1. Name and contact details of the controller
Rechtsanwälte Steuerberater Wirtschaftsprüfer Partnerschaft mbB
Veritaskai 3, 21079 Hamburg
Telephone: +49 40 697989-0
Fax: +49 40 697989-110
Contact details of the external data protection officer:
Waterside DS GmbH
Vertreten durch Frau Corinna Lovens, LL.M.
Telephone: +49 40 468 99 42-0
2. Scope and purpose of the processing of personal data
2.1 Calling up the website
When calling up this "skn.partners” website, data is automatically sent to the server of this website by the Internet browser used by the visitor and stored in a log file for a limited period. Until it is automatically erased, the following data is stored without further input by the visitor:
- IP address of the visitor's terminal device
- Date and time of access by the visitor
- Name and URL of the page accessed by the visitor
- Website from which the visitor reaches the firm's website (referrer URL)
- Browser and operating system of the visitor's terminal device as well as the name of the access provider used by the visitor
The processing of this personal data is lawful pursuant to Article 6 (1) Sentence 1 (f) of the EU GDPR. The firm has a legitimate interest in processing the data for the purpose of
- quickly establishing the connection to the firm’s website,
- making the website easier to use,
- identifying and ensuring the security and stability of the systems and
- facilitating and improving the administration of the website.
The processing is expressly not carried out for the purpose of gaining knowledge about the person of the visitor to the website.
2.2 Contact form
Visitors can submit messages to the firm via an on-line contact form on the website. At least a valid e-mail address must be provided to be able to receive a reply. The requesting person may voluntarily provide all other information. By sending the message via the contact form, the visitor consents to the processing of the personal data transmitted. The data is processed solely for the purpose of handling and answering inquiries made via the contact form. This is done on the basis of the consent given by the data subject pursuant to Article 6 (1) Sentence 1 (a) EU GDPR. The personal data collected for use of the contact form will be automatically erased as soon as the request is completed, and there are no reasons for the data to be continued to be stored (e.g. subsequent appointment of our firm). For this and all other questions regarding data protection, please contact us at firstname.lastname@example.org.
By subscribing to the newsletter, the visitor expressly agrees to the processing of the personal data transmitted. To subscribe to the newsletter, only an e-mail address of the visitor needs to be entered. The legal basis for the processing of the visitor's personal data for the purpose of sending newsletters is the consent pursuant to Article 6 (1) Sentence 1 (a) EU GDPR.
The visitor can unsubscribe from receiving future newsletters at any time. This can be done by using a special link at the end of the newsletter or by sending a message to this effect by e-mail to email@example.com.
To provide our newsletter, we use the services of an external service provider based in Germany (the service provider's servers are also located exclusively in Germany). This service provider only acts in accordance with our instructions and is contractually obliged to comply with data protection regulations in accordance with Article 28 GDPR.
2.4 Client data
2.5 Business partner data
2.6 Transfer of data
Personal data is transferred to third parties if
- the data subject has expressly consented to this under Article 6 (1) Sentence 1 (a) EU GDPR;
- the transfer of data is necessary to establish, exercise or defend legal claims pursuant to Article 6 (1) Sentence 1 (f) EU GDPR and there is no reason to assume that the data subject has an overriding legitimate interest in the non-transfer of his or her data;
- the transfer of data is necessary for compliance with a legal obligation under Article 6 (1) Sentence 1 (c) EU GDPR and/or
this is necessary for the performance of a contract concluded with the data subject under Article 6 (1) Sentence 1 (b) EU GDPR;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller under Article 6 (1) Sentence 1 (e) EU GDPR;
- processing is necessary in order to to protect the vital interests of the data subject or of another natural person under Article 6 (1) Sentence 1 (d) EU GDPR.
In other cases, personal data will not be transferred to third parties.
2.7 Collection of personal data for job applications
If you apply for one of our advertised jobs, we will process your personal data submitted in this connection during the application process. We process this data to decide whether to establish an employment relationship as defined in Section 26 (1) of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). The categories of data processed for this purpose include in particular:
- E-mail address
- Telephone number
- Curriculum vitae
- Relevant certificates and references
- Salary expectations
Please note that you transfer all further data and data categories to us on a voluntary basis for the purposes of the decision as to whether an employment relationship is established. If the job application is unsuccessful, we will erase your data after six months have elapsed since the rejection was sent. This retention period is necessary for the burden of proof in any proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).
