Privacy Policy

Fieldfisher respects your right to privacy. This privacy policy explains how we collect, share and use your personal information and how you can exercise your privacy rights. We encourage you to read the privacy policy in its entirety to ensure that you are fully informed.

1. What does Fieldfisher do?

“Fieldfisher” is the trade name in Germany of Fieldfisher Partnerschaft von Rechtsanwälten mbB, Fieldfisher Tech Rechtsanwaltsgesellschaft mbH and Fieldfisher X Rechtsanwaltsgesellschaft mbH. In addition, the trade name Fieldfisher designates other companies whose contact details can be viewed at References to these companies are marked seperately.

2. Who is responsible?

The data controller in relation to visits to this website is Fieldfisher X Rechtsanwaltsgesellschaft mbH.

To find our contact details to Fieldfisher X Rechtsanwaltsgesellschaft mbH, see the “How to contact us” section below.

3. How does Fieldfisher process my personal data?

“Processing” means any operation or set of operations performed upon personal data, regardless of the use of automated processes, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other third party availability, alignment or combination, restriction, erasure or destruction.

How, for what purpose, and on what legal basis Fieldfisher processes your personal data is explained below.

3.1. Visiting our website

When you visit our websites, we automatically collect certain personal information from your device.

The information we collect automatically includes your IP address, device type, unique device identification number, browser type, general geographic location (e.g. country or city). We also collect information about how your device has interacted with our websites, including pages viewed and links clicked.

This personal data is required to deliver and optimize the content of our website, to ensure the long-term functionality of our information technology systems and the technology of our website, as well as to provide the information necessary for prosecution to the law enforcement authorities in the event of a cyber attack. 

This personal data is collected with the help of cookies and similar tracking technologies (more information on this in our cookie policy). The processing of personal data in this context is based on our legitimate interest (Art. 6(1)(f) GDPR) to operate and display our websites properly, to provide their functionalities in a secure manner and to prevent fraud or other misuse of the websites.

3.2. Use of our services

If you instruct us to provide you with services, we will collect and use personal data that is necessary for the provision of the services you have instructed us to provide.

Most of the personal data we collect and use to provide our services is provided voluntarily by the customers themselves.

Personal data relating to the use of our services may include:

  • Basic information such as your first and last name, the company you work for, your position and your relationship to a person;
  • Contact information such as your mailing address, email address, and phone number(s);
  • Financial information, such as payment-related information;
  • Identification and background information provided by you or collected as part of our client on- boarding process;
  • Special categories of personal data if provided to us (such as health data or data relating to criminal convictions and offences); and
  • Any other personal information about you or other third parties that you provide to us for the purpose of receiving our services.

We process your personal data for the purpose of fulfilling the contract (Art. 6(1)(b)GDPR). In addition, we process identification and background information as part of our client on-boarding, financial and administrative processes, including anti-money laundering, conflict, reputational and financial controls, and to comply with other legal or regulatory requirements to which we may be subject. This type of processing is necessary for the fulfilment of the contract as well as legal obligations (Art. 6(1)(b) and (c) GDPR). Information provided by our clients may be disclosed to third parties where necessary in connection with our contractual obligations (e.g. when seeking advice from external consultants or experts). We do not disclose information to third parties without your knowledge unless required by law.

3.3. Contact options

You can contact us via e-mail or telephone. When you contact us by e-mail, we process your name, e-mail address and the content of your message. When you contact us by telephone, we process your name, telephone number and the content of the conversation. We process your information for the purpose of processing your contact request. Insofar as your inquiry is contract-related, we process your personal data to fulfil our contractual obligations to you or to fulfil pre-contractual obligations (Art. 6(1)(b)GDPR). In other cases, the processing is based on our legitimate interest (Art. 6(1)(f)GDPR), in the processing of your contractual request.

3.4. Newsletter and events

If you have subscribed to one of our newsletters or entered into a business relationship with us, we may send you emails with information about our business and services. If you have expressly subscribed to a newsletter, we process your personal data on the basis of your consent (Art. 6(1)(a)GDPR). If you are our customer, we may also process your personal data on the basis of our legitimate interest (Art. 6(1)(f) GDPR in conjunction with  § 7 German Unfair Competition Act (“UWG“)). It is one of our primary business interests to keep existing customers informed about our services. You can unsubscribe from our newsletters at any time by clicking on the link at the bottom of all our marketing emails.

When conducting marketing surveys, we process the answers provided as part of the survey. This processing is carried out on the basis of our legitimate interest (Art. 6(1)(f)  GDPR in conjunction with § 7 UWG) to conduct internal analyses and to improve the quality, relevance and compliance of our marketing.

We also process personal data for other business purposes, in particular when we organise and run events. For this purpose, we also use video conferencing tools to facilitate communication with you. In this case, we process your IP address, the contents of the conversation, your appearance (if you turn on your camera), e-mail address, name and possibly other service-related data. A recording is only made if you have consented (Art. 6(1)(a)GDPR). If the use of video conferencing tools is necessary for the provision of our services, such processing will be necessary for the fulfilment of the contract (Art. 6(1)(b) GDPR). Otherwise, in particular when we conduct webinars, the processing is carried out for the fulfilment of our legitimate interest (Art. 6(1)(f) GDPR) to conduct online as well as offline events.

