Our privacy policy
1. General information
1.1 What is personal data
Personal data is information that reveals or can reveal the identity of the user. We adhere to the principle of data avoidance.
As far as possible, we refrain from collecting personal data.
1.2 Handling of personal data
Personal data is used exclusively for the establishment, content, implementation, or processing of the contractual relationship
(Art. 6 (1) (b) GDPR).
Beyond that, personal data will only be processed if we have obtained your consent (Art. 6 (1) (a) GDPR) or if the data
is necessary for our legitimate interests and if the balancing of interests shows that there are no overriding interests, fundamental rights, or
fundamental freedoms on your part (Art. 6 (1) (f) GDPR).
We may use processors to process your personal data, with whom we have concluded a contract for order processing where necessary ,
but we will not pass on personal data to third parties beyond this.
For the processing of payments, the payment data required for this purpose will be passed on to the credit institution commissioned with the payment and, if applicable, to the commissioned and selected
payment service provider.
Your personal data will be processed in the EU and in countries classified by the EU as secure or adequate. If personal data is processed
in the USA, we ensure that the services we use are certified under the “Data Privacy Framework”.
1.3 Usage data
When you visit the website, general technical information is collected. This includes the IP address used, the time, the duration of the visit, the browser type, and, if applicable, the referring website. For technical reasons, this usage data is recorded in a log file and may be
used and stored for the purpose of statistical analysis of this website. This usage data is not linked to your other personal data.
1.4 Duration of storage
Once the purpose for which the data was collected has been fulfilled, we will only store your personal data for as long as is necessary on the basis of legal
(in particular tax law) regulations.
The following retention periods apply in particular:
Tax and commercial accounting obligations
6 years (general)
10 years (accounting documents)
The period begins at the end of the calendar year in which the last entry was made in the book, the annual financial statements were prepared, the commercial or business letter was received or sent, or the accounting document was created, or the record was made, or the other
documents were created.
Invoices
10 years
Data protection consents for data processing
For the duration of the possibility of asserting rights by the
data subject(s)
(Electronic) correspondence that is not relevant for tax purposes
As long as this is necessary for the performance of tasks, unless the processing serves to assert, exercise, or defend legal claims
Usage data in accordance with section 1.3 of this privacy policy
Max. 30 days
2. Your rights
2.1 Information
You may request information from us as to whether we process your personal data and, if so, you have the right to obtain information about this personal data and the further information specified in Art. 15 GDPR.
2.2 Right to rectification
You have the right to have inaccurate personal data concerning you corrected and, in accordance with Art. 16 GDPR, you may request that incomplete personal data be completed.
2.3 Right to erasure
You have the right to request that we delete your personal data without delay. We are obliged to delete it immediately, in particular if one of the following reasons applies:
∙ Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
∙ You withdraw your consent on which the processing of your data was based, and there is no other legal basis for the processing.
∙ Your data has been processed unlawfully.
The right to erasure does not apply if your personal data is required for the assertion, exercise, or defense of our legal claims.
2.4 Right to restriction of processing
You have the right to request that we restrict the processing of your personal data if
- you dispute the accuracy of the data and we are therefore verifying its accuracy,
- the processing is unlawful and you oppose the erasure and request the restriction of use instead
- we no longer need the data, but you need it to assert, exercise, or defend legal claims
- you have objected to the processing of your data and it is not yet clear whether our legitimate reasons outweigh your reasons.
2.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by us using automated means.
2.6 Right of withdrawal
If the processing of your personal data is based on consent (Art. 6 (1) (a) GDPR), you have the right to withdraw this consent at any time.
This does not affect the lawfulness of the processing carried out on the basis of the consent until withdrawal.
If the processing of your personal data is based on Art. 6 para. 1 sentence 1 lit. e GDPR or Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
2.7 General information and right of appeal
The exercise of your above rights is generally free of charge for you. You have the right to contact the supervisory authority responsible for us, the state data protection officer, directly if you have any complaints.
