1. Scope of application, controller and Data Protection Representative
(2) The controller in accordance with Art. 4 Subsection 7 EU General Data Protection Regulation (GDPR) is AUREN Deutschland GbR, represented by AUREN GmbH Steuerberatungsgesellschaft Wirtschaftsprüfungsgesellschaft, Frankfurt, Auren KG Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft, Stuttgart, AUREN Treuhand GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft, Munich and AUREN OHG Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft, Waldshut-Tiengen, with its registered office in Haidelweg 48 in 81241 Munich, firstname.lastname@example.org.
(3) If you contact us by e-mail or by using a contact form, the personal data, which you have disclosed, will be stored by us in order to ensure that we can contact you. If the disclosed data are no longer required because your concern has been dealt with, for example, they will be deleted at once, unless we are obligated to store the data on the basis of statutory provisions (retention duties). The processing of the data is reduced to the minimum resulting from the respective provision.
(4) If we commission third parties with the processing of your data for individual functions of our website, you will be informed about this circumstance and its consequences prior to using the respective function.
2. Processing of personal data within the scope of use of the website
(1) If you exclusively use our website for the purpose of information and you send no further data to us, we will only process the personal data sent by your browser about your visit to our website. This involves the data sent by your browser to the server of our OHV hosting. The following data are processed with purely informational use:
- IP address of the requesting computer,
- date and time of the access,
- time zone difference to Greenwich Mean Time (GMT),
- content of the request (concrete site),
- access status/HTTP status code,
- respective transferred data volume,
- website, from which the request comes,
- operating system and its interface,
- language and version of the browser software.
These data are required for technical reasons, in order to ensure smooth-running connection establishment and the functionality and stability of the website. Accordingly, the lawfulness of the processing of these data arises from Art. 6 Subsection 1 S. 1 Letter f GDPR. The stored data are exclusively evaluated for statistical purposes; no disclosure takes place to third parties, either for commercial or non-commercial purposes. These data can also not be allocated directly to specific persons. These data are not linked with other data, which you have sent. If concrete suspicions arise for unlawful use, we reserve the right to check these data subsequently.
(2) The opportunity for entering personal or business data (e-mail addresses, names, addresses) exists and you make use of this, you are sending these data voluntarily. The storage of the data occurs exclusively in Germany and within the European Union. Disclosure of the data to third parties does not occur, who do not process the data for us within the scope of a commission processing relationship.
(1) For the use of our website, so-called cookies are stored on the device, which you are using. Cookies are text files, which enable information to be stored on the access device (PC, smartphone or similar), which is specifically related to the device. On the one hand, they are used for the user friendliness of the website. On the other hand, they are used for recording the statistical data for website use and performing analysis to improve the services offered. You may influence the use of the cookies. Most browsers have an option with which the storage of cookies can be restricted or completely prevented. However, it is pointed out that the use and particularly the convenience of use will be limited without cookies.
(2) We use various types of cookies.
a) Session cookies Session cookies enable your device to be recognised if you access our website again within an utilisation process. If you terminate the utilisation process by closing the browser, these cookies will be deleted completely.
b) Third-party cookies Third-party cookies are cookies, which are left behind by third-party providers. Information about the use of these cookies, such as in the form of social media plugins, will be provided during the further course of this policy.
(3) All of the information, which is sent to us using cookies, will not be linked to other data, which you send to us.
4. Further use
(1) In addition to mere informational use, we provide other functions to you on our website, which usually have the purpose of making contact with us. As a rule, the use of these functions requires personal data, which we use to provide the required service and process in accordance with the aforementioned principles.
(2) At present, we offer a contact form and a newsletter as additional functions. Please note the following points of this policy with respect to these functions.
(3) In some cases, we use external service providers to process your data. These have been selected and commissioned by us diligently, are bound to our instructions and are monitored on a regular basis. Commission processing contracts have been concluded between us and these service providers in accordance with Art. 28 Subsection 3 GDPR, in which the service providers have undertaken to comply with the statutory provisions for the protection of your data.
