Privacy Statement

The protection of your personal data is important to us, including with respect to your visit to our website. Your data will be protected in accordance with the legal regulations.

Above and beyond the non-disclosure obligation resulting from contract and client relationships, dhpg attaches great importance to data privacy. This is done in order to not only meet legal obligations relating to confidence and trust, discretion and quality assurance, but also to set a good example for clients, interested parties and employees. It is with this in mind that dhpg has committed itself to protection of data privacy and to achieving optimal results with the assistance of a company data protection officer.

Below you will find information on which data will be collected during your visit to our website and how it will be used, as well as legal information requirements applying to data processing in the client relationship:

I. General

1. Name and contact details of the controller in charge of the processing as well as the company data protection officer

This data protection information applies to data processing by the following controllers:

dhpg Wirtschaftsprüfer Rechtsanwälte Steuerberater GmbH & Co. KG
Wirtschaftsprüfungsgesellschaft
Berufsausübungsgesellschaft

dhpg Verwaltungs GmbH
Wirtschaftsprüfungsgesellschaft
Berufsausübungsgesellschaft

dhpg Audit GmbH
Wirtschaftsprüfungsgesellschaft
Steuerberatungsgesellschaft

dhpg IT-Services GmbH
Wirtschaftsprüfungsgesellschaft

dhpg Tax & Management Services GmbH
Steuerberatungsgesellschaft

Marie-Kahle-Allee 2
53113 Bonn
T +49 228 81000 0
F +49 228 81000 20
E bonn@dhpg.de

dhpg Berlin GmbH
Wirtschaftsprüfungsgesellschaft
Steuerberatungsgesellschaft

Jean-Monnet-Straße 2
10557 Berlin
T +49 30 203015 0
F +49 30 203015 20
E berlin@dhpg.de

dhpg Stössel, Schmitz & Blattner GmbH
Steuerberatungsgesellschaft

Lurgiallee 16
60439 Frankfurt
T +49 69 57005 0
F +49 69 57005 190
E frankfurt@dhpg.de

dhpg Steutax GmbH
Steuerberatungsgesellschaft

Kreuzberger Ring 7a
65205 Wiesbaden
T +49 611 99930 0
F +49 611 99930 30
E wiesbaden@dhpg.de

dhpg GmbH
Wirtschaftsprüfungsgesellschaft
Berufsausübungsgesellschaft

Eichendorffstraße 46
47800 Krefeld
T +49 2151 509 0 
F +49 2151 509 200
krefeld@dhpg.de

dhpg GmbH
Wirtschaftsprüfungsgesellschaft

Nonnenbrücke 12
96047 Bamberg
T +49 951 98098 0 
F +49 951 98098 22
 bamberg@dhpg.de

The company data protection officer for the aforementioned companies (hereinafter referred to as: dhpg) can be contacted at the adress dhpg IT Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, c/o René Manz, or at datenschutz@dhpg.de and +49 2261 8195 0.

2. Rights of data subjects

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 of the GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data if such have not been collected by us, and the existence of automated decision-making, including profiling and, if applicable, useful details regarding such data;
  • to demand the correction of incorrect or incomplete personal data stored by us without undue delay in accordance with Art. 16 of the GDPR;
  • to demand deletion of your personal data stored with us, unless the processing of such is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims in accordance with Art. 17 of the GDPR;
  • to demand restriction of the processing of your personal data in accordance with Art. 18 of the GDPR if you dispute the accuracy of the data, if the processing is unlawful but you reject its being deleted and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing pursuant to Art. 21 of the GDPR;
  • to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party in accordance with Art. 20 of the GDPR;
  • to revoke consent you have previously granted us at any time in accordance with Art. 7 (3) of the GDPR. If you do so, we may no longer continue to process the data which have been based on this consent in the future and
  • complain to a supervisory authority in accordance with Art. 77 of the GDPR. As a rule, you can contact the supervisory authority in charge of your usual place of residence or workplace or to our office.

