Areas of law
Dr. Margarete Gräfin von Galen
Kilian Schaefer
Luisa Spiller
General information on the processing of personal data by the law firm Galen Rechtsanwälte

This data protection notice applies to data processing by the law firm Galen Rechtsanwälte GbR (hereinafter “Galen Rechtsanwälte” or the “law firm”). The law firm is also responsible for the processing of your personal data and is represented by Dr. Margarete Gräfin von Galen and Kilian Schaefer.

The notices are aimed at any natural person, such as clients, and, in the case of legal entities, at the representatives, contact persons or employees of the clients as well as at counterparties, parties to the proceedings, whistleblowers, courts, authorities or other business partners with whom Galen Attorneys are in a (also impending) mandate or business or other communication relationship.
Galen Rechtsanwälte only processes personal data to the extent permitted by law, in particular the EU General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (“BDSG”).
If you have any questions about this information or how Galen Rechtsanwälte handles your personal data, you can contact the law firm’s data protection officer at any time via the following e-mail and post addresses:
Galen Rechtsanwälte GbR
Mommsenstraße 45
10629 Berlin
1. Nature and origin of the data processed
Depending on the client or business relationship, different types of personal data are processed. Usually this is about
  • Identity data (e.g. name, date of birth, data contained in identity cards and other identification documents);
  • Contact details (e.g. address, e-mail, telephone number) and
  • Mandate data (e.g. information that
    • is typically in legal documents such as contracts or briefs and/or public registers, e.g. land register, commercial and association registers,
    • were the subject of correspondence with our clients, counterparties, parties to proceedings, courts, authorities or other business partners, or
    • Legal relationships with the client’s employer or third parties, e.g. personal data, file number or loan or account numbers at banks touch.
  • If this is the subject of our advice, we also process special categories of personal data, e.g. health data (Art. 9 Para. 1 GDPR) or data relating to criminal convictions and offenses or related security measures (Art. 10 GDPR).
  • Other communication data (e.g. data that is the subject of our correspondence and communication (oral/written, electronic (e-mail/chat))).
If you have not made your personal data available to us yourself, we have taken these from the police, public prosecutor's office or court files, received them from our clients, business partners, service providers or cooperation partners for whom you may work as a representative or employee, or the data obtained from other sources such as whistleblowers or company websites or business directories.

2. Purpose and legal basis of data processing
We process personal data insofar as this is necessary to protect the legitimate interests of Galen Rechtsanwälte (Art. 6 Para. 1 lit. f GDPR), in particular
  • to conclude or implement mandate agreements, contracts and other business relationships (including the processing of sales contracts, deliveries or payments) or to prepare or respond to requests for quotations and to determine the conditions of the contractual relationship, namely with our clients, business partners, service providers or cooperation partners, for which you may work as an agent or employee;
  • for the office's internal administrative purposes (e.g. for bookkeeping, address management);
  • if necessary, to carry out anti-terrorist and sanctions list screenings;
  • to conduct court and administrative proceedings and/or for the purpose of asserting/exercising and defending against legal claims at home and abroad, including exercising professional privileges and ensuring other special confidentiality rights;
  • for other communication purposes;
  • to ensure the IT security and IT operations of our law firm;
  • to use service providers (e.g. external IT service providers) who support our business processes;
  • to prevent criminal offenses and, in individual cases, to accompany compliance investigations and the associated (including electronic) review of correspondence and documents.
In addition, personal data is processed to fulfill contracts with or orders from individuals (natural persons) with whom we have business relationships (Article 6 (1) (b) GDPR). If you do not provide us with your personal data, we cannot carry out the contractual relationship or fulfill the communication purposes mentioned above. Data processing is also partially required by law (Art. 6 Para. 1 lit. c) GDPR). According to § 50 BRAO, we are legally obliged to keep legal reference files and can use electronic data processing for this purpose.
3. Disclosure of Personal Data
We only transmit your personal data to third parties on the basis of legal regulations or if you have given your consent in individual cases.
Your personal data may be passed on to external service providers inside and outside the European Economic Area (EEA) to the extent necessary for the above purposes. In the course of our work, we also use cloud-based IT solutions from third-party providers (e.g. Microsoft Office365). In particular, we use (cloud-based) services for document management, collaboration and automation or analysis of documents, as well as external (cloud) providers of mail servers.
The service providers are carefully selected by us and commissioned in compliance with data protection and professional regulations.
In the normal business of the law firm and for the above-mentioned purposes, it may also happen that we pass on your data to other third parties inside and outside the EEA, such as business partners or law firms with whom we work within the framework of a mandate, translators, opponents and other third parties.
In addition, to the extent permitted by law, we can transmit your personal data to authorities (e.g. social insurance institutions, tax authorities or law enforcement authorities), public registers and courts in Germany and abroad in order to fulfill legal obligations or with your consent in individual cases. These can also be foreign authorities and courts.
4. Third country transfers
As a law firm that also deals with cross-border matters, we share the data we process with recipients (service providers or other third parties) who may be based in countries outside the EEA. If there is no legal level of protection comparable to European data protection law in these countries, we will take precautions if your personal data is transferred to these countries to ensure adequate protection of your personal data in these countries. In particular, the standard contractual clauses published by the European Commission are available to us for this purpose.
5. Protection of personal data
Each of our employees and all employees of external service providers who have access to personal data are obliged to treat this data confidentially and to protect it accordingly. We have also implemented various technical and organizational measures to process the data securely.
However, communication by e-mail in particular carries risks such as delay or non-delivery, transmission to persons other than the recipient, data loss or damage, interception, modification or other manipulation by third parties. In addition, viruses and similar malicious programs can be transmitted via e-mails despite the anti-virus software we use. Mobile means of telecommunication and other forms of communication via the Internet, such as video conferences, harbor comparable risks, particularly with regard to unauthorized access by third parties.
With regard to the use of cloud-based IT applications, it cannot be ruled out that third parties (in particular US authorities) will openly or covertly inspect data. Loss of data or damage to it cannot be ruled out with cloud-based services, despite exercising due care and observing the current technical standards.
6. Deletion of personal data
We delete the personal data at the end of the mandate or contractual relationship or our contact, if the storage is no longer necessary to fulfill our (post)contractual obligations or the legitimate interests mentioned in this data protection declaration and there are no statutory storage obligations. If there are statutory retention requirements, we restrict the processing of the data.
7. Data subject rights
Under the legal requirements, the existence of which must be checked in each individual case, you have the right to receive information about your personal data and to request the correction or deletion of your personal data or the restriction of processing, and to receive your personal data in a structured, current and machine-readable format (data portability). Under the legal requirements, the existence of which must be checked in each individual case, you also have the right to object to the processing of your personal data.
If we process your personal data in order to inform you about our consulting activities and current developments to the extent relevant to your business activity, you can object to the processing of your personal data at any time without giving reasons. Furthermore, with regard to the processing of your personal data, you have the right to lodge complaints with a supervisory authority. The supervisory authority of our office is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
8. Updating and changing this data protection declaration
This information letter is currently valid as of July 2022. Due to changes in our activities and/or our services or due to changed legal or official requirements, it may become necessary to change this information. You can access and print out the current data protection declaration at any time on the website at
Information on the processing of personal data on this website
1. Data processing
The law firm Galen Rechtsanwälte GbR is responsible for the data processing on this website.