(4) If our service provider has its head office in a country outside of the European Economic Area (EEA) and data are transferred to such a third country, we will inform you about this circumstance, its consequences and on the basis of which permission the transfer occurs, prior to using the respective function. A transfer of your data exclusively occurs to a third country, which guarantees a data protection level, which is comparable to the GDPR.
5. Contact form
(1) For using our contact form, it is only compulsory to provide a valid e-mail address. This is required in order to be able to allocate and reply to your enquiry. Additional data may be disclosed voluntarily, but are not compulsory for use.
(2) The processing of data, sent when using the contact form, occurs on the basis of the voluntarily granted consent in accordance with Art. 6 Subsection 1 S. 1 Letter a GDPR.
(3) After your enquiry has been settled, your personal data sent in conjunction with the enquiry are deleted automatically. Clause 1 Subsection3 S. 2 of the policy remains unaffected by this.
(4) Even prior to the settlement of your enquiry, you are entitled to revoke your consent in accordance with Clause 7 of this policy at any time.
(1) With our newsletter, we inform you about new articles and offers on our website. The newsletter is ordered in two stages in order to prevent your e-mail address from being misused. After entering your e-mail address (subscription), we will send you an e-mail to confirm your e-mail address. When you open the link contained in this e-mail, you must confirm your subscription to the newsletter within 48 hours (verification). If the verification does not occur within this time limit, the newsletter subscription will not occur. After the verification of your subscription, we will store your e-mail address, in order to send you the newsletter. If the verification is omitted, your e-mail address will be deleted after the 48-hour period has elapsed. To prevent the misuse of your e-mail address, the time of subscription, as well as the verification and your IP address at these times are stored.
(2) By subscribing, you are consenting to the storage of your e-mail address, the time of the subscription, as well as your IP address at this time, for a period of 48 hours. Through the verification, you are consenting to the storage of these data, as well as the time of verification and the IP address at this time for the duration until cancellation of the newsletter.
(3) You may cancel the newsletter at any time and thereby revoke your consent. For this, you can either use the link, which is contained in every newsletter, or revoke your consent. After unsubscribing, all of the above-mentioned data will be deleted. Clause 1 Subsection 3 S. 2 of this policy remains unaffected by this.
7. Objection against or revocation of processing your data
(1) A consent, which you have granted to process your data, is revocable at any time, without giving reasons and with effect for the future, in accordance with Art. 7 Subsection 3 GDPR.
(2) If we process personal data without your consent on the basis of legitimate interests in accordance with Art. 6 Subsection 1 S. 1 Letter f GDPR, you are entitled to a right to object in accordance with Article 21 GDPR. A valid objection is only possible, if you can demonstrate that the reasons oppose the processing of your data, which arise from your specific situation and our legitimate interests in data processing. Such a reason is not required, if you object to the processing of your data for direct marketing or for profiling purposes related to this.
(3) The revocation and objection shall be addressed to the controllers referred to under Clause 1 Subsection 2 of this policy and are possible by e-mail, as well as by post.
(4) In the case of a revocation or valid objection, the personal data shall be deleted at once, unless we are obligated to retain it on the basis of statutory provisions.
8. Links to other websites
Links to websites of other providers are included in our website. Please note that we have no influence on these providers complying with the statutory provisions on data privacy.
9. Newsletter tracking
(1) Please note that we evaluate your user behaviour when we send the newsletter. For this evaluation, the sent e-mails contain so-called web beacons and tracking pixels. These are single-pixel image files, which link to our websites and applications and thereby enable us to evaluate you user behaviour. This occurs by collecting the data referred to in Article 4, as well as web beacons, which are allocated to your e-mail address and linked to a dedicated ID. Links in the newsletter contain this ID. The information collected in this way is stored by the newsletter provider on a server with our service provider.
(2) You can object to this tracking at any time by clicking on the separate link, which is provided in every e-mail. Such tracking is also not possible, if you have deactivated the displaying of images by default in your e-mail program. In this case, however, the newsletter will not be completely displayed to you and you may possibly not be able to use all of the functions. If you display images manually, the above-mentioned tracking occurs.