3. Right to object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 (1) (1) (f) of the GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 of the GDPR if there are reasons for doing so emanating from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we shall abide by without your having to state any particular reason. If you wish to exercise your right of revocation or objection, simply send an e-mail to info@dhpg.de.

4. Disclosure of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

  • you have provided your express consent to such in accordance with Art. 6 (1) (1) (a) of the GDPR,
  • disclosure in accordance with Art. 6 (1) (1) (f) of the GDPR for the purpose of assertion, exercise or
  • defence of legal claims is necessary and there is no reason to assume that you have an overriding interest worthy of protection by not disclosing your data,
  • in the event that there is a legal obligation to pass on the data pursuant to Art. 6 (1) (1) (c) of the GDPR, and
  • this is legally permissible and required under Art. 6 (1) (1) (b) of the GDPR for the processing of contractual relationships with you.

In addition, our contract processors receive your personal data for processing in accordance with your instructions, insofar as this is necessary to perform the contract. Our contract processors do not have a right of their own to use your data.

5. Data security

We perform up-to-date technical measures to ensure data security, in particular to protect your personal data from dangers during data transmission and from third parties gaining knowledge of such. These measures are adapted to the current state of the art.

6. Third countries

Data will be transmitted by us to third countries solely in accordance with legal regulations.

The admissibility of data transmission to third countries is governed by Art. 44 et seq. of the GDPR. If we transmit your data to a third country, you will be informed of this in the special data protection information relating to the respective processing procedure. The respective legal arrangements applying will also be stated.

II. Specific data protection information for processes involving data processing on the website

1. When visiting the website

When you call up our website, the browser used on your terminal device automatically sends information to our website's server. This information is temporarily stored in a so-called log file. The following information is recorded without your performing any action and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which the access takes place (referrer URL),
  • The browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the data mentioned above for the following purposes:

  • To ensure a smooth connection set-up for the website,
  • To guarantee comfortable use of our website,
  • Evaluation of system security and stability and
  • For other administrative purposes.

The legal basis for the data processing is provided in Art. 6 (1) (1) (f) of the GDPR. Our legitimate interest lies in the operation of our website and the associated presentation of our company.

Your data will be deleted as soon as it is no longer required for the purposes stated, but at the latest after 6 months.

2. When using our contact form

If you have any questions of any kind, we offer you the opportunity to contact us using a form provided on the website. This requires you to provide a valid e-mail address and your name so that we know who the enquiry comes from and can answer it. All other information can be provided on a voluntary basis. We use the postal code and your company headquarters / place of residence so that we can assign your enquiry to an employee at a location near you. If you furnish us with your telephone number, we will call you back to answer your question if need be.

When you fill out the contact form, we only process the personal data you provide for the purpose of answering your enquiry and/or for the initiation, justification, amendment and design of possible contractual relationships unless

  • we have explicitly pointed out further-going purposes to you and you have consented to such use,
  • the processing is carried out for a purpose that is directly related to the original purpose for which the personal data were collected
  • the processing is carried out in response to a legal obligation or government or judicial order, or
  • for the justification or protection of legal claims or to defend against illegal activities.

We will not sell or market your personal data to third parties or disclose your data for any other reasons.

By sending us your message, you consent to our processing the data you provide for the purpose of processing your enquiry and/or for the initiation, justification, amendment and design of the content and substance of any contractual relationships. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) (1) (a) of the GDPR on the basis of your consent provided voluntarily or for the initiation or fulfilment of contractual relationships in accordance with Art. 6 (1) (1) (b) of the GDPR. The personal data collected by us for the use of the contact form will be automatically deleted after completion of the enquiry you have submitted and will only be stored for the duration of statutory periods of retention.

3. When registering for our newsletter

For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data. If you do not confirm your registration within one month, your information will be blocked and automatically deleted after one month.

After your confirmation, we store your e-mail address as well as your name and salutation for the purpose of sending you the newsletter.

