Skip links

Privacy policy

  1. Name and address of the controller
  2. Name and address of the data protection officer
  3. General information on data processing
    1. Scope of personal data processing
    2. Legal basis for personal data processing
    3. Storage period
  4. Provision of the website and creation of log files
    1. Description and scope of data processing
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Storage period
    5. Possibility to object or eliminate
  5. Newsletter information / Client letters
    1. Description and scope of data processing
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Storage period
    5. Possibility to object or eliminate
  6. Contact form and e-mail contact
    1. Description and scope of data processing
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Storage period
    5. Possibility to object or eliminate
  7. Data protection tips for online applications
    1. Collection, processing and use of personal data
    2. Consent and right to object
  8. Cookies
  9. Rights of the data subject
    1. Right of access
    2. Right to rectification
    3. Right to restriction of processing
    4. Right to erasure
    5. Right to notification
    6. Right to data portability
    7. Right to object
    8. Right to withdraw statement of consent in connection with the data protection law
    9. Automated individual decision-making, including profiling
    10. Right to lodge a complaint with a supervisory authority
  10. Current status and changes to this privacy policy

1. Name and address of the controller

Under the General Data Protection Regulation (GDPR) and other national data protection laws of Member States as well as other data protection law provisions, the controllers are:

  • CONCEPTAX Siekmann, Janell und Partner mbB
  • DR. WOELKE AG Wirtschaftsprüfungsgesellschaft

 

Go to top

2. Name and address of the data protection officer

The data protection officer of the controller can be reached as follows:

Hellerweg 28
32052 Herford
Germany

Tel.: +49 5221 9831-0
E-Mail: datenschutz@conceptax.de

Go to top

3. General information on data processing

3.1 Scope of personal data processing

Whenever a data subject or automated system accesses the website, we collect general data and information. The data and information are saved in the server log files. The following information is collected:

  • Internet protocol address (IP address);
  • the date and time the website was accessed;
  • the exact subpage on our website to which you were directed;
  • the web page from which you accessed our website (so-called referrer);
  • the browser and version used;
  • the operating system used for access.
Go to top

3.2 Legal basis for personal data processing

We use the aforementioned data for the following purposes:

  • to ensure the smooth loading of the web page;
  • to optimize our website contents for you;
  • to ensure system security and stability.

These points are in your and our legitimate interest. We may also occasionally use the data in order to fulfill our legal obligations in cooperating with law enforcement agencies. Under no circumstances do we use the collected data to draw conclusions about your personally. The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Go to top

3.3 Storage period

The storage period for these log files is two months.

Go to top

4. Provision of the website and creation of log files

4.1 Description and scope of data processing

Whenever a data subject or automated system accesses the website, we collect a set of metadata and information. The metadata and information are saved in the server log files. The following information is collected:

  • Internet protocol address (IP address);
  • the date and time the website was accessed;
  • the exact subpage on our website to which you were directed;
  • the web page from which you accessed our website (so-called referer);
  • the browser and version used;
  • the operating system used for access.
Go to top

4.2 Legal basis for data processing

The legal basis for the temporary storage of data is Article 6(1)(f) of the GDPR.

Go to top

4.3 Purpose of data processing

The temporary storage of IP addresses by the system is necessary in order to enable the delivery of the website to the user’s computer. To that end, the user’s IP address must be stored for the duration of the session.

The aforementioned data are also used for the following purposes:

  • to ensure the smooth loading of the web page;
  • to optimize our website contents for you;
  • to ensure system security and stability.

These points are in your and our legitimate interest. We may also occasionally use the data in order to fulfill our legal obligations in cooperating with law enforcement agencies. Under no circumstances do we use the collected data to draw conclusions about you personally.

Go to top

4.4 Storage period

The data are erased as soon as they are no longer needed to achieve the purpose for which they were collected. When data are collected for the provision of the website, they are erased once the corresponding session is ended.

The storage period for log files is two months.

Go to top

4.5 Possibility to object or eliminate

The collection of data in order to deliver the website and enable data storage in log files is absolutely necessary to operate the website. Consequently there is no possibility for the user to object.

Go to top

5. Newsletter information / Client letters

5.1 Description and scope of data processing

You have the ability to subscribe to our newsletter through our website. For that, you must provide us with your e-mail address and consent to subscribe to the newsletter.

Failure to provide this mandatory information means that you will not receive a newsletter from us. Regarding voluntary information, if you choose not to provide it the only consequence is that you will not be addressed personally in the corresponding newsletter.

We use these data exclusively to send the requested information and do not transmit them to third parties.

To sign up for our newsletter, we use the so-called double-opt-in procedure. In other words, when you register to receive our newsletter, we send you a confirmation e-mail with a link to confirm the registration. If you do not confirm your registration within 24 hours, your data are automatically erased. The purpose of this process is to verify your registration to receive the newsletter and, if necessary, clarify any possible misuse of your personal data. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter.

