Privacy notice
Disclaimer and copyright
The information on this website has been prepared by Hamburger Treuhand Gesellschaft Schomerus & Partner mbB Wirtschaftsprüfungsgesellschaft (hereinafter referred to as "Schomerus & Partner") in order to provide information about the activities of the Schomerus Group and is updated regularly. However, due to the technical characteristics of the Internet, Schomerus & Partner cannot guarantee the completeness and accuracy of the information provided.
The information on these Internet pages does not constitute advice. The use of these pages cannot give rise to a client-lawyer relationship. The information provided here does not represent a sole basis for action for users. For binding advice, please contact us directly.
You can save our information as well as place links to the homepage of Schomerus & Partner. However, in the case of links, we insist that the web pages of Schomerus & Partner are the sole component of the browser window. Furthermore, the information may not be altered or falsified. In case of passing on and duplication we ask for source indication and notification.
The use of contact data published within the framework of the imprint obligation by third parties for the purpose of sending unsolicited advertising and information material is hereby expressly prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam mails.
Our offer contains cross references ("hyperlinks") to external websites of third parties. Schomerus & Partner has no influence on the current and future design and content of the linked pages and does not adopt their content as its own. The linked pages were checked for possible legal violations at the time of linking; no illegal content was discernible at that time. Furthermore, liability for infringing content of an external site can only be considered if the linking party becomes aware of the illegality of the content itself or through third parties. Without such concrete evidence of an infringement, there is therefore no obligation to permanently or proactively monitor the content of the linked pages.
Privacy policy
As the operator of the Internet presence at "www.schomerus.de", we attach great importance to protecting your privacy and personal sphere.
We collect and use personal data of visitors to our website only to the extent necessary to provide the website and our content and services and to make them convenient for visitors.
Personal data is regularly processed only with the visitor's consent. In addition, processing may take place if obtaining consent in advance is not possible for factual reasons and the data processing is permitted by legal regulations - in particular by the European Data Protection Regulation (DS-GVO) and the German Federal Data Protection Act (BDSG).
"Personal data" are, according to Art. 4 No. 1 DS-GVO, all information relating to an identified or identifiable natural person ("data subject"). This includes, for example, the name, address, date of birth, e-mail address and telephone number.
"Processing" means, according to Art. 4 No. 2 DS-GVO, any operation or set of operations which is performed upon personal data, whether or not by automatic means (e.g. collection, storage, use or disclosure).
"Controller" is, according to Art. 4 No. 7 DS-GVO, the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
With this data protection declaration, we first inform you about how you can contact us as the data controller or our data protection officer (section I.).
Furthermore, we explain what data is processed when you visit or use our website, for what purposes and on what legal basis this is done, whether there is an obligation to provide it and how long the data is stored (sections II. to IX.).
In addition, we explain to what extent data is transferred, what security measures are maintained and whether automated decision-making is used (sections X. to XI.).
Finally, we inform you about the rights you have with regard to the processing of your personal data (section XII.).
I. Names and contact details of the data controllers, information on jointly responsible persons, contact details of the data protection officer(s).
1. the persons responsible for data processing when visiting and using this website are:
Hamburger Treuhand Gesellschaft Schomerus & Partner mbBWirtschaftsprüfungsgesellschaft
and
Schomerus & Partner mbBTax consultants Lawyers Auditors
The contact details are respectively:
Deichstraße 120459 HamburgPhone: 040 / 37601-00Fax: 040 / 37601-199E-mail: info@schomerus.de
2. agreement between joint controllers:
This website is provided jointly by the aforementioned companies, which use joint servers and IT services for this purpose and jointly determine the purposes of and means for processing personal data. The companies are therefore deemed to be "joint controllers" within the meaning of Article 4 No. 7 in conjunction with Art. Art. 26 (1) p. 1 DS-GVO.
We have stipulated in an agreement that, in general, "Hamburger Treuhand Gesellschaft Schomerus & Partner mbB Wirtschaftsprüfungsgesellschaft" is responsible for fulfilling our obligations under the GDPR, in particular with regard to the rights of data subjects and information obligations. In more closely defined individual cases, another company may be responsible if it is most closely associated with the process in question.
You can, of course, address any concerns relating to data protection and your rights as a data subject to any of our companies or their respective contact persons and/or our data protection officer(s).