We also use the Microsoft Dynamics 365 Marketing service provided by Microsoft (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). We use this tool for efficient management of prospects and the sending of newsletters. We do not evaluate the opening or click behavior in the process. When you register for the newsletter, the tool sets cookies with your consent, which in particular transmit the following information to us: 

  • Client ID
  • Geographical location
  • Type of browser
  • Duration of visit
  • Pages viewed

For more information on privacy, please see Microsoft's privacy policy at privacy.microsoft.com/de-de/privacystatement. For more information on the use of cookies in connection with the system, please visit docs.microsoft.com/de-de/dynamics365/customer-engagement/marketing/cookies.

The legal basis for the processing is Art. 6 (1) (1) (a) GDPR.

You can revoke your consent to the sending of the newsletter at any time by unsubscribing. Unsubscribing is possible at any time, for example via a link at the end of each newsletter. Alternatively, you are also welcome to send your unsubscribe request at any time by e-mail to info@dhpg.de.

4. When using the applicant portal

It is particularly important to dhpg to ensure the greatest possible protection of your personal data. All personal data collected and processed by dhpg in the context of an application are protected against unauthorised access and manipulation by means of technical and organisational measures. Your data will only be collected for the purpose of filling positions in the dhpg group. You hereby declare your express consent to your applicant data being passed on to the following companies within the dhpg group:

  • dhpg Wirtschaftsprüfer Rechtsanwälte Steuerberater GmbH & Co. KG
  • dhpg Verwaltungs GmbH
  • dhpg Audit GmbH
  • dhpg Stössel, Schmitz & Blattner GmbH
  • dhpg IT-Services GmbH
  • dhpg Berlin GmbH
  • dhpg Steutax GmbH
  • dhpg GmbH Wirtschaftsprüfungsgesellschaft  Berufsausübungsgesellschaft
  • dhpg GmbH Wirtschaftsprüfungsgesellschaft
  • dhpg Tax & Management Services GmbH.

We require your personal data in the application documents in order to be able to consider you as an applicant in the application process and to review whether you are eligible to work for our company. If you provide information that goes above and beyond this required information, you voluntarily provide us with this information and agree to its processing.

The legal basis for the processing is thus provided by Art. 6 (1) (1) (a) and (b) of the GDPR. It is possible to revoke this consent at any time. You can send your revocation at any time by e-mail to info@dhpg.de.

After completion of the application procedure, we will store your documents for another 6 months as proof.

If a contract is possibly to be concluded, it is necessary for you to provide us with your personal data in the application documents. Otherwise we will not be able to consider your application.

5. When ordering our "exclusive downloads”

You have the possibility to download "exclusive downloads" from our website as a thank you for your newsletter registration. To do so, you need to enter your e-mail address and name in the order form. After submitting your data, you will receive an e-mail sent to the specified e-mail address, in which you must confirm your order by clicking on a link. After this confirmation, we will send you the "Exclusive Download" by e-mail as soon as possible. We process your data in accordance with Art. 6 (1) (1) (b) of the GDPR to fulfil the contract for ordering the "Exclusive Download" and to send you our newsletter on a regular basis in accordance with the contract. It is possible to unsubscribe from our newsletter at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscription request at any time by e-mail to info@dhpg.de. We will store your data until you unsubscribe from our newsletter.

You can find further information under the point "3. When registering for our newsletter" in this data protection declaration.

6. Cookies, analysis tools, plugins and other third party elements

We use cookies, analysis tools, plugins and other third party elements on our website. Cookies are small files that are automatically created by your browser and stored on your terminal device (laptop, tablet, smartphone or similar). Cookies do not cause any damage on your terminal device, and do not contain any viruses, trojans or other malware. Information is stored in the cookie that is related to the specific terminal device used. This does not mean, however, that we obtain direct knowledge of your identity. Analysis tools evaluate the user behaviour of website visitors and enable the operator of a website to optimise it and fine-tune marketing measures. Plugins and other elements of third parties are used to integrate content from these providers into the website.

a) Required cookies
The use of our required cookies serves to provide the services of the website and to make the use of our offer more pleasant for you. 

