Privacy Policy for Website Visitors

In a nutshell

matterius is operated in Germany and does not use service providers or data centers outside the EU.

We do not use any third-party tracking and marketing tools. We only analyze page visits based on browser log files, without personal identification or profiling.

We only use technically necessary cookies and do not use tracking or marketing cookies.

This privacy policy applies to all visitors to our website. For registered lawyers, the privacy policy for lawyers  also applies. For persons who confirm matters for clients on matterius, the privacy policy for clients also applies.

If you have any questions, please feel free to contact privacy -at- matterius.com.

Table of contents

1. Subject and Structure
2. Data controller and contact details
3. Contact form
4. Newsletter registration
5. Server log files
6. Transactional email tracking
7. Usage analysis
8. General notices
9. Explanations of terms
10. Your GDPR rights

1. Subject and Structure

matterius is an online platform that makes the experience of business lawyers transparent, verifiable and findable. Lawyers can create a lawyer profile on matterius, describe and publish matters and optionally have them confirmed online by the client.

With this privacy notice, we inform you about the processing of your personal data by us when you visit our website at matterius.com and about the rights you are entitled to under the EU General Data Protection Regulation (GDPR).

This privacy policy applies to all visitors of our website. For registered lawyers, the special privacy policy for lawyers also applies. For persons who confirm matters for clients on matterius, the special privacy policy for clients also applies.

2. Data controller and contact details

The data controller within the meaning of the GDPR is us, matterius GmbH in Munich. You can find our contact details in the imprint. For data protection questions, please contact us at the following e-mail address: privacy -at- matterius.com.

3. Contact form

3.1 General contact form

We use the information you provide in the general contact form on matterius to process your request. After answering your request, your data is usually deleted after 90 days or after expiry of legal retention periods.

3.2 Contact form in the lawyer profile

If you use the contact form on a lawyer's profile page, we will forward your message by email to the email address provided to us by the lawyer and then delete the message from our system.

3.3 Data security

The data transmission is encrypted. However, the contact form does not offer end-to-end encryption, i.e. technical service providers (hosters, e-mail providers) may have access to data in clear. The contact form is therefore not intended to transmit sensitive matter-related information.

3.4 Legal basis

The legal basis for the processing is the fulfillment of the contract (for customers) or our legitimate interests. Our interest is to provide a simple and immediate contact option via our website.

4. Newsletter registration

By subscribing to our matterius legal newsletter, you consent to us, matterius GmbH, that we send information on legal topics and the legal services market (e.g. legal insights, event information, product and services) on a regular basis to the e-mail address you have provided. The newsletter may also contain third-party content and advertising, but we do not share your information with third parties. We may use your details (e.g. jurisdiction, practice area) to provide you with suitable content.

You also consent to us collect whether and when you have opened the newsletter and which links you have clicked in it in order to adjust the delivery times and content of the newsletter and to send you interest-based content.

Your consent can be withdrawn at any time with effect for the future. The legal basis for the processing is your consent.

If you do not have a user account, we may send you an e-mail with a confirmation link to ensure that you are the owner of the e-mail address provided (so-called "double opt-in").

5. Server log files

When you visit an individual page, our web servers collect the address (URL) of the page visited, the date and time of the visit, any error messages and, if applicable, the operating system and browser software of your end device, your IP address and the website from which you are visiting us (referrer) in a log file.

The log file data is used by us to ensure the functionality of our services (e.g. error analysis, ensuring system security and protection against misuse) and is deleted after 7 days or shortened in such a way that an individual can no longer be identified.

To the extent log file data qualifies as personal data in individual cases, the legal basis for processing the log file data is our legitimate interest (error analysis, ensuring system security and protection against misuse).

6. Transactional email tracking

We send various transactional emails, e.g. to verify an email address after creating a user account or for status information in the context of our matter confirmation process.

Transactional emails may contain individualized images and links that we use to track whether and when an email was opened or links were clicked (Click Data).

We use this Click Data

  • for the detection and correction of errors (e.g. if matter confirmations were not completed although confirmation links were clicked)
  • to fight misuse (e.g., to detect whether transactions are triggered automatically by bots)
  • for verification purposes (e.g. to be able to prove that e-mails were actually delivered in the event of a dispute).

The legal basis for this data processing is the pursuit of the aforementioned purposes. We regularly delete the Click Data after 7 days.

7. Usage analysis

7.1 Usage data

When you visit our website, we collect the following Usage Data:

  • Web page accessed (with date and time)
  • Referring (previously accessed) website (referrer)
  • Operating system, browser software and screen resolution of the end device
  • IP address of the end device - however, this is only stored and used in shortened form.
  • clicked links (e.g. detailed view of a matter).

7.2 Use purposes

We use the Usage Data for the following purposes:

  • to improve our services. We can, for example, recognize which functions and content are particularly of interest and expand and extend them accordingly. We can see which devices are used and can technically adapt matterius to them. We recognize which countries and regions users come from and can expand the language offering accordingly.
  • to detect and correct errors. For example, we identify whether there are frequent breakups in registration and confirmation processes and which device types this occurs on.
  • in the future, if necessary, to provide users with anonymous, statistical report of how often certain content was accessed (page counter).

We do not use the Usage Data to identify individual visitors or users or to create usage profiles of individual users. We do not assign the Usage Data to individual users.

