Contact details of the Data Protection Officer

Schwer, Susanne
susanne.schwer@ecovis.com

Information according to Art. 13, 14 GDPR

1. Purpose, collection and processing of personal data

In particular, for the purpose of fulfilling the agreed services, we collect the following information from our clients and, where applicable, from their employees, business partners and partners:

Payroll accounting

• Address, name, first name, address
• Nationality
• Parental ownership, child allowances
• Business number, tax number, contribution account number (sickness fund)
• Tax ID, tax class
• Confession
• Social security number or birth name and place of birth
• Gender, date of birth and marital status
• Health insurance, professional cooperative
• Bank account
• Qualifications
• Employment information
• Company cars (e.g. license plate, list price)
• Departments, establishments, cost centres, cost bearers and employee groups
• Information about children
• Compensation, VWL, occupational pension, company car
• Loans, attachments (incl. payee)
• Severe disability card/ file number
• Billing information

Financial Accounting

• Address, name, first name, address
• Tax identification numbers, tax number, tax office
• Bank account
• Customer/supplier data and business partners
• Partner Data
• Credit information
• Payroll information

Financial Statements and Tax Return

• Address, name, first name, address
• Communication data, contacts
• Tax identification numbers, tax number, tax office
• bank account,
• Payroll information
• Customer/supplier data and business partners
• Credit information
• Spouse/partner and children
• Supported people
• Partners, co-entrepreneurs, stakeholders
• Decedent/Giver/Acquirer/Legatee

Advice on tax, legal and economic matters

• Address, name, first name, address
• Communication data, contacts
• Bank account
• Tax numbers, tax identification numbers
• Customer/supplier data and business partners
• Spouse/partner and children
• Supported people
• Partners, co-entrepreneurs, stakeholders
• Decedent/Giver/Acquirer/Legatee
• Payroll information

Data processing takes place at the request of the client and is subject to Art. 6 para. 1 S. 1 lit. b GDPR, necessary for the aforementioned purposes for the processing of the mandate and for the mutual fulfilment of obligations under the mandate agreement.
In addition, we process personal data if this is necessary to comply with a legal obligation, in accordance with Art. 6 para. 1 S. 1 lit. c GDPR, it is necessary to give us consent, pursuant to Art. 6 para. 1 S. 1 lit. a GDPR, has been granted or the processing is for the protection of our legitimate interests or the protection of the legitimate interests of a third party, pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, is required. Legitimate interests include, in particular, fraud prevention, marketing purposes and internal administrative purposes within the Ecovis Group.
The information we collect is generally necessary for the establishment and conduct of a business relationship, including the fulfilment of the obligations arising therefrom. There is usually no obligation to provide the data. Failure to provide personal data usually means that an agency relationship cannot be established between us because we do not have the data we need to perform our tasks.

2. Sharing data with third parties

Personal data will not be transferred to third parties for purposes other than those listed above. The disclosed personal information may be used by the third party only for the stated purposes. Professional secrecy remains intact.
In particular, personal data is regularly transferred to the following third parties:
• Financial management
• Retirement facilities, especially health and pension insurance
• Administrative authorities, courts
• Employment Agency
• Banks
• Companies of the Ecovis Group

3. Duration of storage of personal data

The personal data collected by us for the purposes of the mandate will be stored until the expiry of the statutory retention obligation for tax advisors (6-10 years after the end of the calendar year in which the mandate was terminated) and will be deleted thereafter, unless we are required to do so pursuant to Article 6 (1) (b) of Regulation (EC) No 45/2001. 1 S. 1 lit. c DSGVO are obliged to a longer storage due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you are required to a further storage according to Art. 6 para. 1 S. 1 lit. a have agreed to GDPR