We process your personal data collected with these cookies based on our legitimate interest in presenting our company and the services offered via the website you have accessed and to promote user-friendliness. The legal basis for the processing is Art. 6 (1) (1) (f) GDPR.

Most browsers accept these cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before such a cookie is created. However, complete deactivation may result in the website not being displayed correctly or you not being able to use all the functions of our website.

The respective function descriptions, any recipients of the data, information on possible transfers to a third country and the storage period can be found in the following notes on the individual cookies required and the associated processing procedures. 

Consent management settings with Cookiebot
We use the consent management service Cookiebot, provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This enables us to obtain and manage consent from website users for data processing. The processing is necessary to comply with a legal obligation (Art. 6 (1) (1) © GDPR). For this purpose, the following data are processed with the help of cookies:

  • Your IP address (the last three digits are set to '0').
  • Date and time of consent. Browser information URL from which the consent was sent.
  • An anonymous, random and encrypted key Your end-user consent status, as proof of consent.

The key and consent status are stored in the browser for 12 months using the cookie "CookieConsent". This preserves your cookie preference for subsequent page requests. With the help of the key, your consent can be proven and tracked.

We have concluded an order processing agreement with Cybot. Cybot therefore only receives your data for processing according to our instructions and may not process your data for its own purposes.

You can find further information on objection and removal options vis-à-vis Cybot at: www.cookiebot.com/de/privacy-policy/ Your personal data will be deleted continuously after 12 months or immediately after the termination of the contract between us and Cybot. You can also delete the cookie at any time via your browser settings.

b) Consenting cookies, plugins and other third party elements

The cookies, plug-ins and other third-party elements listed in the following and used by us are only used with your express consent and hence on the basis of Art. 6 (1) (1) (a) of the GDPR. You can revoke consent you have issued at any time with effect for the future. To do this, you can change your settings via the "Cookie settings" button at the bottom of our website or under point "9. Cookie details" in this privacy policy. Failure to grant or revoke consent may result in the website not being displayed correctly or your being unable to use all the functions of the website.

By using cookies, plug-ins or other third-party elements, we want to ensure that our website is designed to meet the needs of our customers and is continuously optimised.

The respective descriptions of functions, possible recipients of the data, details regarding possible transfers to a third country and the storage period are provided in the following notes on processes involving individual processing with cookies, plug-ins or other third-party elements. For additional details relating to cookies, see "Cookie details" in this Data Protection Policy.

(1) Matomo

We use the open source software Matomo to analyse and statistically evaluate the use of our website. Cookies are used for this purpose. Information generated by the cookie about the use of our website is transferred to our servers and summarised in pseudonymous user profiles.

The following information is collected:

  • Clicks, mouse movements, hovering, scrolling
  • Browser
  • Device (desktop/tablet/mobile device)
  • Language
  • Operating system
  • Screen resolution
  • Duration of visit
  • Navigation (URLs)
  • Page content (HTML)
  • ISP & location (city, state/region, country)
  • Referrer URL
  • Type of visitor (first-time visitor/returner)
  • Individual tags or variables

The information is used to evaluate use of the website and to enable us to design our website in line with requirements. The information is visualised in so-called "heat maps" and "session recordings". The heat maps show which areas of the website are clicked on. In "session recordings", usage behaviour (mouse movements, call-up of sub-pages, etc.) is recorded. Subpages on which you can enter personal data (such as in the contact form) are excluded from this tracking. The information will not be passed on to third parties. Under no circumstances will the IP address be linked to other data concerning the user. IP addresses are made anonymous, rendering assignment impossible (IPMasking). Further information can be found in English in the data protection policy of the provider.

(2) YouTube

We use the YouTube plugin of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as "YouTube") on our website in order to raise awareness of our company.

The plug-ins are marked with a YouTube logo, for example in the form of a "YouTube camera" or a "play" button.

