Data protection declaration and information
from Gehrke Econ pursuant to Art. 13 and Art. 14 GDPR
In the following section we provide information on the personal data obtained from data subjects when using our website. Personal data is all data that means any information relating to your natural person, e.g. name, address, email addresses, behavior. In addition, we present the processing of your data when we render services for you/our clients and all other activities that we perform in the course of our business.
To the extent that you provide us with information via the website of Gehrke Econ, you consent in accordance with Art. 6 (1) Sentence 1 lit. a) and Art. 7 GDPR that we may process your personal data in keeping with the principles laid out here.
1. Name and contact data of the controller responsible for processing data.
The internet site is a joint offering from Gehrke Econ. Pursuant to Art. 4 (7) EU-GDPR (see also the masthead) the following entities qualify as controllers of personal data:
Where advisory services are rendered after establishing contact via our website or in the course of the later service relationship, the controller pursuant to Art. 4 No. 7 EU-GDPR is the entity of those listed above that actually renders the specific advisory service.
2. Data protection officer
Mr. Thomas Althammer is the external data protection officer assigned responsibility for compliance with data protection requirements and monitoring the same.
He can be contacted at the following address for more information on the issue of data protection:
3. Capturing and storing personal data and nature and purpose of its use
a) When visiting our website
When calling up our website, www.gehrke-econ.de the browser on your device will automatically send information to our website. This information is stored in a temporary log file.
The following information is recorded without any action on your part and stored until it is automatically deleted:
- IP address of the device submitting the search
- Date and time of day of the request
- Name and URL of the file requested
- Access status/HTTP status code, and the volume of data transmitted in each case
- Website, from which the request is made (Referrer-URL) the browser used and, possibly the operating system of your device and the name of your internet provider.
We process this data for the following purposes:
- Ensuring smooth connection to the website
- Ensuring the ease of use of our website
- Analyzing system security and stability as well as other administrative purposes.
The legal foundation for processing this data is provided by Art. 6 (1) Sentence 1 lit. f) GDPR. Our legitimate interest is derived from the purposes listed above to capture data. In no case do we use the data captured for the purpose of drawing conclusions about your person.
In addition, cookies and analytical services are also used upon a visit to our website. More explanations can be found under Points 5 and 6 of this data protection declaration.
b) When registering for our newsletter
If you have issued your express consent pursuant to Art. 6 (1) Sentence 1 lit. a) GDPR, we will use your email address to send you our newsletter on a regular basis. Upon receiving your consent we process and use the following data
- Address,first name, surname
- a valid email address
to keep you informed of news related to our firm, new developments in the law and in tax legislation, the events we host and our services and to advertise these. In this case, data is processed and used in accordance with Art. 6 (1) Sentence 1 lit. a) and Art. 7 GDPR This data is used and stored for the above purpose until you revoke your consent to the processing of your data. To receive our newsletter it is sufficient to supply an email address.
It is possible to unsubscribe at any time, for example, by clicking on the link at the end of the newsletter. Alternatively you can communicate your desire to unsubscribe by sending an email to firstname.lastname@example.org.
c) Upon using our contact form
We offer you the possibility to make contact with us via a contact form that is provided on the website. This requires you to disclose your name, company name and a valid email address to allow us to know from whom the query comes and to process the request. Other information can be provided on a voluntary basis. We will process such information within the framework of the purpose of rendering our services to you.
Pursuant to Art. 6 (1) Sentence 1 lit. a) GDPR, the data used to establish contact with us is only processed after you have voluntarily issued your consent.
After the request you submitted has been completed, the personal data captured on the contact form is automatically deleted unless there is a duty under the law to archive it.
d) Job vacancies – online applications, applicant management system (BMS)
To be able to submit an application it is first necessary to register for our applicant management system (BMS) and make the disclosures required for an application in the fields provided, e.g. your first name, surname, email address, date of birth, your reasons for the application (“motivation letter”) and a curriculum vitae. These fields are marked accordingly. All other fields are voluntary disclosures. Via your account you can view, edit and delete your personal data at any time.
