Data Privacy

Last updated: December 2021

Thank you for visiting www.counsel.de, the website from Counsel Treuhand GmbH (hereinafter referred to as "Counsel"/"we"/"us"). We take the protection of your data very seriously. We would like to inform you in the following about the scope and purposes for which we collect and process your personal data over www.counsel.de (hereinafter referred to as "website").

 

Our Privacy Notice is based on the terms used in the General Data Protection Regulation (GDPR). Among others, we use the following terms in this Privacy Notice:

Personal Data refers to any information relating to an identified or identifiable natural person (referred to in the following as “Data Subject”); a natural person is considered identifiable when they can be identified directly or indirectly, in particular by means of assignment to an identifier, such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person (cf. Art. 4 (1) GDPR).

Health Data refers to personal data relating to the physical or mental health of a natural person, including the provision of health services, and revealing information about their state of health (cf. Art. 4 (15) GDPR).

Processing refers to any operation or set of operations that are performed upon personal data, whether or not by automatic means, such as its collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, as well as its alignment or combination, restriction, deletion or destruction (cf. Art. 4 (2) GDPR).

Data Controller refers to the natural or legal person, public authority, agency or other body that alone or jointly with others determines the purposes and means of processing personal data (cf. Art. (4) (3), first half of Sentence 1 GDPR).

Data Processor refers to a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller (cf. Art. 4 (8) GDPR).

Third Party refers to a natural or legal person, public authority, agency or other body other than the Data Subject, Data Controller, Data Processor and the persons authorised to process the personal data under the direct responsibility of the Data Controller or Data Processor (cf. Art. 4 (10) GDPR).

Data Controller for the collection, processing and use of personal data in terms of the General Data Protection Regulation (GDPR) is:

Counsel Treuhand GmbH

Wirtschaftsprüfungsgesellschaft, Steuerberatungsgesellschaft, domiciled in:

Neuer Wall 50
20345 Hamburg
Germany

With this Privacy Notice, we comply with our duty to provide information regarding the type, scope and purposes of processing personal data as set out in Art. 12-14 GDPR.

If you wish to view and/or update your personal data or if have any questions concerning data privacy on our website, please contact us at any time using the following email address: datenschutz@counsel.de or by post to our data protection officer at the address given above.

The scope and type of collection and the processing and use of your personal data differ depending on whether you contact us over our website and use the contact form offered there or you use our website purely for information purposes. You can exercise your rights as a data subject at any time with regard to the data processing procedures described below (see Sec. 6).

 

3.1.1 Enquiries by email
 

If you send us an email, we store your email address and any personal content contained in the message.

This personal data is stored exclusively for the purpose of processing your enquiry and for the event that follow-up questions arise. In order to answer your enquiry, the enquiry may be forwarded by email to the respective contact person at the company (legal basis is formed by Art. 6 (1) )f) or Art. 6 (1) (b) GDPR, if your enquiry relates to our portfolio of services).

We delete the relevant data once the purpose for collecting it no longer applies. You can also exercise your rights as a data subject (see Sec. 6) at any time with regard to said data processing. This means that you can object in particular to the related data processing if you made enquiries that do not relate to our portfolio of services (Art. 21 GDPR).

 

3.1.2 Enquiries over our contact form
 

If you contact us over our contact form, we process your personal data to process the enquiry you made over said contact form. This includes the following personal data in particular and depending on the individual case:

• Salutation/Title*
• First name and last name*
• Company
• Street, No.
• Postcode/town
• State (Country)
• Telephone/fax
• Email address*
• Your message in the text box (varies based on what you enter)*

 

The information marked with an * is mandatory and without this we cannot process your enquiry.

We only process your personal data if you give us your consent to do so (Art. 6 (1) (a) GDPR). You can grant us your consent by ticking the checkbox and pressing "Send" in the contact form with the following text:

Declaration of consent — contact form

I have read and understood the Privacy Statement. I agree to the data I have entered being processed for the purpose of handling my enquiry in accordance with Sec. 3.1.2 of the Privacy Statement. My consent is voluntary and I can revoke it at any time.

To document the submission of your declaration, we also store your IP address and the time when you submitted the declaration. You can revoke your consent to this at any time. For example, you can write us a corresponding email to datenschutz@counsel.de. We will then immediately stop processing your data for the purpose of responding to your enquiry and delete your data, unless we are legally entitled or obliged to continue storing it.

