Data privacy policy

1. Data protection at a glance

General information

The following information explains what happens to your personal data when you visit this website. Personal data means any information that can be used to identify you personally. More detailed information on data protection is available in our Data Privacy Policy below.

How is data recorded on this website?

Who is responsible for recording data on this website?

Data on this website is processed by the operator of the website. You can find their contact details under “Note regarding the controller” in this Privacy Policy.

How do we collect your data?

We collect data whenever you provide us with personal data, for instance by entering such data into a contact form. Other data is recorded by our IT systems automatically or after your consent whenever you visit the website. This refers primarily to technical data (e.g. internet browser, operating system or the time the site is visited). The data is recorded automatically as soon as you open this website.

How do we use your data?

Some data is collected to ensure smooth operation of the website. Other data may be used to analyze the way you use the website.

What rights do you have in connection with your personal data?

You have the right to request, at any time and free of charge, information on the origin, recipients and purpose of the personal data concerning you that we have stored. You further have the right to request rectification or erasure of such data. You may revoke any consent given for your data to be processed at any time with effect for the future. You also have the right to request for the processing of your personal data to be restricted under certain circumstances.
Moreover, you have the right to lodge a complaint with the competent supervisory authority. Please feel free to contact us any time if you have any questions in this respect or in connection with other data protection topics.

Analysis tools and third party tools

Your internet behavior may be statistically analyzed when you visit this website, primarily through the use of cookies and analysis programs.
More detailed information on these analysis programs is available in the following Privacy Policy.

2. Hosting

External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers and may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access attempts and other data generated via a website.
The host is needed for the purpose of performing the contract with our potential and existing customers (point (b) of Art. 6(1) GDPR) and in the interest of our online offer being provided securely, fast and efficiently by a professional provider (point (f) of Art. 6(1) GDPR).
Our host will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions in respect of this data.

We use the following host:

Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp

Data processing agreement

We have concluded a data processing agreement (DPA) with the above provider. This is a contract required under data protection law, which ensures that the provider only processes the personal data of our website visitors as instructed by us and in a GDPR-compliant way.

3. General information and compulsory information

Data protection

The operators of this website are highly committed to protecting your personal data. We treat your personal data confidentially and comply with the legal data protection rules and this Privacy Policy.
We collect several types of personal data whenever you use this website.
Personal data means information that can be used to identify you personally. The following Data Privacy Policy explains what data we collect, and for which purposes we use such data. It also explains how we do this and for what purposes.
We would like to point out that data transmission over the internet (like when communicating by email) may be subject to security problems. It is impossible to completely protect data from unauthorized third-party access.

Note regarding the controller

The party responsible for processing data on this website (i.e. the controller) is:

Thomas Breit
Tax consultant
Am Kaiserkai 69
20457 Hamburg
Phone: +49 40 443311
Email: anfrage@steuerberatung-breit.de

Controller means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. name, email address, etc.).

Retention period

Unless a more specific retention period has been stipulated in this Privacy Policy, we will retain possession of your personal data until the purpose for the processing thereof no longer exists. If you assert a justified request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. retention periods as required under tax or commercial law); where the latter applies, the data will be erased once the reasons in question no longer apply.

Data Protection Officer

We have appointed a data protection officer for our company.

External data protection officer DSBOK
Oliver Krause
Phone number: 06144 402197
Email: breit@dsbok.de

Note on the transfer of data to the USA and other third countries

Some of the tools we use are from companies based in the USA or other third countries that are not deemed secure from a privacy law perspective. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that privacy comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are required to disclose personal data to security agencies without you, the data subject, being able to take legal action to prevent this. This means that the possibility of US authorities (e.g. intelligence agencies) processing, evaluating and permanently storing your data located on US servers for surveillance purposes cannot be ruled out. We have no influence over these processing activities.

Withdrawal of your consent to data processing

Many types of data processing may only be performed with your explicit consent. Once given, you may withdraw your consent at any time. The withdrawal does not affect the lawfulness of data processing performed up to the time the consent is withdrawn.

