Privacy Policy

Information on the processing of your personal data

The controllers responsible for data processing on this website, the associated social media presences and for other processing activities mentioned are:

KHS Kempis Kleinlosen Partnerschaftsgesellschaft mbB
Wirtschaftsprüfer Steuerberater

KHS Audit and Valuation GmbH
Wirtschaftsprüfungsgesellschaft

Telephone: +49 221 94885 0
Email: office@khs-wp.de

On what legal basis are your data processed?

The legal basis for the processing of personal data is generally – unless more specific legal provisions apply – Art. 6 of the EU General Data Protection Regulation (GDPR). The following possibilities may apply:

  • Consent (Art. 6 para. 1 lit. a GDPR)
  • Data processing for the performance of contracts (Art. 6 para. 1 lit. b GDPR)
  • Data processing based on a balancing of interests (Art. 6 para. 1 lit. f GDPR)
  • Data processing for compliance with a legal obligation (Art. 6 para. 1 lit. c GDPR)

For what purposes do we process your data?

Contact / client data processing

If you contact us by email, telephone or fax, your request including all personal data resulting from it (name, request) will be stored and processed by us for the purpose of handling your enquiry. We do not pass on these data without your consent.

The processing of these data is based on Art. 6 para. 1 lit. b GDPR, insofar as your enquiry is related to the initiation, establishment, content design or modification of a legal relationship between you and us or is necessary for the implementation of pre-contractual measures.

In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested; consent can be revoked at any time with effect for the future.

The data you send to us via contact enquiries will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after completion of your enquiry). Mandatory statutory provisions – in particular retention periods under tax and commercial law – remain unaffected.

Applications

We offer you the opportunity to apply to us (e.g. by email or via an online application form). In the following, we inform you about the scope, purpose and use of your personal data collected in the context of the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

If you submit an application to us, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with effect for the future. Your personal data will be passed on within our company exclusively to persons who are involved in processing your application.

If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.

If we are unable to offer you a position, you reject an offer or withdraw your application, we reserve the right to retain the data you have transmitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given corresponding consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Server log files

With every request, i.e. every page view, information is automatically stored in so-called server log files. These are in detail:

  • Your IP address
  • Date and time of the request
  • Address of the accessed page or file
  • Amount of data transferred in bytes
  • Success or error code of the request (“status code”)

Identification of your web browser (e.g. browser type, browser version and operating system used; “User-Agent” header)

Previously visited page that led you here, e.g. via a link

The information on the last two points is automatically transmitted by your web browser. You may be able to deactivate this in your browser settings. These data in the server log files are not attributable to specific persons. These data are not merged with other data sources. Evaluation is carried out exclusively to ensure the provision of our website and to identify possible sources of error. We also reserve the right to check these data retrospectively if concrete indications of unlawful use become known to us. The processing is carried out on the basis of these legitimate interests (Art. 6 para. 1 lit. f GDPR). The server log files are automatically deleted after an reasonable period.

To which recipients are the data transferred?

Your personal data will generally only be passed on to third parties if this is necessary for the performance of the contract with you, the transfer is permissible on the basis of a balancing of interests within the meaning of Art. 6 para. 1 lit. f GDPR, we are legally obliged to transfer them or you have given your consent.

What rights do you have as a data subject?

All data subjects have the following rights:

Right of access (Art. 15 GDPR)

Right to rectification of inaccurate data (Art. 16 GDPR)

Right to erasure or a “right to be forgotten” (Art. 17 GDPR)

Right to restriction of processing of personal data (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

You may object at any time, without giving reasons, to the processing of personal data for advertising purposes, including the analysis of customer data for advertising purposes.

In addition, you have a general right to object (cf. Art. 21 para. 1 GDPR). In this case, the objection to data processing must be justified. If the data processing is based on consent, you may revoke your consent at any time with effect for the future.

To exercise your rights, the easiest way is to contact the contact details provided above or the address stated in the legal notice. You also have the right to lodge a complaint with a data protection supervisory authority.

How long are your data stored?

If the storage period has not already been specified for the individual processing operations, we process your data as long as this is necessary for the respective purpose.

If statutory retention obligations exist – e.g. under commercial or tax law – the relevant personal data will be stored for the duration of the retention obligation. After expiry of the retention obligation, it will be checked whether further processing is necessary. If it is no longer necessary, the data will be deleted.

We maintain publicly accessible profiles in social networks

Social networks can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-related processing operations.

In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal may assign this visit to your user account. Your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, data collection takes place, for example, via cookies stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policies of the respective social media portals.

Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

If you visit one of our social media presences, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can generally assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that, despite the joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are determined largely by the corporate policy of the respective provider.

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data stored by the operators of the social networks for their own purposes. For details, please inform yourself directly with the operators of the social networks (e.g. in their privacy policy, see below).

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
https://www.linkedin.com/legal/l/eu-sccs

Details on how LinkedIn handles your personal data can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy

Instagram

We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Instagram uses advertising and analytics cookies.

Data transfer to the USA is based on the standard contractual clauses (SCC) of the European Commission. Details on the standard contractual clauses and data transfer can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum

Details on how Instagram/Meta handles your personal data can be found in the privacy policy:
https://privacycenter.instagram.com/policy/

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Google Maps

On our website, we use the map service Google Maps of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To display the map, a connection to Google’s servers is established. Personal data, in particular your IP address and technical information about your end device, may be processed. A transfer of data to Google servers in the USA cannot be excluded.

The use is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time with effect for the future.

Further information on data processing by Google can be found at:
https://policies.google.com/privacy

Cookies

Please note that we use the WPML plugin to provide our website in multiple languages. When used, a technically necessary cookie is set that stores your language selection. This cookie contains only information about the language you have selected and is automatically deleted when the browser is closed.

Cookie name: wp-wpml_current_language

Purpose: Storage of the language selection

Duration: Session

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)