Name and address of the respon­sible person

The respon­sible person within the meaning of the General Data Pro­tection Regu­lation and other national data pro­tection laws of the member states as well as other data pro­tection regu­la­tions is:

Mat­thias Hirzel
HLP Hirzel & Partner
Gries­heimer Ufer 31
D‑65933 Frankfurt am Main, Germany
Mobile: +49 (0)172 6 71 14 90




Name and address of the data pro­tection officer

Mat­thias Hirzel
HLP Hirzel & Partner
Gries­heimer Ufer 31
D‑65933 Frankfurt am Main / Germany
Mobil: +49 (0) 172 6 71 14 90




Mat­thias Hirzel, HLP Hirzel & Partner, as ope­rator of the website works according to the regu­la­tions of the Federal Data Pro­tection Act (BDSG) and the General Data Pro­tection Regu­lation (GSGVO).

General privacy policy

Per­sonal data is only collected in the context of ordering and pro­cessing ser­vices (e.g. mem­bership in the network or par­ti­ci­pation in events), for regi­stering to use our news­letter, for pro­cessing inquiries or when com­menting on articles on our website.

We store per­sonal data for as long as a business rela­ti­onship exists or legal retention obli­ga­tions exist. Per­sonal data will not be made available to third parties in any form without your consent. Your user data for the news­letter will be deleted after you unsubscribe.

You have the right to obtain infor­mation about all data relating to your person that is stored by us and to correct it if, in your opinion, it is out of date or incorrect. Likewise, you can revoke your consent to the use of your per­sonal data at any time. To do so, send us an email request to the contact address listed in the imprint.

We use tech­nical and orga­niz­a­tional security mea­sures to protect the data of our customers, business partners or inte­rested parties from acci­dental or inten­tional mani­pu­lation, loss, dest­ruction or access by unaut­ho­rized persons. These mea­sures are con­ti­nuously revised in line with tech­no­lo­gical developments.

Links to other websites

This website con­tains links to other web­sites. This privacy statement applies only to this our website. If you visit other web­sites from our site, please read the privacy policy on the linked site. There you will get infor­mation about what happens with your data / information.

Extended data pro­tection decla­ration for the online offer
In principle, all state­ments of the general data pro­tection decla­ration also apply to the online offer. Addi­tional explana­tions for the online offer are given in the fol­lowing text.

By using our website, you agree to the collection, pro­cessing and use of data as described below. Our website can gene­rally be visited without regi­stration. In the process, data such as pages called up or names of the file called up, date and time are stored on the server exclu­sively in anonymous form for sta­tis­tical pur­poses, without this data being directly related to your person.

The data is stored in our company or with the pro­vider we use (see the description of the pro­viders). Per­sonal data will not be made available to third parties in any form without your consent. Insofar as data is passed on to external service pro­viders, we have taken tech­nical and orga­niz­a­tional mea­sures to ensure that data pro­tection regu­la­tions are observed.



Further infor­mation in the privacy policy at:

What log files are there and what data is collected?

Access log files and error log files are stored on the server. These log files contain the IP address of the visitor, and thus per­sonal data. The fol­lowing data is recorded there:

Visited website
Time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Ope­rating system used
IP address used

You can view the log files yourself. They are located in the /log folder on your web space. The current data is stored in the files access_log and error_log. The IP address is anony­mized after 24 hours; for this purpose the last octet is zeroed. The deletion then takes place after 7 days at the latest.

The log files are collected and stored to maintain server ope­ration and for sta­tis­tical analysis.

What data is stored and pro­cessed on the server?

Apart from the log files, no further storage of data takes place from our side. However, keep in mind that your scripts also contain, collect or/and process per­sonal data and also store them in data­bases. This con­cerns, for example, data sent via a contact form or data that is stored in the database when orders are placed from your online store. Here, in accordance with Art. 32 DSGVO, it must be noted that the trans­mission of per­sonal data must always be encrypted, which in practice means that the con­nection must always be made via HTTPS. The use of an SSL cer­ti­ficate is the­refore necessary.

This data is then tech­ni­cally pro­cessed on our systems by us as your service pro­vider. For this reason, an order pro­cessor con­tract is necessary, in which the rights and obli­ga­tions of you as the client and us as the con­tractor are regu­lated and we undertake to protect the data from third-party access to the appro­priate extent.


The proxy server func­tions more or less as a proxy that requests the pages and for­wards them to the user. Con­se­quently, the log file con­tains the IP address of the proxy and not the address of the work­station that ori­gi­nally requested the page.

Some proxies send a header field called X‑For­warded-For, in which the ori­ginal IP is entered, so that it is pos­sible to trace where a request ori­gi­nally came from when it is accessed via proxies. This X‑For­warded-For header is appended to the end of each entry in the log file at 1&1 WebHosting.

