Privacy Policy for Notarial Services

IDENTITY AND CONTACT DETAILS OF THE CONTROLLER

The controller for the processing of personal data within the meaning of Art. 4 para. 7 GDPR is:

Notary Dr. Andreas Rasner
Untermainkai 30
60329 Frankfurt am Main

Phone: +49 69 271 38 89 80
Fax: +49 69 271 38 89 780
Email:

CONTACT DETAILS OF MY DATA PROTECTION OFFICER

My data protection officer is:

ENSECUR GmbH
Höhefeldstraße 28
76356 Weingarten
Germany
E email hidden; JavaScript is required

1 – Categories of Personal Data processed by me

In connection with my notarial services, I process personal data which I obtain

• directly from you,
• from third parties authorised by you (e.g. another notary or lawyer, a tax advisor, a broker or a credit institute),
• from other third parties (e.g. your employer, an authority or a (potential) contractual party of yours) or
• by inspecting publicly available sources (e.g. land register or commercial and association registers).

This includes in particular the following categories of personal data:

• master data (e.g. your name, your address, your contact details such as email address(es) or telephone number(s), your date and place of birth, your nationality, your tax ID, your marital status and your birth registration number),
• biometric data, especially in the form of copies of your identity card or passport,
• health data, inter alia regarding your legal capacity,
• data directly related to my notarial activities (e.g. the existence and the content of contracts, your family situation or your financial situation),
• consulting data (e.g. content of enquiries and client intakes, records of advice, documents received and prepared, file notes, legal opinions and assessments),
• activity data (e.g. billing or invoice data) as well as
• further data that I obtain in connection with my notarial services.

This may also include special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union memberships or, as stated above, biometric and health data).

2 – Purposes and Legal Bases for the Processing

As a notary, I hold a public office. My official activities are carried out in the performance of a task that serves the interest in ensuring orderly and preventive administration of justice and thus are in the public interest and constitute the exercise of official authority.

In this context, your personal data are processed in order to carry out the notarial services requested by you and, where applicable, by other persons in accordance with my official duties. This includes, for example, the preparation of draft deeds, notarisation and execution of notarial transactions as well as the provision of advice. The legal basis for these processing activities is Art. 6 para. 1 s. 1 lit. e GDPR in conjunction with Section 3 para. 1 of the Hessian Data Protection and Freedom of Information Act (Hessisches Datenschutz- und Informationsfreiheitsgesetz, “HDSIG”) as the processing is carried out in the performance of my notarial functions, i.e. in the exercise of official authority vested in me. 

In addition, there are situations in which I am obliged to process personal data under the professional and procedural regulations applicable to me, which are mainly set out in the Federal Notaries’ Act (Bundesnotarordnung, “BNotO”) and the Notarisation Act (Beurkundungsgesetz, “BeurkG”). The legal basis for such processing activities is Art. 6 para. 1 s. 1 lit. c GDPR. This also includes the processing of health data in the course of my notarial work, for example in notarial auxiliary files pursuant to Art. 9 para. 2 lit. g GDPR in conjunction with Section 40 para. 2 of the Notarisation Keeping Regulation (Notaraktenverzeichnisverordnung, “NotAktVV”) or for determining the legal capacity of the parties involved in accordance with Art. 9 para. 2 lit. g GDPR in conjunction with Sections 11, 28 BeurkG.
Furthermore, I may also process your personal data for the following purposes:

• Contacting: If you contact me, whether by email, phone or in writing, the personal data you provide (e.g. your email address, telephone number, name, and/or further contact details) are stored and used to process your enquiry and respond to it. The legal bases for this processing are Art. 6 para. 1 s. 1 lit. e GDPR in conjunction with Section 3 para. 1 HDSIG as well as my legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) in responding to you.
• Money laundering check: Pursuant to Sections 10–12 of the German Anti-Money Laundering Act (Geldwäschegesetz, “GwG”), I am obliged to carry out so-called money laundering checks for certain transactions and business relationships. For this purpose, I also have to process personal data (e.g. in order to identify parties involved and beneficial owners on the basis of their biometric identity cards or passports). The legal basis for this processing activity is Section 11a para. 1 GwG and Art. 9 para 2 lit. g GDPR in conjunction with Section 11a para. 1 GwG.
• Greeting cards and invitations: If I know you personally and/or if you have already been involved as a party in a notarial procedure with me, I may send you greeting cards on special occasions (e.g. Christmas) or invitations to events based on my legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR). I assume that the recipients appreciate such greetings and invitations. You may object to receiving greeting cards and invitations at any time (see further below Section VII).
  