We collect and use personal data automatically that is generated by your visit to our website for the purpose of the technical provision our website and to improve our services.

 

3.2.1 Log files and (session) cookies
 

If you only use our website for information purposes, our server temporarily records the following personal data in what are referred to as log files:

• IP address assigned by the provider,
• File request by the client (file name and URL),
• HTTP status code,
• The website from where you visit us.

 

Unless otherwise stated in this Privacy Notice, this data is required for the technical functioning and operation of our website. The short-term storage of log files is also relevant for the purpose of subsequently clearing up attempted attacks on web servers and possible misuse. Our legitimate interest in this form of data processing therefore is to be in a position to offer you our services based on this set of circumstances (legal basis:

Art. 6 (1) (f) GDPR) and will be deleted when it is no longer required for this purpose.

In several places on our website, we also use "cookies" that serve to make our offering more user-friendly and effective. Cookies are small text files that our website wishes to place on your computer or other internet-enabled devices including tablets or smartphones to the extent that your browser settings accept cookies.

Cookies in no way harm your computer and do not contain viruses. Most of the cookies we use on our website are what are referred to as session cookies which are automatically deleted once you close your browser. These create a session ID for your browser which allows various requests from your browser to be assigned to a session, so that you can be recognised when you return to our website with the same browser. These session cookies are deleted when you close your browser. You have the option to make settings in your browser so that these cookies are not stored in the first place, or that they are deleted at the end of your session. Please note, however, that this may limit your ability to use all the functions of our various web pages.

You can object to your data being processed using cookies at any time for the future (Art. 21 GDPR). However, please note this may then limit your ability to use all the functions of our website.

 

3.2.2 Matomo (formerly Piwik)
 

We use the Matomo web analytics service provided by Innocraft Ltd. 150 Willis St, 6011 Wellington, New Zealand ("Matomo") to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. The legal basis for using Matomo is formed by Art. 6 (1) (a) GDPR.

Matomo sets cookies in the browser on your device. The information collected in this way is stored exclusively on our server in Germany. This involves the following data:

• One byte (last three digits) of the IP address of the user's system accessing the website,
• The website accessed,
• The website which the user accessed the website from (referring website),
• The sub-pages accessed from the website accessed,
• The length of time spent on the website,
• The frequency with which the website is accessed.

 

This website uses Matomo with a PrivacyManager plug-in. As a result, IP addresses are anonymised in our configuration by six digits and do not allow any conclusions to be drawn about the actual connection. The IP address transferred in this way over Matomo by your browser is not merged with other data we collect.

We operate our web analytics software over servers that belong to the agency that we use as a Data Processor in accordance with Art. 28 GDPR (for more information, see Sect. 4.1)

You can prevent web analysis cookies being used by switching off tracking in the form below. Matomo also complies with the "Do not track" setting, which can be set globally in many browsers.

Matomo is free, open-source software in which many developers from different countries and with different technical backgrounds are involved. You can find more information about Matomo under www.matomo.org.

You have the option to prevent actions you take here from being analysed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.

Your visit to this website is currently being recorded by Matomo web analytics. Untick this checkbox to opt-out from this service:

 

3.2.3 Google Web Fonts
 

On our website, we use the Google Fonts service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA ("Google").

If you have your habitual place of residence in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the Data Controller responsible for your data.

Cookies are not stored in your browser when Google Fonts is used. The files (CSS, fonts) are requested over the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts take place completely separately from all other Google services. If you have a Google account, you do not need to worry about information about your Google account being transferred to Google while using Google Fonts. Google only records the use of CSS (Cascading Style Sheets) and the fonts used.

Google Fonts makes it possible for us to use fonts on our own website and not have to upload them to our own server. Google Fonts represents a key component in maintaining the high quality of our website. All Google fonts are automatically optimised for the web which saves on data volume and represents an enormous advantage, especially when used on mobile devices. When you visit our website, the small file size makes sure that the website loads quickly.

We therefore use Google Fonts owing to our legitimate interest in ensuring the quality and performance (through the improved loading time) of our entire online service (legal basis: Art. 6 (1) (f) GDPR).

Google saves requests for CSS assets for one day on their servers, which are also located outside the EU. The font files are stored by Google for a year.

