Career
Data protection

Privacy Policy

VRT Partnerschaft mbB Chartered Accountants – Tax Consultants – Lawyers

Dipl.-Kfm. Peter Radermacher
Graurheindorfer Str. 149a
53117 Bonn
Phone +49 (0) 228 26792 0
Fax +49 (0) 228 26792 30
E-mail p.radermacher(at)vrt.de

The data protection officer of the person responsible is:

Alexander Paesen
DATEV eG, Niederlassung
Im MediaPark 5, 50670 Köln
Email: Datenschutz(at)vrt.de

I. General Information on Data Processing

Scope of Personal Data Processing

We generally only process personal data of our users to the extent necessary to provide a functional website and our content and services. Processing of personal data regularly occurs only with user consent. An exception applies in cases where prior consent is not practically possible and data processing is permitted by law.

Legal Basis for Processing Personal Data

  • Consent: Art. 6 (1) lit. a GDPR
  • Contract performance: Art. 6 (1) lit. b GDPR (including pre-contractual measures)
  • Legal obligation: Art. 6 (1) lit. c GDPR
  • Vital interests: Art. 6 (1) lit. d GDPR
  • Legitimate interests: Art. 6 (1) lit. f GDPR

Data Deletion and Storage Duration

Personal data is deleted or blocked as soon as the storage purpose ceases to exist. Storage may continue if required by European or national legislation. Data is also blocked or deleted when prescribed storage periods expire, unless further storage is necessary for contract conclusion or fulfillment.

II. Website Provision and Log File Creation

Description and Scope of Data Processing

Our system automatically collects data and information from the accessing computer system with each website visit.

The following data is collected:

  1. Browser type and version information
  2. User’s operating system
  3. Date and time of access
  4. Websites from which the user’s system reached our website
  5. Websites accessed by the user’s system via our website

This data is stored in our system’s log files. IP addresses and other data enabling user identification are not stored together with other personal data.

Legal Basis

Art. 6 (1) lit. f GDPR

Purpose of Data Processing

Temporary IP address storage is necessary to deliver the website to the user’s computer. The IP address must remain stored for the session duration. Our legitimate interest in data processing lies in these purposes.

Storage Duration

Data is deleted when no longer necessary for collection purposes. For website provision data, this occurs when the respective session ends.

Objection and Removal Options

Data collection for website provision and log file storage is mandatory for website operation. Users therefore have no objection option.

III. Use of Cookies

a) Description and Scope of Data Processing

Our website uses cookies – text files stored in or by the internet browser on the user’s computer system. When accessing a website, a cookie may be stored on the user’s operating system containing a characteristic string enabling unique browser identification upon website revisit.

We use cookies to make our website more user-friendly. Some website elements require browser identification even after page changes.

Cookies store and transmit the following data:

  1. Language settings
  2. Shopping cart items
  3. Login information

We also use analysis cookies that enable user surfing behavior analysis, transmitting:

  1. Entered search terms
  2. Page visit frequency
  3. Website function usage

User data collected this way is pseudonymized through technical measures, preventing user identification. Data is not stored together with other personal user data. Users are informed about analytical cookie usage via info banner and referred to this privacy policy, including instructions on preventing cookie storage in browser settings.

b) Legal Basis

Art. 6 (1) lit. f GDPR

c) Purpose of Data Processing

Technically necessary cookies simplify website usage. Some website functions cannot be offered without cookies requiring browser recognition after page changes.

We need cookies for:

  1. Language setting adoption
  2. Search term retention

Technically necessary cookie data is not used for user profiling. Analysis cookies improve our website quality and content. Through analysis cookies, we learn website usage patterns and can continuously optimize our offering. Our legitimate interest in processing personal data lies in these purposes according to Art. 6 (1) lit. f GDPR.

d) Storage Duration, Objection and Removal Options

Cookies are stored on and transmitted from the user’s computer. Users have full control over cookie usage. Browser setting changes can deactivate or restrict cookie transmission. Stored cookies can be deleted anytime, including automatically. Deactivating cookies for our website may prevent full functionality usage.

e) Google Analytics and Cookie Usage

This website uses Google Analytics, a web analytics service by Google Inc. (“Google”). Google Analytics uses “cookies” – text files stored on your computer enabling website usage analysis (visitor numbers, visitor sources, previously visited pages). Cookie-generated information about website usage is typically transmitted to and stored on Google servers in the USA.

