Welcome to the website of Klaus + Partner Steuer und Recht. This data protection statement will explain which Personal Data are collected on our website and how they are used. We generally strive to limit the amount of data that is collected via our website or processed. However, we would like to inform you with respect to the EU General Data Protection Regulation (EC/GDPR), particularly about your respective rights. Should you have any questions with regard to the following information, our Managing Partners and our Data Protection Officer will be happy to assist.
Klaus + Partner Steuer und Recht
Hugenottenallee 171 a
Data Protection Officer:
Address, Phone, Fax: as above
For data protection reasons, we like to give you the following explanations:
- The provision of Personal Data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner).
- Occasionally, the conclusion of a contract may require that a Data Subject provides us with Personal Data that must subsequently be processed by us.
- The Data Subject is, for example, obliged to provide us with Personal Data when our company signs a contract with him or her.
- The non-provision of the Personal Data would have the consequence that the contract with the Data Subject could not be concluded.
II. Privacy statement relating to our website and our services and performances
Our privacy statement is based on the General Data Protection Regulation (GDPR). It should be legible and understandable for the general public, as well as our customers and business partners. We hope that we have succeeded in doing so.
If you have any inquiries or suggestions to improve this privacy statement, please contact us.
The terms contained in the GDPR are defined in its article 4. Since our privacy statement is based on the GDPR, we like to briefly describe the relevant terms as follows. In doing so, we have followed Article 4 of the GDPR.
- „Personal Data“ means any information relating to an identified or identifiable natural person (hereinafter called ‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- „ Processing“ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;
- „Restriction of Processing“ means the marking of stored Persoal Data with the aim of limiting their Processing in the future;
- „Profiling“ means any form of automated Processing of Persoal Data consisting of the use of these Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- „ Pseudonymisation“ means the Processing of Personal Data in such a manner that these Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
- „Data System“ means any structured collection of Personal Data accessible according to specific criteria, irrespective of whether this collection is managed centrally, decentrally or according to functional or geographical aspects;
- „Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- „Processor“ means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
- „Recipient“ means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as Recipients; the Processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the Processing;
- „Third Party“ means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data;
- „Consent“ of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by another clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;
- „Personal Data Breach“ means a breach of security leading to the accidental or unlawful destruction, loss or alteration, whether unauthorised or unlawful, or disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
- „Cross-Border Processing“ means either
- the Processing of Personal Data which takes place in the context of the activities of establishments in more than one Member State of a Controller or Processor in the Union where the Controller or Processor is established in more than one Member State; or
- ethe Processing of Personal Data which takes place in the context of the activities of a single establishment of a Controller or Processor in the Union but which substantially affects or is likely to substantially affect Data Subjects in more than one Member State.
IV. Name and Address of Controllers
Klaus + Partner
Data Protection Officer
Hugenottenallee 171a, 63263 Neu-Isenburg, Germany
Phone: +49 6102 71 17 0
Fax: +49 6102 71 17 0
V. Data collection on our website and data collected by third parties accessing our website
1. Collection of general data and information
Our website collects a series of general data and information when a Data Subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites reached by an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using this general data and information, we as a firm do not draw any conclusions about the Data Subject. This information is rather needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertising, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the case of a cyber-attack. Therefore, Klaus+Partner analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the Personal Data we process. The anonymous data of the server log files are stored separately from all Personal Data provided by a Data Subject.
The Data Subject may at any time,prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers If the Data Subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
This website uses Borlabs Cookie which is a technically necessary cookie (Borlabs-cookie) in order to record your cookie consent. Borlabs Cookie does not process any personal data.
The cookie consent you give when logging onto the website is stored in the cookie Borlabs-cookie. Should you wish to revoke your consent then you can do so here: Revoke Cookie settings. This means that when you log on in future on the website, you will be asked again to give your consent to the cookies which can be used.
3. Content, services and performances provided by third parties
Our services sometimes include content, services and performances of third-party providers. These are, for exampled, maps provided by Google Maps, videos provided by YouTube as well as graphics and pictures of other websites. In order for this data to be able to be retrieved and displayed in the user’s browser, the transmission of the IP address is mandatory. The providers therefore notice the IP address of the respective user.
