de
Office safe
Karriere
Erlanger Treuhand LogoErlanger Treuhand
TaxBusinessLaw
CompanyTeamCareerContactService Center
Back to Home

Data privacy policy

1. Name and contact details of the responsible persons

This privacy policy informs about the processing of personal data on the website of the

 

Erlanger Treuhand GmbH Wirtschafsprüfungsgesellschaft

Am Weichselgarten 28

91058 Erlangen, Germany

Phone +49 (9131) 6906-0

Fax +49 (9131) 6906-210

 

ETH Erlanger Treuhand GmbH Wirtschaftsprüfungsgesellschaft

Am Weichselgarten 28

91058 Erlangen, Germany

Phone +40 (9131) 6906-841

Fax +49 (9131) 6906-890

 

Erlanger Treuhand GmbH Rechtsanwaltsgesellschaft

Am Weichselgarten 28

91058 Erlangen, Germany

Phone +49 (9131) 6906-559

Fax +49 (9131) 6906-520

 

2. Contact details of the data protection officer  

The firm's data protection officer can be reached at the firm's address (Am Weichselgarten 28, 91058 Erlangen, Germany) and at dsb[at]erlanger-treuhand.de.

 

3. Scope and purpose of the processing of personal data

When the website www.erlanger-treuhand.de is called up, data is automatically sent to the server of this website by the Internet browser used by the visitor and stored in a log file for a limited period of time. Until automatic deletion, the following data is stored without further input by the visitor:

  • IP address of the visitor's terminal device,
  • Date and time of access by the visitor,
  • Name and URL of the page accessed by the visitor,
  • Website from which the visitor accessed the website (so-called referrer URL),
  • Browser and operating system of the visitor's terminal device as well as the name of the access provider used by the visitor.

 

The processing of this personal data is justified pursuant to Article 6 (1) 1 f) European Data Protection Regulation ( GDPR). The firm has a legitimate interest in processing data for the purpose of,

  • to establish the connection to the website of the firm quickly,
  • to enable a user-friendly application of the website,
  • to recognize and ensure the security and stability of the systems, and
  • to facilitate and improve the administration of the website.

 

The processing is expressly not carried out for the purpose of gaining knowledge about the person of the visitor to the website.

 

4. Transfer of data

Personal data will be transferred to third parties if

  • the data subject has expressly consented to this in accordance with Article 6 (1) 1 a) GDPR,
  • the transfer is necessary for the assertion, exercise or defense of legal claims pursuant to Article 6 (1) 1 f) GDPR and there is no reason to assume that the data subject has an overriding interest worthy of protection in the non-disclosure of his or her data,
  • there is a legal obligation for the data transfer pursuant to Article 6 (1) 1 c)GDPR , or
  • this is necessary for the fulfillment of a contractual relationship with the data subject according to Article 6 (1) 1 b) GDPR .

 

In other cases, personal data will not be disclosed to third parties.

 

5. Cookies

So-called cookies are used on the website. These are data packets that are exchanged between the website server and the visitor's browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. In the cookies, information is stored that arises in each case in connection with the specific end device used. The firm can therefore in no way obtain direct knowledge of the identity of the visitor to the website.

Cookies are mostly accepted according to the basic settings of the browsers. The browser settings can be configured in such a way that cookies are either not accepted on the devices used or that a special notice is given in each case before a new cookie is created. However, it should be noted that the deactivation of cookies may mean that not all functions of the website can be used in the best possible way.

The use of cookies serves to make the use of the web offer of the  firm more comfortable. For example, session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.

Temporary cookies are used to improve user-friendliness. They are stored on the visitor's device for a temporary period of time. When the website is visited again, it is automatically recognized that the visitor has already called up the page at an earlier time and which entries and settings were made in the process, so that these do not have to be repeated.

Cookies are also used to analyze visits to the website for statistical purposes and for the purpose of improving the offer. These cookies make it possible to automatically recognize on a new visit that the website has already been called up by the visitor before. In this case, the cookies are automatically deleted after a specified period of time.

The data processed by cookies are justified for the above-mentioned purposes to protect the legitimate interests of the firm in accordance with Article 6 (1) 1 f) GDPR.