4. Data subject rights

Data subjects have the following rights with respect to their personal data:
• pursuant to Art. 7 para. 3 GDPR to revoke your once given consent to us at any time. This means that we may no longer continue to process data based on this consent in the future;
• to request information on your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected from us, and the existence of automated decision-making, including profiling, and, where relevant, meaningful information about its details;
• in accordance with Art. 16 GDPR, to request without delay the correction of inaccurate or completion of your personal data stored with us;
• pursuant to Art. 17 GDPR, to request the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
• in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data to the extent that the accuracy of the data is contested by you, the processing is unlawful, but you object to its deletion and we no longer need the data, but you need it to establish, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller; and
• to complain to a supervisory authority in accordance with Art. 77 GDPR. As a general rule, you can contact the supervisory authority of your usual place of residence or place of work, or of our registered office.
Please note that in particular the right of access pursuant to Art. 15 GDPR is restricted, taking into account the possible interference with the rights and freedoms of our clients or third parties. Insofar as personal data of a third party has been transmitted to us as part of a given order, we ask you to claim the rights of the data subject directly from our client. For professional reasons, we are not allowed to exercise these data subject rights insofar as we would be in breach of our legal duty of professional secrecy by exercising them.

5. Right of objection

Where personal data of data subjects are processed on the basis of legitimate interests, pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for doing so arising from your particular situation. If you wish to exercise your right to object, please contact the law firm responsible for you.

Grafenberger Allee 297
40237 Düsseldorf
Phone: +49 211-90 86 70
Fax: +49 211-90 86 711
E-Mail: duesseldorf-kso@ecovis.com
http://www.ecovis.com/duesseldorf

Contact details of the Data Protection Officer

Schwer, Susanne
susanne.schwer@ecovis.com

Information according to Art. 13, 14 GDPR

1. Purpose, collection and processing of personal data

In particular, for the purpose of fulfilling the agreed services, we collect the following information from our clients and, where applicable, from their employees, business partners and partners:

Payroll accounting

• Address, name, first name, address
• Nationality
• Parental ownership, child allowances
• Business number, tax number, contribution account number (sickness fund)
• Tax ID, tax class
• Confession
• Social security number or birth name and place of birth
• Gender, date of birth and marital status
• Health insurance, professional cooperative
• Bank account
• Qualifications
• Employment information
• Company cars (e.g. license plate, list price)
• Departments, establishments, cost centres, cost bearers and employee groups
• Information about children
• Compensation, VWL, occupational pension, company car
• Loans, attachments (incl. payee)
• Severe disability card/ file number
• Billing information

Financial Accounting

• Address, name, first name, address
• Tax identification numbers, tax number, tax office
• Bank account
• Customer/supplier data and business partners
• Partner Data
• Credit information
• Payroll information

Financial Statements and Tax Return

• Address, name, first name, address
• Communication data, contacts
• Tax identification numbers, tax number, tax office
• bank account,
• Payroll information
• Customer/supplier data and business partners
• Credit information
• Spouse/partner and children
• Supported people
• Partners, co-entrepreneurs, stakeholders
• Decedent/Giver/Acquirer/Legatee

Advice on tax, legal and economic matters

• Address, name, first name, address
• Communication data, contacts
• Bank account
• Tax numbers, tax identification numbers
• Customer/supplier data and business partners
• Spouse/partner and children
• Supported people
• Partners, co-entrepreneurs, stakeholders
• Decedent/Giver/Acquirer/Legatee
• Payroll information

Data processing takes place at the request of the client and is subject to Art. 6 para. 1 S. 1 lit. b GDPR, necessary for the aforementioned purposes for the processing of the mandate and for the mutual fulfilment of obligations under the mandate agreement.
In addition, we process personal data if this is necessary to comply with a legal obligation, in accordance with Art. 6 para. 1 S. 1 lit. c GDPR, it is necessary to give us consent, pursuant to Art. 6 para. 1 S. 1 lit. a GDPR, has been granted or the processing is for the protection of our legitimate interests or the protection of the legitimate interests of a third party, pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, is required. Legitimate interests include, in particular, fraud prevention, marketing purposes and internal administrative purposes within the Ecovis Group.
The information we collect is generally necessary for the establishment and conduct of a business relationship, including the fulfilment of the obligations arising therefrom. There is usually no obligation to provide the data. Failure to provide personal data usually means that an agency relationship cannot be established between us because we do not have the data we need to perform our tasks.

