The following information in this privacy policy explains the fundamental nature, scope, and purpose of use of personal data, and how we handle/process this data in the context of our online offerings. These include our web presence (e.g. websites, newsletters, etc.), as well as other online activities, such as our profiles on social media platforms. Unless otherwise stated, all definitions and references relate to the EU’s General Data Protection Regulation (GDPR, as amended).

Collection and storage of personal data, and the nature and purpose of its use

When you visit our website, the browser on your end device automatically sends information to the server of our website. This information is stored temporarily in what is known as a log file. The following information is collected without any action on your part, and stored until automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the accessed file,
  • Website from where the access was made (referrer URL),
  • The browser used and, where applicable, the operating system of your computer, as well as the name of your access provider.

The aforementioned data is processed by us for the following purposes:

  • To ensure smooth connection to the website,
  • To make our website easier to use,
  • To verify the security and stability of the system, and
  • For other administrative purposes.

Art. 6(1)(f), first sentence, GDPR constitutes the legal basis for this data processing. Our legitimate interest is the purpose of data collection, as set out in the examples above. Under no circumstances do we use the data collected to draw conclusions about yourself. Furthermore, we use cookies and deploy analytical services when you visit our website. You can find more details on these topics in sections 4 and 5 of this privacy policy.

When you subscribe to our newsletter

If you have expressly declared your consent to your data being processed in accordance with Art. 6(1)(a), first sentence, GDPR, we will use your email address to send you a newsletter on a regular basis.

Entering your email address is sufficient for the newsletter to be delivered.

You can terminate your subscription to the newsletter at any time, for example by using the corresponding link at the end of each newsletter. Alternatively, you can mail your unsubscribe request at any time to

When using our contact form

Should you have any questions, you can contact us via a form provided on the website. This requires you to provide a valid email address so that we know who the enquiry has come from and can reply accordingly. Further information may be provided voluntarily. If your consent has been given, the legal basis for processing the data in order to establish contact is Art. 6(1)(a), first sentence, GDPR.

The personal data we collect when you use the contact form is deleted once we have dealt with your enquiry.

Sharing of data

Your personal data will not be shared with third parties other than for the purposes listed below.

We will share your personal data with third parties only:

  • if you have given your express consent to this happening in accordance with Art. 6(1)(a), first sentence, GDPR,
  • if disclosure is necessary in accordance with Art. 6(1)(f), first sentence, GDPR for the assertion, exercise or defence of legal claims, and there is no reason to assume that you have an overriding legitimate interest in the data not being disclosed,
  • if we are legally obliged to disclose the data in accordance with Art. 6(1)(c), first sentence, GDPR, and this is both lawful and necessary in accordance with Art. 6(1)(b), first sentence, GDPR for the purpose of handling our contractual relationships with you.


We use cookies on our website. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies cause no damage to your device and contain neither viruses, trojans, nor any other malware. Cookies are used to store information relating to the specific end device used in a connection. This does not mean, however, that we obtain direct knowledge of your identity. On the one hand, cookies are used to make visiting our website a pleasanter experience for you. For example, we use what are known as session cookies to identify whether you have already visited certain pages of our website. These are automatically deleted the moment you leave the website. We also use temporary cookies to optimise user-friendliness, and these are stored on your device for a specific period. If you visit our website again to use our services, we can automatically see that you have already been there and which entries and settings you have made so that you do not have to re-enter them.

On the other hand, we use cookies to gather statistics on how our website is being used and to evaluate it so that it can be improved (see section 6). These cookies enable us to automatically detect that you have already been on our website when you visit us again. These cookies are automatically deleted after a specific period.

Data processing by cookies is necessary for the purposes mentioned above to protect our legitimate interests and those of third parties in accordance with Art. 6(1)(f), first sentence, GDPR. Most browsers accept cookies automatically. You can configure your browser so that no cookies are stored on your computer or that an alert always appears before a new cookie is created. However, fully deactivating cookies may mean that you will not be able to use all the functions provided by our website.