Right to object to data being collected in special cases and to direct marketing (Art. 21 GDPR)

IN CASES WHERE DATA PROCESSING TAKES PLACE ON THE BASIS OF POINTS E OR F OF ART. 6 (1) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL STOP PROCESSING YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR SUCH PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).
WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR DIRECT MARKETING PURPOSES (OBJECTION IN ACCORDANCE WITH ART. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In cases of GDPR infringements, data subjects have the right to lodge a complaint with a supervisory authority, especially in the Member State of their habitual residence, their place of work or the place of the alleged infringement. Said right to lodge a complaint does not affect the right to take recourse to any other administrative or judicial remedies.

Right to data portability

You have the right to receive the personal data concerning you, which we process digitally on the basis of your consent or in order to perform a contract, in a commonly used and machine-readable format either through transmission of such data to you or a third party. We can only meet your request to directly transmit the data to another controller as far as this is technically feasible.

SSL or TLS encryption

For security reasons and in order to protect the transmission of confidential contents, such as the content in orders or enquiries that you send to us as the site operator, we use SSL or TLS encryption. If you are using a site with an encrypted connection, the address line of your browser will change from “http://” to “https://” and display a lock icon. Third parties will be unable to read the data you send to us if SSL or TLS encryption is enabled.

Information, erasure, and rectification

The applicable legal provisions grant you the right to receive information on the personal data concerning you that is stored, to receive information about the origin and recipients of such data and the purpose of data processing and, if applicable, the right to have such data rectified or erased. Please feel free to contact us any time if you have any questions in this respect or in connection with other personal data topics.

Right to restriction of processing

You have the right to request for the processing of your personal data to be restricted.
You can contact us any time here in this matter. The right to restriction of processing exists in the following cases:

If you contest the accuracy of your personal data stored by us, we usually need time to review this. You have the right to request for the processing of your personal data to be restricted for the duration of the review.
If your personal data was/is being processed unlawfully, you
may ask for the processing of data to be restricted instead of erasure.
If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request for the processing of your personal data to be restricted instead of erasure.
If you have lodged an objection pursuant to Art. 21 (1) GDPR, an evaluation to balance your interests and ours must be carried out. As long as it has not been determined whose interests prevail, you have the right to request for the processing of your personal data to be restricted for the duration of the review.
If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or so as to protect the rights of another natural or legal person or on the grounds of an important public interest of the European Union or a Member State.

Objection to email marketing

An objection is hereby made to contact details published as part of the duty to have a legal notice being used to send marketing and information material that have not been expressly requested. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of marketing information, such as spam emails.

4. How is data recorded on this website?

Cookies

Our sites use cookies, which are small text files and do not harm your terminal. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal. Session cookies are automatically deleted when you leave the website. Permanent cookies remain stored on your terminal until you delete them yourself or until they are automatically deleted by your web browser.

Cookies from third-party companies may also be stored on your terminal when you visit our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are necessary from a technical standpoint, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required for the electronic communication process (necessary cookies), to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure visitor activity) are stored on the basis of point (f) of Art. 6(1) GDPR, unless another legal basis is specified. The operator has a legitimate interest in storing cookies in order to provide its services without technical faults and in an optimal way. If consent to the storage of cookies has been requested, the cookies in question are stored exclusively on the basis of on this consent (point (a) of Art. 6(1) GDPR); said consent can be revoked at any time.

You can adapt the settings of your browser to warn you whenever cookies are placed or to accept cookies on a case-by-case basis or to exclude the acceptance of cookies in certain cases or in general or to automatically delete cookies when the browser is shut down. Deactivating cookies may limit the functionality of the website. If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this Privacy Policy and, if necessary, seek your consent.

Consent with Cookiebot

Our website uses the Cookiebot consent technology to obtain your consent to the storage of certain cookies on your terminal or to the use of certain technologies and to document said consent in accordance with privacy laws. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”).

