We use your data in compliance with the applicable data protection regulations.

This privacy policy informs you about the personal data we collect from you and store. You will also receive information on how your data is used and what rights you have with regard to the use of your data.

If you are a party to insolvency proceedings, please also note the following data protection statements of the respective official administrator in insolvency proceedings, which you can access at the following link:

Privacy Declarations of the Insolvency Administrators (in German only)


I. Name and Contact Details of the Data Controller and the Data Protection Officer

The operator of this website and responsible for the collection, processing and use of your personal data within the meaning of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz/BDSG-2018) is the law firm consisting of 


Schmidt-Jortzig Petersen Penzlin Partnerschaft von Rechtsanwälten mbB (AG Hamburg PR 514)

Alstertor 9 - 20095 Hamburg

Phone +49 (40) 3095 496 - 0

Fax. +49 (40) 3095 496 - 50

E-mail: info@sjpp.de




Schmidt-Jortzig Petersen Penzlin Insolvenzverwaltung Partnerschaft von Rechtsanwälten mbB (AG Hamburg PR 1130)

Alstertor 9 - 20095 Hamburg

Phone +49 (40) 3095 496 - 0

Fax. +49 (40) 3095 496 - 50

E-mail: info@sjpp.de

The data protection officer can be contacted via the above address with the suffix

(“for the attention of the Data Protection Officer”)

or at datenschutzbeauftragter@sjpp.de.


II. General Information on the Processing of Personal Data

1. Purpose of Data Processing

In each case, your personal data will only be processed to fulfill or in connection with the respective stated purpose of the data processing.


2. Legal Bases for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. 

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which the data controller is subject, art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, art. 6 (1) p(d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of the data controller or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, art. 6 (1)  (f) GDPR serves as the legal basis for the processing.


3. Data Deletion and Storage Period

Your personal data will be deleted or blocked as soon as the purpose of the data processing has been fulfilled. Personal data may be stored in particular if this is provided for by legal or other regulations to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned provisions expires, unless further storage of the data is necessary.


4. Data Transmission to Third Countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding corporate rules (art. 44 to 49 GDPR). Information on this is available from us upon request. To the information page of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-dataprotection_en.


5. Data Sources

We obtain the data from you (including about the devices you use). If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it comes from publicly available sources.


6. Requirement or Obligation to Provide Data

Unless expressly stated at the time of collection, the provision of data is not required or obligatory. Such an obligation may result from legal requirements or contractual regulations.


7. Existence of Automated Decision Making (including profiling).

Automated decision-making - including profiling - does not take place.


8. Data Subject Rights

If the respective legal requirements are met, you have the following rights as a data subject within the meaning of the GDPR:


a) Withdrawal of Consent given for Data Processing (art. 7 (3) GDPR)

You have the right to withdraw your consent at any time. If there is no other legal basis for the data processing besides the consent, the data processing may not be continued for the future after the consent has been withdrawn.


b) Access to the Data stored about You and further information (art. 15 GDPR)

You may request confirmation from the data controller as to whether personal data concerning you are being processed by us. If such processing is taking place, you may in particular request information from the data controller about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.


c) Rectification of Inaccurate Personal Data (art. 16 GDPR)

You can immediately request the correction of incorrect or completion of your personal data stored by us.


d) Erasure of Personal Data (art. 17 GDPR)

You can request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.


e) Restriction of Processing (art. 18 GDPR)

You may request the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and in case we no longer need the data, but you need it for the establishment, exercise or defense of legal claims or you have objected to the processing pursuant to art. 21 GDPR.


f) Right to Data Portability (art. 20 GDPR)

Under certain conditions, you have the right to receive your data in a structured, common and machine-readable format and to transfer it or have it transferred to another data controller.


g) Right to complain to a Supervisory Authority (art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority - usually the supervisory authority of your habitual residence or workplace or our registered office.


9. Right to object

If your personal data is processed on the basis of our legitimate interests (art. 6 (1) (f) GDPR), you have the right to object to the processing pursuant to art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which is implemented by us without specifying a particular situation. 

If you wish to exercise your right to object, please send an e-mail to datenschutzbeauftragter@sjpp.de.


III. Processing of Personal Data when visiting our Website

1. Processing Log Files

Each time you visit our website www.sjpp.de, your browser automatically sends information to the server of our website, which is temporarily stored in a so-called log file.

The following data is collected without your intervention and stored until automated deletion:

  • the IP address of the requesting computer,
  • the date and time of access,
  • the name and URL of the retrieved file,
  • the website from which the access is made,
  • the operating system of your computer and the browser you are using and
  • the name of your Internet access provider.

The aforementioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • ensuring a comfortable use of our website,
  • evaluation of system security and stability, and
  • other administrative purposes.

The legal basis for the data processing is art. 6 (1) lit. f GDPR.

Our legitimate interest for data processing, which is assumed under this provision, results from the purposes listed above. In no case do we use the collected data to draw conclusions about your person.


2. Cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your end device (smartphone, tablet, laptop or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves primarily to make the use of our services more pleasant for you. We use so-called "session cookies" to recognize that you have already visited individual pages of our website. These cookies are automatically deleted after you leave our site.

In addition, in order to optimize user-friendliness, we use temporary cookies that are stored on your terminal device for a certain fixed period of time. When you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made. You then do not have to make these again.