2. Collection and storage of personal data as well as nature and purpose of their use when visiting our website
When you visit our website, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
  • IP address of the requesting computer;
  • Date and time of access;
  • Name and URL of the file accessed,
  • Website from which access was made (referrer URL);
  • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data is processed by us for the following purposes:
  • Ensuring a smooth loading of the website;
  • Ensuring a comfortable use of our website;
  • Evaluating system security and stability; and
  • For other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes of the data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

3. Contact
When contacting us (for example by e-mail), your details will be stored for the purpose of processing the enquiry and in the event that follow-up questions arise.

4. Data sharing
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
• you have given your express consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO;
• the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 Para. 1 Sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data;
• in the event that there is a legal obligation to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO; as well as
• this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b DSGVO.

5. Analysis and Tracking Tools as well as Cookies
No tracking mechanisms are integrated on our website and we do not use any web analytics services or cookies.

6. Social Media Plug-ins
We do not use social media plugins on our website. You will only find links to profiles on LinkedIn and XING on our website. If you click on these links, the respective user agreements and data protection provisions of LinkedIn and XING apply. You can find these under the following links:
LinkedIn: und
XING: und

7. Google Maps
This website uses maps from Google Maps on the "Contact" subpage. To help you plan your journey to us, you will also find a link to Google Maps. By using Google Maps, information about the use of our website, including your IP address, is transmitted to a Google server and stored there. The terms of use and data protection of Google Maps apply to the use of Google Maps. You can find these under the following links:

8. Affected Rights
You have the right:
  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • demand the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Art. 16 DSGVO;
  • pursuant to Article 17 of the GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
  • pursuant to Art. 20 DSGVO to receive the personal data you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another responsible party;
  • revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent; and
  • complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office. The supervisory authority of our registered office is die Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.
9. Right of objection
Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation. If you wish to exercise your right of revocation or objection, an email to is sufficient.

10. Data security
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Despite appropriate precautions, complete protection of data against access by third parties or other dangers is not possible.
11. Currentness and amendment of this data protection declaration
This data protection declaration is currently valid and was updated in July 2022. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection statement at any time on the website at
Imprint Data privacy
Galen Rechtsanwälte|Mommsenstr. 45
D-10629 Berlin|Tel +49 (30) 31 01 82 - 0
Galen Rechtsanwälte
Mommsenstraße 45
D-10629 Berlin
Tel+49 (30) 31 01 82 - 0
Fax+49 (30) 31 01 82 - 20