Privacy Policy

This Privacy Policy applies to your use of the www.raue.com website (“Website“) and our career website, www.karriere.raue.com (“Website” and “Career Website” together also referred to as “Websites“) and the services offered there (e.g. contact form), to the data processing in the context of our application procedures and our social media presence (“Social Media Profile“). If you visit another website, the data protection information of the respective operator applies. This also applies to websites to which we provide a link. We recommend that you familiarise yourself with the scope of personal data on the respective website.

We process personal data (Art. 4 no. 2 GDPR) in accordance with the provisions of the European Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”) and comply with the provisions of the Telecommunications Digital Services Data Protection Act (“TDDDG”).

1. Name and contact details of the controller and the company data protection officer

Controller for data processing within the meaning of Art. 4 no. 7 GDPR is:

Raue Partnerschaft von Rechtsanwälten und Rechtsanwältinnen mbB
Potsdamer Platz 1
10785 Berlin

Tel +49 30 818 550 0
Fax +49 30 818 550 100

(“Raue“, “we” or “us“). Raue Partnerschaft von Rechtsanwälten und Rechtsanwältinnen mbB, based in Berlin, is registered at the Local Court Berlin-Charlottenburg under PR 1363 B.

You can contact our company data protection officer at:

Raue PartmbB
Potsdamer Platz 1
10785 Berlin

Tel +49 30 818 550 430
Fax +49 30 818 550 150

2. Technical operation of our www.raue.com Website and the Career Website www.karriere.raue.com

a) Logfiles

When you visit our Website, the browser used on your device automatically sends information to our Website server. When you use our Career Website, this information is automatically transmitted to the server of the provider we use to operate our Career Website (see Section 4. a), “System for operating the Career Website and managing applicants”).

The information is temporarily stored in a so-called logfile. The following information is collected without your intervention and stored until automatic deletion:

● IP address of the requesting computer,
● Date and time of access,
● Name and URL of the accessed file,
● Website from which access is made (referrer URL),
● Browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process this data for the following purposes:

● ensuring smooth connection to the Websites,
● ensuring convenient use of our Websites,
● evaluating system security and stability, and
● asserting legal claims and defending against legal disputes, and for other administrative purposes.

The legal basis for this type of data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest stems from the purposes of data processing listed above.

The logfiles are deleted at the end of the respective browser session, at the latest after seven days, unless their further storage is necessary for the above-mentioned purposes.

b) Cookies, tracking measures and analysis tools

We use cookies and similar technologies (hereinafter collectively referred to as “Cookies“) on our Websites. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our Websites. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware.

The information stored in a Cookie is related to the specific device used. However, this does not mean that we immediately become aware of your identity.

We use so-called session cookies to recognise that you have already visited individual pages of our Websites during your visit. These are automatically deleted when you leave our Websites. In addition, we use persistent cookies that are stored on your device and remain stored for longer than a browser session. They help us to store information, settings or preferences that you have previously saved.

We use different Cookies on our www.raue.com Website than on our Career Website www.karriere.raue.com. Information about the individual Cookies for our www.raue.com Website can be found in the Cookie Policy, which you can find via a link in our Cookie banner. Information about the individual Cookies on our Career Website can be found in our “Cookie Information for the Career Website“.

The Cookies used on both Websites can be categorised as follows:

aa) Necessary Cookies

Most of the Cookies we use are necessary to enable you to use our Web-sites and the services offered there. They ensure that the Websites function properly and are optimised for user-friendliness. This purpose is our legiti-mate interest in data processing; the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, Section 25 para. 2 no. 2 TDDDG.

In particular, necessary Cookies store the following information:

● Information about your browser, your network and your device;
● Websites you access via our Websites; and
● your IP address.

