Privacy Policy

Privacy Policy of JP Eickhoff & Stoppel Rechtsanwälte – Partnerschaftsgesellschaft mbB

The following information provides an overview of what happens to your personal data when you (hereinafter also referred to as “user” or “data subject”) visit our website and/or contact us by email, telephone, letter or fax. We also inform you about your rights with regard to the processing of your data. For the purposes of this Privacy Policy, “data processing” means the processing of personal data.

A. Personal Data

Personal data is data by means of which you can be personally identified. Art. 4 No. 1 GDPR [Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)] contains a more comprehensive definition.

B. Name and Address of the Controller

The controller (hereinafter also referred to as “JP”, “we”, “us”) responsible for data processing on this website is:

JP Rechtsanwälte
JP Eickhoff & Stoppel Rechtsanwälte – Partnerschaftsgesellschaft mbB
Friesenstraße 5 – 15
50670 Cologne, Germany

The partnership is represented by the partners Dr. Jens-Peter Eickhoff and Dr. Jan Stoppel. In professional matters within the meaning of the German Federal Lawyers’ Act, each partner is individually authorized to represent the partnership. In all other cases, the partnership is represented jointly by two partners.

C. Activities of the Controller

JP is a German law firm and provides legal services both in the form of out-of-court and non-official advice as well as representation before courts and public authorities.

D. General Information

This Privacy Policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

I. When is data collected?

Your data is collected automatically when you visit our website (see Section E.I. below). This primarily includes technical data (e.g. internet browser, operating system or time of page access).

Your data is also collected when you provide it to us (see Section E.II. below). This may include, for example, data that you use when contacting us via our email addresses.

II. Legal bases for the processing of personal data

Where we obtain the consent of the data subject for processing operations involving personal data, Art. 6 Para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Where the processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.

Where vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest pursued by us or by a third party, and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for the processing.

III. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

E. Data Processing Operations

I. Automatic data processing when visiting our website

1. Creation of log files

a) IONOS

We host our website with the provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter: IONOS).

b) Data processing agreement

We have concluded a data processing agreement (DPA) with IONOS. This is a contract that ensures that IONOS processes personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR.

c) Description and scope of data processing

Each time our website is accessed, the browser used on your end device automatically sends information (in so-called server log files, also referred to as “log files”) to the IONOS server of our website, where this information is processed automatically. The following data is collected by IONOS:

Information about the browser type and version used,
The user’s operating system,
The user’s internet service provider (access provider),
The IP address of the requesting computer,
Hostname of the accessing computer,
Date and time of access,
Websites from which the user’s system accesses our website (referrer URL),
Websites accessed by the user’s system via our website, name and URL of the file retrieved,
Your geographic location,
Amount of data transmitted.

This data is collected on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website; for this purpose, server log files must be collected. The data is also stored in the log files of our system. The data is not stored together with other personal data of the user.

d) Legal basis for data processing

The legal basis for the storage of the data and log files is Art. 6 Para. 1 lit. f GDPR.

e) Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. In addition, the data may serve to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f GDPR.

f) Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended. In the case of data stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of users are deleted or anonymized so that allocation to the accessing client is no longer possible.

g) Option to object and have data removed

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

2. Cookies

a) Definition

Cookies are used to make websites more user-friendly, effective and secure. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. However, this does not mean that a website operator obtains direct knowledge of your identity. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string that enables the browser to be uniquely identified when the website is accessed again. Many cookies are so-called “session cookies”. They are automatically deleted at the end of a website visit. Other cookies remain stored on your end device until you delete them.

b) Description and scope of data processing

aa) No cookies

When creating our website, we made it a priority not to use cookies.

bb) Possible technical exceptions

(1) Language settings

Nevertheless, a plugin used to enable the display of our website content in other languages also partially set a cookie automatically. We had this cookie deactivated after completion of our website. If this cookie is nevertheless active for a visitor to our website, this has occurred without our knowledge, automatically and due to technical necessities.

Only the following information is stored and transmitted in the cookie: language settings.

The purpose of using this technically necessary cookie within the meaning of Section 25 Para. 2 TTDSG is to apply language settings.

(2) WordPress

Our website was created using the WordPress software. In order to edit website content, we must be able to log in to the WordPress content management system. In doing so, a technically necessary cookie within the meaning of Section 25 Para. 2 TTDSG is automatically activated. This cookie only affects those who log in accordingly.

Visitors to our website are PROHIBITED from logging in to the content management system or attempting to do so. For this reason, no corresponding cookie can be active for a visitor to our website who behaves lawfully.

cc) Technically necessary cookies

The cookies mentioned above are technically necessary cookies within the meaning of Section 25 Para. 2 TTDSG, on the one hand to make our website more user-friendly and on the other hand to enable us to edit its content. These functions require the accessing browser to be identifiable even after a page change.

c) Legal basis

The legal basis for the processing of personal data using technically necessary cookies within the meaning of Section 25 Para. 2 TTDSG is Art. 6 Para. 1 lit. f GDPR.

As website operator, we have a legitimate interest in storing cookies for the technically error-free and optimized provision of our website.

d) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for visitors and to enable us to edit the content. The user data collected by technically necessary cookies is not used to create user profiles.

e) Duration of storage, option to object and have data removed

Cookies are stored on the user’s computer and transmitted from there to our website. As a website visitor, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Cookies that have already been stored can be deleted at any time. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

The transmission of Flash cookies, which are in any case not used on our website, cannot be prevented via browser settings, but can be prevented by changing the settings of the Flash Player.