3. you can reach our data protection officer(s) at:
Data Protection Officer:
Ms. Carola Sieling
Technologiewerft GmbH
c/o Kanzlei SielingGurlittstraße 24
20099 Hamburg
E-mail: datenschutz@schomerus.de
II. Data processing when visiting and using our website
1. storage of access data in log files ("log files"), hosting
In principle, you can visit and use our website without providing any personal information. When you visit our website, the Internet browser you use automatically transmits certain access data to our server. This involves the following data:
IP address of the requesting computer
browser software used as well as its version and language
operating system of the requesting computer
date and time of access
Name and URL of the page or file accessed
Internet page from which the access was made
access status/http status code
amount of data transferred in each case
Type and purpose of data processing:
This data is temporarily stored in a separate log file (so-called "log file"). The primary purpose of this is to ensure system security and stability on a permanent basis and to enable technical administration, thus ensuring trouble-free connection setup and operation of our website as well as its convenient use. In addition, this data is evaluated for internal administrative and statistical purposes in order to improve our online offering. A combination of this data with other data or data sources that would allow conclusions about your person is not made.
We make use of hosting services. These serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services to maintain the operation of this online offer.
In this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer.
Legal basis:
The legal basis for this processing is Art. 6 para. 1 sentence 1 letter f) DS-GVO. With this data processing, we pursue the legitimate interest of maintaining the operational security of our Internet pages in order to be able to provide these Internet pages as well as the information contained therein in a trouble-free and convenient manner.
Storage period:
The data will be deleted as soon as they are no longer required to achieve the aforementioned purposes of their collection. In the case of the collection of data for the provision of our website, the data is therefore deleted when the respective session has ended. Otherwise, the data is regularly deleted after two years at the latest. Storage beyond this period is possible; in this case, however, the IP addresses are deleted or alienated so that an assignment to a natural person is no longer possible.
2. use of cookies
Type and purpose of data processing as well as storage period:
When visiting our website, so-called "cookies" are also stored on your terminal device or data carrier. Cookies are text or information files that your Internet browser automatically saves on your terminal device when you call up our website or only saves them after you have given your consent. They contain certain data or settings that are exchanged between your Internet browser and our system. This is mainly information about which sub-pages of our website are called up and how often.
The information generated or passed on by means of cookies is not personal data, unless this is listed in our data protection declaration. You can therefore not be personally identified from this information. Cookies also cannot execute programs or damage your terminal device. Rather, cookies are used to compile statistics about the use of our website and thus to optimize it.
The use of cookies serves on the one hand to make the use of our offer more pleasant or easier for you. Some functions of our website cannot be offered without the use of cookies; for these it is necessary that the browser is recognized after a page change. We only use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our website. By means of these cookies, the following information is stored or transmitted:
The cookie is used to log whether a visit has expired and where a visitor moves on the page. It stores the number of pageviews within the current visit and the start time of the current visit of a visitor.
Legal basis:
We set cookies that are not strictly necessary only with your consent. You can revoke this consent at any time for future use.
Cookies that are absolutely necessary for the use of our website are based on our legitimate interest according to Art. 6 para. 1 p. 1 letter f DS-GVO.
Possibility of objection regarding the storage of cookies:
Consent is voluntary and you can also use our website without accepting cookies that are not necessary; however, we would like to point out that you may then no longer be able to fully use all services or functionalities of our website.You can prevent the use of cookies and thus object to their future use by configuring your browser settings in such a way that the storage of certain or all cookies is blocked or only takes place with your express consent. The individual steps required to make a corresponding adjustment depend on the Internet browser used and its version; you can obtain more detailed information on this via the help function of your browser.
III. Subscription to our newsletter
Nature and purposes of data processing:
In order to inform you about current developments in the specialist areas we serve as well as news and activities of our companies, we offer topic-related circulars that are sent as newsletters by e-mail. These newsletters are sent out by one of our following companies - depending on the subject area:
Hamburger Treuhand Gesellschaft Schomerus & Partner mbB Auditing Company
Schomerus & Partner mbB Tax Consultants Lawyers Auditors
Schomerus & Partner mbB Berlin Tax Consultants Lawyers Certified Public Accountants
Schomerus Service GmbH
Schomerus - Consulting for social commitment GmbH
The newsletter will only be sent if you register for it via our website or a link in an e-mail message. For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after you have entered your e-mail address, we first send you a confirmation e-mail containing a link. By clicking on this link, you confirm that you wish to receive the newsletter from one or more of our aforementioned companies and give your consent for your e-mail address to be transmitted to our aforementioned companies and processed by them for the purpose of sending you the selected circulars as a newsletter to the e-mail address you have provided. Only in the event of such confirmation by you will the newsletter be sent to your e-mail address. The storage serves the sole purpose of being able to send you the newsletter.