The data is automatically transferred to Google when the page is accessed. To delete this data ahead of time, you should contact Google support at https://support.google.com/?hl=en&tid=331585294560.

You can only prevent the data from being saved by not visiting our website.

For more information, please refer to the privacy policy from Google, which you can access here:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy/

 

3.2.4 XING
 

Counsel maintains a company profile on the XING platform operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING").

XING is a social network which, in addition to allowing the creation of private profiles, also allows the creation of company pages. Photos and other company information, for example, can be uploaded to these pages. Other XING users have access to this information and can write their own posts and share this content.

We would like to point out that your use of our XING page and its functions takes place under your own responsibility. This applies, in particular, to the use of the interactive functions (for example, rating and sharing posts). Alternatively, you can also access some of the information offered over this page over our website.

As the operator of the XING page, we have access to statistical analyses of the hits on our XING page. This data is available in aggregated and anonymised form and does not allow us to draw any conclusions about individual visitors to the page. We use the statistical evaluations to make the information provided on our XING company page more attractive on an ongoing basis and to align it with user interests.

If you are logged into a XING user account at the same time as accessing our company page, information about your access to the service can be assigned to this user account. This information is also available to Counsel as the operator of the company page. You can avoid providing this information by logging out of XING over your user account before accessing our company page.

As a visitor to our XING company page, you also have the option to use interactive functions, such as the “Like” function or sharing and commenting on posts. As a rule, such use requires registering with XING. During this use, personal data and information are visible to us and also to other visitors to the company page and a direct assignment to you may take place. However, we have no influence on the interactive functions and the visibility of user activities on our XING company page.

We would like to expressly point out at this point that you can also visit our XING company page on XING without using these interactive functions.

We operate our XING company page and process your personal data over this page on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in conducting effective marketing over a much-used platform. The company page also provides an option for contacting us by message over the contact channels specified there. We process the information transferred in this way on the basis of Art. 6 (1) (f) GDPR (legitimate interest) or Art. 6 (1) (b) DSGVO if the enquiry is service related. We use this information exclusively for the purpose of responding in a focussed manner to such enquiries.

We have no control over the nature and scope of the data processed by XING, the nature of this processing and the use or disclosure of the data to third parties, in particular to countries outside the European Union. In this respect, we also have no effective control options available to us. Information on how XING processes personal data can be found in the XING privacy policy which you can access over the following link:

https://privacy.xing.com/en/privacy-policy

 

3.2.5 LinkedIn
 

Counsel also maintains a profile on the "LinkedIn" platform from the information service LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

We would like to point out that your use of our LinkedIn page and its functions takes place under your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered over LinkedIn on this website.

When you visit our LinkedIn page, LinkedIn collects your IP address and other information among other things. As the operator of the LinkedIn pages, this information is used to provide us with statistical information on the use of our LinkedIn page. The data collected on your person in this context is processed by LinkedIn and may be transferred to countries outside the European Union. LinkedIn does not conclusively and clearly state and we do not know the way in which LinkedIn uses the data from a visit to LinkedIn pages for its own purposes, to what extent activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data and whether data from a visit to a LinkedIn page is disclosed to third parties.

When you access a LinkedIn page, the IP address assigned to your end device is transferred to LinkedIn. According to information from LinkedIn, this IP address is anonymised (for "German" IP addresses) and deleted after 90 days. LinkedIn also stores information about the end devices used by its users (e.g. as part of the "login notification" function); By doing so, LinkedIn may be able to assign IP addresses to individual users.

If you are currently logged in to LinkedIn as a user, you will have a cookie with an identifier stored on your end device. This allows LinkedIn to track your visit to the respective page and how you have used it. This also applies to all other LinkedIn pages. This data can be used to deliver content or advertising tailored to you. If you want to prevent such data processing, you should log out of LinkedIn or deactivate the "Remain logged in" function, delete the cookies on your device and close and restart your browser. By doing so, LinkedIn information which can be used to directly identify you is deleted. This allows you to use our LinkedIn page without revealing your LinkedIn identifier. When you access the interactive features on the website (Like, Comment, Share, News, etc.), a LinkedIn login screen appears. Once you have logged in, LinkedIn will again be able to identify you as a specific user. Information on how to manage or delete information on your person can be found at https://www.linkedin.com/legal/privacy-policy.

As the information service provider, we do not collect and process any further data from your use of our service.

