We take the protection of your personal data very seriously. Data is “processed” by us in accordance with the applicable statutory data protection regulations, in particular the European General Data Protection Regulation (hereinafter referred to as GDPR) and the country-specific data protection regulations.
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as collecting, recording, organizing, organizing, storing, adapting or changing, reading out, querying, Use, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.
In the following we inform you about the processing of your data, in particular about the type, scope and purpose of the collection and use of personal data as well as the corresponding legal basis for the individual processing operations on our website, when sending customer data, applicant data and about the handling of data from suppliers. In addition, we explain to you in our data protection declaration which rights you are entitled to with regard to data processing.
2. Responsible body for data processing
You can reach the office responsible for data processing using the contact details given below:
SiBa Wirtschaftskanzlei GmbH
Telephone: +49 30 77 00 600 88
3. Type, scope, purpose and legal basis for processing your data
Personal data will only be processed by us if this is permitted by law, in particular to process inquiries, to fulfill a contract, if there is a legitimate interest or if you consent to the data processing of your personal data.
Below we inform you about the type, scope, purpose and legal basis of the processing of your personal data:
a) Visiting our website (server log files)
When you visit our website, the server stores data in so-called server log files, which your internet browser automatically transmits to the server, in particular:
– Visited website
– Time at the time of access
– Amount of data sent in bytes
– Source/reference from which you came to the page
– Browser used
– Operating system used
– IP address used
The data collected is only used for anonymous statistical evaluations and to improve the website. However, the website operator reserves the right to subsequently check the server log files if there are concrete indications of illegal use.
This data is processed in order to enable the use of the website you have accessed at all, for statistical purposes, to improve our website and to protect against illegal cyber attacks and to exercise, assert or ward off legal claims. Your IP address will only be stored for as long as is necessary to defend against possible cyber attacks and to provide law enforcement authorities with the information necessary for criminal prosecution.
The data given above will be processed separately from all personal data that you provide to us when you visit our website and/or use a service or service and will not be combined under any circumstances.
The data processing described above has its legal basis in Article 6 Paragraph 1 Letter b) GDPR for the implementation of necessary pre-contractual measures, which take place at your request in order to enable you to use the Internet pages you have accessed at all. Insofar as the above data is processed to protect against illegal cyber attacks or to exercise, assert or ward off legal claims, this is done on the legal basis of Article 6 Paragraph 1 Letter f) of the GDPR. Our legitimate interest in this data processing lies in evaluating the data to improve our website in order to exercise, assert or ward off legal claims and to protect our systems from illegal cyber attacks.
Reference is made to the right of objection in accordance with Section 7 of this data protection information.
b) Processing of personal data to fulfill the contract or to carry out necessary pre-contractual measures, which take place at your request
If you want to make use of the services we offer, it is necessary for you to provide us with personal data.
We process your personal data for the above purposes on the legal basis of Article 6 Paragraph 1 Letter b) GDPR in order to fulfill a contract with you or to carry out necessary pre-contractual measures, which take place at your request.
The purpose of processing your personal data is therefore, for example, to process inquiries or to provide the desired service. Without providing the personal data, we cannot process your request and/or conclude the contract with you and provide the services and benefits offered.
c) Processing of data from suppliers
As far as we process the data of suppliers, the following applies:
The data processed in each case, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship or the pre-contractual relationship. The following data categories are processed by us or can be processed by us:
– master data (e.g. names and addresses),
– Contact details (e.g. email addresses and telephone numbers),
– Contract data (e.g. services used, other contract content, contractual communication, names of contact persons)
– Payment data (e.g. bank details, payment history).
The processing of data from suppliers takes place on the legal basis of Article 6 Paragraph 1 Letter b GDPR in order to fulfill contractual or pre-contractual obligations towards our contractual partners and to provide any services owed.
d) Inquiries via contact forms on our website and e-mail/messenger, telephone or fax inquiries
If you send us inquiries via the contact form on our website and/or inquiries by e-mail/messenger/telephone or fax, your details, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions, until the purpose is lost. We do not pass on this data without your consent or legal permission.