These plug-ins are integrated by us by means of the so-called two-click method and the YouTube nocookie settings to protect visitors of our website in the best possible manner. This means that your personal data (in particular your IP address) will not already be transmitted to YouTube when you access the website. Instead, you first have to activate the integrated "buttons" and videos by clicking them. With this click, you provide your consent for a connection to YouTube servers to be established. The data transmitted will be reduced by the YouTube nocookie settings.

Through this integration, YouTube is informed that your browser has called up the respective page of our website, even if you do not have a YouTube profile or are not currently logged in to YouTube.

This information (including your IP address) is transmitted by your browser directly to a YouTube server in the USA and stored there. If you are logged in to YouTube, YouTube is able to directly attribute your visit to our website to your YouTube account. If you interact with the plugins, for example by clicking the "YouTube" button, this information is also transmitted directly to a YouTube server and stored there. The information is also published on your YouTube account and displayed to your contacts there.

If you do not want YouTube to associate the information collected via our website directly with your YouTube account, you must log out of YouTube before activating the plugins.

For more information, please see the YouTube Privacy Policy (https://www.youtube.de/t/privacy).

YouTube also uses the collected data for its own purposes. YouTube's privacy policy and terms of use can be found at policies.google.com/technologies/partner-sites.

7. Cookie details

III. When mandating dhpg 

1. What are the purposes of data processing?

When mandating dhpg, we collect and store your master data as well as any other data required for the execution and processing of the mandate agreement as well as for the fulfilment of legal obligations (e.g. Money Laundering Act). The legal basis for the data processing in the mandate relationship is Art. 6 (1) (1) (b), (c) GDPR. 

If necessary, the processing of personal data for communication measures of dhpg on events and topics related to auditing, legal and tax consultancy may also be considered if we have a legitimate interest in advertising this information and your conflicting interests do not outweigh this. Further information on this processing can be found in this data protection declaration under the item "Communication measures of dhpg on events and topics relating to auditing, legal and tax consultancy".

2. Where do we obtain the personal data?

As a rule, we receive personal data directly from you. However, we may also obtain personal data from other sources such as public directories and databases, court and official correspondence, as well as communication with other consultants or third parties, in compliance with professional secrecy. 

3. Is personal data passed on to third parties?

Personal data will only be disclosed to third parties within the framework of legal regulations if this is necessary to comply with legal provisions or to fulfil our contractual obligations. 

Depending on the mandate, this includes, on the one hand, independent third parties such as authorities, social security institutions, courts and other tax, legal or economic advisors. 

In addition, the service providers we use also have access to your data. Such service providers are used by dhpg, for example, in order to be able to use software that facilitates the processing of the mandate, to destroy documents in accordance with data protection requirements or to receive support in the event of technical problems. However, these service providers may only process the data in accordance with our instructions and do not receive any right of use of their own.

4. How long will personal data be stored?

Data is processed for as long as it is necessary to achieve the contractual purpose, in principle for as long as the client relationship exists. After termination of the mandate and expiry of the statutory retention periods and the absence of legitimate interests, your data will be deleted.
 

IV. Communication measures of dhpg regarding events and topics related to auditing, legal and tax consulting 

1. What are the purposes of data processing?

Your data is required to register for events and to participate in them as well as to receive information on the topics of auditing, legal and tax advice as well as current case law from dhpg (legal basis is Art. 6 (1) (1) (f) GDPR). In order to be able to send you the information by e-mail, we require your consent (legal basis is Art. 6 (1) (1) (a) GDPR). 

2. Is personal data passed on to third parties?

We use external service providers for data processing who support us in carrying out any communication measures (e.g. sending invitations and newsletters). These service providers only process data in accordance with the instructions and under the control of dhpg and exclusively for the purposes described in this data protection information.

We also use the Microsoft Dynamics 365 Marketing service provided by Microsoft (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland).  We use this tool for efficient management of prospects and the sending of information. We do not evaluate opening or click-through behaviour when we send information by email.  

