provision and security of the website. The legal basis is Art. 6 (1) (f) GDPR .

Server log data is stored for 7 days for security reasons and then deleted, unless its further retention is exceptionally required for security or evidentiary purposes.

6. Cookies and Consent Management

This website uses cookies and comparable technologies. Insofar as such technologies are technically necessary, they are used on the basis of Art. 6 (1) (f) GDPR in conjunction with Section 25 (2) TDDDG . Insofar as consent is required, processing is carried out on the basis of Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG . Consent once given can be revoked at any time with effect for the future.

You can also set your browser so that you are informed about the setting of cookies, allow cookies only in individual cases, or generally exclude cookies. If technically necessary cookies are deactivated, the functionality of this website may be restricted.

7. Borlabs Cookie

I use Borlabs Cookie to manage consents. The provider is:

Borlabs GmbH
Rübenkamp 32
22305 Hamburg

Borlabs Cookie stores the consents you have given or their revocation in order to document the legally required consent management. No consent data is transmitted to Borlabs itself.

The legal basis for its use is Art. 6 (1) (c) GDPR , insofar as the documentation of legally required consents is carried out, and additionally Art. 6 (1) (f) GDPR for the data protection-compliant management of consents. Insofar as Borlabs accesses your end device, Section 25 TDDDG must also be observed.

Borlabs privacy notices:
https://de.borlabs.io/datenschutz/

8. Multilingualism with WPML and Automatic Translation

This website uses WPML to provide content in multiple languages. Technically necessary cookies or similar information may be used to store the selected language, language settings, or language-related functional states.

I also use automatic translation via WPML. In doing so, content may be technically transmitted to the translation infrastructure used by WPML or to other integrated translation services. WPML itself points out data protection and GDPR-relevant data flows in translation functions.

Insofar as personal data is processed, the processing is based on Art. 6 (1) (f) GDPR for the user-friendly provision of a multilingual online offering.

A transfer to third countries cannot be excluded. Insofar as such a transfer takes place, it is based on appropriate safeguards or on a relevant adequacy decision, provided its requirements are met.

WPML privacy notices:
https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

9. Contact Form

If you send me a message via the contact form, I process the data you enter, including your contact details, to process your inquiry and, if necessary, to clarify follow-up questions.

Processing is carried out on the basis of Art. 6 (1) (b) GDPR , insofar as your inquiry is aimed at the initiation of a contract or mandate. In other cases, processing is carried out on the basis of Art. 6 (1) (f) GDPR for the proper processing of incoming inquiries.

I store the data transmitted via the contact form until your inquiry has been fully processed. If a client relationship arises from the inquiry or if legal retention obligations apply, the data will be stored for the duration of the respective applicable legal retention period.

9a. Form Plugin (WPForms)

For the contact form on this website, I use the plugin WPForms. The provider is:

WPForms LLC (Awesome Motive, Inc.)
7732 Maywood Crest Dr, Suite 308
West Palm Beach, FL 33412
USA

WPForms serves the technical provision and processing of the contact form on this website. The data you enter in the contact form is generally processed on my server. No transmission of form data to the plugin provider takes place unless additional external functions or integrated third-party services are used. Insofar as external services are integrated, such as captcha or anti-spam services, these are described separately in this privacy policy. WPForms itself describes that many further data flows only arise through additional integrations or external services.

The legal basis for processing the data transmitted via the contact form is Art. 6 (1) (b) GDPR , insofar as your inquiry is aimed at the initiation of a contract or mandate, otherwise Art. 6 (1) (f) GDPR .

WPForms privacy policy:
https://wpforms.com/privacy-policy/

10. Contact via Email, Phone, or Fax

If you contact me by email, phone, or fax, I process your details, including the personal data transmitted in the process, for the purpose of processing your inquiry.

Processing is carried out on the basis of Art. 6 (1) (b) GDPR , insofar as your inquiry is related to the initiation or performance of a contract or mandate. Otherwise, processing is carried out on the basis of Art. 6 (1) (f) GDPR .