Your IP address is anonymized on this website for privacy protection – Google shortens your IP address within EU member states or other EEA contracting states beforehand. Only exceptionally is the full IP address transmitted to Google servers in the USA and shortened there. This website has extended Google Analytics with “gat._anonymizeIp();” code to ensure anonymized IP address collection (IP masking).

On behalf of this website’s operator, Google uses this information to evaluate website usage, compile website activity reports, and provide other website and internet usage-related services. Your browser’s IP address transmitted within Google Analytics is not merged with other Google data. You can prevent cookie storage through appropriate browser software settings; however, this may prevent full website functionality usage. You can also prevent Google’s collection of cookie-generated data related to website usage (including IP address) and Google’s data processing by downloading and installing the browser plugin available at the link below.

Browser Add-on for Google Analytics Deactivation

IV. Newsletter

Description and Scope of Data Processing

Our website offers free newsletter subscription. Registration data from the input form is transmitted to us during newsletter signup.

Additionally collected registration data:

  1. Calling computer’s IP address
  2. Registration date and time

Your consent is obtained during registration and this privacy policy is referenced. No data is shared with third parties for newsletter processing. Data is used exclusively for newsletter delivery.

Legal Basis

Art. 6 (1) lit. a GDPR (with user consent)

Purpose of Data Processing

  • Email address collection serves newsletter delivery
  • Other personal data collection prevents service or email address misuse

Storage Duration

Data is deleted when no longer necessary for collection purposes. User email addresses are stored as long as newsletter subscription remains active.

Objection and Removal Options

Newsletter subscription can be cancelled anytime by affected users. Each newsletter contains an appropriate link for this purpose.

V. Contact Form and Email Contact

Description and Scope of Data Processing

Our website contains a contact form for electronic contact. When users utilize this option, input form data is transmitted and stored:

Additional data stored at message sending time:

  1. User’s IP address
  2. Registration date and time

Your consent is obtained during the sending process and this privacy policy is referenced. Alternatively, contact via provided email address is possible, storing personal data transmitted with the email. No data is shared with third parties. Data is used exclusively for conversation processing.

Legal Basis

  • With user consent: Art. 6 (1) lit. a GDPR
  • Email transmission: Art. 6 (1) lit. f GDPR
  • Contract-related email contact: Art. 6 (1) lit. b GDPR

Purpose of Data Processing

Input form personal data processing serves solely contact processing. For email contact, this represents our required legitimate interest in data processing. Other personal data processed during sending prevents contact form misuse and ensures our IT system security.

Storage Duration

Data is deleted when no longer necessary for collection purposes. For contact form and email personal data, this occurs when the respective user conversation ends – determined when circumstances indicate the matter is conclusively resolved. Additional personal data collected during sending is deleted within seven days maximum.

Objection and Removal Options

Users can revoke consent for personal data processing anytime. Email contact users can object to personal data storage anytime, preventing conversation continuation. All personal data stored during contact is deleted in such cases.

VI. Rights of Data Subjects

When personal data concerning you is processed, you are a data subject under GDPR with the following rights:

Right of Access

You may request controller confirmation whether personal data concerning you is processed. If such processing exists, you may request information about:

  1. Processing purposes
  2. Personal data categories processed
  3. Recipients or recipient categories to whom personal data was or will be disclosed
  4. Planned storage duration or storage duration criteria
  5. Rights to rectification, erasure, processing restriction, or objection
  6. Right to lodge complaints with supervisory authorities
  7. Available information about data origin when not collected from the data subject
  8. Existence of automated decision-making including profiling per Art. 22 (1) and (4) GDPR

You have the right to request information about personal data transfer to third countries or international organizations, including appropriate safeguards per Art. 46 GDPR.

Right to Rectification

You have the right to rectification and/or completion from the controller if processed personal data concerning you is inaccurate or incomplete. The controller must make corrections without delay.