For more information on privacy, please see Microsoft's privacy policy at privacy.microsoft.com/de-de/privacystatement. For more information on the use of cookies in connection with the system, please visit https://docs.microsoft.com/de-de/dynamics365/customer-engagement/marketing/cookies.

You can withdraw your consent to receive information by e-mail at any time. You can unsubscribe at any time, for example via a link at the end of each e-mail. Alternatively, you are also welcome to send your unsubscribe request by e-mail to info@dhpg.de at any time.

3. How long will personal data be stored?

We store data for as long as you would like to receive information and invitations to events or we would like to stay in contact with you.

V. When using our platform for online seminars

1. When visiting the website

When you call up our platform for online seminars, the browser used on your terminal device automatically sends information to our platform's server. This information is temporarily stored in a so-called log file. The following information is recorded without your performing any action and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which the access takes place (referrer URL),
  • The browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the data mentioned above for the following purposes:

  • To ensure a smooth connection set-up for the website,
  • To guarantee comfortable use of our website,
  • Evaluation of system security and stability and
  • For other administrative purposes.

The legal basis for the data processing is provided in Art. 6 (1) (1) (f) GDPR. Our legitimate interest lies in the operation of our website and the associated presentation of our company.

Your data will be deleted as soon as it is no longer required for the purposes stated, but at the latest after 6 months.

We offer the platform via the services of Microsoft Ireland Operations Limited (One Microsoft Place, South Country Business Park, Leopardstown, Dublin 18, D12 P51, Ireland; hereinafter Microsoft). We use Microsoft as a contractor for this purpose and have concluded a corresponding agreement with it on commissioned processing within the meaning of Art. 28 GDPR. Data processing takes place on servers in Germany and other countries of the European Union and is protected by extensive technical and organizational security measures. Microsoft reserves the right to process Customer Data for its own legitimate business purposes. We have no control over this data processing by Microsoft. To the extent that Microsoft processes personal data in connection with its legitimate business purposes, Microsoft is the independent data controller for those data processing activities and, as such, is responsible for compliance with all applicable data protection laws. If you require information about Microsoft's processing, please refer to the relevant Microsoft statement.

2. When registering on the platform and participating in the online seminars

We regularly offer our dhpg online seminars on various topics. We offer the online seminars via the Microsoft Teams tool. For this purpose, we use Microsoft Ireland Operations Limited (One Microsoft Place, South Country Business Park, Leopardstown, Dublin 18, D12 P51, Ireland; hereinafter Microsoft) as a contractor and have concluded a corresponding agreement with it on commissioned processing within the meaning of Art. 28 GDPR. Data processing takes place on servers in Germany and other countries of the European Union and is protected by extensive technical and organizational security measures. Microsoft reserves the right to process Customer Data for its own legitimate business purposes. We have no control over this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with its legitimate business purposes, Microsoft is the independent data controller for those data processing activities and, as such, is responsible for compliance with all applicable data protection laws. If you require information about Microsoft's processing, please refer to the relevant Microsoft statement.

For the registration on the platform we need your full name and your e-mail address. Without this data, the registration cannot be completed. Registration is necessary for the establishment of a secure connection to our online seminars and thus for the fulfillment of the contract.

During the event, your name will be visible to other participants. When participating in the online seminars, you have the opportunity to ask questions. We use the transmitted data only to answer the inquiry. Insofar as you use the chat function, your name and the content you transmit are visible to the other participants. In the recordings of the online seminars, your name and the content you entered in the chat are not recognizable.

The legal basis for the processing is Art. 6 (1) (1) (b) GDPR.

3. Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar). Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
 
Required first-party cookies

The use of our required first-party cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made, so that you do not have to enter them again.

This data is deleted after 6 months at the latest.

We process their data based on our legitimate interest in the external presentation of our company via the website you have accessed and to promote user-friendliness. The legal basis for the processing is Art. 6 (1) (1) (f) GDPR.