I store the data transmitted in connection with your inquiry until your concern has been fully processed. If a client relationship arises from this or if legal retention obligations exist, the storage period is determined by the respective applicable legal provisions.

11. Communication via WhatsApp Business

I also offer communication via WhatsApp Business. The provider is:

WhatsApp Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

If you contact me via WhatsApp, the communication content you transmit as well as the metadata generated in connection with its use will be processed. The use of WhatsApp is based on Art. 6 (1) (b) GDPR , insofar as the communication serves the initiation or performance of a contract or mandate, and otherwise on the basis of Art. 6 (1) (f) GDPR for fast and practical communication.

When using WhatsApp Business, the transfer of personal data to recipients outside the European Economic Area, particularly to the USA, cannot be ruled out. If a third-country transfer occurs, it is based on the EU-U.S. Data Privacy Framework adequacy decision or on other suitable guarantees, provided their conditions are met. WhatsApp LLC is listed as a participant in the official DPF list.

I store the content and metadata exchanged via WhatsApp only for as long as necessary to process your inquiry or to carry out the respective mandate. Legal retention obligations remain unaffected.

If you do not wish to use this communication channel, please use email, phone, or the contact form.

WhatsApp Privacy Policy:
https://www.whatsapp.com/legal/privacy-policy
DPF Entry (WhatsApp LLC):
https://www.dataprivacyframework.gov/participant/7735

12. Google Fonts (Local Hosting)

This website uses Google Fonts for the uniform display of fonts. The fonts are integrated locally on my server. No connection to Google servers takes place solely for the display of the fonts.

Information on Google Fonts:
https://developers.google.com/fonts/faq
Google Privacy Policy:
https://policies.google.com/privacy?hl=de

13. Google reCAPTCHA

To protect the contact form from abusive entries, I use Google reCAPTCHA. The provider is:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

reCAPTCHA is used to check whether entries are made by a human or abusively by automated programs. For this purpose, Google processes in particular the IP address, usage behavior, duration of visit, and other technical information.

Its use is based on Art. 6 (1) (f) GDPR to protect my website from abusive automated use. Insofar as consent is obtained for this, processing is additionally carried out on the basis of Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG .

This may also involve a transfer of personal data to Google servers outside the European Economic Area, in particular to the USA. Google LLC is registered as a participant in the EU-U.S. Data Privacy Framework.

Google Privacy Policy:
https://policies.google.com/privacy?hl=de
Google Terms of Service:
https://policies.google.com/terms?hl=de
DPF Entry:
https://www.dataprivacyframework.gov/participant/5780

14. External links, in particular LinkedIn

This website contains a link to my profile on LinkedIn. This is a simple external link. A connection to LinkedIn is only established when you actively click on the link.

When accessing the LinkedIn page, the privacy policies of the respective provider apply exclusively.

LinkedIn Privacy Policy:
https://www.linkedin.com/legal/privacy-policy

15. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of your browser begins with “https://” and a lock symbol is displayed.

16. Recipients of personal data

Personal data is only passed on to third parties if this is legally permissible. This is the case in particular,

if this is necessary to process your inquiry or to perform a contract or mandate,
if I am legally obligated to do so,
if processors work for me,
or if you have given your consent.

17. Your rights

Within the framework of the legal requirements, you have the right:

to information about the personal data processed by me,
to the correction of incorrect data,
to the deletion of your data,
to the restriction of processing,
to data portability,
to revoke consent once given with effect for the future,
to object to the processing of your data, insofar as this is based on Art. 6 (1) (e) or (f) GDPR .

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority. Art. 13 GDPR requires information about these data subject rights.

17a. Competent Supervisory Authority

The data protection supervisory authority competent for me is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2–4
40213 Düsseldorf

Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

You have the right to contact this or another competent data protection supervisory authority with a complaint if you believe that the processing of your personal data violates the GDPR.

18. Objection to advertising emails

The use of contact data published within the scope of the imprint obligation for the purpose of sending advertising that has not been expressly requested is hereby objected to. I reserve the right to take legal action in the event of unsolicited advertising, in particular through spam emails.

19. Status

Status of this privacy policy: March 2026