Data Protection Declaration

Data protection declaration and information on the processing of personal data as defined in Articles 13 ff. of the EU GDPR

1. Name and contact details of the controlling entity responsible for the data processing and of the company Data Protection Officer

This data protection statement applies to data processing carried out by the following companies:

Roser Rechtsanwaltsgesellschaft mbH
Managing Directors: lawyer/tax consultant Max Christian Lurati (graduate economist), auditor/lawyer/tax consultant Dr. Frank Roser (graduate in business administration), lawyer Frederik Seifert, lawyer Stefan Thoß
Drehbahn 7
DE-20354 Hamburg
Tel.: +49 40 4223 6660-0
Fax: +49 40 4223 6660-12
E-mail: info@roser-hamburg.de

Roser GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft
Managing Directors: auditor/tax consultant Martina Bischoff (graduate in business administration), tax consultant Dr. Heiko Haupt (graduate in business administration), auditor/lawyer/tax consultant Dr. Frank Roser (graduate in business administration), auditor/tax consultant Patrick Scheinpflug (graduate in business administration), tax consultant Stephanie von Trotha (graduate in business administration)
Drehbahn 7
DE-20354 Hamburg
Tel.: +49 40 4223 6660-0
Fax: +49 40 4223 6660-12
E-mail: info@roser-hamburg.de

Roser Financial Advisory GmbH Wirtschaftsprüfungsgesellschaft
Managing Directors: tax consultant Dr. Heiko Haupt (graduate in business administration), auditor/lawyer/tax consultant Dr. Frank Roser (graduate in business administration), auditor/tax consultant Patrick Scheinpflug
Drehbahn 7
DE-20354 Hamburg
Tel.: +49 40 4223 6660-0
Fax: +49 40 4223 6660-12
E-mail: info@roser-hamburg.de

The Data Protection Officer of the responsible companies can be reached as follows:

Roser Rechtsanwaltsgesellschaft mbH
Datenschutzbeauftragter
Drehbahn 7
DE-20354 Hamburg
Tel.: +49 40 4223 6660-0
Fax: +49 40 4223 6660-12
E-mail: datenschutz@roser-hamburg.de


2. Collection and storage of personal data and the nature and purpose of their us

a) When visiting our website
When viewing our website www.roser-group.de, the browser used on your terminal or device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the requested file,
  • Website from which you accessed our website (referrer URL),
  • The browser used and, if applicable, the operating system of your computer and the name of your access provider.

The above data are processed for the following purposes:

  • To ensure that the connection to our website functions smoothly,
  • To ensure that our website is easy to use,
  • To analyse system security and stability,
  • For other administrative purposes.

The legal basis for the processing of data is Article 6, Paragraph 1, Point f) of the GDPR (General Data Protection Regulation). Our legitimate interest follows from the purposes listed above for the collection of data. In no circumstance do we use any data collected to determine your identity.

b) In the course of inquiries/utilisation of our services
In the context of providing services for you/our clients and the performance of necessary checks in connection with our services (e.g. legally required conflict of interest checks, prevention of money laundering) or as part of discussing the possible services we could be providing, we process personal data about you insofar as this is necessary (e.g. contact data such as name, address, telephone number and e-mail address). The nature and scope of the data processed varies according to the service requested or offered. Please also note that you will usually have an obligation to cooperate in the execution of the service that has been commissioned, with the result that an effective performance of the service without the provision of necessary information such as personal data will not be possible or will only be possible to a limited extent.

We may collect or receive personal information about you because you provide it to us, because we have received it from other people (from your employer or consultant, for example, or from third parties we have engaged to assist us in the conduct of our business to the extent permissible by law), or because it is publicly available, whereby no automated decision-making or profiling is conducted.
The legal basis for the data processing is in particular Article 6, Paragraph 1, Points b) and f) of the GDPR. The processing is necessary for the fulfilment of the contract concluded with you or for the implementation of pre-contractual measures and is for the purpose of our legitimate interest, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail, in particular if the data subject is a child. Processing of your personal data is also justified in accordance with Article 6, Paragraph 1, Point c) of the GDPR if and to the extent that we are subject to a legal or supervisory obligation to process data (e.g. recording for tax purposes). If you provide us with information about your personal data, you also consent in accordance with Article 6, Paragraph 1, Point a) of the GDPR that we may process your personal data within the framework of the principles specified here

c) Cultivating our business contacts, newsletters
We also process your personal data to maintain our business contacts if we have received these data in connection with a business event, in the context of a business meeting or within the scope of an assignment. We have a legitimate interest pursuant to Article 6, Paragraph 1, Point f) of the GDPR to use your personal data for maintaining contacts, over and beyond the initial contact as well.

To the extent permitted by law and the supervisory regulations, we process your contact data for marketing and advertising purposes in order to provide you with information about our further offers and events. This is conducted on the basis of our legitimate interest pursuant to Article 6, Paragraph 1, Point f) of the GDPR to inform our clients beyond the specific individual assignment that has been commissioned and thus build up and maintain a long-term client relationship.

If we contact you by e-mail in order to send you a legally specific newsletter, this is conducted on the basis of our legitimate interests pursuant to Article 6, Paragraph 1, Point f) of the GDPR or the express consent you have previously given in accordance with Article 6, Paragraph 1, Point a) of the GDPR. You can unsubscribe from the newsletter at any time, e.g. with an e-mail to datenschutz@roser-hamburg.de or in writing to the address above.

d) Job application procedures
We process the personal data you have given and passed on to us as part of your application for employment. Such data generally includes:

  • First name, surname, form of address or title,
  • Your contact details: information such as your address, telephone number, fax number, e-mail address and, if applicable, professional position,
  • Your application data, comprising your cover letter, curriculum vitae and the usual certificates and testimonials.