Most browsers accept these cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before such a cookie is created. However, the complete deactivation of cookies may result in the website not being displayed correctly or you not being able to use all the functions of our website.
 

VI. Data protection information for communication and data exchange via Microsoft 365 cloud services, in particular via Microsoft Teams and Share Point (incl. client portal)

1. which categories of data does dhpg process as the controller and where do they come from?

No registration is required to use Microsoft 365 cloud services such as Teams or SharePoint if you use the functions as a guest in our dhpg environment. If you use the account with which you have registered with Microsoft, the data specified in your profile, e.g. email address, telephone number or photo, may also be processed.
In addition, technical data is always transmitted and stored, such as IP address, device, login or diagnostic data.

Other categories of data are also processed, depending on the service:

a) (Video) call about teams To participate in a video call, your e-mail address is usually required so that we can provide you with the invitation link. If you dial into the call without a Microsoft account or are not logged into it, you can enter your name so that we can recognise who is requesting access to the video call. However, you also have the option of joining the call via a telephone call. In this case, your telephone number will be transmitted. If you are logged into your Microsoft account, the profile data contained therein will be transmitted.
When the camera and microphone are activated in Teams, video and audio data are transmitted. If you use the chat function during the call, the data it contains will be saved. In exceptional cases, the call may also be recorded if all participants have previously agreed to a recording.

b) Communication and data exchange via a "team" (incl. client portal) As a rule, you have access to the "Team" when you log in to Teams with your Microsoft account, whose e-mail address you have provided to us to create the team. You also have the option of accessing the client portal via our website. You can log in via your Microsoft account. If you do not have a Microsoft account, your name and e-mail address are required. For each login, a one-time password will be sent to your e-mail address, which you can use to log in.
If files are exchanged, the personal data contained in the file will be processed. The personal data that you enter in a Teams contribution for communication purposes is also stored.

Special notes: When logging in via the dhpg2go app
You also have the option of accessing the client portal and thus the team created for you at any time via your mobile device using our dhpg2go app. When you download the app, certain personal data required for this purpose is transmitted to the relevant app store (e.g. Apple App Store or Google Play). In particular, the e-mail address, the user name, the customer number of the downloading account, the individual device identification number, payment information and the time of the download are transmitted to the App Store during the download. We have no influence on the collection and processing of this data; it is carried out exclusively by the app store you have selected. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the app store.

We collect and process the following data from you:

  • Device information: The access data includes the IP address, device ID, device type, device-specific settings and app settings as well as app properties, the date and time of retrieval, the time zone, the amount of data transferred and the message as to whether the data exchange was complete, app crash, browser type and operating system. This access data is processed to technically enable the operation of the app.
  • Device authorisations: The app requires access to notifications in order to show you real-time notifications. The app also requires access to photos and videos as well as music and audio in order to save documents on your device or send them to us from your device.
  • data that you provide to us: To use the app, you need to sign in with your Office 365 or Microsoft account.
  • Information with your consent: We process other information (e.g. transferred files and photos) if you authorise us to do so.

Source of all personal data:
We receive the data directly from you when you transmit the data to us via the Microsoft 365 cloud services for communication and data exchange. We also receive the data through cookies and other data transmissions that are technically necessary to provide you with the Microsoft services and/or the dhpg2go app in a functional and secure manner.

2. for what purposes and on what legal basis is data processed?

dhpg processes the personal data with Microsoft 365 cloud services and in particular Teams for the purpose of communication and data exchange with you (e.g. conducting telephone and video conferences, online seminars or other online meetings as well as for task management, exchanging data and information, using chat functions and collaborating with clients and other external parties from any location).
Insofar as the online meetings serve to provide advice in connection with the services offered by us and thus to fulfil or initiate the contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. The legal basis for conducting online application interviews is Art. 88 GDPR in conjunction with Section 26 BDSG. If there is no contractual relationship with the participants of the online meeting or if such a relationship is to be established, we conduct the online meetings on the basis of our legitimate interest in an effective exchange with you. In this case, Art. 6 para. 1 sentence 1 lit. f) GDPR is the legal basis. In principle, online meetings and chat histories are not recorded. In exceptional cases, an online meeting will be recorded or a chat history saved if all participants have consented to this. You will be informed about the purpose of the storage and the duration before you give your consent. For example, this may be done to facilitate the creation of minutes afterwards. In this case, the recording will be deleted after the minutes have been taken. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a) GDPR.

