Data Protection Notice
Data protection notice and information on the processing of personal data as defined in Articles 13 ff. of the EU GDPR
1. Name and contact details of the controlling entity responsible for the data processing and of the company Data Protection Officer
This data protection statement applies to data processing carried out by the following companies:
Roser GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft
Managing Directors: Martina Bischoff (auditor/tax consultant), Dr. Heiko Haupt (tax consultant), Dr. Frank Roser (auditor/lawyer/tax consultant), Patrick Scheinpflug (auditor/tax consultant), Stephanie von Trotha (tax consultant)
Tel.: +49 40 4223 6660-0
Fax: +49 40 4223 6660-12
Roser Rechtsanwaltsgesellschaft mbH
Managing Directors: Dr. Frank Roser (auditor/lawyer/tax consultant), Frederik Seifert (lawyer), Stefan Thoss (lawyer)
Tel.: +49 40 4223 6660-0
Fax: +49 40 4223 6660-12
Roser Financial Advisory GmbH Wirtschaftsprüfungsgesellschaft
Managing Directors: Dr. Heiko Haupt (tax consultant), Dr. Frank Roser (auditor/lawyer/tax consultant), Patrick Scheinpflug (auditor/tax consultant)
Tel.: +49 40 4223 6660-0
Fax: +49 40 4223 6660-12
The Data Protection Officer of the responsible companies can be reached as follows:
Roser Rechtsanwaltsgesellschaft mbH
Tel.: +49 40 4223 6660-0
Fax: +49 40 4223 6660-12
2. Collection and storage of personal data and the nature and purpose of their us
a) When visiting our website
When viewing our website www.roser-group.de, the browser used on your terminal or device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer in an anonymised form
- Date and time of access
- Name and URL of the requested website or file
- Website from which you accessed our website (referrer URL)
- Browser used (type and version)
- Operating system of your computer
- Type of device used
The above data are processed for the following purposes:
- To ensure that the connection to our website functions smoothly,
- To ensure that our website is easy to use,
- To analyse system security and stability,
- For other administrative purposes.
The legal basis for the processing of data is Article 6, Paragraph 1, Clause f) of the GDPR (General Data Protection Regulation). Our legitimate interest follows from the purposes listed above for the collection of data. In no circumstance do we use any data collected to determine your identity or draw conclusions about your person. We reserve the right to make such use of the data only in exceptional cases, for instance in the event of unauthorised interference in our system. All data that are collected will be deleted after eight weeks.
b) In the course of inquiries/utilisation of our services
In the context of providing services for you/our clients and the performance of necessary checks in connection with our services (e.g. legally required conflict of interest checks, prevention of money laundering) or as part of discussing the possible services we could be providing, we process personal data about you insofar as this is necessary (e.g. contact data such as name, address, telephone number and e-mail address). The nature and scope of the data processed varies according to the service requested or offered. Please also note that you will usually have an obligation to cooperate in the execution of the service that has been commissioned, with the result that an effective performance of the service without the provision of necessary information such as personal data will not be possible or will only be possible to a limited extent.
We may collect or receive personal information about you because you provide it to us, because we have received it from other people (from your employer or consultant, for example, or from third parties we have engaged to assist us in the conduct of our business to the extent permissible by law), or because it is publicly available, whereby no automated decision-making or profiling is conducted.
The legal basis for the data processing is in particular Article 6, Paragraph 1, Clauses b) and f) of the GDPR. The processing is necessary for the fulfilment of the contract concluded with you or for the implementation of pre-contractual measures and is for the purpose of our legitimate interest, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail, in particular if the data subject is a child. Processing of your personal data is also justified in accordance with Article 6, Paragraph 1, Clause c) of the GDPR if and to the extent that we are subject to a legal or supervisory obligation to process data (e.g. recording for tax purposes). If you provide us with information about your personal data, you also consent in accordance with Article 6, Paragraph 1, Clause a) of the GDPR that we may process your personal data within the framework of the principles specified here.
c) Use of our contact form
We provide a contact form on our website which you can use to request information about our services or to contact us in general. In order to respond to your enquiry, we also need your e-mail address and name in addition to the information in your enquiry.