For our application management, we use the services of an external service provider based in Germany (the service provider's servers are also located exclusively in Germany). This service provider only acts in accordance with our instructions and is contractually obliged to comply with data protection regulations in accordance with Article 28 GDPR.
2.8 Duration of data storage
Your personal data will be processed and stored for as long as and to the extent necessary for the purposes stated in this policy. After these purposes have been fulfilled, the data is erased at regular intervals. Such data is not erased if further processing is required for a limited period to comply with statutory retention periods or for documentation and evidence purposes subject to the statutes of limitation.
Cookies are used on the website. These are data packets that are exchanged between the server of the firm's website and the visitor's browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. Information that is generated in each case in connection with the specific end device used is stored in the cookies. The firm can therefore under no circumstances obtain direct knowledge of the identity of the visitor to the website.
Cookies are mostly accepted according to the basic settings of the browsers. The browser settings can be set so that cookies are either not accepted on the devices used, or that a special message is sent before a new cookie is created. However, it should be noted that deactivating cookies may mean that not all functions of the website can be used in the optimum way.
Temporary cookies are used to improve the user experience. They are stored on the visitor's device for a temporary period. When the website is visited again, it is automatically detected that the visitor has already previously opened the page and which entries and settings were made at that time so that they do not have to be repeated.
Cookies are also used to analyse the visits to the website for statistical purposes and for the purpose of improving the website. These cookies make it possible to automatically detect that the website had already been previously accessed by the visitor. They are automatically deleted after a pre-set period of time.
Processing data by cookies is justified for the above-mentioned purposes in order to protect the firm’s legitimate interests under Article 6 (1) Sentence 1 (f) EU GDPR.
4. Analysis services for websites, tracking
The tracking measures listed and used below are carried out exclusively on the basis of Article 6 (1) Sentence 1 (a) EU GDPR (consent). The tracking measures used are intended to ensure that the website is designed in line with requirements and is optimised on an ongoing basis. On the other hand, tracking measures are used to statistically record the use of the website.
The respective data processing purposes and data categories can be found in the relevant tracking tools.
We create pseudonymous usage profiles with the help of Google Analytics for the needs-based design of our websites. Google Analytics uses targeting cookies that are stored on your terminal device and can be read by us. In this way, we are able to identify and count returning visitors and learn how often different users have accessed our web pages.
The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. We would like to point out that, in the opinion of the Court of Justice of the European Union, there is currently not an adequate level of protection for data transfers to the USA. However, we have activated IP anonymisation on our website, which means that your IP address is truncated by Google within Member States of the European Union before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and only truncated there (for more information on the purpose and scope of data collection, see, for example, this link). We have also concluded a processing contract with Google LLC (USA) in accordance with Article 28 EU GDPR. Accordingly, Google will use all information strictly for the purpose of analysing the use of our websites for us and compiling reports on website activity.
|Helps us to count how many people visit our website if they have already visited it before.
|Helps us to count how many people visit our website if they have already visited it before.
|Helps us to manage the frequency in which requests were made to view a page.
You can withdraw your consent once given with future effect at any time. Please use one of the following options to do so:
- You notify us that you wish to withdraw your consent.
- You can also prevent the collection of data generated by the cookie and related to your use of our websites (including your IP address) and its transfer to Google as well as the processing of this data by Google by downloading and installing the browser plugin provided under this link.
- As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection of data by Google Analytics by clicking on this link. An opt-out cookie is set that prevents future collection of your data when visiting this website. The opt-out cookie is valid only in this browser and only for this website and is placed on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help.
Google Tag Manager
Google Tag Manager is used among other things on the website. This is a Google tag management system.
The "tags" contain tracking codes and other code fragments that are applied to the SKNvonGEYSO website by means of Google Tag Manager. Some codes used on the website may be those of Google Analytics. These Google Analytics tracking codes are used, for example, whenever you click on certain links or download certain documents from the website.
