Data protection notice of Flick Gocke Schaumburg
Rechtsanwälte Wirtschaftsprüfer Steuerberater
1. Name and contact details of the controller and the data protection officer
This data protection notice applies to the processing of data by:
Flick Gocke Schaumburg
Rechtsanwälte Wirtschaftsprüfer Steuerberater
– hereinafter “FGS” –
T +49 228/95 94-0
F +49 228/95 94-100
Our data protection officer can be contacted at the above address and at firstname.lastname@example.org.
As regards other companies affiliated with FGS, see below under Clause 2 b).
2. Collection and storage of personal data, and nature and purpose of their use
a) Use of the website
When you visit the websites operated by FGS, namely www.fgs.de and www.fgs-blog.de, the browser running on your device automatically transmits information to our website server. This information is temporarily stored in a log file. Without you taking any action, the following information is recorded and stored until it is automatically deleted after 30 days:
- IP address of your computer,
- date and time of access,
- name and URL of the accessed file,
- website from which access was initiated (referrer URL),
- quantity of transmitted data in bytes,
- name of browser being used and, if applicable, your computer’s operating system and the name of your access provider.
We process these data for the following purposes:
- to ensure that the connection to the website is established smoothly,
- to ensure that our website is user-friendly,
- to evaluate system security and stability, and
- for further administrative purposes.
The legal basis for the processing of data is provided by Art. 6 (1) sentence 1 point f of the Data Protection Regulation (GDPR). Our legitimate interest arises from the purposes for which the data are collected as per the above list. In no event do we use the collected data for the purpose of inferring anything about your person.
b) Registering for information about our firm, newsletters and invitations to / participation in events
aa) Information and invitations sent by email
If you have explicitly granted consent pursuant to Art. 6 (1) sentence 1 point a GDPR or if one of the other elements of Art. 6 (1) sentence 1 GDPR is satisfied, we use your email address to regularly send you information about our firm, newsletters and invitations to events of and with FGS. To receive information about our firm, newsletters and invitations, you need to state only your name and an email address. Business entities are required to state their company name. You can unsubscribe at any time, for example by following the link provided at the end of every newsletter. Alternatively you can send an unsubscribe request at any time to email@example.com. We store your data until you unsubscribe. Thereafter we delete your data unless we are entitled and/or required for other reasons to continue storing them.
bb) Information and invitations sent by mail
If you have explicitly granted consent pursuant to Art. 6 (1) sentence 1 point a GDPR or if one of the other elements of Art. 6 (1) sentence 1 GDPR is satisfied (in particular, pursuant to Art. 6 (1) sentence 1 point f GDPR, processing is necessary to safeguard our legitimate interests and your interests pursuant to Art. 6 (1) sentence 1 point f GDPR do not take precedence), we use your name and mail address to send you information about our firm, newsletters and invitations to events of and with FGS. We store your data until you object to receiving this information by mail. Thereafter we delete your data unless we are entitled and/or required for other reasons to continue storing them.
cc) Participation in events
If you accept an invitation to, and register for, one of our events, we process personal data such your name, telephone number and email address (e.g. information for organizational purposes or on any necessary postponement/cancellation; entrance control) if this is necessary to organize the event. We also send any documents for the event to your email address. The legal basis for this is Art. 6 (1) sentence 1 points a, b, and f GDPR.
We store your data after the end of the event and transmission of any documents for a maximum of three calendar years to enhance planning of future events and to invite you to any of these which are relevant. In particular, we hold certain events only at longer intervals, which makes this period necessary and appropriate. The legal basis for the storing of data is provided by Art. 6 (1) sentence 1 point f GDPR. If you inform us that you do not wish to receive further invitations, we will also immediately delete your data on other events you have attended.
