Privacy Policy

Welcome to the boring.legal website. The protection of personal data is important to us. We process personal data in accordance with applicable data protection requirements, particularly the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Below, we provide you with all relevant information to review and exercise your rights. In this privacy policy, you will find all information on the processing of your personal data in connection with the use of our website, www.boring.legal, and the services we offer. You can print or save this privacy policy by using your browser’s usual functionality.

1. Data Controller and Contact Person

The data controller and contact person for the processing of your personal data when visiting this website, as defined by the GDPR, is:

boring.legal GmbH
Tucholskystraße 42
10117 Berlin
Email: privacy@boring.legal

2. General Information

Our website and the services we offer use various functionalities and applications (“tools”) provided either by us or by third parties. These tools store information on or access your device.

Below, we list the tools we use, organized by category, with information about the providers, data retention periods, and when data is shared with third parties. Additionally, we explain in which cases we obtain your voluntary consent for the use of the tools and how you can withdraw that consent.

2.1. Accessing Our Website and Providing Content

Each time you use our website, we collect data that your browser automatically transmits to enable your visit. We process the following data:

• HTTP Data: These are protocol data that arise when the website or our services are accessed via Hypertext Transfer Protocol (Secure) (HTTP(S)). They include your IP address, type and version of your browser, your operating system, the page you accessed, the previously visited page (referrer URL), as well as the date and time of your access.

Processing these HTTP data is necessary to allow you to visit the website, use our services, ensure the ongoing functionality and security of our systems, and generally administer our website.

Legal basis: Art. 6(1)(b) GDPR if the page visit is part of contract initiation or fulfillment, otherwise Art. 6(1)(f) GDPR based on our legitimate interest in enabling website access and maintaining system security and functionality.

In this context, we share your data with the following categories of recipients: hosting providers.

For information on data retention duration, please refer to Section 7.

2.2. Contacting Us

You have various options to contact us, e.g., by email or using our contact form. In this context, we process data solely to communicate with you.

We process the following data for this purpose:

• Request Data: Information you provide to us in your request, including title, first and last name, postal address (billing address), phone number, email address, and the content of your inquiry.
• Communication Device Data: Data assigned to your device during the communication process, including a unique session ID and session expiration date.

Legal basis: Art. 6(1)(b) GDPR if the information is required to respond to your inquiry or initiate/perform a contract, otherwise Art. 6(1)(f) GDPR based on our legitimate interest in enabling communication and responding to inquiries. If you are not an existing customer, we will only send you promotional emails based on your consent under Art. 6(1)(a) GDPR in conjunction with § 7(2) No. 1 or 2 UWG (German Act Against Unfair Competition).

We share your data with the following categories of recipients: hosting providers and email service providers.

The data collected through our contact form is deleted once we have fully processed your inquiry, unless we still need it to fulfill contractual or legal obligations (see Section 7, “Retention Period”).

2.3. Newsletter

Our newsletter is designed to inform you about developments in accounting, taxation, and law, as well as events, news, offers, and other important information. To subscribe, we collect your email address and, for events, your name and company name if applicable.

Through certain functionalities (e.g., usage-based data analysis) of our newsletter, we can determine which newsletter content is of particular interest to you. We use the results of these analyses solely to improve and tailor our website content.

Legal basis: Your consent according to Art. 6(1)(a) GDPR. You can unsubscribe at any time. Each newsletter includes an unsubscribe link, and you can also unsubscribe by contacting us directly via email or letter.

We share your data with the following categories of recipients: newsletter distribution and analytics service providers.

For information on data retention duration, please refer to Section 7.

2.4. Customer Advertising via Email

If you have entered into a contract with us for using boring.legal, we use your contact details to send you additional relevant product and service information by email (customer advertising), including new products, special offers, and feedback surveys.

Legal basis: Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG, which permits data processing for legitimate interests, as far as it relates to data storage and further use for promotional purposes. You can object to the use of your data for promotional purposes at any time via a link in the emails or by contacting us directly.

We share your data with the following categories of recipients: newsletter distribution and analytics service providers.

For information on data retention duration, please refer to Section 7.

2.5. IT Infrastructure Security

We temporarily store data in server log files and analyze it to ensure the security of our IT infrastructure, particularly for identifying, remedying, and securely documenting security incidents (e.g., DDoS attacks).

We process the following data:

• HTTP Data: Protocol data generated when accessing the website via HTTP(S), including IP address, browser type and version, operating system, accessed page, referrer URL, date, and time of access.

Legal basis: Our legitimate interest under Art. 6(1)(f) GDPR in safeguarding the security of our IT infrastructure.

We share your data with the following categories of recipients: hosting providers and IT security service providers.

For information on data retention duration, please refer to Section 7.

2.6 Error Analysis

We temporarily store data in server logs and analyze it to quickly identify errors that may cause disruptions or crashes and thereby improve our services. Data storage and analysis are conducted in an anonymized form.

We share your data with the following categories of recipients: hosting providers and error detection and resolution services.

For information on data retention duration, please refer to Section 7.

2.7 Registration and Use of Our Services

We offer services in the fields of accounting, taxation, contracts, and legal documents. Additionally, we provide the option to contact qualified external tax consultants and lawyers and enter into individual agreements directly with them.

We process the following data for this purpose:

• Registration Data: Information you provide through our registration form to create a user account, including email address, password, name, and optionally, a company name.

Processing serves to prepare and fulfill our contractual obligations to users according to Art. 6(1)(b) GDPR.

We share your data with the following categories of recipients: hosting providers, technology providers, external tax consultants, and lawyers.

For information on data retention duration, please refer to Section 7.

2.8 Web Analytics and Optimization Services

When you visit our website or use our services and give us your consent, we collect information about your usage via web analytics tools.

Legal basis: Your consent according to Art. 6(1)(a) GDPR. You can withdraw your consent at any time.

We share your data with the following categories of recipients: web analytics and optimization service providers.

For information on data retention duration, please refer to Section 7.

3. Cookies and Similar Technologies

3.1 Cookie Basics and Similar Technologies

To make visiting our website and using our services more attractive and to enable the use of certain functions, we use tracking technologies, primarily cookies.

3.2 Use of Cookies and Similar Technologies on Our Website or Within Our Services

When you visit or use our website or services, both our own and third-party cookies may collect and process data. This processing is done for purposes of functionality, user experience, performance measurement, and optimization, as well as for marketing.

Legal basis for tracking measures is displayed in our cookie banner.

4. Social Networks

We maintain online presences in social networks to communicate with customers and interested parties and to provide information about our products and services.

Legal basis for data processing: Art. 6(1)(f) GDPR, based on our legitimate interest in effective communication.

5. Data Sharing

Data we collect is generally shared only when a data protection legal basis exists, including if:

• You provide explicit consent under Art. 6(1)(a) GDPR.
• We are obligated to do so for contractual performance under Art. 6(1)(b) GDPR.

Some data processing may be carried out by service providers.

6. Data Transfer to Third Countries

As explained in this privacy policy, we may use services whose providers are located in so-called third countries (outside the EU/EEA).

7. Retention Period

We retain personal data only as long as necessary to fulfill the purposes for which we collected it.

8. Your Rights

If the applicable legal conditions are met, you have the rights under Articles 15-21 and Article 77 GDPR.

9. Withdrawal and Objection

You have the right to withdraw consent at any time.

10. Amendments to the Privacy Policy

We may update this privacy policy periodically, for instance, if we make adjustments to our website or if legal or regulatory requirements change.

Effective Date: October 2024