DATA PROTECTION DECLARATION
The following provides information about which data Sterr-Kölln & Partner mbB (“we”) collect and process for which purposes when you use our website and other offers described below.
I. Contact Person
The contact person and controller within the meaning of the EU General Data Protection Regulation (GDPR) for the processing of your personal data when visiting this website is Sterr-Kölln & Partner MBB, Emmy-Noether-Strasse 2, 79110 Freiburg. Please do not hesitate to contact us should you have any questions. You can find our complete contact details in the imprint.
You can also send your data protection concerns by email to our data protection officer at email@example.com or by postal mail at the above-mentioned address Nether, Attn. Data Protection Officer. We expressly point out that when using this email address, not only our Nether data protection officer has access to the contents. If you would like to exchange confidential information, please first contact us directly via this email address.
II. Your Rights
1. Information, blocking, deletion, and correction
You have the right to request information about the processing of your personal data by us at any time. We will explain to you how the data is processed, and provide you with an overview of the data stored about you as part of the information request process.
If any data we have stored is incorrect or no longer up to date, you have the right to have this data corrected.
You can also request the deletion of your data. If, in exceptional cases, deletion is not possible due to other legal regulations, the data will be blocked so that they are only available for this legal purpose.
2. Right to limitation of processing
You can also have the processing of your data restricted, for example if you believe that the data we hold is incorrect. You also have the right to data portability, which means that we will provide you with a digital copy of the personal data you have provided to us upon request.
Where processing of your personal data has been restricted, such data, apart from being stored, may be processed only with your consent, or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person, or on the grounds of an important public interest of the European Union or a member state.
3. Right to file complaints with the competent supervisory authority
In the event of infringements of the GDPR, the persons concerned shall have the right to appeal to a supervisory authority, particularly in the member state of their habitual residence, workplace or place of presumed infringement. Your right to complain exists without prejudice to other administrative or judicial remedies.
4. Assertion of data subject rights
Your inquiries about the assertion of data subject rights and our responses to them will be retained for documentation purposes for a period of up to three years and, in individual cases, for the establishment, exercise or defense of legal claims even beyond this period. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, based on our interest in the defense against any civil claims pursuant to Art. 82 GDPR, the avoidance of fines according to Art. 83 GDPR and the fulfillment of our accountability obligations under Art. 5 para. 2 GDPR.
III. Right of Withdrawal and Objection
Many data processing operations are only possible with your express consent. You may revoke your consent at any time (Art. 7 para. 3 GDPR). To do so, an informal message sent to us by email is sufficient. The legality of the data processing performed prior to the revocation remains unaffected by the revocation.
If the data are processed based on Art. 6 para. 1 lit f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Data Protection Declaration. If you lodge your objection, we will no longer process your relevant personal unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedom, or the processing serves the purpose of asserting, exercising or defending legal claims (objection based on Art. 21 para. 1 of the GDPR).
If your personal data are processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising, including profiling in so far as it is related to such direct marketing. If you object, your personal data will no longer be used for purposes of direct marketing.
IV. Disclosure of Data
The data we collect will only be shared with third parties if:
- You have given your express consent pursuant to Art. 6 para. 1 lit. a GDPR.
- The disclosure pursuant to Article 6 para.1 lit. f GDPR is required for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest meriting protection in not having your data disclosed.
- We are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR.
- This is legally permissible and is required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.
In addition, sharing may take place in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.
V. Storage Duration
In principle, we only store personal data for as long as is necessary to fulfill the purposes for which we collected the data. Thereafter, we delete the data immediately, unless we need the data, until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.
For evidence, we have to keep contract data for another three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred after the legal limitation period at the earliest at this time.
Even after that, we still have to store some of your data for accounting reasons. We are obliged to do so based on statutory documentation obligations that may arise from the German Commercial Code, the Tax Code, the Banking Act, and the Money Laundering Act The periods specified there for keeping documents are two to ten years.
