Privacy Statement

1. Name and contact details of the controller

This privacy statement provides information concerning the processing of personal data on the firm’s website of:

Controller:
Tina Wenzel
Steuerberaterin
Hasenpfad 16
61352 Bad Homburg v.d.H.

Telefon: +49 6172 3881070
E-Mail: tina.wenzel@steuerwerk-wenzel.de

2. Scope and purpose of processing personal data

2.1 Accessing the website

When accessing the www.steuerwerk-wenzel.com website, data is automatically sent to this website’s server by the Internet browser used by the visitor and stored in a log file for a limited period of time. The following data is stored without any further input from the visitor until it is automatically deleted:

IP address of the visitor’s device,

• Date and time of access by the visitor,
• Name and URL of the page accessed by the visitor,
• Website from which the visitor reaches the firm (so-called referrer URL),
• Browser and operating system of the visitor’s device as well as the name of the access provider used by the visitor.

The processing of this personal data is justified in accordance with Article 6 (1) (1) (f) of the GDPR. The firm has a legitimate interest in the processing of the data for the purpose of

• swiftly establishing the connection to the law firm’s website,
• enabling user-friendly use of the website,
• recognising and guaranteeing the security and stability of the systems, and
• facilitating and improving the administration of the website. The processing of the data is categorically not for the purpose of gaining knowledge about the person visiting the website.

2.2 Contact form

Visitors can send messages by means of an online contact form on the website. In order to be able to receive a reply, you must provide your first name, last name, a valid email address, subject and message text. The person making the inquiry can provide all other information voluntarily. By sending the message via the contact form, the visitor consents to the processing of the personal data transmitted. Data processing takes place exclusively for the purpose of handling and answering inquiries via the contact form. This is done on the basis of the voluntary consent given in accordance with Article 6 (1) (1) (a) of the GDPR. The personal data collected for the use of the contact form will be deleted automatically as soon as the request has been dealt with and there are no reasons for further storage (e.g. subsequent instruction of our firm).

3. Disclosure of data

Personal data is transmitted to third parties if

• the data subject has expressly consented to this in accordance with Article 6 (1) (1) (a) of the GDPR,
• disclosure under Article 6 (1) (1) (f) of the GDPR is necessary to assert, exercise or defend legal rights and there are no grounds to assume that the data subject has an overriding legitimate interest in his/her data not being disclosed,
• there is a legal obligation to transmit data in accordance with Article (6) (1) (1) (c) of the GDPR and/or
• this is required under Article 6 (1) (1) (b) of the GDPR for the fulfilment of a contractual relationship with the data subject.

Personal data is not passed on to third parties in any other cases.

4. Cookies

So-called cookies are used on the website. These are data packets that are exchanged between the server of the firm's website and the visitor's browser. When you visit the website, these are saved by the devices used (PC, notebook, tablet, smartphone, etc.). Cookies cannot cause any damage to the devices used in this respect. In particular, they do not contain any viruses or other malware. The cookies store information arising in connection with the specific device used. This means that the firm cannot gain direct knowledge of the identity of the visitor to the website under any circumstances.

Cookies are largely accepted according to the basic settings of the browser. The browser settings can be configured in such a way that cookies are either not accepted on the devices used or a special notification is given before a new cookie is created. It is pointed out, however, that deactivating cookies can mean that not all of the website’s functions can be used in the best possible way.

The employment of cookies helps to make the firm's website more convenient to use. For example, session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are deleted automatically. Temporary cookies are used to improve user-friendliness. They are stored on the visitor's device temporarily. When you visit the website again, it is recognised automatically that the visitor has already accessed the page at an earlier point in time and what entries and settings were made so that they do not have to be repeated.

Cookies are also used to analyse visits to the website for statistical purposes and to improve the site. When the website is visited again, these cookies make it possible to automatically recognise that the website has already been accessed by the visitor. The cookies are deleted automatically after a specified time. The data processed by cookies is justified for the above-mentioned purposes to protect the firm’s legitimate interests in accordance with Article 6 (1) (1) (f) of the GDPR.

• Source
  Web server
• Cookie Name
  PHPSESSID
• Expiry date
  When closing the browser
• Purpose
  This cookie is a reference to a unique session ID set by our website code for a current browser session. This cookie does not collect any personal user data.