By using Google Tag Manager, we are able to configure or update tracking codes from Google Analytics to determine what type of analysis data is to be recorded by Google Analytics. In particular, we use Google Tag Manager to be able to analyse the number of visitors to our website, so that we are in turn able to further optimise this website.
In addition, we also use Google Tag Manager to include code fragments on our website that not only track user activity on our website, but also serve, among other things, to provide machine-readable information on our website pages (structured data).
5. Use of marketing services
We have integrated the Google Ads service onto our website. Google Ads is an Internet advertising service that allows ads to be placed both in Google's search engine results and in the Google advertising network. The operating company of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The legal basis for this data processing is your consent under Article 6 (1) Sentence 1 (a) EU GDPR. When visiting our website, you have the option to give your consent to data processing by cookies for analysis and marketing purposes. This consent is voluntary and can be withdrawn by you at any time. If you do not give your consent, cookies will not be set for marketing or analysis purposes.
The purpose of Google Ads is to promote our website by displaying advertisements on third-party websites and in Google search results as well as by displaying third-party advertisements on our website.
In order to statistically analyse and improve our website, the Google Ads advertisements are analysed by means of Google Conversion Tracking. Google Ads will set a cookie (see no. 3) on your computer if you have accessed our website via a Google advertisement. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the website of an Ads customer and the cookie has not yet expired, Google and the customer can detect that the user clicked on the advertisement and was redirected to this page.
Each Ads customer receives a different cookie. Cookies can therefore not be tracked through Ads customers’ websites. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted in to conversion tracking. Ads customers learn the total number of users who clicked on their advertisement and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking procedure, you can also reject the setting of a cookie required for this - for example, by means of a browser setting that, as a general rule, deactivates the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the "www.googleadservices.com" domain.
6. Plugins of social networks (social plugins)
Plugins of the following social networks are integrated onto our firm’s website: LinkedIn, Xing and YouTube
The legal basis for the use of social plugins is Article 6 (1) Sentence 1 (f) EU GDPR. A legitimate interest of our firm and the purpose of the use of plugins of social networks is to make our website known to a wide audience. The social networks are responsible for handling their users' data in accordance with data protection regulations.
This website uses functions of the LinkedIn network. The provider of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Each time one of our websites is accessed, a connection to LinkedIn servers is established, provided that this website has a LinkedIn plugin. LinkedIn is notified of your visit to our website regarding your IP address. As soon as you click on the "Recommend button" and are logged in to LinkedIn, LinkedIn is able to assign your visit to our website to your personal user account. However, we have no knowledge of the content of the data transmitted or the specific use of the data via LinkedIn.
The website also has functions of the XING platform. The provider is New Work SE, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
Each time our website is accessed, a connection is established to XING servers, insofar as our website uses XING functions. As far as we are aware, no personal data is stored in this process. In addition, IP addresses are not to be stored with the associated analysis of user behaviour.
Our website also uses plugins from YouTube. The operator of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to YouTube's servers. The YouTube server receives the message as to which specific page you have visited.
YouTube may also store various cookies on your terminal device. YouTube may be able to obtain information about visitors to our website because of the cookies, which remain on your terminal device until they are deleted. The information thus obtained is used, among other things, to collect video statistics, improve the user experience and prevent fraud.
If you are logged in using your YouTube account while visiting our website, it is possible that YouTube will directly assign your surfing behaviour to your personal profile. You can only prevent this by logging out of your YouTube account before visiting our website.
The use of YouTube is in the interest of an appealing presentation of our online services and is justified pursuant to Article 6 (1) (f) EU GDPR.
7. Use of video conferencing tools
We often communicate with our business partners via common video conferencing tools (primarily "Teams" and "Zoom"), to whose privacy statements we refer under the links of the aforementioned tools. As a general rule, these video conferences are not recorded.
