Skip to content

You are here:

Revoke cookie settings

Data Privacy Statement

I. Name and address of the Data Controller

The Data Controller, as defined in the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions, is:

1. Company and address of the responsible body:
PKF Fasselt Partnerschaft mbB Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft Rechtsanwälte (“PKF Fasselt“)

EUREF-Campus 10/11
10829 Berlin
Telephone:  +49 30 306907 - 0
Telefax +49 30 306907 – 99
E-Mail: info@remove-this.pkf-fasselt.de

Commercial Register: Local Court (Amtsgericht) of Berlin (Charlottenburg) PR 645

2. Management:
Managing Director responsible for operations:  WP StB [German public auditor and tax consultant] Frank Villwock

II. Name and address of the Data Protection Officer

The Data Protection Officer of the Data Controller

RA/StB [German lawyer/tax consultant] Alexander Hamminger
Pestalozzistrasse 78
25421 Pinneberg
0163 6912864
datenschutz@remove-this.hamminger.de

III. General Information on Data Processing

1. Scope of the processing of personal data

We generally process the personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The processing of the personal data of our users is routinely carried out only after users have given consent. This particularly applies for the use of socalled tracking technology (see item V. - declaration of consent re. tracking cookies). An exception applies in those cases where obtaining prior consent is not possible for practical reasons and where the processing of the data is permitted by law.

2. Legal basis for processing personal data

Article 6(1) a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data, insofar as we obtain the consent of the data subject for processing operations involving personal data.
Article 6(1) b) GDPR serves as the legal basis when we process personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Article 6(1) c) GDPR serves as the legal basis insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject.
Article 6(1) d) GDPR serves as the legal basis in the event that the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person.
Article 6(1) f) GDPR serves as the legal basis for the processing if it is necessary for the purposes of safeguarding the legitimate interests of our company or a third party and where the first-mentioned interests are not overridden by the interests, fundamental rights and freedoms of the data subject.

3. Data erasure and retention period

The personal data of the data subject get erased or blocked as soon as the purpose for retaining the data ceases to apply.  Furthermore, data may be retained if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the Data Controller is subject. The data will also be blocked or erased if a retention period prescribed by the aforementioned standards expires, unless there is a need for further retention of the data for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every time you call up our website our system automatically records data and information from the computer system of the calling computer. This data collection happens even in case tracking cookies are declined, which is shown automatically after the appearance of the consent banner when you call up our page.

In the course of this, the following data are collected:
(1)    Information about the browser type and version used
(2)    The user's operating system
(3)    The user's IP address
(4)    Date and time of access
(5)    Websites from which the user's system reaches our website
(6)    Websites called up by the user's system via our website

2. Legal basis for processing data

Article 6(1) f) GDPR is the legal basis for the temporary storage of data and log files.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose the user's IP address has to remain stored for the duration of the session. 

The data is stored in log files in order to ensure the functionality of the website. Furthermore, we use the data to optimise the website and to ensure the security of our information technology systems. The data are not analysed for marketing purposes in this context. 

Our legitimate interest in data processing pursuant to Article 6(1) f) GDPR also lies in these purposes.

4. Retention period

The data get erased as soon as they are no longer necessary for the achievement of the purpose of their collection. If the data were collected for the provision of the website this is the case once the respective session has ended.  

If the data are stored in log files this is the case at the latest after 30 days. It is possible for data to be stored for periods that exceed the above limits. In such a case, the IP addresses of the users are erased or disassociated so that the calling client can no longer be assigned.

With regard to the use of Google Analytics, we have set the retention period to the minimum prescribed by Google.

5. Possibilities for objecting and removing

The collection of data for the provision of the website and storing data in log files is vital for the operation of the website. Consequently, there is no possibility for users to opt out of this.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the web browser or by the web browser on the user’s computer system. When a user accesses a website a cookie can thus be stored on the user's operating system. This cookie contains a distinctive character string which allows for unique identification of the browser when the website is accessed again. 

We use a session cookie at any time that prevents forms from being able to be filled automatically. When you access our site, a consent window/banner appears automatically, with which you were asked for consent to the storage of a tracking cookie. If you have given such consent, this cookie has been set for statistical purposes and to improve our offer. Further information on the use of the specific tracking technology can be found in point 11 of this declaration.

