We take data protection very seriously as part of our job. Apart from that - just as we would like to know what happens to our data - we understand the concerns of our clients and also the users of this website.
As data protection is subject to ongoing changes in the law, it is worth checking these statements again from time to time to see if any changes have occurred.
What data do we collect?
You would like to know what data we collect from our visitors here on the Internet and what data we store. In short: we do not collect or store any personal data of our Internet users. We analyze which technical equipment users use to access the website so that we can adapt to this.
In general, we collect anonymous data about the use of our website. This is done automatically by our provider, who provides us with automated statistics.
The data is determined either by a pixel or by a log file. WebAnalytics does not use cookies to protect personal data. The visitor's IP address is transmitted when a page is requested, anonymized immediately after transmission and processed without personal reference.
We do not store any personal data from website visitors so that no conclusions can be drawn about individual visitors. The following data is collected:
Referrer (previously visited website)
Requested website or file
Browser type and browser version
Operating system used
Device type used Time of access
IP address in anonymized form (only used to determine the location of access)
For what purpose is the data collected? In WebAnalytics, data is collected exclusively for statistical evaluation and for technical optimization of the website. Is data passed on to third parties? No data is passed on to third parties.
This data is evaluated irregularly and also deleted after 8 weeks. No conclusions are drawn about you. We do not evaluate the IP addresses of visitors. We look at this information in order to be able to take changes in device usage into account and, if necessary, adapt or optimize the site accordingly. Data is not transmitted to third parties, nor is it transferred to third countries outside the EU.
It is the constitutionally guaranteed right of every person to decide for themselves who collects which data about them and how it is used. This requires that it is first made known which data is collected and stored. This also means that this obligation to provide information had to be laid down by law. The interaction between data collection, data storage and data use/data transfer is a highly complex structure that affects the sensitive area of personal information.
We collect the data you provide to us in order to fulfill our tasks. We do not collect any further data ourselves, apart from telephone numbers etc., which we obtain from public registers if this is necessary. The necessary personal data depends on the specific order; ultimately, you can find out for yourself what data we have because we pass it on to the relevant bodies (courts, tax offices, authorities, etc.) for you.
The activities of a tax advisor/auditor/lawyer towards his clients do not fall under the term "order processing" according to Art. 28 of the EU General Data Protection Regulation (GDPR). An essential feature of order processing is that the contractor is closely bound to the instructions of the client (see Art. 28 Para. 3 GDPR). This contradicts the professional requirements for tax advisors, auditors and lawyers, according to which these holders of professional secrecy must carry out their activities independently and on their own responsibility (see, for example, Section 57 StBerG). The data protection supervisory authorities are also of the opinion that the work of a tax consultant/auditor/lawyer does not constitute contract processing and have already published this in Appendix B of the Data Protection Conference's short paper 13 "Contract processing" (link to all short papers: https://www.bfdi.bund.de/DE/Home/Kurzmeldungen/DSGVO_Kurzpapiere1-3.html ).
Our firm uses the programs and services of DATEV eG, Nuremberg, to provide services. The permissible knowledge of data protected by professional law within the framework of contract processing between our firm as the client and DATEV as the contractor as well as legitimate data access (for example in connection with maintenance of the IT systems) is based on the fact that the data is processed in a professional manner. As a professional organization, DATEV is subject to the same statutory duty of confidentiality as the professional himself. The high level of precaution taken by DATEV eG in the field of data protection, data security and proper data processing has been confirmed several times both by regular audits by the responsible data protection supervisory authorities and by voluntary system and product audits by independent auditing companies. All audit results receive unqualified audit certificates and expressly highlight the exemplary nature of the measures taken in all areas. The corresponding certificates can be viewed and accessed at DATEV e.G. privacy policy
All of our firm's service providers have been and will continue to be carefully selected by us. We conclude all necessary agreements to implement professional confidentiality and order processing with our service providers. During our office hours, visitors are only allowed to enter areas that are open to the public, such as meeting rooms, and are accompanied during their visit to our premises.
We are legally obliged to treat all data confidentially, which goes far beyond the provisions of the Data Protection Act. We never pass on data to third parties without authorization. The transmission of data, e.g. when submitting tax returns or written documents to court, is an authorized (and necessary) form of data transfer. If this is done electronically, it is only done in encrypted form using the standard of the official software that is to be used exclusively for this purpose. In addition, we do not pass on data to third parties.
We work with the data center of DATEV e. G. (www.datev.de), which has its own data security standards regularly certified (see there). Communication is also only encrypted according to the latest standards.
We communicate with you via encrypted email, which requires your cooperation depending on the method. Either you receive our emails encrypted with a password, or we exchange public keys and can send and receive them conveniently using s/mime. Communication with unencrypted email is unsafe and should be avoided. Our outgoing emails are encrypted in all cases.
We have modern industrial storage solutions that meet the current standard and are designed to be redundant and fail-safe. We back up data continuously and multiple times. We do not disclose details of this for security reasons.
We only work with modern security solutions that are certified and monitored. We do not disclose any details of this either, as conclusions could already be drawn from these. Both the firewall, virus scanner and other security components meet the industry standard and are subject to constant monitoring and updating. Data traffic is only encrypted.
