Business made simple, stronger, and legally sound.
Attorney-at-Law Ulrich Barth
Services
Empowering the automotive industry through legal expertise
Automotive law covers a broad range of legal issues that are of central relevance to manufacturers, suppliers, engineering and development service providers, and other stakeholders in the automotive sector. It reflects the specific challenges and dynamics of this industry—from complex supply chains and technical specifications to strictly regulated quality and safety requirements. Legal support in this field requires a precise understanding of contractual structures, industrial standards, and the regulatory framework that shapes cooperation between Original Equipment Manufacturers (OEMs) and suppliers. In addition, internal corporate requirements, audit expectations, and the interplay between series production and project-based development regularly create significant legal steering needs in day-to-day practice.
A particular focus lies on structuring and enforcing relationships between OEMs and suppliers. Especially in long-term supply and development projects, conflict situations arise frequently—for example in connection with specification changes, call-offs, price and cost adjustments, delivery delays, quality deviations, warranty issues, recalls, or liability questions along the supply chain. The objective is a clear, robust contractual framework—including effective provisions on scope of performance, change management, allocation of liability, escalation mechanisms, and dispute resolution—that preserves operational capability and makes risks manageable. Equally relevant are provisions on confidentiality, data and interface access, tooling and ownership issues, acceptance procedures, service and spare-parts obligations, and recourse and indemnity mechanisms in the event of field actions.
Successfully navigating the automotive sector also requires a deep understanding of industry-specific legal and compliance requirements. This includes, in particular, product liability and product safety, regulatory obligations, protection of intellectual property (e.g., know-how, patents, software, technical documentation), confidentiality and licensing models, as well as international trade and customs matters. Compliance with current industry standards—such as supplier and quality management requirements, safety standards, and environmental and sustainability obligations—is often critical to contractual eligibility and supply capability. In cross-border constellations, additional issues arise, including choice of law, jurisdiction, Incoterms, export control, and the securing of payment and delivery obligations—factors that become especially relevant in crisis situations.
Overall, the aim is practical, strategic, and economically sound solutions: legal structures that stabilize projects, reduce risks, and support negotiations—even in critical situations such as SOP/series ramp-ups, supply shortages, or supply-chain disruptions. With legal expertise and industry knowledge, conflicts can be managed early and escalations can be avoided or resolved in a targeted manner. This often includes the enforcement or defense of claims, preservation of evidence, preparation of technical and commercial lines of argument, and the development of robust settlement and escalation strategies.
In automotive law matters, legal complexity is combined with practical implementability and solutions are developed that match the technical and commercial requirements of the industry. For an initial assessment and clarification of the required support, contact can be made in order to discuss the next steps in a structured manner.
Legal clarity in conflicts surrounding travel and tourism
Travel law is a specialized field that addresses the legal aspects of the travel and tourism sector. In practice, it concerns both travelers and providers and service partners—such as tour operators, travel agents, hotels, airlines, rail and coach operators, cruise lines, and car rental and transfer companies. A key feature is that several contracts and parties often interact, and responsibilities are not always clearly allocated. Especially with complex booking chains, code-share arrangements, package and combined services, or subsequent changes (rebookings, cancellations, re-routing), a structured legal assessment is essential.
When travel-related disputes arise, the focus is typically on clarifying contractual obligations, allocation of liability, and consumer-protection rules. Common issues include withdrawal and termination rights, rebooking, price reduction, damages, reimbursement of wasted expenses, and compensation claims. Depending on the type of trip and contractual set-up, it must be assessed whether the matter involves a package holiday, linked travel arrangements, or individual contracts—since this determines the correct counterpart, legal basis, applicable deadlines, and evidentiary requirements. Cross-border elements may add further complexity, for example where a foreign contracting party is involved, terms are in another language, or jurisdictional questions arise.
A major area of work concerns transportation and air travel: cancellations, significant delays, denied boarding (e.g., overbooking), missed connections, and lost or damaged baggage are typical scenarios. In these cases, details often matter: When was the passenger informed? Which alternatives were offered? What additional costs were incurred? Were care services provided (accommodation, meals)? Which evidence is available (boarding passes, booking confirmations, baggage receipts, invoices)? A legally sound approach usually starts with orderly documentation and a clear assertion of claims, so that entitlements do not fail due to formalities, deadlines, or incomplete proof.