The only mandatory data for sending the newsletter is the e-mail address. In the registration form, you can also voluntarily enter your title and name so that we can address you personally in the newsletter messages.
You can revoke your consent to the sending of the newsletter at any time and thus unsubscribe from the newsletter. Each newsletter e-mail contains a link to unsubscribe for this purpose. You can declare the revocation by clicking on this link or by sending us a corresponding message to the contact data under section I. of this privacy policy.
When registering for the newsletter, the user's IP address, date and time of registration are also stored. This serves to prevent misuse of our newsletter dispatch or the e-mail address provided and to log the registration for verification purposes. Furthermore, it is technically necessary for this that the browser software used as well as its version and language are stored.
We point out that we evaluate your user behavior when sending the newsletter by recording whether and when a newsletter message is opened. For this evaluation, the sent e-mails contain so-called tracking pixels, which are single-pixel image files that are stored on one of our websites. For the evaluations, we link the data mentioned in section II.1 and the tracking pixels with your e-mail address and an individual ID.
Legal basis:
The legal basis for the storage of the e-mail address by us and for the transmission to our other companies is Art. 6 para. 1 p. 1 letter a) DS-GVO. The processing will only take place if you have given your consent for the aforementioned purposes.You can revoke your consent at any time (even if you gave your consent before the DS-GVO came into force). The revocation of consent is valid for the future, so that the legality of data processing remains unaffected, which took place based on your consent and before its revocation.
The legal basis for the storage of the IP address, the date and time of registration and the details of the browser software used is Art. 6 para. 1 p. 1 letter f) DS-GVO.The data processing is necessary to protect our legitimate interests in the trouble-free use of the newsletter and, in the event of misuse, also for the assertion, exercise and defense of legal claims. In the event of misuse of a third-party e-mail address, this data processing may also be necessary to protect the legitimate interests of a third party, namely the owner of the e-mail address entered.
The legal basis for the use of the tracking pixel is also Art. 6 para. 1 p. 1 letter f) DS-GVO. Our legitimate interest in this respect is to gain knowledge of whether and when our newsletter messages are read for statistical and administrative purposes.
Storage period:
The data are deleted in each case as soon as they are no longer required for the achievement of the respective purposes. They are therefore stored as long as the subscription to the newsletter is active.
IV. Use of social bookmarks
Type and purposes of data processing:
We use so-called social bookmarks (bookmarks) on our website to refer to and link to our profiles with the following third-party providers:
Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).
Twitter (Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
Google Business (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
These links are made for the purpose of pointing to our corresponding profiles at the third-party providers and our activities there, and to make them directly available in order to make our offer better known and more convenient for site visitors. The social bookmarks are displayed as buttons with the logo of the respective third-party provider and are integrated into our website as links. You will therefore be redirected to our profile or our page at the respective provider when you click on the bookmark in question; in this case, the data mentioned in section II.1 will be transmitted to the respective provider. For information on the handling of your personal data when using the services of the providers, please refer to the data protection notices of the respective provider.
Legal basis:
The legal basis for the integration of these social bookmarks is Art. 6 para. 1 p. 1 letter f) DS-GVO. Our legitimate interest is to make our profiles or activities known to the respective third-party providers and to advertise them. A forwarding of the visitor's data to the respective third-party provider only takes place when the visitor clicks on the respective bookmark.
V. Processing of data when contacting us
Type and purpose of data processing:
You can use the contact form provided on our website to send us inquiries and request information material. Mandatory data for the use of the contact form is your e-mail address, which we need to answer your inquiry and to be able to contact you on our part. You can also voluntarily provide your company, title, first and last name, postal address and/or telephone number to enable us to address you personally or to make it easier for us to answer your inquiry. If further information is necessary to answer your inquiry, we will contact you separately. This also applies with regard to information about other services offered by us and our partner companies.
In the context of using the contact form, the user's consent to the processing of this data is obtained. By giving your consent, you confirm that you wish your inquiry to be answered by one of our companies (cf. Section III.) and give your consent for the data you have provided to be transmitted to them for this purpose.
We will use the data entrusted to us via the contact form or in the context of any other contact exclusively for the purpose of answering your inquiry. We will not pass this data on to third parties, either for a fee or free of charge. Unless you have consented to further storage and use of your personal data, it will only be stored for as long as is necessary to fulfill the purpose of the transmission or as required by legal regulations (in particular tax and commercial law retention periods).
At the time of sending a request, the IP address of the user and the date and time of use of the contact form are also stored. This serves to prevent misuse of our services or the data provided and to log the contact for verification purposes.