If you receive newsletters and invitations from one of our other FGS companies, in particular
- Flick Gocke Schaumburg GmbH Wirtschaftsprüfungsgesellschaft, Fritz-Schäffer-Straße 1, 53113 Bonn;
- FGS Digital GmbH, Fritz-Schäffer-Straße 1, 53113 Bonn;
- FGS Steuerberatungsgesellschaft mbH, Fritz-Schäffer-Straße 1, 53113 Bonn;
- FGS Revisions- und Treuhandgesellschaft mbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft, Unter den Linden 10, 10117 Berlin;
- FGS Treuhandgesellschaft für Stiftungsvermögen mbH, Fritz-Schäffer-Straße 1, 53113 Bonn;
- FGS Zürich AG, Bahnhofstrasse 69a, CH-8001 Zürich,
the company concerned is the entity responsible for processing your data. Please address questions concerning data protection relating to the other FGS companies to the company concerned, referring to the subject matter, or by email to firstname.lastname@example.org.
c) Using our contact form
If you have a query on any subject, we invite you to contact us using the form on our website. We need you to state a valid email address, so that we can identify the originator of the inquiry and respond to it appropriately. The disclosure of other details is voluntary. The processing of data for the purpose of enabling you to contact us takes place pursuant to Art. 6 (1) sentence 1 point a GDPR on the basis of your freely granted consent. The personal data collected by us to facilitate use of the contact form are automatically deleted once your query has been resolved.
d) No legal requirement / Consequences of failing to provide data
We record the personal data named under sub-clauses a) to c) above without you being bound by any statutory or contractual requirement in this connection within the meaning of Art. 13 (2) point e GDPR. If you do not wish to provide us with certain data – e.g. an email address when registering for an event – we inform you here, pursuant to Art. 13 (2) point e GDPR, that we reserve the right not to provide the relevant service.
3. Transfer of data
Your personal data are not transmitted to third parties for any purposes other than those specified below. We transfer your personal data to third parties only if:
- you have granted your explicit consent thereto pursuant to Art. 6 (1) sentence 1 point a GDPR,
- the transfer is necessary pursuant to Art. 6 (1) sentence 1 point f GDPR for the establishment, exercise or defense of legal claims and there is no reason to suppose that you have an overriding legitimate interest in your data not being transferred,
- a legal obligation for the transfer exists pursuant to Art. 6 (1) sentence 1 point c GDPR, and
- such a transfer is allowed by law and necessary for conducting contractual relations with you pursuant to Art. 6 (1) sentence 1 point b GDPR.
Cookies are repositories for information arising in connection with the device you are using. This does not mean, however, that we directly obtain any knowledge of your identity in this way.
Likewise for the purpose of enhancing user-friendliness, we also use temporary cookies, which are stored on your device for a defined period. If you visit our website again in order to use our services, these cookies automatically recognize both your previous visit and the inputs and settings you made so as to avoid having to repeat them.
The processing of data by way of cookies is necessary for the specified purposes of the legitimate interests pursued by us or by a third party pursuant to Art. 6 (1) sentence 1 point f GDPR.
Most browsers accept cookies automatically. You can configure your browser, however, to prevent cookies being stored on your computer or to trigger a warning each time a new cookie is about to be created. If you block cookies completely, you may not be able to use all the functions of our website.
5. Analysis tools
Insofar as we use analytical measures, they are performed on the basis of Art. 6 (1) sentence 1 point f GDPR. By way of the adopted analytical measures, we seek to ensure that our website reflects users’ needs and is continuously improved. We also employ the measures to record statistics about the use of our website and for the purpose of enhancing our offering to you. These interests are to be regarded as legitimate within the meaning of the forenamed provision.
We currently use the tracking tool Jetpack only on the website www.fgs-blog.de (and its sub-pages), which, in conjunction with the use of WordPress to produce and update blogs, records the number and timing of visits to individual blogs. The collected data serve only the purposes of statistical analysis and improving the website; in particular, we evaluate the data in order to make the blogs more interesting and easier to find.