Contact details of the person responsible
Hans-Georg Augustinowski Contact details (business) see imprint
Your data is generally collected from you. The processing of the personal data you provide is necessary to fulfill the contractual obligations arising from the contract concluded with us. Due to your obligation to cooperate, it is essential that you provide the personal data requested by us, as otherwise we cannot fulfill our contractual obligations. Accounting and/or tax disadvantages for you can otherwise no longer be ruled out.
As part of pre-contractual measures (e.g. master data collection in the prospective customer process), the provision of your personal data is necessary. If you do not provide the requested data, a contract cannot be concluded.
In order to provide our services, it may be necessary to process personal data that we have received from other companies or other third parties, e.g. tax offices, your business partners, etc., lawfully and for the respective purpose.
We may also process personal data from publicly accessible sources, e.g. websites, which we use lawfully and only for the respective contractual purpose.
The personal data you provide will be processed in accordance with the provisions of the European Data protection regulation (DS-GVO) and the Federal Data Protection Act (BDSG): Based on consent (according to Art. 6 Para. 1 Letter a of GDPR) The purposes of processing personal data arise from the granting of consent. You can revoke consent given at any time with effect for the future. Consents that were granted before the GDPR came into force (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation. Example: sending a newsletter, release from professional confidentiality to pass on the data you have provided to third parties at your request (e.g. banks, insurance companies, shareholders, etc.).
The purposes of data processing arise on the one hand from the initiation of pre-contractual measures that precede a contractually regulated business relationship and on the other hand to fulfill the obligations from the contract concluded with you.
The purposes of data processing arise from legal requirements or are in the public interest (e.g. compliance with retention obligations, proof of compliance with the tax advisor's notification and information obligations).
The purposes of processing arise from the protection of our legitimate interests. It may be necessary to process the data you provide beyond the actual fulfillment of the contract. Our legitimate interest can be used to justify the further processing of the data you have provided, provided that your interests or fundamental rights and freedoms do not prevail. Our legitimate interest can be in individual cases: asserting legal claims, defending against liability claims, preventing criminal offenses.
Within our company, those departments that need the personal data you have provided to fulfill contractual and legal obligations and that are authorized to process this data will have access to it. In fulfillment of the contract concluded with you, only those departments that need it for legal reasons will receive the data you have provided, e.g. tax authorities, social insurance providers, competent authorities and courts. As holders of professional secrecy, we are obliged to observe and implement professional confidentiality. Other recipients will only receive the data you have provided at your request if you release us from professional confidentiality. As part of our service provision, we commission contract processors who contribute to the fulfillment of contractual obligations, e.g. data center service providers, IT partners, document shredders, etc. We contractually oblige these contract processors to maintain professional confidentiality and to comply with the requirements of the GDPR and the BDSG.
The data you provide will never be transferred to a third country or an international organization. If in individual cases you wish the data you have provided to be transferred to a third country or an international organization, we will only do this after you have given your written consent and released us from professional confidentiality.
Fully automated decision-making (including profiling) in accordance with Art. 22 GDPR is not used to process the data you provide.
The data you provide will be processed for as long as it is necessary to achieve the contractually agreed purpose, in principle as long as the contractual relationship with you exists. After the contractual relationship has ended, the data you provide will be processed to comply with statutory retention obligations or based on our legitimate interests. After the statutory retention periods have expired and/or our legitimate interests have ceased to exist, the data you provide will be deleted.
Expected periods for our retention obligations and our legitimate interests:
Fulfillment of commercial, tax and professional retention periods. The retention and documentation periods specified there are two to ten years.
Preservation of evidence n within the framework of the limitation periods. According to Sections 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
Information about your rights
You have the right to receive information free of charge on request as to whether and which data about you is stored and for what purpose it is stored.
You have the right to request that the controller immediately rectify your inaccurate personal data. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed - also by means of a supplementary declaration.
You have the right to request that the controller immediately erase your data. The controller is obliged to delete personal data immediately if one of the following reasons applies:
The purposes for which the personal data were collected no longer apply
You withdraw your consent to the processing. There is no other legal basis for the processing. You object to the processing. There is no other legal basis for the processing.
The personal data were processed unlawfully.
The deletion of the personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data were collected in relation to information society services offered in accordance with Article 8 paragraph 1.
You have the right to request restriction of processing if one of the following conditions is met:
You doubt the accuracy of the personal data.
The processing is unlawful; however, you refuse deletion. Personal data is no longer required for the purposes of processing; however, you require the data to assert, exercise or defend legal claims.
You have objected to the processing in accordance with Art. 21 Para. 1 GDPR. As long as it is not yet clear whether the legitimate reasons of the controller outweigh yours, the processing will be restricted.
You have the right to receive the data you have provided from the controller in a structured, common and machine-readable format. We may not prevent the data from being forwarded to another controller.
Please contact the controller (see above) for this purpose.
If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the supervisory authority. To do so, please contact the responsible supervisory authority
If the processing is based on your consent in accordance with Art. 6 Para. 1 Letter a or Art. 9 Para. 2 Letter a (processing of special categories of personal data), you are entitled to withdraw the appropriately bound consent at any time without affecting the legality of the processing carried out on the basis of the consent until the revocation.