When you access our website, a connection is established to Cookiebot’s servers to obtain your consent and other declarations on cookie use. Cookiebot then stores a cookie in your browser in order to be able to allocate the consents granted by you or their revocation. The data collected in this way is stored until you request erasure thereof, you erase the Cookiebot cookie yourself, or until the purpose for storing the data no longer applies. Any mandatory statutory retention obligations remain unaffected.

Cookiebot is used in order to obtain consent, as required by law, for cookies to be used. The legal basis for this is point (c) of Art. 6(1) GDPR.

Data processing agreement

Server log files

The provider of the sites automatically collects and stores information in so-called server log files that your browser automatically transmits to us. This information refers to:

type and version of your browser
the operating system used
referrer URL
host name of the accessing compute7. r
time of server request
IP address

This data is not combined with other data sources.
This data is collected on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in ensuring its website is shown without any technical errors and optimized – it is for this purpose that the server log files must be recorded.

Contact form

Whenever you send us a request via contact form, we will store the data you provide in the form including the contact details for the purpose of handling the request and answering any follow-up questions that might arise. We do not forward such data to third parties without your consent.

This data is processed on the basis of point (b) of Art. 6(1) GDPR, provided that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, processing is based on our legitimate interest in ensuring that any inquiries addressed to us are handled effectively (point (f) of Art. 6(1) GDPR) or based on your consent (point (a) of Art. 6(1) GDPR) if this was requested.

We store the data you provide in the contact form until you request that we erase such data, withdraw your consent to store such data or when the purpose for storing such data no longer exists (for instance after your request has been dealt with). This does not affect the mandatory legal provisions (in particular retention periods).

Request by email, phone or fax

If you contact us by email, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of dealing with your request. We do not forward such data to third parties without your consent.

We store the data sent by you to us in your inquiry until you request that we erase such data, withdraw your consent to store such data or when the purpose for storing such data no longer exists (for instance after your request has been dealt with). This does not affect the mandatory legal provisions (in particular statutory retention periods).

Communication via WhatsApp

We use a number of different channels to communicate with our customers and other third parties, including the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication using this service involves end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the content of the message. However, WhatsApp does get access to metadata that is created during the communication process (e.g. sender, recipient, and time). We would also like to draw your attention to the fact that WhatsApp, according to the company itself, shares the personal data of its users with its parent company Facebook, which is based in the USA. For more details on how data is processed, please see WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/privacy-policy-eea?lang=en.

WhatsApp is used on the basis of our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties and other business and contact partners (point (f) of Art. 6(1) GDPR). Where consent has been requested, data is processed exclusively on the basis of the consent, which can be revoked at any time with effect for the future.
We store the content of messages sent using WhatsApp until you request that we erase such data, withdraw your consent to store such data or when the purpose for storing such data no longer exists (for instance after your request has been dealt with). This does not affect the mandatory legal provisions (in particular retention periods).

5. Social media

Facebook plugins (Like & Share button)

This website uses plugins of the social network Facebook. The provider of this service is
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, Facebook states that the collected data is also transferred to the USA and other third countries.
You can recognize the Facebook plugins by the Facebook logo or the “Like” button on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=en_US.

When you visit this website, a direct connection is established between your browser and the Facebook server via the plugin, which means that Facebook receives the information that you have visited this website using your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile, which allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the website provider, have no knowledge of the content of the transmitted data or its use by Facebook. See Facebook’s privacy policy for further information here:
https://www.facebook.com/privacy/explanation.

If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.
Facebook plugins are used on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in attaining the highest level of visibility on social media. Where consent has been requested, data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.
Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR).

Said joint responsibility is limited exclusively to the collection of the data and the transfer thereof to Facebook. Where data is subsequently processed by Facebook, this does not fall under this joint responsibility. The obligations jointly incumbent upon us have been set out in an agreement on joint processing. Click on the following link for details on the agreement:
https://www.facebook.com/legal/controller_addendum. This agreement stipulates that we are responsible for providing privacy information when using the Facebook tool and for implementing the tool on our website in a privacy-compliant way. Facebook is responsible for ensuring data security in Facebook products. You can assert data subject rights (e.g. requests for information) in respect of data processed by Facebook directly with Facebook. If you assert data subject rights with us, we are required to forward this to Facebook.
Data is transferred to the USA in line with the European Commission’s standard contract clauses.