2. Sharing data with third parties

Personal data will not be transferred to third parties for purposes other than those listed above. The disclosed personal information may be used by the third party only for the stated purposes. Professional secrecy remains intact.
In particular, personal data is regularly transferred to the following third parties:
• Financial management
• Retirement facilities, especially health and pension insurance
• Administrative authorities, courts
• Employment Agency
• Banks
• Companies of the Ecovis Group

3. Duration of storage of personal data

The personal data collected by us for the purposes of the mandate will be stored until the expiry of the statutory retention obligation for tax advisors (6-10 years after the end of the calendar year in which the mandate was terminated) and will be deleted thereafter, unless we are required to do so pursuant to Article 6 (1) (b) of Regulation (EC) No 45/2001. 1 S. 1 lit. c DSGVO are obliged to a longer storage due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you are required to a further storage according to Art. 6 para. 1 S. 1 lit. a GDPR.

4. Data subject rights

Data subjects have the following rights with respect to their personal data:
• pursuant to Art. 7 para. 3 GDPR to revoke your once given consent to us at any time. This means that we may no longer continue to process data based on this consent in the future;
• to request information on your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected from us, and the existence of automated decision-making, including profiling, and, where relevant, meaningful information about its details;
• in accordance with Art. 16 GDPR, to request without delay the correction of inaccurate or completion of your personal data stored with us;
• pursuant to Art. 17 GDPR, to request the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
• in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data to the extent that the accuracy of the data is contested by you, the processing is unlawful, but you object to its deletion and we no longer need the data, but you need it to establish, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller; and
• to complain to a supervisory authority in accordance with Art. 77 GDPR. As a general rule, you can contact the supervisory authority of your usual place of residence or place of work, or of our registered office.
Please note that in particular the right of access pursuant to Art. 15 GDPR is restricted, taking into account the possible interference with the rights and freedoms of our clients or third parties. Insofar as personal data of a third party has been transmitted to us as part of a given order, we ask you to claim the rights of the data subject directly from our client. For professional reasons, we are not allowed to exercise these data subject rights insofar as we would be in breach of our legal duty of professional secrecy by exercising them.

5. Right of objection

Where personal data of data subjects are processed on the basis of legitimate interests, pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for doing so arising from your particular situation.
If you wish to exercise your right to object, please contact the law firm responsible for you.

ECOVIS Audit AG Wirtschaftsprüfungsgesellschaft

Grafenberger Allee 297
40237 Düsseldorf
Phone: +49 211-90 86 70
Fax: +49 211-90 86 711
E-Mail: duesseldorf-audit@ecovis.com
http://www.ecovis.com/duesseldorf

Contact details of the Data Protection Officer

Fröhlich, Sebastian
datenschutz@ecovis.com

1. Purpose, collection and processing of personal data

In particular, for the purpose of fulfilling the agreed services, we collect the following information from our clients and, where applicable, from their employees, business partners and partners:

Payroll accounting

• Address, name, first name, address
• Nationality
• Parental ownership, child allowances
• Business number, tax number, contribution account number (sickness fund)
• Tax ID, tax class
• Confession
• Social security number or birth name and place of birth
• Gender, date of birth and marital status
• Health insurance, professional cooperative
• Bank account
• Qualifications
• Employment information
• Company cars (e.g. license plate, list price)
• Departments, establishments, cost centres, cost bearers and employee groups
• Information about children
• Compensation, VWL, occupational pension, company car
• Loans, attachments (incl. payee)
• Severe disability card/ file number
• Billing information