Although we try to work exclusively with third-party providers who require the IP address only to deliver content, we have no influence on whether the IP address is stored. In that case, this procedure serves inter alia for statistical purposes.
is currently not being used by us.
On our website we use components (videos) from the corporation YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA which is a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
In the process we use the option which is offered by YouTube – „extended data protection mode“. If you access a page which contains an embedded video, a connection to the YouTube servers will be triggered off and the contents will be portrayed on the internet page by means of a message sent to your browser.
According to the statements made by Google, when in the „ extended data protection mode“, data is only transferred to the YouTube server – in particular that data which has been generated upon visiting our internet pages – when you watch the video. Should you at the same time be logged into YouTube this information will be assigned to your member account at YouTube. This can be prevented by signing out on your member account before visiting our website.
Additional information concerning YouTube’s policy on data protection has been made available on the following link: https://www.google.de/intl/de/policies/privacy/
Our website uses Google Maps to display interactive maps and provide travel directions. Google Maps is a web service of Google Inc.,1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When you access the sub-pages that contain the Google Maps map, information about your use of our website (including your IP address) and the (start) address you have entered into the route planning function can be transmitted to and stored by Google on servers in the United States. The map content is transmitted by Google directly to your browser by which it is integrated into the website. Therefore, we have no influence on the amount of data collected by Google in this way. We have no influence on how these data are further processed and used by Google and therefore can assume no responsibility for this.
In order to protect input forms on our page we use the service “ reCAPTCHA“ from the firm Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter „Google“. By using this service it is possible to determine whether the appropriate entry or input is of human origin or if it has been improperly executed by means of automated mechanical processing.
To the best of our knowledge, the following information is transferred to „Google“:- the referrer URL, the IP address, the behaviour of the web page visitor, information concerning the operation system, browser and length of time spent on our internet pages, cookies, presentation instructions and scripts, the input behaviour of the user together with mouse movements in the domain of the „reCAPTCHA“ checkbox.
The information so obtained by Google is used inter alia for the following:- to digitalize books and other printed matter and to optimize services such as Google Street View and Google Maps (for example street and house numbers, street name recognition and detection).
The IP address conveyed within the framework of „reCAPTCHA“is not matched to or joined with any data at Google with the exception that you are signed in on your Google account at the time you are using the „reCAPTCHA“ plug-ins. Should you wish to prevent this transfer and storage of data by Google concerning your person and your conduct when visiting our web page, you have to log off from Google before visiting our page or use the reCAPTCHA plug-in.
- Google Analytics
The Controller responsible for Processing has integrated the Google Analytics components (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, gathering and evaluation of data relating to the conduct of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. A web analysis is mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
For the web analysis through Google Analytics the Controller uses the application “_gat. _anonymizeIp”. By means of this application, the IP address of the Internet connection of the Data Subject is abridged by Google and anonymised when accessing our Internet pages from a Member State of the European Union or another contracting state to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website, to provide us with online reports which show the activities on our websites, and other services concerning the use of our website.
Google Analytics places a cookie on the information technology system of the Data Subject. What cookies are has already been explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website which is operated by the Controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the Data Subject will automatically submit data to Google through the Google Analytics component for the purpose of online analysis. In the course of this technical procedure, Google gains knowledge of Personal Data such as the IP address of the Data Subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of the Data Subject’s v isits to our website. With each visit to our Internet pages, such Personal Data, including the IP address of the Internet access used by the Data Subject, will be transmitted to Google in the United States of America. These Personal Data are stored by Google in the United States of America. Google may pass these Personal Data collected through the technical procedure to third parties.
As already described above, the Data Subject may at any time prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the Data Subject’s information technology system. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Alternatively to the browser add-on or in browsers on mobile devices, please click on the following hyperlink to prevent Google Analytics from tracking within this website: Deactivate Google Analytics (the opt-out works only in the respective browser and only for the respective domain).
- Google Web Fonts and Google CDN
This site uses so-called web fonts, provided by Google for the uniform representation of fonts. Google CDN, a content delivery network, is used as well. Google CDN uses Google’s globally dispersed edge points of presence to cache HTTP(S) load balanced content close to users. The caching of content at the edge of the Google network allows to quickly provide users with content, at the same time reducing the costs of provision.
