Privacy Policy

This Privacy Policy satisfies applicable statutory information obligations for DORNBACH GmbH auditing and tax consultancy company, Anton-Jordan-Straße 1, D-56070 Koblenz, Fon: +49 (0) 261/9431-0, mail: datenschutz@dornbach.de, its branch offices and all additional companies included in the DORNBACH Group (an overview of the individual companies may be found here) (hereinafter also referred to collectively as 'DORNBACH') for purposes of Article 13 of the General Data Protection Regulation ('GDPR') with regard to the processing of personal data on our common homepage. We provide information below about what personal data of yours we process and in what form. Please feel free to contact us should you have any questions. Our contact details can be found above and at the end of this document.

Data Protection Officer

If you have any questions regarding the processing of your personal data, you can contact the Data Protection Officer for the relevant company in the DORNBACH Group who is available in cases of requests for information, comments or complaints. You can find them under the site information.

Mail: datenschutz@dornbach.de
As on: January 2020

Personal data

Personal data comprises all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information such as your name, address, telephone number, email address, bank details or date of birth.

Processing personal data

Processing personal data means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data. Without limitation, data processing means the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

We process personal data in accordance with the requirements and conditions described below using automated processing means based on the applicable legal bases for authorisation.

We do not use automated individual decision-making, including profiling, in accordance with Art. 22 GDPR.

Collection of personal data when you visit our website

When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect personal data that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website to you and to guarantee stability and security:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (specific page)
  • Access status / HTTP status code
  • The amount of data transferred in each case
  • Website from which the request came (referrer, if applicable)
  • Operating system and interface, screen resolution and colour depth
  • Language and browser software version

The legal basis is Art. 6(1)(f) GDPR ('legitimate interest').

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. As a rule, you will generally have to provide additional personal data for such purposes that we will then use to provide the relevant service. We explain this to you in this document.

Use of Cookies

In addition to the data referred to above, cookies are stored on your computer when you use our website, provided that you have given us your consent to do so.

Cookies are small text files that are saved on the hard drive of your computer according to the web browser you use and that send certain information to the party who placed the cookie. Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make our website more user-friendly and functional.

The legal basis for this is Art. 6(1)(a) GDPR ('consent').

You can decide whether you give us consent for all cookies, only for certain types of cookies (e.g. necessity, performance, functionality, advertising) or no consent at all.

Necessity: These cookies are necessary for the proper functioning of our website and cannot be switched off in our system.

Performance: We use these cookies to provide statistical information about our website. They are used to measure and improve performance.

Functionality: We use these cookies to improve functionality and allow personalisation, such as videos and social media use.

Advertising: These cookies are set by the advertising partners on our website.

This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result. However, please note that if you do not provide your consent, or withdraw your consent, you may not be able to use all of the functions of our website.

The following sections provide you additional information on the use of cookies, provided that cookies are in use.

Detailed information can also be found in our cookie policy, which you can find under the last point of this privacy policy CookieFirst.

Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. ('Google'). Google Analytics uses cookies, which are text files placed on your computer that permit an analysis to be made of how you use the website.

Cookies are only set if you provide us your consent to do so. The legal basis for this is Art. 6(1)(a) GDPR ('consent'). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

As a rule, the information generated by the cookie about your use of the website will be transmitted to, and stored by, Google on servers in the United States. However, if IP anonymisation is enabled on this website, your IP address will first be abbreviated by Google within the Member States of the European Union or countries which are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will your complete IP address be transferred to a Google server in the United States and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities for website operators, and to provide additional services related to the use of the website and the internet.

The IP address transferred by your browser in connection with Google Analytics will not be associated with other data held by Google.

This website uses Google Analytics with the extension '_anonymizeIp()'. This means that IP addresses are further processed in a shortened form, thus preventing the identification of specific individuals. If the data collected about you is personally identifiable, it will be blocked immediately, and the personal data deleted as soon as possible.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics gathered in this fashion make it possible to improve our website and make it more attractive for you as a user. For the exceptional cases in which personal data is transferred to the United States, Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Information about the third-party service provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the Privacy Policy: http://www.google.de/intl/de/policies/privacy.

