The following privacy policy is intended to inform users of our website about the type, scope, and purpose of the personal data we collect, use, and process, as well as to clarify the rights to which they are entitled.
The protection of personal data is an important concern for us. Therefore, we process the personal data of our employees, clients, and business partners confidentially and in accordance with the applicable legal provisions on the protection of personal data and data security.
Visiting this website is generally possible without providing personal data. Should the processing of personal data become necessary, such processing will always take place in compliance with the General Data Protection Regulation (GDPR).
01. Definitions
The following terms used in this privacy policy are defined in Article 4 GDPR. This is only an excerpt; the complete definitions can be found in the General Data Protection Regulation (GDPR).
Undertaking (Art. 4(18) GDPR)
An undertaking means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.
02. Controller pursuant to Article 4(7) GDPR
Law Firm Briest
Knesebeckstraße 83
10623 Berlin, Germany
Tel.: +49 (0) 30 27 908 648
Email: kontakt@ra-briest.de
Website: ra-briest.de
03. Legal basis for processing
For each processing activity described in this privacy policy, we will inform you of the corresponding legal basis on which the processing is carried out. The following categories apply, under which processing is lawful:
04. Storage and deletion of data
Within the processing operations described in this privacy policy, we will inform you of the relevant storage periods or the criteria for determining the time of deletion or blocking of data.
If no explicit storage period is defined, the data will be deleted or blocked once the purpose or legal basis for storage no longer applies. Storage may take place beyond the specified periods if statutory provisions to which we are subject (e.g., Section 147 of the German Fiscal Code, Section 257 of the German Commercial Code) provide for longer retention periods.
After expiry of the storage period, personal data will be deleted or blocked unless further storage is required on the basis of a legal ground. Storage may also continue beyond the indicated period in the event of litigation with you or any other legal proceedings.
05. Disclosure of personal data
If your personal data is disclosed, you will be informed at the relevant point in this privacy policy.
If your personal data is transferred outside the European Economic Area and thus to so-called third countries, you will also be informed at the relevant point.
As a rule, we only transfer personal data to third countries where an adequate level of protection has been confirmed by the European Commission, or where we can ensure careful handling of personal data on the basis of contractual arrangements or other appropriate safeguards.
Please also note that participation in or certification under the EU-U.S. Data Privacy Framework by U.S. companies must be renewed annually. It should therefore be regularly checked whether certification is still valid, as data transfers are only permissible in such cases.
06. Collection of personal data
Nachfolgend informieren wir Sie über die Erhebung von personenbezogenen Daten (wie zum Beispiel Name, E-Mail-Adresse, Anschrift oder Nutzerverhalten).
06.1 Merely informational use of our website
When you visit our website without registering (e.g., newsletter subscription) or otherwise transmitting data to us (e.g., via a contact form), we only collect the personal data that your browser transmits to our server.
These are data that are technically necessary for us to display our website to you and to ensure a secure and stable display. This includes the following information contained in a log file line:
The legal basis for the collection of this data is Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring error-free connection setup, convenient use of our website, analysis of system stability and security, and use of the data for other administrative purposes.
06.2 Contact by email
When contacting us via the email address listed under section 2 or other email addresses of our firm published on our website, your email address as well as any contact details included in your email (e.g., your name or phone number) will be stored by us to process your inquiry.
These data will be deleted without delay once storage is no longer necessary. Where statutory retention obligations apply, data processing will be restricted instead of deletion.
The legal basis for processing the data depends on the reason for sending the email and is derived from Art. 6(1)(b) GDPR (contractual or pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in communicating with interested parties).
07. Webflow
Our website is hosted by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 (hereinafter “Webflow”). At the same time, Webflow provides the content management system for our website.
We have entered into a data processing agreement with the company, which incorporates the Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Webflow’s global privacy policy can be accessed here: https://webflow.com/legal/privacy. The privacy policy for the EU and Switzerland can be accessed here: https://webflow.com/legal/eu-privacy-policy.
Processing of data within the United States is possible in this context. The United States is considered a so-called “third country” within the meaning of the GDPR. The transfer of data to this third country is lawful pursuant to Articles 44 and 45 GDPR, as Webflow is an active participant in the so-called EU-U.S. Data Privacy Framework.
07.1. Hosting
Webflow hosts our website using the content delivery networks (CDNs) of the U.S.-based companies Fastly Inc. and Amazon Web Services, Inc. A content delivery network is a network of geographically distributed, and in some cases interconnected, servers. The server closest to the respective user of the website is always used. The CDN used in this case includes servers located in North America and parts of Europe.
Further information can be found on the following page provided by Webflow: https://webflow.com/blog/what-to-look-for-in-a-web-hosting-service.
7.1.1 Fastly
Webflow hosts our website using the content delivery network of the U.S.-based company Fastly Inc., 475 Brannan St. #300, San Francisco, CA 94107 (hereinafter “Fastly”). The company’s privacy policy can be accessed here: https://www.fastly.com/privacy/.
Processing of data within the United States is possible in this context. The United States is considered a so-called “third country” within the meaning of the GDPR. The transfer of data to this third country is lawful pursuant to Articles 44 and 45 GDPR, as Fastly is an active participant in the EU-U.S. Data Privacy Framework.