 

Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or revocation of your consent(s).
  • Your IP address
  • Information about your browser
  • Information about your terminal device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

The Usercentrics banner on this website was configured with the help of eRecht24. You can recognize this by the fact that the eRecht24 logo appears in the banner. To display the eRecht24 logo in the banner, a connection to the image server of eRecht24 is established. In the process, the IP address is also transmitted, but this is only stored in anonymized form in the server logs. The image server of eRecht24 is located in Germany with a German provider. The banner itself is provided exclusively by Usercentrics.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Article 6 (1) c) GDPR.

A contract on order processing (AVV) has been concluded for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with theGDPR .

 

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on the basis of your consent (Article 6 (1) a) GDPR and Section 25 (1) Gesetz über den Datenschutz und den Schutz der Privatspähre in der Telekommunikation und bei Telemedien, TTDSG). Google Analytics uses so-called "cookies". These are text files that are stored on your terminal device and enable an analysis of your use of the website. The information stored in this way is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated, your IP address will be shortened before data transmission and within the European Union or contracting states of the European Economic Area. An unabbreviated transmission of the full IP address to Google only takes place in exceptional cases.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Sessions and campaigns are terminated after a certain period of time. Users' personal data is deleted or anonymized after 14 months.

Google processes and stores your data in the USA. Corresponding contractual regulations and guarantees ensure compliance with the European level of data protection for data transfer and processing in third countries. Data processing or storage in third countries may al=so be based on your consent (Article 49 (1) s1 a) GDPR), in which case you will be informed separately about this, as well as the possibility of revocation, when obtaining your consent.

You can find more information on the terms of use and data protection at https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can revoke your consent at any time with effect for the future. To do this, simply call up our Consent banner and deselect the corresponding consent. Please note that the change in the Consent Banner settings must be made individually for each end device.

 

Cookie Consent Tool

This website uses the IP anonymization function of Google Analytics. Furthermore, an order data processing contract has been concluded with Google. You also have the option of deactivating Google Analytics by means of a browser add-on.

For more information, please visit https://support.google.com/analytics/answer/6004245 (general information on Google Analytics and data protection).

 

6. Contact form and email contact

If you use the contact form for an inquiry, we process the personal data that you provide in the contact form. These are as so-called mandatory fields in the contact form only first name and surname and the e-mail address. In addition, we store the date and time of the request. For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

The data transmitted via the contact form is used exclusively for processing the conversation. In this context, the data will not be passed on to third parties. You can decide for yourself which information you send us via the contact form. The legal basis for the processing of your data is your consent in accordance with Article 6 (1) a)GDPR .  

The personal data from the input mask of the contact form and those sent by email are deleted when the respective conversation with the user has ended. The conversation with the user is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

 

7. Applicant data

When using our contact form for applications, we process the data that we receive from you in the application process. These are as so-called mandatory fields in the contact form only first name and surname and the email address. Other data provided by you may include, for example, date of birth, address, telephone number, and information on your resume, previous income, certificates, references, and the like. We also store the date and time of the application. Your consent is obtained for the processing of the data as part of the submission process and reference is made to this data protection declaration.

We process the submitted data exclusively for the purposes of the selection process. No data will be passed on to third parties in this context. You can decide for yourself what information you send to us via the contact form. The legal basis for the processing of your data is your consent pursuant to Article 6 (1) a) GDPR .  

Beyond the selection process, applicant data will generally be retained for a maximum of six months. Beyond that, further storage is (only) permitted with the consent of the applicant.

 

Contact form via HRworks

We use the specialized software provider HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg, Germany (hereinafter: "HRworks") for the application process via the job advertisements on our website. The purposes of the processing are the provision of a simple input mask for applicants and the digital organization and implementation of the job posting and filling. The personal data required for the application can be entered in the input mask of "HRworks". When the application is sent, the data entered from the input mask and the IP address are processed by "HRworks".

"HRworks" acts as our processor and is contractually limited in its authority to use the personal data for purposes other than providing services to us in accordance with the applicable data processing agreement. The legal basis for the processing is Article 6 (1) 1 f) GDPR. Our legitimate interest in involving the external service provider lies in the optimization of our digital application process.