Necessary Cookies are usually only stored on your device for as long as your browser is active and, unless otherwise specified, are deleted at the end of the respective browser session. The data is not merged with other personal data or used for advertising purposes.

bb) Analysis tools

If you have given your consent, we also use Cookies to create pseudonymous usage profiles for the purpose of web analysis (“Web Statistics- or Analytics Cookies“). These Cookies enable us to recognise returning users (device owners), analyse their behaviour on our Website, optimise our Website and measure its reach. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 para. 1 TDDDG, i.e. your prior consent. You consent to this tracking by accepting all Cookies in the Cookie banner or by expressly allowing the service in the settings; no Analytics Cookies are set before this happens. We do not combine the data with other personal data, nor do we use it to target individual users for advertising purposes. The Analytics Cookies are deleted after 14 months at the latest or if you withdraw your consent beforehand.

cc) Cookies for integrating external content

We use plugins and Cookies to embed external content (e.g. maps) offered by third-party providers (“External Content“) into our Website so that it can be used directly on our Website.

Only if you have given your consent (Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 para. 1 TDDDG) on our Website by accepting all Cookies in our Cookie banner or by expressly allowing the service in the settings, will the third-party provider receive the information that you have accessed the cor-responding subpage of our Website. This is regardless of whether you have a user account with the third-party provider or are logged in there. If you are logged into your account and use the Embedded Content, your data will be directly associated with your account. If you do not wish to have your data associated with your account, you must log out before visiting our Website.

The third-party provider might store your data as user profiles and use them for the purposes of advertising, market research and/or the demand-oriented design of their website. Such evaluation takes place in particular to provide personalised advertising. You have the right to object to the creation of these user profiles, which you must claim from the responsible third-party provider. We have no influence on the data transfer and processing by the third-party provider.

For further information (e.g. about the third-party provider, the specific purpose of use, the storage period), please visit our Cookie settings, which are accessible at any time on our Website.

dd) Cookie management and withdrawal of your consent

You can change your Cookie settings for our Websites at any time: for our Website via the Cookie settings on our Website and for our Career Website via the Cookie icon at the bottom right-hand corner of our Career Website. If your device supports this feature, you can also prevent the use of Cookies at any time by adjusting your internet browser settings to reject new Cookies (especially third-party Cookies) or to alert you when new Cookies are received. You can also delete Cookies that have already been saved in your internet browser settings. You can find help on how to change your Cookie settings, for example, in the help function of your internet browser. Further information on this and on Cookies in general can be found, for example, at www.allaboutcookies.org and www.youronlinechoices.com.

Please be aware that if you deactivate Cookies, you may not be able to use all the functions of our Websites.

3. For your enquiries

If you have any questions, you can contact us by email, telephone or fax.

We process the personal data that you provide to us in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR (enquiries relating to a client relationship, contract or for the purpose of initiating a contract) or Art. 6 para. 1 sentence 1 lit. f GDPR, insofar as this is necessary to protect our legitimate interests or those of a third party (e.g. in the case of enquiries outside of a contract and the initiation of a contract or the processing of personal data of employees or other authorised representatives or our contractual partners). We have a legitimate interest in responding to your enquiries and ensuring smooth business operations.

We provide information about the processing of personal data within the context of a client relationship separately.

4. Applications

You can send us a speculative application (e.g. by email or through our Social Media Profiles) or apply for an advertised position via our Career Website or well-known job portals.

a) System for operating the Career Website and managing applicants

We use the services of rexx systems GmbH, Süderstrasse 75-79, 20097 Hamburg, Germany (“rexx“) to operate our Career Website and manage applications effectively. Even if you have sent us your application by email, post or other means, we store and transfer your application to the rexx software to manage all applications centrally. rexx acts as a processor for us within the meaning of Art. 28 GDPR. We have concluded a data processing agreement (“DPA“) with rexx for this purpose. This ensures that rexx processes your personal data only in accordance with our instructions and in compliance with the GDPR.

b) What data is collected?

The data you provide is collected for the processing of your application. This includes your contact details, data from cover letters, CVs, references and other file attachments that you provide to us.

c) How is your data used?

The application data is collected and processed exclusively for the purpose of the application process. The legal basis for data processing is Section 26 para. 1 sentence 1 BDSG, insofar as data processing is necessary for the decision on the establishment of an employment relationship.

Access to your data is limited to those persons and departments involved in the hiring decision (human resources, the office manager, partners and relevant decisionmakers in individual cases).

If you have given your consent, we reserve the right to assess your suitability not only for this specific position, but also for other positions. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR, Section 26 para. 2, 3 BDSG.

d) How long do we store your data?

We store your data during the application process.