Financial Accounting

• Address, name, first name, address
• Tax identification numbers, tax number, tax office
• Bank account
• Customer/supplier data and business partners
• Partner Data
• Credit information
• Payroll information
Financial Statements and Tax Return
• Address, name, first name, address
• Communication data, contacts
• Tax identification numbers, tax number, tax office
• bank account,
• Payroll information
• Customer/supplier data and business partners
• Credit information
• Spouse/partner and children
• Supported people
• Partners, co-entrepreneurs, stakeholders
• Decedent/Giver/Acquirer/Legatee

Advice on tax, legal and economic matters

• Address, name, first name, address
• Communication data, contacts
• Bank account
• Tax numbers, tax identification numbers
• Customer/supplier data and business partners
• Spouse/partner and children
• Supported people
• Partners, co-entrepreneurs, stakeholders
• Decedent/Giver/Acquirer/Legatee
• Payroll information

Data processing takes place at the request of the client and is subject to Art. 6 para. 1 S. 1 lit. b GDPR, necessary for the aforementioned purposes for the processing of the mandate and for the mutual fulfilment of obligations under the mandate agreement.
In addition, we process personal data if this is necessary to comply with a legal obligation, in accordance with Art. 6 para. 1 S. 1 lit. c GDPR, it is necessary to give us consent, pursuant to Art. 6 para. 1 S. 1 lit. a GDPR, has been granted or the processing is for the protection of our legitimate interests or the protection of the legitimate interests of a third party, pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, is required. Legitimate interests include, in particular, fraud prevention, marketing purposes and internal administrative purposes within the Ecovis Group.
The information we collect is generally necessary for the establishment and conduct of a business relationship, including the fulfilment of the obligations arising therefrom. There is usually no obligation to provide the data. Failure to provide personal data usually means that an agency relationship cannot be established between us because we do not have the data we need to perform our tasks.

2. Sharing data with third parties

Personal data will not be transferred to third parties for purposes other than those listed above. The disclosed personal information may be used by the third party only for the stated purposes. Professional secrecy remains intact.
In particular, personal data is regularly transferred to the following third parties:
• Financial management
• Retirement facilities, especially health and pension insurance
• Administrative authorities, courts
• Employment Agency
• Banks
• Companies of the Ecovis Group

3. Duration of storage of personal data

The personal data collected by us for the purposes of the mandate will be stored until the expiry of the statutory retention obligation for tax advisors and accountants (6-10 years after the end of the calendar year in which the mandate was terminated) and deleted thereafter, unless we are required to do so in accordance with Article 6 (1) of Regulation (EC) No 45/2001. 1 S. 1 lit. c DSGVO are obliged to a longer storage due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you are required to a further storage according to Art. 6 para. 1 S. 1 lit. a GDPR.

4. Data subject rights

Data subjects have the following rights with respect to their personal data:
• pursuant to Art. 7 para. 3 GDPR to revoke your once given consent to us at any time. This means that we may no longer continue to process data based on this consent in the future;
• to request information on your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected from us, and the existence of automated decision-making, including profiling, and, where relevant, meaningful information about its details;
• in accordance with Art. 16 GDPR, to request without delay the correction of inaccurate or completion of your personal data stored with us;
• pursuant to Art. 17 GDPR, to request the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
• in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data to the extent that the accuracy of the data is contested by you, the processing is unlawful, but you object to its deletion and we no longer need the data, but you need it to establish, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller; and
• to complain to a supervisory authority in accordance with Art. 77 GDPR. As a general rule, you can contact the supervisory authority of your usual place of residence or place of work, or of our registered office.
Please note that in particular the right of access pursuant to Art. 15 GDPR is restricted, taking into account the possible interference with the rights and freedoms of our clients or third parties. Insofar as personal data of a third party has been transmitted to us as part of a given order, we ask you to claim the rights of the data subject directly from our client. For professional reasons, we are not allowed to exercise these data subject rights insofar as we would be in breach of our legal duty of professional secrecy by exercising them.

5. Right of objection

Where personal data of data subjects are processed on the basis of legitimate interests, pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for doing so arising from your particular situation.
If you wish to exercise your right to object, please contact the law firm responsible for you.