Ihr Webbrowser ist veraltet!

Sie versuchen diese Webseite mit einem nicht mehr unterstützten Browser aufzurufen.
Es kann daher zu Darstellungsfehlern oder einer fehlerhaften Bedienung der Webseite kommen.
Bitte aktualisieren Sie Ihren Browser.

Klicken Sie, um dieses Fenster zu schließen.

Data protection notice

We, the KSB INTAX v. Bismarck Rechtsanwälte Wirtschaftsprüfer Steuerberater PartGmbB (hereinafter referred to as either “KSB INTAX” or “Controller”), take the protection of personal data seriously and respect the applicable data privacy regulations, in particular the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (“Bundesdatenschutzgesetz” (BDSG)). We would like to inform the users of our website www.ksb-intax.de below in particular about when we collect data in the scope of the use of the website and how we use it.

I. General

1. Scope of Data Processing

We collect and use personal data of our users in principle only if this is necessary for the provision of a functional website as well as for our content and our performance. The collection and usage of our users’ personal data only takes place where the processing of the data is permitted by statutory provisions or where the user has granted its consent.

2. Legal Basis for the Data Processing

Where we receive the consent of a user for processing operations of personal data on our website, point (a) of Art. 6 paragraph 1 GDPR provides the legal basis for the processing of personal data.

For the processing of personal data necessary for the fulfillment of a contract where the user is a party to such, point (b) of Article 6 paragraph 1 GDPR is the legal basis. This also applies to processing operations that are necessary for the performance of a quasi-contractual obligation (“vertragsähnliches Schuldverhältniss”) or for pre-contractual obligations (“vorvertragliche Maßnahmen”).

If the processing of personal data is necessary for the fulfillment of legal obligations, to which our company is subject, point (c) of Article 6 paragraph 1 GDPR is the legal basis.

If the processing is necessary for the preservation of a legitimate interest of our company or of a third party, and where the interests, fundamental rights and fundamental freedoms of the user affected do not outweigh such, then point (f) of Article 6 paragraph 1 GDPR is the legal basis for the data processing (so-called weighing of interests).

In addition to the above, further statutory legal grounds exist for the processing of personal data that we, where applicable, concretely name below.

3. Length of Storage

The personal data of the users will be erased or made unavailable as soon as the purpose of the storage no longer exists. Storage can furthermore take place where this is provided for by the European or national legislators in EU regulations, acts or other regulations applicable to our company. Data will also be made unavailable or erased when storage deadline expires in one of the provisions named except where the continued storage is necessary for the execution of a contract or for contractual performance.

4. Transfer of Personal Data

When we transfer personal data, we do this exclusively to service providers that support us with the fulfillment of the purposes named above. These companies may only use your personal data as processors for the fulfillment of their tasks within the scope of our assignment and are obligated to observe the applicable data protection provisions. The processors with whom we work are:

-          Windrich & Sörgel GmbH & Co. KG Färberstraße 14, 30453 Hannover

-          hosting.de GmbH, Franzstraße 51, 52064 Aachen

No other transfer of personal data takes place to third parties.

5. Place of Data Processing

The processing of your personal data that we store takes place exclusively within states belonging to the European Economic Area.

II. Processing of Personal Data on our Website

1. Provision of the Website and Generation of Log Files

a) Description of Data Processing

Each time our website is accessed, our system automatically records in the log files data and information that are sent by the computer system and browser of the computer accessing the site.

The following data are collected thereby:

•         Information about the type of browser and the version used

•         The operating system of the user

•         The IP address of the user

•         Date and time of access

•         The websites from which the user’s system reaches our website

Storage of these data together with the personal data of the user does not take place.

b) Legal Basis for the Data Processing

The legal basis for the temporary storage of the data and the log files is point (f) of Article 6 paragraph 1 GDPR.

c) Purpose of the Data Processing

The storage of log files takes place in order to ensure the functionality of the website. Furthermore, the data serve to help us optimize the website and to ensure the security of our IT-systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also provide our legitimate interest in the processing of the data as per point (f) of Article 6 paragraph 1 GDPR.

d) Length of Storage

The data will be erased as soon as they are no longer necessary for the fulfillment of the purpose for which they were collected. In the case of the storage of data in log files, this is the case after 7 days, at the latest.

e) Possibility to Object to Processing and Rectify

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. As a result, the user has no right to object.

2. Email Contact

a) Description of Data Processing

On our website, it is possible to contact us through the email addresses provided. In such cases, the personal data of the user sent with the email (name and email address) will be stored.