The information that LinkedIn receives and how it is used is described in general terms by LinkedIn in its data use policy. You will also find information in it on how to contact LinkedIn and on the settings for advertisements. The data use policy is available at https://www.linkedin.com/legal/privacy-policy.

In connection with the tools and features used on our website, we may also need to share some data with third parties in strict compliance with applicable data protection law.

External service providers need to have access to personal data (in particular IT service providers) to provide content-related and technical support for our website.

In this case, your personal data is processed exclusively in line with our explicit instructions and a commissioned data processing agreement in accordance with Art. 28 GDPR. By entering into this agreement, the service provider guarantees to us that the service is provided in accordance with applicable data protection law. Involving professional providers of the corresponding services is expressly provided for by law and serves our legitimate interest in professionalising our offering for your benefit and being able to offer said offering in an economically meaningful manner (legal basis: Art. 6 (1) (f) DSGVO). We remain responsible for protecting your data in this case, too.

In this context, we forward your data to the following service providers:

elbformat content solutions GmbH
Großer Burstah 50-52
20457 Hamburg
https://www.elbformat.de/datenschutz

 

We reserve the right however, to disclose your personal data if we are demonstrably obliged to do so by law or if authorities or law enforcement agencies ask us to do so in a legally compliant manner.

Your data is processed mainly in Germany. Your data will only be transferred to a country outside the European Union or European Economic Area if this country offers an adequate level of protection within the meaning of Art. 45 ff. GDPR. Data collected on our website may be forwarded to the United States (Google LLC.) on this basis. To protect your data from unauthorised access and misuse, we have taken extensive, state-of-the-art technical and organisational security precautions in accordance with European data protection law (Art. 32 GDPR).

You can contact us at any time by email (datenschutz@counsel.de) to exercise the following rights:

Right to information: You can request information about the scope, origin and recipients of the data stored on your person and the purpose of storage at any time free of charge (Art. 15 GDPR). If you wish to exercise your right to information, you can contact a Counsel Treuhand employee at any time.

Right to data portability: You can receive the personal data on your person which you have provided to us in a structured, standardised and machine-readable format (Art. 20 GDPR), provided that (1) processing is subject to consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, or a contract pursuant to Art. 6 (1) (b) GDPR and (2) processing takes place with the aid of automated procedures.

Right to rectification: Any subject of personal data processing has the right to demand the rectification without delay of inaccurate personal data of which they are the subject (Art. 16 GDPR). Furthermore, the data subject has the right to request that incomplete personal data be completed, taking into account the purposes of processing.

Right to deletion (right to be forgotten): Any subject of personal data processing has the right to demand from the Data Controller that personal data of which they are the subject is deleted without delay, where one of the following grounds applies and insofar as its processing is not required (Article 17 GDPR): (1) The personal data was collected or otherwise processed for purposes for which it is no longer required. (2) The data subject revokes the consent on which processing was based and no other legal basis for processing exists. (3) The data subject objects to processing and no overriding legitimate grounds exist for processing. (4) The personal data was processed illegally. (5) The deletion of personal data is required in order to comply with a legal obligation.

Right to object: Any subject of personal data processing has the right to object at any time to personal data of which they are the subject being processed (Art. 21 GDPR).

If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh the interests, rights and freedoms of the data subject, or its processing for purposes of asserting, exercising or defending against legal claims. If we process personal data for direct marketing purposes, the data subject has the right to submit an objection at any time against their personal data being processed for the purpose of such advertising.

Right to withdraw consent under data protection law: Any subject of personal data processing has the right to revoke at any time their consent to their personal data being processed (Art. 7 (3) GDPR).

Right to appeal to a supervisory authority: without prejudice to another administrative or judicial remedy, you are entitled to appeal to a supervisory authority, in particular in the member state where your place of residence, place of employment or place of the alleged breach is located, if you believe that processing your personal data breaches the GDPR (Art. 77 GDPR).

When you assert your claims against us, we will examine your claim and, insofar as there is no other legal basis for further processing, comply with it. We will subsequently inform you of the result.

As a rule, complying with a special form is not necessary to assert your rights as a data subject, for example, you can simply write us an email to datenschutz@counsel.de.

We reserve the right to amend or update parts of this Privacy Notice without notifying you in advance. Please refer to our Privacy Notice in advance of using our offering to make sure you stay abreast of any amendments or updates.