Data Privacy Policy
Controller
The party responsible for data collection and processing is BDO Cyber Security GmbH.
Introduction
BDO has various types of data privacy policy, the provisions of which vary depending on the target audience to which each policy is addressed. Below you will find the data privacy policy, in compliance with Art. 13 of the EU General Data Protection Regulation (GDPR), for our business partners (clients, prospective clients, suppliers) and visitors of our website.
A. Business Partners
Voluntary information
We generally collect only those data whose processing is either required by law, stipulated by contract, necessary for the conclusion or performance of a contract, or provided to us voluntarily on the basis of consent.
Data processing for performance of contract
We process personal data provided to us in accordance with Art. 6 para. 1 b) GDPR for the purpose of performing contracts. This includes, without limitation, using data for the initiation of contracts or for the subsequent servicing of contracts or clients.
Data processing on the basis of consent
We will base the processing of personal data of our business partners on consent in accordance with Art. 6 para. 1 lit. a) GDPR only if processing is not already justified on other legal grounds.
We will request consent if we wish to provide information about our own products, services, or events and if the related data processing cannot be justified by the protection of legitimate interests (see also below).
We will also request your consent if we should ever ask you to participate in a survey.
Data processing to protect legitimate interests
We will process personal data in accordance with Art. 6 para. 1 lit. f) GDPR to protect legitimate interests only if the additional requirements of Art. 6 para. 1 lit. f) GDPR are satisfied, i.e., if our interests in data processing or the interests of a third party outweigh the interests or fundamental rights and freedoms of data subjects.
On the basis of Art. 6 para. 1 lit. f) GDPR, we will process your data - to the extent necessary and permitted by law – to review whether we wish or are permitted to accept an order (in particular, for conflict checks or sanction checks).
We will also use your personal data if and to the extent necessary to protect our legitimate legal interests, e.g., to defend or prosecute claims. In this case too, data processing will be based on Art. 6 para. 1 lit. f) GDPR.
If we have not obtained prior consent and provided that the other legal requirements for sending you direct advertising (e.g., invitations, product information, event information, or similar information) are satisfied, such advertising measures will be based on Art. 6 para. 1 lit. f GDPR.
Data processing to comply with legal obligations
If and to the extent necessary, we will process your data in order to be able to comply with any legal documentation obligations, for example, documentation obligations to tax or regulatory authorities. Such data processing will be based on Art. 6 para. 1 lit. c) GDPR. Such legal obligation arises, in particular, from § 147 of the German Tax Code (AO). We will also process your data in accordance with Art. 6 para. 1 lit. c) GDPR to review in detail whether an order may be accepted in the first place. The same applies to our legal obligation to identify our business partners and to other obligations under the provisions of the German Money-Laundering Act.
B. Our Website
Voluntary information
We generally collect only those data whose processing is either required by law, stipulated by contract, necessary for the conclusion or performance of a contract, or provided to us voluntarily on the basis of consent.
Data whose collection on our website is considered necessary by us will be appropriately identified. Providing additional information is optional. There are no negative consequences associated with any failure to provide additional information. However, failure to make available additional information may make subsequent communication more difficult or delay communication in some cases.
Data processing for pre-contractual measures
We will process personal data made available to us in accordance with Art. 6 para. lit. 1 b) GDPR for the purpose of pre-contractual or contractual measures (initiation of contracts).
Data processing on the basis of consent
If you have given your separate consent to be informed by us about our own products, services, or events, or to transfer your data to third parties, such data will be processed on the basis of Art. 6 para. 1 lit. a of the General Data Protection Regulation. We will also process your personal data for purposes of personalized tracking, provided and to the extent that we have received a declaration of consent from you for this purpose.
Your consent may be revoked at any time without affecting the lawfulness of processing that has taken place prior to revocation.
Security through the use of TLS/SSL
If you transmit your data to us via our website, we will use up-to-date security technologies, in particular so-called "Transport Layer Security" (TLS) (previously also known as"Secure Socket Layer" (SSL)) transmission. All information and data transmitted using these secure methods will be encrypted before they are sent to us. This applies in particular to all personal client data, such as your credit card number, bank code, bank account number, name, and address. In order to protect you and us from misuse, the IP address of your computer will be transmitted to us when concluding an online contract. Please be advised that encryption using these technologies is effective only if you have selected the appropriate default settings on your end.