We need these details to process your enquiry, to address you correctly and to provide you with an answer. Data processing always takes place in the case of specific requests relating to the fulfilment of a contract and/or the contract negotiations in accordance with Article 6, Paragraph 1, Clause b) of the GDPR. For general enquiries, processing is based on a balance of interests in accordance with Article 6, Paragraph 1, Clause f) of the GDPR, because it is in our interest to respond to your contact.
Enquiries received via the contact form on our website are processed electronically by us so as to answer your enquiry. In this context, knowledge of the content of the forms you have sent us will also be gained by Roser Rechtsanwaltsgesellschaft mbH, Roser GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft and Roser Financial Advisory GmbH Wirtschaftsprüfungsgesellschaft, as well as any third parties commissioned by us.
The transmission of the form data across the Internet is carried out through encrypted links.
We will delete any data that arise in connection with your enquiry, request or contact as soon as they are no longer required for the processing your enquiry. Insofar as statutory storage obligations exist, the data will be stored for the duration of the period stipulated by such statutory storage obligations.
d) Cultivating our business contacts, newsletters
We also process your personal data to maintain our business contacts if we have received these data in connection with a business event, in the context of a business meeting or within the scope of an assignment. We have a legitimate interest pursuant to Article 6, Paragraph 1, Clause f) of the GDPR to use your personal data for maintaining contacts, over and beyond the initial contact as well.
To the extent permitted by law and the supervisory regulations, we process your contact data for marketing and advertising purposes in order to provide you with information about our further offers and events. This is conducted on the basis of our legitimate interest pursuant to Article 6, Paragraph 1, Clause f) of the GDPR to inform our clients beyond the specific individual assignment that has been commissioned and thus build up and maintain a long-term client relationship.
If we contact you by e-mail in order to send you a legally specific newsletter, this is conducted on the basis of our legitimate interests pursuant to Article 6, Paragraph 1, Clause f) of the GDPR or the express consent you have previously given in accordance with Article 6, Paragraph 1, Clause a) of the GDPR. You can unsubscribe from the newsletter at any time, e.g. with an e-mail to email@example.com or in writing to the addresses specified above.
You can also subscribe to legally focused e-mail newsletters directly via our homepage. In addition to the information you provide voluntarily on the respective form, it is only your e-mail address that is further processed by us. This is, of course, absolutely necessary in order to mail you the newsletter.
We use the so-called double opt-in procedure to ensure that the newsletter is sent out in an agreed manner. With this option, you are included in an e-mail distribution list as a potential recipient and then receive a confirmation e-mail to verify your registration in a legally secure manner. It is only if your confirmation is explicitly given that the e-mail address revealed to us is deliberately included in the distribution list for the newsletter.
Newsletter2Go is used as the newsletter software. As a result, your data will be transmitted to the company Newsletter2Go GmbH. We have concluded an order processing contract with Newsletter2Go GmbH. This prohibits the provider from selling your data and using such information for any purposes other than sending out our newsletter. Newsletter2Go is a certified German provider that has been selected according to the requirements of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
Further information can be found here (in German): https://www.newsletter2go.de/i... can revoke your consent to the storage of your data, e-mail address and their use to send the newsletter at any time, for example via the "Unsubscribe" link in the newsletter.
e) Job application procedures
We process the personal data you have given and passed on to us as part of your application for employment. Such data generally includes:
- First name, surname, form of address or title,
- Your contact details: information such as your address, telephone number, fax number, e-mail address and, if applicable, professional position,
- Your application data, comprising your cover letter, curriculum vitae and the usual certificates and testimonials.
During the course of the application process, further personal data may be collected for information purposes from you personally, from publicly accessible sources or from former employers and instructors. As a matter of principle, your data are only accessible to persons who need such access in order to properly carry out our recruitment procedure.
We only use your application documents to decide on the occupation of the position for which you have explicitly applied.
The legal basis for the data processing is Article 6, Paragraph 1, Clause 2 b) in conjunction with Article 88 of the GDPR (General Data Protection Regulation) and Section 26, Paragraph 1 of the BDSG (German Federal Data Protection Act). Accordingly, personal data may be processed for employment-related purposes where necessary for hiring decisions. If the application procedure does not lead to your recruitment, we will duly delete and destroy your application data as soon as a period of six months has elapsed after the application procedure for the position in question has been completed.