In this case, an ID is stored in the cookie and this is deleted again when you leave the website. The tracking cookie is not deleted after you leave the homepage and stores the time you spend on our website. You must delete this cookie yourself if you wish to do so. Your Internet browser will provide you with such a manual deletion of the tracking cookie under the privacy settings or you revoke the cookie settings for this homepage via the hyperlink "Revoke cookie setting" at the beginning of this privacy policy.

b) Legal basis for processing data

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO and, if applicable, based on your consent in the consent window/banner

c) Purpose of data processing

The purpose of using cookies is to prevent website tampering and to simplify the use of the website for users.
User data collected by cookies, which are required for technical reasons, are not used to create user profiles.

VI. Newsletter

1. Description and scope of data processing

Our newsletter is sent out to users who register on our website.

On the website we provide the option to subscribe to free-of-charge newsletters that are prepared and sent out by the company's individual offices. In the course of registering for the newsletter, the data from the input mask are stored in a special tool and subsequently forwarded to the respective office. It is there that these data are added to one or more of the selected mailing lists. The recipients' data is managed either with dedicated software or the software solution DATEV Eigenorganisation Comfort.

The following data are collected within the scope of a newsletter registration:

E-mail address
Last name
First name
Company
Position

The only mandatory field is the one for the e-mail address.

Furthermore, the following data are collected during registration:
(1)    IP address of the calling computer
(2)    Date and time of registration
In the course of the registration process your consent to the processing of the data is obtained and reference is made to this Data Privacy Statement.

In the context of data processing for the dispatch of newsletters data will not be forwarded to third parties. The data are used solely for the purpose of dispatching newsletters.

2. Legal basis for processing data

Legal basis for the processing of data for the contact form is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

3. Purpose of data processing

Users' e-mail addresses are collected for the purpose of sending out newsletters.

In the course of the registration process, we collect other personal data in order to prevent the misuse of our services or the e-mail addresses used.

4. Retention period

The data get erased as soon as they are no longer necessary for the achievement of the purpose of their collection. A user's e-mail address will accordingly be retained for as long as his/her newsletter subscription remains active.

5. Possibilities for objecting and removing

The users concerned can cancel their newsletter subscriptions at any time. The appropriate link for this purpose can be found in each newsletter.

Through this you can likewise withdraw your consent for the retention of the personal data collected during the registration process.

VII. Contact form and e-mail contact

1. Description and scope of data processing

On our website there is a contact form that can be used to contact us electronically. If a user chooses this option then the data entered into the input mask is transmitted to us and stored. These data are:

Last name
First name
Company
E-mail

When you send a message the following data will also be stored:

(1)    User’s IP address
(2)    Date and time of dispatch

In the course of the dispatching process your consent to the processing of the data is obtained and reference is made to this Data Privacy Statement.

Alternatively, you can contact us using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail are stored.

In this context, data will not be passed on to third parties. The data are used solely for the purposes of processing the conversation.

2. Legal basis for processing data

Legal basis for the processing of data for the contact form is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

Article 6(1) f) GDPR is the legal basis for the processing of data transmitted in the course of sending an e-mail. Article 6(1) b) GDPR is the additional legal basis for the processing of data if the aim of the e-mail contact is to conclude a contract.

3. Purpose of data processing

Our sole purpose for processing the personal data from the input mask is to manage the establishment of the contact. In the case of a contact made by e-mail, the required legitimate interest in the processing of the data also lies therein.
The rest of the personal data processed during the dispatching process serves to prevent misuse of the contact form and to ensure the security of our information technology system.

4. Retention period

The data get erased as soon as they are no longer necessary for the achievement of the purpose of their collection. This is then the case for the data from the input mask in the contact form and the data transmitted via e-mail once the respective conversation with the user ends. The conversation will be deemed to have ended if, from the circumstances, it is possible to infer that the issue in question has been conclusively clarified.  

5. Possibilities for objecting and removing

Users have the option of withdrawing consent for the processing of personal data at any time. If users contact us via e-mail they are thus able to object to the retention of their personal data at any time. In such a case it is not possible to continue the conversation.

All the personal data that were saved in the course of establishing contact would be erased in this case.

