H+S-logo-white

1. Name and Contact Details of the Controller

This privacy policy provides information about the processing of personal data on the law firm’s website of:

Controller:

Helmer Soll Steinhäuser Partnerschaft mbB
Public Audit Firm
Tax Consulting Firm
Professional Practice Partnership

Address: Petersweg 11, 21075 Hamburg, Germany

Email: office@hs-partner.hamburg
Phone: +49 (40) 766 251 – 0
Fax: +49 (40) 766 251 – 40

Contact details of the Data Protection Officer:

Attorney Holger Kröger
Petersweg 11
21075 Hamburg, Germany
Phone: +49 (40) 766 251 – 45
Email: kroeger@hs-partner.hamburg

2. Scope and Purpose of Processing Personal Data

When visiting this website www.hs-partner.hamburg, the internet browser used by the visitor automatically sends data to the server of this website, which is temporarily stored in a log file. Until automatic deletion, the following data is stored without further input from the visitor:

  • IP address of the visitor’s device,
  • Date and time of access,
  • Name and URL of the accessed page,
  • Website from which the visitor arrived (so-called referrer URL),
  • Browser and operating system of the visitor’s device, as well as the name of the access provider used.

The processing of this personal data is justified under Art. 6(1)(f) GDPR. The firm has a legitimate interest in processing the data for the purpose of:

  • quickly establishing a connection to the firm’s website,
  • enabling a user-friendly experience,
  • ensuring system security and stability, and
  • facilitating and improving website administration.

The data is expressly not processed for the purpose of identifying the visitor personally.

3. Contact and Data Protection Regarding Application Data

To respond to inquiries and process job applications, personal data is stored and processed. Processing may also occur electronically, especially when application documents are sent via email. To receive a response, at least a valid email address is required. Additional information may be provided voluntarily.

By sending an email to one of the listed contact addresses, the sender consents to the processing of the transmitted personal data.

If an employment relationship is established, the transmitted data will be stored in accordance with legal requirements for the purpose of managing the employment. If no employment relationship is established, the data collected during the application process will be deleted within two months of the rejection decision, unless legitimate interests oppose deletion.

4. Disclosure of Data

Personal data is disclosed to third parties only if:

  • explicit consent has been given by the data subject under Art. 6(1)(a) GDPR,
  • disclosure is necessary under Art. 6(1)(f) GDPR to assert, exercise, or defend legal claims and there is no reason to assume that the data subject has an overriding interest in non-disclosure,
  • there is a legal obligation to disclose under Art. 6(1)(c) GDPR, and/or
  • disclosure is necessary under Art. 6(1)(b) GDPR to fulfill a contractual relationship with the data subject.

In all other cases, personal data will not be disclosed to third parties.

5. Your Rights as a Data Subject

If your personal data is processed in connection with visiting our website, you have the following rights under the GDPR:

5.1 Right of Access

You may request information about whether personal data concerning you is being processed. No right of access exists if providing the requested information would violate confidentiality obligations under § 57(1) of the German Tax Advisory Act or if the information must be kept secret for other reasons, particularly due to overriding legitimate interests of a third party.

Exceptions may apply if your interests outweigh the confidentiality interest, especially in light of potential harm. The right of access is also excluded if the data is stored solely due to legal or statutory retention obligations or exclusively for data backup or data protection control, provided that access would require disproportionate effort and processing for other purposes is excluded by appropriate technical and organizational measures.

If your right of access is not excluded and your personal data is being processed, you may request the following information:

  • Purposes of the processing,
  • Categories of personal data processed,
  • Recipients or categories of recipients to whom your data is disclosed, especially in third countries,
  • Where possible, the planned duration of data storage or, if not possible, the criteria used to determine the duration,
  • The existence of rights to rectification, erasure, restriction of processing, or objection,
  • The existence of a right to lodge a complaint with a supervisory authority,
  • If the data was not collected from you, any available information about its source,
  • Where applicable, the existence of automated decision-making including profiling, and meaningful information about the logic involved and the significance and intended consequences,
  • Where applicable, in the case of data transfer to third countries without an adequacy decision under Art. 45(3) GDPR, information about appropriate safeguards under Art. 46(2) GDPR.

5.2 Rectification and Completion

If you discover that we hold incorrect personal data about you, you may request immediate rectification of such inaccurate data. If your personal data is incomplete, you may request its completion.

5.3 Erasure

You have the right to erasure (“right to be forgotten”) provided that the processing is not required for exercising the right to freedom of expression and information, fulfilling a legal obligation, or performing a task carried out in the public interest, and one of the following conditions applies:

    • The personal data is no longer necessary for the purposes for which it was collected or processed.
    • The legal basis for processing was solely your consent, which you have withdrawn.
    • You have objected to the processing of your personal data that we made public.
    • You have objected to the processing of personal data not made public by us, and there are no overriding legitimate grounds for the processing.
    • Your personal data was processed unlawfully.

There is no right to erasure if, in the case of lawful non-automated data processing, deletion is not possible or only possible with disproportionate effort due to the specific nature of the storage and your interest in deletion is minimal. In such cases, processing will be restricted instead of deleted.

5.4 Restriction of Processing

You may request restriction of processing if one of the following conditions applies:

  • You contest the accuracy of the personal data. Restriction may be requested for the time needed to verify the accuracy.
  • The processing is unlawful and you request restriction instead of erasure.
  • We no longer need your personal data for processing purposes, but you require it for asserting, exercising, or defending legal claims.
  • You have objected under Art. 21(1) GDPR. Restriction may be requested while it is being determined whether our legitimate grounds override yours.

Restriction means that personal data may only be processed with your consent or for asserting, exercising, or defending legal claims, or for protecting the rights of another natural or legal person, or for reasons of important public interest. Before lifting the restriction, we are obliged to inform you.

5.5 Data Portability

You have the right to data portability if the processing is based on your consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR) or on a contract to which you are a party, and the processing is carried out by automated means. This right includes the following, provided it does not adversely affect the rights and freedoms of others:

You may request to receive the personal data you provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us. Where technically feasible, you may request that we transmit your personal data directly to another controller.

5.6 Objection

If processing is based on Art. 6(1)(e) GDPR (performance of a task in the public interest or exercise of official authority) or Art. 6(1)(f) GDPR (legitimate interests of the controller or a third party), you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation. This also applies to profiling based on these provisions.

After exercising your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

You may object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling related to direct marketing. After exercising this right, we will no longer use your personal data for direct marketing.

You may submit your objection informally by phone, email, fax, or to the postal address listed at the beginning of this privacy policy.

5.7 Withdrawal of Consent

You have the right to withdraw your consent at any time with effect for the future. The withdrawal may be submitted informally by phone, email, fax, or to our postal address. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. After withdrawal, any processing based solely on your consent will cease.

5.8 Complaint

If you believe that the processing of your personal data is unlawful, you may lodge a complaint with a data protection supervisory authority responsible for your place of residence, workplace, or the location of the alleged infringement.

6. Status and Updates of This Privacy Policy

This privacy policy is current as of May 18, 2018. We reserve the right to update it in the future to improve data protection or to reflect changes in regulatory practices or case law.