The data processing described above has its legal basis in Article 6 Paragraph 1 Letter b) GDPR for the implementation of necessary pre-contractual measures, which take place at your request.
e) Payment Provider
If we offer various payment options on our website during the ordering process, we will forward your payment data to the respective provider after you have selected a payment provider during the ordering process for the purpose of payment processing and thus to fulfill the contract with you: The legal basis for the transfer of your data to the The payment provider you have selected is then Article 6 Paragraph 1 lit. b) GDPR.
f) Disclosure of your data to processors and third parties
Your data will be passed on to service providers who support us, which we have carefully selected, in order to fulfill the contract or to carry out necessary pre-contractual measures, which take place at your request. These can be technical service providers or service providers who support us with payment processing or accounting and are obliged to maintain confidentiality.
We also reserve the right to include external content from third-party providers (e.g. You Tube videos, external map services, external graphics, etc.) on our website. If we use third-party tools, we will inform you about the use, functionality, legal basis and further details of the respective tools under point 15 of this data protection declaration.
Otherwise, your personal data will only be passed on to other third parties if we are legally obliged to do so on the legal basis of Article 6 Paragraph 1 Letter c) GDPR.
g) Logging of consent and revocation data
If you have given us your consent to the processing of personal data and/or revoke it, we will log these declarations (in particular the date, time, content and the respective IP address) in order to be able to prove your consent and your revocation of consent and in this way to be able to defend against any legal claims and to enable the law enforcement authorities to misuse our services.
We store the log data until the statute of limitations for any liability claims has expired for a period of up to 3 years after you have revoked your consent.
The confirmation and registration data are logged on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. Our legitimate interests lie in defending against any legal claims and preventing improper use of our services. The log data is generated and stored exclusively for the aforementioned purpose.
h) Data processing for administration, organization, financial accounting and compliance with legal obligations
Insofar as we process personal data for the purpose of administration, the organization of our operations, financial accounting and compliance with legal obligations (e.g. archiving, storage obligations), the processing bases are Article 6 (1) lit. c and lit. f GDPR.
i) Direct Mail
Your name and address can also be processed indefinitely for our own postal advertising purposes on the legal basis of Article 6 Paragraph 1 Point f) GDPR, whereby our legitimate interest lies in direct postal advertising for our own services. Reference is made to the right of objection in accordance with Section 7 of this data protection information.
j) Applicant data
We only process applicant data for the purpose and as part of the application process in accordance with the legal requirements. The applicant data is processed for the purpose of making a decision on the establishment of an employment relationship on the legal basis of § 26 BDSG.
The application process requires that applicants provide us with the applicant data. The necessary applicant data can be found in the job descriptions. Basically, this includes personal information, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants can voluntarily provide us with additional information.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application process, their processing takes place on the legal basis of Art e.g. severely disabled or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession are).
If applicants send us their applications via e-mail, please note that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We can therefore assume no responsibility for the transmission path of the application between the sender and receipt on our server. Instead of applying by e-mail, applicants have the more secure option of sending us their application by post.
In the event of a successful application, the data provided by applicants can be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. The applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
The deletion takes place, subject to a justified revocation by the applicant, after a period of six months, so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
In addition to the aforementioned data, cookies may be stored on your computer when you use our website. Cookies are text files containing data from visited websites or domains and are stored by a browser on the user’s computer.
You can also determine whether cookies can be set and called up by changing the settings in your browser. For example, you can deactivate the storage of cookies altogether in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks for your permission. You can also set your browser so that cookies are automatically deleted when you close the browser. Finally, you can activate a do-not-track function (“DNT”) in your browser, so that you are not automatically recorded by any web analysis tool that may be used. Information about the configuration of your browser settings can be found in the help function of your respective Internet browser.
5. Storage and deletion periods for personal data
If the processing purpose for your required personal data no longer applies, your personal data processed by us will be routinely deleted or blocked unless you have consented to permanent storage of your personal data.
If individual data has to be stored after the processing purposes no longer apply due to legal retention periods (e.g. tax and commercial law retention regulations), the data is blocked instead of being deleted. The data to be stored may then be processed on the legal basis of Article 6 Paragraph 1 Letter c) GDPR exclusively for the aforementioned purposes.
6. Rights as data subject of data processing
You always have the rights described below:
– Right to confirmation and information about the personal data processed by us in accordance with Article 15 GDPR
– Right to rectification of your personal data in accordance with Article 16 GDPR
– Right to erasure of your personal data (“right to be forgotten”) in accordance with Article 17 GDPR
– Right to restrict the processing of your personal data in accordance with Article 18 GDPR
– Right to data portability of your personal data in accordance with Article 20 GDPR
– Pursuant to Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or significantly affects you in a similar way.