VI. Data Collection on our Website
1. SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as site operator. You can recognize an encrypted connection in your browser's address line when it changes from “http://" to “https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
2. Server log files
Each time you use our website, we collect the connection data that your browser automatically transmits to enable you to visit the website. The website provider automatically collects and stores information in server log files, which your browser automatically transmits to us. These are especially:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
The data processing of these connection data is essential for enabling the website visit, ensuring the long-term functionality and security of our systems; and maintaining the general administration of our website. The connection data are also temporarily stored in internal log files for the purposes described above and limited in content to what is necessary, for example, to find the cause in the case of repeated or criminal calls that endanger the stability and security of our website and to take action against this. The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as the page is accessed in the course of initiating or implementing a contract, and otherwise Art. 6 para. 1 lit. f GDPR based on our legitimate interest in enabling the website to be accessed as well as the permanent functionality and security of our systems. For data protection reasons, server log files are not stored or analyzed permanently by us.
3. Inquiry by email, phone or fax
You have several options to get in touch with us. This includes, in particular, the contact form, a call or an email using the above contact addresses. In this regard, we process data solely for the purpose of communicating with you. If you send us messages directly via a contact form or you register for our events via the contact form, it is necessary to provide an email address at which we can reach you. We will also ask for your name to be able to address you. The mandatory fields are marked as such. We will process the information you provide on the contact form to respond to your request. The legal basis for the data processing described is Art. 6 para. 1 lit. b GDPR, insofar as your information is used to answer your request or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR based on our legitimate interest after you have contacted us and so that we can answer your request. The data collected during the contact process will be automatically deleted after the complete processing of your request unless we still need the data in your request for fulfilling contractual or legal obligations.
You can order our newsletter. We record your email address for the newsletter order and your name in the case of events as well as company name if applicable.
We use the double opt-in procedure for order of our newsletter, i.e., we shall only send you information by email if you confirm that you are the owner of the email address provided by clicking a link in our notification email. If you confirm your email address, we store your email address, the time of registration and the IP address assigned at registration until you unsubscribe from the newsletter. The sole purpose of storing this information is to send you the newsletters and provide proof of your registration. You can unsubscribe at any time. A corresponding link can be found in every newsletter. A message to the contact data given above or in the newsletter (e.g., by e-mail or letter) is of course also sufficient.
We use pixels (tiny, invisible image files) in our newsletters, which can be used to measure the opening rate as well as links, where we can measure the click on the link before the link is forwarded to the target page. This data processing is exclusively aggregated for statistical evaluation as well as for the optimization and further development of our content and customer communication. Usage analysis at the level of individual recipients of the newsletter does not take place. It also records whether newsletters could be delivered and at which email addresses no delivery was possible. There is no link to other data. You can prevent the measurement of the opening rate by disabling the loading of images in your email client.
As soon as you unsubscribe from the newsletter, your registration details are deleted. Deletion also takes place in a timely manner if you have not confirmed your subscription to the newsletter.
This website uses Campaign Monitor to send newsletters. The provider is Campaign Monitor Pty Ltd, 201 Elizabeth St., Sydney, NSW 2000, Australia. Campaign Monitor is a service that organizes and analyses the distribution of newsletters. The data you enter to subscribe to a newsletter (e.g., email address) are stored on Campaign Monitor's servers.
Sending our newsletters with Campaign Monitor enables us to analyze the behavior of newsletter recipients. Amongst other things, we can analyze how many recipients open the email containing the newsletter and how often various links inside the newsletter are clicked on. "Conversion tracking" can also be used to analyze whether a pre-defined action has taken place after a link in the newsletter has been clicked. Further information on data analysis by Campaign Monitor newsletters can be found at: https://www.campaignmonitor.com/policies/#privacy-policy.
Data are processed based on your consent (Art. 6 para.1 lit. a GDPR).
For more information, please refer to Campaign Monitor's data security provisions at: https://www.campaignmonitor.com/policies/#privacy-policy.
5. Google Maps
Our websites use the map service Google Maps, which is offered to individuals in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other individuals by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). In order for the Google map material we use to be integrated and displayed in your browser when you visit the contact page, your browser must connect to a Google server, which may also be located in the USA. Consequently, Google receives the information that the IP address of your device has accessed the contact page of our website.
The legal basis is your consent, which you may have given for the data processing in accordance with Art. 6 para. 1 lit. a GDPR and for the data transfer in accordance with Art. 49 para. 1 lit. a GDPR in the consent banner. The risks associated with data transfer to third countries can be found in number 7, Data transfer to third countries. No connection to Google's servers takes place without your consent. You can revoke your consent at any time or adjust your selection (see 3.). Access to and storage of information on the terminal device ensues based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per § 25 para. 1 Telecommunications and Telemedia Data Protection Act (TTDSG).
