Data privacy

 

Thank you for your interest in our company. Data protection is of particular importance to the management of SRS Audit GmbH.
The Internet pages of SRS Audit GmbH can in principle be used without the disclosure of any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the Basic Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to SRS Audit GmbH. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects will be informed of their rights by means of this data protection declaration.
SRS Audit GmbH, as data controller, has implemented numerous technical and organizational measures to ensure the most complete possible protection of personal data processed via this website. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.

 

1 Definitions

The data protection declaration of SRS Audit GmbH is based on the terms used by the European guideline and regulation provider when the basic data protection regulation (DS-GVO) was issued. Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection declaration:

a) personal data

Personal data are all information relating to an identified or identifiable natural person (hereinafter “data subject”). Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b) person concerned

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, collection, organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling is any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not assigned to an identified or identifiable natural person.

g) controller or controller

The data controller or controller is the natural or legal person, public authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.

h) contract processors

Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.

i) Recipient

Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.

j) third parties

A third party is a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or the data processor.

k) Consent

Consent means any informed and unambiguous statement of intent made voluntarily by the data subject in the form of a declaration or other document.

2. person responsible and contact data of the data protection officer

This data protection declaration informs you about the processing of personal data on the firm’s website:

SRS Audit GmbH
Dürener Straße 334 -336
50935 Cologne

Phone: +49 221 466791
koeln@srsaudit.de

Authorized representative according to § 5 I No. 1 TMG: Dr. Rudolf Schmitz

This data protection declaration also extends to the affiliated companies mentioned in the imprint.

The firm’s data protection officer can be contacted at the above office address and at datenschutz-srs@srsaudit.de

3. the scope and purpose of the processing of general and personal data

3.1 Accessing the Website

When you simply visit this website for information, i.e. if you do not register or otherwise provide information, the Internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file for a limited period of time. Until automatic deletion, the following data will be stored without further entry by the visitor:

  • IP address of the mobile device,
  • Date and time of access,
  • Name and URL of the called page,
  • Website from which the law firm’s website is accessed (so-called referrer URL),
  • Browser type and settings, operating system of the mobile device and the name of the access provider used.
  • The processing of personal data is justified in accordance with Art. 6 I p. 1 lit. f DS-GVO.

The firm has a legitimate interest in data processing for this purpose,

  • to quickly establish a connection to the firm’s website,
  • to enable a user-friendly use of the website,
  • to recognize and guarantee the security and stability of the systems and
  • to facilitate and improve the administration of the website.

The processing does not take place expressly for the purpose of gaining knowledge about the person of the visitor of the website.

3.2 Use of Cookies

So-called cookies are used on the website. These are data packets that are exchanged between the server of the law firm’s website and the visitor’s browser. These are stored when visiting the website by the devices used (PC, notebook, tablet, smartphone, etc.). In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. Information is stored in the cookies that results in each case in connection with the specifically used terminal device. Under no circumstances can the firm obtain direct knowledge of the identity of the visitor to the website.

Cookies are largely accepted according to the basic browser settings. The browser settings can be set so that cookies are either not accepted on the devices used or that a special message is displayed before a new cookie is created. However, it should be noted that the deactivation of cookies may result in not all functions of the website being used in the best possible way.

The use of cookies serves to make the use of the law firm’s website more comfortable. For example, session cookies can be used to determine whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.

Temporary cookies are used to improve user-friendliness. They are stored on the visitor’s device for a temporary period of time. When the website is visited again, it is automatically recognized that the visitor has already visited the page at an earlier point in time and which entries and settings were made in order not to have to repeat them.

Cookies are also used to analyse calls to the website for statistical purposes and to improve the service. These cookies make it possible to recognize automatically with a renewed visit that the web page was already called up before by the visitor. Here, cookies are automatically deleted after a specified period of time.

The data processed by cookies are justified for the above-mentioned purposes to safeguard the law firm’s legitimate interests in accordance with Art. 6 I p. 1 lit. f DS-GVO.

3.3 Use of Google Analytics

We use the website analysis service Google Analytics of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Google Analytics stores cookies on your computer. These are used for the analysis of the use of the website. The information collected by the cookies is transmitted to and stored by Google on servers in the USA. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.

For further information on the processing of personal data, we refer to the data protection declaration of the provider. There you will also find further information about your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=en.

The legal basis for the use of the analysis tools is Art. 6 I p. 1 lit. f DS-GMO. The website analysis is in the legitimate interest of our law firm and serves the statistical recording of the use of the website for the continuous improvement of our law firm website and the offer of our services.

3.4 Use of Google Maps

Our website integrates maps from Google Maps of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit the website, Google receives data such as log data, location-related information and application numbers. The data can also be processed in the USA. For further information on the processing of personal data, please refer to the privacy policy of the plug-in provider. There you will also find further information about your rights in this regard and setting options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy.

The legal basis for the use of the analysis tools is Art. 6 I p. 1 lit. f DS-GMO. The website analysis is in the legitimate interest of our law firm and serves to provide you with detailed and simplified information about the locations of our law firms.

3.5 Plugins for social networks (Social Plugins)

A plugin of the social network of the provider XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (XING) is integrated on our law firm website.

The plugins are integrated by the two-click solution. In principle, XING will not process any personal data from our website as long as you do not click on the plugin. By clicking on the plugin, data such as protocol data, cookies and location data are transferred to XING. For further information on the processing of personal data, please refer to the privacy policy of the plug-in provider. There you will also find further information about your rights in this regard and setting options for the protection of your privacy: https://privacy.xing.com/de/datenschutzerklaerung.