If you have agreed to the further storage of your personal data, we will transfer your data to our applicant pool. The data in this pool of job candidates will be deleted after two years.
If the application procedure leads to the establishment of an employment relationship, your data will be transferred from the applicant data system to our personnel records.
We delete the data accrued in connection with the aforementioned activities after their storage is no longer necessary, or we restrict their processing if statutory retention periods still apply. A requirement for storage always exists as long as the purpose of the storage still applies, in particular if the data are still needed to fulfil contractual services or to be able to examine, concede or ward off claims. The obligation to retain data can result, for example, from laws (Commercial Code (HGB), Fiscal Code (AO), Money Laundering Act (GwG)) or from professional regulations (e.g. German Auditors' Ordinance (WPO), German Federal Lawyers' Ordinance (BRAO)). Statutory retention periods vary in length and must be determined in each specific case.
3. Sharing of information
Your personal information will not be shared with third parties for any purpose other than those specified below.
We only share your personal information with third parties if:
- you have given your express consent for us to do so in accordance with Article 6, Paragraph 1, Clause a) of the GDPR,
- the disclosure is required in accordance with Article 6, Paragraph 1, Clause f) of the GDPR to assert, exercise or protect legal rights and there is no reason to assume that you have an overriding interest worthy of protection not to share your information,
- there is a legal obligation to do so in accordance with Article 6, Paragraph 1, Clause c) of the GDPR, and/or
- it is legally permissible and is required in accordance with Article 6, Paragraph 1, Clause b) of the GDPR to fulfil contractual relationships with you.
Recipients (categories of recipients) of your personal data can typically be:
- Public authorities that receive data in line with statutory regulations (e.g. social insurance agencies, tax authorities).
- Internal departments that are involved in carrying out the respective business processes (personnel management, bookkeeping, accounting).
- External contractual partners, insofar as such parties are necessary for contract performance (e.g. processors as defined in Article 28 of the GDPR, credit institutions).
If, in individual cases, a recipient of your personal data is resident in any country outside the European Union, we will ensure that appropriate security measures have been taken to protect your personal data and to comply with our statutory obligations. An appropriate security measure may be a data transfer agreement with the recipient based on standard contractual clauses recognised by the European Commission for the transfer of personal data to third countries.
4. Cookies, analysis or tracking tools
a) Web analysis
On our website we use the web analysis tool "Google Analytics", a service offered by Google Ireland Limited. The purpose of this use is the "needs-based design" of this website, which we carry out on the basis of your consent in accordance with Article 6, Paragraph 1, Clause a); Article 7 of the GDPR. The web analysis also enables us to identify and rectify errors on the website, for example those caused by incorrect links.
Google Analytics uses so-called cookies. These are text files that are placed on your computer to allow an analysis of your use of a website. No client IDs or user IDs are deployed, with the result that no pseudonymised user profiles are created about you on the basis of the devices you use.
The information generated by the cookie about your use of this website will usually be transmitted to and stored on servers belonging to Google in the United States. Since we have activated the so-called IP anonymisation on this website and have agreed a corresponding order processing contract with Google, your IP address will undergo a prior truncation by Google within the Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. It is only in exceptional cases that the full IP address is transmitted to a Google server in the USA and then shortened at that location.
Google in the USA is certified according to the so-called Privacy Shield framework. Google guarantees an adequate level of data privacy.
You can prevent Google from collecting the data generated by the cookie in relation to your use of the website (including the revelation of your IP address) and from processing this data by downloading and installing the browser plug-in made available at the following link (https://tools.google.com/dlpage/gaoptout?hl=en).
Particularly in the case of mobile devices, you can also prevent Google Analytics from recording data by clicking on the following link. If you do so, an opt-out cookie is installed that prevents any future collection of your data when you visit this website: Disable Google Analytics
Part of our website hosting contract involves the tracking and analysis capabilities of 1&1 IONOS SE (IONOS), Eigendorfer Strasse 57, 56410 Montabaur in Germany. We have concluded a commissioned data processing agreement with IONOS for this specific purpose.
