Data protection notice

Data Protection Notice

Information in accordance with Art. 13, 14 of the General Data Protection Regulation

We, the KSB INTAX v. Bismarck Rechtsanwälte Wirtschaftsprüfer Steuerberater PartGmbB (hereinafter referred to as either “KSB INTAX” or “ControAller”), take the protection of personal data seriously and respect the applicable data privacy regulations, in particular the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (“Bundesdatenschutzgesetz” (BDSG)). We would like to inform you about how your personal data are processed and which rights you have in connection therewith.

A. Data Protection Notice for Clients and Business Partners

Information concerning the processing of personal data from clients and business partners can be found here.

B. Data Protection Notice for the Website, E-Mail Contacts, E-Mail Newsletter and Direct Marketing

I. Controller

Controller in the sense of the GDPR and other national data protection acts of the EU Members States as well as other provisions of data protection law is:

KSB INTAX v. Bismarck

Rechtsanwälte Wirtschaftsprüfer Steuerberater PartGmbB

Lüerstr. 10-12

D-30175 Hannover

Telephone: +49 (0) 511 - 854 04 - 0

Fax: +49 (0) 511 - 81 58 74

E-Mail: zentrale(at)ksb-intax.de

Website: www.ksb-intax.de

Full contact information (Impressum) can be found here:

www.ksb-intax.de/en/contact/imprint/

II. Contact Information of the Data Protection Officer

The contact information for the data protection officer of the controller is:

datenschutz@ksb-intax.de

III. Contact Information of the Regulatory Body

The State Commissioner for Data Protection of Lower Saxony, Barbara Thiel

Prinzenstr. 5

30159 Hannover

Telephone: +49 (0) 511 - 120 4500

E-Mail: poststelle@lfd.niedersachsen.de

IV. General

1. Lawfullness of Data Processing

The collection and usage of our users’ personal data only takes place where the processing of the data is permitted by statutory provisions or where the user has granted its consent. We list the specific legal bases for the processing of personal data below as part of the description of the individual data processing operations.

2. Length of Storage

The personal data of the users will be erased or made unavailable as soon as the purpose of the storage no longer exists. Storage can furthermore take place where this is provided for by the European or national legislators in EU regulations, acts or other regulations applicable to our company. Data will also be made unavailable or erased when storage deadline expires in one of the provisions named except where the continued storage is necessary for the execution of a contract or for contractual performance.

3. Transfer of Personal Data

When we transfer personal data, we do this exclusively to service providers that support us with the fulfillment of the data processing described below. These companies may only use your personal data as processors for the fulfillment of their tasks within the scope of our assignment and are obligated to observe the applicable data protection provisions. The processors with whom we work are:

  • Windrich & Sörgel GmbH & Co. KG, Färberstraße 14, 30453 Hannover
  • hosting.de GmbH, Franzstraße 51, 52064 Aachen
  • CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede      

Otherwise, personal data will only be passed on to third parties if this is specified below as part of the description of the individual data processing operations.

4. Place of Data Processing

The processing of your personal data by us that we store takes place within states belonging to the European Union (EU) /  European Economic Area (EEA). With regard to any processing of personal data by service providers or other third parties based outside the EU/EEA, please refer to the descriptions of the individual data processing operations below.

V. Processing of Personal Data

1. Provision of the Website and Generation of Log Files

a) Description of Data Processing

Each time our website is accessed, our system automatically records data and information that are sent by the computer system and browser of the computer accessing the site.