No transfer of this data to third parties takes place in this context. The data are used exclusively for the processing of the conversation.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data is point (f) of Article 6 paragraph 1 GDPR. Where the goal of the contact is to conclude a contract or a similar obligation, point (b) of Article 6 paragraph 1 GDPR is additionally the legal basis.

c) Purpose of the Data Processing

The processing of personal data serves us solely for the processing of your contact request. In the case of a contact request, this is also the necessary legitimate interest for the processing of the data.

d) Length of Storage

The data will be erased as soon as they are no longer necessary for the fulfillment of the purpose for which they were collected. This is the case for personal data sent per email when the corresponding conversation with the user is concluded. The conversation is concluded when it can be assumed from the surrounding circumstances that the situation in question has been conclusively clarified.

e) Possibility to Object to Processing and Rectify

If a user contacts us per email, it can object to the storage of its personal data at any time. The objection can be made by communication to the contact information contained below (see item VII. of our Data Protection Notice). In case of an objection, the conversation with the user will not be able to be continued and we will erase all personal data saved in the course of the contact request.

3. Direct Applications

a) Description of Data Processing

If you use our form for direct applications on our website for sending your application, the information requested (title, first name, last name and email address) as well as the file attachments will be sent to us.

The data will be used exclusively for the processing of your application.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data after the direct application has been sent by the applicant by means of the form provided is point (b) of Article 6 paragraph 1 GDPR (taking steps to enter into an employment contract).

c) Purpose of the Data Processing

The collection of the data serves the processing of the direct application in the scope of the review of the potential establishment of an employment relationship as well as to establish contact with the applicant.

d) Length of Storage

The data of the applicant will only be stored until the application process is completed and the retention deadline of six months after delivery of a rejection has been exceeded.

e) Possibility to Object to Processing and Rectify

The applicant can in principle object to the storage of its personal data at any time. The objection can take place by means of notification to our contact information under item VII of our Data Protection Notice. If the data are necessary for the fulfillment of a contract, then the prior erasure of the data is only possible if contractual and/or statutory obligations do not prevent the erasure.

4. Email Newsletter

a) Description of Data Processing

Where you register for the receipt of our email newsletter (which inter alia […] invitations to our company events) or to our tax newsletter, we use your email address for the purpose of sending you the newsletter(s).

b) Legal Basis for the Data Processing

The legal basis for the processing of the data is in the case of the consent of the user point (a) of Art. 6 paragraph 1 GDPR.

c) Purpose of the Data Processing

The processing of the user’s contact information named above serves for the delivery of the newsletter(s).

d) Length of Storage

The email address of the user will only be stored as long as the user wishes to receive the newsletter(s).

e) Possibility to Object to Processing and Rectify

The user can withdraw its consent to the receipt of the newsletter(s) at any time. The withdrawal can be made through the link contained directly in the newsletter(s) or by notification to the contact information under item VII. of our Data Protection Notice.

III. Use of Cookies

We currently use no cookies on our website.

IV. Rights of Data Subjects

If your personal data are processed, you are a data subject as per the GDPR and have the following rights vis-à-vis the controller:

1. Right to Request Access to Personal Data

You can request from the controller confirmation as to whether or not personal data concerning you are being processed by us.

Where such processing has occurred, you can request access to the following information from the controller:

  • the purposes for which the personal data are being processed;
  • the categories of personal data that are being processed;
  • the  recipients or  categories  of  recipient to  whom your personal data  have  been  or  will  be  disclosed;
  • the envisaged period for which your personal data will be stored, or, where concrete specifications are not possible, the criteria used to determine that period;
  • the  existence  of  the  right  to  request rectification or  erasure of  your personal data, of the right to restriction  of processing by the controller, or the right to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22 paragraphs 1 and 4 GDPR and, at least in those cases, meaningful information about the  logic  involved, as  well  as  the  significance and  the  envisaged consequences of such processing for the data subject.

You have the right to request confirmation if your personal data have been transferred to a to a third country or to an international organization. In connection therewith, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. RIght to Rectification

You have the right to obtain from the controller the rectification and/ or completion of personal data concerning yourself, to the degree that such processed personal data concerning you is inaccurate or incomplete. The controller must perform the rectification without undue delay.

3. Right to Restriction of Processing

Under the following conditions, you can obtain the restriction of processing of the personal data concerning you:

  • when you contest the accuracy of the personal data concerning yourself, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use instead;
  • the controller no longer needs the personal data for  the purposes of  the processing, but you require them for the establishment, exercise or defence of legal claims, or
  • when you have objected to processing pursuant to Article 21 paragraph 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If the processing of the personal data concerning you has been restricted, then these data may only by processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing is restricted under the conditions above, then you will be informed by the controller before the restriction is lifted.