The purpose of the use is to design this website in line with requirements and we carry this out on the basis of a weighing up of interests as laid down in Article 6, Paragraph 1, Clause f) of the GDPR. It is our legitimate interest to perform a statistical analysis of user behaviour in order to optimise our website. The web analysis also enables us to identify and rectify errors on the website, e.g. due to incorrect links. The analyses with IONOS can be used to analyse visitor numbers and behaviour (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. from which page the visitor comes), visitor locations, and other technical data (browser and operating system versions). To this end, IONOS stores the following particular data:
- Referrer (the previously visited website)
- Requested website or file
- Browser type and browser version
- Operating system used
- Type of device used
- Time of access
- IP address in anonymized form (used only to determine the location from which the access comes)
According to IONOS, the data collection is completely anonymous so that it cannot be traced back to individual persons. Cookies are not stored by IONOS Web Analytics.
Further information on data collection procedures and processing by IONOS can be found in the following links:
b) Google Maps
On our website we make use of the services provided by Google Maps, Google LLC. This allows us to show you interactive maps directly in the website and enables you to use convenient map features. The legal basis governing this data processing is laid down in Article 6, Paragraph 1, Clause b) of the GDPR, since your IP address is required to provide you with the content.
Our cooperation with Google LLC in terms of statutory data protection requirements is based on a contract that has been concluded concerning joint responsibility in accordance with Article 26 of the GDPR. This contract can be accessed at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.
As a visitor to our site, you automatically enter into a user relationship with Google through the use of Google Maps.
When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data stored automatically when you visit our website will be transmitted to Google (see Section 2.a above). This transfer of data occurs irrespective of whether Google provides a user account that you are logged into or if you do not have a user account. When you are logged into Google, your data will be directly allocated to your account. If you do not want allocation at Google through your profile, you must log out before activating the button. Google stores your data in the form of user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of such user profiles, but you must contact Google directly to exercise this right.
Further information on the purpose and scope of data collection and their processing by the plug-in provider can be found in the provider's own data privacy statements. You can also find further information there about your rights in this regard and about possible configuration options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
5. Rights of data subjects
If your personal data are processed by us, you as the "data subject" within the meaning of the GDPR have the following rights:
- in accordance with Article 15 of the DSGVO to request information about your personal information processed by us. In particular, you can request information about the purpose of any data processing, the category of the personal information, the categories of recipients to whom your information was or will be disclosed, the intended duration of storage, the existence of any right to correction, deletion, restricted processing or objection, the existence of a right of appeal, the origin of your data if this data was not collected by us, as well as the existence of any automated decision-making process, including profiling and, if applicable, significant information about the details such processes;
- in accordance with Article 16 of the GDPR, to request the immediate correction or completion of your personal information stored by us;
- in accordance with Article 17 of the GDPR, to request the deletion of your personal information stored by us provided this processing of the information is not required to exercise the right to free speech and information, to fulfil a legal obligation, for reasons that are in the public interest, or to assert, exercise or protect legal rights;
- in accordance with Article 18 of the GDPR, to request the restricted processing of your personal information if the correctness of the data is disputed by you, the processing is unlawful, you do not agree to the deletion of the data although we no longer need it but you need the information to assert, exercise or protect legal rights or you have filed an objection to the processing of the data in accordance with Article 21 of the GDPR;
- in accordance with Article 20 of the GDPR, to request to receive your personal information which you submitted to us in a structured, practicable and machine-readable format or to transfer this information to another data controller;
- to complain to a supervisory authority pursuant to Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our office;
- in accordance with Article 7, Paragraph 3 of the GDPR, to revoke any consent you may have given to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future. If you wish to exercise your right of objection, please contact us or the data protection officer at the above address or simply by e-mail to firstname.lastname@example.org.
6. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Article 6, Paragraph 1, Clause f) of the GDPR, you have the right, pursuant to Article 21 of the GDPR, to file an objection against the processing of your personal data if there are reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case you have a general right to object, which we will comply with without your having to specify any special situation.
If you would like to exercise your right of objection, contact us or our Data Protection Officer or simply send an e-mail to email@example.com
7. Data security
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. We constantly improve our security measures to keep up with the latest developments in technology.
8. Current status and changes to this data protection statement
This data protection statement is currently valid and is current as at November 18, 2019.
Due to the further development of our website and offerings or due to changes in the law or administrative regulations, it may be necessary to change this Data Protection Statement. You can view and print out the latest version of the Data Protection Statement at any time on our website at https://www.roser-group.de/en/privacy.