5. Your rights as a data subject

Insofar as your personal data is processed when you visit our website, you, as the “data subject”, have the following rights under the GDPR:

5.1 Access

You can request information from us with regard to whether we process your personal data. There is no right of access if the provision of the requested information would violate the duty of confidentiality under Article 83 of the German Tax Consulting Law (Steuerberatungsgesetz, StBerG) or the information has to be kept secret for other reasons, in particular because of an overriding legitimate interest of a third party. In derogation of this, there may be an obligation to provide access if your interests outweigh the interests of secrecy, especially having regard to impending harm or damage. The right of access is also excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or serves the exclusive purpose of data backup or data protection monitoring, insofar as providing access would require disproportionate effort and the processing for other purposes is ruled out by suitable technical and organisational measures. If the right of access is not excluded in your case and your personal data is processed by us, you can request access from us to the following information:

• Purposes of the processing,
• Categories of your personal data undergoing processing,
• Recipients or categories of recipients to whom your personal data is disclosed, especially in the case of recipients in third countries,
• Where possible, the planned duration over which your personal data will be stored or, if this is not possible, the criteria for determining the storage period,
• The existence of a right to correction or deletion or restriction of the processing of the personal data pertaining to you or a right to object to such processing,
• The existence of a right to complain to a supervisory authority for data protection,
• If the personal data has not been collected from you as the data subject, the available information concerning the origin of the data,
• Where applicable, the existence of automated decision-making, including profiling and meaningful information about the logic involved as well as the scope and intended effects of automated decision-making,
• Where necessary, in the case of transmission to recipients in third countries, unless a decision has been taken by the EU Commission on the adequacy of the level of protection in accordance with Article 45 (3) of the GDPR, information with regard to what suitable guarantees are provide for under Article 46 (2) of the GDPR concerning the protection of personal data.

5.2 Rectification and completion

If you find that we have incorrect personal data pertaining to you, you can request that we rectify such incorrect data immediately. If your personal data is incomplete, you can request that it be supplemented to render it complete.

5.3 Erasure

You have a right to erasure (“the right to be forgotten”) unless the processing is necessary to exercise the right to freedom of expression, the right to information or to fulfil a legal obligation or perform a task that is in the public interest and one of the following reasons applies:

• The personal data is no longer necessary for the purposes for which it was processed.
• The basis of justification for the processing was exclusively your consent, which you have withdrawn.
• You have objected to the processing of your personal data that we have made public.
• You have objected to the processing of personal data not made public by us and there are no overriding legitimate reasons for the processing.
• Your personal data was processed unlawfully.
• Deletion of the personal data is required to meet a statutory obligation that we are subject to.

There is no entitlement to erasure if the deletion in the case of lawful non-automated data processing is not possible or is only possible with disproportionate effort due to the special type of storage, and your interest in the deletion is classified as low. In this case, the deletion is replaced by restriction of processing.

5.4 Restriction of processing

You can ask us to restrict processing if one of the following grounds applies:

• You contest the accuracy of the personal data. In this case, the restriction can be requested for the period we need to check the accuracy of the data.
• The processing is unlawful and you request that the use of your personal data be restricted instead of being deleted.
• We no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims.
• You have lodged an objection in accordance with Article 21 (1) of the GDPR. Restriction of processing can be requested for as long as it is still uncertain whether our legitimate grounds outweigh your reasons.

Restriction of processing means that the personal data is only processed with your consent or for asserting, exercising or defending legal claims or for protecting the rights of another natural or legal person or for reasons of important public interest. We have a duty to inform you before we lift the restriction.

5.5 Data portability

You have the right to data portability insofar as the processing is based on your consent (Article 6 (1) (1) (a) or Article 9 (2) (a) of the GDPR) or on a contract to which you are a party and the processing is carried out using automated processes. In this case, the right to portability includes the following rights, insofar as these do not affect the rights and freedoms of others. You can request us to provide you with the personal data you have provided to us in a structured, commonly-used and machine-readable format. You have the right to transfer this data to another controller without any hindrance on our part. As far as technically feasible, you can require us to transfer your personal data directly to another controller.

5.6 Objection

If the processing is based on Article 6 (1) (1) (e) of the GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or on Article 6 (1) (1) (f) of the GDPR (legitimate interests pursued by the controller or by a third party), you have the right to object to the processing of the personal data pertaining to you for reasons arising from your particular situation. This also applies to profiling based on Article 6 (1) (1) (e) or (f) of the GDPR. After the right of objection has been exercised, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can object to the processing of your personal data for direct marketing purposes at any time. This also applies to profiling associated with such direct marketing. Afte

You have the possibility to notify our firm of your objection informally by phone, email, fax or at the postal address listed at the beginning of this privacy statement.

5.7 Withdrawal of

You have the right to withdraw your consent at any time with effect for the future. Notification of the withdrawal of consent can be given informally by phone, email, fax or to our postal address. The withdrawal does not affect the lawfulness of the data processing that took place based on consent up to the time the withdrawal notice was received. After receipt of the withdrawal notice, data processing based solely on your consent will be discontinued.

5.8 Complaint

If you believe that the processing of your personal data is unlawful, you can lodge a complaint with a data protection supervisory authority responsible for the location in which you reside or work or for the location of the alleged violation.

6. Version and updating of this privacy statement

This privacy statement is the version as per 22 July 2024. We reserve the right to update the privacy statement in due course in order to improve data protection and/or adapt to changes in official practice or case law.