I. Preamble
We would like to explain to you in the following which data we – i.e. Hannemann, Eckl & Moersch PartG mbB on the one hand and tax consultant Silvia Fehr on the other – collect, process and use, when and for what purpose. We would like to explain to you how our services work and how the protection of your personal data is guaranteed. We only collect, process and use personal data if you have consented to this or if a law permits this.
II Responsible Bodies
Responsible authorities in terms of the data protection laws are
Hannemann, Eckl & Moersch Attorneys at Law PartG mbB
Erbprinzenstraße 31
76133 Karlsruhe
As well as:
StB Silvia Fehr
Erbprinzenstraße 31
76133 Karlsruhe
As well as:
StB Stefan Sauter
Erbprinzenstraße 31
76133 Karlsruhe
If you have any general questions or suggestions for us on the subject of data protection, you can contact us at any time by telephone on +49-721-92131-0 or by e-mail to info@Rechts-undSteuerkanzlei.de.
III. Collection of Data on this Website
1. No Collection of Personal Data
You can visit our site without providing any personal information.
We do not collect, store, change or transmit any personal data on or via our website.
2. 1&1 Webanalytics
In addition, we collect, process and use the following non-personal data using 1&1 WebAnalytics for the purpose of creating visitor statistics on the use of our website and to improve our website. The following data is collected:
– Entry page via which the visitor visited our website
– Date and time of retrieval
– URL where the visitor is located
– URL that the visitor visited immediately before (Referer URL)
– Browser used, including browser version
– Operating system in use
– Sites of origin of the visitor are only determined according to the following categories: Social networks, Search engines, Directories, Other, Direct
– Time spent on our website (session duration)
– Page impressions per session
– data volume transferred
As we do not collect, process or use personal data by means of 1&1 WebAnalytics, we have not concluded a contract with 1&1 for commissioned data processing.
3. Cookies
Internet pages sometimes use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
Notwithstanding section 3, the only cookie we use is a so-called “session cookie”. It is automatically deleted at the end of your visit. It is only used for administrators of this site to enable login. It is inactive during normal page visits, i.e. it is not set.
Nevertheless, you can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Cookies required for the electronic communication process are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of his services.
IV. Collection, Processing and Use of Personal Data in other Contexts, especially in the Context of the Initiation of a Mandate and its Execution
The personal data provided by you will be processed by us in accordance with the provisions of the European Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) in the following cases:
1. For the Fulfilment of Contractual Obligations (in Accordance with Art. 6 para. 1 lit. b GDPR)
In this case, we collect, store, modify or transmit personal data or use it as a means of fulfilling our own business purposes, if this is necessary for the establishment, execution or termination of a legal or similar contractual relationship. This includes
– First name, surname
– your address
– E-mail address/s
– Telephone number/s, fax number/s
– in individual cases your bank details
– your request
– documents submitted by you that contain personal data
We collect, process and use this data to contact you and to check your request for a mandate and to be able to process it if necessary. In the context of pre-contractual measures (e.g. master data collection), it is necessary to provide your personal data. If the requested data is not provided by you, a contract cannot be concluded.
The collection of the data is carried out by the way,
– to identify you as our client;
– in order to be able to advise and represent you appropriately in legal or tax matters;
– to correspond with you;
– to invoice and process payments to you;
– to process any liability claims that may exist and to assert any claims against you;
In order to provide our services, it may also be necessary to process personal data which we have received from other companies or other third parties, e.g. tax offices, your business partners, opponents in legal disputes or similar, in a permissible manner and for the respective purpose.
2. Due to Legal Requirements (pursuant to Art. 6 Para. 1 lit. c GDPR) or in the Public Interest (pursuant to Art. 6 Para. 1 lit. e GDPR)
The purposes of data processing in this case result from legal requirements or are in the public interest (e.g. compliance with retention obligations, proof of compliance with the lawyer’s or tax advisor’s duties to provide information and advice).