The following data are collected thereby:

  • Information about the type of browser and the version used
  • The operating system of the user
  • The IP address of the user
  • Date and time of access
  • The websites from which the user’s system reaches our website

Storage of these data together with the personal data of the user does not take place.

b) Legal Basis for the Data Processing

The legal basis for the temporary storage of the data and the log files is point (f) of Article 6 paragraph 1 GDPR.

c) Purpose of the Data Processing

The storage of log files takes place in order to ensure the functionality of the website. Furthermore, the data serve to help us optimize the website and to ensure the security of our IT-systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also provide our legitimate interest in the processing of the data as per point (f) of Article 6 paragraph 1 GDPR.

d) Length of Storage

The data will be erased as soon as they are no longer necessary for the fulfillment of the purpose for which they were collected. In the case of the storage of data in log files, this is the case after 7 days, at the latest.

e) Possibility to Object to Processing and Rectify

The user has a right to object. The objection can be made by sending a message to the contact information in item B. II. of the data protection notice. The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. The user is also not obliged to provide the personal data. However, failure to provide such data may result in the user not being able to use our website or not being able to use it to its full extent.

2. Email Contact

a) Description of Data Processing

On our website, it is possible to contact us through the email addresses provided. In such cases, the personal data of the user sent with the email (name and email address) will be stored.

No transfer of this data to third parties takes place in this context. The data are used exclusively for the processing of the conversation.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data is point (f) of Article 6 paragraph 1 GDPR. Where the goal of the contact is to conclude a contract or a similar obligation, point (b) of Article 6 paragraph 1 GDPR is additionally the legal basis.

c) Purpose of the Data Processing

The processing of personal data serves us solely for the processing of your contact request. In the case of a contact request, this is also the necessary legitimate interest for the processing of the data.

d) Length of Storage

The data will be erased as soon as they are no longer necessary for the fulfillment of the purpose for which they were collected. This is the case for personal data sent per email when the corresponding conversation with the user is concluded. The conversation is concluded when it can be assumed from the surrounding circumstances that the situation in question has been conclusively clarified.

e) Possibility to Object to Processing and Rectify

If a user contacts us per email, it can object to the storage of its personal data at any time. The objection can be made by communication to the contact information contained under item B. II. of the Data Protection Notice. In case of an objection, the conversation with the user will not be able to be continued and we will erase all personal data saved in the course of the contact request.

3. Direct Applications

a) Description of Data Processing

If you use our form for direct applications on our website for sending your application, the information requested (first name, last name, email address, message, uploaded documents) will be sent to us.

The data will be used exclusively for the processing of your application.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data after the direct application has been sent by the applicant by means of the form provided are point (b) of Article 6 paragraph 1 GDPR, Sec. 26 paragraph 1 of the German Data Protection Act (“BDSG”) (taking steps to enter into an employment contract).

c) Purpose of the Data Processing

The collection of the data serves the processing of the direct application in the scope of the review of the potential establishment of an employment relationship as well as to establish contact with the applicant.

d) Length of Storage

The data of the applicant will only be stored until the application process is completed and the retention deadline of six months after delivery of a rejection has been exceeded.

e) Possibility to Object to Processing and Rectify

The applicant can in principle object to the storage of its personal data at any time. The objection can take place by means of notification to our contact information under item B. II. of the Data Protection Notice. If the data are necessary for the fulfillment of a contract, then the prior erasure of the data is only possible if contractual and/or statutory obligations do not prevent the erasure.

4. Email Newsletter

a) Description of Data Processing

Where you register for the receipt of our email newsletter (which inter alia includes invitations to our company events or to our tax circular), we use your email address for the purpose of sending you the newsletter and/or circular. By confirming receipt of the newsletter, you also consent to the analysis of your use of the newsletter. Within the scope of the analysis, information on opening and click rates is collected in particular. In this way, we try to constantly improve our newsletter. The individual behavior patterns identifiable in the course of the analysis are only used for a non-personal statistical evaluation of the newsletter success and are under no circumstances passed on to third parties or used for other purposes.

For the technical processing of the dispatch of the newsletter, we use a tool from the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data is in the case of the consent of the user point (a) of Art. 6 paragraph 1 GDPR.

c) Purpose of the Data Processing

The processing of the aforementioned personal data is carried out for the purpose of dispatching the newsletter as well as analyzing the use of the newsletter for the purpose of improving our newsletter.

d) Length of Storage

The email address of the user will only be stored as long as the user wishes to receive the newsletter and/or the circular.

e) Possibility to Object to Processing and Rectify

The user can withdraw its consent to the receipt of the newsletter(s) at any time. The withdrawal can be made through the link contained directly in the newsletter(s) or on our Website.