7.3 Processing

No cookies are used for usage analysis. We only process information that is transmitted by the browser to our servers by default. The IP address is only stored in a shortened, anonymized form. We operate the software for the usage analysis on our servers. No third-party providers or cloud services are used for this. We delete the usage data after 24 months. The legal basis for the processing is our legitimate interest in analyzing the use of our website to improve our service, to detect and correct errors and to provide statistical reports.

Unless otherwise stated in this privacy policy or in the special privacy policy for lawyers or clients, the following applies:

8. General notices

8.1 Required information

You are not obliged to provide any personal data. Required input fields are  marked as such on our input forms.

8.2 Legal basis

We process data about lawyers and contact persons at clients on the basis of the legal basis of the contract performance. In all other respects, we process your data on the basis of our legitimate interests. Our interest lies in the efficient provision of a platform that makes the experience of business lawyers transparent, verifiable and findable.

8.3 Categories of data recipients

Within our company, your data will be passed on to the relevant departments. For the technical operation of the website and individual functionalities, we may use technical service providers within the EU as so-called data processors, e.g. for maintenance, e-mail delivery and hosting. Currently, we use Hetzner Online GmbH, Gunzenhausen/Germany for hosting.

8.4 Data transfers to third countries

Unless otherwise stated, we do not transfer your data to countries outside the EU and the EEA ("third countries"). If we do transfer data to recipients in third countries for which the EU Commission has not determined that they guarantee a level of data protection adequate to the EU (so-called "unsafe third countries"), the following applies: we have concluded standard data protection clauses with the recipients, the content of which you will receive from us upon request.

8.5 Criteria for the storage period

We specify the storage period for your data based on the specific purposes for which we use the data. For example, we delete data about lawyers (e.g. profile information, published matters) and about contact persons at clients, when the user account is deleted. In addition, we are partly subject to statutory retention and documentation obligations, which arise in particular from the German Commercial Code (HGB) and the German Fiscal Code (AO). Finally, the storage period is also determined according to the statutory limitation periods, which are generally three years, e.g. according to §§ 195 ff. of the German Civil Code (BGB).

9. Explanations of terms

9.1 Terms

In the following, we explain some legal and technical terms used in this privacy policy.

Processors: Processors are service providers who process your data according to our instructions and for a specific purpose.

Personal Data: Personal data is any information relating to an identified or identifiable natural person.

Processing: A processing of personal data is any operation related to personal data, such as collection via an online form, storage on our servers or use to contact us.

Cookie: Cookies are data that are stored on your computer. The content of these is transferred to the server that set the cookie each time you call up a website. Details of the cookies used on our website can be found in our cookie information.

IP address: The IP address is a number that your internet provider assigns to your terminal device, either temporarily or permanently. With a full IP address, it is possible to identify the holder of an internet connection, for example, using additional information from your internet access provider.

9.7 Standard data protection clauses:

Standard clauses of the EU Commission that we agree with data recipients in unsafe third countries in order to establish an adequate level of protection there within the meaning of the GDPR. The text of the standard data protection clauses is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc ; alternatively, you can obtain the text from us.

9.2 Legal basis

The GDPR allows processing of personal data only if a legal basis exists. We are required by law to inform you of the legal basis for the processing of your data.
In the following, we explain the terms used in this context.

Legal basisDesignationExplanation
Art. 6 para. 1 lit. a)
GDPR
ConsentThis legal basis allows processing if and to the extent that you have given us consent. You can withdraw your consent at any time with effect for the future.
Art. 6 para. 1 lit. b) GDPRContract performanceThis legal basis permits processing insofar as it is necessary for the performance of a contract with you, including pre-contractual measures (e.g. preparation of the conclusion of a contract).
Art. 6 para. 1 lit. f)
GDPR
legitimate interestsAccording to this legal basis, we are permitted to process personal data insofar as this is necessary to protect our legitimate interests (or those of third parties) and your conflicting interests do not override these. Unless otherwise stated, our interests are to pursue the specified processing purposes.

10. Your GDPR rights

By law, we are obliged to inform you of your rights under the GDPR. We explain these rights below. You are entitled to the rights under the conditions of the respective GDPR provisions. The following explanation does not grant you any further rights.

Access: You have the right to request confirmation from us as to whether we are processing personal data relating to you; if this is the case, you have a right of access to this personal data and to the information listed in detail in Article 15 of the GDPR.

Correction: You have the right to request that we immediately correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data, Art. 16 GDPR.

Deletion: You have the right to request that we delete personal data relating to you without delay, provided that one of the reasons listed in detail in Article 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued.

Restriction of processing: You have the right to request us to restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to the processing, for the duration of the review by us.

Data portability: You have the right, under certain conditions, to receive data concerning you that you have provided to us in a structured, common and machine-readable format, to transmit it and to have it transmitted to the extent technically feasible, Art. 20 GDPR.

Complaint: Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you by us infringes the GDPR, Article 77 GDPR. You may assert this right before a supervisory authority in the EU member state of your residence, workplace or the place of the alleged infringement. You can find the contact details of the supervisory authorities at https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html.

Withdrawal (of consent):If you have given us a data protection consent, you have the right to withdraw this at any time with effect for the future.

Right of objection: In addition, you have the right of objection:


Your right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, provided that we base the processing on Art. 6 (1) lit e. or f GDPR. We will then no longer process this data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).

If your personal data is used by us for direct marketing (e.g. by means of e-mail), you have the right to object to the use of your data for these purposes at any time. This also applies to profiling, insofar as this is connected with direct marketing. Profiling means the use of personal data to analyze or predict certain personal aspects (e.g. interests).

Status: 1.1.2022