Web fonts: When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, your browser has to create a connection with the servers of Google. Hereby Google obtains knowledge that our website was called up via your IP address. Google Web Fonts and CDN are used in the interest of a uniform and appealing presentation of our online services. Pursuant to Article 6(1) lit f of the GDPR, this is a legitimate interest.
If your browser does not support web fonts, a default font will be used by your computer.
VI. Links to other websites
We assume no responsibility for the collection, processing and use of data by any third parties.
You will recognize websites of third parties because they are always opened in an own browser window. In contrast, new pages of our website always open in a new tab of your browser.
VII. Deletion and blocking of data with personal content
The data Controller shall process and store the Personal Data of the Data Subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the Controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the Personal Data are routinely blocked or deleted in accordance with legal requirements.
VIII. Your rights
Right to confirmation
Each Data Subjcet shall have the right granted by the European legislator to obtain from the Controller the confirmation as to whether or not Personal Data concerning him or her are being processed. If a Data Subject wishes to avail himself or herself of this right of confirmation, he or she may at any time contact any employee of the Controller. In such case, please contact the management.
Right to information
Each Data Subject shall have the right granted under the European directives and legislation to obtain from the Controller free information about his or her Personal Data stored at any time, and a copy of this information. Furthermore, the European legislator grants the Data Subject access to the following information:
- the Processing purposes
- the categories of Personal Data that are processed
- the Recipients or categories of Recipients to whom the Personal Data have been or will be disclosed, in particular Recipients in third countries or international organizations
- where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the Controller rectification or deletion of Personal Data, or restriction of Processing of Personal Data concerning the Data Subject, or to object to such Processing
- the existence of the right to lodge a complaint with a supervisory authority
- where the Personal Data are not collected from the Data Subject any available information as to the source of these data
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such Processing for the Data Subject
Furthermore, the Data Subject shall have a right to obtain information as to whether Personal Data are transferred to a third country or to an international organization. Where this is the case, the Data Subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a Data Subject wishes to avail himself or helself of this right of confirmation, he or she may at any time contact an employee of the Controller. In such case, please contact the management.
Right to rectification
Each Data Subject shall have the right granted by the European legislator to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the Processing, the Data Subject shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
If a Data Subject wishes to avail himself or herself of this right of rectification, he or she may at any time contact an employee of the Controller. In such case, please contact the management.
Right to deletion (Right to be forgotten)
Each Data Subject shall have the right granted by the European legislator to request from the Controller the deletion of Personal Data concerning him or er without undue delay, and the Controller shall have the obligation to delete such Personal Data without undue delay where one of the following grounds applies, as long as Processing is not necessary.
- The Personal Data are no longer required for the purposes for which they were collected or otherwise processed.
- The Data Subject withdraws his or her consent on which the Processing is based pursuant to Article 6(1) lit. a of the GDPR, or Article 9(2) lit. a of the GDPR, and where there is no other legal ground for this Processing.
- The Data Subject objects to the Processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the Processing, or the Data Subject objects to the Processing pursuant to Article 21(2) of the GDPR.
- The Personal Data was processed unlawful.
- The Personal Data has to be deleted for compliance with a legal obligation under Union or Member State law to which the Controller is subject.
- The Personal Data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a Data Subject wishes to request the deletion of Personal Data stored by Klaus+Partner, he or she may at any time contact an employee of the Controller. Please contact us. The responsible employees of Klaus+Partner will promptly ensure that the deletion request is complied with immediately.
Where Klaus+Partner have made Personal Data public and, pursuant to Article 17(1), are obliged to delete these Personal Data, Klaus+Partner, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other Controllers processing the Personal Data, that the Data Subject has requested deletion by such Controllers of any links to, or copy or replication of those Personal Data, as far as the Processing is not required. The responsible employee of Klaus+Partner (see above contact) will arrange for the necessary measures in individual cases.
Right to restriction of processing
Any Data Subject shall have the right granted by the European legislator to request from the Controller the restriction of Processing in either of the following circumstances:
- The accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data.
- The Processing is unlawful and the Data Subject opposes the deletion of the Personal Data and requests instead the restriction of their use.
