Data protection information
Data protection information
In the following we inform about the collection of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
I. General information about the collection of personal data
(1) The person responsible in accordance with Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR, in the following we use the German abbreviation: "DSGVO")
Bleckmann Zinth Glombitza & Partner mbB Steuerberater Wirtschaftsprüfer Rechtsanwälte
Tax consultant Certified public accountant Lawyer
(hereinafter also referred to as "BZG & Partner mbB")
Lippstädter Str. 54
Phone: +49 251 979 92 700
You can reach our data protection officer at:
or our postal address (see above) with the addition "Data Protection Officer".
II. Collection of personal data within the scope of mandate processing and from business partners
- Client relationship
(1) We process certain data which we receive from you or third parties commissioned by you or your contact persons in connection with the client relationship between you and the law firm or other processing of your matter. This includes in particular the following data:
- Name, address, other contact data (in particular telephone or fax number, e-mail addresses),
- Identification data (in particular identity card data),
- Information about the professional activity,
- Bank account or payment details,
- tax identification number and tax number,
- details of your personal and/or economic circumstances and other information provided which is necessary for the (tax) legal representation, assertion or defence of your rights and legal positions within the scope of the assignment and
- in certain cases data from your legal relations with third parties (especially file number, account number).
(2) The data processing is carried out upon your request and, in accordance with Art. 6 para. 1 sentence 1 lit. b) DSGVO, is for the purposes stated in the following sentence for the appropriate processing of the mandate and for the mutual fulfilment of obligations arising from the mandate relationship (contract fulfilment and pre-contractual measures). The processing of the personal data mentioned in paragraph 1 shall be carried out:
- in order to identify you as our client,
- To be able to advise and represent you appropriately,
- for correspondence with you,
- for invoicing and other accounting purposes and
- to handle the client relationship with you and/or to assert any claims against you.
- In addition, the data processing is carried out in accordance with Art. 6 Para. 1 S. 1 lit. c) DSGVO in order to fulfil the legal obligations to which we are subject as lawyers, tax consultants or auditors. In addition, data processing is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a) insofar as you have given us your consent to process the personal data relating to you for specific purposes.
- Business Partner
(1) In addition, we process personal data within the scope of cooperation with commissioned service providers or suppliers as well as other business partners. This includes in particular the following data:
- Name, address, other contact data (in particular telephone or fax number, e-mail addresses),
- Information about the professional activity,
- Bank account or payment details,
- tax identification number and/or tax number, if applicable,
(2) The data processing is carried out in accordance with Art. 6 para. 1 sentence 1 letter b) DSGVO and, if applicable, also in accordance with Art. 6 para. 1 letter f) DSGVO, as the personal data referred to in para. 1 are necessary for the establishment, execution and handling of the contractual relationship with the respective business partner.
- Transfer of data to third parties and in third countries
(1) The transmission of personal data to third parties is only carried out on your behalf and with your consent. We pass on personal data to the following recipients within the framework of the client relationship:
- tax authorities, courts or other public authorities,
- Opposing parties and their representatives (in particular their lawyers, tax advisors, auditors),
- Social insurance agencies (Sozialversicherungsträger),
- Federal Gazette Publisher (Bundesanzeiger Verlag GmbH),
- Banks, credit institutions, insurance companies and professional associations,
- Order processors (e.g. data processing centers, IT service providers, print service providers, waste disposal companies, etc.) whose services we use only insofar as they are obliged to maintain our professional secrets in accordance with § 203 (3) of the German Criminal Code (StGB),
- Depending on the order to other recipients, which we coordinate with you.
(2) The transmission is made in accordance with Art. 6 para. 1 sentence 1 lit. b) DSGVO and, if applicable, Art. 6 para. 1 sentence 1 lit. f) DSGVO, as this is necessary for the proper handling of mandate or business relationships with you or other proper processing in accordance with Art. 6 para. 1 sentence 1 lit. f) DSGVO.
(3) Transmission to processors is based on Art. 28 DSGVO and Art. 6 para. 1 sentence 1 lit. b) DSGVO. The processors engaged by us process your data exclusively on our behalf and in accordance with our instructions. Above all, the processors are not permitted to use your personal data for their own purposes.
(4) The transfer of data to third countries (countries outside the European Economic Area - EEA) will only take place if this is necessary for the execution of the mandate contract (e.g. payment orders) or if you have given us your consent or if this is otherwise permitted by law. In this case, we will take measures to ensure the protection of your data, for example through contractual arrangements. We only transfer data to recipients who ensure the protection of your data in accordance with the provisions of the DSGVO for the transfer to third countries (Art. 44 to 49) DSGVO.
- Duration of storage
(1) The personal data will be stored by us for the duration of the statutory retention periods.
(2) According to § 50 (1) BRAO, the attorney must retain his or her files for a period of six years after the end of the calendar year in which the mandate or other legal activity was finished. In addition, the retention period (from the German Commercial Code, the German Criminal Code or the German Fiscal Code) is usually 10 years plus a waiting period of another 4 years to cover cases of possible suspension of expiration. After 14 years have elapsed, we check whether there are reasons for further retention.