This data is stored, analyzed, processed or forwarded solely within the framework of your application. It is only accessible by employees in the HR department and the officers responsible for making the selection. We act as a provider of HR services for employers outside the Gehrke Econ group of companies and make a short list of only those candidates who meet the criteria, which we then forward to our clients.
Your data may also be processed for statistical purposes (e.g. reporting). However, in this case it is impossible to make any connection back to the individual persons.
The BMS umantis system is operated under contract by the HaufeGroup (Haufe-Lexware) on our behalf, see www.haufe-lexware.com/ueber-uns/ .
The legal foundation for processing your data is provided by Art. 6 (1) lit a) GDPR and Sec. 26 BDSG, as we process your data on the basis of your consent given by registering in our applicant management system and for the purpose of establishing an employment relationship with you.
The law does not allow your data to be stored for an indefinite period. Our client management ensures that your application data is automatically deleted after a defined period.
In the event that we turn down your application, we delete your data within three months of our notice of rejection at the latest.
If you are recruited, your data will be transferred to our human resources system where it is protected in accordance with the applicable laws and regulations.
If your application is not considered for a current job vacancy, it is possible that we propose to you that we keep your application in a “pool of applicants” to consider it when filling positions that become vacant in the following months. However, this will be communicated to you in advance and you will have the opportunity to revoke your consent if you do not agree. It is intended to store data related to the pool of applicants for a period of twelve months. You have the opportunity to withdraw your application at any time and demand that we delete your personal data
e) Processing personal data to render services to our clients
We process your personal data for the purpose of performing individual contracts to render services to you. For this purpose we may process your personal data within the framework of correspondence related to the services. Such correspondence may be between us and you, our client, and the other entities of the Gehrke Econ Group, our service providers or applicable public authorities. Likewise, we can process your personal data to ensure there is no conflict of interest when rendering our services or within the framework of discussing potential services we could render.
When you engage us to perform work for you, we generally capture the following information:
- Title, first name, surname
- Position as managing director/general manager
- A valid email address
- Telephone number (landline and/or mobile)
- Information required to assert and defend our rights within the framework of the engagement and to perform the engagement.
This data is captured for the following purpose:
- to identify you as our client
- to advise you appropriately on matters of law, tax or business and represent you accordingly
- to audit the financial statements or perform some other engagement (e.g. issue an expert report)
- to exchange correspondence with you
- to issue invoices
- to settle any liability claims that may arise and assert any other claims against you
The data is processed in response to your query and is necessary to perform the contract adequately as listed in Art. 6 (1) Sentence 1 lit. b) GDPR and to meet the obligations arising from the contract.
f) Processing your personal data for our legitimate business activities
We may also process your personal data within the following context:
- queries and communications from the applicable public authorities while respecting our professional duty to maintain confidentiality
- for the purposes of accounting, invoicing and risk analysisfor
- the purposes of the client relationship, including, but not limited to, (i) sending information on our products and services that we think might be of interest to you; (ii) making contact with you to obtain feedback on our services; (iii) making contact with you for other marketing or research purposes, provided the legal requirements are met in this regard
- for services rendered to you by our professionals, e.g. lawyers, auditors and tax advisors
- for administrative purposes in connection with the specific business activity
- to protect our rights and our clients.
4. Disclosure of data to third parties
Your personal data is not disclosed to third parties for any purpose other than the purposes stated above.
We forward your personal data to third parties only when
you have given your express consent pursuant to Art. 6 (1) Sentence 1 lit. a) GDPR, disclosure to third parties is necessary for the purposes of the legitimate interests pursuant to Art. 6 (1) Sentence 1 lit. f) GDPR to assert, exercise or defend legal rights and there is no reason to assume that your fundamental rights and freedoms not to have your personal data disclosed are overridden in the process.
in the event that forwarding your data is necessary for compliance with a legal obligation to which the controller is subject pursuant to Art. 6 (1) Sentence 1 lit c) GDPR, e.g. transferring your data to a public authority) provided this is permitted under the law and
in accordance with Art. 6 (1) Sentence 1 lit. b) GDPR it is necessary for the performance of a contract with you, including but not limited to when an exchange of data between the professionals of the firms in the Gehrke Econ Group is necessary for us to apply our holistic service philosophy.