See here for details:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://www.facebook.com/help/566994660333381 and
https://www.facebook.com/policy.php.

LinkedIn plugin

This website uses functions of the network LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page of this website containing functions of LinkedIn is accessed, a connection to servers of LinkedIn is established. LinkedIn is informed that you have visited this website using your IP address. If you click the “Recommend Button” of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to this website to you and your user account. We would like to point out that we, as the website provider, have no knowledge of the content of the transmitted data or its use by LinkedIn.

LinkedIn plugins are used on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in attaining the highest level of visibility on social media. Where consent has been requested, data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.
Data is transferred to the USA in line with the European Commission’s standard contract clauses.

See here for details:
https://www.linkedin.com/help/linkedin/answer/62533/eu-eea-and-swiss-data-transfers?lang=en
See LinkedIn’s privacy policy for further information here:
https://www.linkedin.com/legal/privacy-policy.

6. Tools for analysis and marketing

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It is only used for administering and implementing the tools integrated via it. However, Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States.
Google Tag Manager is used on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in having various tools incorporated and managed on its website in a fast and uncomplicated way. Where consent has been requested, data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.

Google Analytics

This website uses the features of the Google Analytics web analysis service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. In this context, the website operator receives a range of usage data, such as page views, duration of visit, operating systems used and where the user comes from. This data may be summarized by Google in a profile that is assigned to the respective user or their terminal.
We may also use Google Analytics to record other things such as your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the data it collects and employs machine learning technologies in its data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information concerning your use of the website collected by Google is usually transmitted to a Google server in the US and stored there.

This analysis tool is used on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in analyzing the user behavior in order to optimize both its internet offering and its marketing. Where consent has been requested (e.g. consent to store cookies), data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.
Data is transferred to the USA in line with the European Commission’s standard contract clauses.

See here for details:
https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

We have activated the IP anonymization function on this website, which means your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the US. Only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there. Google will use this information on behalf of the website operator to evaluate your use of the website, to compile reports about website activity, and to provide further services associated with website and internet use vis-à-vis the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=en.
Google’s privacy policy provides more information on how user data is treated by Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de.

Data processing agreement

We have entered into a data processing agreement with Google and implement in full the stringent
requirements of the German data protection authorities when using Google Analytics.

Retention period

Data stored by Google at the user and event level that is linked to cookies, user IDs (e.g. UserID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or erased after two months. See the following link for further details here:
https://support.google.com/analytics/answer/7667196?hl=en

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from the provider Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be placed on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). We as a website operator can evaluate this data quantitatively by analyzing, for example, which search terms led to our ads being displayed and how many of these generated clicks.

Google Ads is used on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in marketing its services as effectively as possible.
Data is transferred to the USA in line with the European Commission’s standard contract clauses.

See here for details:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.

Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes user behavior on our website (e.g. clicking on certain products) in order to assign you to certain advertising target groups and then show you suitable advertising messages when you visit other online offers (remarketing or retargeting).
The advertising target groups created with Google Remarketing can also be linked with Google’s cross-device functions. This way, customized advertising messages that were adapted to your interests based on earlier user and internet behavior on one terminal (for instance your mobile phone) can also be shown on another terminal (e.g., tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.

Google Remarketing is used on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in marketing its products as effectively as possible. Where consent has been requested, data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.

More information and the data protection provisions are available in the Google privacy policy at: https://www.google.com/policies/technologies/ads/.

Google conversion tracking

This website uses Google conversion tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google conversion tracking allows Google and us to recognize whether the user has performed certain actions. This means we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who clicked on our ads and what actions they took. We do not receive any information that serves to personally identify users. Google itself uses cookies or comparable recognition technologies for identification purposes.

