Data Protection Information

1.                   Who is responsible, who can you contact?

We, the notaries Dr. Wolfgang Ott and Dr. Dr. Stephan Philipp Forst, are responsible for the handling of your personal data. Each of the aforementioned notaries carries the sole personal accountability for the area for which he or she is responsible in terms of the data protection regulations. For all data protection inquiries, you can contact the respective responsible notary, or our data protection officer as follows:



Responsible Party

Data Protection Officer


Notary offices of Dr. Wolfgang Ott/Dr. Dr. Stephan Philipp Forst


Theatinerstr. 33

80333 Munich, Germany

Notary offices of Dr. Wolfgang Ott/Dr. Dr. Stephan Philipp Forst

c/o Data Protection Officer

Theatinerstr. 33

80333 Munich, Germany








This email address is being protected from spambots. You need JavaScript enabled to view it.

This email address is being protected from spambots. You need JavaScript enabled to view it.

2.                   Which data do I utilize and where does the data come from?

I utilize personal data that I receive from you yourself or from third parties commissioned by you (e.g., attorney, tax advisor, broker, credit institution), such as:

  • personal data, for example, first name and surname, date and place of birth, nationality, marital status; and in individual cases, your birth registration number;
  • contact data, such as postal address, telephone and fax numbers, e-mail address;
  • for real estate contracts, your tax identification number;
  • in certain cases, for example, in the case of marriage contracts, last wills and testaments, inheritance contracts or adoptions, information on your family situation and assets, as well as, if applicable, information on your health or other sensitive data, for example, because it is to be used to document your legal capacity;
  • in certain instances, we may also collect data relating to your legal relationships with third parties, such as file numbers or loan or account numbers at credit institutions.

In addition, I manage data from public registers, such as land registers, commercial registers, and registries of associations.

3.                   For what purposes and on what legal basis will the data be processed?

As a notary, I hold a public office. My official activities are conducted in the execution of a task that is of public interest in the orderly preventive administration of justice and thus in the public interest, and in the exercising of official authority (Art. 6 (1), sentence 1, letter e of the German General Data Protection Regulation (GDPR, in German - DS-GVO)).

Your data will be processed exclusively in order to conduct the notarial services requested by you and, if applicable, other persons involved in a transaction, in accordance with my official duties, i.e., for the preparation of draft certificates, for the notarization and execution of transactions or for the performance of consultations. Personal data is therefore only ever handled on the basis of the professional and procedural regulations applicable to me, which are primarily derived from the German Federal Notary Act and the German Notarization Act. At the same time, these provisions also result in a legal obligation for me to process the required data (Article 6 (1), sentence 1, letter c of the GDPR). Therefore, a failure by you to provide the data requested by me, would result in my having to refuse the (further) execution of the official business.

4.                   With whom do I share data?

As a notary, I am subject to a statutory obligation of confidentiality. This confidentiality obligation also applies to all my employees and other persons commissioned by me.

I may therefore only pass on your data if and insofar as I am obliged to do so in individual cases, for example, on the basis of notification obligations to the tax authorities, or to public registers such as the Land Registry, Commercial Register or Register of Associations, Central Register of Last Wills and Testaments, Register of Lasting Powers of Attorney, courts such as Probate, Guardianship or Family Court or also public authorities. Within the scope of professional and official supervision, I may also be obliged to provide information to the Chamber of Notaries or my official supervisory authority, and they in turn are also bound by an official obligation of confidentiality. As commissioned processors, possible data receivers may include our external IT-system administrator, notary software provider, web host and NotarNet GmbH.

Otherwise, your data will only be passed on if I am obliged to do so on the basis of declarations made by you or if you have requested that it be passed on.

Communication by e-mail (e.g. answering inquiries, sending drafts) is possible. Outgoing emails are sent using transport encryption ("Start-TLS"), which protects the content of the email from unauthorized access by third parties during the transmission process from our mail server to the mail server of your email provider. Please note that transport encryption can only take place if the server used by your email provider supports it.
Transport encryption only affects the transmission process and does not protect the content of the e-mail from access to the mail servers. This means that unauthorized access by the email provider or a third party who has gained access to the mail servers is possible. End-to-end encryption to prevent this is not offered. Furthermore, it cannot be ruled out that the transport encryption is decrypted and that the content of the e-mail is accessed during the transmission process. You therefore have the option of objecting to e-mail communication. In this case, communication will be made in writing by post.

5.                   Will data be transferred to third-party countries?

Your personal data will only be transferred to third-party countries at your specific request or if, and to the extent that a party to the official document is domiciled in a third-party country.

6.                   How long will your data be stored?

I process and store your personal data within the scope of my statutory retention obligations.

According to § 50 (1) of the German Regulation on the Maintenance of Notarial Records and Registers (in German, NotAktVV), the following retention periods apply to the retention of notarial records:

  • register of official documents, electronic collection of official documents, inheritance contract collection, and special collection: 100 years,
  • paper-based document collection, depository register, and general files: 30 years,
  • collective files for bill of exchange and check protests and ancillary files: 7 years; the notary may specify a longer retention period in writing no later than the last time the content of the ancillary file was processed, for example, in the case of dispositions upon death or in the case of risk of reclamation; the determination may also be made generally for individual types of legal transactions, such as for dispositions upon death.

After the retention periods have expired, your data will be deleted or the paper documents will be destroyed, unless I am obliged to store them for a longer period of time in accordance with Article 6 (1) sentence 1 letter c of the GDPR due to tax and commercial law retention and documentation obligations (from the German Commercial Code, Criminal Code, Money Laundering Act or the German Fiscal Code) as well as professional regulations for the purpose of conflict of law verification.

7.                   Which rights do you have?

You have the right to:

  • request information about whether I have processed personal data about you, if so, for which purposes I have processed the data and what categories of personal data I have processed, to whom the data may have been disclosed, how long the data may be stored and what rights you have (Art. 15 of the GDPR).
  • have inaccurate personal data concerning you, which has been saved by me, corrected. Likewise, you have the right to have an incomplete data record stored by me amended by me (Art. 16 of the GDPR).
  • demand deletion of your personal data, provided that there is a legal reason for such deletion (cf. Art. 17 of the GDPR) and the processing of your data is not required for compliance with a legal obligation or for other overriding reasons within the scope of the GDPR.
  • demand that I only process your data in a restricted manner, for instance in order to assert legal claims or for reasons of important public interest, while I am, for instance, examining your claim for rectification or contradiction, or, if applicable, if I reject your claim for deletion (cf. Art. 18 of the GDPR).
  • object to the processing if it is necessary for me to conduct my tasks in the public interest or to exercise my public office, if there are grounds for the objection arising from your particular situation (Art. 21 of the GDPR).
  • contact the supervisory authorities with a data protection complaint. The supervisory authority responsible on my behalf is the District Court of Munich I.

A complaint may be filed with any supervisory authority regardless of the jurisdiction.