If you access the Google Maps service on our site while logged into your Google profile, Google may link this event to your Google profile. If you do not wish to be associated with your Google profile, you must log out of Google before visiting our contact page. Google stores your data and uses them for the purposes of advertising, market research and personalized display of Google Maps.
6. YouTube with Extended Data Protection
Our website uses YouTube plug-ins. The website operator is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
We use YouTube in the extended data protection mode. According to YouTube, this mode causes YouTube not to store any information about visitors to this website before they watch the video. The disclosure of data to YouTube partners is, however, not mandatorily excluded by the extended data protection mode. Therefore, YouTube will establish a connection to the Google DoubleClick network, regardless of whether you are viewing a video or not.
You are linked to the YouTube servers as soon as you start a YouTube video on our website. The YouTube server is informed about which of our pages you have visited. If you are logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
In addition, YouTube can store different cookies on your device once you have started a video. YouTube can use these cookies to obtain information about visitors to our website. Such information is used inter alia to capture video statistics, to improve user-friendliness, and to prevent attempted fraud. The cookies remain in your terminal until you delete them.
If applicable, starting a YouTube video may trigger further data processing operations. We have no control over this.
YouTube is used in the interests of making our online presence more attractive. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If you visit one of our pages featuring a Vimeo plug-in, a connection to the Vimeo servers is established. The Vimeo server is informed about which of our pages you have visited. Vimeo additionally obtains your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.
If you are logged in to your Vimeo account, Vimeo enables you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo is used in the interests of making our online presence more attractive. This represents a legitimate interest within the meaning of Art. 6 (1) (f) of the GDPR.
Further information about handling user data, can be found in the data protection declaration of Vimeo under: vimeo.com/privacy.
Part 1: Information on data protection regarding our data processing in accordance with Articles (Art.) 13, 14 and 21 of the GDPR (General Date Protection Regulation).
We are pleased that you have taken an interest in our company. In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of the personal data you have provided as part of the application process, about any personal data we may have collected and your rights in this regard. To ensure that you are fully informed about the processing of your personal data in the context of the application process, please take note of the information below.
8.1 Responsible body within the meaning of data protection law
Sterr-Kölln & Partner Partnerschaftsgesellschaft mbB
Tel +49 761 490540
Franziska Benz, Lawyer
Laurent Brault, Avocat au Barreau de Paris
Julia Braun, Lawyer
Dr. Karlheinz Rabenschlag, Lawyer
Heribert Sterr-Kölln, Tax Consultant and Auditor
Bianca Volz, Tax Consultant
firstname.lastname@example.org or data protection officer(at)sterr-koelln.com
8.2 Contact details of our data protection officer
Sterr-Kölln & Partner mbB
Tel +49 761 490540
email@example.com or data protection officer(at)sterr-koelln.com
8.3 Purposes and legal bases for processing
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU-GDPR) and the Federal Data Protection Act (BDSG), insofar as this is necessary for the decision on the establishment of an employment relationship with us.
8.4 Categories of personal data
We only process data that is related to your application. This may include general personal data (name, address, contact details, etc.), information on your professional qualifications and education, information on any further professional training and, if applicable, other data that you provide to us in connection with your application.
8.5 Data sources
We process personal data that we receive from you by post or email when you contact us or that you provide or transmit to us via our online applicant portal at www.sterr-koelln.com.
8.6 Data recipients
We only pass on your personal data internally to those departments and persons who need these data to fulfill our contractual and legal obligations or to pursue our legitimate interests. We may transfer your personal data to companies affiliated with us insofar as this is permissible within the framework of the purposes and legal bases set out in number 3 of this data protection information sheet. Your personal data will be processed on our behalf based on order processing contracts in accordance with Art. 28 GDPR by server hosting and software maintenance. In such cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR.
A transfer of data to recipients outside the company will otherwise only take place if:
- Legal provisions allow or require this.
- The disclosure is necessary for the fulfillment of legal obligations.
- We have your consent.