10. Rights of data subjects
(1) You have the right:
- in accordance with Art. 7 Subsection 3 GDPR, you have the right to withdraw your given consent at any time. The consequence of this is that we may no longer continue the data processing, which was based on this consent, for the future;
- in accordance with Art. 15 GDPR, to request information from us about your personal data, which we process. In particular, you can request information about the processing purposes, the category of the personal data, the categories of recipients, to whom your data have been or will be disclosed, the planned storage duration, the existence of a right to correction, deletion, restriction of the processing or contradiction, the existence of a right of complaint, the origin of your data, if these have not been collected by us, as well as about the existence of automated decision-making, including profiling and possibly significant information about their details;
- in accordance with Art. 16 GDPR, you may immediately request the correction of inaccurate or completion of your personal data stored with us;
- in accordance with Art. 17 GDPR, request the deletion of our personal data stored with us, if the processing is not required to exercise the right of free expression of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Art. 18 GDPR, request the restriction of processing your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you reject the deletion and we no longer require the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, you can obtain your personal data, which you have provided to us, in a structured, commonly-used and machine-readable format or request that it be transmitted to another controller;
- in accordance with Art. 77 GDPR, you can lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual abode or workplace or our firm’s registered office.
11. Use of analysis tools
(1) The tracking measures listed below and used by use are performed on the basis of Art. 6 Subsection 1, Sentence 1 Letter f GDPR. With the tracking measures used, we intend to ensure a needs-based design and continuous optimisation of our website. On the other hand, we use the tracking measures, in order to statistically record the use of our website and evaluate them for the purpose of optimising our services for you. These interests are regarded as legitimate within the meaning of the foregoing regulation. The respective data processing purposes and data categories are shown in the corresponding tracking tools.
a) Web analysis by Matomo (formerly PIWIK). On our website, we use the Matomo (formerly PIWIK) open source software tool for analysing the surfing behaviour of our users. The software uses a cookie on the user’s computer. Please note Clause 3 of this policy for use of the cookies. If individual pages of our website are accessed, the following data are collected
- Two bytes of the IP address of the user’s accessing system
- The time of accessing the website
- The accessed website (side titles and URL)
- The website, from which the user has reached the accessed website (referrer)
- The sub-sites, from which the accessed website has been accessed
- The dwell time on the website
- The frequency of accessing the website
- The screen resolution used
- The time in the local time zone of the user
- Files, which have been clicked on for downloading
- The site generation time
- The location of the user (country, region, city, approximate longitude and latitude)
- Language settings of the browser used
- Operating system, browser version, end device (such as desktop, tablet, smartphone, TV, vehicle, console etc.)
12. Google Maps
(1) The Google Maps application can be used on our website. This way, we can display interactive maps directly in the website and enable you to use the map function conveniently.
(2) By visiting the website, Google receives the information that you have accessed the corresponding sub-site on our website. Furthermore, the data referred to under Clause 2 of this policy are sent. This occurs, irrespective of whether Google provides a user account, through which you are logged in or whether no user account exists. If you are logged into Google, your data are allocated directly to your account. If you do not want the allocation to your profile with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for advertising purposes, market research and/or needs-based design of its websites. Such an evaluation particularly occurs (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You are entitled to a right to object to the formation of these user profiles, whereby you must contact Google, in order to exercise this.
13. Google Fonts
14. Data security
(1) Within the website visit, we use the widely prevalent SSL procedure (secure socket layer) in conjunction with the respective highest encryption level, which is supported by your browser. As a rule, this involves 256-bit encryption. If your browser does not support 256-bit encryption, we resort to 128-bit v3 technology instead.
(2) You can identify whether an individual page of our Internet presence has been transferred using encryption, you can recognize this by the closed illustration of the key/lock symbol in the bottom status bar of your browser.
(3) We also use appropriate technical and organizational security measures, in order to protect your data from accidental or malicious manipulation, partial or complete loss, destruction of from unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.
24 May 2018