Go to top

5.2 Legal basis for data processing

The legal basis for processing the data once the user has registered to receive the newsletter/client letter is the presence of the user’s consent under Article 6(1)(a) of the GDPR.

Go to top

5.3 Purpose of data processing

The collection of the user’s e-mail address serves to deliver the newsletter.

The collection of other personal data in connection with the registration process serves to prevent the misuse of the services or e-mail addresses used.

Go to top

5.4 Storage period

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. The user’s e-mail address is then stored only as long as the newsletter or client letter subscription is active.

Go to top

5.5 Possibility to object or eliminate

You can withdraw your consent and unsubscribe from the newsletter at any time, without affecting the lawfulness of any data processing that occurred under the terms of consent before it was withdrawn. You can unsubscribe by clicking on the link provided in every newsletter or by sending a message to the publisher’s address listed in the contact information. We store your data only as long as the subscription is active. We do not forward these data to anyone else without your consent.

At any time and for any reason, you can withdraw your consent for the storage of data and e-mail addresses and their use to send the newsletters / client letters by writing to mandantenrundschreiben@conceptax.de. When the objection or subscription cancelation request is received, all your data will be erased.

Go to top

6. Contact form and e-mail contact

6.1 Description and scope of data processing

A contact form is available on our website that can be used to contact us electronically. If a user takes advantage of this possibility, then the data entered on the input screen are transmitted to us and stored.

For the data processing, reference is made to this privacy policy as part of the submission process.

Alternatively, contact may be made by e-mail at info@conceptax.de. In that case, personal data submitted by the user in the e-mail may be stored.

In this context, data is not forwarded to third parties. The data are used exclusively for processing the conversation. We should note that online data submissions (e.g. e-mail communications) may be exposed to security vulnerabilities. Ironclad data protection against third-party attacks is not possible.

Go to top

6.2 Legal basis for data processing

The legal basis for processing the data is the presence of the user’s consent under Article 6(1)(a) of the GDPR. The legal basis for processing data following the sending of an e-mail is Article 6(1)(f) of the GDPR. If the e-mail contact involves entering into a contract, then the legal basis for the data processing also includes Article 6(1)(b) of the GDPR.

Go to top

6.3 Purpose of data processing

The processing of personal data from the input screen is designed solely to help us handle the initial establishment of contact. In the case of an initial establishment of contact by e-mail, the requisite data processing legitimate interest also exists here. The other processed personal data during the submission process serve to prevent the misuse of the contact form and to ensure the security of our IT systems.

Go to top

6.4 Storage period

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. In the case of personal data from the contact form’s input screen and those submitted by e-mail, that moment occurs when the corresponding conversation with the user ends. The conversation is ended when it can be determined from circumstances that the matter at hand is definitively resolved.

Go to top

6.5 Possibility to object or eliminate

The user may withdraw his or her consent to process personal data at any time. The user may contact us by e-mail any time and object to the storage of his or her personal data. In that case, the conversation may not be continued. The withdrawal of consent and the objection to storage of data may be submitted by postal mail (to: CONCEPTAX Siekmann, Janell und Partner mbB, Hellerweg 28, 32052 Herford, Germany) or e-mail (to: info@conceptax.de). All personal data stored in connection with the initial establishment of contact will be erased in that case.

Go to top

7. Data protection tips for online applications

7.1 Collection, processing and use of personal data

Your personal data is also protected under applicable statutory provisions in the case of online applications. Your application will be handled in a strictly confidential manner and encrypted during the electronic transmission from you to us.

Your personal data are collected, processed and used in connection with the application process and, if applicable, the employment relationship. Nevertheless, they remain stored for the purpose of processing the application for a six-month period and are then erased to the extent no authorized processing ensues as part of an employee relationship. Subsequently, the data are only processed and used for statistical purposes in anonymized form; the matching of these data with an individual applicant is prohibited.

Go to top

7.2 Consent and right to object

In order to apply with us online, you must declare that you consent to the collection, processing and use of your personal data for the purpose of the application processing in the aforementioned scope. You provide this declaration by clicking on the corresponding control box. If you submit unsolicited data that contains information about race or ethnic origin, political opinions, religious or philosophical convictions, trade union membership, health or sexual preferences or genetic information or biometric data, you also consent to the electronic processing of this data. The use or application of such particular personal data by us is prohibited. We request that you please not submit such information to us.

At any time and without having to state the reason, you may object to the future processing of your personal data for the purpose of processing the application. The objection may be submitted by e-mail. Once the objection is received, your data is erased.

Go to top

8. Cookies

To allow you to use our website more easily, we use small text data known as cookies to track the preferences of users and thereby configure our website optimally. However, we do not use cookies to track the individual visits to our website. Most websites currently use cookies routinely. Nevertheless, if you have concerns in this regard, you can also configure your browser so that it does not accept cookies.

Go to top

9. Rights of the data subject

If your personal data is processed, you are a data subject as defined by the GDPR and have the following rights with respect to the controller:

Go to top

9.1 Right of access

You can request confirmation from the controller whether personal data about you was processed by us.

