Data Protection Information Provided in Accordance with Art. 13 and 21 of the General Data Protection Regulation Including Supplementary Information
The party responsible for data collection and processing is BDO AG Wirtschaftsprüfungsgesellschaft.
As a matter of principle, we only collect data which is either required by law or contract, which is required for the conclusion or performance of a contract, or which was provided to us voluntarily on the basis of consent. We will identify data that we deem necessary for data collection accordingly.
The provision of additional information is voluntary. There are no negative consequences associated with any failure to provide additional information. However, failure to make information available may make subsequent communication more difficult and even delay communication in some cases.
Data processing for performance of contracts:
We process personal data provided to us in accordance with Art. 6 para. 1 b) of the General Data Protection Regulation for the purpose of performing contracts. This also includes using data for purposes of reviewing in detail whether a client matter may be accepted at all, as well as for the subsequent handling of the client matter and for necessary quality assurance.
Data required for the performance of a contract will not be deleted if and as long as mutual claims are still outstanding after termination of the contract and may be subject to collection. Otherwise, we will keep all data which we have collected for purposes of a client matter for the statutory recordkeeping period of § 51b para. 2 of the German Public Accountant Act (WPO), unless otherwise agreed in a particular case.
Data processing on the basis of consent:
If you have given your separate consent to be informed by us by telephone, letter, or e-mail or through comparable channels of communication about our own products, services, and events, or to pass your data on to third parties, such data will be processed on the basis of Art. 6 para. 1 a) of the General Data Protection Regulation. We will also process your personal data for purposes of personalized tracking, provided and to the extent that we have received a declaration of consent from you.
Your consent can be revoked at any time without affecting the lawfulness of processing that has taken place before revocation. If your consent is revoked, we will stop processing your data.
Data processing to protect legitimate interests:
We only process your data based on Art. 6 para. 1 f) of the General Date Protection Regulation for the protection of legitimate interests if there is neither consent nor any other legal basis for data processing apparent and only if the further requirements of Art. 6 para. 1 f) of the General Data Protection Regulation are satisfied, i.e., if our interests in data processing or the interests of a third party in a particular case outweigh your interests, or fundamental rights and freedoms. Data will be stored for as long as the legitimate interest continues to exist, but at least for the duration of the statutory recordkeeping obligations under § 51b of the German Public Accountant Act (WPO).
You have the right to object to data processing. For additional details, please refer to the section "Rights of Data Subjects" below.
Legitimate interest: Data processing for direct advertising:
We will process your data - to the extent permitted by law - for the purpose of direct advertising, in particular to send you our advertising, such as invitations, product information, information about events, or similar information. Such data processing is carried out on the basis of Art. 6 para. 1 f) of the General Data Protection Regulation and in the interest of informing you about new products, events, and services. Each client has the right to object to such processing, the exercise of which will result in termination of data processing for direct marketing purposes. If data is stored exclusively for direct advertising purposes, they will be deleted after an objection has been raised.
Data processing for compliance with legal obligations:
If and to the extent necessary, we will process your data in order to be able to comply with any legal documentation obligations, e.g., vis-à-vis tax offices and supervisory authorities. Data processing is carried out on the basis of Art. 6 para. 1 c) of the General Data Protection Regulation. Such a legal obligation arises in particular from § 147 of the German Tax Code (AO) and § 51b of the German Public Accountants Act (WPO). Data will be deleted after the time periods specified in § 147 of the German Tax Code (AO) and § 51b of the German Public Accountants Act (WPO), unless otherwise agreed in a particular case or unless there is a legitimate interest in continued storage.
We will transfer your data to third parties (e.g., to lawyers for the enforcement of outstanding claims) only if and to the extent that we are authorized to do so under data protection law (e.g., in the aforementioned cases).
We may also forward your data to third-party service providers (e.g., IT service providers, companies that destroy or archive data, cloud service providers, or Datev) who assist us with data processing on an outsourced basis and are required to strictly comply with our instructions.
Data processing generally will not take place outside the EU and the EEA. If such a data transfer should nevertheless be necessary in a particular case, it will be made exclusively on the basis of the EU standard contractual clauses or to countries for which there is an EU decision on the adequacy of data protection as well as on an outsourced basis. Upon your request we will be happy to allow you to review the contract or to provide you with a copy of the contract.
We will neither sell your personal data to third parties nor otherwise market your data.
a.) Security through the use of TSL and SSL
If you transmit your data to us via our website, we will use up-to-date security technologies, in particular so-called "Transport Layer Security" (TSL) or "Secure Socket Layer" (SSL) transmission. All information and data transmitted using these secure methods will be encrypted before they are sent to us. This applies in particular to all personal client data, such as your credit card number, bank code, bank account number, name, or address. In order to protect you and us from misuse, the IP address of your computer will be transmitted to us when concluding an online contract.
We use so-called cookies on our website in order to properly assign your online inquiries and requests. Cookies are a kind of electronic business card that makes it easier for you to use our website. These small files will be automatically stored on your hard disk by your browser and are necessary for error-free use of our website. Our cookies contain no person-specific information, so that your privacy will remain protected. Of course, you may block cookies after you have finished using our website, by choosing the appropriate settings in your browser. You may also object to the creation of a user profile in the form of non-personal data. To do so, please deactivate cookies in your browser.
c.) Use of Google Analytics
http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection).
We would like to point out that the code "gat._anonymizelp();" has been added to Google Analytics to ensure anonymous collection of IP addresses (so-called IP masking).
d) Content of third parties
Our portals work together with various partners who in turn offer websites and Internet services which are accessible, for example, via links from our websites. These partners usually have their own data protection policies and/or data protection standards. We assume no responsibility or liability for such policies or standards not related to our offers.
Contact details for data protection officer:
You can contact our data protection officer as follows:
FIRST PRIVACY GmbH, Consul-Smidt-Str. 88, 28217 Bremen, Germany
E-mail: [email protected]
Phone: 0421 69 66 32 0.
Rights of data subjects:
Data subjects have the right to obtain information from the data controller about their personal data and to have inaccurate data corrected or deleted for any of the reasons stated in Art. 17 of the General Data Protection Regulation, e.g., if data are no longer required for the purposes for which they were collected. Furthermore, data subjects have a right to restricted data processing if one of the conditions specified in Art. 18 of the General Data Protection Regulation is satisfied and, in the cases defined in Art. 20 of the General Data Protection Regulation, a right to data portability. If data are collected on the basis of Art. 6 (1) (f) (data processing to protect legitimate interests), the data subject has the right to object to the processing of such data at any time for reasons related his or her particular situation. We will then no longer process such personal data unless it can be shown that there are compelling, legally protected reasons for processing such personal data which outweigh the interests, rights and freedoms of the data subject, or such data are processed to assert, exercise, or defend legal rights or claims.
Right to lodge complaint with a supervisory authority:
Any data subject has the right to lodge a complaint with a supervisory authority if he or she believes that the processing of his or her personal data violates data protection law. The right to lodge a complaint may be exercised in particular before a supervisory authority in the EU Member State in which the data subject resides or at the place where the alleged violation occurred. In Hamburg this is the Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6, 20095 Hamburg.