Privacy Notice

We collect, process and store personal data within the meaning of the European General Data Protection Regulation in connection with the performance of our contractual tasks. In this Privacy Notice, we inform you about the data processing at NAUST HUNECKE, in particular in the context of a mandate relationship, when using our website www.nhup.de or in the context of an application procedure.

 A. General information:

1. Name and contact details of the controller and the corporate Data Protection Officer

NAUST HUNECKE und Partner Wirtschaftsprüfer vereidigter Buchprüfer Steuerberater Rechtsanwalt CPA mbB (hereinafter referred to as NHuP)

 Partners:

Dipl.-Finanzwirt Dominik Spielmann WP/StB

Dipl.-Ökonom Ralf Kaufmann vBP/StB

Dipl.-Kaufmann Klaus Bartmann StB

Dipl.-Kaufmann Michael Orban WP/StB/CPA

Dipl.-Jurist Dr. Michael Betzinger, LL.M. RA/StB

Dipl.-Kaufmann Andreas Wachtel WP/StB

Lange Strasse 19, 58636 Iserlohn
E-mail: info(at)nhup.de
Phone: +49 (0) 23 71 – 77 46 0
Fax: +49 (0) 23 71 – 77 46 30

We have appointed a Data Protection Officer for our company who is available at the above address of the law firm for the attention Ms Beate Kemper and at datenschutz(at)nhup.de.

 2. Your rights as a data subject

You have the right:

• pursuant to Article 15 GDPR, to request access to your personal data that we process. In particular, you may request access regarding the purposes of processing, the category of personal data, the categories of recipients towards whom your personal data were or are disclosed, the intended storage period, existence of a right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the origin of your data if they were not collected by us, as well as the existence of an automated decision-making process including profiling and, where applicable, conclusive information regarding their particulars;

• pursuant to Article 16 GDPR, to request the immediate rectification or completion of your personal data that we have stored;

• pursuant to Article 17 GDPR, to request the erasure of your personal data that we have stored, unless processing is required in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or in order to assert, exercise or defend legal claims;

• pursuant to Article 18 GDPR, to demand the restriction of processing of your personal data insofar as you challenge their accuracy, if processing is unlawful, but you object to their erasure and if we do no longer require the data, but you require them to establish, exercise or defend legal claims of if you have objected to processing pursuant to Article 21 GDPR;

• pursuant to Article 20 GDPR, to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format, or to request their transmission to another controller;

• pursuant to Article 7(3) GDPR, to withdraw at any time any consent you granted us. This will have the consequence that we will no longer be allowed to continue any data processing that was based on this consent in the future; the withdrawal of consent will not affect the lawfulness of processing before its withdrawal; and

• pursuant to Article 77 GDPR, to lodge a complaint to a supervisory authority. Usually, you can contact the supervisory authority at your habitual residence or place of work or the supervisory authority at our place of business.

The authority competent for our law firm is:

State Officer for Data Protection and Freedom of Information
(Landesbeauftragte für Datenschutz und Informationsfreiheit)
North Rhine-Westphalia
Kavalleriestrasse 2-4
40213 Düsseldorf
Phone: 0211 / 38424-0
Fax: 0211 / 38424-10
E-mail: poststelle(at)ldi.nrw.de

 3. Right to object

Insofar as your personal data are processed pursuant to Art. 6(1) point (f) GDPR on the basis of legitimate interests, you have the right, pursuant to Art. 21 GDPR, to submit an objection to the processing of your personal data insofar as the appropriate reasons exist which arise from your particular situation or if the objection is aimed at direct advertisement. In the latter case, you have a general right to object, which we will implement without any particular situation being stated. If you wish to make use of your right to withdraw or to object, simply send an e-mail to info(at)nhup.de.

B. Data processing in the framework of a client relationship

 1. Collection and storage of personal data as well as the type and purpose and their use

When you engage us, we will collect the following information:

• title, first name, last name, official title, if any

• a valid e-mail address;

• address;

• phone number (landline and/or mobile);

• fax number if any;

• information necessary for the assertion and defence of your rights under the client relationship;

• information necessary for the adequate performance of the contract.