When using the 1&1 SSL proxy, as well as proxy calls that transmit the cor­re­sponding infor­mation, the IP address of the actual reque­sting com­puter is in the last column of each log line. This improves the pos­si­bility of creating mea­ningful visitor statistics.

Please note:

Due to data pro­tection gui­de­lines on per­sonal data, the IP addresses of the callers in the log files are anony­mized with an ‘x’ after 7 days. For more info, see 1und1’s data pro­tection agreement at 


Our website uses cookies, in par­ti­cular to determine the fre­quency of use and number of users of the pages, to analyze behavior pat­terns of page use, but also to make our offer more customer-friendly. Cookies are small text files that make it pos­sible to store spe­cific infor­mation related to the user on the user’s ter­minal device.

Cookies remain stored beyond the end of a browser session and can be accessed again when you visit the site again. If you do not wish this, you should set your Internet browser to refuse the accep­tance of cookies.


The website is set to store the approved cookies for 7 days.


Our website uses Google Ana­lytics, a web ana­lytics service pro­vided by Google Inc, 1600 Amphi­theatre Parkway, Mountain View, CA 94043, USA. To disable Google Ana­lytics, Google pro­vides a browser plug-in at

Google Ana­lytics uses cookies. These enable an ana­lysis of the use of our website offer by Google. The infor­mation collected by the cookie about the use of our website (including your IP address) is usually trans­ferred to a Google server in the USA and stored there.

We point out that on this website Google Ana­lytics has been extended by the code “gat._anonymizeIp();” to ensure anony­mized collection of IP addresses (so-called IP masking). If anony­miz­ation is active, Google trun­cates IP addresses within member states of the European Union or in other con­tracting states to the Agreement on the European Eco­nomic Area, which is why no con­clu­sions can be drawn about your identity. Only in excep­tional cases will the full IP address be trans­ferred to a Google server in the USA and shor­tened there.

Google Ana­lytics usage according to DSGVO requirements

In order to use Google Ana­lytics in a legally com­pliant manner, we fulfill the necessary requirements:

  1. Con­tract for order data pro­cessing concluded
  2. IP anony­miz­ation activated
  3. Privacy policy updated
  4. Opt Out Cookies + Link to Browser PlugIn set

This website uses the plugin “Google Ana­lytics Ger­ma­nized”by Bajorat Media – Wor­d­Press Agency.

With this plugin, website ope­rators can inte­grate Google Ana­lytics in com­pliance with EU data pro­tection law (DSGVO / GDPR).

1. AV contract

HLP COMPETE of has con­cluded a so-called AV con­tract (order pro­cessing con­tract) with Google for the account of HLP Hirzel & Partner. This is now pos­sible with the validity of the DSGVO elec­tro­ni­cally in our Google Ana­lytics account, directly in yours. The old pro­cedure of printing it out and sending it to Google by mail is now obsolete.

2. IP Anony­miz­ation

The fol­lowing set­tings have been made on this page:

- Enable Anonymize IP: This para­meter is required by European Union laws. We have left this enabled.

3. Privacy policy updated

This privacy policy has been updated.

The data pro­cessing addendum has been accepted and released for this con­tract our account.

In addition, other ser­vices have been enabled.

Enable demo­gra­phics and interest reports: this setting will add the demo­gra­phics and remar­keting fea­tures in the Google Ana­lytics tracking code. Please make sure that Demo­gra­phics and Remar­keting are also active in your Google Ana­lytics account. For more infor­mation on remar­keting, please refer to the Google Ana­lytics docu­men­tation.
Enable advanced link attri­bution: Advanced link attri­bution improves the accuracy of in-page ana­lytics reports. Links to the same URL are auto­ma­ti­cally distin­guished based on link element IDs.

4. Opt-out link / disable tracking / manage yourself


For the body text on our site, we use the “Web Safe Font” Verdana. All Google fonts used are cached via the “WP EU DGSVO HELPER” plugin so that the Google Fonts are not uploaded directly from the Google server when the page is accessed. We use version | By Eric Marten | View details.


We have set the site so that it does not use or display avatars.

Fur­thermore, this site uses the fol­lowing plugins, among others:

WP Cerber Security & Antispam

We use the “Cerber Security & Antispam” service pro­vided by Cerber Tech Inc. New York, NY, 1732 1st Ave, 10128, USA. The hacker pro­tection plugin blocks intruders via IP or subnet and pro­tects against further attempts when a set limit of retries is reached. This makes brute force attacks or dis­tri­buted brute force attacks from botnets impos­sible. In addition, by creating an IP blacklist or whitelist, blocking or allowing logins from spe­cific IP addresses is pos­sible. (More infor­mation about the func­tions at: According to the pro­vider, no data is collected or pro­cessed in this context – neither by the ser­vices nor by the software offered.