Contact form

We will process any data you provide to us when you contact us by email or via a contact form. The only mandatory information includes your name and email address, the desired DORNBACH location to which you wish to send your contact request and the subject of your request. This information is necessary so that we can respond to your enquiry appropriately. You can provide other personal data on a voluntary basis if you wish (for example, we require you to share your telephone number if you ask us to call you back; we require you to share your address if you wish us to send you information materials by post). We will store your personal data in order to answer your questions and satisfy your requests. We erase data collected in this context after retention is no longer necessary, or limit processing if statutory retention obligations apply.

The legal basis is Art. 6(1)(f) GDPR ('legitimate interest').

Marketing

In the case of existing client relationships or other fee-based contractual relationships, we additionally intend to process data you have provided to us, or that we have collected, for marketing purposes.

According to the recitals of the GDPR, there is a legitimate interest with regard to so-called direct marketing (Recital 47, seventh sentence). The term direct marketing refers to direct contact with a customer from a provider with the aim of promoting the sale of fee-based services. Satisfaction surveys or participation in other surveys may also fall within the legal definition of marketing. Other applicable legal requirements (in particular section 7 (3) Act on Unfair Competition ('UWG') and the ePrivacy Regulation) are, of course, observed.

In this context, the legal basis is Art. 6(1)(f) GDPR ('legitimate interest').

Absent an existing client relationship or other fee-based contractual relationship, we will only process your personal data for marketing purposes if you have given us your consent to do so (Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR). Based on your voluntary consent you can, for example, also subscribe to our newsletter which we use to provide you information about our current offerings. Services, etc. that are included in the advertising are referred to below and additionally in the declaration of consent. We use the 'double opt-in' process to register for our newsletter on our homepage. This means that after you register, we will send an email to the email address you have provided in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this process is to be able to verify your registration and, if necessary, to clarify any potential misuse of your personal data. The only mandatory information required to send the newsletter is your email address and the desired information. The provision of additional, separately marked data is voluntary and is used to be able to personalise your content. After your confirmation, we will store your personal data for the purpose referred to above.

The legal basis for this is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR ('consent'). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result, whereby we will not be able to send you the newsletter in such cases. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

The failure to provide this consent, or its withdrawal, does not preclude the application of the legal bases for data processing including, without limitation, Art. 6(1)(b) GDPR ('necessary for the performance of a contract'), Art. 6(1)(c) GDPR ('legal obligation') and Art. 6(1)(f) GDPR ('legitimate interest').

Marketing is sent by post, electronically (including email, social media), by SMS/MMS or by phone call to the extent permitted by law.

Without limitation, marketing measures relate to newsletters, info letters, invitations and announcements of events as well as all DORNBACH services.

Marketing may also be undertaken by other DORNBACH Group companies (an overview of the individual companies can be found at https://www.dornbach.de/de/impressum.html) to the extent permitted by law. Your personal data may be sent to these DORNBACH Group companies for the marketing purposes referred to above and processed for such marketing purposes.

You can object to the processing of your personal data for marketing purposes at any time. The relevant contact details are provided above and at the end of this document. In such cases, your personal data will no longer be processed for marketing purposes and will be deleted from the corresponding marketing distribution lists.

You may withdraw your consent at any time. You can withdraw your consent by clicking on the link provided in each newsletter email or by sending a message to the contact details listed in this document. Withdrawing your consent does not affect the lawfulness of processing performed prior to your withdrawal.

Among other means, we use the CleverReach email tool to send our newsletter. This tool is operated by CleverReach GmbH & Co KG, Mühlenstraße 43, 26180 Rastede, Germany. As part of this process, your data (email address, IP address) will also be processed by CleverReach in accordance with our instructions on the basis of a contract data processing agreement entered into pursuant to Art. 28 GDPR. Your data will not be shared with other third parties for purposes of receiving the newsletter and CleverReach is not granted any rights to share your data. You can find additional information in CleverReach's Privacy Policy: https://www.cleverreach.com/de/datenschutz/.

Seminar registration / events

We regularly organise seminars and events for clients and prospective clients on current topics in auditing, tax consultancy, legal advice and IT services.

You can make a binding registration for these seminars and events via our homepage by mail or email. We process the following mandatory data in this regard: company, attendee name and email address. Without limitation, this serves to enable us to associate your registration to a specific person and to send you relevant information on the date and content of the event as well as a certificate of participation if desired. We also need your address in order to send you an invoice if the seminar or event is subject to a fee.

