top of page

Data Protection Statement

1. Data Protection Officer

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is 

 

Mrs. Ksenia Marchenko

Sigismundstr. 16 D-78462 Konstanz

Tel.: +49 7531 28210-14

Fax: +49 7531 28210-10

Email: kmarchenko@narchenkolegal.com

 

This privacy policy applies to data processing by: Attorney Ksenia Marchenko, Sigismundstr. 16, 78462 Konstanz, Germany. Tel. +49 7531 28210-14. Fax: +49 7531 28210-10. E-mail: kmarchenko@narchenkolegal.com.

2. Collection and storage of personal data, as well as the type, purpose and use thereof

2.1 When visiting the website

You may generally use this website (www.marchenkolegal.com) for purely informational purposes without disclosing your identity. When you visit the website, the browser on your device automatically sends information to this website’s server. This information is collected without any action on your part and is temporarily stored in a so-called log file until it is automatically deleted. The data includes the following:

  • Browser type/version and, if applicable, the operating system used, as well as the name of your internet service provider,

  • Language and version of the browser software,

  • Your IP address,

  • Website from which access is made (referrer URL), 

  • Date and time of access.

The temporary processing of this data is necessary to technically enable the website visit and the delivery of the website to your device. The access data is not used to identify individual users and is not combined with other data sources. The aforementioned data is processed for the following purposes:

  • To ensure a smooth connection to the website,

  • Ensuring a comfortable user experience on our website,

  • Evaluating system security and stability, and

  • For other administrative purposes.

The legal basis for processing is Article 6(1)(f) of the GDPR. The legitimate interests in data processing arise from the purposes listed above, so that the functionality, stability, and security of the website can be ensured. 

Access data is deleted as soon as it is no longer necessary to achieve the purpose for which it was processed. In the case of data collected for the purpose of providing the website, this occurs when you leave the website. The data is generally deleted after seven days at the latest; further processing may be possible in individual cases. In this case, the IP address is deleted or anonymized so that the client making the request can no longer be identified. 

In addition, we use cookies and analytics services when you visit our website. You can find further details on this in Section 4 of this Privacy Policy.

2.2 When contacting us and using the contact form

If you have any questions, I offer you the option to contact me via a form provided on the website. You are required to provide your title, first and last name, a valid email address, and the text of your message so that I know who the inquiry is from and what it concerns, in order to be able to respond. Additional information may be provided voluntarily. 
 

If you contact me electronically—for example, by sending me an email, using the contact form on the website, or calling me—we will process your email address, your name, and your other contact information, as well as the details you provide in your inquiry. In order to respond to your written inquiry, we require at least your email address. Its processing is therefore strictly necessary.

Data processing for the purpose of contacting me is carried out pursuant to Art. 6(1)(a) GDPR based on your voluntarily given consent, as well as pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in responding to your general inquiry. If you contact me because you are seeking legal advice or wish to enter into another contract with me, the legal basis is Article 6(1)(b) of the GDPR. If I am legally required to store the data, the legal basis is Article 6(1)(c) of the GDPR in conjunction with the relevant provision.

The personal data collected as a result of your contact or when using the contact form will be deleted after your inquiry has been processed, unless a contract has been concluded (with a separate privacy policy), there are legal retention obligations, or I have legitimate interests in further retention.

 

2.3 Regarding Social Media

 

I maintain a publicly accessible profile on the social media platform LinkedIn, and in various places on this website I offer you the opportunity to visit my LinkedIn profile. However, so-called social media plugins are not used on this website. If you click on the respective logo or name of a social network, you will simply be redirected to my profile via a link. 

No personal data is transmitted to the social networks before you click on the logo or link, which redirects you to the respective social network’s website. The possibility that personal data is transmitted to and processed by the respective social network only arises from the moment you click on the logo or link on this website and are redirected to the social network’s website.

 

If you visit my social media profiles to interact with me (e.g., like or share a post, follow me, leave a comment, or send me a direct message), I will process the data you provide to me for the purpose of contacting you. If I like, share, or comment on your posts, the data you have freely published on the aforementioned social media platforms will be made available to my followers on my profile. All information you provide in your profile is publicly visible, meaning members who log in to the network, as well as customers of the social media services, can view it. This also applies to your activities within the service, such as:

  • Comments on posts;

  • “Likes”;

  • “Follow” function.

​​

Group memberships are also publicly visible. When you share posts, the default setting is for this to be public. In the settings, you can restrict the visibility of these posts to your contacts. 

The legal basis for this data processing is my legitimate interest pursuant to Article 6(1)(f) of the GDPR. This legitimate interest consists of maintaining contact with my clients, business partners, and prospective clients and keeping them informed, as well as conducting contemporary public relations and market research. If you contact me via social media because you are interested in my services, the inquiry also serves to carry out pre-contractual measures at your request, and the data processing is then also based on Article 6(1)(b) of the GDPR.

The social network LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; the provider is therefore the recipient of your data.

With LinkedIn, there is a possibility that some of the information collected may also be processed outside the European Union in the United States. The United States is considered a “third country” under data protection law.

If the European Commission has issued a decision confirming an adequate level of protection (see Art. 45(3) of the GDPR) in a third country, no additional measures are required for the data transfer. In the case of data transfers to recipients based in the United States, these are carried out on the basis of the Transatlantic Data Privacy Framework (DPF) of July 10, 2023, provided that the recipient holds the relevant certification. A list of currently certified companies is available here. In other cases, as well as for data transfers to other so-called non-safe third countries, data will only be transferred if the requirements of Art. 46 et seq. GDPR are met.

