We take the protection of your personal data seriously. Therefore, we take technical and organizational measures to ensure that the legal provisions on data protection, in particular those of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), are observed. We inform you about the handling of your personal data when visiting our website and about your rights in the following paragraphs of our data protection information.
First, we will give you an overview of the terms used in this statement:
(1) “personal data” means any information relating to an identified or identifiable natural person, such as names, addresses, telephone numbers or e-mail addresses, which is an expression of the identity of an individual.
(2) “Processing” means any manual or automated operation related to personal data, such as collection, recording, organization, arrangement, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment, combination, restriction, erasure or destruction.
(3) ‘profiling’ means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
(4) ‘controller’ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
(5) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
(6) ‘recipient’ means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party.
(7) ‘third party’ means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.
II. CONTROLLER/PRIVACY OFFICER
The persons jointly responsible for the processing pursuant to Art. 4 (7), 26 DSGVO are.
nbs partners Partnerschaftsgesellschaft mbB,
nbs partners Rechtsanwaltsgesellschaft mbH,
nbs partners Steuerberatungsgesellschaft mbH,
nbs partners GmbH Wirtschaftsprüfungsgesellschaft,
nbs partners audit GmbH Wirtschaftsprüfungsgesellschaft and the
nbs partners Servicegesellschaft mbH
– in each case –
Am Sandtorkai 41,
Phone: +49 40 4419 6001,
Fax: +49 40 4419 6055
(hereinafter referred to as “we” or “nbs partners”).
You can contact us individually and collectively by e-mail at firstname.lastname@example.org. To simplify the enforcement of your rights, we have established a joint contact point for you at nbs partners Rechtsanwaltsgesellschaft mbH.
2. you can reach our data protection officer at email@example.com or at our postal address with the addition of “the data protection officer”.
3. the jointly responsible parties process your data for the preparation and implementation of legal, tax consulting and auditing services, for business management and administration of business operations as well as for the further development of services and processes in order to jointly achieve a smooth data processing process among the aforementioned companies as well as – to the extent permitted by law – various synergies.
With this data protection information, we inform you about how we process personal data from you and which rights you can assert as a data subject.
In particular, we will tell you below (1) for what purposes personal data is processed and on what legal basis, (2) to whom your data may be transferred, (3) where the data originates and what data is involved (4) how long we store your data, (5) what rights you have, (6) why we need your data and (7) what technical options we use.
III. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS?
VISITING OUR WEBSITE
In principle, you can visit our website without telling us who you are. We only collect the following data from you: the IP address of the requesting browser, the date and time of the access, the URL of the call, the referrer URL from which the access is made and the browser used. We only store your IP address shortened by the last octet. The collection of this data only serves the statistical evaluation of our website and the continuous improvement of our homepage as well as to ensure IT security and protection against unauthorized use. We undertake this data processing on the basis of our legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). This includes, in particular, ensuring a smooth connection setup of the website, ensuring a comfortable use of our website and evaluating system security and stability.
On our website, you have various options for contacting us. For this purpose, you usually have to provide personal data that we need to provide the respective request/service.CONTACT FORM
There is a contact form available on our website that you can use to contact us. In doing so, you are required to provide a valid e-mail address, your title and first and last name, as well as your telephone number, so that we know from whom the inquiry originates and so that we can respond to it. You can voluntarily provide us with your title in addition to the content of your message. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b) and / or f) Data Protection Regulation (DSGVO).
CONTACTING US BY E-MAIL
You also have the option to contact us by e-mail. In this case, we receive the e-mail address you use and the personal data that you provide in your message and that are necessary for processing your request. The legal basis for the data processing, which takes place for the purpose of your contacting us by e-mail, is Art. 6 para. 1 sentence 1 lit. b) or f) DSGVO.
In the following, we inform you about the dispatch and contents of our newsletter.
Our newsletter is aimed at customers, clients and interested parties and provides information about our companies, events and, in particular, news in tax law.