Legal basis:
The legal basis for this processing is Art. 6 para. 1 p. 1 letter a) DS-GVO. Processing only takes place if you have given your consent in this regard for the aforementioned purposes with your request.
You can revoke a given consent at any time (even if you have already given the consent before the validity of the DS-GVO). The revocation of consent applies for the future, so that the lawfulness of data processing that took place on the basis of your consent and before its revocation remains unaffected.
The legal basis for this processing is also Art. 6 para. 1 p. 1 letter f) DS-GVO. Our legitimate interest is to enable our users to contact us conveniently and to process the data required to respond to such a request.The legal basis for the storage of the IP address and the date and time of use of the contact form is Art. 6 para. 1 p. 1 letter f) DS-GVO. The data processing is necessary to protect our legitimate interests in a trouble-free use of our services and, in case of misuse, if necessary also for the assertion, exercise and defense of legal claims. In the case of misuse of third-party data, this data processing may furthermore also be necessary to protect the legitimate interests of a third party, namely the owner of the data entered.
Storage period:
Storage of this data takes place for as long as is necessary for the completion of the relevant request. In addition, longer storage may be necessary due to legal obligations, in particular due to retention obligations under commercial or tax law from the German Commercial Code (HGB) and the German Fiscal Code (AO), which provide for storage of up to ten years. Otherwise, data is only stored for longer periods if this is necessary for the fulfillment of a contract.
The additional data stored during the use of the contact form will be deleted after a period of two years at the latest.
VI. Processing of data when registering for an event
Nature and purposes of data processing:
You can use the registration form provided on our website to register for one of the events we offer. Mandatory data in this respect are your first and last name, your postal address and your e-mail address, which we require in order to process your registration and to be able to contact you on our part, e.g. in the event of changes to the event in question. You can also voluntarily provide your company, title and/or telephone number to enable us to address you more personally or to make it easier for you to contact us. If further information is required to complete your registration, we will contact you separately.
We will use the data entrusted to us via the registration form exclusively for the purpose of carrying out your registration and the event. We will not pass this data on to third parties, either for a fee or free of charge. Unless you have consented to further storage and use of your personal data, it will only be stored for as long as is necessary to fulfill the purpose pursued by the transmission or as required by legal regulations (in particular tax and commercial law retention periods).At the time of sending a registration, the IP address of the user and the date and time of use of the registration form are also stored. This serves to prevent misuse of our services or the data provided and to log the registration for verification purposes.
Legal basis:
The legal basis for this processing is Art. 6 para. 1 p. 1 letter b) DS-GVO. The processing is carried out for the purpose of the contractual implementation of the registration.
Storage period:
Storage of this data takes place for as long as is necessary for the completion of the relevant request. In addition, longer storage may be necessary due to legal obligations, in particular due to retention obligations under commercial or tax law from the German Commercial Code (HGB) and the German Fiscal Code (AO), which provide for storage of up to ten years. Otherwise, data is only stored for longer periods if this is necessary for the fulfillment of a contract.
Any additional data stored during the use of the registration form will be deleted after a period of two years at the latest.
VII. Processing of data during an application
We offer you the opportunity to apply for various positions on our website. As part of the application process, your master data (e.g. first name, last name) and your contact data (e.g. telephone number, e-mail address and postal address) are processed in particular. In addition, however, data processing also takes place with regard to additional information provided by applicants (e.g. certificates and interviews).
For more details on data processing for applicants, please refer to our Privacy Policy for Applicants.
Legal basis:
This data processing is justified pursuant to Art. 6 (1) (b) DSGVO on the basis of the initiation of a contractual relationship,
Storage period:
For more details on the storage period of your application data, please refer to our Privacy Policy for Applicants (see below).
VIII. Obligation or duty to provide data, necessity of provision for the conclusion of a contract, possible consequences of non-provision.
If you would like to subscribe to our newsletters (section III.), you must provide us with your e-mail address; without this information, we cannot send you a newsletter.
If you wish to use the contact form provided (see section V.) or the registration form for events (see section VI.), you must provide us with the personal data specified there as required information, which is necessary for processing the request itself. Without the provision of the data required for this purpose, we will not be able to process your contact request or your registration for an event.
If you wish to send us an application via our career portal (section VII.), we also require the mandatory data specified there as necessary in order to be able to register you. Otherwise, it will not be possible to use the tool.