The cookie stores information that arises in association with the specific end-user device used. However, this does not mean that we obtain direct knowledge of your identity.
In addition, we use temporary cookies to optimize the ease-of use. These are stored on your device for a defined period of time. If you return to our site to avail of our services, the browser automatically recognizes that you have already visited the site and which entries and settings you made. This avoids you having to enter them again.
On the other hand, cookies are used to keep a statistical record of our site usage which we analyze in order to optimize our content for you (see point 5.). These cookies enable us to recognize automatically that you have already visited our site before. These cookies are automatically deleted after a predefined period.
The data processed by the cookies is required for the above purposes to allow us to pursue our legitimate interest and the legitimate interests of third parties in accordance with Art. 6 (1) Sentence 1 lit. f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a warning message appears before a new cookie is created. The complete deactivation of cookies might result in not all functions of our website being available.
6. Analytical tools
a) Tracking tools
We use the following tracking tools on the basis of Art. 6 (1) Sentence 1 lit. f) GDPR. The tracking tools are used to structure the website in accordance with user needs and optimize it on a continuous basis. On the other hand, tracking tools are used to keep a statistical record of our site usage, which we analyze in order to optimize our content for you. This is our legitimate interest in the sense of the above legislation.
The respective data processing objectives and data categories can be found in the corresponding tracking tools.
i) Google Analytics
We use Google Analytics, a web analytics tool from Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”) to design our website in accordance with user needs and update it on a day-to-day basis. In this regard, anonymized user profiles are created and cookies are used (see point 5). The information on your use of this website that is generated by the cookie, such as
- browser type/version
- operating system used
- referred URL (site visited previously)
- IP address of your device
- time of day at which the query is lodged
are transmitted to a Google server in the USA and stored there. This information is used to analyze use of the website, compile reports on website activity and other services associated with the use of the website and the internet for the purposes of market research and structuring the internet sites in accordance with needs. This information may also be transmitted to third parties if required by law or if such third parties process the data under contract. In no cases is your IP address combined with the other data of Google. The IP addresses are anonymized to prevent an allocation (referred to as IP masking).
You can prevent the installation of cookies by adjusting the settings of your browser accordingly. However, we draw attention to the fact that in this case you will not be able to use the full functionality of our website.
You can also prevent the cookie from generating the data regarding your use of the website (including your IP address) and processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
Alternative to the browser add-on, and of particular interest for mobile devices, you can prevent capture by Google Analytics by clicking on this link. This sets an opt-out cookie that prevents the capture of your data upon future visits to the website. The opt-out cookie only applies in this browser and only for our website. It is saved on your device. If you delete your cookies in this browser you will have to set the opt-out cookie anew.
More information related to Google Analytics can be found, for example, at Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
ii) Google Adwords Conversion Tracking
We also use Google Conversion Tracking to record statistical data about use of our website and to optimize our website in your interests. This involves Google Adwords setting a cookie (see point 5) on your device if you accessed our site via a Google advertisement.
These cookies become invalid after 30 days and do not allow any form of personal identification. If a user visits certain pages of a domain of an Adword customer and the cookie has not expired, both Google and the customer can see that the user has clicked on the advertisement and been linked to this webpage.
Each Adwords customer receives a different cookie. Consequently, the cookies cannot be tracked via the webpages of Adwords customers. The information obtained with the help of the conversion cookie is used to compile conversion statistics for Adwords customers who have elected to use conversion tracking. Adwords customers are informed of the total number of users who clicked on the advertisement and were linked to the page with an attached conversion tracking tag. However, they do not obtain any information that would allow them to identify the identity of the user.
If you do not want to participate in website tracking services, you can reject the use of a cookie, in your browser settings for example, which deactivates the automatic creation of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”. You can find Google’s declaration on data protection with regard to conversion tracking here (https://services.google.com/sitestats/de.html).
We use Matomo open source software to analyze use of the website and create statistics. Cookies are created for this purpose (see point 5). The information on use of the website that is generated by the cookie is transmitted to our server and compiled into anonymized user profiles. The information is used to analyze use of the website and allow the website to be designed in accordance with user needs. The information is not passed on to third parties.