8.7 Data transmission
Transmission to a third country is not intended
8.8 Duration of data storage
We store your personal data for as long as it is necessary to make a decision about your application. Your personal data or application documents are deleted no later than six months after the end of the application process (e.g., notification of the negative decision) unless storage for a longer period is legally required or permissible. We only store your personal data beyond this period if doing so is required by law or in a specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute. In the event that you have consented to a longer storage of your personal data, we store it in accordance with your declaration of consent. If we enter into an employment relationship, apprenticeship or trainee relationship with you following the application process, we initially continue to store your data insofar as this is necessary and permissible, and then transfer it to your personnel file. Where applicable, you will receive an invitation to join our talent pool following the application process. This enables us to include you in our selection of applicants for suitable vacancies in the future. If we have obtained your consent to do so, we store your application data in our talent pool in accordance with the terms of the consent you have given or with any future consent you may give.
8.9 Your rights
Each person concerned has:
- Right to information pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to deletion pursuant to Art. 17 GDPR
- Right to restrict processing pursuant to Art. 18 GDPR
- Right to notice pursuant to Art. 19 GDPR
- Right to data portability pursuant to Art. 20 GDPR
In addition, you have the right to lodge a complaint with a data protection authority pursuant to Article 77 GDPR if you believe that your personal data is not being processed lawfully. Your right to complain exists without prejudice to other administrative or judicial remedies. If the processing of your data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Article 7 GDPR.
Please note that such revocation is only with future effect. Processing operations that are performed prior to the revocation are not affected. Please also note that we might need to retain certain data for a certain period of time to comply with legal requirements (see number 8 of this Data Protection Declaration).
8.10 Automated decision-making
Since the decision on your application is not based exclusively on automated processing, we do not perform any automated decision-making in individual cases within the meaning of Article 22 GDPR.
9. Cookies and similar technologies
Our website uses the WordPress plugin “Usercentrics” to record and manage the consents and possible revocations. When you make a decision in the consent banner, a cookie is set that records your consent or refusal. We set this technically required cookie based on Art. 6 para. 1 lit. f GDPR to document your consent. Access to and storage of information on the terminal device in these cases ensues based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per § 25 para. 2 Telecommunications and Telemedia Data Protection Act (TTDSG). If you delete your cookies, we will ask you again for your consent when you visit the site later.
You can revoke your consent at any time or adjust the selection of tools by clicking on the following link: Privacy Settings
a. Google Tag Manager
Our website uses Google Tag Manager, a service offered to individuals in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other individuals by Google LLC 1600 Amphitheatre Parkway , Mountain View, CA 94043, USA (“Google”). Tag Manager is used to manage the tools and external services that we use on our website and enables the use of tags. A tag is a code element that is stored in the source code of the website to control, for example, which page or service elements and tools are activated and loaded in which order. The tool triggers other tags, which in turn may collect data under certain circumstances and which are explained further in this Data Protection Declaration.. Some of the data are processed on a Google server in the USA. Refer to Google Tag Manager information for more information.
b. Google Analytics
Google uses this stored information on our account to evaluate use of our website, to compile reports on website activity for website operators, and for the provision of other services for us related to internet use and use of the website.
The data collected in the context of the usage analysis by Google Analytics is enriched with data from the Google Search Console and linked to the data from Google Ads, especially to measure the success of our advertising campaigns (called conversions).
Processed data: The following data may be processed by Google Analytics: anonymized IP address; referrer URL (previously visited page); pages accessed (date, time, URL, title, length of stay); downloaded files; links clicked on to other websites; if necessary, reaching certain goals (conversions); technical information (operating system; browser type, version and language; device type, brand, model and resolution); approximate location (country and, if necessary, city, based on anonymized IP address).
Data privacy settings Anonymization of the IP address; deactivated advertising function; deactivated personalized advertising; deactivated remarketing; retention period of 14 months; deactivated data sharing (in particular Google products and services, benchmarking, technical account, account specialist).
Storage period of cookies: Google Analytics uses the following cookies for the stated purpose with the respective storage period: "_ga" for two years, "_gid" for 24 hours (both to recognize and distinguish website visitors by a user ID), "_gat" for one minute (to reduce requests to the Google servers) and, if applicable, "IDE" for 13 months (third party cookie to recognize and distinguish website visitors by a user ID, to record interaction with advertising and in the context of displaying personalized advertising).
If you have not consented to the use of the analysis tools, your data are not collected as part of Google Analytics. In addition to the above-mentioned possibility to revoke your consent or to adjust the selection of cookies, you also have the following further options to prevent web analysis by Google:
- You can set your browser to block cookies from Google Analytics.