IX. Storage period of personal data
If we have not provided storage information for the specific points, the following applies: We store personal data for the duration of the respective statutory retention period or as long as the purpose of the collection exists. After expiry of the retention period, the data is routinely deleted, unless it is necessary for the initiation or performance of a contract. If user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted as far as possible. Accordingly, the data will be blocked if possible and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.
X. Data security
We make every effort to ensure the security of your data. In order to prevent the loss, misuse and alteration of personal data, we have set up appropriate physical, electronic and administrative procedures and adapt them to the current state of the art.
We use SSL encryption for our websites when transmitting confidential or personal content of our users. Please make sure that SSL encryption is enabled on your side for activities where you enter data via our site.
The use of encryption is easy to recognize: The display in your browser bar will change from "http://" to "https://". Data encrypted via SSL cannot be read by third parties. Only transmit your confidential information when SSL encryption is activated and contact us in case of doubt.
In addition, we offer encrypted e-mail communication with us. You can find the respective keys under "Encrypted e-mails/Public key".
XI. No use of automated decision making including profiling
We do not use so-called profiling or other decision-making processes that are based exclusively on automated data processing and that have legal effect vis-à-vis you or significantly affect you in a similar way.
XII. Your rights as a data subject
You have the following rights regarding the processing of your personal data:
- Right of access (Art. 15 DS-GVO).
You have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
- Right to rectification (Art. 16 DS-GVO).
You have the right to request without delay the correction of data relating to you that we have stored incorrectly or to request its completion, insofar as we have stored it incompletely.
- Right to deletion (Art. 17 DS-GVO).
You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
- Right to restriction of processing (Art. 18 DS-GVO).
You have the right to request the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, insofar as the processing is unlawful but you object to the erasure of the data, insofar as we no longer require the data but you need them for the assertion, exercise or defense of legal claims, or insofar as you have objected to the processing pursuant to Art. 21 DS-GVO.
- Right to data portability (Art. 20 DS-GVO).
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
- Right to revoke consent given at any time.
(Art. 7 para. 3 in conjunction with Art. 6 para. 1 p. 1 letter a) or Art. 9 para. 2 letter a) DS-GVO)You have the right to revoke any consent you have given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future, unless it can be based on another legal basis.
- Right of complaint to a supervisory authority (Art. 77 DS-GVO in conjunction with Section 19 BDSG 2018).
You have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the DS-GVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.
In addition, you have a
right to object (Art. 21 DS-GVO): If we process data relating to you on the basis of legitimate interests, you may object to this on grounds relating to your particular situation. In addition, you can object to data processing if we carry it out for direct marketing purposes.
To exercise your rights, it is best to use the contact details of our data protection officer(s) given in section I.3. However, you can also contact us using any of the other contact details provided in section I.
Information on data processing in the client relationship
The protection of personal data is important to us. We therefore comply with the data protection regulations, which arise in particular from the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Below, we provide you with detailed information about how we process personal data and your rights in this regard. The specific data processed depends on the respective order.
1. Names and contact details of the controllers, information on joint controllers, contact details of the data protection officer
The joint controllers for data processing are:
Hamburger Treuhand Gesellschaft Schomerus & Partner mbB
Wirtschaftsprüfungsgesellschaft
(Amtsgericht Hamburg PR 7)
Schomerus & Partner mbB
Steuerberater Rechtsanwälte Wirtschaftsprüfer
(Amtsgericht Hamburg PR 361)
Schomerus Compliance GmbH
Steuerberatungsgesellschaft
(Amtsgericht Hamburg HRB 27694)
Schomerus Service GmbH
(Amtsgericht Hamburg HRB 6193)
Contact details for each company:
Deichstraße 1 · 20459 Hamburg
Phone: ±49 (0)40 37 601-00 Fax: ±49 (0)40 36 601-199
Email: info@schomerus.de
Schomerus & Partner mbB
Steuerberater Rechtsanwälte Wirtschaftsprüfer
(Amtsgericht Charlottenburg PR 691 B)
Contact
Bülowstraße 66 · 10783 Berlin
Phone: ±49 (0)30 23 60 88 60 · Fax: ±49 (0)30 23 60 88 66 199
Email: npo@schomerus.de
Information on joint controllers:
Data processing within the scope of client relationships is carried out in whole or in part by the aforementioned companies, which use shared servers and IT services for this purpose and jointly determine the purposes of the processing of personal data and the means used to do so. The companies are therefore considered "joint controllers" within the meaning of Art. 4 No. 7 in conjunction with Art. 26 (1) sentence 1 GDPR.