If you do not provide us the mandatory information referred to above, we cannot provide you access to our seminars and events as this information is required for the performance of the contract. In addition, you can provide your telephone number on a voluntary basis should there be any questions.

The legal basis is Art. 6(1)(b) GDPR ('necessary for the performance of a contract').

Integration of YouTube videos

We have integrated YouTube videos into our website. These videos are stored at http://www.YouTube.com and can be played directly from our website. These videos are integrated in 'extended privacy mode', i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Data referred to in the section 'Collection of personal data when visiting our website' of this privacy notice will first be transmitted once you play the videos. We have no influence on this data transmission.

Cookies are only set if you provide us your consent to do so. The legal basis for this is Art. 6(1)(a) GDPR ('consent'). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

When you visit this website, YouTube is notified that you have accessed the corresponding subpage on our website. In addition, data referred to above in the section 'Collection of personal data when visiting our website' of this privacy notice will be transmitted. This is regardless of whether YouTube has provided a user account through which you are logged in or even if you do not have a user account. If you are logged into a Google account, your information will be directly associated with your account. If you do not wish this information to be associated with your YouTube profile, you must log out before clicking a button. YouTube stores your data as usage profiles and uses your data for the purposes of advertising, market research and/or tailoring its website to your needs. Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles; you must contact YouTube to exercise this right.

For more information about the purpose and scope of data collection and its processing by YouTube, please refer to its Privacy Policy. You will find further information on your rights and options for protecting your privacy at: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

The legal basis is Art. 6(1)(f) DS-GVO ('legitimate interest'). Cookies are only set with your consent. The legal basis for this is Art. 6(1)(a) GDPR ('consent').

Use of Google reCAPTCHA

We use Google reCAPTCHA, a service provided by Google, on our websites.

Google reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, Google reCAPTCHA analyses the behaviour of the respective website visitor based on various characteristics. This analysis starts automatically as soon as the visitor accesses the website. To perform this analysis, Google reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The Google reCAPTCHA analyses run completely in the background. Visitors to the website are not informed that an analysis is taking place.

Further information about Google reCAPTCHA and Google's Privacy Policy can be found at: https://www.google.com/policies/privacy/

The legal basis is Art. 6(1)(f) GDPR ('legitimate interest').

No use of social media plug-ins

We do not use social media plug-ins.

Our pages merely include links to our profiles on Facebook, LinkedIn, Xing, Google My Business, Instagram.

For more information about the purpose and scope of data collection and its processing by the provider when you visit its website, please refer to the respective provider's privacy policy listed below. Here, you will also find further information on your rights and the settings options for protecting your privacy.

Addresses for the respective providers and URL with their privacy policies:

Use of Google Maps

We use the functions of Google Maps, a service provided by Google, on our website. This allows us to display interactive maps directly on our website and enables you to conveniently use the map function.

Cookies are only set if you provide us your consent to do so. The legal basis for this is Art. 6(1)(a) GDPR ('consent'). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

When you visit our website, Google is notified that you have accessed the corresponding subpage of our website. In addition, data referred to in the section 'Collection of personal data when visiting our website' of this privacy notice will be transmitted. This is done regardless of whether you are logged into a Google account or not. If you are logged into a Google account, your information will be directly associated with your account. If you do not wish this information to be associated with your Google profile, you must log out of Google before clicking a button. Google stores your data as usage profiles and uses it for purposes of advertising, market research and/or tailoring its website to your needs. Such evaluation also takes place (even for users who are not logged in) for the purpose of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right.

For more information about the purpose and scope of data collection and its processing, please refer to the provider's privacy policy. You will find further information on your corresponding rights and options for protecting your privacy at: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Blog

We publish a variety of articles on topics related to our activities in our blog. You are not able to make public comments but may share our articles on social networks using a share function.

Job applications

If you apply for a job with us, we will process data you provide in order to determine whether we would like to establish and maintain an employment relationship with you.

If you apply online via our career portal, your data will be stored and processed on systems operated by our software partner, rexx Systems GmbH. The appropriate contract was concluded with this service provider in accordance with Art. 28 GDPR. Our software partner, rexx Systems GmbH, will process your data only in accordance with applicable legal requirements and only in accordance with instructions provided within the scope of performing a contract as a contract data processor. It has also taken the necessary security measures as well as technical and organisational measures.

