// Privacy Policy

1. Controller
The controller within the meaning of the General Data Protection Regulation (hereinafter: “GDPR”) and other national data protection laws as well as other data protection regulations is:

Attorney-at-Law Michael Wübbeke, LL.M., Ohechaussee 169, 22848 Norderstedt
Phone: 040-226 890 500
Email: info@kanzlei-wuebbeke.de

2. General Information on Data Processing
Data protection is of particular importance to Attorney-at-Law Michael Wübbeke, LL.M. For this reason, he generally collects and uses personal data from users only to the extent necessary for the provision of a functional website and its content and services. Personal data refers to all information relating to an identified or identifiable natural person (hereinafter: “data subject”).

The collection and use of users’ personal data always takes place in accordance with the GDPR and the applicable country-specific data protection regulations. If the processing of personal data is necessary and such processing is not permitted by legal provisions, Attorney-at-Law Michael Wübbeke, LL.M. always obtains the data subject’s consent.

As a matter of principle, personal data is not transferred to third parties. A transfer only occurs if you have expressly consented (Art. 6 para. 1 sentence 1 lit. a GDPR); there is a legitimate interest in the transfer and no reason to assume that you have an overriding legitimate interest in your data not being transferred (Art. 6 para. 1 sentence 1 lit. f GDPR); there is a legal obligation for the transfer (Art. 6 para. 1 sentence 1 lit. c GDPR); or a transfer is permissible within the framework of fulfilling a contract with you (Art. 6 para. 1 sentence 1 lit. b GDPR).

3. Hosting
The content of the website is hosted by the following provider:

External Hosting
This website is externally hosted. The personal data collected on this website is stored on the servers of the host(s). This may primarily include IP addresses, contact inquiries, meta and communication data, contract data, contact data, names, website access data, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing clients and future clients and other interested users (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The host will only process your data to the extent necessary to fulfill its service obligations and will follow my instructions regarding this data.

The following host is used:
Goneo Internet GmbH
Dresdener Straße 18,
32423 Minden
Phone: 0571 783 44 44
Fax: 0571 / 783 44 99
Email: info@goneo.de
www.goneo.de

Processor Agreement:
Attorney-at-Law Michael Wübbeke, LL.M. has concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that the processor processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

4. Collection and Storage of Personal Data When Visiting the Website
Each time you access the website www.rechtsanwalt-wuebbeke.de, information is automatically transmitted to our website’s server by the browser you use. The following information is collected and stored until automatic deletion:

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• the referrer URL, i.e., the website from which access was made,
• Information about the browser type used,
• the operating system of your computer,
• the name of the Internet service provider.

This data is only temporarily stored in a so-called log file. This does not include the user’s IP addresses or other data that would allow the data to be attributed to a user. This data is not stored together with other personal data of the user. When using this data, we do not draw any conclusions about the data subject.

The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest lies in providing a functional website with correctly delivered content, in optimizing the systems, and in providing law enforcement authorities with the necessary information for prosecution in the event of a cyberattack. As soon as there is no longer a legitimate interest and no legal retention obligation, this data is routinely deleted.

Furthermore, cookies are used, and analysis and marketing services are employed. Further information on this can be found below in this privacy policy.

5. Cookies
Cookies are used on the website. Cookies are small text files that your browser automatically creates and that can be stored on your end device. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is revisited. This does not mean that your identity is immediately known.

The use of necessary cookies serves to ensure the website can be displayed technically correctly. The data processed by these cookies is necessary for the stated purposes of safeguarding legitimate interests as well as those of third parties according to Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest lies in providing a functional and user-friendly website.

Furthermore, cookies are used to optimize the user-friendliness of the service and for statistical collection.

So-called session cookies are used to recognize that you have already visited individual pages of the website. These cookies are automatically deleted after you leave our site. In addition, temporary cookies are used, which are stored on your end device for a specific, defined period. If you visit the site again, it is automatically recognized that you have already been on the site and what entries and settings you have made, so you do not have to enter them again. The data collected includes the frequency of page views, entered search terms, and the use of website functions.