We have stipulated in an agreement that, in general, "Hamburger Treuhand Gesellschaft Schomerus & Partner mbB Wirtschaftsprüfungsgesellschaft" is responsible for fulfilling our obligations under the GDPR, in particular with regard to the rights of data subjects and information obligations. In specific cases, another company may be responsible if it is most closely connected to the relevant process (e.g. as a party to a specific contract).
You can, of course, address any concerns relating to data protection and your rights as a data subject to any of our companies or your respective contact persons and/or our data protection officer(s).
You can contact our data protection officer(s) at:
Ms Carola Sieling
Technologiewerft GmbH
c/o Kanzlei Sieling
Gurlittstraße 24
20099 Hamburg
Email: datenschutz@schomerus.de
2. Processing of personal data and its purposes as well as legal bases for data processing, in particular legitimate interests
We process personal data primarily on the basis of an order (mandate) and for the purpose of fulfilling the corresponding contract. In addition, data processing may also take place on the basis of your consent and/or to protect our legitimate interests.
a) To fulfil a contract or to carry out pre-contractual measures
Personal data is processed for the purpose of fulfilling contracts resulting from orders (mandates) placed with one of the following companies:
Schomerus & Partner mbB
Steuerberater Rechtsanwälte Wirtschaftsprüfer
(Amtsgericht Hamburg PR 361)
Hamburger Treuhand Gesellschaft Schomerus & Partner mbB
Wirtschaftsprüfungsgesellschaft
(Amtsgericht Hamburg PR 7)
Schomerus & Partner mbB
Steuerberater Rechtsanwälte Wirtschaftsprüfer
(Amtsgericht Charlottenburg PR 691 B)
Schomerus Compliance GmbH
Steuerberatungsgesellschaft
(Amtsgericht Hamburg HRB 27694)
Schomerus Service GmbH
(Amtsgericht Hamburg HRB 6193
Data processing may also be carried out for the purpose of implementing pre-contractual measures necessary for the initiation or conclusion of such an order or mandate relationship.
The subject matter of the orders is, in particular, auditing, tax and legal advice, business management and litigation. The scope of the services to be provided by us and the data processing required in this respect shall always be determined by the (individual) order placed. Further details on the purposes of the data processing required in each case can therefore be found in the relevant contract documents and terms and conditions.
When you engage us, we typically collect the following information:
Title, first name and surname, address, a valid email address, telephone number (landline and/or mobile) and information necessary for the fulfilment of the mandate.
This data is collected in order to identify you as our client, to advise and represent you appropriately, to correspond with you, to issue invoices and to process any liability claims that may arise, as well as to assert any claims against you.
Legal basis: Art. 6 (1) sentence 1 letter b) GDPR
b) Based on your consent
If you have given us your consent to process your personal data for one or more purposes, this consent constitutes the legal basis for the corresponding processing. This also applies to the processing of so-called special categories of personal data.
Since each consent relates to one or more individual processing purposes, these cannot be described in a generally binding manner. These purposes are therefore explained in connection with the granting of the respective consent.
You can revoke your consent at any time (even if you gave your consent before the GDPR came into effect). The revocation of consent is valid for the future, so that the lawfulness of data processing based on your consent and prior to its revocation remains unaffected.
Legal basis: Art. 6 (1) sentence 1 letter a) GDPR Art. 9 (2) letter a) GDPR (for processing special categories of personal data)
We use the product "Microsoft 365 business" from Microsoft, https://privacy.microsoft.com/de-de/privacystatement, to process all matters. By commissioning us following this information, you expressly consent to this data processing.
In accordance with Art. 7 (3) GDPR, you have the right to revoke your consent at any time. As a result, we will no longer be able to provide services to you.
c) To protect our legitimate interests
In addition, we process personal data to the extent that there are legitimate interests, e.g. in the following cases:
Direct marketing
If a client relationship exists, we may use the contact details of clients for direct marketing purposes, e.g. for our own events or similar services, via the email addresses provided when the contract was concluded (Section 7 (3) of the German Unfair Competition Act (UWG)).
The recipient may object to this at any time, for example by sending a message to datenschutz@schomerus.de.
This serves the legitimate interest of advertising further offers of our own within the framework of existing customer or client relationships. However, if you object to data processing for the purpose of direct marketing, this will no longer take place.
Assertion, exercise or defence of legal claims
Personal data may be processed to the extent necessary to assert, exercise or defend legal claims. This may also be the case if processing is necessary to prevent fraud. Insofar as such a necessity exists, there is a legitimate interest in the corresponding data processing, as otherwise the exercise of the relevant rights would be prevented.