Google conversion tracking is used on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in analyzing the user behavior in order to optimize both its internet offering and its marketing. Where consent has been requested (e.g. consent to store cookies), data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.

More information on Google conversion tracking is available in the Google privacy policy:
https://policies.google.com/privacy?hl=en.

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion tracking. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. However, Facebook states that the collected data is also transferred to the USA and other third countries.

This makes it possible to track the behavior of website visitors after they have been redirected to the provider’s website by clicking on a Facebook ad, enabling the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous for us as the operator of this website. We are unable to draw any conclusions as to the identity of the users. The data is, however, stored and processed by Facebook, making it possible to establish a link to the respective user profile. Facebook can then use the data for its own advertising purposes, in accordance with the Facebook data policy. This enables Facebook to place ads on Facebook pages as well as outside of Facebook. We, the website operator, have no influence over how this data is used.

Facebook Pixel is used on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in having effective advertising measures including social media.
Where consent has been requested (e.g. consent to store cookies), data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.
Data is transferred to the USA in line with the European Commission’s standard contract clauses.

See here for details:
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://www.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR).

You can find more information about protecting your privacy in Facebook’s privacy policy:
https://www.facebook.com/about/privacy/.

You can also disable the Custom Audiences remarketing feature in the ads settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website:
https://www.youronlinechoices.com/uk/your-ad-choices.

7. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and agree to receive the newsletter. No other data is collected, unless this is done on a voluntary basis. We use the following newsletter service providers for our newsletters.

MailChimp

This website uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that can be used for tasks such as organizing and analyzing the sending of newsletters.
If you enter data for the purpose of receiving the newsletter (e.g. email address), this data is stored on MailChimp’s servers in the US.

We can use MailChimp to analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (called a web beacon) connects to MailChimp’s servers in the US. This makes it possible to determine whether a newsletter has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. access time, IP address, browser type and operating system). This information cannot be linked to the respective newsletter recipient and is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you do not want MailChimp to analyze your data, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter that enables you to do this.
Data is processed on the basis of your consent (point (a) of Art. 6(1) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. Revoking consent does not affect the lawfulness of data processing performed up to the time the consent is revoked.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be removed from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
Data is transferred to the USA in line with the European Commission’s standard contract clauses.

See here for details:
https://mailchimp.com/eu-us-data-transfer-statement/ and
https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you have unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data.
This is both in your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest as defined by point (f) of Art. 6(1) GDPR). The data can be stored in the blacklist indefinitely. You can object to said storage if your interests outweigh our legitimate interest.

For more details, please refer to MailChimp’s privacy policy at:
https://mailchimp.com/legal/terms/.

8. Plugins and tools

YouTube with enhanced privacy

This website embeds videos from YouTube. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in its privacy-enhanced mode. According to YouTube, this mode stops YouTube from storing any information about visitors to this website before they watch the video. The transfer of data to YouTube partners, on the other hand, is not necessarily ruled out when in privacy-enhanced mode. This means that YouTube – regardless of whether you watch a video – connects to the Google DoubleClick network.

As soon as you launch a YouTube video on this website, a connection to YouTube’s servers is established and informs the YouTube server which of our sites you visited.

When you are logged into your YouTube account, you enable YouTube to directly attribute your internet behavior to your personal profile. You can prevent this by logging out of your YouTube account. YouTube may also store various cookies on your terminal after launching a video or use other such recognition technologies (e.g. device fingerprinting). This is how YouTube can obtain information about visitors to this website, which can then be used for activities such as collecting video statistics, improving the user experience and preventing fraud. It is also possible that other data processing actions are triggered when a YouTube video is launched, over which we have no influence.

We use YouTube in order to present our online offerings in an attractive manner. This constitutes a legitimate interest in terms of point (f) of Art. 6 (1) GDPR. Where consent has been requested, data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.

For more information about privacy at YouTube, please see their privacy policy at:
https://policies.google.com/privacy?hl=en.