The use of cookies for statistical collection and evaluation of the service is described in more detail in this privacy policy. These cookies make it possible to automatically recognize that you have already visited the site when you revisit it. These cookies are automatically deleted after a defined period.

The legal basis for data processing by cookies for statistical purposes and evaluation of the service is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. When visiting the website, you have the option to give your consent to data processing by cookies for evaluation and marketing purposes. This consent is voluntary and can be revoked by you at any time. If you do not give consent, no cookies will be set for marketing or analysis purposes.

You can also configure your browser so that no cookies are stored on your computer or that a warning always appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all functions of the website.

6. Use of Analytics Services

Google Analytics
For the purpose of demand-oriented design and continuous optimization of the pages, Google Analytics is used, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). The tracking measures are used to statistically record website usage and for the purpose of optimizing the service.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. When visiting the website, you have the option to give your consent to data processing by cookies for evaluation and marketing purposes. This consent is voluntary and can be revoked by you at any time. If you do not give consent, no cookies will be set for marketing or analysis purposes.

In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as

• Browser type/version,
• Operating system used,
• Referrer URL (the previously visited page),
• Hostname of the accessing computer (IP address),
• Time of server request,

are usually transferred to a Google server and stored there. Under certain circumstances, data may also be transferred to Google servers in the USA. Due to Google’s certification under the EU-US Data Privacy Framework (DPF), the European Commission has determined an adequate level of data protection for Google. The DPF is an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards.

The aforementioned information may also be transferred to third parties if legally required or insofar as third parties process this data on our behalf. In no case will the IP address transmitted by your browser be merged with other Google data. IP addresses are anonymized so that attribution is not possible (IP masking). Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.

On my behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide me with other services related to website and internet usage.

You can prevent the installation of cookies by adjusting your browser software settings accordingly; however, I would like to point out that in this case, not all functions of this website may be fully usable. Furthermore, you can prevent Google from collecting and processing the data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing a browser add-on to deactivate Google Analytics. Alternatively to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this LINK. An opt-out cookie will be set, which will prevent the future collection of your data when visiting this website. The opt-out cookie is stored on your device and applies only to this browser and only to our website. If you delete the cookies in this browser, you will have to set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help.

Google Tag Manager
The Google Tag Manager is used. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies into our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It merely serves to manage and deploy the tools integrated through it. However, the Google Tag Manager collects your IP address, which can also be transferred to Google’s parent company in the United States. Google is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards.

You can access Google’s privacy policy here: https://policies.google.com/privacy

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on their website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

7. Use of Marketing Services (Google Ads)
The Google Ads service is integrated into the website. Google Ads is an internet advertising service that allows ads to be placed both in Google search engine results and in the Google advertising network. The operating company of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. When visiting the website, you have the option to give your consent to data processing by cookies for evaluation and marketing purposes. This consent is voluntary and can be revoked by you at any time. If you do not give consent, no cookies will be set for marketing or analysis purposes.

The purpose of Google Ads is to promote the website by displaying advertisements on third-party websites and in Google search results, as well as displaying third-party advertisements on the website.

For statistical evaluation and improvement of the service, Google Ads advertisements are evaluated using Google Conversion Tracking. In this process, Google Ads places a cookie on your computer if you have accessed the website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Ads customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

Each Ads customer receives a different cookie. Cookies cannot therefore be tracked across Ads customers’ websites. The information obtained with the help of the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can personally identify users. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”.

Further information and Google’s privacy policy on conversion tracking can be found here: Google Ads Help Conversion Tracking and Google Privacy Policy & Terms of Service

Furthermore, the Google Tag Manager is used on the website. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains valid for all tracking tags implemented with Google Tag Manager.