3. Data security
3.1 Data security
All data on our website is secured against loss, destruction, access, modification, and distribution by technical and organizational measures.
3.2 Sessions and cookies
We use cookies or server-side sessions in which data can be stored to operate our website. Cookies are small files that are stored on your hard drive by
a website in order to automatically recognize you the next time you visit.
Our website uses both technically necessary cookies and analysis and marketing cookies. If cookies are used that are not technically necessary, we will obtain your consent in advance via a consent management tool (Usercentrics). The legal basis for processing is Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. You can revoke your consent at any time via the cookie settings on our website.
We use technically necessary cookies, which are absolutely necessary for the provision of the service you have expressly requested, on the basis of our legitimate interest in the error-free and functional operation of our website (Art. 6 (1) (1) (f) GDPR in conjunction with § 25 (2) No. 2 TDDDG).
4. Contact form
If you send us inquiries by telephone, email, or contact form, your inquiry, including all resulting personal data, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent. The legal basis for data processing is our predominantly legitimate interest in processing your inquiry in accordance with Art. 6 (1) (f) GDPR.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.
5. Presence on social media platforms
We use the following social media platforms for corporate presentation and communication (express reference is made to the privacy policies and opt-out options linked below).
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Xing (New Work SE, Dammtorstraße 29-32, 20354 Hamburg, Germany)
Privacy policy and opt-out: https://privacy.xing.com/de/datenschutzerklaerung
These social media platforms may process personal data outside the EU. In this regard, we refer to the above privacy policies of the social media platforms.
The respective social media platforms may create usage profiles based on your usage behavior and the resulting interests and actions on your part, and store cookies on your computer in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior can even be stored independently of the device. Your usage profile can be used, for example, to place advertisements that are presumed to correspond to your interests.
We process personal data exclusively for the purpose of communicating with you via the social media platform you have chosen and for optimizing our online presence, and we ensure that none of your interests are affected in a way that outweighs our legitimate interest (Art. 6 (1) (f) GDPR).
If you have already given the respective operator of the social media platform valid consent to the corresponding data processing, the processing of your personal data is also based on this consent (Art. 6 (1) (a) GDPR). If you have already given the respective operator of the social media platform effective consent to the corresponding data processing, the processing of your personal data is also based on this consent (Art. 6 (1) (a) GDPR).
6. Third-party services
6.1 Wix (website builder)
Our website was created using the Wix website builder (operated by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel). Wix provides us with the technical platform and tools we use to create and manage our website. When using the Wix platform, personal data may be processed, in particular when you interact with website features provided by Wix. This may include, among other things:
IP address, browser type and version, operating system used, referrer URL, date and time of the server request, and technical information about the use of the website.
The legal basis for the use of Wix is our legitimate interest in a professional presentation of our company on the Internet and in the efficient administration of our website (Art. 6 para. 1 sentence 1 lit. f GDPR).
We have concluded a contract with Wix for order processing. Wix.com is certified under the EU-US Data Privacy Framework. You can view Wix's privacy policy here:
6.2 Google Search Console
We use Google Search Console (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), a webmaster tool for analyzing and optimizing our website. Google Search Console enables us to check and improve the findability of our website in Google search results.
When using Google Search Console, data about the performance of our website in Google search is collected, such as search queries, click rates, impressions, and technical information about the website structure. This data is processed by Google and made available to us in aggregated and anonymized form.
The legal basis for the use of Google Search Console is our legitimate interest in the analysis, optimization, and economic operation of our website (Art. 6 para. 1 sentence 1 lit. f GDPR).
Google is certified under the EU-US Data Privacy Framework. For more information about data processing by Google, please refer to Google's privacy policy: https://policies.google.com/privacy
6.3 External hosting via ALL‒INKL
Our website is hosted by the external service provider ALL-INKL (operated by ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf). The personal data collected on this website is stored on the host's servers. This may include, in particular,
IP addresses, contact details, contract data, website accesses, and other data generated via a website.
The use of the host is for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6 para. 1 sentence 1 lit. b GDPR) and in the
interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 sentence 1 lit. f GDPR).
Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this
data.
We have concluded a contract with our host for order processing. You can view the privacy policy
of ALL-INKL here: https://all-inkl.com/datenschutzinformationen/
6.4 Personio (applicant management)
We use Personio software from Personio SE & Co. KG, Rundfunkplatz 4, 80335 Munich, Germany, to manage applications. If you apply via our careers page,myou will be redirected to an application platform hosted by Personio.
Your application data will be processed as part of the application process on the basis of Art. 6 (1) (b) GDPR
(contract initiation) and § 26 BDSG (data processing in the employment context). If you give us separate consent (e.g., to be included in our
applicant pool), processing will also be carried out on the basis of Art. 6 (1) (a) GDPR.
Your personal data will be deleted immediately after completion of the application process or after a maximum of 6 months, unless you have expressly
given us your consent for longer storage of your data or a contract has been concluded.
We have concluded a data processing agreement with Personio. Further information on data processing by Personio can be found at:
6.5 Usercentrics (consent management tool)
We use Usercentrics, a consent management tool (cookie banner) from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, on our website. Usercentrics enables us to obtain, manage, and document your consent for various tracking and marketing tools.
When you visit our website, the following personal data is transmitted to Usercentrics: your IP address, your consent/rejection of the individual services, your browser type, the page you visited, and the date and time of your visit. This data is stored so that we can recognize your consent decisions on your next visit and to comply with our documentation obligations under the GDPR.
The legal basis for the use of Usercentrics is Art. 6 (1) (c) GDPR (legal obligation to obtain consent) and
Art. 6 (1) (f) GDPR (legitimate interest in the legally compliant collection and management of user consent).
We have concluded a data processing agreement with Usercentrics. The data is stored exclusively on servers within the EU.
Further information can be found in the Usercentrics privacy policy:
6.6 Wix Analytics
Our website uses Wix Analytics, an analysis tool provided by the website operator Wix.com Ltd., to evaluate the use of our website and to continuously improve it. Wix Analytics collects and stores various user data for optimization and marketing purposes and presents it in statistical reports in anonymized form.
The following data, among other things, may be collected: IP address (anonymized), browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request, length of stay on the website, page views, and click paths.
Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG, provided you have given your consent via our
consent management tool (Usercentrics). You can revoke your consent at any time with future effect by changing the cookie settings on our website.
For more information about Wix Analytics, please refer to Wix's privacy policy:
6.7 Zoho Forms and Zoho Desk
We use the tools Zoho Forms and Zoho Desk (operated by Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany) to provide you with certain online forms (e.g., our contact form) on our website and to process inquiries.
The input data is transmitted to both us and Zoho. Zoho requires this data to provide the service. The input data is transmitted to both us and Zoho .
Zoho requires this data to provide the service.
Please note that in addition to your IP address, other personal data is also transmitted to us and Zoho if you enter it in the input mask . The use of the service is based on our legitimate interest in enabling you to contact us quickly and easily (Art. 6 (1) (f) GDPR).
We have concluded a data processing agreement with Zoho. You can view Zoho's privacy policy here:
7. Application process
You can apply to us electronically, by telephone, or in writing. We will, of course, use your information exclusively for the purpose of processing your application
and will not pass it on to third parties. Please note that if you send your application by email, unencrypted emails are not transmitted with access protection.
Your personal data will be deleted immediately after completion of the application process or after a maximum of 6 months, unless you have expressly
given us your consent for longer storage of your data or a contract has been concluded. The legal basis is Art. 6 (1) (a)
or (b) or (f) GDPR and § 26 BDSG.
For further details on our application process, please refer to our separate data protection information for applications.
8. Person in charge
HCSM Steuerberatung GmbH Steuerberatungsgesellschaft
Kaiser-Friedrich-Ring 98
65185 Wiesbaden
Telephone: +49 (0) 611 999 70-0
E-Mail: info@hcsm.de
Data Protection Officer:
Herr Daniel Jonetat
E-Mail: datenschutz@hcsm.de