Use of newsletters

We send newsletters, emails and other electronic notifications with promotional information (hereinafter referred to as “newsletter”) only with the consent of the recipients or where  legal permission has bene granted. The user’s consent is deemed to have been obtained insofar as the content of the newsletter is specifically described in the course of the registration process.

Use of Sendinblue (formerly Newsletter2Go)

Sendinblue is the software we use for our newsletter. When you subscribe, your data is sent to Sendinblue GmbH. Sendinblue is not permitted to sell your data or use it for purposes other than delivering newsletters. Sendinblue is a German, certified provider selected in accordance with the requirements of the General Data Protection Regulation (EU GDPR) and the German Data Protection Act. You can find more information here:

If you would like to receive the newsletter offered on the website, we require an email address from you together with information that will allow us to verify that you are the owner of the specified email address and that you agree to receive the newsletter.

To ensure that newsletters are delivered with your consent, we use what is known as the double opt-in procedure with this service provider to add the potential recipient to a distribution list. Subsequently, the user is sent a confirmation mail so that he/she has the opportunity to acknowledge registration in a legally-compliant manner. Only once confirmation has been received is the address physically included in the distribution list. We use this data exclusively to deliver the requested information and any offers.

You can revoke your consent to this data and the email address being stored, together with this data being used to deliver the newsletter at any time via Newsletter2Go, for example via the “unsubscribe” link in the newsletter. Alternatively, you can mail your unsubscribe request at any time to

Analysis tools / tracking tools

We used the following tracking tools on the basis of Art. 6(1)(f), first sentence, GDPR. These tracking tools help us to continuously improve our website in accordance with user needs. At the same time, we use tracking tools to collect statistics on how our website is being used and to evaluate it for optimisation purposes. These interests can be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and categories of data can be found in the information on the corresponding tracking tools.

Google Analytics

To help us continuously improve our website in accordance with user needs, we use Google Analytics, an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this context, pseudonymised usage profiles are created and cookies used (see section 4). The information generated by the cookie about your usage of this website, such as

  • browser type/version,
  • operating system used,
  • referrer URL (the previous page you visited),
  • host name of the accessing computer (IP address),
  • time of day of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate website usage, compile reports on the website activities, and to provide further services connected to website usage and Internet usage for the purposes of market research and user-centric website design. Here too, Google may transfer this information to third parties where there is a legal requirement to do so or where third parties need to process this data on behalf of Google. Under no circumstances will your IP address be associated with other Google data. The IP addresses are anonymised so that assignment is not possible (IP masking).

You may adjust the settings in your browser software to prevent cookies from being stored; we should point out, however, that doing so may prevent you from making full use of all the functions on this website.

Furthermore, you can prevent the data created by the cookie relating to your usage of the website (including your IP address) from being sent to Google and prevent Google from processing this data by downloading and installing the browser add-on which is available at the following link: []. As an alternative to the browser add-on (especially for browsers on mobile devices), you can prevent Google Analytics from collecting your data by clicking on this link: Deactivate Google Analytics. This sets an opt-out cookie that prevents any further collection of your data when you visit this website. The opt-out cookie is valid only in this browser and only for our website, and it is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found on the Google Analytics help page (

Google Adwords Conversion Tracking

We also use Google Conversion Tracking to record the statistics relating to the usage of our website and to improve our website for you. This means that Google Adwords sets a cookie (see section 4) on your computer if you navigate to our website from a Google advertisement. These cookies become invalid after 30 days and are not used to identify you personally. If the user visits certain pages on the website of the Adwords customer and the cookie has not yet expired, both Google and the customer can detect that the user has clicked on the advertisement and has been forwarded to this page. The data protection authorities require that a data processing agreement be signed for the lawful use of Google Analytics. Google provides a corresponding template at von Google. Every Google AdWords customer receives a different cookie. This prevents cookies from being tracked across the websites of other AdWords customers. The information obtained with the help of the conversion cookie helps to generate conversion statistics for AdWords customers who have opted for conversion tracking. Adwords customers are informed of the total number of users who have clicked on their advertisement and were redirected to a site provided with a conversion tracking tag. They do not, however, receive any information which can be used for the personal identification of users. If you do not wish to partake in the tracking process, you can refuse your consent to the requisite cookie being set – for example, using a browser setting which generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by adjusting your browser so that cookies from the domain “” are blocked. Google’s privacy policy for conversion tracking can be found here:


We use Google’s reCaptcha service to determine whether a human or a computer is making an entry on our contact or newsletter form. Google uses the following data to verify whether you are a human or a computer: the IP address of the device used, the website you are visiting on which the captcha is embedded, the date and duration of your visit, data to identify your browser and operating system, your Google account (if you are logged into Google), mouse movements on the various reCaptcha squares, and tasks that require you to identify images. The legal basis for the data processing described is Art. 6(1)(f) GDPR. Our legitimate interest is ensuring the security of our website and protecting ourselves from automated attacks.

MailChimp newsletter distribution service

The newsletter is sent out by “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

Recording of statistics and analysis

The newsletters contain what is known as a web beacon, a file the size of a pixel that is called up by the MailChimp server whenever the newsletter is opened. During access, technical information such as data on the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to improve the services on the basis of technical data or target groups and their reading behaviour based on their access locations (which can be determined with the help of the IP address) or access times.

Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked on. For technical reasons, this information can be associated with individual recipients. However, it is neither our nor MailChimp’s intention to monitor individual users. Rather, these analyses help us to identify the reading habits of our users and tailor content, or to deliver different content to reflect the interests of our users.

Online retrieval and data management:

There are cases where we will direct newsletter recipients to MailChimp’s websites. For example, our newsletters contain a link with which newsletter recipients can call up the newsletters online (e.g. in the event of display problems in the email program). Furthermore, newsletter recipients may want to amend their personal data, such as email address. MailChimp’s privacy policy is only available on their website.

In this context, we must point out that MailChimp uses cookies on its websites. Therefore, MailChimp, its partners and service providers (e.g. Google Analytics) are likely to process personal data and we have no means of exerting any control over this practice. For further information, please refer to MailChimp’s privacy policy. We would like to draw your attention also to your options for objecting to the collection of data for advertising purposes on the websites and (for the European region).

Social Media Plug-ins

We use plug-ins of the social networks Facebook, Twitter, Instagram, YouTube, XING, LinkedIn, and kununu, etc. on our website on the basis of Art. 6(1)(f), first sentence, GDPR to raise our company’s profile. The underlying promotional purpose is the legitimate interest in terms of the GDPR. The respective providers are responsible for operating their networks in a manner commensurate with the pertinent data privacy laws. We integrate these plug-ins using the “two-click method” to afford visitors to our website the best possible protection.


Social media plug-ins from Facebook are used on our website to personalise the user experience. We use the “LIKE” or “SHARE” buttons for this purpose. This is an offer from Facebook. If you call up a page on our website that contains a plug-in, your browser will establish a direct connection with Facebook’s servers. The content of the plug-in is transmitted directly from Facebook to your browser, which integrates it into the website. By integrating the plug-ins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged into Facebook. This information (including your IP address) is transmitted directly from your browser to one of Facebook’s servers in the USA and stored there. If you are logged into Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plug-ins, for example by clicking on the “LIKE” or “SHARE” button, the corresponding information will also be transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. Facebook may use this information for the purposes of advertising, market research and tailoring Facebook pages to your needs. To this end, Facebook creates usage, interest, and relationship profiles, e.g. to analyse your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide other services associated with the use of Facebook. If you do not want Facebook to associate the information collected through our website with your Facebook account, please log out of Facebook before visiting our website. Please refer to Facebook’s Privacy Policy ( to learn more about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights and settings in this regard to protect your privacy.