4. Right to Erasure

a) Obligation to Erase

You have the right to obtain from the controller the erasure of personal data concerning yourself without undue delay and the controller is obligated to erase such personal data without undue delay where one of the following grounds applies:

  • the  personal data concerning you  are  no  longer necessary  in  relation to the  purposes  for  which  they  were  collected  or  otherwise processed;
  • You withdraw  consent on  which the  processing is  based  according to  point  (a)  of  Article  6 paragraph 1 GDPR,  or point (a) of Article 9 paragraph 2 GDPR, and where there is no other legal ground for the processing;
  • You object to the processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 paragraph 2 GDPR;
  • the personal data concerning you have been unlawfully processed;
  • the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the  personal data concerning you  have  been  collected in  relation to  the  offer  of  information society services  referred  to  in Article 8 paragraph 1 GDPR.

b) Information to third parties

Where the controller has made  the  personal data concerning you  public and  is  obliged  pursuant to Art. 17 paragraph 1  GDPR to  erase  the personal data,  the  controller,  taking account of available technology and  the  cost  of  implementation, shall  take reasonable steps,  including technical measures, to  inform  controllers which  are  processing the  personal data  that  the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions to the Obligation to Erase

The right to erasure does not exist to the extent that the processing is necessary

  • for exercising the right of freedom of expression and information;
  • for  compliance  with  a  legal  obligation which requires processing by  Union  or  Member State  law  to  which  the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 paragraph 2 GDPR as well as Article 9 paragraph 3 GDPR;
  • for  archiving  purposes  in  the  public interest, scientific or historical  research purposes  or  statistical purposes  in accordance with  Article  89 paragraph 1 GDSP  in  so  far  as  the  right  referred  to  under sub-section a) above  is  likely  to  render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

5. Right to Notification

Where you have acted upon your right to rectification, erasure or restriction of processing against the controller, the controller shall communicate such rectification, erasure or restriction of processing to all recipients to whom the  personal data concerning you have  been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right vis-à-vis the controller to be informed about those recipients.

6. Right to Data Portability

You have  the  right  to  receive the  personal

data  concerning  yourself,  which  you have provided to the controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • the processing is based on consent pursuant to point (a) of Article 6 paragraph 1 GDPR or point (a) of Article 9 paragraph 2 GDPR or on a contract pursuant to point (b) of Article 6 paragraph 1 GDPR; and
  • the processing is carried out by automated means.

In exercising this right, you furthermore have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others may not be adversely affected thereby.

The right to data portability does not apply for the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

7. Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on point (e) or (f) of Article 6 paragraph 1 GDPR; this also applies to profiling based on those provisions.

 

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

 

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning yourself for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

Should you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

 In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility to exercise your right to object by means of automated means using technical specifications.

8. Right to Withdraw Consent of the Data Protection Consent Notification

You have the right to withdraw consent of your data protection notification of consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent performed before its withdrawal.

9. Automated Individual Decision Making, Profiling

You  have  the  right  not  to  be  subject to  a  decision based solely on  automated  processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for entering into, or performance of, a contract between yourself and the controller;
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

However, these decisions shall  not  be  based on  special categories  of  personal data  referred  to  in Article 9 paragraph 1 GDPR, unless point (a) or (g) of Article 9 paragraph 2 GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in the bulletpoints above, the controller shall implement suitable measures to  safeguard  your rights  and  freedoms and  legitimate interests,  at  least  the  right  to  obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to yourself infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

V. Links to other Websites

Our website may contain links to third party websites. We have no influence on the content and design of third party websites. This data protection statement thus is not applicable there.

VI. Changes to the Data Protection Notice

The continuous evolution of the internet and the changes to the applicable legal provisions that often accompanies such make adjustments to our data protection notice necessary from time to time. We will inform you here about such about such modifications.

VII. Controller

Controller in the sense of the GDPR and other national data protection acts of the EU Members States as well as other provisions of data protection law is:

KSB INTAX v. Bismarck

Rechtsanwälte Wirtschaftsprüfer Steuerberater PartGmbB

 

Lüerstr. 10-12

D-30175 Hannover

 

T +49 (0) 511. 854 04 - 0

F +49 (0) 511. 81 58 74

 

E-Mail: zentrale(at)ksb-intax.de

Website: www.ksb-intax.de

Full contact information (Impressum) can be found here:

www.ksb-intax.de/en/contact/imprint/

VIII. Contact Information of the Data Protection Officer

The contact information for the data protection officer of the controller is:

datenschutz@ksb-intax.de

 

Status: May 2018