Data Protection


The purpose of the data protection policy of our law firm is to inform users of our website about the commitments and measures taken to make sure their data are protected. All data concerning you personally are considered personal data, for example name, address, e-mail address and user behavior.

This data protection policy excludes the use of the website by minors under 15 years of age.

The present policy is likely to evolve based on the current legal and regulatory environment, as well as on the positions taken by the French Data Protection Authority (Commission Informatique et Libertés).

I. Controller

The controller is BERTON & ASSOCIES SELARL, limited liability company with a capital of EUR 12,000, registered in the Commercial and Companies Register of Strasbourg under the number 500 893 078, whose head office is located in 2, place du Conseil des Quinze, 67 000 Strasbourg, having as representative Françoise Berton, CEO of the corporation BERTON & ASSOCIES. E-mail contact:

II. General Information on Data Processing

1. Scope of the Processing of Personal Data

We process the personal data of the users of our website only for the following purposes:

  • providing an operational website,
  • managing the relationship with the clients and prospects.

2. Erasure of the data and period of storage

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Data may be stored on the basis of the European or national legislator’s provisions in EU regulations, laws or other provisions to which the controller is subject. This data is blocked or deleted when a storage period prescribed by these standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

III. Access to the Website and Creation of Logfiles

With every visit of our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected in this connection:

  • Date and time of the request
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • IP-address of the requesting computer
  • Amount of data transferred

The data is also stored in the logfiles of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in data processing, since the temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our information technology systems.

The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the access to the website, this is the case when the respective session has ended. If the data is stored in logfiles, this is the case after 90 days at the latest.

IV. Contact Form and E-mail Fontact

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the mask will be transmitted to us and stored.

The mandatory data to be given are:

  • first name, last name
  • telephone number
  • e-mail-address
  • message

The following information is optional:

  • company
  • street, house number, postal code, town, country
  • telephone number

At the time the message is sent, the following data is also stored:

  • IP-address of the user
  • date and time of sending the contact form

Alternatively, you can contact us by e-mail. In this case, the user’s personal data transmitted by e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The processing of the personal data from the mask serves us only for the treatment of the contact with prospects and for submitting events and news of our law firm. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data in accordance with the legal basis of Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, Art. 6 para. 1 lit. b GDPR serves as a legal basis for further processing.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data are erased after a period of three years:

  • From the moment they are no longer needed to achieve the purpose for which they were collected or
  • From the last contact coming from the user or
  • From the end of the relationship as client (five years regarding the prevention of and fight against money laundering and terrorist financing)

or in case of subscription to a newsletter immediately after the end of the subscription.

If the user contacts us per e-mail, they can object at any time to the storage of their personal data by our law firm. In this case, however, the conversation cannot be continued.

V. Google reCAPTCHA

We use „Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. This is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

With reCAPTCHA, it should be cross-checked whether the data entry on our webpages (for example in a contact form) is done by a human or by an automated program. To do so, reCAPTCHA analyses the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor accesses the website. For the purposes of the analytics, reCAPTCHA evaluates various information (e.g., IP address, the duration of the time spent by the visitor on the webpage, or user mouse movements). The data collected during the analytics is forwarded to Google.

The reCAPTCHA analytics is done completely in the background. Webpage visitors are not advised that an analysis is taking place.

Data processing is done on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and spam.

Further information on Google reCAPTCHA, as well as the data protection statement from Google, can be found under the following links: and

VI. Social Media

Based on Art. 6 para. 1 lit. f GDPR, we use social media plugins of the google +, LinkedIn, YouTube, Twitter, Facebook and Xing social networks on our website to make our law firm better known by those means. The underlying promotional purpose is considered a legitimate interest within the purpose of the GDPR. The responsibility for operating in conformity with data protection requirements must be borne by the respective providers. We integrate these plugins using the so-called two-click method in order to offer our website visitors the best possible protection.

You can find further information on the data protection of the social media we use in the privacy statements of these social media:

Our website also provides sharing buttons that you can click on in order to share content from our Website on Twitter, Facebook, google+ and LinkedIn social media. We do not use these buttons to share your Personal Information with social media providers. When you click on a sharing button the relevant social media provider will gather personal data directly from you. Please read the privacy notice of any social media provider with which you intend to share content before clicking on the corresponding sharing button.