Disputes also frequently arise in relation to accommodation—for example, serious defects, deviations from promised features, unavailability, noise or hygiene issues, missing services, or safety concerns. Here, the correct course of action is often decisive: notice of defects, a reasonable deadline to remedy, evidence preservation (photos, witnesses, correspondence), and the legal classification of materiality. Questions of alternative accommodation, cost coverage, and the distinction between minor inconvenience and legally relevant non-performance are equally important. Cruises and round trips add further particularities, as several service components are interlinked and disruption of one component may affect the entire trip.
A professional approach in travel law also takes account of industry-specific conditions: standardized terms and conditions, varying responsibilities, sometimes short response or limitation periods, and the economic question of whether an out-of-court settlement is sensible or firm enforcement is required. The aim is a clear strategy—from initial legal assessment through communication and negotiations to court proceedings where appropriate. Practical feasibility is always key: what outcome is realistically achievable, how robust is the evidence, and which solution is economically reasonable in light of effort and risk?
In travel law matters, complex circumstances are structured and assessed from a legal perspective and legitimate interests are safeguarded consistently. For an initial assessment and clarification of the required support, contact can be made in order to discuss the next steps in a structured manner.
Empowering healthcare stakeholders through legal expertise
Medical law is a specialized field that covers the legal framework of healthcare and involves numerous interfaces between civil law, professional regulation, social security law, data protection, and organizational and compliance duties. It is particularly demanding because legal assessments are often closely connected to medical processes, documentation standards, communication practices, and organizational structures. It is also a sensitive area in which stringent requirements apply regarding confidentiality, informed consent, quality, and patient safety. A reliable legal assessment therefore requires precise fact-finding and careful review of medical and administrative records.
In the relationship between physicians, hospitals, medical care centers, nursing facilities, insurers, and patients, a wide range of challenges can arise. Key topics include medical liability and treatment errors, information and consent, patient rights, documentation obligations, medical confidentiality, data protection in the handling of health data, and issues of insurance coverage and reimbursement. The strength of any legal evaluation often depends on whether the course of treatment and the consent process are properly documented, whether the applicable standard of care was met, and how causation and damage can be demonstrated. Where treatment chains are complex (referrals, inpatient/outpatient settings, multiple specialties), a clear allocation of responsibilities is essential.
Another focus lies on the legally compliant design and control of processes in healthcare. For providers and institutions, organizational duties, quality requirements, and internal workflows can be liability-relevant: consent forms, documentation systems, delegation and organizational structures, emergency procedures, aftercare, complaint management, and secure processing of patient data. Cooperation with third parties—such as laboratories, external service providers, cooperation partners, or IT vendors—also requires clear contractual arrangements, in particular on responsibilities, liability, remuneration, data protection, and information flows.
In addition, issues in dealings with insurers and payers are common. Disputes arise, for example, over reimbursement of medical services, benefit denials, billing and audit constellations, or recourse and clawback claims. In such situations, a structured approach is often required that prepares both the medical rationale and the legal basis in a coherent way. Patient-side claims may likewise require detailed examination—especially regarding suitable evidence and early steps to secure documentation and records.
Overall, the objective is practical, strategic, and effective legal solutions tailored to the specific characteristics of healthcare. This includes the assessment and enforcement of justified claims as well as the structured defense against unjustified demands and support in disputes where sober, documentation-based argumentation is decisive. Particular weight is placed on deadlines, evidence preservation, orderly preparation of records, and a clear communication strategy toward all parties involved. The aim is to manage legal risk, clarify positions on a sound basis, and develop solutions that remain workable in practice.
In medical law matters, legal complexity is combined with practical implementability and solutions are developed that reflect both the realities of healthcare and the applicable legal requirements. For an initial assessment and clarification of the required support, contact can be made in order to discuss the next steps in a structured manner.
Strengthening the energy sector with legal solutions
Energy law is a specialized field that sets out the legal framework of the energy sector and is particularly complex due to intensive regulation, technical infrastructure, and dynamic market conditions. It affects energy suppliers, grid operators, traders and platforms, project companies, metering and billing service providers, as well as industrial and commercial consumers. Legal questions frequently arise at the interface of contractual practice, market rules, regulation, and technical processes—for example in procurement, supply, grid access, metering, balancing, settlement, and compliance. Transformation dynamics (decarbonization, renewables, grid expansion, flexibility models) further shape requirements for contracts and duties.
A key focus lies in the legally robust structuring and implementation of contracts and business relationships. This includes electricity and gas supply and procurement agreements, framework contracts, cooperation and project agreements, as well as provisions on pricing and price adjustment, terms, termination, collateral, performance disruptions, and liability. In practice, price-adjustment and risk-allocation clauses, mechanisms for passing through procurement costs, and clear definitions of performance obligations and settlement bases are often decisive. Disputes commonly arise in volatile procurement markets, in billing discrepancies, in disagreements over contractual interpretation, or where performance is disrupted along the supply chain.
In relationships between suppliers, grid operators, market partners, and consumers, issues relating to security of supply, handling of collateral, and risk management also regularly arise. Practically important topics include data and communication processes (e.g., market communication), metering and balancing issues, responsibilities in multi-tier supply chains, and the legal assessment of disruptions, interruptions, or adjustment demands. Especially in contentious situations, clear structuring of facts, securing relevant documents, and a consistent communication line are important to preserve rights and maintain options for action.
Compliance with regulatory requirements is likewise central. Depending on the business model, energy-industry rules, market and grid codes, and environmental and climate-related requirements may be relevant. This is often complemented by compliance and transparency duties, data protection and IT-security requirements, and sustainability and proof-of-origin systems that must be embedded in contracts and processes. In cross-border settings, trade, customs, or sanctions-related frameworks may also become relevant and require legally secure business design.
Overall, the aim is practical, strategic, and economically sound solutions: legal structures that stabilize business models, reduce risk, and support negotiations—even in crisis situations such as sharply fluctuating prices, liquidity and collateral issues, or disputes along supply and settlement chains. This includes structured review and enforcement of claims as well as the defense against unjustified demands and the legally compliant design of internal processes so that regulatory and contractual requirements can be implemented reliably. The objective is to make complexity manageable and to secure decisions on a legally robust basis.
In energy law matters, legal complexity is combined with practical implementability and solutions are developed that fit the technical, regulatory, and commercial requirements of the energy sector. For an initial assessment and clarification of the required support, contact can be made in order to discuss the next steps in a structured manner.
Contact
For enquiries, feedback or appointment scheduling, the following contact options are available. Messages are dealt with promptly; in urgent matters, please telephone.
office[at]justifico.com
Telephone
Office address
Käthe-Kollwitz-Straße 6, D-91154 Roth, Germany
Legal Notices
External links
This website contains links to external third-party websites. There is no control over their content, design or updates. The respective operator/provider is solely responsible for the content of the linked pages. At the time the links were created, the external pages were checked to the best of our knowledge for potential legal infringements; no unlawful content was identifiable at that time. Ongoing monitoring of linked pages is not reasonable without specific indications of a legal violation. If legal violations become known, the relevant links will be removed or disabled without undue delay; linking does not constitute endorsement of the linked content.
Trade marks and copyright
The trade mark JUSTIFICO is registered with the EUIPO and protected by trade mark law. Any use—especially in the course of trade, in domain names, on social media, in advertising, in meta tags or as a distinguishing sign—is prohibited without prior written consent. The content of this website (texts, graphics, images, layout and logos) is protected by copyright. Any reproduction, distribution, making available to the public, adaptation or other use requires the prior consent of the respective rights holder. Downloads and copies are permitted only for private, non-commercial use. Third-party content is identified as such; upon becoming aware of legal infringements, such content will be removed without undue delay.
Content, liability and legal advice
The content of this website is prepared with the utmost care and reviewed regularly. However, no warranty is given as to accuracy, completeness, timeliness or uninterrupted availability; changes in law or practice may render content out of date. The information is provided solely for general information about services and does not constitute legal advice in individual cases. It does not replace a case-specific review and, in particular, does not constitute a binding offer. Liability for material or immaterial damage arising from the use or non-use of the information is excluded to the extent permitted by law.
Gender-inclusive language and AGG
An effort is made to use language that is as gender-inclusive and clear as possible. Where gender-specific forms or the generic masculine are used in individual cases for reasons of readability, this is purely linguistic and carries no value judgement. This does not imply any disadvantage; discrimination on the grounds of gender or other characteristics within the scope of section 1 of the German General Equal Treatment Act (AGG) is neither intended nor practised. The substance of the statement is decisive, not the chosen linguistic form. Suggestions regarding potentially ambiguous wording will be considered and, where appropriate, taken into account.
Data security and protective measures
Appropriate technical and organisational measures are implemented to protect personal data and other confidential information. These include, in particular, encryption (TLS/HTTPS), access restrictions and additional security measures to protect systems. Security measures are aligned with the state of the art and the relevant risk profile and are reviewed on an ongoing basis. Nevertheless, absolute protection against third-party access cannot be guaranteed when data is transmitted over the internet. It is recommended to transmit confidential information only via the designated channels and to use the secure transmission methods provided.
Professional information
The professional activity as a German Rechtsanwalt is subject to professional regulations. Information regarding the professional title, the competent bar association, applicable professional rules and professional indemnity insurance is provided in the website Imprint/Legal Notice (Impressum). The information is available there in full and in an easily accessible manner. Any additional information obligations under professional rules are likewise fulfilled in the Imprint/Legal Notice (Impressum). The agreed terms for legal services and the applicable statutory framework apply.
Imprint
Contact details
Communication
Email: office[at]justifico.com
Professional title
Rechtsanwalt (Attorney-at-Law, Germany) – professional title awarded in the Federal Republic of Germany.
VAT ID
VAT identification number (USt-IdNr.): DE812776975
Online dispute resolution
EU platform for online dispute resolution:https://consumer-redress.ec.europa.eu/
Professional indemnity insurance
There is a professional indemnity insurance with R+V Allgemeine Versicherung AG, Raiffeisenplatz 1, D-65189 Wiesbaden. The insurance number is 406 25 065005271. The geographical scope of the insurance coverage includes legal advice in the member countries of the European Union and the states of the European Economic Area including Switzerland. Substantively, the legal advice is limited to European law. If necessary, the geographical and substantive scope of the legal advice can be extended by expanding the professional indemnity insurance. For this, a separate agreement with us is required. The Federal Lawyers' Act obliges solicitors to maintain professional indemnity insurance with a minimum coverage amount of 250,000 euros. Further details can be found in § 51 BRAO.
Competent bar association
E-Mail: info[at]rak-nbg.de
Professional regulations
You can find the professional regulations here.
Privacy Notice
The protection of your personal data is important to us. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the other applicable data protection laws, in particular the German Telecommunications and Digital Services Data Protection Act (TDDDG), insofar as cookies or comparable technologies are used.
With this privacy notice, we inform you about which personal data we process when you use this website, when you contact us, and when we carry out legal mandates, for which purposes the processing takes place, on which legal basis it is carried out, and which rights you are entitled to.
A. General Information
1. Controller
The controller within the meaning of Article 4(7) GDPR is:
Attorney-at-Law (Germany) Ulrich BARTH
Käthe-Kollwitz-Strasse 6
D-91154 Roth, Germany
Telephone: +49 (0)9171 8399881
Email: office[at]justifico.com
Further details are provided in the website imprint.
A data protection officer has not been appointed, as there is no legal obligation to do so.
2. Definitions
The definitions set out in the GDPR apply, in particular those relating to personal data (Article 4(1) GDPR), processing (Article 4(2) GDPR), controller (Article 4(7) GDPR), processor (Article 4(8) GDPR), consent (Article 4(11) GDPR), and third party (Article 4(10) GDPR).
3. Legal Bases for Processing
We process personal data only where at least one of the following legal bases applies:
Consent (Article 6(1)(a) GDPR)
Performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR)
Compliance with a legal obligation (Article 6(1)(c) GDPR)
Legitimate interests (Article 6(1)(f) GDPR)
Where cookies or comparable technologies are used, their storage or access to information on your device is additionally governed by Section 25 TDDDG.
4. Recipients and Processors
For the provision of the website, communication, and the operation of certain website functions, we use service providers who may process personal data either as processors pursuant to Article 28 GDPR or as independent recipients, in particular:
Hosting and platform service providers (Odoo)
Content delivery and security service providers (Cloudflare)
Communication service providers (Microsoft 365, Sipgate)
Providers of embedded third-party content (e.g. Google Maps / Google Places)
Providers of embedded third-party content (e.g. Google Maps / Google Places)
Personal data is otherwise disclosed to third parties only where legally permitted or where you have given your consent.
5. Transfers to Third Countries
Where services are used for which processing of personal data outside the European Economic Area (EEA) cannot be ruled out (in particular certain services provided by international providers such as Cloudflare or Google services), such transfers are carried out exclusively in compliance with Articles 44 et seq. GDPR, in particular on the basis of:
Adequacy decisions of the European Commission and/or
Standard Contractual Clauses pursuant to Article 46 GDPR,
as well as, where necessary, additional safeguards.
6. Data Retention and Deletion
Personal data is deleted or restricted as soon as the purpose of processing no longer applies and no statutory retention obligations or other legitimate grounds prevent deletion.
Client and mandate-related data (including files, correspondence, and billing documents) is stored in accordance with applicable professional, tax, and commercial retention obligations, in particular:
Section 50 German Federal Lawyers’ Act (BRAO) – generally at least 6 years for client files,
Section 257 German Commercial Code (HGB) and Section 147 German Fiscal Code (AO) – generally 6 or 10 years, depending on the type of document.
After expiry of the applicable retention periods, the data is deleted or destroyed in a data-protection-compliant manner, unless further retention is required for the assertion, exercise, or defence of legal claims.
7. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or manipulation. These measures are aligned with the state of the art, the risks of processing, and the nature and scope of the data processed.
8. No Automated Decision-Making
No automated decision-making, including profiling within the meaning of Article 22 GDPR, takes place.
9. Rights of Data Subjects
You are entitled in particular to the following rights:
Right of access (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to erasure (Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to data portability (Article 20 GDPR)
Right to object (Article 21 GDPR)
Right to withdraw consent (Article 7(3) GDPR)
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
The competent supervisory authority is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, D-91522 Ansbach
Telephone: +49 (0)981 180093-0
Email: poststelle[at]lda.bayern.de
You may exercise your rights at any time by contacting us using the details set out in section A.1 above.
10. Amendments to This Privacy Notice
This privacy notice is updated as necessary to reflect changes in legal, technical, or organisational circumstances.
B. Processing When Using the Website
1. Provision of the Website (Odoo Platform)
This website is provided using Odoo (including modules such as Website, Website Enterprise, E-Commerce, Blog, Forum, Job Listings/Recruitment, Contact Forms, and other website functions). Depending on the activated features, personal data may be processed when you use the website (e.g. forms, user accounts, orders, comments/posts, applications).
The legal basis is Article 6(1)(f) GDPR (legitimate interest in secure and functional website operation) and, where specific functions are used, Article 6(1)(b) GDPR (contract/pre-contractual measures) or Article 6(1)(a) GDPR (consent), depending on the context.
2. Server Log Files / Access Data
When accessing the website, technically necessary access data is processed, in particular:
IP address (and other connection data),
date and time of access,
accessed page/file,
referrer URL,
referrer URL,
amount of data transferred, status code.
Processing is carried out to ensure the security, stability, and functionality of the website and to detect misuse or attacks (Article 6(1)(f) GDPR).
Log data is generally deleted after 30 days, unless a longer retention period is required for security incident investigation.
3. Content Delivery Network and Security Services (Cloudflare)
To secure and optimise the website, we use Cloudflare services (e.g. reverse proxy/CDN and attack mitigation). Technically required connection and access data is processed, including IP address, timestamps, accessed content, header information, and security events.
The legal basis is Article 6(1)(f) GDPR (legitimate interest in security and performance).
Processing in third countries (in particular the USA) cannot be completely ruled out; any transfer is carried out in compliance with Articles 44 et seq. GDPR.
4. Bot and Spam Protection (Cloudflare Turnstile)
To protect against automated submissions (e.g. form spam), Cloudflare Turnstile may be used. In this context, IP addresses, technical device/browser data, and interaction data may be processed to detect automated access.
The legal basis is Article 6(1)(f) GDPR (security and abuse prevention).
Processing in third countries (in particular the USA) cannot be completely ruled out; transfers take place in compliance with Articles 44 et seq. GDPR.
5. Google Search Console
We use Google Search Console to monitor and improve the technical visibility and presentation of our website in Google search results (e.g. index status, crawling errors, aggregated search queries). The provider is Google Ireland Limited.
The legal basis is Article 6(1)(f) GDPR (legitimate interest in technical optimisation and search visibility).
Processing of data by Google in third countries (in particular the USA) cannot be completely ruled out; transfers are carried out in compliance with Articles 44 et seq. GDPR.
6. Embedded Maps and Location Services (Google Maps / Google Places)
Where map material or location functions are embedded on the website (e.g. Google Maps or Google Places Autocomplete), data is transmitted to Google when such content is accessed, including IP address, timestamp, and technical information; location data is transmitted only if you have enabled this on your device. The provider is Google Ireland Limited.
The legal basis is Article 6(1)(f) GDPR (legitimate interest in user-friendly presentation of locations and address functions) or Article 6(1)(a) GDPR, where consent is obtained via a consent tool, depending on the technical implementation.
Processing in third countries (in particular the USA) cannot be completely ruled out; transfers take place in compliance with Articles 44 et seq. GDPR.
7. Contact Form
When using the contact form, we process the following data:
First name (mandatory)
Last name (mandatory)
Email address (mandatory)
Telephone number (optional)
Subject (mandatory)
Message/question (mandatory)
Processing is carried out to handle your enquiry and contact you. The legal basis is Article 6(1)(b) GDPR where the enquiry relates to pre-contractual measures or mandate initiation; otherwise Article 6(1)(f) GDPR (legitimate interest in communication).
Enquiries without mandate relevance are generally deleted after 12 months, unless statutory retention obligations or legal defence interests require longer storage.
8. Newsletter / Marketing Communications
A newsletter is currently not offered or actively operated. Should newsletter functions be activated in the future, this will take place only on the basis of consent (Article 6(1)(a) GDPR) and in compliance with applicable requirements (e.g. double opt-in). The privacy notice will be updated accordingly.
9. User Account / Login / Portal (Website Profile)
Where user account, login, or portal functions (“website profile”) are used, the data required for registration and use (e.g. login data, profile data, communication and usage data) is processed to provide and manage the account.
The legal basis is Article 6(1)(b) GDPR (contract/pre-contractual relationship) and Article 6(1)(f) GDPR (security and abuse prevention).
10. E-Commerce / Orders / Payments
Where the online shop is used, we process data required to handle orders (e.g. contact data, order details, delivery and billing data). The legal basis is Article 6(1)(b) GDPR.
Where payment service providers are integrated for payment processing, the data required for payment processing is transmitted to the respective provider. Data processing by the payment provider is governed by its own privacy notice.
11. Blog / Forum / Events / Tickets / Applications
Where blog, forum, event, ticketing, or recruitment functions are used, the data entered by you and technically required data is processed (e.g. posts/comments, profile data, participation data, application documents).
The legal basis is Article 6(1)(b) GDPR (contract/pre-contractual measures) or Article 6(1)(f) GDPR (operation and security of the platform), depending on the usage context.
12. Link Tracking
Where link tracking is actively used (e.g. to evaluate campaign links), technical data and parameters may be processed when such links are accessed (e.g. timestamp, target URL, referrer, possibly shortened IP information).
The legal basis is Article 6(1)(f) GDPR (legitimate interest in evaluating link effectiveness). Where cookies or similar technologies are used, this is done in accordance with Section 25 TDDDG.
13. SMS Functions
Where SMS functions are used for communication (e.g. appointment or status notifications, follow-up enquiries), your telephone number and communication content are processed for contact purposes. The legal basis is Article 6(1)(b) GDPR or Article 6(1)(f) GDPR, depending on the context.
14. Email Communication (Microsoft 365)
For email communication, we use Microsoft 365. Personal data contained in email communications is processed to handle your enquiry or mandate. The legal basis is Article 6(1)(b) GDPR (mandate initiation/contract) or Article 6(1)(f) GDPR (legitimate interest in communication).
Processing outside the EEA cannot be completely ruled out depending on configuration and support/administration processes; any transfers are carried out in compliance with Articles 44 et seq. GDPR.
15. Telephony (Sipgate) and Automated Assistance
For telephony services, we use Sipgate. Traffic and communication data is processed (e.g. telephone number, time, duration, and, where necessary, content for handling the enquiry). The legal basis is Article 6(1)(b) GDPR (mandate initiation/contract) or Article 6(1)(f) GDPR (legitimate interest in communication).
Where an automated assistant (e.g. AI-based voice agent) is used to receive and pre-structure calls, this may involve processing call content to identify the enquiry and route it appropriately. It is recommended not to transmit special categories of personal data (Article 9 GDPR) via this communication channel unless strictly necessary.
Call recordings or transcriptions are carried out only after separate notice and, where required, consent.
16. Cookies and Comparable Technologies
We use technically necessary cookies and comparable technologies that are required for the operation and security of the website (Section 25(2) No. 2 TDDDG). This may include session cookies required for session management, forms, login functions, and security.
Analytics or marketing cookies are currently not used. If non-essential cookies are used in the future, this will take place only on the basis of your consent (Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR). Further details are provided in the cookie policy.