according to Art. 12 ff. DS-GVO
Contact details of the responsible person
Contact details (business)
Company: VRT Linzbach, Löcherbach und Partner mbB. Chartered Accountants - Tax Consultants - Lawyers - Sworn. Buchprüfer
Address: Graurheindorfer Str. 149a - 53117 Bonn
Telephone: +49 (0) 228 26792 0
Fax: +49 (0) 228 26792 30
Contact details of the data protection officer
Contact details (business)
Company: Dipl.-Wirtschaftsjurist (FH),Data Protection Auditor (TÜV) Markus Seifert
Address: DATEV eG, Branch Office - Hopfenstr. 65 - 69 - 24103 Kiel, Germany
Phone: +49 (0) 911 319 37051
Where do we obtain your personal data?
As a matter of principle, the collection of your data takes place at your site. The processing of the personal data provided by you is necessary for the fulfilment of the contractual obligations arising from the contract concluded with us. Due to your obligation to cooperate, it is unavoidable to provide the personal data requested by us, otherwise we will not be able to fulfil our contractual obligations. Accounting and/or tax disadvantages for you can otherwise no longer be excluded.
In the context of pre-contractual measures (e.g. master data collection in the interested party process), the provision of your personal data is necessary. If the requested data is not provided by you, a contract cannot be concluded.
In order to provide our services, it may be necessary to process personal data that we have received from other companies or other third parties, e.g. tax offices, your business partner or similar, in a permissible manner and for the respective purpose.
Furthermore, we may process personal data from publicly accessible sources, e.g. websites, which we use permissibly and only for the respective contractual purpose.
Purposes and legal basis of processing
The personal data provided by you will be processed in accordance with the provisions of the European Data Protection Regulation (DS-GVO) and the Federal Data Protection Act (BDSG):
Based on consent (pursuant to Art. 6 para. 1 lit. a DS-GVO).
The purposes of the processing of personal data result from the granting of consent. Consent given can be revoked by you at any time with effect for the future. Consent granted before the applicability of the GDPR (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation. Example: sending a newsletter, release from professional secrecy to pass on the data you have provided to third parties (e.g. banks, insurance companies, shareholders, etc.) at your request.
For the fulfilment of contractual obligations (pursuant to Art. 6 Para. 1 Lit. b DS-GVO)
The purposes of data processing result on the one hand from the initiation of pre-contractual measures that precede a contractually regulated business relationship and on the other hand for the fulfilment of obligations arising from the contract concluded with you.
Due to legal requirements (pursuant to Art. 6 Para. 1 Lit. c DS-GVO) or in the public interest (pursuant to Art. 6 Para. 1 Lit. e DS-GVO).
The purposes of the data processing result from legal requirements or are in the public interest (e.g. compliance with retention obligations, proof of compliance with reference and information obligations of the tax advisor).
Within the framework of the balancing of interests (pursuant to Art. 6 para. 1 lit. f DS-GVO)
The purposes of the processing result from the protection of our legitimate interests. It may be necessary to process the data provided by you beyond the actual performance of the contract. Our legitimate interest may be used to justify the further processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. Our legitimate interest in individual cases may be: Assertion of legal claims, defence against liability claims, prevention of criminal offences.
Who receives the personal data you provide?
Within our company, the areas that receive access to the personal data you have provided are those that need it to fulfil contractual and legal obligations and are authorised to process this data.
In fulfilment of the contract concluded with you, only those departments will receive the data you have provided that require it for legal reasons, e.g. financial authorities, social insurance institutions, competent authorities and courts.
As a professional secrecy holder, we are obliged to observe and implement professional secrecy. Other recipients will only receive the data you have provided at your request if you release us from the obligation of professional secrecy.
Within the scope of our service provision, we commission processors who contribute to the fulfilment of our contractual obligations, e.g. computer centre service providers, IT partners, document shredders, etc. These processors are contractually appointed by us. These processors are contractually obliged by us to observe professional secrecy and to comply with the provisions of the DS-GVO and the BDSG.
Will the data you provide be transferred to third countries or international organisations?
Your data will never be transferred to a third country or an international organisation. If, in individual cases, you should wish the data you have provided to be transferred to a third country or an international organisation, we will only do so with your written consent and release from the obligation of professional secrecy.
Does automated decision-making including profiling take place?
No fully automated decision-making (including profiling) pursuant to Art. 22 DS-GVO is used to process the data you have provided.
Duration of processing (criteria for deletion)
The processing of the data provided by you is carried out for as long as it is necessary to achieve the contractually agreed purpose, in principle for as long as the contractual relationship with you exists. After termination of the contractual relationship, the data you have provided will be processed to comply with statutory retention obligations or on the basis of our legitimate interests. After the expiry of the statutory retention periods and/or the lapse of our legitimate interests, the data provided by you will be deleted.
Anticipated periods of the retention obligations incumbent on us and our legitimate interests:
Fulfilment of retention periods under commercial, tax and professional law. The periods specified there for storage or documentation are two to ten years. Preservation of evidence within the framework of the statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
Information about your rights
Right to rectification according to Art. 16 DS-GVO:
You have the right to request the controller to rectify your inaccurate personal data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Right to erasure ("right to be forgotten") pursuant to Art. 17 DS-GVO:
You have the right to demand that the controller delete your data without delay. The controller is obliged to delete personal data without delay if one of the following reasons applies:
Purposes for which the personal data was collected cease to exist.
You withdraw your consent to the processing. There is no other legal basis for the processing.
You object to the processing. There is no other legal basis for the processing.
The personal data have been processed unlawfully.
The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data have been collected in relation to information society services offered in accordance with Article 8(1).
Right to restriction of processing pursuant to Art. 18 DS-GVO &. § 35 BDSG:
You have the right to request the restriction of processing if one of the following conditions is met:
The accuracy of the personal data is doubted by you.
The processing is unlawful; however, you refuse to delete it.
Personal data is no longer required for the purposes of processing; however, you need the data to assert, exercise or defend legal claims.
You have objected to the processing pursuant to Art. 21 (1) DS-GVO. As long as it has not yet been determined whether the legitimate reasons of the controller prevail over yours, processing will be restricted.
Right to data portability pursuant to Art. 20 DS-GVO:
You have the right to receive the data provided by you in a structured, common and machine-readable format from the controller. We must not prevent the data from being forwarded to another controller.
Right of objection according to Art. 21 DS-GVO:
For this purpose, please contact the controller of the processing (see above).
Right to lodge a complaint with the supervisory authority pursuant to Art. 13 Para. 2 Lit. d, 77 DS-GVO in conjunction with § 19 BDSG:
If you are of the opinion that the processing of your data violates the DS-GVO, you have the right to lodge a complaint with the supervisory authority. To do so, please contact the competent supervisory authority.
Withdrawal of consent pursuant to Art. 7 (3) DS-GVO:
If the processing is based on your consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a (processing of special categories of personal data), you are entitled to withdraw the purposeful consent at any time without affecting the lawfulness of the processing carried out on the basis