8. Your rights as a data subject
Insofar as your personal data is processed when you visit our website, you as a "data subject" have the following rights as defined in the EU GDPR:
8.1 Right of access
You have the right to know whether your personal data is processed by us. There is no right of access if the provision of the requested information would infringe the duty of confidentiality pursuant to Section 83 of the Tax Advisory Act (Steuerberatungsgesetz, StBerG) or if the information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. By way of derogation from this, there may be an obligation to provide the information if your interests outweigh confidentiality, in particular taking into account any threat of damage or loss. The right of access is also excluded if the data is only stored because it may not be erased due to legal or statutory retention periods or exclusively serves the purposes of data security or data protection monitoring, provided that the provision of information would require a disproportionate amount of effort and the processing for other purposes is excluded by appropriate technical and organisational measures. If, in your case, the right of access is not excluded and your personal data is processed by us, you have the right of access to the following data:
- purposes of the processing,
- categories of your personal data processed,
- recipients or categories of recipients to whom your personal data is disclosed, particularly in the case of recipients in third countries,
- if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the storage period,
- the existence of a right to rectify or erase or restrict the processing of personal data relating to you or a right to object to such processing,
- the existence of a right of appeal to a supervisory authority responsible for data protection,
- if the personal data has not been collected from you as the data subject, the information available on the origin of the data,
- if applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the scope and intended effects of automated decision-making,
- if applicable, where personal data is transferred to recipients in third countries, unless a decision of the EU Commission on the adequacy of the level of protection under Article 45 (3) EU GDPR is available, information on the appropriate safeguards put in place in order to protect personal data pursuant to Article 46 (2) EU GDPR.
8.2 Right to rectification and completion
If you determine that we have inaccurate personal data concerning you, you may request that we rectify this inaccurate data without undue delay. If personal data concerning you is incomplete, you may request that it be completed.
8.3 Right to erasure
You have a right to erasure ("right to be forgotten"), unless the processing is necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation or for the performance of a task carried out in the public interest and one of the following reasons applies:
- The personal data are no longer necessary in relation to the purposes for which they were processed.
- The processing was solely based on your consent, which you have withdrawn.
- You have objected to the processing of your personal data that we have made public.
- You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing.
- Your personal data have been processed unlawfully.
- The erasure of personal data is necessary for compliance with a legal obligation to which we are subject.
You do not have a right to erasure if, in the case of lawful non-automated processing of data, erasure is not possible or only possible with a disproportionate amount of effort due to the special nature of the storage and your interest in erasure is low. The restriction of processing replaces erasure in this case.
8.4 Right to restriction of processing
You may request us to restrict processing if one of the following reasons applies:
- You contest the accuracy of the personal data. In this case, the restriction can be requested for the period of time that enables us to verify the accuracy of the data.
- The processing is unlawful, and you request that the use of your data be restricted instead of being erased.
- We no longer need your personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims.
- You have filed an objection pursuant to Article 21 (1) EU GDPR. Restriction of processing may be requested for as long as it is not yet certain whether our legitimate grounds override your grounds.
Restriction of processing means that the personal data will only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we are required to inform you about this.
8.5 Right to data portability
You have a right to data portability, provided that the processing is based on your consent (Article 6 (1) Sentence 1 (a) or Article 9 (2) (a) EU GDPR) or on an agreement to which you are a party, and the processing is carried out by means of automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of other persons: You may request us to provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. You may request us to transfer your personal data directly to another controller, where technically feasible.
8.6 Right to object
If the processing is based on Article 6 (1) Sentence 1 (e) EU GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or on Article 6 (1) Sentence 1 (f) EU GDPR (legitimate interests pursued by the controller or by a third party), you have the right to object to the processing of personal data relating to you at any time on grounds relating to your particular situation. This also applies to profiling based on Article 6 (1) Sentence 1 (e) or (f) EU GDPR. After exercising the right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
You may object at any time to the processing of personal data concerning you for direct marketing purposes. This also applies to any profiling related to such direct marketing. After exercising this right of objection, we will no longer use the personal data in question for direct marketing purposes.
8.7 Right to withdraw consent
You may withdraw your consent once given with future effect at any time. The withdrawal of consent may be communicated informally by telephone, by e-mail, if necessary, by fax or by sending a letter to our postal address. The withdrawal shall not affect the lawfulness of the processing of data that was carried out on the basis of the consent until receipt of the notice of withdrawal. After receipt of the notice of withdrawal, the processing of data, which was based exclusively on your consent, will be ceased.
8.8 Right to lodge a complaint
If you believe that the processing of personal data relating to you is unlawful, you may lodge a complaint with a data protection supervisory authority having jurisdiction over your habitual residence, place of work or the place of the alleged infringement.