Right to Restriction of Processing

You may request processing restriction of personal data concerning you under the following conditions:

  1. When you contest data accuracy for a duration enabling controller verification
  2. When processing is unlawful and you decline data erasure, requesting usage restriction instead
  3. When the controller no longer needs personal data for processing purposes, but you need it for legal claims, or when you have objected to processing per Art. 21 (1) GDPR pending determination of overriding legitimate grounds

When processing restriction is implemented, such data may only be processed with your consent or for legal claims assertion, exercise, or defense, or for protecting other natural or legal persons’ rights, or for important Union or Member State public interests.

Right to Erasure

a) Erasure Obligation

You may request immediate personal data erasure from the controller, who must delete such data immediately if:

  1. Personal data is no longer necessary for collection or processing purposes
  2. You withdraw consent per Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR without alternative legal basis
  3. You object per Art. 21 (1) GDPR without overriding legitimate processing grounds, or object per Art. 21 (2) GDPR
  4. Personal data was unlawfully processed
  5. Erasure is necessary for legal obligation compliance under Union or Member State law
  6. Personal data was collected for information society services per Art. 8 (1) GDPR
b) Information to Third Parties

When the controller has made personal data public and is obligated to erase it, reasonable measures including technical ones are taken to inform other data controllers processing the personal data about your erasure request.

c) Exceptions

Erasure rights don’t apply when processing is necessary for:

  1. Freedom of expression and information exercise
  2. Legal obligation compliance or public interest tasks
  3. Public health reasons per Art. 9 (2) lit. h and i, Art. 9 (3) GDPR
  4. Public interest archiving, scientific/historical research, or statistical purposes per Art. 89 (1) GDPR
  5. Legal claims assertion, exercise, or defense

Right to Information

When asserting rectification, erasure, or processing restriction rights, the controller must inform all recipients of such rectification, erasure, or restriction unless impossible or involving disproportionate effort. You have the right to be informed about these recipients.

Right to Data Portability

You have the right to receive personal data you provided to the controller in structured, common, machine-readable format. You also have the right to transmit this data to another controller without hindrance, provided:

  1. Processing is based on consent per Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR or contract per Art. 6 (1) lit. b GDPR
  2. Processing is carried out using automated procedures

You may also request direct data transmission between controllers when technically feasible. Other persons’ freedoms and rights must not be affected. Data portability rights don’t apply to processing necessary for public interest tasks or official authority exercise.

Right to Object

You have the right to object anytime to personal data processing based on Art. 6 (1) lit. e or f GDPR for reasons relating to your particular situation; this includes profiling based on these provisions. The controller will no longer process personal data unless demonstrating compelling legitimate grounds overriding your interests, rights, and freedoms, or processing serves legal claims purposes.

For direct marketing processing, you may object anytime to personal data processing for such marketing purposes, including related profiling. Upon direct marketing objection, personal data will no longer be processed for these purposes. You may exercise objection rights through automated procedures using technical specifications in connection with information society services.

Right to Withdraw Data Protection Consent

You may withdraw your data protection consent declaration anytime. Consent withdrawal doesn’t affect processing lawfulness based on consent until withdrawal.

Automated Individual Decision-Making Including Profiling

You have the right not to be subject to decisions based solely on automated processing – including profiling – producing legal effects or similarly significantly affecting you. This doesn’t apply when the decision:

  1. Is necessary for contract conclusion or performance between you and the controller
  2. Is permitted by Union or Member State law containing appropriate rights and freedoms safeguards
  3. Is made with your explicit consent

Such decisions may not be based on special personal data categories per Art. 9 (1) GDPR unless Art. 9 (2) lit. a or g GDPR applies with appropriate rights and freedoms protection measures. For cases (1) and (3), the controller takes reasonable measures to safeguard rights, freedoms, and legitimate interests, including at least rights to human intervention, viewpoint expression, and decision contestation.

Right to Lodge Complaints with Supervisory Authorities

Without prejudice to other administrative or judicial remedies, you have the right to lodge complaints with supervisory authorities, particularly in your residence, workplace, or alleged infringement location Member State, if you believe personal data processing violates GDPR. The complaint supervisory authority informs complainants about complaint status and outcomes, including judicial remedy possibilities per Art. 78 GDPR.

Status and Updates of This Privacy Policy

This privacy policy is current as of May 25, 2018. We reserve the right to update the privacy policy as appropriate to improve data protection and/or adapt to changed official practices or case law.