The data will be deleted as soon as it is no longer required for the application process, i.e. your data will be deleted six months after completion of the application process. The following exceptions apply:

For statistical purposes, some of your data will be anonymised so that it can no longer be linked to you personally. This means that the anonymous data is no longer subject to the protection of the GDPR and is instead stored and used by us for statistical purposes.

If you have consented to the further storage of your data for consideration in future job vacancies, it will not be deleted.

The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR, Section 26 para. 2, 3 BDSG. You can withdraw your consent to the further storage of your data at any time; your data will then be deleted.

If we enter an employment relationship with you after completing the application process, the data will be transferred to our personnel management system for the purpose of implementing the employment relationship and processed there. The legal basis for this is Section 26 para. 1 sentence 1 BDSG.

If you would like your data to be deleted, please contact our Human Resources department at [email protected] or by post at Raue PartmbB, Human Resources Department, Potsdamer Platz 1, 10785 Berlin.

5. No obligation to provide personal data

If we ask you to provide personal data, you can of course refuse to do so. However, we may then not be able to provide certain functions of the Website, answer your enquiries or conclude a contract. This applies in particular if the data is required for the establishment, implementation and termination of a business relationship or an employment relationship, or if we are legally obliged to collect data.

6. Transfer of data

Within our company, those departments or individuals get access to your data that need it to fulfil our contractual and legal obligations.

We pass on your data to the recipients expressly mentioned in this Privacy Policy and thus also to service providers of third-party Cookies. In doing so, we comply with the legal requirements and, if necessary, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Furthermore, we pass on your data to the following categories of recipients if it is necessary for the fulfilment of a contractual relationship between you and us or for the implementation of pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b GDPR), for the protection of legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) or due to a legal regulation (Art. 6 para. 1 sentence 1 lit. c GDPR):

● IT service providers, e.g. cloud, hosting and software-as-a-service providers (in particular email delivery service providers and our applicant management software provider, rexx (see Section 4. a) for information on the provider, “System for operating the Career Website and managing applicants”);
● third parties involved in legal proceedings, provided they submit a legal order, court order or equivalent legal disposition to us.

Your personal data will not be transferred to third parties for purposes other than those listed below.

Furthermore, we will only disclose your personal data to third parties if:

● you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR (e.g. for Cookies),
● it is necessary to safeguard legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), which include outsourcing functions (particularly to IT service providers),
● the transfer is necessary for the establishment, exercise or defence of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
● in the event of a legal obligation to transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
● this is legally permissible and necessary pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the performance of a contract and the fulfilment of obligations arising from contractual relationships or for the implementation of pre-contractual measures with you.

7. Data processing in third countries

We also use service providers based in third countries outside the European Union (EU) or the European Economic Area (EEA) to process your personal data. These countries may have a lower level of data protection than within the European Union. In case of data transfer to these countries, we will provide the necessary safeguards to ensure that your data is processed as securely as within the EEA, e.g. by concluding standard contractual clauses of the EU Commission (SCC) within the meaning of Art. 46 para. 2 sentence 1 lit. c GDPR or by other measures provided for by law. You can request a copy of the measures taken by contacting us using the contact details provided above. The service providers we use that are based in the USA have been certified under the EU-U.S. Data Privacy Framework to ensure an adequate level of data protection for data transfers to the USA. You can view the certificates here www.dataprivacyframework.gov/list. We refer to this in the relevant section of this Privacy Policy.

8. Social Media

We operate Social Media Profiles. There we publish and share posts on current legal topics, news about our law firm’s activities and information about our events.

When you visit our Social Media Profiles, the social media provider processes information about you. You can find more detailed information on data processing in the Privacy Policy of the respective social media provider listed below. Some social media providers also offer the option to object to certain data processing. Please note that, according to the social media providers, user data is also processed in the USA or other third countries.

Platform	Postal address	Link to the Privacy Policy
Xing	New Work SE, Am Strandkai 1, 20457 Hamburg	www.privacy.xing.com/en/privacy-policy
LinkedIn	LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland	www.linkedin.com/legal/privacy-policy

a) Insights

LinkedIn uses Cookies and similar technologies to record your user behaviour when you visit the Social Media Profile and provides us with the information in anonymised form as statistics (known as “Insights“). This gives us insights into how our Social Media Profile is used, which topics are particularly popular and what interests our Social Media Profile visitors have. This enables us to optimise our Social Media Profile on LinkedIn and better respond to the interests of our audience. We do not have access to the personal data used by LinkedIn to compile this information. LinkedIn selects the Insights data independently of us and processes it accordingly.