Vimeo without tracking (Do-Not-Track)

This website uses plugins for the Vimeo video portal. The service is offered by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

Whenever you visit one of our sites with a Vimeo video, a connection is established with the Vimeo servers and informs the Vimeo server which of our sites you visited. Vimeo further obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activity or set cookies.
We use Vimeo in order to present our online offerings in an attractive manner. This constitutes a legitimate interest in terms of point (f) of Art. 6 (1) GDPR. Where consent has been requested, data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.
Data is transferred to the US on the basis of the standard contractual clauses of the European Commission and, according to Vimeo, “legitimate business interests”.

See here for details:
https://vimeo.com/privacy.

More information on how user data is dealt with is available in the Vimeo privacy policy at:
https://vimeo.com/privacy.

Google Web Fonts (local hosting)

In order to uniformly display fonts this site uses so-called Web Fonts provided by Google. Google Fonts are installed locally. No connection is established to Google servers.

More information on Google Web Fonts is available at https://developers.google.com/fonts/faq and in the privacy policy of Google:
https://policies.google.com/privacy?hl=en.

Google Maps

This site uses Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Your IP address needs to be stored to use the functions of Google Maps. This information is usually transmitted to a Google server in the US and stored there. The provider of this site has no influence on this data transmission. If Google Maps is enabled, Google may use Google Web Fonts to display fonts in a uniform way. When you visit Google Maps, the browser downloads the required Web Fonts into your browser cache to be able to correctly show text and fonts.

Google Maps is used to make our online offering more attractive and to help find the locations mentioned on the website more easily. This constitutes a legitimate interest in terms of point (f) of Art. 6 (1) GDPR. Where consent has been requested, data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.
Data is transferred to the USA in line with the European Commission’s standard contract clauses.

See here for details:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on how user data is dealt with is available in the Google privacy policy at:
https://policies.google.com/privacy?hl=en.

Google reCAPTCHA

We use Google reCAPTCHA (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to verify whether the data entered on this website (e.g. in a contact form) is done by a human or by an automated program. To this end, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor opens the website. reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user) for its analysis. The data collected during the analysis is forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not made aware that an analysis is taking place.
Data is stored and analyzed on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spamming. Where consent has been requested, data is processed exclusively on the basis of point (a) of Art. 6(1) GDPR, which can be revoked at any time.

For more information about Google reCAPTCHA, please see the Google privacy policy and terms of service at the following links:
https://policies.google.com/privacy?hl=en and
https://policies.google.com/terms?hl=en.

9. Audio and video conferences

Data processing

We use online conferencing tools, for example, to communicate with our customers. The tools we specifically use are listed below. Your personal data is collected and processed by us and the provider of the respective conferencing tool when you communicate with us via a video or audio link over the Internet.
The conferencing tools collect all data that you provide/enter to use the tools (email address and/or your phone number). The conferencing tools also process how long the conference lasts, when participation in the conference starts and ends (time), the number of participants and other “context information” related to the communication process (metadata).

Furthermore, the tool provider processes any and all technical data required to handle online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and connection type.
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes things such as cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have full control over how the tools use and process data. What we are able to do depends largely on the policy of the respective provider. For further information on how data is processed by the conferencing tools, please refer to the privacy policies of the respective tools used, which we have listed below.

Purpose and legal bases

The conferencing tools are used to communicate with prospective or existing contract partners or to offer certain services to our customers (point (b) of Art. 6(1) GDPR). Furthermore, using the tools is aimed at generally simplifying and accelerating communication with us or our company (legitimate interest as defined by point (f) of Art. 6(1) GDPR). Where consent has been requested, the tools in question are used on the basis of this consent, which can be revoked at any time with effect for the future.

Retention period

The data collected directly by us via the video and conferencing tools will be erased from our systems as soon as you ask us to do so, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal until you erase them. Any mandatory statutory retention periods remain unaffected.
We have no influence over how long your data is stored by the conferencing tool operators for their own use. Please contact the conferencing tool operators directly for further information here.

Conferencing tools used

We use the following conferencing tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on how data is processed, please refer to the Microsoft Teams privacy policy:
https://privacy.microsoft.com/en-us/privacystatement.

