Privacy Policy

Processing personal data means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data. Without limitation, data processing means the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

We process personal data in accordance with the requirements and conditions described below using automated processing means based on the applicable legal bases for authorisation.

We do not use automated individual decision-making, including profiling, in accordance with Art. 22 GDPR.

Personal data comprises all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information such as your name, address, telephone number, email address, bank details or date of birth.

When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect personal data that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website to you and to guarantee stability and security:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Contents of the request (specific page)
• Access status / HTTP status code
• The amount of data transferred in each case
• Website from which the request came (referrer, if applicable)
• Operating system and interface, screen resolution and colour depth
• Language and browser software version

The legal basis is Art. 6(1)(f) GDPR ('legitimate interest').

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. As a rule, you will generally have to provide additional personal data for such purposes that we will then use to provide the relevant service. We explain this to you in this document.

On our website, we use the open source software tool Matomo, a service provided by InnoCraft Ltd, 150 Willis St., 6011 Wellington, New Zealand (“Matomo”) to analyze data traffic on the website and its reach. To fulfill this task and to ensure data security, we operate Matomo on our own server.

We do not use cookies for statistical analysis with Matomo. We also do not store any information on the requesting computers of our website visitors, nor do we access information that is already stored on the end devices of our visitors. No personal data is processed when Matomo is used in the configuration used by DORNBACH. The processing falls neither within the scope of the GDPR nor under the legal provisions for a consent requirement pursuant to Section 25 (1) TDDDG. Instead, Matomo uses log files that have already been created automatically when a web browser accesses our website.

Matomo processes the following data for purely statistical analysis:

• IP address of the requesting computer; this is anonymized before the analysis takes place
• Browser type
• Set language
• Operating system
• Time of visit, time spent on the website
• Pages accessed (URLs and page titles)
• Content loaded during the visit
• Frequency of visits to the website (aggregated file)

The Matomo software is set so that 1 byte of the IP address is masked before this information is analyzed. As a result, it is no longer possible to clearly identify the accessing computer in the statistical analysis with Matomo.

The statistical analysis only records visits to individual pages. Matomo does not create a profile of our visitors.

The data obtained with Matomo is not passed on to third parties or used for other purposes, in particular not for monitoring the performance or behavior of users.

Further information about Matomo can be found https://matomo.org/docs/privacy-how-to/. You can find Matomo's privacy policy https://matomo.org/privacy-policy/.

In addition to the data referred to above, cookies are stored on your computer when you use our website, provided that you have given us your consent to do so.

Cookies are small text files that are saved on the hard drive of your computer according to the web browser you use and that send certain information to the party who placed the cookie. Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make our website more user-friendly and functional.

The legal basis for this is Art. 6(1)(a) GDPR ('consent').

You can decide whether you give us consent for all cookies, only for certain types of cookies (e.g. necessity, performance, functionality, advertising) or no consent at all.

Necessity: These cookies are necessary for the proper functioning of our website and cannot be switched off in our system.

Performance: We use these cookies to provide statistical information about our website. They are used to measure and improve performance.

Functionality: We use these cookies to improve functionality and allow personalisation, such as videos and social media use.

Advertising: These cookies are set by the advertising partners on our website.

This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result. However, please note that if you do not provide your consent, or withdraw your consent, you may not be able to use all of the functions of our website.

The following sections provide you additional information on the use of cookies, provided that cookies are in use.

Detailed information can also be found in our cookie policy, which you can find under the last point of this privacy policy CookieFirst.

This website uses Google Ads, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google Ads to place targeted advertising. As part of this, various tracking and analysis mechanisms are used:

1. Use of Google Ads conversion tracking

Google Ads uses so-called cookies, which are stored on your end device and enable your use of the website to be analyzed. If you reach our website via a Google ad, a cookie is set for conversion tracking. These cookies do not contain any personal data. The information collected by the conversion cookie is used to create conversion statistics for Google Ads customers. We learn the total number of users who clicked on an ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

2. Google Ads Remarketing

This website uses Google's remarketing function. This function is used to present interest-based advertisements to visitors to the website as part of the Google advertising network. For this purpose, Google sets cookies that make it possible to recognize the visitor when he or she visits websites that belong to the Google advertising network.

If you do not want Google to carry out remarketing, you can make the appropriate settings in the Google ad settings (www.google.com/settings/ads) or deactivate the storage of cookies in your browser.

Your data is processed on the basis of Art. 6 para. 1 lit. a GDPR (“consent”). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages as a result. You can also revoke this consent here at any time with future effect without any disadvantages for you.