3. who receives your data and is it transferred to third countries?

dhpg Tax & Management Services GmbH has licensed the Microsoft 365 cloud services including Teams for the dhpg companies. dhpg Tax & Management Services GmbH therefore acts as a processor for all other dhpg companies. In addition to the licence agreement, dhpg Tax & Management Services GmbH has also concluded an agreement on commissioned processing with Microsoft Ireland Operations Limited (One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k "Microsoft") as a subcontractor. There is also a subcontracting relationship with Synalis GmbH & Co KG (Windgassenstr. 24, 53229 Bonn) for technical support. As contractors or subcontractors, these companies may therefore not process your data for their own purposes, but only in accordance with our instructions for the provision of services.
Further data protection information on Microsoft 365 and Teams can be found at https://www.microsoft.com/de-de/trust-center/privacy/gdpr-overview.
In compliance with the provisions of Art. 44 ff GDPR, your personal data may also be transferred to third countries in individual cases. In particular, when using Microsoft services, your data may also be transferred to the USA as a third country in individual cases. However, this transfer is minimised by suitable contractual and technical measures; in addition, Microsoft is subject to the EU-US adequacy decision. If a Teams call takes place in which a participant from a third country dials in, the data that is the subject of the call will at least also be transmitted to this participant in the third country. Further information, in particular on the appropriate guarantees for the protection of your data in the respective third country, can be obtained from our data protection officer.

4. what data protection rights can you assert as a data subject?

You can request information about the personal data stored about you at the above address of the respective dhpg company in accordance with Art. 15 GDPR. In addition, under certain conditions, you can request the rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of your data. You may also have the right to restrict the processing of your data (Art. 18 GDPR) and the right to receive the data you have provided in a structured, commonly used and machine-readable format (Art. 20 GDPR). If we process your data on the basis of your consent, you can revoke this consent at any time with effect for the future (Art. 7 para. 3 GDPR).

5. right of objection

If we process your data to protect legitimate interests, you can object to this processing on grounds relating to your particular situation (Art. 21 (1) GDPR). We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.

6. where can you complain?

If you have any problems with or questions about the processing of your personal data, please contact the responsible dhpg company first. This can also be done via the above-mentioned data protection officer, who is obliged to maintain confidentiality when processing your enquiries and will also be happy to forward your enquiry or complaint to the respective dhpg company in anonymised form as long as this is possible within the scope of processing. Of course, you can also contact a data protection supervisory authority of your choice directly with your complaint in accordance with Art. 77 para. 1 GDPR.

7. How long will your data be stored?

We delete your personal data as soon as it is no longer required for the above-mentioned purposes. After termination of a contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods are up to ten years. In addition, personal data may be stored for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).
In the case of a simple Teams meeting (without using the chat function and without recording), your data is not stored permanently, but only for the duration of the session. When using the chat, the data is only stored for the duration of the session. In the case of extensive or numerous enquiries, we extract these from the chat with your consent in order to be able to answer them after the session. If we exceptionally record the team meeting with your consent, the recording will be deleted as soon as the purpose about which you were informed prior to your consent has been achieved.

8. are you obliged to provide your data?

As part of a client relationship, you must provide the personal data that is required for the establishment, execution and termination of the contractual relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will not be able to fulfil the mandate agreement with you.

VII. Up-to-dateness and amendment of the data protection 

This data protection declaration is currently valid and has the status September 2023. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection statement at any time on the website at www.dhpg.de/de/datenschutz/.

Load YouTube Video
Permalink