Such data is collected

• to be able to identify you as our client;

• to be able to advise and represent you appropriately for tax purposes, as a lawyer and as part of the audit;

• for correspondence with you;

• for invoicing purposes;

• for settlement of potential liability claims as well as assertion of any claims against you.

Data processing will be carried out upon your request and is required according to Art. 6(1) point (b) GDPR for the purposes stated above for an appropriate handling of the client relationship and for the mutual fulfilment of contractual obligations resulting from the mandate contract.

 We also process your personal data in order to be able to contact you, for example, in the event of extraordinary tax or legal events. Such storage and processing of your data is based, among other things, on the so-called “legitimate interest” in the use of data. The legal basis here is Art. 6(1) point (f) GDPR.

 In addition, we also collect, store and process third-party data in the course of our activities, which you transmit to us in the context of the client relationship, e.g. the data of business partners, opponents or people employed by you. We need to store and process this data in order to provide our services and to support you, for example, in payroll or financial accounting as well as in contract negotiations or to perform such activities on your behalf. The legal basis for the processing of the personal data of your employees in payroll accounting is Art. 88(1) GDPR in conjunction with the Sec. 26 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). Otherwise, the processing of other personal data of third parties is based on the legal bases of Art. 6(1) points (b), (f) GDPR, as we would be unable, in part, to fulfil the contract with you without such data and as we and you also have a legitimate interest in the processing of these data. There is also no overriding legitimate interest of the third parties concerned, as the data are in any case disclosed openly or for a specific group of recipients in the context of the business relationship.

 As part of our engagement, we store and archive your personal data in order to meet our statutory retention periods in accordance with e.g. the German Tax Consulting Act (StBG), German Commercial Code (HGB) and German Revenue Code (AO). We also meet our retention duties which we accepted as part of the client relationship. The personal data collected by us in connection with the acceptance of the legal mandate will be stored until the statutory retention period for lawyers has expired (6 years after expiry of the calendar year in which the mandate ended) and will then be erased, unless we are obliged to store such data for longer periods as per Art. 6(1) point (c) GDPR due to tax-related and commercial archiving and documentation obligations (as per the German Anti-Money-Laundering Act (GWG), German Commercial Code (HGB), German Penal Code (StGB) or German Fiscal Code (AO) and others) or you have given your consent to longer storage periods as per Art. 6 (1) point (a) GDPR. The retention period in the field of tax consulting and auditing is at least 10 years. However, such retention periods do not expire as long as the documents are still relevant https://www.eappi-us.org/category/uncategorized/. In the area of taxation, this is the case, for example, if the deadline for the assessment of individual taxes has not yet expired even after ten years – for example because of special circumstances that justify a suspension of the expiry date. We thus have a legitimate interest in keeping the documents for an additional period of four years to include cases of longer assessment periods. This means that the normal retention period ends 14 years after the end of the year in which the order ended. At the end of the 14-year period, a case-by-case verification is carried out to determine whether there are grounds for justifying a longer retention (e.g. longer limitation periods or relevance of the documents for future situations). If this is the case, the additional retention period and the reason for this will be recorded in the documents. After the expiry of the documented retention period, the data will then be erased or destroyed.

 2. Forwarding of data to third parties

Your personal data will not be transmitted to third parties for any purposes other than the purposes listed below.

Your personal data will be transmitted to third parties to the extent required for performance of the client relationships with you as per Art. 6(1) point (b) GDPR. This includes, in particular, the disclosure to opponents and their representatives (in particular their lawyers) as well as to courts and other public authorities (e.g. tax authorities, social security institutions, health insurance funds) for the purpose of correspondence and to assert and defend your rights. The disclosed data may only be used by third parties for the specified purposes. If necessary, we will transmit your personal data to the service providers used by us to fulfil the contract, e.g. to postal, IT and software service providers, etc.

The professional secrecy of auditors, tax consultants and lawyers remains guaranteed. As far as data subject to professional secrecy is concerned, such will only be disclosed to third parties in consultation with you or our service providers will be committed to the legal requirements of professional secrecy (Sec. 203 StGB).