The legal basis for the use of social plugins is Art. 6 I p. 1 lit. f DS-GMO. A legitimate interest of our law firm and the purpose of using plugins of social networks is to make our offer known to a wide audience. The social networks are responsible for the data protection-compliant handling of their users’ data.

3.6 Contact form

Visitors can send news to the firm via an online contact form on the website. In order to receive an answer, at least your name and a valid e-mail address are required. All further data can give the inquiring person voluntarily. By sending the message via the contact form, the visitor consents to the processing of the transmitted personal data. The data is processed exclusively for the purpose of processing and responding to enquiries via the contact form. This is done on the basis of voluntary consent in accordance with Art. 6 I p. 1 lit. A DS-GMO. The personal data collected for the use of the contact form will be automatically deleted as soon as the inquiry is completed and there are no reasons for further storage (e.g. subsequent commissioning of our law firm).

3.7 Using the SRS cloud

3.7.1 Web File

In principle, no personal data will be processed by the web file from our website as long as you do not click on the link. For further information on the processing of personal data, we refer to the data protection declaration of the provider. They will also provide you with further information on your rights in this regard and how to protect your privacy: https://webakte.de/datenschutz.php

3.7.2 Companies online

In principle, companies will not process any personal data from our website online as long as you do not click on the link. For further information on the processing of personal data, we refer to the data protection declaration of the provider. There you will also receive further information on your rights in this regard and how to protect your privacy: https://www.datev.de/web/de/m/ueber-datev/datenschutz/

3.8 Processing for the purpose of performance of the contract

Should you provide us with personal data which we require to fulfil a contractual relationship or to initiate a contractual relationship, we will process these on the basis of the legal basis of Art. 1 I p. 1 lit. b DS-GVO.

3.9 Processing on the basis of consent

If we process personal data that you have transferred to us on the basis of your consent, we process these on the basis of the legal basis of Art. 1 I p. 1 lit. a DS-GVO.

3.10 Processing on the basis of legal obligations and vital interests

If the processing of personal data is based on a legal obligation, the legal basis for this is Art. 6 I p. 1 lit. c DS-GVO. In processing for the protection of vital interests, the legal basis is Art. 1 I p. 1 lit. d DS-GVO.

4. passing on of data

Personal data will be transmitted to third parties if

  • in accordance with Art. 6 I p. 1 lit. a DS-GVO by the person concerned,
  • the disclosure pursuant to Art. 6 I p. 1 f DS-GVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that the data subject has an overriding interest worthy of protection in not disclosing his/her data,
  • there is a legal obligation for data transmission in accordance with Art. 6 I p. 1 lit. c DS-GVO, and/or
  • this is necessary for the fulfilment of a contractual relationship with the person concerned pursuant to Art. 6 I p. 1 lit. b DS-GVO.

In other cases, personal data will not be passed on to third parties.

When using IT services and hosting services, personal data may be passed on within the framework of order processing by concluding a corresponding contract for order processing (Art. 28 DS-GVO). Our legitimate interest lies in maintaining the functionality of our IT systems (legal basis: Art. 6 I p. 1 lit. f DS-GVO).

Further processing on our behalf is only carried out within the scope of order processing by concluding a corresponding contract pursuant to Art. 28 DS-GVO and only on the basis of an offence of Art. 6 I p. 1 DS-GVO.

5. duration of data storage

The duration of the storage of your data depends on the discontinuation of the purpose for which it was processed. The data will not be deleted if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. defence of legal claims is necessary.

This also includes the statutory obligations to store and document data in accordance with commercial law and the Fiscal Code, as well as the limitation periods in accordance with the German Civil Code (BGB).

6. rights of the persons concerned

You have the right:

  • to receive information from us about the personal data concerning you that we have processed. The requirements of Art. 15 DS-GVO and § 34 BDSG as amended must be taken into account;
  • to immediately request us to correct incorrect or complete your personal data stored by us;
  • to request the deletion of your personal data in accordance with Art. 17 DS-GVO without delay;
  • to require us to restrict the processing of personal data concerning you if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data, if the data are no longer needed by us but you need the data to assert, exercise or defend legal claims or if you have lodged an objection to the processing pursuant to Art. 21 DS-GVO;
  • to object to the processing of personal data concerning you in accordance with Article 21 DS-GVO.
  • to receive personal data concerning you in a structured, common and machine-readable format in accordance with Art. 21 DS-GVO;
  • to revoke your consent once given to us according to Art. 7 III DS-GVO for the future;
  • to complain to a regulatory agency. It is advisable to contact the company’s data protection officer in advance. You will find the contact details at the beginning of this data protection declaration.

    7. provision of personal data

We only require personal data from you which is necessary for the fulfilment of the contractual relationship or due to legal regulations. Without these data we are not able to conclude the contract. Information that you can voluntarily provide to us is marked as such.

8. right of objection under Article 21 DS-GVO

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you which, pursuant to Art. 6 I p. 1 lit. f DS-GVO (processing for legitimate interests) or Art. 6 I p. 1 lit. e

DS-GVO (processing in the public interest). This also applies to profiling based on these provisions.

If you file an objection, we will no longer process your personal data unless we can prove compelling, legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If we process personal data for the purpose of direct marketing, you have the right to object to this processing at any time. This also applies to profiling as far as it is connected with this direct advertising.

If you object, your personal data will no longer be processed for direct marketing purposes.

The objection can be made form-free and should be addressed to:

SRS Audit GmbH
Dürener Straße 334 -336
50935 Cologne

Phone: +49 221 466791
koeln@srsaudit.de

9. Status and updating of this data protection declaration

This privacy statement is dated May 25, 2018 and we reserve the right to update the privacy statement in due course in order to improve data protection and/or adapt it to changes in government practice or case law.