Google also processes your personal data in the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-U.S. Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR.
The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

You can find more information about Google Ads here: www.google.com/privacy/ads.
You can view Google's privacy policy here: www.google.de/intl/de/policies/privacy.

We will process any data you provide to us when you contact us by email or via a contact form. The only mandatory information includes your name and email address, the desired DORNBACH location to which you wish to send your contact request and the subject of your request. This information is necessary so that we can respond to your enquiry appropriately. You can provide other personal data on a voluntary basis if you wish (for example, we require you to share your telephone number if you ask us to call you back; we require you to share your address if you wish us to send you information materials by post). We will store your personal data in order to answer your questions and satisfy your requests. We erase data collected in this context after retention is no longer necessary, or limit processing if statutory retention obligations apply.

The legal basis is Art. 6(1)(f) GDPR ('legitimate interest').

In the case of existing client relationships or other fee-based contractual relationships, we additionally intend to process data you have provided to us, or that we have collected, for marketing purposes.

According to the recitals of the GDPR, there is a legitimate interest with regard to so-called direct marketing (Recital 47, seventh sentence). The term direct marketing refers to direct contact with a customer from a provider with the aim of promoting the sale of fee-based services. Satisfaction surveys or participation in other surveys may also fall within the legal definition of marketing. Other applicable legal requirements (in particular section 7 (3) Act on Unfair Competition ('UWG') and the ePrivacy Regulation) are, of course, observed.

In this context, the legal basis is Art. 6(1)(f) GDPR ('legitimate interest').

Absent an existing client relationship or other fee-based contractual relationship, we will only process your personal data for marketing purposes if you have given us your consent to do so (Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR). Based on your voluntary consent you can, for example, also subscribe to our newsletter which we use to provide you information about our current offerings. Services, etc. that are included in the advertising are referred to below and additionally in the declaration of consent. We use the 'double opt-in' process to register for our newsletter on our homepage. This means that after you register, we will send an email to the email address you have provided in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this process is to be able to verify your registration and, if necessary, to clarify any potential misuse of your personal data. The only mandatory information required to send the newsletter is your email address and the desired information. The provision of additional, separately marked data is voluntary and is used to be able to personalise your content. After your confirmation, we will store your personal data for the purpose referred to above.

The legal basis for this is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR ('consent'). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result, whereby we will not be able to send you the newsletter in such cases. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

The failure to provide this consent, or its withdrawal, does not preclude the application of the legal bases for data processing including, without limitation, Art. 6(1)(b) GDPR ('necessary for the performance of a contract'), Art. 6(1)(c) GDPR ('legal obligation') and Art. 6(1)(f) GDPR ('legitimate interest').

Marketing is sent by post, electronically (including email, social media), by SMS/MMS or by phone call to the extent permitted by law.

Without limitation, marketing measures relate to newsletters, info letters, invitations and announcements of events as well as all DORNBACH services.

Marketing may also be undertaken by other DORNBACH Group companies (an overview of the individual companies can be found at https://www.dornbach.de/de/impressum.html) to the extent permitted by law. Your personal data may be sent to these DORNBACH Group companies for the marketing purposes referred to above and processed for such marketing purposes.

You can object to the processing of your personal data for marketing purposes at any time. The relevant contact details are provided above and at the end of this document. In such cases, your personal data will no longer be processed for marketing purposes and will be deleted from the corresponding marketing distribution lists.

You may withdraw your consent at any time. You can withdraw your consent by clicking on the link provided in each newsletter email or by sending a message to the contact details listed in this document. Withdrawing your consent does not affect the lawfulness of processing performed prior to your withdrawal.

Among other means, we use the CleverReach email tool to send our newsletter. This tool is operated by CleverReach GmbH & Co KG, Mühlenstraße 43, 26180 Rastede, Germany. As part of this process, your data (email address, IP address) will also be processed by CleverReach in accordance with our instructions on the basis of a contract data processing agreement entered into pursuant to Art. 28 GDPR. Your data will not be shared with other third parties for purposes of receiving the newsletter and CleverReach is not granted any rights to share your data. You can find additional information in CleverReach's Privacy Policy: https://www.cleverreach.com/de/datenschutz/.

We regularly organise seminars and events for clients and prospective clients on current topics in auditing, tax consultancy, legal advice and IT services.