Ensuring IT security and domestic law
Personal data may be processed to the extent necessary to ensure or maintain IT security and domestic law. Both IT security and domestic law serve the purpose of enabling smooth business operations and ensuring the protection of existing data and client confidentiality. In this respect, we have a legitimate interest and a corresponding obligation.
Legal basis: Art. 6 (1) sentence 1 letter f) GDPR
3. Recipients of data or categories of recipients
Within our companies, those employees who need your personal data to fulfil the orders placed with us or related pre-contractual measures, to fulfil our legal obligations, to fulfil our legitimate interests and/or to fulfil the purposes covered by your consent will have access to your personal data. This also includes access by employees of the IT department for the purpose of ensuring the functionality of the systems and thus the fulfilment of the orders placed with us as well as IT security. Furthermore, access may also be granted to Schomerus Service GmbH for direct marketing purposes, e.g. for its own events or newsletters.
In addition, service providers (e.g. DATEV) or vicarious agents employed by us will have access to personal data to the extent necessary to fulfil the tasks assigned to them and to the extent that they have undertaken to maintain secrecy and confidentiality and to observe professional/client secrecy. These are, in particular, service providers or vicarious agents in the categories of IT, software and network services, telecommunications, file archiving, paper and file destruction, and logistics.
As professional secrecy holders, we are bound to secrecy with regard to all information relating to our clients. Data will therefore only be passed on to other recipients if we are legally obliged to do so or if you have given your consent.
4. Transfer of data to third countries or international organisations
Data will not be transferred to third countries (i.e. countries that do not belong to the EU or the EEA) or to international organisations for purposes other than those listed here.
Such data transmission may take place in exceptional cases,
if you have expressly consented to this transfer,
if this is necessary for the fulfilment of a contract between us and you or for the conclusion or fulfilment of a contract to be concluded between us and a third party in your interest (e.g. in the case of mandates with international aspects),
if there is a legal obligation to do so (e.g. tax reporting obligations), or
if this is necessary for the assertion, exercise or defence of legal claims.
5. Storage period or criteria for determining the storage period
Personal data will initially be stored for as long as necessary to fulfil the relevant order. In addition, longer storage may be necessary due to legal obligations, in particular due to statutory retention obligations for tax advisors, auditors (ten years after completion of the order) and for lawyers (six years after the end of the calendar year in which the mandate was terminated) as well as commercial or tax retention obligations under the German Commercial Code (HGB) and the German Tax Code (AO), which provide for storage of up to ten years.
Furthermore, data may be stored for longer periods in the case of mandates that are issued as standing orders; in this respect, data that may be required for several individual orders will be stored for the duration of the entire contractual relationship.
In addition, data may be stored for a longer period if this is necessary to assert, exercise or defend legal claims, e.g. to secure evidence. In such cases, the duration of storage depends on the statutory limitation period for the claim in question. This is generally three years from the end of the year in which the claim arose and the creditor became aware of the circumstances giving rise to the claim and the identity of the debtor, or should have become aware of them without gross negligence.
If storage is no longer necessary for any of the aforementioned reasons, the data will be deleted.
6. Your rights as a data subject
You have the following rights regarding the processing of your personal data:
Right to information (Art. 15 GDPR)
You have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details.
Right to rectification (Art. 16 GDPR)
You have the right to request the immediate rectification of personal data concerning you that is incorrect or incomplete stored by us.
Right to erasure (Art. 17 GDPR)
You have the right to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right of freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you oppose the erasure of the data, if we no longer need the data but you require it for the assertion, exercise or defend legal claims, or if you have objected to the processing in accordance with
Art. 21 GDPR.
Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller.
Right to withdraw consent at any time (Art. 7 (3) in conjunction with
Art. 6 (1) sentence 1 letter a) or Art. 9 (2) letter a) GDPR)You have the right to withdraw your consent to us at any time. As a result, we will no longer be permitted to continue processing the data based on this consent in the future, unless there is another legal basis for doing so.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG 2018)
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our law firm's registered office.
You also have a
Right to object (Art. 21 GDPR)
If we process data relating to you on the basis of legitimate interests, you may object to this on grounds relating to your particular situation.
You can also object to data processing if we do this for direct marketing purposes.
To exercise your rights, please use the contact details of our data protection officer (see No. 1 above). However, you can also contact us using all other contact details provided in No. 1.
7. Obligation to provide data, necessity of provision for conclusion of a contract, possible consequences of non-provision
If you place an order with us, you must provide us with the personal data required to fulfil the order itself on the basis of the corresponding contractual obligations to cooperate. The specific data that must be provided in this respect depends on the content of the respective order.
