Individual responsible for the content of this website

Rechtsanwalt (German attorney) Dr. Oliver Scherenberg
Luruper Chaussee 125 (Haus 6 rechts)
D-22761 Hamburg
Tel. +49 40 40 113 193 0
Fax +49 40 40 113 193 1
E-mail: office[@]


Scope of application

With the following data protection information, we would like to inform you about the type, scope and purpose of the collection and use of personal data on our website and sub-pages.

Responsible for data processing:

Rechtsanwalt (German attorney) Dr. Oliver Scherenberg
Luruper Chaussee 125 (Haus 6 rechts)
D-22761 Hamburg
Tel. +49 40 40 113 193 0
Fax +49 40 40 113 193 1
E-mail: office[@]

Legal basis for data processing

In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. If the legal basis is not mentioned in this privacy notice, the following applies: The legal basis for data processing based on consent is Art. 6(1)(a) and Art. 7 GDPR. The legal basis for processing for the fulfillment of our services and implementation of contractual measures as well as answering inquiries is Art. 6 (1) lit. b GDPR. Legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c GDPR. The legal basis for processing based on our legitimate interests is Art. 6 (1) lit. f GDPR. If vital interests of a data subject or another natural person make data processing of personal data necessary, we base it on Art. 6 (1) lit. d GDPR.

Disclosure of data to third parties and third-party providers

We only disclose your data to third parties (other persons or companies) if you consent to this or if this is otherwise permitted by law. This may be the case, for example, if this is necessary in the context of contract initiation or for the performance of a contractual obligation, Art. 6 para. 1 lit. b GDPR, we comply with a legal obligation under Art. 6 para. 1 lit. c GDPR or if the transfer serves our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in an economic and effective business operation. If we involve subcontractors in the processing of your data, we ensure through legal precautions and appropriate technical and organizational measures that your data is protected and the relevant legal requirements are met. If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 GDPR.

Should a subcontractor carry out the data processing outside the European Union or the European Economic Area, the data will only be transferred there if an appropriate level of data protection is ensured at the location of the data processing, you have expressly consented or other legal permission exists.

Data transfer to third countries

In some cases, data is also processed by our service providers in so-called third countries. These are countries outside the European Union (EU) or the European Economic Area (EEA). This occurs either to fulfill our (pre)contractual obligations on the basis of your consent due to a legal obligation or on the basis of our legitimate interests. However, such processing only takes place if the specific requirements of Art. 44 GDPR are met. In these cases, too, an adequate level of data protection is ensured. This is because in these third countries there are either appropriate guarantees that a level of data protection comparable to the EU exists (e.g. for the USA through the “EU-US Privacy Shield”) or we involve our service providers via special contractual obligations that ensure this level of data protection (so-called “EU standard contractual clauses”).

Deletion of data

We delete or restrict the processing of personal data in accordance with Articles 17 and 18 of the GDPR. Stored data is generally deleted when it is no longer needed for its intended purpose, unless the deletion conflicts with legal retention obligations. We restrict data processing if the data cannot be deleted because, for example, it is to be used for other and legally permissible purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law. In Germany, data is retained in particular for 6 years in accordance with Section 257 (1) HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.). Insofar as you are expressly informed in our data protection notices when data will be deleted, this specific statement applies to the time of deletion.

SSL encryption

On our websites, we use SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Automatically collected data

Personal data is all data that can be assigned to an identified or identifiable person. In principle, you can visit our websites without telling us who you are. For technical reasons, however, your IP address is always processed when you visit a website. This is the only way that the respective web page can be delivered to your browser.

Access data/server log files

We – or our hosting service provider on our behalf – automatically collect and store information in so-called server log files, which your browser automatically transmits to us when you access our websites. These are: The name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. We carry out this data processing on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). The collection of this data serves IT security and protection against unauthorized use. In this respect, we reserve the right to check this data subsequently if we become aware of concrete indications of unlawful use. This data will not be merged with other data sources. This data is deleted within a maximum of 14 days after data collection, unless its continued storage is necessary until a specific incident has been clarified.