(3) Otherwise, we delete your personal data after the purpose for which we collected your data has been fulfilled or has ceased to exist, unless we are entitled or obliged to continue to store the data. In these cases, we will generally not use your data for any further use and restrict the processing of personal data to this extent.
- Your rights
(1) You have the following rights as a "data subject" whose data we process within the scope of the mandate activity:
- Right to obtain information according to art. 15 DSGVO,
- Right to rectification or deletion according to art. 16, 17 DSGVO,
- Right to limit processing in accordance with Art. 18 DSGVO,
- Right to object to the processing,
- Right to data transmission according to Art. 20 DSGVO.
(2) If we process your personal data for specific purposes on the basis of your consent, you have the right to revoke your consent at any time in accordance with Art. 7 para. 3 DSGVO. Upon receipt of your revocation, we will cease processing your data for the purposes for which you have given us your consent. The legality of the processing before receipt of your revocation remains unaffected.
(3) If we process your personal data to protect legitimate interests within the meaning of Art. 6 para. 1 sentence 1 letter f) DSGVO, you have the right to object to this processing for reasons arising from your particular situation in accordance with Art. 21 para. 1 DSGVO. Under Art. 21 Para. 2 DSGVO, you may object to processing for the purposes of direct advertising at any time without giving reasons. In order to exercise your right of objection, it is sufficient to inform us informally (e.g. by e-mail to email@example.com) stating which data processing you object to.
(4) You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 para. 1 DSGVO. The data protection supervisory authority responsible for our company is: Landesbeauftragte für den Datenschutz Nordrhein-Westfalen, Kavalleriestrasse, 40213 Düsseldorf.
III. collection of personal data in the context of the informational use of the website
(1) In general, we process personal data of our users only to the extent which is necessary to provide a functional website and our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
(2) If we wish to use contracted service providers for individual functions of our offer or use their data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also inform you of the specified criteria for the storage period.
(3) Legal basis for the processing of personal data: Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.
(4) Insofar as no other storage period results from the other provisions of this data protection declaration, the personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the data controller is subject. Blocking or deletion of the data is also carried out when a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.
- Your rights
(1) You have the following rights against us with regard to the personal data concerning you:
- Right to information Art. 15 DSGVO,
- Right to rectification or deletion Art. 16, 17 DSGVO,
- Right to limit processing in accordance with Art. 18 DSGVO,
- Right to object to the processing,
- Right to data transferability according to Art. 20 DSGVO.
(2) You also have the right, pursuant to Art. 77 para. 1 DSGVO, to complain to a data protection supervisory authority about the processing of your personal data in our company. The data protection supervisory authority responsible for our company is: Landesbeauftragte für den Datenschutz Nordrhein-Westfalen, Kavalleriestrasse, 40213 Düsseldorf.
- Collection of personal data when visiting our website and storage period
(1) When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f DSGVO):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access Status/HTTP Status Code
- Amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
- The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
(2) The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.
(3) The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the respective session has ended. In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
(4) The collection of data for the provision of the website is absolutely necessary for the operation of the website. Therefore there is no possibility of objection by the user.
- Data transfer to third parties
(2) For the operation of the website and the services offered on the website (e.g. hosting of the website) we may use external service providers who process personal data of you on our behalf. The transmission to these service providers (processors) is based on Art. 28 DSGVO and Art. 6 para. 1 sentence 1 lit. b) DSGVO. The commissioned processors used by us process your data exclusively on our behalf and according to our instructions. Above all, the processors are not permitted to use your personal data for their own purposes.
(1) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in accordance with the browser you are using and through which certain information (e.g. search terms entered, frequency of page views, use of website information) is sent to the party that sets the cookie (in this case by us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.
- a) This website uses the following types of cookies, the scope and function of which are explained below:
- Transient cookies (in addition b)
- Persistent Cookies (in addition c)
- b) Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
- c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
- d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website.
(3) The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.
- web analytics
(1) Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. ("Google").
- a) Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
- b) The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
- c) Our website also uses the "demographic features" function of Google Analytics. This enables us to generate reports that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person.
- d) You can prevent the storage of cookies by adjusting your Browser software may prevent this; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
- e) This website uses Google Analytics with the extension "_anonymizeIp()". This enables IP addresses to be further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is immediately deleted.
- f) We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO.
- g) We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
(2) Google reCAPTCHA
We also use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is done by a human being or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The IP address transmitted in the context of "reCAPTCHA" is not merged with other data from Google unless you are logged into your Google account at the time of using the "reCAPTCHA" plug-in. The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting his web offers from improper automated spying and from SPAM. Further information on the processing of your data can be found in the data protection regulations of the provider: https://www.google.com/intl/de/policies/privacy/. For more information on how this service works, please visit https://www.google.com/recaptcha/intro/android.html.
IV. Further functions and offers of our website
- General regulations with regard to the further functions and offers of the website in the case of use not purely for information purpose
(1) In addition to the purely informative use of our website, we offer various services which you can use if you are interested. For this purpose, you will generally have to provide additional personal data which we use to provide the respective service and to which the aforementioned data processing principles apply. The regulations under point III. regarding data processing, your rights, the storage period and transfer to third parties also apply to the additional functions of the website, as far as this provision doesn´t stipulate something different.