VI. Use of Cookies

1. Description of Data Processing

In order to make the visit to our website attractive and to enable the use of certain functions, we use "cookies". These are small pieces of text information that are stored in the browser or by the browser on the user's terminal device. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

a) Technically necessary cookies

We use technically necessary cookies that are required for the smooth functioning of our website. These are the following cookies:

  • Klaro cookie

Purpose: Used to store the user's consents to the use of technically unnecessary cookies and/or external media.

Duration: 120 days

b) Technically unnecessary cookies

We also use the following technically unnecessary cookies on our website, which allow us in particular to analyze the surfing behavior of users:

  • "pk_ref": to store the attribution information, the referrer that was originally used to visit the website (the page that the user accessed before visiting our site); duration: 180 days.
  • "pk_id": used to store some details about the user, like the unique visitor ID and the time of the last visit; duration: 180 days
  • "_pk_ses", "_pk_cvar": short-lived cookies used for temporary storage of data for the visit; duration: 30 minutes

c) Consent tool

When our website is called up, we inform the user about the use of cookies and obtain his/her consent for the use of technically unnecessary cookies and/or external media via a consent tool. In this context, reference is also made to this privacy policy.

Our website uses the open-source consent technology of the provider KIProtect GmbH, Bismarckstr, 10-12, 10625 Berlin, to obtain your consent in your browser and to document it in a manner compliant with data protection.

When you access our website, a Klaro cookie is stored in your browser, through which the consents you have given or the revocation of these consents are stored. These data are not shared with the provider of the consent technology.

d) Notice concerning modification of browser settings

Most browsers are set to accept cookies automatically. However, the user can prevent cookies from being stored on his or her computer through corresponding browser settings, which may, however, limit the functionality of our website.

2. Legal Basis for the Data Processing

The legal basis for the processing of personal data using technically necessary cookies is point b and point f of Art. 6 para. 1 GDPR. The legal basis for the processing of personal data using technically unnecessary cookies is point a of Art. 6 GDPR if the user has given his consent in this regard.

Cookie consent technology is used to obtain the legally required consent for the use of technically unnecessary cookies and/or external media. The legal basis for this is point c of Art. 6 para. 1 GDPR.

3. Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a website change. In this purpose also lies our legitimate interest in the processing of personal data according to point f of Art. 6 para. 1 GDPR. The purpose of data processing using technically unnecessary cookies and/or external media is described above under section B. VI. 1 b) of the data protection notice and in the consent tool.

The user data collected by cookies on our website is not used to create user profiles.

4. Length of Storage, Right to Object and Possibility to Remove, Withdrawal of Consent

Cookies are stored on the user's computer for the duration described above and are transmitted by the user to our website. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

You can also withdraw your consent for the use of technically unnecessary cookies and/or external media in your personal privacy settings.

VII. Use of analysis tools and external media

1. Matomo

a) Description of Data Processing

Our website uses the open source software tool Matomo to analyze the surfing behavior of users (https://matomo.org/). We also use cookies in this context, which help us to avoid errors in the analysis of user data.  If individual pages of our website are called up, the following data are stored:

  • IP address (anonymized by 2 bytes, e.g. 192.168.xxx.xxx)
  • Date and time of the request
  • Title of the displayed page (Page Title)
  • URL of the page called up (Page URL)
  • URL of the page that was called up before the current page (Referrer URL)
  • Screen resolution used
  • Time in the user's local time zone
  • Files that were clicked and downloaded (Download)
  • Links to an external domain that were clicked (outlink)
  • Page generation time (the time it takes the web server to generate the pages and then download them from the user: page speed)
  • Location of the user: country, region, city, approximate latitude and longitude (geolocation)
  • Main language of the browser used (accept-language header)
  • User agent of the browser used (user agent header)

The software runs on the servers of the contracted hoster in Germany. Storage of the users' personal data only takes place there. The controller transmits the data to us in aggregated form. Apart from that, the data is not passed on to third parties.