Data processing agreement

We have concluded a data processing agreement (DPA) with the above provider.
This is a contract required under data protection law, which ensures that the provider only processes the personal data of our website visitors as instructed by us and in a GDPR-compliant way.

10. How we use social media

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks used by us can be found below.
Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (such as like buttons or advertising banners). Visiting our social media pages triggers numerous privacy-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media page, the operator of the social media platform can link this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media platform. Data is collected here, for example, via cookies that are stored on your terminal or by recording your IP address.

The operators of social media platforms can use data collected in this way to create user profiles in which your preferences and interests are stored. This means you can be shown interest-based advertising while on or even away from the respective social media platform. If you have an account with the respective social network, such interest-based advertising may be displayed on all devices on which you are or were logged in.

Please also note that we are unable to see how data is processed in full on the social media platforms. This means that, depending on the provider, social media platform operators might undertake further processing.
For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal basis

Our social media pages are designed to ensure the highest possible degree of visibility online. This constitutes a legitimate interest in terms of point (f) of Art. 6(1) GDPR. The analytical processes initiated by the social networks may be based on different legal bases. These must be specified by the social network operators (e.g. consent as defined by point (a) of Art. 6(1) GDPR).

Controller and assertion of rights

If you visit one of our social media pages (e.g. Facebook), we are jointly responsible with the social media platform operator for any data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) vis-à-vis both us and the operator of the respective social media platform (e.g. vis-à-vis Facebook).
Please note that, despite the joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media platforms. What we are able to do depends largely on the policy of the respective provider.

Retention period

The data collected directly by us via our social media pages will be erased from our systems as soon as you ask us to do so, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal until you erase them. This does not affect the mandatory legal provisions (in particular retention periods). We have no influence over how long your data is stored by the social network operators for their own use. For details, please contact the social network operators directly (or consult their privacy policy, see below).

Specific information about social networks

Facebook

We have a Facebook profile. This service is provided by Facebook Ireland Limited, 4
Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook states that the collected data is also transferred to the USA and other third countries.
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads.

Data is transferred to the USA in line with the European Commission’s standard contract clauses.
See here for details:
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://www.facebook.com/help/566994660333381.

Please refer to the Facebook privacy policy for details:
https://www.facebook.com/about/privacy/.

Instagram

We have an Instagram profile. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data is transferred to the USA in line with the European Commission’s standard contract clauses.
See here for details:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://help.instagram.com/519522125107875 and
https://www.facebook.com/help/566994660333381.

Please refer to Instagram’s privacy policy for details on how they handle your personal data:
https://help.instagram.com/519522125107875.

XING

We have a XING profile. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Please refer to XING’s privacy policy for details on how they handle your personal data:
https://privacy.xing.com/en/privacy-policy.

LinkedIn

We have a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton
Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you would like to disable LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data is transferred to the USA in line with the European Commission’s standard contract clauses.
See here for details:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.

Please refer to LinkedIn’s privacy policy for details on how they handle your personal data:
https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a YouTube profile. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Please refer to YouTube’s privacy policy for details on how they handle your personal data:
https://policies.google.com/privacy?hl=en.

Data privacy policy

1. Data protection at a glance

2. Hosting

3. General information and compulsory information

4. How is data recorded on this website?

5. Social media

6. Tools for analysis and marketing

7. Newsletter

8. Plugins and tools

9. Audio and video conferences

10. How we use social media

How you benefit from working with Thomas Breit Tax Services

Legally binding statements by the tax authorities form the basis of decision-making

Comprehensive advice

Flexible and future-proof

Experience and expertise

Focus on German and European legal corporate structures

This is what our clients have to say about us

You are seeking advice? I look forwards to hearing from you.

A few words before we start

From our blog

Hidden profit distribution: This leads to you or your company being liable to prosecution

Atypical silent partnership with a limited liability company (GmbH): More liquidity, less taxes

Familien-GmbH: What is it and how do you benefit from it?

Thomas Breit Steuerberatung