7.1.2 Amazon CloudFront
Webflow hosts our website using the content delivery network of the U.S.-based company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109 (hereinafter “AWS”). The CDN is called Amazon CloudFront.
The company’s imprint can be accessed here: https://aws.amazon.com/de/impressum/?nc1=f_cc.
The company’s privacy notice can be accessed here: https://aws.amazon.com/de/privacy/?nc1=f_pr.
Processing of data within the United States is possible in this context. The United States is considered a so-called “third country” within the meaning of the GDPR. The transfer of data to this third country is lawful pursuant to Articles 44 and 45 GDPR, as AWS is an active participant in the EU-U.S. Data Privacy Framework.
7.2 Cloudflare
To ensure cross-browser compatibility, so that the modern functionality of Webflow pages is also available in older browsers, Webflow uses JavaScript delivered via the content delivery network of Cloudflare.
The operator of the CDN is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107 (hereinafter “Cloudflare”). The company’s privacy policy can be accessed here: https://www.cloudflare.com/privacypolicy.
Processing of data within the United States is possible in this context. The transfer of data to this third country is lawful pursuant to Articles 44 and 45 GDPR, as Cloudflare is an active participant in the EU-U.S. Data Privacy Framework.
7.3 website-files.com
In addition, a connection is established to the domain website-files.com. This domain belongs to Webflow. Images, fonts, and other assets integrated into our website are hosted there. This domain of Webflow is likewise hosted via the CDNs Fastly and Amazon CloudFront.
7.4 Legal basis
The legal basis for the data processing described above is Article 6(1)(f) GDPR, as it is in our legitimate interest to provide you with a fast, secure, and user-friendly website.
With regard to the processing of data in the third country of the United States, the legal basis, as explained, is derived from Articles 44 and 45 GDPR (since all companies involved are active participants in the EU-U.S. Data Privacy Framework), and additionally from Article 46(1), (2)(c) GDPR (Standard Contractual Clauses).
08. Vimeo
We embed Vimeo videos on our website. This is a video platform operated by Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA (hereinafter “Vimeo”).
Vimeo’s privacy policy can be accessed here: https://vimeo.com/privacy.
These videos can be played directly from our website, meaning that a transfer of the personal data described in this privacy policy to Vimeo in the United States cannot be ruled out when merely using our website for informational purposes.
Processing of data within the United States is possible in this context. The transfer of data to this third country is lawful pursuant to Articles 44 and 45 GDPR, as Vimeo is an active participant in the EU-U.S. Data Privacy Framework.
We embed Vimeo videos with the “Do-Not-Track” extension so that no cookies are set. A Data Transfer Agreement incorporating the EU Standard Contractual Clauses for the transfer of personal data to third countries has also been concluded with Vimeo.
The legal basis for processing the data is Article 6(1)(f) GDPR. Our legitimate interest lies in providing our website users with videos about our services.
09. Your rights
We hereby inform you about your rights under the GDPR.
Right of access (Art. 15(1) GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. Where this is the case, you have the right to access such personal data and the following information:
Right to rectification (Art. 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed.
Right to erasure (“right to be forgotten”) (Art. 17(1) GDPR)
You have the right to obtain the erasure of personal data concerning you without undue delay. However, this right does not apply where processing is necessary in accordance with Art. 17(3) GDPR, for example for exercising the right of freedom of expression and information, compliance with a legal obligation, reasons of public interest in the area of public health, archiving purposes in the public interest, or the establishment, exercise, or defense of legal claims.
Right to restriction of processing (Art. 18(1) GDPR)
You have the right to obtain restriction of processing where:
Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where the processing is based on consent or a contract and is carried out by automated means.
Right to withdraw consent (Art. 7(3) GDPR)
You have the right to withdraw your consent at any time with future effect. This means that processing carried out on the basis of your consent up to the time of withdrawal remains lawful.
Right to lodge a complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you infringes the GDPR. Generally, you may contact the supervisory authority of your habitual residence, place of work, or the place of the alleged infringement. Further information can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information.
10. Right to object
In addition to the rights mentioned above, you also have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1)(e) GDPR) or on legitimate interests (Art. 6(1)(f) GDPR).
In the event of an objection, no further processing of your personal data will take place unless we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or where processing serves the establishment, exercise, or defense of legal claims.
Where your personal data is processed for the purposes of direct marketing, including profiling to the extent it is related to such direct marketing, you have the right to object at any time without giving reasons.
In the event of an objection, we will immediately cease processing the personal data for these purposes.
To exercise your right of withdrawal or objection, it is sufficient to send an email to: kontakt@ra-briest.de
11. Data security
Our website uses the encryption and communication protocol TLS 1.3 (Transport Layer Security).
Through the TLS certificate we use, issued by a certification authority, we enable encrypted data exchange between the web browser and the web server, so that sensitive data cannot be read by third parties.
We use the highest level of encryption supported by your browser, typically 256-bit encryption. The higher the bit number, the longer the key, and thus the better the protection against third parties.
12. Updates
This privacy policy is currently valid and has the status of July 2026.
Note
As a precaution, we would like to draw users of this website’s attention to the fact that data transmission over the internet, for example via email, may be subject to security vulnerabilities. Consequently, data security cannot be guaranteed when communication is unencrypted. Upon a user’s specific and express request, we offer encrypted communication subject to prior arrangement.