By providing your e-mail address, you have the opportunity to receive our newsletter on a regular basis. For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 lit. a) and f) DSGVO.
If you would like to apply to us, you have the option of using an application form on our website. It is necessary that you send us your first and last name, title, e-mail address and your application documents (cover letter, CV, certificates) as part of an application. Furthermore, you can voluntarily send us – among other contents – your telephone number. We collect and process this data for the purpose of carrying out the application process. If you are not hired, your personal data will be deleted six months after collection. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b) and f) DSGVO.
CONTRACT, CONTRACT INITIATION
We process your personal data (first and last name, address, contact details, including e-mail address and/or telephone number) for the preparation and implementation of legal, tax advisory and auditing services and/ or to provide you with additional information on our services, if you have requested such and provided us with your data for this purpose, Art. 6 (1) lit. b) DSGVO. Furthermore, data processing is carried out on the basis of Art. 6 para. 1 lit. b) DSGVO for correspondence with you, for invoicing, for measures to control and optimize business processes, for the verifiability of transactions, orders and other agreements and to fulfill our general due diligence obligations.
If you also provide us with additional personal data and/or personal data of third parties (such as employees, family members, representatives, agents, consultants or other third parties), we have a legitimate interest to also process their data for the preparation and/or performance of legal, tax advisory and business services and/or to provide you with additional information regarding our services.
Provided that our professional regulations do not prevent this, we will inform these third parties that we have received the data from you, Art. 6 para. 1 lit. f) DSGVO.
IN THE CONTEXT OF A LEGITIMATE INTEREST
Beyond the performance of the (pre-) contract, we process your personal data – to the extent necessary – to protect legitimate interests of us or third parties, in particular for the following purposes:
- for testing and optimizing demand analysis procedures
- for sending newsletters and e-mails about current legal topics and events of the law firm as well as advertising in our own matters,
- for the further development of services and products as well as existing systems and processes
- to enrich our data, among other things by using or researching publicly available data,
- for statistical evaluations or market analysis,
- for the assertion of legal claims and defense in legal disputes that are not directly related to the contractual relationship,
- for limited storage of data if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage,
- for internal and external investigations, security measures and security checks,
- to obtain and maintain certifications of a private or official nature.
TO COMPLY WITH LEGAL REQUIREMENTS OR IN THE PUBLIC INTEREST
We are subject to a variety of legal obligations and therefore also process your personal data to comply with legal requirements pursuant to Art. 6 (1) sentence 1 lit. c) DSGVO and for tasks in the public interest pursuant to Art. 6 (1) sentence 1 lit. e) DSGVO. Relevant in this context are in particular the provisions of commercial law, tax law and money laundering law as well as professional regulations. In addition, however, there are further legal obligations and regulatory and official requirements. The processing purposes in the fulfillment of corresponding preliminary duties and tasks include the statutory purposes, such as the prevention of fraud and money laundering, the protection of young people, the fulfillment of obligations under tax law and data protection law, as well as the preservation of evidence, prosecution of civil claims and criminal prosecution.
IV. TO WHOM MAY YOUR DATA BE TRANSFERRED?
We will not disclose your personal data to third parties unless you consent to the disclosure, there is a legal obligation to disclose it, it is for the performance of a contract, or we can invoke legitimate interests in the economic and effective operation of our business with respect to such disclosure.
Within our company, your data is accessed by those who need it to fulfill our contractual and legal obligations. This data exchange takes place on the basis of your expressly declared consent in accordance with Art. 6 Para. 1 lit. a DSGVO or on the basis of our legitimate interest within the group of companies to transmit personal data for internal administrative purposes in accordance with Art. 6 Para. 1 S. 1 lit. f. DSGVO. Service providers and vicarious agents used by us may also receive data for this purpose. We have carefully selected and commissioned our external service providers. They are bound by our instructions and are regularly monitored by us.