If such processing occurred, you can request information from the controller about the following:

  • the purposes for which the personal data were processed;
  • the categories of personal data that were processed;
  • the recipients or categories of recipients to whom the personal data have or will be disclosed;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the period;
  • the existence of the right to rectification or erasure of personal data about you, a right to restrict the processing by the controller or a right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data, when the personal data is not obtained from the data subject;
  • the existence of automated decision-making including profiling, referred to in Article 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data were transferred to a third country or to an international organization. In that regard, you may request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR.

Go to top

9.2 Right to rectification

You have the right to obtain rectification and/or the completion of incomplete data from the controller to the extent the personal data processed about you is incorrect or incomplete. The controller must make the rectification without undue delay.

Go to top

9.3 Right to restriction of processing

In the following conditions, you have the right to request from the controller that personal data about you be restricted:

  • if you contest the accuracy of the personal data about you for a period that allows the controller enough time to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of the processing, but you nevertheless need the data for the establishment, exercise or defense of legal claims;
  • you have objected to the processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the controller override yours.

If the processing of personal data about  you was restricted, these data – with the exception of your storage – shall only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State. If the restriction of processing was obtained under the aforementioned conditions, you shall be informed by the controller before the restriction is lifted.

Go to top

9.4 Right to erasure

a) Erasure requirement

You may request from the controller that the personal data about you be erased immediately, and the controller is required to erase these data without undue delay where one of the following grounds applies:

  • the personal data about you are no longer needed for the purposes for which they were collected or otherwise processed;
  • you withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal ground for the processing;
  • you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
  • the personal data about you were unlawfully processed;
  • the erasure of the personal data about you is necessary to satisfy a legal obligation under European Union or Member State law, to which the controller is subject;
  • the personal data about you were collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

b) Information to third parties

If the controller has disclosed the personal data about you and is required to erase it pursuant to Article 17(1) of the GDPR, the controller shall take reasonable steps, taking into account available technology and the cost of implementation, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested that they erase all links to these personal data or copies or replication of these personal data.

c) Exceptions

The right to erasure does not exist to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation that requires processing by European Union or Member State law to which the controller is subject, or for the performance of a task in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, to the extent the right referred to in section (a) is likely to block or seriously impede the objectives of this processing from being achieved;
  • for the establishment, exercise or defense of legal claims.
Go to top

9.5 Right to notification

If you have asserted the right to rectification, erasure or restriction to the controller, then the controller is required to notify all recipients to whom the personal data about you was disclosed of the rectification or erasure of the data or restriction of the processing, unless this notification is impossible or involves an unreasonable cost. You have the right to be informed by the controller about those recipients.

Go to top

9.6 Right to data portability

You have the right to receive the personal data about you that you provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller, without hindrance from the controller to whom the information was provided, as long as the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or involves a contract in accordance with Article 6(1)(b) of the GDPR and the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data about you transmitted directly from one controller to another, to the extent this transmission is technically feasible. The freedoms and rights of other persons shall not be infringed by the exercise of this right. The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Go to top

9.7 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal information about you, which is based on Article 6(1)(e) or (f) of the GDPR; this right also applies to profiling based on these provisions.

The controller shall no longer process personal data about you, unless he can substantiate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If the personal data about you are processed for direct marketing purposes, you have the right to object at any time to the processing of such information about you for such marketing purposes; this right also applies to profiling to the extent it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data about you shall no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

Go to top

9.8 Right to withdraw statement of consent in connection with the data protection law

You have the right to withdraw your statement of consent in connection with the data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing that occurred prior to the withdrawal.

Go to top

9.9 Automated individual decision-making, including profiling

You have the right not to be subject to decision based solely on automated processing – including profiling – that has legal consequences or significantly affects you in a similar manner. This right does not apply when the decision

  • is necessary for entering into or performance of an agreement between you and the controller;
  • is authorized by a European Union or Member State law that is binding on the controller, and this law has appropriate measures to protect your rights and freedoms as well as your legitimate interests;
  • occurs with your express consent.

Nevertheless, these decisions shall not involve special categories of personal data referred to in Article 9(2)(a) or (g) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken. Regarding the situations described in (1) and (3), the controller shall take appropriate measures to protect your rights and freedoms as well as your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and contest the decision.

Go to top

9.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data about you infringes the GDPR. The supervisory authority receiving the complaint informs the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

Go to top

10. Current status and changes to this privacy policy

This privacy policy is currently applicable and was last updated in December 2019.

It may become necessary to make changes to this privacy policy due to the further development of our website and related offers or to changes in statutory or regulatory provisions. You can always download and print the current privacy policy found on the website at www.conceptax.de.

Go to top
With this QR code you can access this website directly – fast and easy
With this QR code you can access this website directly – fast and easy

Using a QR code scanner app on your device, you can scan the image to the left and go straight to this site on our website.