3. On the Basis of Consent (pursuant to Art. 6 Para. 1 lit. a GDPR)
The purposes of the processing of personal data here result from the granting of consent. You can revoke your consent at any time with effect for the future. Consent granted before the GDPR came into force (25 May 2018) may also be revoked. Processing that took place before the revocation remains unaffected by the revocation. Example: Sending a newsletter, release from professional secrecy to pass on the data you have provided to third parties (e.g. banks, insurance companies, shareholders, etc.) at your request
4. Within the Framework of the Balancing of Interests (Pursuant to Art. 6 (1) (f) of the GDPR)
The purposes of the processing here result from the protection of our legitimate interests. It may be necessary to process the data provided by you beyond the actual fulfilment of the contract. Our legitimate interest may be used to justify the further processing of the data you have provided, provided that your interests or fundamental rights and freedoms do not outweigh the data processing. Our legitimate interest may be in individual cases: Assertion of legal claims, defence against liability claims, prevention of criminal offences.
V. No Automated Decision Making
We do not use a fully automated decision-making process in accordance with Article 22 GDPR to establish and execute the mandate relationship. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is provided for by law. However, we will inform you about the legal requirements at this point as a supplement:
- You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner.
- This shall not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller,
is authorised by Union or national legislation to which the person responsible is subject and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or with your express consent. - However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
In such cases, the responsible person shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the responsible person, to express his or her point of view and to challenge the decision.
VI. Transfer of Personal Data within our Respective Companies and to Third Parties
The personal data that you have provided to Hannemann, Eckl & Moersch Rechtsanwälte PartG mbB will not be made available to or passed on to the tax adviser Fehr and vice versa, unless you have given your prior consent to this transfer or one of the other reasons mentioned under IV above would justify this.
The following applies to the tax consultant Fehr and to Hannemann, Eckl & Moersch Rechtsanwälte PartG mbB:
Within the respective company, access to the personal data provided by you will be granted to those persons who need this data to fulfil their contractual and legal obligations and who are authorised to process this data.
In fulfillment of the contract concluded with you, only those bodies that require the data you have provided for legal reasons, e.g. tax authorities, social insurance carriers, competent authorities and courts, and, in the case of lawyers, opponents and their agents, will receive the data.
As a professional secrecy holder we are obliged to observe and implement professional secrecy. Further recipients will only receive the data you provide at your request if you release us from the obligation of professional secrecy.
Within the scope of our service provision, we commission processors who contribute to the fulfilment of the contractual obligations, e.g. computer centre service providers, EDP partners, document shredders, etc. These contract processors are contractually obliged by us to observe professional secrecy and to comply with the requirements of the GDPR and the BDSG.
The attorney-client confidentiality remains unaffected. As far as data is concerned which is subject to the attorney-client privilege, it will only be passed on to third parties in agreement with the client. The same applies with regard to tax consultant Fehr for those data that are subject to her duty of confidentiality as a tax consultant.
VII. Duration of Storage (Deletion Criteria)
The processing of the data provided by you is carried out as long as it is necessary to achieve the contractually agreed purpose, in principle as long as the contractual relationship with you exists. After the termination of the contractual relationship, the data you have provided will be processed to comply with statutory retention obligations or on the basis of our legitimate interests. After the expiry of the statutory retention periods and/or the loss of our legitimate interests, the data you have provided will be deleted.
Anticipated periods of the storage obligations to which we are subject and our legitimate interests:
– Compliance with commercial, tax and professional retention periods. The periods of retention or documentation specified therein are two to ten years.
– Preservation of evidence within the framework of the statute of limitations.
According to §§ 195 et seq. of the German Civil Code (BGB), these periods of limitation can be up to 30 years, whereby the regular period of limitation is three years.
VIII. Your Rights as a Data Subject
Under applicable laws, you have various rights regarding your personal information. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address mentioned in point 1. Below you will find an overview of your rights:
1. Right to Confirmation and Information
You have the right to receive clear information about the processing of your personal data.
In detail:
You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you have the right to request from us free information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to receive the following information:
1. the processing purposes;
2. the categories of personal data processed
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
4. if possible, the envisaged duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
5. the existence of a right of rectification or erasure of personal data concerning you or of a right of opposition to or limitation of the processing by the controller;
6. the existence of a right of appeal to a supervisory authority;
7. if the personal data are not collected from you, all available information on the origin of the data;
8. the existence of automated decision-making, including profiling in accordance with Art. 22, paragraphs 1 and 4 German FADP, and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
2. Right of Rectification
You have the right to ask us to correct and, if necessary, complete personal data concerning you.