II. Voluntary data transmissions by the user

1. Email contact

a) Description and scope of data processing

It is possible to contact us via the email addresses provided, among other places, on the website. In this case, the personal data of the user transmitted with the email is stored for the purpose of making contact and processing the user’s request.

b) Legal basis for data processing

The legal basis for processing the data transmitted in the course of sending an email is both Art. 6 Para. 1 lit. a GDPR and Art. 6 Para. 1 lit. f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

c) Purpose of data processing

The data is used for communication with the user and for the possible performance of a contract or possible contract processing. This constitutes the necessary legitimate interest in processing the data within the meaning of Art. 6 Para. 1 lit. f GDPR.

d) Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when the circumstances indicate that the matter in question has been conclusively clarified.

e) Option to object and have data removed

The user may object to the storage of their personal data at any time. An informal notification by email to info@j-p.law is sufficient for this purpose. In such a case, a conversation may not be continued.

2. Contact by telephone, letter and telefax

a) Description and scope of data processing

If a user contacts us by telephone or sends a letter or telefax, the data transmitted by the user (e.g. surname, first name, telephone number, address) and the information contained in the letter or telefax, together with the transmitted personal data, will be stored for the purpose of making contact and processing the user’s request.

b) Legal basis

The legal basis for processing the data transmitted in the course of a communication by telephone call or by sending a letter or telefax is both Art. 6 Para. 1 lit. a GDPR and Art. 6 Para. 1 lit. f GDPR. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

c) Purpose of data processing

d) Duration of storage

e) Option to object and have data removed

F. Disclosure of Your Data to Third Parties

Your personal data will be disclosed to third parties if we have the consent of the data subject or if the disclosure is necessary for the performance of a contract or for the implementation of pre-contractual measures.

I. Legal basis for disclosure

If the data subject has given consent, Art. 6 Para. 1 lit. a GDPR serves as the legal basis. Otherwise, Art. 6 Para. 1 lit. b GDPR is the legal basis.

II. Google Fonts

Although we use Google Fonts on our website, the relevant fonts have been stored locally on our server, so that no data is transferred to Google.

III. Categories of recipients of the data within the meaning of Art. 13 Para. 1 lit. e GDPR

1. Cooperating law firms/lawyers

In some cases, the processing of our clients’ instructions requires us to consult other law firms/lawyers, among other things in order to obtain information from them for our clients that may be relevant to our clients or to the processing of our clients’ matters. The collection, storage and disclosure of data takes place primarily on the basis of Art. 6 Para. 1 Sentence 1 lit. b GDPR and, where applicable, also on the basis of your voluntarily given consent pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR.

2. Public authorities and courts

Where necessary for contract processing, for example in the case of proceedings that we conduct for our clients before public authorities and courts, we transmit personal data to the relevant bodies.

3. Shipping service providers

Where necessary for contract processing (e.g. in the case of documents to be shipped), we transmit personal data to companies entrusted with delivery.

4. Credit institutions

Where necessary for contract processing, for example in the case of invoicing, we transmit personal data [including payment data (e.g. credit card data or account number)] to credit institutions commissioned with payment processing.

IV. Disclosure of data to other third parties in other cases

Your personal data will not be transmitted to third parties for purposes other than those listed in this Privacy Policy. We disclose your personal data to third parties,

if disclosure pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
in the event that there is a legal obligation for disclosure pursuant to Art. 6 Para. 1 Sentence 1 lit. c GDPR;
pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR in other cases in which you submit inquiries to us that we can only process and subsequently answer in consultation with cooperation partners.

G. Data Security / SSL Encryption

We point out that data transmission over the internet (e.g. communication by email) may have security gaps. Complete protection of data against access by third parties is not possible.

Our website uses SSL encryption to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

H. Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

I. Right of access

Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about the details thereof.

II. Right to rectification

Pursuant to Art. 16 GDPR, you have the right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

III. Right to restriction of processing

Pursuant to Art. 18 GDPR, you may request restriction of the processing of personal data concerning you under the following conditions:

if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
the controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise or defense of legal claims; or
if you have objected to processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

IV. Right to erasure

1. Obligation to erase

Pursuant to Art. 17 GDPR, you may request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the grounds set out in Art. 17 Para. 1 GDPR applies.

2. Exceptions

The right to erasure does not exist pursuant to Art. 17 Para. 2 GDPR to the extent that processing is necessary

for exercising the right of freedom of expression and information;
for compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 Para. 1 GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defense of legal claims.

V. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. Pursuant to Art. 19 GDPR, you have the right vis-à-vis the controller to be informed about these recipients.

VI. Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the requirements of Art. 20 Para. 1 lit. a and lit. b GDPR are met.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. This must not adversely affect the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

VII. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR or on the basis of Art. 6 Para. 1 lit. e GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided that there are grounds relating to your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, an email to info@j-p.law is sufficient.

The controller will no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

VIII. Right to withdraw the declaration of consent under data protection law

Pursuant to Art. 7 Para. 3 GDPR, you have the right to withdraw your declaration of consent under data protection law at any time. This means that we may no longer continue the data processing based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

IX. Automated individual decision-making including profiling

Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the controller,
is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g applies and suitable measures to safeguard your rights and freedoms and your legitimate interests have been taken.

With regard to the cases referred to in (1) and (3), the controller takes appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

X. Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. As a rule, you may contact the supervisory authority of your habitual residence, place of work or our company headquarters for this purpose.

I. Current validity and amendment of this Privacy Policy

This Privacy Policy is currently valid and has the

Status February 2026.

Due to the further development of our website and offerings on it, or due to changed legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The current Privacy Policy can be accessed and printed by you at any time on the website at www.j-p.law.