Data collection in cookies

We use so-called cookies on our websites. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. We use so-called session cookies. The use of these cookies is technically necessary to enable you, for example, to set your language. However, no further data collection takes place as a result. The cookies are usually deleted as soon as you close your browser. We also use “persistent” or “permanent” cookies on our websites. These cookies remain stored until their expiration date passes or you delete them prematurely. These cookies allow us to recognize your browser when you visit our website again. We use these types of cookies, for example, for reach analysis. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of the websites may be limited.

Data that you consciously transmit to us – contacting us

If you contact us (by e-mail or telephone), your information will be processed to handle the contact request and its processing, Art. 6 para. 1 lit. b. GDPR. This means that if personal data (such as your name, address or e-mail address) is collected when you contact us, this is because you are interested in our services or have another request, for example, or you provide us with this data of your own accord, for example, for the purpose of establishing, defining the content of or amending a client/contractual relationship concluded between you and us. The personal data transmitted when contacting us will be stored and processed.


The hosting services used by us serve to provide the following services: Website operation, computing capacity, storage space and database services, security services and technical maintenance services. Our hosting provider processes contact data, content data, usage data, meta data and communication data of customers, interested parties and visitors to our website on our behalf. This is done on the basis of our legitimate interests in an efficient and secure provision of our websites pursuant to Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (order processing agreement). Art. 28 GDPR (order processing agreement).


On our websites, we integrate map material from Google Maps of Google Inc. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. We use Google Maps based on our legitimate interests according to Art. 6 (1) lit. f GDPR in an efficient and user-friendly operation of our websites. This requires Google to process the IP address of the users, since without the IP address the Google Maps content cannot be sent to the browser of the respective user. The IP address is therefore necessary for the delivery or display of this content. By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the following data is automatically collected:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Web page from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

This is done regardless of whether you have a user account with Google or are logged in there. However, if you are logged in to Google, your data will be directly assigned to your account. Please log out if you do not want this association with your Google profile. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of the Google website. Further information on the purpose and scope of the data collection and its processing by Google, as well as further information on your rights in this regard and setting options for protecting your privacy, can be found here:

Google also processes your personal data in the USA, but is certified under the EU-US Privacy Shield,

LinkedIn Insights

We have integrated components of the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and make new business contacts. Over 400 million registered individuals use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection issues outside the USA: LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn Insights), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. Further information on LinkedIn plug-ins can be found at . As part of this technical procedure, LinkedIn receives knowledge of which specific sub-page of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn insights component that the data subject has visited our website if the data subject is simultaneously logged into LinkedIn at the time of calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

LinkedIn offers the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads as well as to manage ad settings at . LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at . LinkedIn’s applicable privacy policy is available at . LinkedIn’s cookie policy is available

Rights to information, blocking and deletion

You have the right to request information as to whether and how data concerning you is processed for further information and copy of the data in accordance with Art. 15 GDPR.

You have the right, in accordance with Art. 16 GDPR, to request the completion of the data concerning you or the correction of incorrect data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 GDPR, to demand restriction of the processing of the data.

Right to data portability

According to Art. 20 GDPR, you have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right of complaint to the competent supervisory authority

If you assume unlawful data processing, you are free to file a complaint with the competent supervisory authority. The competent supervisory authority in matters of data protection law is the state data protection commissioner of the federal state in which our office is located. A list of data protection officers and their contact details can be found at the following link:

Right to revoke your consent to data processing

You can revoke your consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of objection

You can also object to the processing of your personal data at any time in accordance with the legal requirements. The objection can be made in particular against the processing for purposes of direct advertising. Insofar as we provide you with an opt-out option in this data protection notice, you can simply exercise your right of objection in this way.

Changes to the data protection information

The data protection information informs you in each case about the current data processing on our websites. If there are changes to our services or this data processing, or if the legal situation changes, we must adapt this data protection information accordingly. However, this only applies with regard to this information on data processing. Insofar as your consent was required or components of the data protection information concern our contractual relationship with you, we will of course not make any changes to this without your consent. Please inform yourself regularly about the content of this data protection information.

Data transmission on the Internet in general

Lastly, we would like to point out that data transmission on the Internet (e.g. communication by e-mail) can generally have security gaps; complete protection of data against access by third parties is not possible. If you have any questions or comments, please feel free to contact us at any time at office[@]

We are a virtual law firm for web3 matters.


Meet the team behind WEB3LEX.