TRANSFER TO THIRD PARTIES, THIRD-PARTY PROVIDERS AND PUBLIC AUTHORITIES
If necessary, we also transfer your data and, if applicable, the data of third parties from the contract initiation and execution to third parties. For example, a transfer to partner law firms, authorities, courts, parties to proceedings and their (process) representatives, Art. 6 para. 1 lit. b) DSGVO, comes into consideration. The transfer to third parties varies depending on the product and service. We assume that your interest in the performance of the contract includes the transfer to the necessary bodies for this purpose, Art. 6 (1) f) DSGVO. In the context of the mandate work, we transmit personal data to third parties only if permitted by professional law. Furthermore, we transmit data to third parties if you have given us your consent to do so, Art. 6 para. 1 lit. a) DSGVO.
Data transfer to countries outside the EU or the EEA (third countries) only takes place if this is necessary for the execution of your orders, is required by law, you have given us your consent or within the framework of commissioned data processing. If service providers in a third country are used, they are separately obliged to comply with the EU standard contractual clauses.
V. WHERE DOES YOUR DATA COME FROM AND WHAT IS IT?
We receive personal data from our contractual partners as part of our mandate and business relationships. In addition, we process personal data that we receive directly from our clients, service providers, employees and applicants. Furthermore, we process – insofar as necessary for the provision of a service – personal data that we have permissibly received from other companies or from other third parties (e.g. for the performance of services, for the fulfillment of contracts or on the basis of consent given by you).Furthermore, we process personal data that we have permissibly extracted or received from publicly accessible sources, such as commercial and association registers, civil registers, land registers, debtor directories, the press and the Internet.
The following data categories may be relevant in particular:
- Personal data (first and last name, date of birth, place of birth, nationality, marital status, profession/industry, etc.),
- Contact data (address, e-mail address, telephone number, fax number, etc.),
- address data (registration data, etc.),
- payment and credit data
VI. HOW LONG WILL YOUR DATA BE STORED AND PROCESSED?
We process and store your personal data as long as it is necessary for the purposes for which it was collected or otherwise processed, in particular as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that the business relationship may be a continuing obligation that is intended to last for several years.
In the case of data storage for the fulfillment of legal obligations, the following periods apply in particular:
according to §§ 257 para. 4 HGB, 147 para. 3 AO: 10 years for commercial books and accounting vouchers, beginning with the end of the calendar year in which the last entry was made in the commercial book,
according to §§ 257 Abs. 4 HGB, 147 Abs. 3 AO: 6 years for commercial letters beginning with the end of the calendar year in which the last entry was made in the commercial book,
according to § 8 Abs. 4 GWG: 5 years for records and other documents relevant for money laundering, beginning with the end of the calendar year in which the business relationship ends.
If you have applied for a job with us, we will store your personal data for as long as this is necessary for the decision on your application. If an employment relationship between you and us does not materialize, we may also continue to store the personal data to the extent necessary to defend against possible legal claims. In principle, application documents are deleted six months after notification of the rejection decision, unless longer storage is necessary (e.g. because an employment relationship has come about or in the event of legal disputes).
VII. WHAT RIGHTS DO YOU HAVE?
You have the following rights against us:
– To request information about your personal data processed by us, Art. 15 DSGVO. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling;
– to demand without delay the correction of incorrect or completion of your personal data stored by us, Art. 16 DSGVO;
– request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims, Art. 17 DSGVO;
– to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO, Art. 18 DSGVO;
– To receive your personal data that you have provided to us in a structured, common and machine-readable format and to request that it be transferred to another controller, Art. 20 DSGVO;
– To revoke your consent once given to us at any time, Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future; the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation;
– in the event of an automated decision (profiling), the right to express one’s point of view and to challenge the decision, Art. 22(3) DSGVO;
– to complain to a supervisory authority, Art. 77 DSGVO.. For this purpose, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters. For us, the Hamburg Commissioner for Data Protection and Freedom of Information is generally responsible.