• Processing based on consent: In rare cases, particularly when none of the above legal bases apply, I process your personal data based on your consent (Art. 6 para. 1 s. 1 lit. a GDPR or, for the processing of special categories of personal data, Art. 9 para. 2 lit. a GDPR).
  

We do not use any systems or programs for automated decision-making/profiling within the meaning of Art. 22 GDPR.

3 – Recipients of the Personal Data

As a notary, I am subject to a statutory duty of confidentiality. Such duty of confidentiality also applies to all persons engaged by me. I only disclose personal data in the following cases: 

• Use of service providers: Like many businesses, I use external service providers. Such service providers may, depending on the nature of the service rendered, have access to personal data that I process or even explicitly process personal data on my behalf. The legal bases for these transfers are always Art. 6 para. 1 s. 1 lit. e GDPR in conjunction with Section 3 para. 1 HDSIG, Art. 6 para. 1 s. 1 lit. c GDPR or my legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) in ensuring the smooth operation of my notarial services. My contracts with the service providers require that they process the transferred personal data solely for the purposes necessary for delivery of their services.
  The main recipient in this context is METIS Rechtsanwälte PartG mbB, Untermainkai 30, 60329 Frankfurt am Main, Germany. They assist me in various areas (e.g. in the preparation and handling of deeds, in invoicing and accounting, by providing IT infrastructure and with general office administration).
  Further recipients of personal data are my external IT service provider, my provider of notary software and NotarNet GmbH.

• Compliance with legal obligations: In addition, I may be subject to particular legal requirements obliging me to provide personal data to third parties (especially to public authorities). Such disclosure is based on Art. 6 para. 1 s. 1 lit. c GDPR. Examples of such obligations are notification duties towards the tax authorities or public registers such as the land register, the Commercial or Association Register, the Central Register of Wills, or the Register of Precautionary Powers, as well as to courts such as the probate, guardianship or family court or to other authorities. In the context of professional and supervisory oversight, I may also be required to provide information to the Chamber of Notaries or my supervisory authority. Another example is the obligation to report suspicions of money laundering to the competent authority in accordance with Section 43 GwG.
• Appointment of a deputy notary: In the event of my absence or incapacity, I am entitled under Sections 39, 39a BNotO to appoint a deputy notary to temporarily represent me. This deputy notary will, of course, gain access to your personal data if he/she is involved in your notarial matter. The legal basis for this transfer is Art. 6 para. 1 s. 1 lit. e GDPR in conjunction with Section 3 para. 1 HDSIG.
  My usual deputy notary is Dr. Christopher Seemann, whose office is c/o METIS Rechtsanwälte PartG mbB, Untermainkai 30, 60329 Frankfurt am Main, Germany. However, I reserve the right to appoint additional deputy notaries at any time.

4 – Transfer to Third Countries

A transfer of your personal data to third countries, i.e. countries outside the European Economic Area (EEA), such as the USA or the United Kingdom, occurs only if required for the notarial activity (e.g. cooperation with foreign law firms or notaries), if I have to respond to a request of a foreign authority or court, if a party involved is located in a third country, or when I engage an external service provider.

Any transfer to a third country will take place only if the conditions set forth in Art. 44 et seqq. GDPR are fulfilled. This may include, for example, an adequacy decision pursuant to Art. 45 GDPR, i.e. the binding recognition by the European Commission that a country has an adequate level of data protection. If no such adequacy decision exists, the transfer may be based on other suitable safeguards, such as Standard Contractual Clauses under Art. 46 para. 2 lit. c GDPR. If you wish to receive a copy of the Standard Contractual Clauses (or other suitable safeguards) I use, please contact my data protection officer or me directly via the above-mentioned contact details.

Aside from these cases, I do not intend to transfer your personal data to third countries or international organisations.

5 – Data Erasure and Retention Period

Your personal data stored by me will be deleted as soon as the purpose or legal basis for storage/processing no longer applies. 