6. Social media plug-ins
On our website we do not use any plug-ins for the social networks Twitter, LinkedIn and XING. We use links to the social networks Twitter, LinkedIn and XING in a way that does not establish any direct connection between your browser and the server of the social network concerned. The symbols of the relevant social networks appearing on our websites are simple links to our own pages on these networks. Responsibility for ensuring operation in compliance with data protection regulations rests with the individual network providers.
On the ‘press releases’ page, we have placed a button for sharing press releases with third parties via Twitter, LinkedIn, Facebook and XING. We designed the sharing feature in a way that avoids sending data to the social network, as long as you have not selected the network by clicking the button to actually share the press release. Based on your selection another window will open and allow you to conclude the sharing in your accustomed social media environment.
If you share content from our website via your social media account, the provider of the network will be able to track your visit on our website. Please note that we do not have comprehensive knowledge of the data transferred during your visit to the social media network provider, or the use made thereof by the provider.
You will find further information on the above in the data protection notices of the social media network providers:
- Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA): https://www.facebook.com/privacy/explanation
- LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA): https://www.linkedin.com/legal/privacy-policy
- XING (XING SE, Dammtorstraße 30, 20354 Hamburg): https://privacy.xing.com/en/privacy-policy
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin D02 AX07, Ireland): https://twitter.com/en/privacy
7. Rights of data subjects
You have the right:
- pursuant to Art. 15 GDPR to obtain from us confirmation as to whether your personal data are being processed. In particular, you have the right to obtain information on the purposes of the processing; the categories of personal data concerned; the categories of recipients to whom your data have been or will be disclosed; the envisaged storage period; the existence of a right to request rectification or erasure or restriction of processing, or to object to such processing; the existence of a right to lodge a complaint; the source of your data if not collected by us; and on the existence of automated decision-making, including profiling, and, in those cases, meaningful information about the particularities of such activities;
- pursuant to Art. 16 GDPR to demand from us without undue delay the rectification of inaccurate personal data concerning you held by us, or to have incomplete personal data completed;
- pursuant to Art. 17 GDPR to obtain from us the erasure of your personal data stored by us unless the processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defense of legal claims;
- pursuant to Art. 18 GDPR to demand that we restrict the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of the personal data and we no longer need the data, but they are required by you for the establishment, exercise or defense of legal claims; or if you have objected to processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or to demand their transmission to another controller;
- pursuant to Art. 7 (3) GDPR at any time to withdraw your consent given to us. In consequence of withdrawal, we shall no longer be allowed to process the data in future on the basis of such consent; and
- pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. For this purpose you can, as a general rule, address your complaint to the supervisory authority in the place of your habitual residence, your place of work, or the place where our firm has its registered office.
8. Right to object
If your personal data are being processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 point f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on grounds relating to your particular situation, or if the objection relates to direct marketing. In the second of these two cases, you have a right to object in general without invoking a particular situation and we shall comply with the objection. If you wish to exercise your right to withdraw consent or object, simply send an email to email@example.com.
9. Data security
When you visit our website we use the widely adopted protocol transport layer security (TLS) in conjunction with the highest encryption level supported by your browser. As a general rule, 256-bit encryption is supported. If your browser is incompatible with a 256-bit key, we revert to the 128-bit v3 technique instead. The open or closed lock or padlock symbol displayed on the browser page or further information contained in the properties of the browser show whether or not the data constituting our website are encrypted during their transmission.
In other respects we take suitable technical and organizational security measures to protect your data against coincidental or intentional manipulation, partial or complete loss, destruction, and unauthorized access by third parties. We continuously improve our security measures in keeping with technological progress.
10. Validity and revision of this data protection notice
This is the current version of the data protection notice as of August 2018. The evolution of our website and services offered by way of same, as well as changes to statutory or official requirements, can make it necessary for us to revise this data protection notice from time to time. You can retrieve and print the applicable version of the data protection notice from the website at any time on the page https://www.fgs.de/datenschutzerklaerung (in German) or https://www.fgs.de/en/data-protection-notice.html (in English).