(2) In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us and are bound by our instructions and controlled by us. The transmission to these service providers (processors) is based on Art. 28 DSGVO and Art. 6 para. 1 sentence 1 lit. b) DSGVO. The commissioned processors used by us process your data exclusively on our behalf and according to our instructions. Above all, the processors are not permitted to use your personal data for their own purposes.
(3) Insofar as we process your personal data for specific purposes on the basis of your consent, you have the right to revoke your consent at any time in accordance with Art. 7 para. 3 DSGVO. Upon receipt of your revocation, we will stop processing data for the purposes for which you have given us your consent. The legality of the processing before receipt of your revocation remains unaffected.
(4) Insofar as we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfillment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, please explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
- Client portal
(1) If you wish to use our client portal, registration is required. We use the so-called double-opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If your confirmation is not received within 24 hours, your registration will be automatically deleted from our database. The submission of the above-mentioned data is obligatory. You can provide all other information voluntarily by using our portal.
(2) The collected data can be seen from the input mask during registration. This includes mandatory first name, last name, e-mail address of the user as well as a new password. Additional information such as street, postal code, city, telephone, fax and position of the user can be added voluntarily. At the time of registration, the following data is also stored: Date and time of registration, date and time of the last change, date and time of the last login. As part of the registration process, the user's consent to the processing of this data is obtained.
(3) The data entered as part of the registration process will be used exclusively for the purpose of using the services on the client portal. The data will be entered into an input mask, transmitted to us and stored. The data will not be passed on to third parties.
(4) If you use our portal, we store the data required for the fulfilment of the contract until you finally delete your access. Furthermore, we store the data you have voluntarily provided for the time of your use of the portal, unless you delete it first. You can manage and change all data in the protected client area. The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent, otherwise Art. 6 para. 1 p. 1 lit. f. DSGVO. If the use of the client portal serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the legal basis for the processing of data is Art. 6 para. 1 lit. b DSGVO.
(5) The data shall be deleted as soon as they are no longer required for the purpose of their collection. This is the case for the data collected during the registration process if the registration on our website is cancelled or modified. This is the case for the data collected during the registration process for the purpose of fulfilling a contract or implementing pre-contractual measures if the data is no longer necessary for the implementation of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
(6) As a client, you have the possibility to cancel the registration at any time. You can revoke your registration in the client portal at any time. You can revoke your registration by clicking on the link provided in the client area under "Edit profile", by sending an e-mail to firstname.lastname@example.org or by sending a message to the contact data provided in the imprint. You can request changes to the data stored about you at any time. If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible, unless contractual or legal obligations prevent a deletion.
(7) To prevent unauthorized access to your data by third parties, we use SSL or TSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
(2) We use the so-called double-opt-in procedure to subscribe to our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one week. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) Your e-mail address is the only mandatory information for sending the newsletter. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address and the data required to personalize the newsletter (name, first name, salutation) for the purpose of sending the newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
(4) Your consent to the sending of the newsletter can be revoked at any time and you can unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by sending an e-mail to email@example.com or by sending a message to the contact data provided in the imprint.
(5) If you have a client relationship with us, we will automatically send you information e-mails for software or services, i.e. without express prior consent. The legal basis for the sending of information e-mails within the framework of an existing client relationship, in particular the sale of services, is Art. 6 para. 1 lit. f DS-GVO and § 7 para. 3 UWG. You can demand at any time that you no longer receive such information e-mails from us. To do so, please click on the link at the end of the information e-mails, send an e-mail to firstname.lastname@example.org or use the contact details given in the imprint.
(6) The data will be deleted as soon as they are no longer required for the purpose of their collection. The user's e-mail address and, if applicable, the user's data that have been voluntarily provided for the personalization of the newsletter (name, first name, salutation) are thus stored for as long as the subscription to the newsletter is active.
- Contact form and e-mail contact
(1) On our website there is a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:
- Phone number
- e-mail address
- the request
(2) The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 letter f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 letter b DSGVO.
(3) The processing of the personal data from the input mask serves us solely to process the contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
(4) The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
(5) The user has the possibility to revoke his or her consent to the processing of personal data at any time. The revocation can be declared by sending an e-mail to email@example.com or by sending a message to the contact data given in the imprint. In this case, all personal data stored in the course of the contact will be deleted. In such a case the conversation cannot be continued
- Google Maps
(1) On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned under III.1. of this declaration is transmitted. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want the assignment with your profile at Google, you have to log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide need-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
- Links from third parties
We may offer links from third parties. Although we carefully check the links provided, we point out that we have no influence on the design and content of the linked pages and that we do not adopt their content as our own. Bleckmann Zinth Glombitza & Partner mbB Steuerberater Wirtschaftsprüfer Rechtsanwalt assumes no responsibility for the handling of your data on these websites. Please inform yourself in advance about the handling of personal data by these third parties.