Further information on data protection and the storage period at "Workable" can be found at: https://www.hrworks.de/unternehmen/datenschutz/.

It is possible to object to processing if this is based on Article 6 (1) 1 f) GDPR .The right to object exists for reasons arising from the specific situation. The objection can be sent to us via the contact details listed in the section "Contact details of the data protection officer".

 

8. Rights as a data subject

Insofar as your personal data is processed on the occasion of your visit to our website, you are entitled to the following rights as a "data subject" within the meaning of the GDPR:

 

a) Right to information

Pursuant to Art. 15 GDPR , the data subject has the right to request confirmation from the company as to whether personal data concerning him or her are being processed; if this is the case, he or she has the right to information about this personal data and to the following information:

  • the purposes of processing,
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing;
  • The existence of a right of appeal to a supervisory authority;
  • if the personal data are not collected from the data subject, any available information on the origin of the data;
  • the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

The information shall be provided in writing, unless the data subject makes the request electronically, in which case the information shall be provided in a commonly used electronic format, unless otherwise specified by the data subject.

The Company shall provide a copy of the personal data that is the subject of the processing. For any further copies requested by the data subject, the company may charge a reasonable fee based on the administrative costs.

The right to receive a copy may not interfere with the rights and freedoms of other persons.

 

b) Correction  

Pursuant to Article 16 GDPR, the data subject has the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning him or her.  

Taking into account the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

 

c) Right to erasure

Pursuant to Article 17 GDPR, the data subject has the right to erasure of his or her personal data in the following cases:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • The data subject revokes the consent on which the processing was based and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR (direct marketing).
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data has been collected in relation to information society services offered pursuant to Article 8 (1) GDPR .

 

If there is an obligation to erase and if the personal data have previously been made public, further data controllers shall be informed of an erasure request from the data subject regarding all copies of his/her data as well as all links to this data.

The above regulations on erasure do not apply insofar as the processing is required

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation requiring processing under the law of the European Union or the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Article 9 (2) h) and i) GDPR and Article 9 (3) GDPR; 
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right to erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or  
  • for the assertion, exercise or defense of legal claims.

 

d) Right to restriction of processing

Pursuant to Article 18 GDPR, the data subject has the right to request the Company to restrict processing if one of the following conditions is met:  

  • The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
  • The data subject has objected to the processing pursuant to Article 21 (1) GDPR, as long as it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted in accordance with the above provision, such personal data may - apart from being stored - only be processed with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

A data subject who has obtained a restriction of processing shall be informed by the controller before the restriction is lifted.

 

e) Right to data portability

Pursuant to Article 20 GDPR, the data subject has the right to receive the personal data concerning him or her that he or she has provided to a controller in a structured, commonly used and machine-readable format, and has the right to transmit the data to another controller without hindrance from the controller to whom the personal data were provided, provided that

  • the processing is based on consent pursuant to Article 6 (1) a) GDPR or Article 9 (2) a) DGDPR or on a contract pursuant to Article 6 (1) b) GDPR and
  • the processing is carried out with the help of automated procedures.

When exercising their right to data portability, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller, where technically feasible.

The exercise of the right under the above provisions is without prejudice to Article 17 GDPR. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability shall not affect the rights and freedoms of other persons.

 

f) Right to object to processing

In accordance with Article 21 GDPR, the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6 (1) e) or f) (legitimate interests) GDPR.

The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

 

g) Right to withdraw consent to data processing

In accordance with Article 7 GDPR, the data subject has the right to revoke his or her declaration of consent to the processing of personal data under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

h) No automated decisions in individual cases

Automated decisions in individual cases including profiling within the meaning of Article22 GDPR are not applied.

 

i) Right of appeal

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the place of residence, place of work or place of the alleged infringement, if the data subject considers that the processing of data relating to him or her infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

 

9. Status and update of this privacy policy  

This Privacy Policy is current as of 28.03.2023. We reserve the right to update the Privacy Policy in due course and or to adapt it to changes in government practice or case law.