VIII. Rights of the data subject

If your personal data are processed then you are deemed to be a data subject as defined in the GDPR and you are entitled to the following rights vis à vis the Data Controller:

1. Right to information

You can request confirmation from the Data Controller as to whether or not personal data that concern you are being processed by us.
If there is such processing then you may request the Data Controller to disclose the following information:
(1) the purposes of the processing for which the personal data are intended;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been disclosed or have yet to be disclosed;
(4) the planned period for which the personal data concerning you will be stored, or if it is not possible to provide specific criteria for this then the criteria used to determine the retention period;
(5) the existence of the right to rectification or erasure of personal data concerning you, the right to restrict the processing by the Data Controller or the right to object to this processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) all the available information about the origin of the data if the personal data have not been collected from the data subject;
(8) the existence of automated decision-making, including profiling pursuant to Article 22(1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether or not personal data concerning you will be transferred to a third country or an international organisation. In this connection, you may request information about the appropriate safeguards pursuant to Article 46 GDPR in conjunction with such transmissions.

2. Right to rectification

Insofar as the processed personal data concerning you are inaccurate or incomplete you have the right to have these rectified or completed by the Data Controller. The Data Controller has to carry out the rectification without undue delay.

3. Right to restriction of processing

You may request a restriction on the processing of the personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period that enables the Data Controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and, instead, you request the restriction of the use of the personal data;
(3) the Data Controller no longer needs the personal data for the purposes of the processing, however, you need them for the establishment, exercise or defence of legal claims, or
(4) if you have objected to processing pursuant to Article 21(1) GDPR and the verification as to whether or not the legitimate grounds of the Data Controller override your grounds is still pending.
If the processing of personal data concerning you has been restricted, these data may only be processed - with the exception of storage - with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained a restriction on processing based on the above-mentioned conditions then you will be informed by the Data Controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase data

You can request the Data Controller to erase the personal data concerning you without undue delay and the Data Controller is obliged to erase these data without undue delay if any of the following reasons apply:

(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based pursuant to Article 6(1) a) or Article 9(2) a) GDPR and where there is no other legal basis for the processing;
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
(4) the personal data concerning you have been unlawfully processed;
(5) the personal data concerning you have to be erased for compliance with a legal obligation under EU law or the laws of Member States to which the Data Controller is subject;
(6) the personal data concerning you have been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.

b) Information to third parties

Where the Data Controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase them, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the data controllers processing the personal data that you have requested erasure by them of any links to, or copy or replication of, these personal data.

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under EU law or the laws of the Member States to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2) h) and i) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in clause a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to be informed

If you have asserted your right to rectification or erasure of data or restriction of processing vis à vis the Data Controller then the latter is obliged to communicate the rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You are entitled vis à vis the Data Controller to the right to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another data controller without hindrance from the Data Controller to which the personal data have been provided, insofar as:
(1) the processing is based on consent pursuant to Article 6(1) a) GDPR or Article 9(2) a) GDPR or on a contract pursuant to Article 6(1) b) GDPR and
(2) the processing is carried out with the help of an automated procedure.
In exercising this right you also have the right to have the personal data concerning you transmitted directly from one data controller to another data controller insofar as this is technically feasible. The rights and freedoms of other people may not be adversely affected because of this.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on Article 6(1) e) or f) GDPR; this also applies to profiling based on these provisions.
The Data Controller shall no longer process the personal data concerning you unless the Data Controller is able to demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or if the processing is intended for the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for direct marketing purposes then you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is connected with such direct marketing.
If you object to processing for direct marketing purposes then the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services and notwithstanding Directive 2002/58/EC, you may exercise your right to object with the help of an automated procedure where technical specifications are used.

8. Right to withdraw data privacy statement of consent

This applies in particular to the storage of a tracking cookie, which can be immediately revoked electronically at the beginning of this statement via the hyperlink "Revoke cookie settings". A revocation can also be sent to us by letter, via e-mail or fax. In this case, however, a short processing time is to be accepted by you for the implementation of your revocation.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This will not apply if the decision:  
(1) is necessary for the conclusion or performance of a contract between you and the Data Controller;
(2) is permissible under the laws of the Union or the Member States to which the Data Controller is subject and which also includes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
(3) is made with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) GDPR if Article 9(2) a) or g) GDPR applies and appropriate measures have been adopted to safeguard your rights and freedoms as well as your legitimate interests.   