- The Controller no longer needs the Personal Data for the purposes of the Processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims.
- The Data Subject has objected to Processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
If one of the aforementioned conditions is met and a Data Subject wishes to request the restriction of the Personal Data stored by Klaus+Partner, he or she may at any time contact the management of the Controller. The management will arrange for the restriction of the Processing.
Right to data portability
Each Data Subject shall have the right granted by the European legislator to receive the Personal Data concerning him or her, which was provided to a Controller in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another Controller without hindrance from the Controller to which the Personal Data has been provided, as long as the Processing is based on consent pursuant to Article 6(1) lit. a of the GDPR or Article 9(2) lit. a of the GDPR, or on a contract pursuant to Article 6(1) lit. b of the GDPR and the Processing is carried out by automated means, as long as the Processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the Data Subject shall have the right to have Personal Data transmitted directly from one Controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the Data Subject may at any time contact Klaus+Partner.
Right to object
Each Data Subject shall have the right granted by the European legislator to object at any time, on grounds relating to his or her particular situation, to the Processing of Personal Data concerning him or her, which is based on point Article 6(1) llit. e or f of the GDPR. This also applies to profiling based on these provisions.
We shall no longer process the Personal Data in the event of objection, unless we can demonstrate compelling legitimate grounds for the Processing, which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims.
If we process Personal Data for direct marketing purposes, the Data Subject shall have the right to object at any time to the Processing of his or her Personal Data for such direct marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the Data Subject objects to Klaus+Partner to the Processing for direct marketing purposes, Klaus+Partner will no longer process the Personal Data for these purposes.
In addition, the Data Subject has the right, on grounds relating to his or her particular situation, to object to our Processing of his or her Personal Data for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless this Processing is necessary for the performance of a task carried out for reasons of public interest.
In order to avail of the right to object, the Data Subject may at any time contact the management. In addition, the Data Subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.
RIght to file an objection with a supervisory authority
If you find that the processing of your Personal Data is unlawful, you are entitled to file an objection with a supervisory authority responsible for data protection, that is competent for your place of residence, workplace or the place of the presumed infringement.
Automated decision-taking and profiling
We refrain from automated decision-making or profiling.
Right to withdraw consent under data protection law
Each Data Subject shall have the right granted by the European legislator to withdraw at any time consent to the processing of his or her Personal Data.
Should the Data Subject want to assert his or her right to withdraw consent, he or she may at any time contact the management.
IX. Legal basis
The legal basis is the GDPR, whereby the Processing of the Personal Data relies on the following articles:
- Art. 6 I lit. a of the GDPR: the Data Subject has given his or her consent to the Processing of his or her Personal Data for one or more specific purposes, e.g. when subscribing for our newsletter.
- Art. 6 I lit. b of the GDPR: The Processing is necessary for the performance of a contract to which the Data Subject is party, or in order to take steps at the Data Subject’s request prior to enter into a contract, e.g. if you like to attend an event or book a room or make a reservation.
- Art. 6 I lit. c of the GDPR: The Processing is necessary for compliance with a legal obligation to which the Controller is subject, e.g. tax obligations to which our firm is subject.
- Art. 6 I lit. d of the GDPR: The Processing is necessary to protect vital interests of the Data Subject or another natural person.
- Art. 6 I lit. f of the GDPR: All Processing operations to which none of the aforementioned articles apply, these operations being necessary to keep a legitimate interest of our firm or any third party, provided there are no overriding interests, fundamental rights and fundamental freedoms of the Data Subject. Should the Processing of Personal Data rely on this Art. 6 I lit. f of the GDPR, our legitimate interest would be to carry out the activities of our firm in favor of the well-being of our clients.
X. Storage period for personal data
The criterion for the storage period for Personal Data is the respective legal retention period. Following the expiry of the respective period, the relevant data will be deleted routinely provided they are no longer needed for contract performance or contract initiation.
XI. Other information
In their role as Controller of the Processing, Klaus+Partner have implemented a numerous technical and organizational measures to ensure the widest possible protection of the Personal Data that are processed via this website. However, since web-based data transmissions may have security gaps, absolute protection cannot be guaranteed. Therefore, any Data Subject is free to communicate to us their Personal Data in another way, e.g. by phone.