In no cases is the IP address associated with other data related to the user. The IP addresses are anonymized to prevent an allocation (referred to as IP masking).
Your visit to this website is currently being recorded by Matomo Analytics. Click here (https://matomo.org/docs/privacy/) to ensure that your visit is no longer recorded.
7. Rights of data subjects
You have the right:
- to be informed by us of the personal data we process pursuant to Art. 15 GDPR. This includes, but is not limited to, obtaining information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom your personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, the right to request rectification or erasure or restriction of processing or the right to object to such processing, the right to lodge a complaint, and, where we have not collected the data, the source of any such information, as well as the existence of automated decision-making, including profiling and meaningful information about the details of it;
- rectification of inaccurate personal data or completion of incomplete personal data stored by us in accordance with Art. 16 GDPR;
- erasure of your personal data stored by us in accordance with Art. 17 GDPR unless the data is processed to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- restrict the processing of your personal data in accordance with Art. 18 GDPR if you contest the accuracy of the personal data, processing is unlawful, yet you oppose the erasure of the personal data and we do not need the personal data anymore but you need the data to establish, exercise or defend legal claims or you lodge an objection to processing of your personal data pursuant to Art. 21 GDPR;
- to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
- to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This implies that the right to process data based on your consent does not exist any longer in future;
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Generally you can refer to the supervisory authority in whose jurisdiction you have your normal place of residence or workplace or the supervisory authority in whose jurisdiction the offices of the company concerned within our group of companies has its registered office.
8. Right to object
If your personal data is processed on account of a legitimate interest pursuant to Art. 6 (1) Sentence 1 lit. f) GDPR, you have the right to object to processing of your data pursuant to Art. 21 GDPR provided that the grounds for your objection relate to your particular situation or the use of your personal data for direct marketing. In the latter case, you have a general right of objection which we will comply with regardless of whether or not your objection is founded upon your personal situation.
If you would like to exercise your right of refusal or objection, an email to email@example.com suffices.
9. Data security
During visits to our website we use the widely used SSL process (secure socket layer) in combination with the highest encryption rate that is supported by your browser. As a general rule, 256-bit encryption is used. If your browser does not support 256-bit encryption, we fall back on 128-bit v3 technology. You can determine whether any particular page of our website is transmitted in encrypted form or not by the presence of a closed key or lock symbol in the lower status bar of your browser.
All employees at Gehrke Econ have their own personal S/MIME certificate. If you also possess an S/MIME certificate, we can ensure end-to-end encryption commencing from the second email. In the first email we are provided with the public key required for encryption. Upon separate arrangement, we can also set up PGP encryption. We cannot guarantee full data security via email without S/MIME or PGP certificates. Consequently, we recommend that sensitive information is sent to us by regular post.
Furthermore, we employ suitable technical and organizational safeguards to protect your data from accidental or willful manipulation, total or partial loss, deletion or unauthorized access. Our security measures are improved on a constant basis to keep them up with the state of the art.
10. Storage limits
We store your personal data on our systems for the longest of the following periods: (i) as long as required for the respective activity or service rendered, (ii) the statutory minimum archiving period, (iii) the end of the period in which a legal dispute or investigation into the services rendered could arise.
In detail the respective companies in our group of companies generally store your personal data in agreement with the applicable laws governing the archiving duties for the various categories of the data as follows:
- reference files of auditors/tax advisors: 11 years after the end of the calendar year in which the client relationship came to an end
- reference files of lawyers: 6 years after the end of the calendar year in which the engagement was brought to a conclusion
- bookkeeping documents: 10 years
- business and commercial correspondence received and copies of business and commercial correspondence sent as well as other documents with a tax relevance: 6 years
We draw your attention to the fact that we are obliged to store the engagement letter and the subject of the engagement for an indefinite period to allow a review of any conflicts of interest and our independence.
11. Validity and amendments of this data protection declaration
This data protection declaration is currently valid and was issued in May 2018.
It may become necessary to amend this data protection declaration at a later date due to changes to our website and our offers, or to a change in the law or official requirements. You can view the latest version of the data protection declaration at any time at our website at https://www.gehrke-econ.de/index.php?id=datenschutz.