You can make a binding registration for these seminars and events via our homepage by mail or email. We process the following mandatory data in this regard: company, attendee name and email address. Without limitation, this serves to enable us to associate your registration to a specific person and to send you relevant information on the date and content of the event as well as a certificate of participation if desired. We also need your address in order to send you an invoice if the seminar or event is subject to a fee.

If you do not provide us the mandatory information referred to above, we cannot provide you access to our seminars and events as this information is required for the performance of the contract. In addition, you can provide your telephone number on a voluntary basis should there be any questions.

The legal basis is Art. 6(1)(b) GDPR ('necessary for the performance of a contract').

We have integrated YouTube videos into our website. These videos are stored at http://www.YouTube.com and can be played directly from our website. These videos are integrated in 'extended privacy mode', i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Data referred to in the section 'Collection of personal data when visiting our website' of this privacy notice will first be transmitted once you play the videos. We have no influence on this data transmission.

Cookies are only set if you provide us your consent to do so. The legal basis for this is Art. 6(1)(a) GDPR ('consent'). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

When you visit this website, YouTube is notified that you have accessed the corresponding subpage on our website. In addition, data referred to above in the section 'Collection of personal data when visiting our website' of this privacy notice will be transmitted. This is regardless of whether YouTube has provided a user account through which you are logged in or even if you do not have a user account. If you are logged into a Google account, your information will be directly associated with your account. If you do not wish this information to be associated with your YouTube profile, you must log out before clicking a button. YouTube stores your data as usage profiles and uses your data for the purposes of advertising, market research and/or tailoring its website to your needs. Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles; you must contact YouTube to exercise this right.

For more information about the purpose and scope of data collection and its processing by YouTube, please refer to its Privacy Policy. You will find further information on your rights and options for protecting your privacy at: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

The legal basis is Art. 6(1)(f) DS-GVO ('legitimate interest'). Cookies are only set with your consent. The legal basis for this is Art. 6(1)(a) GDPR ('consent').

We use Google reCAPTCHA, a service provided by Google, on our websites.

Google reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, Google reCAPTCHA analyses the behaviour of the respective website visitor based on various characteristics. This analysis starts automatically as soon as the visitor accesses the website. To perform this analysis, Google reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The Google reCAPTCHA analyses run completely in the background. Visitors to the website are not informed that an analysis is taking place.

Further information about Google reCAPTCHA and Google's Privacy Policy can be found at: https://www.google.com/policies/privacy/

The legal basis is Art. 6(1)(f) GDPR ('legitimate interest').

We do not use social media plug-ins.

Our pages merely include links to our profiles on Facebook, LinkedIn, Xing, Google My Business, Instagram.

For more information about the purpose and scope of data collection and its processing by the provider when you visit its website, please refer to the respective provider's privacy policy listed below. Here, you will also find further information on your rights and the settings options for protecting your privacy.

Addresses for the respective providers and URL with their privacy policies:

• Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-onother#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.
• Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA; https://www.google.com/policies/privacy/partners/?, hl=en. Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA; https://help.instagram.com/155833707900388.

We use the functions of Google Maps, a service provided by Google, on our website. This allows us to display interactive maps directly on our website and enables you to conveniently use the map function.

Cookies are only set if you provide us your consent to do so. The legal basis for this is Art. 6(1)(a) GDPR ('consent'). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

When you visit our website, Google is notified that you have accessed the corresponding subpage of our website. In addition, data referred to in the section 'Collection of personal data when visiting our website' of this privacy notice will be transmitted. This is done regardless of whether you are logged into a Google account or not. If you are logged into a Google account, your information will be directly associated with your account. If you do not wish this information to be associated with your Google profile, you must log out of Google before clicking a button. Google stores your data as usage profiles and uses it for purposes of advertising, market research and/or tailoring its website to your needs. Such evaluation also takes place (even for users who are not logged in) for the purpose of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right.

For more information about the purpose and scope of data collection and its processing, please refer to the provider's privacy policy. You will find further information on your corresponding rights and options for protecting your privacy at: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

We publish a variety of articles on topics related to our activities in our blog. You are not able to make public comments but may share our articles on social networks using a share function.

If you apply for a job with us, we will process data you provide in order to determine whether we would like to establish and maintain an employment relationship with you.

If you apply online via our career portal, your data will be stored and processed on systems operated by our software partner, rexx Systems GmbH. The appropriate contract was concluded with this service provider in accordance with Art. 28 GDPR. Our software partner, rexx Systems GmbH, will process your data only in accordance with applicable legal requirements and only in accordance with instructions provided within the scope of performing a contract as a contract data processor. It has also taken the necessary security measures as well as technical and organisational measures.

