top of page



The protection of your personal data is important to us. With the following data privacy notice, we would like to inform you about how we process your personal data when you visit our website and how we use personal data when advising our clients. Should you have any further questions, please feel free to contact us at any time at

1. Data controller

Evolution Rechtsanwälte PartG mbB Jansen Kreis, Kaistraße 8, 40221 Düsseldorf, Germany, ("we", "us") is the data controller responsible for the processing of your personal data in connection with your visit to our website, the use of our contact details, and our handling of mandates.

2. Visit of our website

When you visit our website, we use cookies to ensure that the website works technically flawless and to offer you the best possible user experience. Furthermore, we use cookies to protect the technical integrity of our website and to defend against attempts of misuse.

In principle, cookies can be distinguished based on their purpose:

Necessary cookies:


Cookies that are technically necessary to display the website (e.g. for maintaining the language setting you have chosen while visiting a website);

Functional cookies:


Cookies that are necessary for the provision of certain (comfort) functions (e.g. remembering a website visitor so that he/she does not have to re-enter settings when visiting a website the next time);

Marketing and analytical cookies:


Cookies that are used to analyse the areas of interest and surfing behaviour of website visitors (e.g. in order to use them as a basis for advertising of products and services in line with their interests).

The cookies used on our website can be seen in the table below.







The indication "session" means that this cookie is only used during your visit to the website and is deleted when you close your browser. No more data will be collected or stored afterwards. The indication "persistent" means that this cookie is stored on the hard disk or in the memory of the device used by you until its validity expires or is deleted by you (for information on how to delete cookies at any time, please click here: Internet ExplorerFirefoxChrome). If the cookies are deleted, it is no longer possible for us to trace that you have already visited our website.

The use of necessary cookies as described above is based on our legitimate interest in making our website available to you, to enable a comfortable surfing experience and to guarantee the technical integrity of our website (the legal basis for processing is Art. 6 para. 1 lit. f) of Regulation (EU) 2016/679 EU - "GDPR").

The use of functional cookies as described above will only take place if you have given us your consent (the legal basis for the processing in this respect is Art. 6 para. 1 lit. a) GDPR).

We do not use any marketing or analytical cookies on our website.

3. Advising our clients

a. Processing purposes

When advising our clients, we process personal data related to mandates ("Mandate Data") for various purposes, for example to be able to advise our clients or for operational reasons. These include:

  • advising our clients and handling the respective mandate;

  • ensuring compliance with our obligations under applicable laws and regulatory requirements (e.g., conflict and "know-your-customer" reviews);

  • operational purposes (e.g. minutes, bookkeeping, accounting and tax compliance);

  • and/or compliance with certain legal obligations (e.g., disclosure requirements and compliance with court orders).

b. Affected data subjects

Depending on the individual case, we process Mandate Data of various data subjects, including

  • clients and their respective mandataries, representatives and employees;

  • counterparties or contractual partners of our clients and their respective mandate holders, representatives and employees;

  • other consultants, advisors and freelancers dealing with the mandate and their respective mandate holders, representatives and employees;

  • our partners and employees; 

  • and/or third parties, such as court personnel, witnesses and other natural persons dealing with the mandate.

c. Categories of personal data

The types of personal data we process in the course of a mandate depend on the mandate and the possible course of negotiations or litigation. Typically, the Mandate Data relates to contact information of the relevant contact persons or information on the position or conduct of persons relevant to the mandate. 

d. Origin of the data

Mandate Data is mainly provided to us by our clients and contains the information we need to act for our clients in our capacity as legal advisors. In certain cases, however, we also obtain Mandate Data from other sources (for example, for "know-your-customer" reviews), such as public directories and databases, court and public records. In some cases, we also receive personal data from third parties familiar with the matter in question.

e. Storage period

We only retain Mandate Data as long as there is a legal basis for this. We regularly check whether the legal requirements for further storage still apply. If the check shows that there is no legal reason for the further storage of Mandate Data, we will securely delete or anonymise such data. Should you require further information on the storage period of certain data, please do not hesitate to contact us.

f. Legal basis

Our processing of Mandate Data is generally based on our legitimate interest in providing our (legal) services to our clients and the legitimate interest of our clients to be legally advised and represented by us. Furthermore, we have a legitimate interest in processing Mandate Data in order to perform certain tasks in connection with the operation of our firm, such as the maintenance of our client relations, accounting and for tax purposes (the legal basis for this processing is Art. 6 para. 1 lit. f) GDPR).

If the client relationship is directly with the relevant data subject, we also process the Mandate Data relating to this person for the purpose of fulfilling the contract (the legal basis for processing in such cases is Art. 6 para. 1 lit. b) GDPR).

In addition, we process Mandate Data in order to fulfil our legal obligations in accordance with the applicable laws (the legal basis for processing in such cases is Art. 6 para. 1 lit. c) GDPR).

g. Special categories of personal data

In individual cases and depending on the mandate, we may also process "special categories of personal data" within the meaning of Art. 9 para. 1 GDPR (e.g. health data) and personal data relating to criminal convictions and offences or related security measures within the meaning of Art. 10 GDPR.

We process such data only if absolutely necessary and on the following bases:

  • your consent (Art. 9 para. 2 lit. a) GDPR);

  • within the scope of labour and social security law (Art. 9 para. 2 lit. b) GDPR);

  • in connection with personal data published by the data subject (Art. 9 para. 2 lit. e) GDPR);

  • for the establishment, exercise or defence of legal claims (Art. 9 para. 2 lit. f) GDPR); 

  • for reasons of public interest in connection with a statutory provision (Art. 9 para. 2 lit. g-j) GDPR, Art. 10 GDPR).