 3. Transfer to third countries

Data will only be transmitted to third countries (states outside of the European Economic Area – EEA) when it is necessary for performing the mandate contract or if you have given your consent or if it is otherwise permitted by law. In this case, we will take measures to ensure the protection of your data, for example, on the basis of contractual arrangements. We only transmit to recipients who ensure the protection of your data in accordance with the provisions of the GDPR for transmission to third countries (Articles 44 to 49 GDPR).

C. Data processing on this website

 1. Collection and storage of personal data as well as type and purpose for which they are used 

a) when visiting our website

When accessing our website www.nhup.de, information used by the browser on your terminal device is automatically sent to the server hosting our website. This information is stored temporarily in a so-called log file.

The following information is collected in this process without any manual input from you and will be stored until automatic erasure:

• IP address of the accessing computer;

• date and time of access;

• name and URL of the file accessed;

• website from which the access request originates (referrer URL);

• the browser used and, as the case may be, the operating system of your computer and the name of your access provider.

 We process the aforementioned data for the following purposes:

• guaranteeing a smooth connection to the website;

• ensuring the comfortable use of our website;

• evaluating the system security and stability; and

• for other administrative purposes.

The legal basis for the data processing is Art. 6(1) point (f) GDPR. Our legitimate interest arises from the purposes of data processing that are listed above. Under no circumstances will we use collected data to draw conclusions regarding your person. Furthermore, we use website cookies when you visit our website.

b) when using our contact form 

Should you have queries of any kind, we offer you the option to contact us using a contact form provided on our website. To do so, a valid e-mail address must be entered so that we know who is sending the query and so that we are able to reply to it. You may volunteer further information if you wish. Data processing for contacting us takes place based on Art. 6(1) point (a) GDPR and based on data provided voluntarily by you. The personal data collected by us when you use the contact form is erased automatically once your request has been dealt with.

 2. Disclosure of data

Your personal data will not be transmitted to third parties for any purposes other than the purposes listed below. We will only pass on your personal data to third parties, if:

• you have given your express consent in accordance with Art. 6(1) point (a) GDPR;

• disclosure is necessary pursuant to Art. 6(1) point (f) GDPR in order to assert, exercise or defend legal claims and if there is no reason to assume that you have any overriding legitimate ground for the non-disclosure of your data;

• a legal obligation to disclosure exists in accordance with Art. 6(1) point (c) GDPR; and

• doing so is legally permissible and, pursuant to Art. 6(1) point (b) GDPR, necessary for the execution of contractual matters with you.

 3. Cookies

We use cookies on our website. These are small files which are automatically created by your browser and which are stored on your terminal device (laptop, tablet, smartphone or the like) when you visit our website. Cookies will not damage your terminal device, do not contain any viruses, trojans or other malicious software. The cookie contains information which arises in connection with the particular terminal device used. However, this does not mean that we directly become aware of your identity. On the one hand, we use cookies to make the use of our services more convenient for you. For example, we use so-called session cookies to determine whether you already visited individual pages of our website. Such will automatically be erased when you leave our webpage. Furthermore, also for the purpose of optimising user-friendliness, we use temporary cookies which are stored on your terminal device for a certain fixed time period. If you visit our webpage again in order to use our services, the website automatically recognises that you already visited us in the past and which entries and settings you made so that you do not have to make them again. On the other hand, we use cookies in order to document the use of our website statistically and to evaluate it in order to optimise the services we offer to you (see item 5). These cookies enable us to determine automatically that you already visited us when you visit our webpage again. These cookies will automatically be erased after expiry of a defined time period. The data processed by cookies are necessary for the above purposes in order to safeguard our and third parties’ legitimate interests in accordance with Art. 6(1) point (f) GDPR. Most browsers accept cookies automatically. However, you can configure your browser such that no cookies are stored on your computer or that you receive a notification before a new cookie is stored. However, full deactivation of cookies can lead to you not being able to use all functions of our website.