More infor­mation about the collection and use of data by WP Cerber Security & Antispam can be found in the privacy policy of Cerber:


To support search engine opti­miz­ation of the site, we use the plugin “YOAST SEO”. According to WP Support (, the tool does not store any per­sonal data and is the­refore DSGVO compliant.

Broken Link Checker

Does not process any per­sonal data.

Web­craftic Clearfy

Increases per­for­mance and helps to make the site DSGVO compliant.

Google Ana­lytics Germanized

Helps to inte­grate Google Ana­lytics in a privacy-com­pliant way, e.g. by IP ano­myiz­ation and opt-in and opt-out function.

WP Super Cache

Does not process any per­sonal data.


Our website uses a contact form through which users can contact us elec­tro­ni­cally. When using this service, the data entered in the input form is trans­mitted to us and stored. These data are:
– Name
– e‑mail address
– Tele­phone number (not obli­gatory)
– Subject
– Message
– Captcha (Com­pletely Auto­mated Public Turing test to tell Com­puters and Humans Apart)
The fol­lowing data is also stored at the time the contact form is sent:
– The IP address of the user
– Date and time of registration

In addition, the user has the alter­native of con­ta­cting us elec­tro­ni­cally via the e‑mail address pro­vided. If he chooses this way, the per­sonal data of the user sent via e‑mail will be stored.
We would like to point out that we will not pass on any data to third parties in con­nection with the contact and the process. They are used exclu­sively for mutual contact and dialogue.


Deleting the exi­sting IP addresses

The website is set up in such a way that IP addresses of com­ments are anony­mized directly when they are posted before they are saved. Upon request, the exi­sting IP addresses of already posted com­ments will be deleted.


  • Our website uses plugins from facebook, Lin­kedIn, XING, Youtube and Vimeo:
  • Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
  • Lin­kedIn Ireland Unli­mited Company, Wilton Place, Dublin 2, Ireland (“Lin­kedIn”).
  • XING SE, Damm­tor­straße 30, 20354 Hamburg, Germany.
  • Youtube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, tele­phone: +353 1 543 1000, fax: +353 1 686 5660
    Vimeo, Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA, Email:, Phone: 1−212−314−7457, Aut­ho­rized Repre­sen­tative: Michael A. Cheah (General Counsel)
    The plugins are marked with an icon of the respective network and are reco­gnizable. When using these plugins, a con­nection is estab­lished with the server of the respective social network and your data is passed on. Only when you press an icon inde­pendently, infor­mation is passed on to a network. The pro­viders of the social media can thereby create usage pro­files of the users. We have no influence on the infor­mation storage and data transfer of the external sites, nor on the extent and nature of the handling of this data by them.The purpose and scope of the data collection and the further pro­cessing and use of the data by the pro­viders of the social media, as well as the related rights and set­tings options for pro­tecting the privacy of users, can be found in the fol­lowing privacy notices:

In order to protect the data of the users of our online offer as best as pos­sible, we use the service and the share buttons of “Shariff” for sharing content in social media, which is pro­vided by Heise Medien GmbH & Co. KG, Karl-Wie­chert-Allee 10, 30625 Han­nover, P.O. Box 61 04 07, 30604 Han­nover / Yannik Ehlert. Shariff for Wor­d­Press enables website users to share favorite content without putting their privacy at risk. The Shariff wrapper pro­vides sharing buttons that protect visitors’ privacy and are in com­pliance with the General Data Pro­tection Regu­lation (GDPR). The infor­mation about Shariff and Privacy:


In accordance with the requi­re­ments of the Basic Data Pro­tection Regu­lation (DSGVO) app­li­cable as of May 25, 2018, we inform you that the consents to the sending of email addresses are based on Art. 6 para. 1 lit. a, 7 DSGVO as well as § 7 para. 2 No. 3, or para. 3 UWG.
The use of the dis­patch service pro­vider Mail­Chimp, imple­men­tation of sta­tis­tical surveys and ana­lyses as well as logging of the regi­stration process, are based on our legi­timate inte­rests pur­suant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure news­letter system that serves our business inte­rests as well as meets the expec­ta­tions of the users.

We would also like to point out that you can object to the future pro­cessing of your per­sonal data in accordance with the legal requi­re­ments pur­suant to Art. 21 DSGVO at any time. The objection can be made in par­ti­cular against the pro­cessing for pur­poses of direct advertising.


Signi­ficant parts of the privacy policy use the
- the sample data pro­tection decla­ration from
” Note on the news­letter according to the sample of lawyer Dr. Thomas Schwenke