With respect to the cases referred to in (1) and (3), the Data Controller will adopt suitable measures to safeguard your rights and freedoms as well as your legitimate interests that will at least include the right to obtain human intervention on the part of the Data Controller, to express your own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

11. Further information

MyFonts Counter
On this website we use MyFonts Counter, a web analysis service from MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. Due to the license terms, page view tracking is carried out by counting the number of visits to the website for statistical purposes and transmitting it to MyFonts. MyFonts only collects anonymized data. The data may be passed on by activating JavaScript code in your browser. Further information on MyFonts Counter can be found in the data protection information of MyFonts at https://www.myfonts.com/legal/website-use-privacy-policy.

Opposition possibility
In order to prevent the execution of JavaScript code from MyFonts altogether, you can install a JavaScript blocker (for example www.noscript.net)

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google").  Google Analytics uses tracking cookies which are stored on your end divice after your consent has been given. The information generated by a cookie about your use of this website (including your IP address) will be transmitted to a Google server in the USA and stored there. For this reason, we have entered into a contractual agreement with Google that secures this data transfer in accordance with the data protection level of the European GDPR.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will never associate your IP address with any other data held by Google Inc.

In order to prevent the transmission of full addresses we use the anonymisation function made available by Google. Moreover, we have the option of using Google’s browser add-on to deactivate Google Analytics. This tells the JavaScript (ga.js) of Google Analytics that no information about the website visit may be transmitted to Google Analytics.

You can prevent cookies from being stored by selecting the appropriate settings in your internet browser software; however, we would like to point out that, in this case, you might not be able to make full use of all the functions on this website. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

In addition or as an alternative to the browser add-on, you can use the Prevent capture by Google Analytics by clicking on the following Click Link: Disable Google Analytics.

Source: Google Analytics Data Privacy Statement

The statements made about Google Analytics apply accordingly to the Google service YouTube, which we also use. With regard to our YouTube channel, we also use the possibilities opened up by Google for the evaluation of data collected and anonymized by Google. The reference to the above-mentioned privacy policy of Google applies accordingly.

Social Plugins

Our website makes use of social plugins from the following social networks:

Facebook, which is operated in Germany by Facebook Germany GmbH, Caffamacherreihe 7, Bramsquartier, 20335 Hamburg;
Twitter, which is operated in Europe by Twitter  International Company, One Cumberland Place, Fenian Street, Dubling 2, D02 AX07, IRLAND;
YouTube, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA;
LinkedIn, which is operated in Europe by LinkedIn  Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, IRLAND;
XING, which is operated in Germany by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Instagram, which is operated in Germany by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, IRLAND.

These social plugins are identified with the respective logos, so-called placeholders. These placeholders are only activated when you click on them and they create a direct connection via your browser to the servers of Facebook, Twitter, YouTube, Xing, LinkedIn or Instagram. In this way, information is transmitted to Facebook, Twitter, YouTube, Xing, LinkedIn or Instagram that you have accessed the page on our website that contains the social plugin. This will also happen even if you are not logged into Facebook, Twitter, YouTube, Xing, LinkedIn or Instagram or do not have a corresponding account.

However, if you do have a corresponding account and, at that time, are logged in with Facebook, Twitter, YouTube, Xing, LinkedIn or Instagram then the visit to our web pages as well as all your interactions associated with the social plugins (e.g. creating comments, etc.) will be assigned to your profile there and stored in Facebook, Twitter, YouTube, Xing, LinkedIn or Instagram.

To read about the purpose and scope of data collection as well as the processing and use of data by Facebook, Twitter, YouTube, Xing, LinkedIn and Instagram and, in this respect, your rights and the settings options available to protect your privacy, please refer to the privacy notices of Facebook (https://www.facebook.com/policy.php), Twitter (https://twitter.com/en/privacy), YouTube (https://policies.google.com/privacy?hl=de&gl=de), Xing (https://www.xing.com/privacy), LinkedIn (https://www.linkedin.com/legal/privacy-policy) and Instagram (Data Policy | Instagram Help Center).

In order to prevent Facebook, Twitter, YouTube, Xing, LinkedIn or Instagram from collecting the above-mentioned data when you visit our website you must log out of Facebook,Twitter, YouTube, Xing, LinkedIn or Instagram before you visit our website.

Back to top of page