3.5. Cookies and other tracking technologies

We use cookies and other tracking technologies. You can find more information about this in our cookies policy.

3.6. Your application with us

We provide information about the processing of your personal data in the context of a job application in our data protection declaration on our careers website.

4. How long does Fieldfisher store my personal data?

Generally, we will retain personal data we collect from you only for as long as is necessary for the purposes for which the personal data was collected and/or where we have an ongoing legitimate business interest in doing so (e.g. to provide you with a service you have requested). However, in certain cases, we may be required to retain personal data beyond this in order to comply with applicable legal requirements (e.g. tax or accounting requirements). When the retention of your personal data is no longer necessary for the purpose for which it was collected, there is no continuing legitimate business interest for processing your personal data, and there is no additional legal obligation to retain the data, we will either delete or anonymize the data or, if this is not possible (e.g. because your personal data has been stored in backup archives), we will store your personal data securely and separate it from any further processing until deletion is possible.

Where you have submitted information in connection with a job application, you can find further information on the storage of your personal data in the data protection declaration on our careers website. In the event of an unsuccessful application, we will store your personal data for a maximum of 6 months.

5. How does Fieldfisher keep my personal information secure?

We use appropriate technical and organisational measures to protect any personal data that we process. The measures we use are designed to ensure a level of protection appropriate to the risk posed by the processing of personal data.

6. When and to which third parties may Fieldfisher disclose your personal information?

We may disclose your personal data to the following categories of recipients:

  • to our partners operating under the Fieldfisher brand within the European Economic Area, the United Kingdom, the US and China;
  • to our service providers who provide us with data processing services and who may also operate on a global basis (e.g. to our website spam protection service, or if you have applied for a job, to our personnel and applicant management service provider);
  • to a relevant law enforcement agency, regulatory authority, government agency, court or other third party if we believe disclosure is necessary: (i) under applicable law or regulation; (ii) to exercise, establish or defend our legal rights; or (iii) to protect your vital interests or the interests of another person;
  • to other persons for whom we have your consent to disclose.

7. Will my personal data be transferred internally?

The servers of our website are located in Germany. However, our partners operating under the Fieldfisher brand and our service providers operate worldwide. This means that when we collect your personal data, it may be processed in countries where data protection laws are different from those in your country.

However, we have put in place appropriate safeguards to ensure that the personal data we process remains protected in accordance with this Privacy Policy when transferred internationally, including when processed internationally by our third party service providers and partners. Among the safeguards we have in place are: the implementation of the Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for transfers of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council), which require our partners and service providers in third countries (i.e. countries outside the European Economic Area) to protect personal data they process from the European Economic Area in accordance with European Union data protection laws. Where necessary, we implement additional measures to protect your data.

Further details can be provided on request.

8. What data protection rights do I have?

You have the following data protection rights:

  • You can obtain confirmation as to whether or not we are processing your personal data and, if so, obtain information about your personal data in accordance with Article 15 of the GDPR;
  • If your personal data stored by us is incorrect or incomplete, you can request the correction or completion of this data in accordance with Art. 16 GDPR;
  • You may request the deletion of your personal data in accordance with Art. 17 GDPR;
  • You can request the restriction of the processing of your personal data in accordance with Art. 18 GDPR;
  • You can receive the personal data that you have provided to us in a structured, standardized as well as machine-readable format and have this data transferred to another controller by us; in accordance with Art. 20 GDPR;
  • if the processing of your personal data is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in Fieldfisher (Art. 6(1)(e) GDPR) or on the basis of legitimate interests pursued by Fieldfisher or a third party (Art. 6(1)(f) GDPR), you may object to such processing in accordance with Art. 21 GDPR; and
  • if the processing of your personal data is based on your consent (Art. 6(1)(a)GDPR or Art. 9(2)(a)GDPR), you may revoke this consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The processing of your personal data that was carried out in reliance on lawful processing grounds other than your consent is equally unaffected.
  • Finally, you have the right to complain to a supervisory authority about our collection and use of your personal data. For more information, please contact a competent data protection authority. The contact details of the data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the USA and Canada) can be found here. An overview of the competent data protection authorities in Germany can be found here.
  • Updates to this privacy policy

9. Updates to this privacy policy

We may update this privacy policy from time to time in response to legal, technical or business developments. When we update our privacy policy, we will take reasonable steps to notify you.

10. How to contact us

If you have any questions or concerns about our use of your personal information or the content of this Privacy Policy, please email our Data Protection Officer at We will respond to all requests from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws.

You can reach Fieldfisher X Rechtsanwaltsgesellschaft mbH at the following address: Reinhardtstraße 47, 10117 Berlin, Germany.