The social media platform I use, as described above, is headquartered in the United States and is certified accordingly (DPF).

3. Disclosure to Third Parties

Your personal data will not be disclosed to third parties for purposes other than those listed below.

Your personal data will be disclosed to third parties only if:

  • You have given your explicit consent pursuant to Article 6(1)(a) of the GDPR;

  • the disclosure is necessary pursuant to Article 6(1)(f) of the GDPR for the establishment, exercise, or defense of legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;

  • there is a legal obligation to disclose the data pursuant to Article 6(1)(c) of the GDPR, and such disclosure is necessary for the performance of a contract with you;

  • this is permitted by law and in accordance with Article 6(1)(b) of the GDPR.

 

4. Cookies and CAPTCHA

4.1 Cookies

This website uses cookies. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit this website. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware.

The cookie stores information that is specific to the device you are using. However, this does not mean that your identity is directly revealed.

The use of cookies serves, on the one hand, to make the use of the website more convenient for you. For example, this website uses so-called session cookies to recognize that you have already visited individual pages of this website. These are automatically deleted when you leave the website.

In addition, temporary cookies are also used to optimize user-friendliness; these are stored on your device for a specific, predetermined period of time. If you visit this website again to use its services, the system automatically recognizes that you have previously visited the website and recalls the entries and settings you made, so you do not have to re-enter them.

 

In addition, cookies are used to collect statistical data on the use of this website and to evaluate this data for the purpose of optimizing the content we offer you. These cookies make it possible to automatically recognize that you have previously visited this website when you return. These cookies are automatically deleted after a predefined period of time.

The data processed by cookies is necessary for the aforementioned purposes to safeguard the legitimate interests of the controller and third parties pursuant to Art. 6(1)(f) GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notification always appears before a new cookie is created. However, completely disabling cookies may prevent you from using all features of this website.

4.2 CAPTCHA Services

This website uses the CAPTCHA service “reCAPTCHA” provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

reCAPTCHA allows us to verify whether data entered on the website (e.g., in a contact form) is being entered by a human or by an automated program. To do this, reCAPTCHA analyzes the website visitor’s behavior based on various characteristics. We have integrated reCAPTCHA in such a way that the analysis only begins once you have given us your consent to do so. For the purpose of analysis, “reCAPTCHA” evaluates various pieces of information (e.g., IP address, the length of time the website visitor spends on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google. This occurs regardless of whether Google provides a user account through which users are logged in or whether no user account exists. If users are logged in to Google, the user data is directly assigned to the respective Google account. “Google” stores the resulting usage data as usage profiles and processes them for its own purposes of statistical analysis and online advertising, regardless of whether a user account exists with Google. ​

The legal basis for accessing your device and the subsequent processing of your personal data is your consent pursuant to Section 25(1) of the TDDDG and Article 6(1)(a) of the GDPR. Google also processes some of the data in the United States. If the European Commission has issued a decision confirming an adequate level of protection in a third country, no additional measures are required for data transfers. In the event of data transfer to recipients based in the United States, this is carried out on the basis of the so-called Transatlantic Data Privacy Framework (DPF) of July 10, 2023, provided that the recipients hold the relevant certification. Such certifications exist with regard to Google. Information regarding the retention period of your data and all cookies used can be found in the description in our consent management tool under “Cookie Settings.”

You may revoke your consent at any time by unchecking the box in the “Cookie Settings” of the consent management tool. The withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

4. Data Subject Rights

As a data subject, you have the following rights, provided that the applicable conditions are met:

  • Pursuant to Article 7(3) of the GDPR, you may withdraw your consent at any time with future effect by notifying me. You may submit your withdrawal by sending an email to kmarchenko@marchenkolegal.com. No automated individual decision-making. The withdrawal of consent means that I may no longer continue the data processing that was based on your consent in the future;

  • pursuant to Art. 15 GDPR, to request information about your personal data processed by me. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by me, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details; ​

  • pursuant to Art. 16 GDPR, to request the immediate rectification of inaccurate personal data or the completion of your personal data stored by me;

  • to request the erasure of your personal data stored by me pursuant to Article 17 of the GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;

  • pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, and I no longer need the data, but you require it for the assertion, exercise, or defend legal claims, or you have objected to the processing pursuant to Art. 21 GDPR; 

  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to me in a structured, commonly used, and machine-readable format, or to request its transmission to another controller; and

  • to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR. As a rule, you may contact the supervisory authority at your usual place of residence or workplace, or at the location of my law firm (Konstanz).

5. Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) of the GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 of the GDPR, provided there are grounds for doing so arising from your particular situation. Please note that for data processing for purposes other than direct marketing, the reasons must be specified.

 

If you wish to exercise your right to object, simply send an email to kmarchenko@marchenkolegal.com.

6. Data Security


During your visit to the website, we use the widely adopted SSL (Secure Sockets Layer) protocol in conjunction with the highest encryption level supported by your browser. This is typically 256-bit encryption. If your browser does not support 256-bit encryption, 128-bit v3 technology is used instead. You can tell whether a specific page of my website is being transmitted securely by the closed key or lock icon displayed in the status bar at the bottom of your browser.

Furthermore, I employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. These security measures are continuously improved in line with technological developments.

7. Validity and Changes to the Privacy Policy

This Privacy Policy is currently valid and is effective as of March 2026.

Due to the further development of this website and the services offered on it, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy.

The current privacy policy can be viewed and printed at any time on the website at https://www.marchenkolegal.com/datenschutz

​​

​​

As of: March 2026

bottom of page