During the application process, customary correspondence data such as postal address, email address and telephone numbers will be stored in addition to salutation, last name and first name. In addition, other application documents such as a cover letter, curriculum vitae, vocational, educational and other training qualifications as well as job references will also be stored.

As a rule, application data entered by you and sent to us will only be processed until a decision on hiring is made provided that you are not hired. Data will be deleted four months after sending the rejection or after returning the application documents to the applicant.

We will retain your data in an applicant pool only with your express consent. The maximum retention period is two years. This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

If we enter into an employment relationship with you, data you have provided us with will be processed to establish, maintain and, if necessary, terminate the employment relationship.

Data can be processed for statistical purposes (e.g. reporting). In such cases, it is not possible to identify specific persons.

The legal basis is section 26 of the Federal Data Protection Act ('BDSG') (Section 26 (8), second sentence BDSG).

The maximum duration of storage depends on the purpose of the data processing. The duration of storage depends in particular on the period for which storage is required to fulfill the purpose. The data is also processed to fulfill legal obligations (e.g. retention obligations under commercial and tax law pursuant to Section 257 of the German Commercial Code (“HGB”), Section 147 of the German Fiscal Code (“AO”) for up to ten years).

We transmit your data to operational departments within DORNBACH to the extent necessary.

Your personal data may be transferred to the DORNBACH Group companies listed here if this is necessary for handling the client relationship. The legal basis is Art. 6(1)(b) GDPR ('necessary for the performance of a contract').

Authorisation for any further data transfer within the DORNBACH Group is provided by Art. 6(1)(f) ('legitimate interest'). According to this provision, data processing is lawful if the processing is necessary to pursue our legitimate interests, unless the interests or fundamental rights of the data subject outweigh such processing. Recital 48 of the GDPR specifies the legitimate interest in transmission within a group of companies. According to this Recital, a transfer within a group of companies for internal administrative purposes with regard to the processing of customer/client data is deemed to qualify as a legitimate interest on our part within the meaning of Art. 6(1)(f) GDPR.

As a party subject to professional confidentiality obligations, we are obliged to maintain and implement professional confidentiality. Each transmission referred to above takes this obligation into account. Of course, no transfer will be made if professional confidentiality obligations would preclude the transfer concerned.

Additional recipients will only receive data you have provided us at your request, provided you have released us from our professional confidentiality obligations.

In some cases, we use external service providers to process your data. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. All requirements imposed by Art. 28 GDPR are observed.

Your personal data is processed entirely within Germany or other member states of the European Union. We will not transfer your personal data to countries outside the member states of the European Union (so-called third countries) or to other international organisations unless otherwise stated in this document.

Taking into account the provisions of Articles 24, 25 and 32 GDPR, we undertake all necessary technical and organisational measures to protect your personal data against loss, destruction, access, modification, dissemination by unauthorised persons and misuse.

For example, we comply with legal requirements regarding the pseudonymisation and encryption of personal data, confidentiality, integrity, availability and resilience of systems and services related to data processing, the availability of personal data and the ability to quickly restore such data in the event of a physical or technical incident, and the establishment of procedures for the regular testing, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of the processing.

Furthermore, we also observe the requirements of Art. 25 GDPR with regard to the principles of 'privacy by design' and 'privacy by default'.

You have the right to receive information about your personal data at no charge and, if the legal requirements are met, the rights to rectification, blocking and erasure of your data, to restriction of processing, to data portability, and the right to object.

You may object to processing in cases where we are processing your personal data on the basis of a weighing of interests. Without limitation, this is the case if the processing concerned is not necessary for the performance of a contract with you. When asserting such an objection, we ask that you please explain the reasons why we should not process your personal data as we have previously. Should you have a legitimate objection, we will review the facts and either discontinue or modify our data processing or provide you with compelling legitimate grounds on the basis of which we intend to continue processing.

You also have the opportunity to lodge a complaint with the competent supervisory authority (e.g. State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz, Germany).

If you have any questions regarding the processing of your personal data, questions relating to the above-mentioned rights and their exercise, or suggestions, please contact us or our external data protection officer:

Ms Susanne Kamm
Dr. Dornbach Consulting GmbH
Anton-Jordan-Straße 1
56070 Koblenz, Germany
Mail: Turn on Javascript!
Phone: +49 (0) 261 9431 - 434

The DORNB@SE intranet is an internal platform for our employees.

The processing of personal data on the intranet is carried out in accordance with our data protection regulations.

General information on data protection can be found in this privacy policy.