Furthermore, you have the right to object to the processing of your personal data at any time (Art. 21 DSGVO). We will point out your right of objection to you again separately.
VII. WHY DO WE NEED YOUR DATA?
In the context of using the website and its functions, you must provide us with those personal data that are required for the respective use and/or that we are legally obligated to collect, Art. 13 (2) e) DSGVO. Without this data, it will generally not be possible to use the functions, request our services or contact us.
We also require your personal data for the preparation and implementation of legal, tax advisory and auditing services and to comply with any associated contractual or legal obligations. Without the provision of the data, we will usually have to refuse to enter into a mandate, order or contractual relationship or will no longer be able to carry out an existing business relationship with you and may have to terminate it.
VIII. WHAT TECHNICAL OPTIONS DO WE USE?
On our Internet pages, we use necessary cookies and external cookies. Cookies are small text files that are placed on your terminal device and stored in your browser.
Necessary cookies are used to make our Internet presence more secure – for example, to save your selected cookie settings on our site. The legal basis for the use of these cookies is Art. 6 para. 1 p. 1 lit. f) DSGVO.
External cookies are used in the context of the use of social media plugins and Google services and are used to collect statistical data/ range measurement and for advertising purposes. External cookies are only used if you have consented to their use. The legal basis for the use of these cookies is Art. 6 para. 1 p. 1 lit. a) DSGVO. For more information on external cookies, please see the following heading “Use of analysis tools, social media plug-ins and tracking”.
We use the tool Calendly to make appointments easily, quickly and without complications. If you do not wish your data to be transmitted to Calendly, you can make an appointment with us by telephone or e-mail in the same way.
To use Calendly’s appointment scheduling interface, you must enter a name and e-mail address so that we know with whom the appointment was made, how we can reach you if necessary, and to reschedule or cancel the appointment. You can optionally provide additional information about the content of the consultation appointment to help us prepare for the appointment. If you use the tool, your data from the inquiry form, including the information you provide there, will be stored and transferred to us by Calendly. The processing of the data entered is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO).
If you book an appointment for a web/teleconference, you will receive an invitation email with access data to an online meeting of the service provider “Microsoft Teams” or “GoToMeeting”, as selected by you. For the creation of the online meeting, the data you entered will be passed on to the respective service. In this case, please also note the data protection information of the respective provider.
We would like to point out that personal data could be processed in the USA when processed by Calendy, Microsoft Teams or GoToMeeting. In the opinion of the European Court of Justice, however, there is no level of protection in the USA that is essentially equivalent to the GDPR. In addition, the legal protection options guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are not available to the same extent in the USA. This concerns in particular legal protection options against the processing of personal data. There is a risk that your data will be processed by U.S. authorities, for control and for monitoring purposes, without you being granted legal remedies. For this reason, the transfer of your personal data to the USA will only take place on the basis of your consent to the transfer of your personal data to a third country in accordance with Art. 49 (1) lit a) DSGVO.
The privacy statements of the providers can be found here:
– Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA. https://calendly.com/pages/privacy
– Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
– GotoMeeting: LogMeIn Ireland Limited, Bloodstone Building Block C 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
Translated with www.DeepL.com/Translator (free version)
USE OF ANALYSIS TOOLS, SOCIAL MEDIA PLUG-INS AND TRACKING.
This website uses the Google services described below.
Our website uses Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 (“Google”). Its use allows us to associate data, sessions and interactions across multiple devices with a pseudonymous user ID and thus analyze a user’s activities across devices.
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
The term web analytics refers to the collection, compilation and evaluation of data about the behavior of visitors to websites. Among other things, data is collected about the website from which a data subject came to a website, which subpages of the website were accessed or how often and for how long a subpage was viewed. The information generated by the cookies about your use of our website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on our website (so-called IP masking), your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity. In doing so, pseudonymous user profiles can be created from the processed data.
We use Google Analytics to analyze and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f DS-GVO.