We are jointly responsible with LinkedIn for the collection of your data and its processing for the provision of Insights, but not for the further processing of this data by the Social Media provider. We have entered into the following agreement with LinkedIn www.legal.linkedin.com/pages-joint-controller-addendum, which specifies which company fulfils which data protection obligations when processing personal data for Insights. Under this agreement, LinkedIn agrees to comply with user requests regarding your data subject rights. This means that you can contact LinkedIn directly for information and deletion requests.

Information regarding your rights as a data subject can be found in LinkedIn’s Privacy Policy: www.linkedin.com/legal/privacy-policy.

b) Contact

If you communicate with us directly via the Social Media Profile or share personal content with us, we are responsible for processing your data. The purpose of data processing is to communicate with you. The legal basis for data processing is our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR in contacting enquirers and further developing our services.

9. Data storage period

Where necessary, we and our service providers process and store your personal data for as long as it is necessary for the purposes stated in this Privacy Policy. In particular, we store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a client relationship or other contract. It should be noted that our business relationship is usually a continuing obligation that is designed to last for years. For the storage duration of applicant data, see Section 4 above of this Privacy Policy.

In addition, we are subject to various storage and documentation obligations, which arise from the German Commercial Code (Handelsgesetzbuch, “HGB”) and the German Fiscal Code (Abgabenordnung, “AO”), among other things. The retention and documentation periods specified therein are six years for correspondence in connection with the conclusion of a contract and ten years for accounting documents (Sections 238, 257 para. 1 and 4 HGB, Section 147 para. 1 and 3 AO).

Finally, the storage period is also assessed in accordance with the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, “BGB”), are generally three years, but in certain cases can be up to thirty years.

We delete the data after the retention and documentation obligations and the relevant limitation periods have expired.

Logfiles and Cookies are deleted within the periods specified in Section 2.

10. Your data protection rights

You have the following rights with regard to the personal data we store about you: the right of access (Art. 15 GDPR, Section 34 BDSG), the right of rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR, Section 35 BDSG) and the right to data portability in a structured, commonly used and machine-readable format (Art. 20 GDPR). With regard to the right of access and the right to erasure, the restrictions according to Sections 34 and 35 BDSG apply.

Right to object according to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (public interest) or Art. 6 para. 1 sentence 1 lit. e GDPR (legitimate interests); this also applies to profiling based on these provisions. We shall no longer process this data upon the lodging of the objection, unless there are compelling reasons for the processing that merit protection, e.g. processing for the establishment, exercise, or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is associated with such direct marketing. We will no longer process your personal data for direct advertising if you exercise your right to object.

If we process your personal data based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you have the right to withdraw your consent at any time in accordance with Art. 7 para. 3 GDPR. As a result, we shall no longer be allowed to process data based on this consent in the future.

You can assert all these rights by sending an email to [email protected] or by contacting us using the contact details provided in Section 1.

Regardless of this, you have the right to lodge a complaint with a supervisory authority – in particular in the EU Member State of your place of residence, your place of work or the place of the alleged infringement – if you believe that the processing of your personal data violates applicable data protection regulations (Article 77 GDPR, Section 19 BDSG).

11. Data security

When you visit our Website, we use the widely used SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our Website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We secure the Website and other systems through technical and organisational measures against loss as well as destruction, access, modification, or distribution of your data by unauthorised persons. Our security measures are continuously improved in line with technological developments.

12. Electronic communication

Information transmitted via the Internet may be lost, altered or falsified. This also applies to emails, which are generally not protected against access by third parties. Raue therefore uses transport encryption as standard for all emails. If you provide us with a public key for receiving emails, we will use it for additional end-to-end encryption. Should you wish to use a different method of end-to-end encryption, for which Raue offers various procedures, please let us know. Otherwise, we assume that, within the scope of our mandate, we are entitled to exchange electronic information and data with you and third parties by email without using an encryption method that goes beyond transport encryption.

Version as of March 2026