Our website contains plug-ins of the micro-blogging service of Twitter Inc. (Twitter). You can recognise the Twitter plug-ins (tweet buttons) by the Twitter logo on our site. For an overview of tweet buttons, please click here ( If you access a page on our website that contains this plug-in, a direct connection will be established between your browser and the Twitter server. Twitter will then receive the information that you have visited our site with your IP address. If you click the Twitter “tweet” button while logged into your Twitter account, you can link content from our pages to your Twitter profile. This allows Twitter to associate your visit to our website’s pages to your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the data transmitted or how it is used by Twitter. Please log out of your Twitter account if you do not want Twitter to detect your visits to our pages. For more information, please refer to Twitter’s privacy policy (


So-called social plug-ins or embedded videos from YouTube are also used on our website. YouTube (LLC 901 Cherry Ave. San Bruno, CA 94066 USA) are represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ( As the YouTube video platform belongs to Google, the information on Google provided in the following chapters applies analogously. For more specific information, please refer to YouTube’s privacy policy (

Placement of company profiles on social media platforms (XING, LinkedIn, etc.)

Horn & Company uses company profiles on platforms such as XING, LinkedIn, kununu, etc. for advertising and recruitment purposes.

The information is used – to the degree authorised by the user on the respective platform – for the purpose of establishing contact.

Online job applications and use of the contact form

Data collected during the application process is used solely for selecting suitable applicants to fill vacancies. Data is not collected for any other purpose. The applicant independently decides how much information he/she wishes to provide in the online application. The data collected in online applications is transmitted electronically to our personnel department for further processing. Data is transmitted in encrypted format. As a rule, applications are forwarded to the responsible recruiters in our company and then used as preparation for interviews. It goes without saying that the information provided by applicants is treated in the strictest confidence; the data is not shared outside the application process.

The personal data of applicants is stored until the advertised position is filled. If the applicant wishes the data to be stored for a longer period during the application process, we ask that he/she informs us accordingly. Lengthier storage periods may also arise if the data is needed to assert, exercise, or defend legal claims before an authority, or if there is a legal requirement to retain the data. In that case, the data will be stored for as long as is necessary to fulfil the purpose in hand.

To be able to contact applicants later, we store profiles electronically. The applicant may, at any time, informally revoke his/her consent to storing the data with future effect. Applicants also have the right to obtain, at any time, information on the personal data stored about them, to have that data corrected or deleted, and to restrict processing thereof. Please contact us by email at to assert these rights or obtain additional information on them.

Rights of the data subject

You have the right:

in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned period of storage, the existence of a right to rectification, erasure, limitation of processing or objection, the origin of your data, if not collected by us, and the existence of an automated decision-making process including profiling and, where appropriate, request meaningful information on the details thereof;

in accordance with Art. 16 GDPR, to demand the correction, without delay, of inaccurate or incomplete personal data stored by us;

in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us insofar as processing is not necessary for the exercise of the right of freedom of expression and information, the fulfilment of a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims;

in accordance with Art. 18 GDPR, to demand that processing of your personal data be restricted insofar as you dispute the accuracy of the data, the processing is unlawful and you oppose the erasure of the personal data, we no longer need the data, but you do need it to establish, exercise or defend legal claims, or you have lodged an objection against processing pursuant to Art. 21 GDPR;

in accordance with Art. 20 GDPR, to receive – in a structured, commonly used, and machine-readable format – the personal data you have provided, and to have that data transmitted to another controller;

in accordance with Art. 7(3) GDPR, to withdraw, at any time, the consent you granted us. The consequence of the above is that we will no longer be permitted to continue data processing based on this prior consent, and

in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you should reach out to the competent supervisory authority of your habitual residence, place of work, or of our company headquarters.

Right of objection

If we are processing your personal data for a legitimate interest pursuant to Art. 6(1)(f), first sentence, GDPR, you have the right, under Art. 21 GDPR, to object to said processing insofar as the grounds for doing so arise from your particular situation, or if you are lodging an objection because the data is being processed for direct marketing purposes. In the latter case, you have a general right of objection which we shall implement without your having to specify a particular situation. If you wish to exercise your right of revocation or lodge an objection, simply send an email to

Data security

During visits to our website, we use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with the latest technological advancements.

Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid as of May 2018.

Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be viewed and printed out at any time from the website

Source of / basis for this privacy policy: Deutscher Anwaltsverein (German Bar Association), April 2018

Quelle und Basis für diese Datenschutzerklärung: Deutscher Anwaltsverein (April 2018)