8. Contact via the Website
Due to legal requirements, the website contains information that enables quick electronic contact with Attorney-at-Law Michael Wübbeke, LL.M. (especially email address and phone number). If you contact us by email, your voluntarily transmitted personal data will be automatically stored for the purpose of processing or contacting you. This data will not be transferred.

The data will be deleted if there is no longer a statutory retention period and if it is no longer required for the fulfillment or initiation of the contract. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Para. 1 S. 1 lit. f GDPR. The legitimate interest within the meaning of the GDPR is the processing and answering of your contact.

The data will be deleted as soon as it has been used to achieve the purpose. This is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. You have the option to object to the storage of your personal data at any time. To do so, please contact the controller named in section I (in writing, by e-mail or by telephone). The data from the previous communication will then be deleted and further conversation will no longer be possible.

9. Integration of social media components and plugins

On the basis of Art. 6 Para. 1 S. 1 lit. f GDPR, social media plugins from the social networks Xing, LinkedIn, YouTube and Instagram are used on the website to make the website better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The respective provider is responsible for ensuring that the operation complies with data protection regulations.

Xing
Components and plugins of the social network xing.com are used on the website. xing.com is operated by Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter: “Xing”). Xing is a social network, especially for business contacts.

You can recognize the plugins from Xing by the buttons with the Xing logo or the designation “XING”. This is an offer from Xing. By accessing pages of this website on which Xing plugins have been integrated, your browser establishes a direct connection to the Xing servers. The content of the plugin is transmitted directly from Xing to your browser and integrated into the website by the browser. By integrating the plugins, Xing receives the information that your browser has accessed the corresponding page of our website. If you are logged into Xing with your own profile, Xing can directly assign your visit to our website, the subpages visited and the duration of your stay to your Xing account. This takes place regardless of whether you use a Xing button. If you interact with the plugins, for example by pressing the “Share” button, the corresponding information is also transmitted directly to a Xing server and stored there. The information is also published on Xing and – depending on the setting on Xing – displayed to your Xing contacts.

If you do not want Xing to assign the data collected via our website to your Xing account, you must log out of Xing before visiting our website.

Information about the collection, processing and use of personal data by Xing can be found in Xing’s privacy policy.

LinkedIn
Components of the website linkedin.com are also integrated on the website. linkedin.com is operated by the operating company LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA, 94043, USA, the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: “LinkedIn”) is responsible for the operation of the website and data protection matters outside the USA. LinkedIn is a social network, especially for business contacts.

You can recognize the plugins from LinkedIn by the buttons with the LinkedIn logo or the designation “in”. This is an offer from LinkedIn.

By accessing pages of this website on which LinkedIn plugins have been integrated, your browser establishes a direct connection to the LinkedIn servers. The content of the plugin is transmitted directly from LinkedIn to your browser and integrated into the website by the browser. By integrating the plugins, LinkedIn receives the information that your browser has accessed the corresponding page of our website.

If you are logged into LinkedIn with your own profile, LinkedIn can directly assign your visit to our website, the subpages visited and the duration of your stay to your LinkedIn account. This takes place regardless of whether you use a LinkedIn button. If you interact with the plugins, for example by pressing the “share” button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. The information can also be published on linkedin.com and displayed to your contacts, depending on your settings.

If you do not want LinkedIn to assign the data collected via our website to your LinkedIn account, you must log out of LinkedIn before visiting our website. You can find the applicable data protection regulations of LinkedIn with the possibility to deactivate cookies from LinkedIn in the privacy policy of LinkedIn.

YouTube

Videos from YouTube are integrated on the website. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”).

When you visit a page on the website that includes a YouTube video, a connection to the YouTube servers is automatically established, in the course of which it is transmitted which of our pages you have visited. If you are logged in with a YouTube account, YouTube can assign the transmitted data to your profile. If you do not want this, you must log out of your YouTube account. YouTube is used on our website in the so-called extended data protection mode. According to the operator of YouTube, when playing videos in the extended data protection mode, no data is used to personalize surfing on YouTube and no cookies are set.