In detail:
You have the right to ask us to correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
3. Right of Cancellation (“Right to be forgotten”)
In a number of cases we are obliged to delete personal data concerning you.
In detail:
Pursuant to Art. 17 para. 1 GDPR, you have the right to demand that we delete any personal data relating to you without delay, and we are obliged to
to delete data immediately if one of the following reasons applies:
1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
2. you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 letter a) German DPA or Art. 9 para. 2 letter a) German DPA, and there is no other legal basis for the processing
3. you object to the processing pursuant to Art. 21(1) German FADP and there are no legitimate reasons for the processing that take precedence, or you object to the processing pursuant to Art. 21(2) German FADP.
4. the personal data were processed unlawfully.
5. the deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject
6. the personal data have been collected in relation to information society services offered, in accordance with Article 8(1) of the GDPR
If we have made the personal data public and we are obliged to delete it pursuant to Art. 17 para. 1 GDPR, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.
4. The Right to Restrict Processing
In a number of cases, you are entitled to request us to restrict the processing of your personal data.
In detail:
You have the right to request us to restrict processing if one of the following conditions is met:
1. the accuracy of the personal data is disputed by you, for a period of time which enables us to verify the accuracy of the personal data
2. the processing is unlawful and you refused to delete the personal data and instead requested the restriction of the use of the personal data
3. we no longer need the personal data for the purposes of the processing, but you need the data to assert, exercise or defend legal claims; or
4. you have lodged an objection to the processing in accordance with Art. 21 para. 1 GDPR, as long as it has not yet been established whether the legitimate reasons of our company outweigh yours.
5. Right to Information
If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed of these recipients.
6. Right to Data Transferability
You have the right to receive, transmit or have us transmit personal data relating to you in machine-readable form.
In detail:
You have the right to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format and you have the right to transfer this data to another responsible person without hindrance from us, provided that
1. the processing is based on a consent pursuant to Art. 6 para. 1 letter a) GDPR or Art. 9 para. 2 letter a) GDPR or on a contract pursuant to Art. 6 para. 1 letter b)
GDPR and
2. the processing is carried out by means of automated procedures.
When exercising your right to data transfer as referred to in paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another controller be transmitted as far as technically feasible.
7. Right of Objection
You have the right to object to the lawful processing of your personal data by us if this is justified by your particular situation and if our interests in the processing do not outweigh the interests of the data subject.
In detail:
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 paragraph 1 letter e) or f) German FADP; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
Where personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.
You have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out for the purposes of scientific or historical research or for statistical purposes, in accordance with Art. 89, paragraph 1 of the German DPA, unless the processing is necessary for the performance of a task carried out in the public interest.
8. Automated Decisions Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. No automated decision making based on the personal data collected will take place. For further details we refer to section V. above.
9. Right to Revoke a Data Protection Consent
You have the right to revoke your consent to the processing of personal data at any time.
10. Right of Appeal to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the German DPA. In any case, the complaint can be addressed to the State Commissioner for Data Protection and Freedom of Information (Landesdatenschutzbeauftragter) for Baden-Württemberg, Königstrasse 10 a, D-70173 Stuttgart, Germany, who is locally responsible for us. The supervisory authority with which the complaint was lodged will inform the complainant of the status and the results of the complaint, including the possibility of a legal remedy under Art. 78 GDPR.
IX. Note on data transmission via the Internet
We expressly point out that the transmission of data on the Internet (e.g. when communicating by e-mail) can have security gaps and complete protection against access by third parties is not possible. Our website is SSL encoded, however, it does not have any possibility to transfer personal data to us anyway (no contact form).
X. Contact person for data protection
If you have any questions regarding the collection, processing or use of your personal data, or if you require information, correction, blocking or deletion of data, please contact our data protection officer:
Philip Kirchner
Hussenstr. 45
D-78462 Constance
info@pn-datasecure.de