Data protection policy (As of 24 May 2018)
I. Name and address of the responsible entity / data protection officer
The responsible entity as defined by the General Data Protection Regulation (GDPR), other national data protection laws of EU member states and other data protection provisions is
PKF WULF BURR KG
(„PKF WULF BURR“)
vertreten durch den Gesellschafter Julian Wenninger
Im Neuenbühl 7
Telefon: +49 7044 9315-0
Telefax: +49 7044 9315-19
The responsible entity’s data protection manager is:
II. Collection and storage of personal data and purpose of data processing
1. Use of website at www.pkf-burr.de
When calling up the websites stated above, information is automatically sent to the server of our practice’s website by the browser used (e.g. Firefox, Chrome, Safari etc.) on the visitor’s device (e.g. PC, laptop, smartphone). This information is stored temporarily in a so-called log file. The following information is recorded without your involvement and stored until automated deletion:
• IP address of the requesting computer,
• Date and time of the access,
• Name and URL of the calling file,
• Website from where the access came (referrer URL),
• Browser used and possibly your computer’s operating system and the name of your access provider.
The stated data is processed by us for the following purposes:
• Ensuring the problem-free connection of the website,
• Ensuring the comfortable use of our website,
• Analysis of system security and stability.
The legal basis for the data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our justified interest arises from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your identity.
2. Subscription to the PKF newsletter
By clicking the “Subscribe to PKF newsletter” button, entering your email address and clicking the consent option, our practice uses the email address to regularly send our newsletter. It is sufficient to state an email address to receive the newsletter. If you state your name it is simply used for personalisation and is voluntary for the person subscribing. The subscriber’s newsletter data is only used by our practice to send the newsletter and is not passed on.
Unsubscription is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can express your unsubscription request at any time by sending an email to the address stated above.
III. Transfer of personal data
No transfer to third-parties for purposes other than those listed in II. takes place as a matter of principle.
We only pass on personal data in exceptional circumstances to third parties if
• The affected person has given explicit consent to this under Art 6 Para. 1 S. 1 lit. a GDPR,
• The transfer is required under Art 6 Para. 1 S. 1 lit. f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overwhelming interest worthy of protection in the non-transfer of your data,
• The transfer is required under Art 6 Para. 1 S. 1 lit. c GDPR due to a statutory obligation, and
• This is permitted by law and is required under Art 6 Para. 1 S. 1 lit. b GDPR to process contractual relationships.
Our website uses so-called cookies. Cookies are text files that are stored in or by the Internet browser on the user's computer system. If a user accesses our website, a cookie may be saved on the user's operating system.
The data processed by cookies is required to maintain our justified interests and those of third parties under Art 6 Para. 1 S. 1 lit. f GDPR.
Most browsers accept cookies automatically. You can however configure your browser to not store cookies on your computer or to always show a notification before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all of the functions of our website.
2. Analysis tool / use of Google Analytics
For the purposes of needs-led design and the ongoing optimisation of our pages, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereafter referred to as “Google”). In this regard, pseudonym usage profiles are created and cookies (refer to No. 4) are used. The information generated by the cookie on using this website such as
• browser type/version,
• operating system used,
• referrer URL (the previously visited page),
• host name of the accessing computer (IP address),
• time of server enquiry,
is transferred to a Google server in the USA and stored there. The information is used to analyse the use of our website, assemble reports on website activities and provide other services associated with website use and internet use for the purposes of market research and needs-led design of this website. We may also transfer this information to third parties if this is required by law and if third parties process this data on our behalf. Under no circumstances will Google connect your IP address to other Google data. The IP addresses are made anonymous, so it is not possible to assign them to their owners.
Google is a contracted processor as defined by GDPR and in this regard we have concluded a contract with Google to ensure the European data protection level through processing in a third-party European country and complying with the GDPR requirements.
As described above, you can prevent the installation of cookies by adjusting the relevant setting in your browser software; but in this case we expressly point out that you may not be able to use the full functions of this website.