VII. Cookies

If you leave a comment on our website, we will require your consent to store your name and e-mail and website addresses in cookies. This is solely for your convenience, so you do not have to enter the same information if you leave another comment later. These cookies expire after one year.

If you have an account and you log onto the site, a temporary cookie will be created to determine whether your browser accepts cookies. It holds no personal data and will be deleted automatically when you close your browser.

When you sign in, we set up a number of cookies to hold your login data and screen preferences. The login data cookies last for two days, and screen option cookies have a lifespan of one year. If you select the “Remember me” option, your login cookie will be kept for two weeks. When you log out, the login cookie is deleted.

When you modify or publish an article, another cookie is set in your browser. This cookie contains no personal data. It indicates only the identifier of the article you have just changed, and it expires after one day.

By default, your browser accepts cookies, but this can be changed and most of the browsers allow to refuse cookies. If you want to block cookies all the time, you can change the settings of your computer to do this. In Google Chrome for example you can change your cookie settings by clicking « Settings », « Advanced », « Content settings », « Block third-party cookies » and modify your settings.

We only use the following very common cookies:

1. Google Analytics

Our website uses Google Analytics to count the visitors and to measure the traffic. The following information are used:

  • Browser type and version,
  • Operating system used,
  • Referrer URL (URL of the website you visited before),
  • IP-address and hist name of the accessing computer,
  • Time of the request

The privacy policy of this tool can be found on By no means personal data (IP, e-mails, etc.) are stored in this tool. And the cookies have also been changed to have a lifespan of 14 months, which is the minimum period expected by Google Analytics, in compliance with the European legislation on the GDPR.

2. Google AdWords

This website uses Google AdWords, an online advertising program of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (« Google »). As part of Google AdWords, we use so-called conversion tracking.

When you click on an ad placed by Google, a cookie is created for the conversion tracking and records the click on the ad. It is not possible to identify you personally via this cookie.

This cookie loses its validity after 30 days. When a user visits certain pages of this website during these 30 days, Google and we can identify that the user has clicked on the ad and has been redirected to this page. The conversion cookies serve to create statistics to measure the success of our marketing activities.

We also identify if you click on the telephone number in our Google ad. This way we can see, if the ad led to a call to our law firm.

The conversion tracking is done on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in measuring the success of our marketing activities.

When treating the conversation cookies data might be processed on the Google servers in the United States. For the United States, a decision from the European Commission concerning its adequacy (reference C/2016/4176) based on the « Privacy Shield » applies.

If you do not wish to participate in the conversion tracking, you can turn this off in the cookie settings of your browser. Only users having a corresponding cookie on their computer are taken into consideration for the conversion tracking. If you want to delete the conversion cookie or if it is not even created due to the settings of your browser, you are not taken into consideration for the conversion tracking.

VIII. Rights of the Data Subject

Within the strict limits of the above, the user authorizes our law firm to store and process the personal data communicated when accessing and visiting the website.

You have the following rights regarding your personal data:

  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future.
  • in accordance with Art. 15 GDPR right of access,
  • in accordance with Art. 16 and 17 GDPR right to rectification and erasure,
  • in accordance with Art. 18 GDPR right to restriction of processing
  • in accordance with Art. 20 GDPR right to data portability
  • in accordance with Art. 77 GDPR right to lodge a complaint with a supervisory authority concerning our processing of your personal data. The competent supervisory authority to lodge a complaint is the CNIL (French National Commission for Data Protection and Liberties).

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 subs. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR. If you wish to exercise your right to object, please send an e-mail to When exercising the right to object, we ask you to explain the reasons why we should not process your personal data. We then check the situation and the data processing or adjust or point out to you our legitimate reasons which justify that we continue the processing.

You can object to the processing of your personal data for advertising purposes and data analysis at any time without the need to indicate a specific situation. You can inform us about your opposition to advertising under the following contact details:

2 place du Conseil des Quinze,
67 000 Strasbourg
Telephone: +33 3 88 10 17 40

IX. Contact

For more information concerning the privacy policy the user can send a letter to the controller at: BERTON & ASSOCIES – 2, place du Conseil des Quinze, 67 000 Strasbourg or an e-mail at:

X. Notification of Amendments to this Policy

In order to verify if this data policy has been amended we suggest that you check this page periodically.