However, legal retention obligations may apply which require personal data to be stored for a longer period. For example, under Section 50 para. 1 NotAktVV:

• for registers of deeds, electronic collections of deeds, collections of inheritance contracts, and special collections: 100 years,
• for paper-based collections of deeds, registers of safekeeping, and general files: 30 years and
• for collection files on bills of exchange and cheque protests and for ancillary files: 7 years. The notary may, however, determine a longer retention period in writing at the latest at the time of the last substantive processing of the ancillary file, e.g. in the case of dispositions upon death or in the event of risk of recourse. Such a determination may also be made in general terms for specific types of legal transactions, such as dispositions upon death.
  

Further retention obligations are primarily of a commercial or tax law nature, namely under e.g. under the German Commercial Code (Handelsgesetzbuch, “HGB”), the German Fiscal Code (Abgabenordnung, “AO”) or the German Value Added Tax Act (Umsatzsteuergesetz, “UStG”), such as Section 147 AO, Section 257 HGB, or Section 14b UStG.

So far as such obligations apply, I restrict the further processing of your personal data and will delete them at the end of such retention periods. 

External service providers engaged by me will store your personal data in their systems only as long as necessary for performing the respective services in accordance with my instructions.

6 – No Requirement to Provide Personal Data

I do not make my notarial service dependent on you providing me with personal data. Generally, you are under no general statutory or contractual obligation to provide me with your personal data. However, failure to provide the personal data I request from you may result in my having to refuse to carry out (or further carry out) notarial work, as I cannot or may not do so without the necessary personal data.

7 – Your Rights

In connection with my processing of your personal data, you have the following rights:

• Right of Access (Art. 15 GDPR): According to Art. 15 GDPR, you have the right to request information about your personal data processed by me. You may especially request information on the purposes of processing, the categories of personal data, the categories of recipients to whom your personal data have been or are disclosed, the planned storage period, the existence of rights to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of the personal data (if not collected from you) and the existence of automated decision-making including profiling and, where applicable, request meaningful information about the details thereof.
• Right to Rectification (Art. 16 GDPR): According to Art. 16 GDPR, you have the right to request the rectification of your inaccurate or incomplete personal data stored by me without undue delay.
• Right to Erasure (Art. 17 GDPR): According to Art. 17 GDPR, you have the right to request the erasure of your personal data stored by me, unless processing is necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise, or defence of legal claims.
• Right to Restriction of Processing (Art. 18 GDPR): According to Art. 18 GDPR, you have the right to request the restriction of processing of your personal data if the accuracy of such personal data is contested by you or the processing is unlawful.
• Right to Data Portability (Art. 20 GDPR): According to Art. 20 GDPR, you have the right to obtain your personal data provided to me in a structured, commonly used and machine-readable format or to have it transmitted to another controller.
• Right to Object (Art. 21 GDPR): According to Art. 21 GDPR, you have the right to object to the processing of your personal data if processing is based on Art. 6 para. 1 s. 1 lit. e or f GDPR. Please state the reasons why you object to the processing, so that I may re-examine the situation and either stop or adjust the processing or give you my compelling legitimate reasons to continue the processing.
• Right to Withdraw Consent (Art. 7 para. 3 GDPR): If processing is based on your consent for the processing of personal data, you have the right to withdraw your consent at any time with effect for the future. This means the consent ceases to be a legal basis for processing of your personal data from the time of withdrawal.
• Right to Lodge a Complaint (Art. 77 GDPR): According to Art. 77 GDPR, you have the right to lodge a complaint about the processing of your personal data by me with a data protection supervisory authority, for example, with the supervisory authority responsible for me:
  
  Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
  Gustav-Stresemann-Ring 1
  65189 Wiesbaden
  Germany
  Phone: +49 611 1408 0
  E-Mail: email hidden; JavaScript is required

8 – Up-to-Dateness of this Privacy Policy

This Privacy Policy is current as of November 2025.

Due to legal or regulatory changes or as a result of modifications to my internal notarial policies, it may become necessary to amend this Privacy Policy. The latest version can always be viewed and printed from my website.

If you have any questions regarding this Privacy Policy, please contact my data protection officer or me at any time.