Furthermore, you can prevent the collection of data generated by the cookie and that draws on your use of the website (incl. your IP address) and the processing of this data by Google by downloading and installing a browser plug-in (http://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, in particular for browsers on mobile devices, you can prevent the recording by Google Analytics by clicking this link. An opt-out cookie is set that prevents the future entry of your data when visiting this website. The opt-out cookie only applies to this browser and our website; it is stored on your device. If you delete the cookies you have to set this opt-out cookie again.
You can find additional information relating to Google Analytics for example in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de)
V. Use of social media plug-ins
The use of so-called social media plug-ins is used to make our chambers more widely known. This is a justified interest under the applicable data protection regulations. The respective suppliers of these plug-ins are responsible for processing the personal data. On our website these are:
Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
Twitter, which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
Google+, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA;
LinkedIn, which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
XING, which is operated by Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany.
These social plug-ins are marked with the relevant logo of the companies stated above, so-called placeholders. Only when you have clicked these placeholders are they activated and create a direct connection from your browser to the servers of Facebook, Twitter, Google+, Xing or LinkedIn. The information that you called up via the social plug-in for our website is transferred to Facebook, Twitter, Google+, Xing and LinkedIn. This also occurs if you are not logged into Facebook, Twitter, Google+, Xing and LinkedIn or do not have an account with them.
If you have an account with the companies stated above and are logged into Facebook, Twitter, Google+, Xing or LinkedIn, your visit to our pages and all of your interactions through the social plug-in (e.g. writing a comment etc.) can be assigned to your profile there and stored with Facebook, Twitter, Google+, Xing or LinkedIn.
The purpose and scope of the data collection, processing and use of the data by Facebook, Twitter, Google+, Xing and LinkedIn and your rights and setting options in this regard to protect your privacy are shown in the data protection information of Facebook (http://www.facebook.com/policy.php), Twitter (https://twitter.com/privacy) Google+ (https://www.google.de/intl/de/policies/terms/regional.html), Xing (https://www.xing.com/privacy), LinkedIn (https://www.linkedin.com/legal/privacy-policy).
To prevent Facebook, Twitter, Google+, Xing or LinkedIn collecting the data stated above on your visit to our website, before visiting our site please log out of Facebook, Twitter, Google+, Xing or LinkedIn.
VI. Your rights as the affected person
1. Statutory principles
Under GDPR you have the following rights:
Art. 15 GDPR right to request information about the personal data processed by us. In particular you can request information on the processing purposes, category of personal data, categories of recipients to whom your data was published or will be published, the planned storage term, existence of a right to correction, deletion, restriction of processing or contradiction, existence of a complaint right, origin of your data if not collected by us and the existence of automated decision-making including profiling and any meaningful information on the details;
Art. 16 GDPR request without delay the correction of incorrect or completion of your personal data that we have stored;
Art. 17 GDPR request the deletion of your personal data that we have stored if the processing is not required to exercise the right to express an opinion and information, fulfil a legal obligation, in the public interest or to assert, exercise or defend legal claims;
Art. 18 GDPR request the restriction on processing your personal data if the correctness of the data is disputed by you, the processing is illegal but you reject its deletion and we no longer require the data however you require it to assert, exercise or defend legal claims or have objected to the processing under Art. 21 GDPR;
Art. 20 GDPR request your personal data that you have provided to us in a structured, common and machine-readable form or their transfer to another responsible entity;
Art. 7, Para. 3 GDPR revoke consent issued to us at any time. This means that we cannot continue into the future data processing that is based on this consent and
Art. 77 GDPR complain to a supervisory authority. In general, you can use the supervisory authority at your place of residence or work or that of our chambers.
2. Right of objection
If your personal data is processed based on justified interests under Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data if there are reasons arising from your particular situation or the objection relates to direct advertising. In the latter case, you have a general objection right that we implement without stating a specific situation.
If you want to use your objection or revocation right, an email to the address stated above is sufficient.
VII. Data security / IT security
When you visit the website we use the widespread SSL (secure socket layer) method in connection with the highest possible encryption level that is supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we instead fall back on 128-bit v3 technology. You can tell whether one of the website’s pages is transferred with encryption by the closed key or lock icon in the lower status bar of your browser.
We use other suitable technical and organisational security measures to protect your data from random or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are improved on an ongoing basis in line with technological developments.