In addition, it is already necessary for the conclusion of the contract that you provide us with the data described in No. 2. a) and 2. b), which is necessary for the establishment and execution of the client relationship.
Without the provision of the relevant data, we cannot conclude a contract with you or fulfil our contractual obligations.
Privacy notice for applicants
Processing of applicant data
We process the personal data you provide and submit to us as part of your application, which typically includes:
First name, last name, title.
Your contact details: Contact information such as address, telephone number, fax number, e-mail address, professional position if applicable,
Your application data, consisting of your cover letter, curriculum vitae and the usual supporting documents and certificates.
In order for us to be able to include you in application procedures for a specific position, you are required to submit customary and meaningful application documents informing us about your personality and qualifications.
We accept your applications via our career portal, by e-mail as well as by post.If you would like your application documents to reach us in encrypted form in the case of an e-mail application, you can use our encryption certificates (PGP and S/MIME). You will find the respective links on this website under "Encrypted e-mails/Public Key".
Application for an advertised position
We will only use your application documents to decide whether to fill the position for which you have expressly applied. In the course of the application process, further personal data may be collected from you personally for this information purpose. The legal basis for data processing is Art. 6 para. 1 p. 1 b) and 88 para. 1 DS-GVO in conjunction with. Section 26 (1) German Federal Data Protection Act (BDSG).
Unsolicited application
However, if you submit an unsolicited application that does not relate to an advertised position, we may consult your application documents in the context of staffing decisions on all positions under consideration. We will make the applicant data available for consultation in automated searches for selected decision-makers at our companies so that they can obtain information about your personality profile and qualifications. The legal basis for data processing in this case is also Art. 6 para. 1 p. 1 b) in conjunction with. § Section 26 (1) and (2) BDSG.
Filling other vacancies
If you would like to be contacted directly by us in the future when a suitable vacancy arises, you can decide during the application process whether we may store your personal data for a longer period.
The legal basis for processing this data results from Art. 6 para. 1 p. 1 lit. a, Art. 88 DSGVO in conjunction with Section 26 para. 2 BDSG-neu (new version).
You can revoke your consent at any time by sending us an e-mail to datenschutz@schomerus.de.
Special categories of personal data in your application documents
Your application documents may contain particularly sensitive categories of personal data. According to Art. 9 of the GDPR, these are special categories of personal data, information on ethnic origin, political opinion, religious (information on denomination/religious affiliation) or ideological beliefs or trade union membership, as well as information on genetic or biometric data that make it possible to clearly identify you (e.g. photos), health data (e.g. degree of severe disability) or data on sexual life or sexual orientation. These data are not required for the establishment of the employment relationship. We therefore expressly ask you not to send us such data and not to include it in your documents.
If, contrary to the express request to clear your application of these data categories, you have provided special categories of personal data within the meaning of Art. 9 DS-GVO, corresponding data processing will only take place because you have provided this data voluntarily and have consented to it in our application portal.
By voluntarily providing this data and by accepting this privacy policy, you expressly agree to the storage of this special personal data within the application process and consent to the storage.In the case of the processing of special categories of personal data, this is based on consent (Art. 9 para. 2 letter a), 88 para. 1 DSGVO in conjunction with. § 26 para. 3 p. 2 BDSG.
As a rule, we do not take this sensitive personal data into account when making a selection decision, unless we are legally obliged to do so, e.g. people with disabilities are given preferential treatment in some jobs under certain legal conditions.
You can revoke your consent at any time by sending us an e-mail to datenschutz@schomerus.de.
Storage period
If the application process does not lead to your employment, we will regularly delete or destroy your applicant data as soon as a period of six months has elapsed following the conclusion of the application process for the position in question, but not before all application processes to which your application documents have been added up to that point have been concluded and a period of six months has since elapsed. The same applies if legal regulations permit further storage, if further storage is necessary for the purpose of providing evidence, or if you have consented to longer storage.
Recipients
Only persons who make the hiring decision or whose information is necessary to fulfill any legal obligations have access to the data you provide as part of the application process. These are the responsible partners or the HR department.
Obligation to provide your data
The provision of your personal data may be required by law or contract or may be necessary for the establishment or subsequent proper performance of your employment contract. Therefore, you are obliged to provide us with this personal data. If you do not provide it, we will not be able to fulfill our obligations under employment law or consider your application.
For more information on data processing and your rights in this regard, please refer to the general data protection declaration (see above) on our Schomerus website.