The software is set up in such a way that the IP addresses (including IPv6 addresses) are not stored in full, but instead 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

The processing of the aforementioned data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.

For more information on Matomo's privacy settings, please see the following link: matomo.org/docs/privacy/ 

b) Legal Basis for the Data Processing

The legal basis for the use of Matomo is point a of Art. 6 para. 1 GDPR if the user has given his/her consent in this regard.

c) Length of Storage

The information aboveconcerning visit statistics will be deleted after 90 days.

d) Withdrawal of Consent

You can withdraw your consent to web analytics in your personal privacy settings.

2. Vimeo

a) Description of Data Processing

For the integration of videos, we use plugins of the video portal "Vimeo" on our website. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. In addition, Vimeo obtains your IP address. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When you click on the start button of a video, this information can also be assigned to an existing user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo. We have set Vimeo so that Vimeo will not track your user activities based on cookies.

Please note that we have no influence on the data processing by the aforementioned provider and do not know conclusively which data this provider processes. Furthermore, it cannot be ruled out that your data will also be processed in countries outside the European Union when you access the videos via the provider's site, in which a lower level of data protection prevails (in particular the USA).

For more information on data processing by Vimeo, please see the following link: vimeo.com/privacy

b) Legal Basis for the Data Processing

The processing of your personal data described above is based on your consent pursuant to point a of Art. 6 para. 1, point a of Art. 49 para. 1 GDPR

c) Withdrawal of Consent

[…]

You can withdraw your consent to view the videos via Vimeo in your personal privacy settings.

VIII. Rights of Data Subjects

If your personal data are processed, you are a data subject as per the GDPR and have the following rights vis-à-vis the controller:

1. Right to Request Access to Personal Data

You are entitled to request confirmation as to whether or not personal data concerning you are being processed; if this is the case, then you are entitled to request confirmation as to what these personal data are and to the information requests listed individually contained in Art. 15 GDPR.

2. Right to Rectification

You have the right to obtain without undue delay the rectification and/ or completion of personal data concerning yourself (Art. 16 GDPR).

3. Right to Restriction of Processing

You are entitled to require the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. where you made an objection to the processing, then for the time required for the review of whether or not the objection can be  upheld.

4. Right to Erasure

You are entitled to demand that the personal data concerning yourself is deleted without undue delay to the degree that one of the grounds listed individually in Art. 17 GDPR is applicable, e.g. if the data are no longer necessary for the intended purposes and the statutory provisions concerning retention do not stand in the way.

5. Right to Data Portability

In accordance with Art. 20 DSGVO, you have the right to receive the personal data relating to yourself that you have provided us with in a structured, common and machine-readable format in order to be able to transmit it either yourself or - if technically feasible - through us to a third party.

6. Right to Object

You have the right to object to the processing of personal data relating to you for reasons arising from your particular situation at any time, within the framework of the requirements of Art. 21 GDPR.

8. Right to Withdraw Consent of the Data Protection Consent Notification

You have the right to withdraw your notification of consent as provided to us at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent performed before its withdrawal.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to yourself infringes legal provisions of data protection law.

You can find the contact information for the regulatory body responsible for us under item B. III. of the Data Protection Notice.

10. Miscellaneous

Please note that the above rights of data subjects may be limited by EU law or applicable national law.

To exercise the above rights, please contact us using the contact information in item B. II. of the Data Protection Notice. Inquiries that are submitted to us electronically will generally be answered electronically, unless you have specified otherwise in your inquiry.

IX. Links to other Websites

Our website may contain links to third party websites. We have no influence on the content and design of third party websites. This data protection statement thus is not applicable there.

X. Changes to the Data Protection Notice

The continuous evolution of the internet and the changes to the applicable legal provisions that often accompanies such make adjustments to our data protection notice necessary from time to time. We will inform you here about such about such modifications.

Status: Oktober 2021