Please send us your request to the contact details given under point 2 of this data protection declaration.
7. Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 paragraph 1 letter e or f GDPR.
In this case, we no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. In this case we will no longer use your personal data for direct marketing purposes.
8. Right of withdrawal for consent
You can revoke your express consent to data protection law at any time with effect for the future. The legality of the processing carried out on the basis of the consent up to the point of revocation is not affected by the revocation.
9. Complaint about data protection violations with the supervisory authorities
If you believe that your data protection rights are being violated, you can contact the supervisory authority in your state or in the state where our company is based. If a complaint concerns a company that is based in another federal state, the supervisory authority will forward the complaint to the competent supervisory authority there.
The supervisory authority of our registered office is the following:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Telephone: +49 30 13889-0
Fax: +49 30 2155050
10. Obligation to notify in connection with the correction or deletion of personal data or the restriction of processing
We will notify all recipients to whom personal data has been disclosed of any rectification or erasure of the personal data or restriction of processing pursuant to Article 16, Article 17 Paragraph 1 and Article 18 GDPR, unless this proves impossible or is with a disproportionate effort involved. We will also inform you about these recipients if you request it.
11. Statutory or contractual regulations for the provision of your personal data as well as information about the necessity for the conclusion of the contract and about your obligation to provide the personal data and possible consequences of non-provision
As described above, we collect and process your personal data in particular to fulfill a contract with you or to carry out pre-contractual measures at your request. In some cases, the provision of personal data when concluding contracts (e.g. for invoices) is required by law due to tax and/or commercial law regulations, otherwise it is a contractual or pre-contractual obligation. If you do not provide us with any personal data, this means that we cannot conclude a contract with you and/or cannot answer your inquiries.
Insofar as we process your personal data on the basis of a legitimate interest in accordance with Art. 6 Paragraph 1 Letter f) of the GDPR, the provision of your data for these purposes is neither contractually nor legally required. The details of data processing on the basis of a legitimate interest can be found in the above information at the relevant points. If you do not provide us with any personal data for these purposes, this may result in you not being able to use our website and services or not being able to use them to their full extent.
Reference is made to the right of objection in accordance with Section 7 of this data protection information.
12. Automated individual decisions including profiling
We do not use automated decision-making, including profiling in accordance with Article 22 Paragraphs 1 and 4 of the GDPR.
13. Data Security
We use technical and organizational security measures to protect the processing of personal data, in particular against accidental or intentional manipulation, loss, destruction or attacks by unauthorized persons. Our security measures are continuously improved in line with technological developments.
14. Questions / Comments
You are welcome to send questions or comments about this data protection declaration or data protection in general to our contact details, which you can find in section 2 of this data protection declaration.
15. Use of third-party tools on our website
If we refer to data protection information from third-party providers for your further information, which may only be available in English or another foreign language, you can easily convert the foreign-language texts into German (or into another language), for example using the following Translate services for free:
– Deepl Translator: https://www.deepl.com/de/translator
– Prompt translator: https://www.online-translator.com/
– Google translator: https://translate.google.de/
– iOS app: “Deepl”, “iDict”
– Android app: “Deepl”, “Promt-Online-Translators”
There are other translation programs that you can find in app stores and/or search engines that you can use to translate foreign language texts into German (or any other language).
Important Risk Notice
The USA is currently assessed as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes in the USA or comparable unsafe third countries without you being informed about this data processing and without giving you the possibility of a legal remedy against this data processing by the authorities of the unsafe third country.
If you agree to the use of the tools of the third-party providers named below that are not technically necessary, this personal data will be processed by the third-party providers specified.
If you do not agree to the use of these technically unnecessary third-party tools, the third-party tool will not be started and the transmission and processing of your data by the third-party provider as described above will not take place.
We use the following tools (programs) from third-party providers from the USA on our website:
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose of the tool: map service
Legal basis: Consent in accordance with Article 6 paragraph 1 number a) GDPR. You can revoke your consent at any time with effect for the future by going to “Change Privacy Settings” and changing your selection there.
Place of processing: Unknown, possibly also USA
Scope of processing:
If you agree to the use of Google Maps, the following data, among others, will be recorded:
– the page you have accessed
– Your location
– Your IP address
– technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
– Your internet provider
– the referrer URL (from which website/which advertising medium you came to this website)
– if you are logged into your Google account, Google records all activity on websites and apps.
Privacy information of the provider: