Data Privacy Policy

This Data Privacy Policy explains the nature, scope and purpose of processing personal data when you visit this website.

discover legal GmbH values the trust of its customers and business partners. The company is therefore committed to respecting data protection and provides its customers and business partners with information concerning which data it collects and stores as well as information about their rights.

The business goal definition of discover legal GmbH complies with the data protection principles of GDPR pursuant to Art. 4 and 5 (1).


discover legal GmbH
Annenstraße 37
20359 Hamburg
Phone: 040-98677156
Managing Directors: Elizabeth Lehnich und Catherine Besendahl

General information and terms

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation performed with or without the aid of automated means or any such set of operations that is performed on personal data. The term is interpreted broadly, and it includes virtually every instance where data are processed.

Purposes of collection and storage

  • Processing applications, resumes, job descriptions
  • Implementing and terminating the contractual relationship
  • Measuring and managing performance
  • Personnel administration, personnel planning, personnel management, personnel development and training
  • Compliance with legal requirements, e.g. tax law
  • Internal administrative and organisational purposes
  • Ensuring the processing procedures and data are protected against unauthorised access, corruption and unauthorised use
  • Exercising and fulfilling the rights and duties of representation of the contractual partners’ interests arising from a law or an agreement
  • Customer administration, planning, management and customer development
  • Internal administrative and organisational purposes

Information about cookies

"Cookies" are small files that are stored on users’ computers. Cookies can be used to store various kinds of information. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online offering. "Session cookies" or "transient cookies" represent a type of temporary cookie that is erased after a user leaves the online offering or closes their browser.

This website uses only two session cookies. Both cookies expire automatically when the session ends. More detailed information on the cookies can be requested from the Controller.

If you do not want cookies to be stored on your computer, you are given the option to deactivate cookies in your browser settings or to erase existing cookies. Saved cookies can be erased in the system settings of the browser. If you deactivate cookies, you may not be able to use all the features of this online offering.

Furthermore, you can prevent cookies from being stored by disabling them in the browser settings. Please note that you may not be able to use all of the features of this online offering if you so disable cookies.

Other web tracking and analysis tools

This website does not use Google Analytics or any other web tracking/analysis tool.

Email and contact form

When contacting us (e.g. via contact form, email and telephone), the user’s data will be used to process the contact request and its handling in accordance with Art. 6 (1) point (b) (within the framework of contractual/pre-contractual relations) or Art. 6 (1) point (f) (other inquiries) GDPR. The statutory erasure deadlines apply.

Data transmission and processors

In the scope of our processing, we only disclose or transmit data or otherwise grant access to data to other persons or companies (processors or third parties) if we are authorised to do so by law (e.g. if data must be transmitted to a third party, such as a payment processer, to fulfil the contract as per Art. 6 (1) point (b) GDPR), if you have given your consent, if a legal obligation provides for this or if such transmission is based on a legitimate interest (e.g. when contracting with agents, web hosting providers etc.).

Whenever we commission third parties to process data, we always conclude a data processing agreement pursuant to Art. 28 GDPR.

Transmission to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if data is processed in a third country as part of a relationship with a third party or while using third party services, or if we disclose or transmit data to third parties, then this will only be done in order to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual approval, we process or allow data to be processed in a third country only if the special conditions specified under Art. 44 et seqq. GDPR are satisfied. In other words, data processing is conducted on the basis of specific guarantees, such as the official recognition that the level of data protection is such third country is equal to the level in the EU or thereby complying with officially recognized special contractual obligations (so-called "standard contractual clauses").

Types of data processed

  • Master data (name, academic title, address, customer number)
  • Contract data (type of contract, start date/end date of contract, content)
  • Business contact and communication data
  • Candidate data
  • Historical data

Your data protection rights

Your data protection rights are regulated in Chapter III (Art. 12 et seq.) of the European General Data Protection Regulation (GDPR). According to these provisions, you have a right to have access to information about the personal data stored about you, about the purpose of the processing, about possible transmissions to other bodies and about the duration of storage.

You may also receive extracts or copies when exercising your right of access. If data is incorrect or no longer necessary for the purposes for which it was collected, you may request that it be rectified, erased or the processing be limited.

If processing is based on a legitimate interest, you may object to the processing of your data should your particular personal situation give you reasons to object to the processing of your personal data. In such a case, we will only process your data if there are special compelling interests.

If you have any questions about your rights and how to exercise your rights, please contact us.

In individual cases we may also obtain your consent to the processing or transmission of your data. Your consent is freely given in such cases and can be revoked by you at any time in the future, unless otherwise agreed. You will not suffer any disadvantages if you do not give your consent or if you should revoke your consent at a later date.

Right to lodge a complaint with the supervisory authority

In case of data protection violations you have the right to lodge a complaint. Please contact or the competent supervisory authority:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard- Str.22, 7.OG
20459 Hamburg

Phone: 040 / 428 54-4040
Fax: 040 / 428 54- 4000

Erasure of data

Data that are processed by us will be erased or the processing thereof will be restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this Data Privacy Policy, we erase the data we store as soon as they are no longer needed for the respective purpose and provided that erasure does not conflict with any statutory preservation periods. If the data are not erased because they are needed for other and legally admissible purposes, the processing of such data is restricted, meaning that the data are made unavailable to users and are not processed for other purposes. This applies, for instance, to data that are subject to preservation periods of up to 16 years under commercial law or tax law.

Relevant legal bases

In accordance with Art. 13 GDPR, we hereby inform you about the legal basis of our data processing. If no legal basis is stated in the Data Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6 (1), point (a) and Art. 7 GDPR. The legal basis for processing that is conducted in the course of performing our services and carrying out contractual measures as well as answering inquiries is Art. 6 (1), point (b) GDPR. The legal basis for processing in the course of the fulfilment of our legal obligations is Art. 6 (1), point (c) GDPR. The legal basis for processing in order to protect our legitimate interests is Art. 6 (1), point (f) GDPR. In the event that personal data must be processed to protect the vital interests of the data subject or any other natural person, then Art. 6 (1), point (d) GDPR provides the legal basis for said processing.

By clicking "Accept all cookies", you agree to the storage of cookies on your device to improve website navigation and analyze website usage. For more information, please see our Privacy Policy.