Furthermore, third-party providers that we have integrated on our website may use cookies, which are used, for example, for the provision of additional functions. You can find more information about data processing within the scope of these services below in our privacy policy.

The setting or processing of personal data with the help of cookies is based on the consent of the user according to art. 6 (1) (a) GDPR, sec. 25 (1) TTDSG. In the case of cookies, which are absolutely necessary to provide the website properly, we base the setting of cookies on sec. 25 (2) no. 2 TTDSG or the processing of personal data on our legitimate interest under art. 6 (1) (f) GDPR to make our website available and to ensure this and its functionality and user-friendly design.

Most browsers accept cookies automatically. However, you can also configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created.

Complete deactivation of cookies may mean that you cannot use all functions of our website.

Cookie Settings


3. Gläubigerinformationssystem (GIS; “Creditor Information System”)

We have integrated the GIS component on our website. GIS is a web system that provides creditors in certain insolvency proceedings with information on insolvency proceedings at any time. GIS is used to provide creditors with a comprehensive information service.

The operating company of GIS is the STP Portal GmbH, Lorenzstraße 29, 76135 Karlsruhe, Germany. 

Use of the GIS requires the entry of an individual PIN provided to you by the insolvency administrator. It is also possible to request a PIN via the contact form integrated into the GIS.

The processing of your data for the purposes of the GIS is based on art. 6 (1) (c) GDPR in conjunction with sec. 5 (5) German Insolvency Code (InsO) for the fulfillment of a legal obligation. Otherwise, the data processing is based on art. 6 (1) (f) GDPR. It is carried out to fulfill and protect your interest in being informed about the current status of the insolvency proceedings. The use of the GIS is voluntary. 

GIS sets a cookie on the information technology system of the data subject. With the setting of the cookie, the user-related use of GIS is enabled, which is necessary, for example, for the login by means of the GIS PIN.

Further information and the privacy policy of STP Portal GmbH can be found at www.insolvenz-portal.de. GIS is explained in more detail under this link www.insolvenz-portal.de.


4. Data Security

During the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption.

If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, against partial or complete loss, against destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.


5. Links to Other Websites

We link websites of other providers not affiliated with us (third parties).

When you click on these links, we no longer have any influence on what data is collected and used by these providers (third parties). You can find more detailed information on data collection and use in the privacy policy of the respective provider (third party).

We assume no responsibility for the data collection and processing by third parties.



IV. Processing of Personal Data in the Context of Mandate Relationships

Within the scope and for the purpose of the establishment and performance of an attorney-client relationship, the following data in particular will be collected from you: salutation, first name, last name, e-mail address, address, telephone number, information necessary for the assertion and defense of your rights under the mandate.

Data processing is carried out at your request for the purposes of concluding or carrying out the mandate relationship and only to the extent that it is necessary for the fulfillment of the mandate relationship.

The legal basis for the processing of personal data in this case is art. 6 (1) (b) GDPR and, if applicable, your consent according to art. 6 (1) (a) and our legitimate interest according to art. 6 (1) (f) GDPR to be able to carry out and fulfill the mandate relationship requested by you.

The personal data will be deleted or blocked as soon as they are no longer required to fulfill the abovementioned purposes, unless legal or other provisions or legitimate interests of the data controller require the continued storage of the data.


V. Processing of Personal Data in Insolvency Proceedings

In insolvency (application) proceedings, we process personal data of the parties to the proceedings in the course of our activities as a court-appointed insolvency expert, (provisional) insolvency administrator or (provisional) assistant administrator.

The data processing in this context shall be carried out for the purpose of fulfilling the respective court order issued to us as experts or for the purpose of fulfilling the tasks incumbent upon us under the Insolvency Code and other laws in our capacity as (provisional) insolvency administrator or (provisional) assistant administrator within the scope of the powers granted to us by law or by virtue of a court order.

In this context, the data processing extends to personal data insofar as they are required for the fulfillment of the aforementioned tasks. The type of personal data is determined by the type of participation of the data subject in the proceedings but generally includes the following categories of data: master data, communication data, contract data, claims data, payment information, economic data and bank data.

If you are a creditor in insolvency proceedings, the following data in particular will be collected from you and administered for the purpose of inviting you to file a claim (cf. sec. 28, 174 of the German Insolvency Code (InsO)), reviewing the claims filed by you and, if applicable, distributing the insolvency quota: personal master data (esp. name, address), details of the claim asserted, bank details.

The legal basis for data processing in the context of insolvency proceedings is first and foremost art. 6 (1) (c) GDPR. In addition, data processing may be carried out on the basis of our legitimate interest pursuant to art. 6 (1) (f) GDPR in fulfilling our mandate as a court-appointed expert or our duties as (provisional) insolvency administrator or assistant administrator, or - in the event of the consent of the data subject - on the basis of art. 6 (1) (a) GDPR.

A deletion or blocking of the personal data takes place in each case as soon as they are no longer required for the fulfillment of the above-mentioned purposes, therefore as a rule with the conclusion of the insolvency proceedings, unless legal or other provisions or legitimate interests of the data controller make the further storage of the data necessary.


VI. Updating of this Privacy Notice

We reserve the right to update our privacy notice at any time, including to comply with any legal requirements or to offer new services in accordance with legal requirements.

You can recognize the current status of the data protection notice by the line "Status: ..." at the end of this data protection notice.


Status: 17.07.2023