We would like to point out that personal data could be processed in the USA when measured by Google Analytics. In the opinion of the European Court of Justice, however, there is no level of protection in the USA that is essentially equivalent to the GDPR. In addition, the legal protection options guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are not available to the same extent in the USA. This concerns in particular legal protection options against the processing of personal data. There is a risk that your data will be processed by U.S. authorities, for control and for monitoring purposes, without you being granted legal remedies. For this reason, the transfer of your personal data to the USA will only take place on the basis of your consent to the transfer of your personal data to a third country in accordance with Art. 49 (1) lit a) DSGVO.
On this website we use the offer of Google Maps. This allows us to show you an interactive map directly on the website and enables you to use the map function comfortably.
When you click on the Google Maps map on our website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned in section 1.1 of this declaration are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. The legal basis for data processing by Google Maps on our website is your express consent, Art. 6 (1) a) DSGVO.
X. COMPANY PRESENCES IN SOCIAL MEDIA
We operate a corporate presence in the following social networks:
in order to be able to communicate with the customers, interested parties and users (hereinafter also referred to collectively as: visitors) active there and to inform them about our projects and services.
We cannot track which user data the social networks collect. We have no influence on the data processing that takes place for this purpose, cannot prevent it, and also do not have access to the underlying data. We also do not have full access to your profile data. We can only see the public information of your profile. You decide on the specific public information in each case in your settings in the respective social network.
We only receive anonymous statistics from the social networks. We use these statistics, from which we cannot draw any conclusions about individual users, to constantly improve our online offering in the social networks and to better respond to the interests of visitors. We cannot link the statistical data with the profile data of our visitors. The legal basis for the use of the statistical data is Art. 6 para. 1 p. 1 lit. f) DSGVO.
We receive your personal data via the social networks if you actively communicate this to us via a personal message. We use your data (e.g. first name, last name, user name, e-mail address) to respond to your request. Your data will be stored until this purpose is fulfilled. The legal basis for processing in the case of an active approach by you, is your consent in the sense of Art. 6 para. 1 p. 1 lit. a) DSGVO. If your message is in connection with a (pre-)contractual relationship with us, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. b) DSGVO.
In the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. This is because only they have access to the complete information and data of the users.
Insofar as we receive personal data from you via a social network, this is processed under joint responsibility with the respective social network.
We would like to point out that personal data may be processed in the USA when using the social networks. In the opinion of the European Court of Justice, however, there is no level of protection in the USA that is essentially equivalent to the GDPR. In addition, the legal protection options guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are not available to the same extent in the USA. This concerns in particular legal protection options against the processing of personal data. There is a risk that your data will be processed by U.S. authorities, for control and for monitoring purposes, without you being granted legal remedies. For this reason, the transfer of your personal data to the USA will only take place on the basis of your consent to the transfer of your personal data to a third country in accordance with Art. 49 (1) lit a) DSGVO.
Information about the data collection and further processing by the social networks can be found in the links below.
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA.
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
XI. Automated decision making (including profiling).
As part of the use of our website, there is generally no fully automated decision-making (profiling) pursuant to Art. 22, Art. 13 para. 2 lit. f), Art. 14 para. 2 lit. g) DSGVO. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.
RIGHT OF OBJECTION (ART. 21 DSGVO)
INDIVIDUAL RIGHT OF OBJECTION
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) of the DSGVO; this also applies to profiling based on this provision within the meaning of Article 4(4) of the DSGVO.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
RIGHT TO OBJECT TO PROCESSING FOR ADVERTISING PURPOSES.
In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is related to such direct advertising.
If you object to processing for this purpose, we will no longer process your personal data for these purposes.
RIGHT TO OBJECT TO PROCESSING FOR SCIENTIFIC OR HISTORICAL RESEARCH PURPOSES OR FOR STATISTICAL PURPOSES.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical research purposes pursuant to Article 89(1) DSGVO, unless the processing is necessary for the performance of a task carried out in the public interest.