 4. Data security

When you visit the website, we use the common SSL procedure (Secure Socket Layer) in combination with the respective highest degree of encryption supported by your browser. This usually is a 256-bit encryption. If your browser does not support 256-bit encryption, we use the 128-bit v3 technology instead. You can see whether individual pages of our website are transmitted in encrypted form by the ‘closed’ icon of the key or lock symbol in the lower status line of your browser. Apart from the above, we use appropriate technical and organisational security measures in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are subject to continuous improvement in line with technological developments.

D. Data processing in the framework of an application process

 1. Collection and storage of personal data as well as the type and purpose and their use

We store all information provided to us by persons who apply for a job in our company. This applies both to applications for specific job offers and to unsolicited applications. The storage period ends six months after the end of the application process. Within this period, the application is reviewed and the information is available until the expiry of the storage period, also in order to be able to answer subsequent inquiries (e.g. request for documents, cancelations, etc.) in a qualified manner. No data is collected from third parties in the context of an application process, unless the candidate has given their consent. No data will be transferred to third parties, in particular not to another country.

If the application leads to the establishment of an apprenticeship or employment relationship, the data will be stored for ten years, unless other regulations require longer retention periods. Applicants are then required to supplement data to establish an employment relationship, e.g. social security data. Subsequently, data will be transmitted to social security institutions and the tax office.

The legal bases for the data collection are Art. 6(1) point (f) GDPR and Sec. 26(1) New Version of the German Data Protection Act (BDSG-neu) as well as other legal requirements, from which storage obligations arise in the case of the establishment of employment relationships.

 2. Supplementary information on the rights of data subjects 

A request for erasure leads to the termination of the application process and information on the procedure of such can no longer be provided as a result.

After the establishment of an employment relationship, the right to erase data or restrict processing is reduced. Legal and/or contractual regulations for documentation and archiving take precedence over erasure requests. In order to exercise their rights, data subjects may contact the above-mentioned controllers in the company, the corporate data protection officer or the supervisory authority.

E. Updates and changes to this Privacy Notice

This Privacy Notice is currently applicable and was last amended in September 2018. Due to our website and services being developed further based on changed legal or regulatory requirements and new findings from official practice and case law, it may become necessary to amend this Privacy Notice. You can view and print out the currently applicable version of the Privacy Notice on the website at https://www.nhup.de/menu-top/impression.html or https://www.nhup.de/menu-top/datenschutzerklaerung.html at any time.

F. Further information 

The trust of our clients is our highest priority. If you have any questions to which you could not find an answer in this Privacy Notice or if you would like more detailed information on privacy issues, please do not hesitate to contact us at any time.

G. Analysis tools and advertisement

1. Google Analytics
This website uses the functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files stored on your computer allowing them to analyse how you use our website. The information generated by the cookie concerning your use of this website is usually transmitted to a Google server in the US and stored there.

The Google Analytics cookies are stored on the basis of Art. 6(1) point (f) GDPR. The website operator has a legitimate interest in the analysis of the user behaviour in order to optimise both their web offer and their advertisement.

2. Browser plug in
You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, we would like to draw your attention to the fact that, in this case, you might not be able to use all functions of this website to the fullest extent. In addition, you may prevent any data created by the cookie and data relating to website usage on your part (including your IP address) from being transmitted to and being processed by Google by downloading and installing the browser plug-in available at the link: https://tools.google.com/dlpage/gaoptout?hl=en.

3. Objection to the collection of data
You can prevent Google Analytics from collecting your data by clicking on the following link. This places an opt-out cookie which prevents the future collection of your data when visiting this website: deactivate Google Analytics.

Please refer to the Privacy Policy of Google for further information about the handling of user data at Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en&sjid=12821423102673979562-EU.

4. Demographic data in Google Analytics
This website uses the “demographic data” function of Google Analytics. This allows for the compilation of reports that contain information regarding the age, gender, and interests of the visitors to the website. These data originate from interest-based advertising from Google as well as third-party visitor data. These data cannot be associated with a specific person. You can deactivate this function using the display settings in your Google account at any time or you can generally prohibit the collection of your data by Google Analytics as described in the section “objection to data processing”.