- You can customize your Google advertising settings.
- You can install the deactivation plug-in provided by Google under the following link in your browsers Firefox, Internet Explorer or Chrome (this variant does not work on mobile devices): Link to browser plug-in.
10. Online presence in social media networks
We maintain various online presences in social media networks to communicate with interested parties and to inform them about our products and services, inter alia:
Xing Company Profile of XING SE, Dammtorstrasse 32, 20354 Hamburg(“Xing”)
As part of the operation of our online presence on social networks, we can access information such as statistics on the use of our online presence provided by the operator of the social network. These statistics are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country), employment-related information (e.g., job, position, industry, professional experience, company size), as well as data on interaction with our online presence (e.g., likes, shares, subscription, viewing of images and videos) and the contributions and content distributed via it. The statistics can also provide information about the interests of the users and which content and topics are particularly relevant to them. We can also use this information to adapt the design as well as the activities and content of our online presence and optimize this for our audience. The collection and use of these statistics is subject to a joint responsibility with the operator of the social network.
Further information on joint responsibility, on the type and scope of these statistics and on the contact options of the social network can be found at:
- Facebook: Information about page insights data, page insights supplement regarding the person responsible
- LinkedIn: Page Insights Joint Controller Addendum
- Xing Company Profile of XING SE, Dammtorstrasse 32, 20354 Hamburg
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR to stay in contact with our customers and to inform them as well as to carry out pre-contractual measures with interested parties, as well as Art. 6 para. 1 lit. f GDPR based on our legitimate interest in effective information and communication with users.
Insofar as we receive your personal data during the operation of the online presence in the social networks, you are entitled to the rights mentioned in this Data Protection Declaration. In addition, if you wish to assert your rights against the operator of the social network, the easiest way to do this is to contact the operator directly. The operator knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing and can implement appropriate measures on request if you make use of your rights. We would be happy to support you in asserting your rights as far as we can and forward your inquiries to the operator of the social network.
11. Online meetings via "Teams"
We use "Teams" to conduct online meetings, conference calls and/or webinars (collectively, "Meetings"). Teams is software from Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18, Ireland (“Microsoft”) that is available as a desktop, web and mobile app.
The legal basis for data processing to conduct meetings via Teams is our legitimate interest in the effective and simple execution of online meetings, discussion rounds and presentations in accordance with Art. 6 para. 1 lit. f GDPR. Insofar as the meetings are conducted within the framework of existing contractual relationships with you, the legal basis is Art. 6 para. 1 lit. b GDPR. We are not responsible for the further processing of data on the product website of Teams, where the desktop software can be downloaded and the web app can be used.
The following data might be processed during a meeting:
- Information about the participant: possibly display name, first name, last name, telephone, email address, password (encrypted for authentication), profile picture
- Metadata: Topic and description of the meeting, IP address, phone number of the participant, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of the participant's last activity on Teams, number of chat and channel messages, number of meetings attended, duration of time for audio, video and screen sharing
- At chat or channel message use: Text data for display and, if necessary, logging
- At audio use: Recording data of the microphone
- At video use: Recording data of the video camera
- At recordings: Audio, video and screen sharing for storage in the cloud/Microsoft Stream
- At telephone use: incoming and outgoing telephone numbers, country name, start and end time, possibly other connection data such as the IP address of the device
You register via our website or by email prior to a meeting. We thereby process your login data. Before a meeting, you receive a confirmation email with an invitation link or a calendar date.
To participate in a meeting, at least information about your name and – in the case of telephone use – your telephone number must be provided unless we allow anonymous participation in meetings. In the latter case, we communicate this possibility of anonymous participation in the course of the invitation. You can deactivate the transmission via microphone and camera at any time via the corresponding settings. We only record meetings or log textual data with your consent and prior notification. Microsoft stores and uses the metadata to enable us to analyze and report on the use of Teams.
As part of order processing, Microsoft might obtain knowledge of the above-mentioned data to process it. All data traffic is encrypted (MTLS, TLS or SRTP), and encrypted data storage generally takes place on servers in the European Economic Area (EEA). We also activate end-to-end encryption to the extent possible. In the event that data are nevertheless processed in the USA, Microsoft Ireland Operations Limited and Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, have concluded the EU Standard Contractual Clauses, Module 3, as well as taken additional measures. For more information, please refer to number 7, Data transfer to third countries.