4. Use of the conference tool "Zoom"

a. Processing purposes

We use the tool "Zoom" for online meetings and webinars (hereinafter: "Online-Meetings"). "Zoom" is a service probided by Zoom Video Communications, Inc., which is based in the USA.

b. Types of personal data

Depending on the information you provide when registering for an Online-Meeting, the following data may be subject to the processing:

  • User details: first name, last name, phone (optional), email address, profile picture (optional), department (optional)

  • Meeting metadata: topic, description (optional), participant IP adresses, device / hardware information

  • For dial-in with the phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further conncection data such as the IP address of the device may be processed

  • Text, audio and video data: You may have the opportunity to use the chat function in an Online-Meeting. In this respect, the text entries you make are processed. In order to enable the display of video and the playback of audio, the data from the video camera as well as the microphone of your device will be processed accordingly for the duration of the Online-Meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" application.

c. Legal basis

Your data is processed to enable you to participate in the Online-Meeting. The legal basis for the data processing in the context of Online-Meetings is regularly Art. 6 para. 1 lit. b) GDPR (performance of a contract). If you do not participate in the Online-Meeting for yourself but for a company (e.g. your employer), the data processing is carried out in our legitimate interest (Art. 6 para. 1 lif f) GDPR) to provide information to our clients and third parties in the context of Online-Meetings.

d. Recipients of personal data

We generally do not disclose personal data in connection with Online-Meetings with third parties unless the data are specifically intended to be disclosed. Of course, all participants in an Online-Meeting will receive your contributions, including, as the case may be, video and audio data. 

A further recipient of our data is the provider of "Zoom", to the extent provided our data processing agreement with "Zoom".

e. Data processing outside the European Union / European Economic Area

"Zoom" is a service probided by a provider from the USA. Personal data is therefore also processed in a third ocuntry. We have concluded so-called EU standard contractual clauses with the provider of "Zoom". These standard contractual clauses are contractual rules provided by the European Commission to ensure a high level of data protection. As a supplementary protective measure, we also have configured our "Zoom" account in such a way that only data centres in the European Union are used to conduct Online-Meetings. 

See also section 7 on the transfer of data to third countries.


5. Limitation of data processing

In all cases in which we process personal data, we limit this processing to the minimum necessary to achieve the respective processing purpose. This also means that we delete or make anonymous data as soon as it is no longer necessary for the respective processing purpose unless there is a legal reason for further storage, e.g. statutory (like tax) retention obligations.

6. With whom we share your data

In providing our website and in the administration of our mandate activities (e.g. accounting, use of cloud solutions), we sometimes work together with service providers (e.g. web hosts, analysis services, providers of cloud solutions) who process your data on our behalf and exclusively according to our instructions. We only work with trustworthy service providers on the basis of data processing agreements (Art. 28 GDPR) in order to guarantee the best possible protection of your data.

With regard to our website, these include in particular the companies Strato AG with headquarters in Germany and Ltd. with headquarters in Israel, with regard to cloud solutions this is Microsoft Corporation (we rely on a cloud solution with German data centers, for more information click here).

See also section 4 for the provision of Online-Meetings with "Zoom".

In addition, we share Mandate Data, where necessary, with service providers who are subject to their own professional secrecy obligations, such as tax consultants. We have pointed out to such service providers that the protection of Mandate Data is subject to criminal liability due to client confidentiality.

7. Data processing in countries outside the European Union / European Economic Area 

Please note that not all third countries (i.e. countries outside the European Union / European Economic Area) have a level of data protection comparable to the EU / EEA.

If, in individual cases, we process personal data by a service provider located outside the scope of the GDPR, we have provided suitable guarantees to ensure that a high level of protection of your personal data is guaranteed at all times (for example, we have concluded so-called EU Standard Contractual Clauses with the relevant service providers.


These Standard Contractual Clauses are contractual rules provided by the European Commission, the use of which ensures a high level of data protection. The model Standard Contractual Clauses and further information on their use can be found on the European Commission's website).

Currently, we only process personal data that is collected during your visit to our website and during Online-Meetings via "Zoom" on servers in the U.S. through our service provider Ltd (for the operation of our website) and Zoom Video Communications, Inc. (for Online-Meetings). We have concluded EU standard contractual clauses ("Controller to Processor") with both, Ltd. and Zoom Video Communications, Inc.

See also section 4 for the provision of Online-Meetings with "Zoom".

Please note: We process Mandate Data exclusively within the European Union. If you would like more detailed information about the guarantees we use or the countries in which we process personal data, please feel free to contact us at any time.

8. Your rights and contact details

With regard to the processing of your personal data, you are entitled to the following rights:

  • Right to information (Art. 15 GDPR);

  • Right of rectification (Art. 16 GDPR), deletion (Art. 17 GDPR) and limitation of processing (Art. 18 GDPR);


  • and the right to transfer data (Art. 20 GDPR).

If processing is based on your consent, you may revoke this consent at any time. In this case we will only process your data if there is another legal basis for this. Revocation of consent does not affect the lawfulness of the processing based on your consent before its revocation.

Furthermore, you have a right of appeal to a competent supervisory authority with regard to the processing of your data.

You can contact for example for such a complaint

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia:

PO Box 20 04 44

40102 Düsseldorf

Phone: 0211/38424-0

fax: 0211/38424-10


We wish you an informative visit to our website and look forward to meeting you personally.


If you have any questions, feedback or other suggestions, please feel free to contact us at any time or send us an e-mail to

Last updated: 01.03.2023

Cookie Provider
svSession Ltd.
Authentication of users after login
2 years
SSR-caching Ltd.
Shows which website was rendered
1 minute
hs Ltd.
bottom of page