During the course of the application process, further personal data may be collected for information purposes from you personally, from publicly accessible sources or from former employers and instructors. As a matter of principle, your data are only accessible to persons who need such access in order to properly carry out our recruitment procedure.

We only use your application documents to decide on the occupation of the position for which you have explicitly applied.

The legal basis for the data processing is Article 6, Paragraph 1, Sentence 2, Point b in conjunction with Article 88 of the GDPR (General Data Protection Regulation) and Section 26, Paragraph 1 of the BDSG (German Federal Data Protection Act). Accordingly, personal data may be processed for employment-related purposes where necessary for hiring decisions. If the application procedure does not lead to your recruitment, we will duly delete and destroy your application data as soon as a period of six months has elapsed after the application procedure for the position in question has been completed.

If you have agreed to the further storage of your personal data, we will transfer your data to our applicant pool. The data in this pool of job candidates will be deleted after two years.

If the application procedure leads to the establishment of an employment relationship, your data will be transferred from the applicant data system to our personnel records.

We delete the data accrued in connection with the aforementioned activities after their storage is no longer necessary, or we restrict their processing if statutory retention periods still apply. A requirement for storage always exists as long as the purpose of the storage still applies, in particular if the data are still needed to fulfil contractual services or to be able to examine, concede or ward off claims. The obligation to retain data can result, for example, from laws (Commercial Code (HGB), Fiscal Code (AO), Money Laundering Act (GwG)) or from professional regulations (e.g. German Auditors' Ordinance (WPO), German Federal Lawyers' Ordinance (BRAO)). Statutory retention periods vary in length and must be determined in each specific case.


3. Sharing of information


Your personal information will not be shared with third parties for any purpose other than those specified below.

We only share your personal information with third parties if:

  • you have given your express consent for us to do so in accordance with Article 6, Paragraph 1, Point a) of the GDPR,
  • the disclosure is required in accordance with Article 6, Paragraph 1, Point f) of the GDPR to assert, exercise or protect legal rights and there is no reason to assume that you have an overriding interest worthy of protection not to share your information,
  • there is a legal obligation to do so in accordance with Article 6, Paragraph 1, Point c) of the GDPR, and/or
  • it is legally permissible and is required in accordance with Article 6, Paragraph 1, Point b) of the GDPR to fulfil contractual relationships with you.

Recipients (categories of recipients) of your personal data can typically be:

  • Public authorities that receive data in line with statutory regulations (e.g. social insurance agencies, tax authorities).
  • Internal departments that are involved in carrying out the respective business processes (personnel management, bookkeeping, accounting).
  • External contractual partners, insofar as such parties are necessary for contract performance (e.g. processors as defined in Article 28 of the GDPR, credit institutions).

If, in individual cases, a recipient of your personal data is resident in any country outside the European Union, we will ensure that appropriate security measures have been taken to protect your personal data and to comply with our statutory obligations. An appropriate security measure may be a data transfer agreement with the recipient based on standard contractual clauses recognised by the European Commission for the transfer of personal data to third countries.


4. Cookies, analysis or tracking tools


We do not use cookies, analysis tools or tracking tools on our website.


5. Rights of data subjects


If your personal data are processed by us, you as the "data subject" within the meaning of the GDPR have the following rights:

  • in accordance with Article 15 of the DSGVO to request information about your personal information processed by us. In particular, you can request information about the purpose of any data processing, the category of the personal information, the categories of recipients to whom your information was or will be disclosed, the intended duration of storage, the existence of any right to correction, deletion, restricted processing or objection, the existence of a right of appeal, the origin of your data if this data was not collected by us, as well as the existence of any automated decision-making process, including profiling and, if applicable, significant information about the details such processes;
  • in accordance with Article 16 of the GDPR, to request the immediate correction or completion of your personal information stored by us;
  • in accordance with Article 17 of the GDPR, to request the deletion of your personal information stored by us provided this processing of the information is not required to exercise the right to free speech and information, to fulfil a legal obligation, for reasons that are in the public interest, or to assert, exercise or protect legal rights;
  • in accordance with Article 18 of the GDPR, to request the restricted processing of your personal information if the correctness of the data is disputed by you, the processing is unlawful, you do not agree to the deletion of the data although we no longer need it but you need the information to assert, exercise or protect legal rights or you have filed an objection to the processing of the data in accordance with Article 21 of the GDPR;
  • in accordance with Article 20 of the GDPR, to request to receive your personal information which you submitted to us in a structured, practicable and machine-readable format or to transfer this information to another data controller;
  • to complain to a supervisory authority pursuant to Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our office;
  • in accordance with Article 7, Paragraph 3 of the GDPR, to revoke any consent you may have given to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future. If you wish to exercise your right of objection, please contact us or the data protection officer at the above address or simply by e-mail to datenschutz@roser-hamburg.de.


6. Right of objection


If your personal data is processed on the basis of legitimate interests in accordance with Article 6, Paragraph 1, Point f) of the GDPR, you have the right, pursuant to Article 21 of the GDPR, to file an objection against the processing of your personal data if there are reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case you have a general right to object, which we will comply with without your having to specify any special situation.

If you would like to exercise your right of objection, contact us or our Data Protection Officer or simply send an e-mail to datenschutz@roser-hamburg.de


7. Data security


We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. We constantly improve our security measures to keep up with the latest developments in technology.


8. Current status and changes to this data protection statement


This data protection statement is currently valid and is current as at October 10, 2018.

Due to the further development of our website and offerings or due to changes in the law or administrative regulations, it may be necessary to change this Data Protection Statement. You can view and print out the latest version of the Data Protection Statement at any time on our website at https://www.roser-group.de/en/privacy.