The legal basis for data processing is the legitimate interest in an informative and appealing design of our website within the meaning of Art. 6 Para. 1 S. 1 lit. f GDPR.

Due to Google’s certification under the EU-US Data Privacy Framework, the European Commission has determined an adequate level of data protection for Google and thus also for the YouTube service.

Further information on data protection at YouTube can be found at the following link: https://www.google.com/intl/de/policies/privacy/.

This website uses YouTube API services. The YouTube terms of use, which can be accessed here, apply to the use of YouTube videos on the website: https://www.youtube.com/t/terms. By using the YouTube videos, you agree to these terms of use.

Instagram
Attorney Michael Wübbeke, LL.M. has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Details on how they handle your personal data can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452

10. Rights of data subjects
As a data subject, you have the following rights vis-à-vis the controller. If you would like to exercise any of these rights, please contact the controller using the contact details provided in section I.

Right to information (Art. 15 GDPR)
You can request information from the controller as to whether personal data relating to you is being processed by him.

If processing is taking place, you can request information from the controller about this personal data and about the processing purposes; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; the planned duration for which the personal data concerning you will be stored or, if this is not possible, the criteria for determining the storage period; the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing; the existence of a right of appeal to a supervisory authority; if the personal data is not collected from you, all available information about the origin of the data; the existence of automated decision-making, including profiling, pursuant to Art. 22 Para. 1, 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject; the transfer of personal data to a third country or to an international organization and about the appropriate guarantees in this context pursuant to Art. 46 GDPR; request information.

Right to rectification (Art. 16 GDPR)
You have the right to immediate rectification and/or completion of your personal data vis-à-vis the controller if the personal data concerning you processed is incorrect or incomplete.

Right to erasure (Art. 17 GDPR)
You can request the erasure of your data stored by us if the data is no longer necessary for the purposes for which it was collected or processed; you withdraw your consent and there is no other legal basis for the processing; you object pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 Para. 2 GDPR; the personal data has been processed unlawfully; the erasure is necessary to fulfill a legal obligation; or the personal data was collected in relation to services offered by the information society pursuant to Art. 8 Para. 1 GDPR. This right to erasure does not apply to the extent that the processing is necessary for the exercise of the right to freedom of expression and information; to fulfill a legal obligation; for reasons of public interest; or to assert, exercise or defend legal claims.

Right to restriction of processing (Art. 18 GDPR)
You can request the restriction of the processing of personal data concerning you if the accuracy of the personal data is disputed by you for the duration of the verification of the accuracy by the controller; the processing is unlawful and you request the restriction of the processing instead of the erasure; the controller no longer needs the data, but you need it to assert, exercise or defend legal claims; or you have objected to the processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.

Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller.

Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data, provided that there are reasons for this arising from your particular situation. If the objection is directed against direct advertising, you have a general right to object, which will be implemented by us without specifying a particular situation.

Right to withdraw consent (Art. 7 Para. 3 GDPR)
You have the right to withdraw your consent once given to us at any time with the consequence that we may no longer continue the data processing based on this consent for the future.

Right to complain (Art. 77 GDPR)
You have the right to complain to a supervisory authority. You can contact the supervisory authority of your place of residence or workplace or the supervisory authority responsible for us.

11. Data security

In order to protect your data in the best possible way, we use the SSL (Secure Socket Layer) or TLS (Transport Layer Security) method on the website in conjunction with the highest encryption level supported by your browser. You can recognize whether an individual page of the website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser. We also use suitable technical and organizational security measures to protect your data against manipulation, loss, destruction or against unauthorized access by third parties.

12. Validity and amendment of this data protection declaration

This data protection declaration is currently valid as of October 2025. Due to the further development of the website and offers or due to changed legal requirements, a change to this declaration may become necessary.

Norderstedt, 2025-10-01