During the application process, customary correspondence data such as postal address, email address and telephone numbers will be stored in addition to salutation, last name and first name. In addition, other application documents such as a cover letter, curriculum vitae, vocational, educational and other training qualifications as well as job references will also be stored.

As a rule, application data entered by you and sent to us will only be processed until a decision on hiring is made provided that you are not hired. Data will be deleted four months after sending the rejection or after returning the application documents to the applicant.

We will retain your data in an applicant pool only with your express consent. The maximum retention period is two years. This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

If we enter into an employment relationship with you, data you have provided us with will be processed to establish, maintain and, if necessary, terminate the employment relationship.

Data can be processed for statistical purposes (e.g. reporting). In such cases, it is not possible to identify specific persons.

The legal basis is section 26 of the Federal Data Protection Act ('BDSG') (Section 26 (8), second sentence BDSG).

Data recipients

We transmit your data to operational departments within DORNBACH to the extent necessary.

Your personal data may be transferred to the DORNBACH Group companies listed here if this is necessary for handling the client relationship. The legal basis is Art. 6(1)(b) GDPR ('necessary for the performance of a contract').

Authorisation for any further data transfer within the DORNBACH Group is provided by Art. 6(1)(f) ('legitimate interest'). According to this provision, data processing is lawful if the processing is necessary to pursue our legitimate interests, unless the interests or fundamental rights of the data subject outweigh such processing. Recital 48 of the GDPR specifies the legitimate interest in transmission within a group of companies. According to this Recital, a transfer within a group of companies for internal administrative purposes with regard to the processing of customer/client data is deemed to qualify as a legitimate interest on our part within the meaning of Art. 6(1)(f) GDPR.

As a party subject to professional confidentiality obligations, we are obliged to maintain and implement professional confidentiality. Each transmission referred to above takes this obligation into account. Of course, no transfer will be made if professional confidentiality obligations would preclude the transfer concerned.

Additional recipients will only receive data you have provided us at your request, provided you have released us from our professional confidentiality obligations.

In some cases, we use external service providers to process your data. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. All requirements imposed by Art. 28 GDPR are observed.

Location of data processing activities

Your personal data is processed entirely within Germany or other member states of the European Union. We will not transfer your personal data to countries outside the member states of the European Union (so-called third countries) or to other international organisations unless otherwise stated in this document.

Security / technical and organisational measures

Taking into account the provisions of Articles 24, 25 and 32 GDPR, we undertake all necessary technical and organisational measures to protect your personal data against loss, destruction, access, modification, dissemination by unauthorised persons and misuse.

For example, we comply with legal requirements regarding the pseudonymisation and encryption of personal data, confidentiality, integrity, availability and resilience of systems and services related to data processing, the availability of personal data and the ability to quickly restore such data in the event of a physical or technical incident, and the establishment of procedures for the regular testing, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of the processing.

Furthermore, we also observe the requirements of Art. 25 GDPR with regard to the principles of 'privacy by design' and 'privacy by default'.

Your rights

You have the right to receive information about your personal data at no charge and, if the legal requirements are met, the rights to rectification, blocking and erasure of your data, to restriction of processing, to data portability, and the right to object.

You may object to processing in cases where we are processing your personal data on the basis of a weighing of interests. Without limitation, this is the case if the processing concerned is not necessary for the performance of a contract with you. When asserting such an objection, we ask that you please explain the reasons why we should not process your personal data as we have previously. Should you have a legitimate objection, we will review the facts and either discontinue or modify our data processing or provide you with compelling legitimate grounds on the basis of which we intend to continue processing.

You also have the opportunity to lodge a complaint with the competent supervisory authority (e.g. State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz, Germany).

If you have any questions regarding the processing of your personal data, questions relating to the above-mentioned rights and their exercise, or suggestions, please contact us or our external data protection officer:

Ms Susanne Kamm
Dr. Dornbach Consulting GmbH
Anton-Jordan-Straße 1
56070 Koblenz, Germany
Mail: datenschutz@dornbach.de
Phone: +49 (0) 261 9431 - 434