Use of cookies
We use so-called cookies on our website in order to properly assign your online inquiries and requests. Cookies are a kind of electronic business card that makes it easier for you to use our website. These small files will be automatically stored on your hard disk by your browser and are necessary for error-free use of our website. Our cookies contain no person-specific information, so that your privacy will remain protected. Of course, you may block cookies after you have finished using our website, by choosing the appropriate settings in your browser. You may also object to the creation of a user profile in the form of non-personal data. To do so, please deactivate cookies in your browser.
Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. "("Google"). Google Analytics uses cookies, which are text files placed on your computer to help the website analyze how users use the site. The information generated by a cookie about your use of this website (including your IP address, which will be rendered anonymous using the anonymizeIp() method so that it can no longer be associated with a particular connection), will be transmitted to a Google server in the U.S.A. and stored there. Google will use this information for the purpose of analyzing your use of the website, compiling reports on website activity for the website operators, and providing other services related to website activity and internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process such data under the authority of Google. Google may link your IP address with other Google data. You may block cookies by selecting the appropriate settings in your browser. However, please be advised that if you block cookies you may not be able to fully use all functionalities of this website. By selecting the appropriate option on our consent banner,By you consent to the processing of your personal data by Google in the manner and for the purposes described above.(Art. 49 para. 1 lit. a DSGVO. In particular we would like to inform you that by giving your consent, data will be transferred to the USA and your data may therefore be exposed to access by the authorities there and in particularby the secret services. You may prevent the collection of data by Google Analytics with effect for the future by installing a deactivation add-on (https://tools.google.com/dlpage/gaoptout?hl=de) for your browser. For additional information, please visit
https://tools.google.com/dlpage/gaoptout?hl=de
or
https://marketingplatform.google.com/about/
(general information on Google Analytics and data privacy).
If we evaluate your visit to our website based on your consent, you can revoke your consent for the future here if you no longer wish to do so.
Content of third parties
Our portals work together with various partners who in turn offer websites and Internet services which are accessible, for example, via links from our websites. These partners usually have their own data protection policies and/or data protection standards. We assume no responsibility or liability for such policies or standards not related to our offers.
C. Data Recipients
We may transfer your data, for example, to third-party service providers (such as IT service providers, companies destroying or archiving data, cloud providers, Datev).
We will transfer your data to third parties only if we are permitted to do so under applicable data protection law.
Any transfer of data to third parties will be based either on compliance with legal obligations, legitimate interests (e.g., conflict checks), necessary performance of a contract, or any consent we may have received from you. If a third-party service provider provides data processing services as a processor within the meaning of the GDPR, data will be transferred pursuant to a data processing agreement with the third-party service provider.
If it should occasionally be necessary to transfer data to countries outside the European Economic Area (EEA), such transfers will be based on EU standard contractual clauses or will be made to countries for which there is an adequacy decision of the EU.
D. Erasure of Data
We will generally store collected personal data for as long as this is necessary for the purpose for which they were collected, except in the case of Art. 17 para. 3 GDPR. Because purposes of data collection vary, so do the time periods after which data are erased.
Personal data we have collected for purposes of a client matter will be stored by us for the duration of the legal recordkeeping period of § 147 of the German Tax Code (AO).
E. Rights of Data Subjects
Data subjects have the right to obtain information from each data controller about their personal data and to have inaccurate data corrected or deleted for any of the reasons stated in Art. 17 of the General Data Protection Regulation, e.g., if data are no longer required for the purposes for which they were collected. Furthermore, data subjects have a right to restricted data processing if one of the conditions specified in Art. 18 of the General Data Protection Regulation is satisfied and, in the cases defined in Art. 20 of the General Data Protection Regulation, a right to data portability. If data are collected on the basis of Art. 6 para. 1 lit. f (data processing to protect legitimate interests), the data subject has the right to object to the processing of such data at any time for reasons related his or her particular situation. We will then no longer process such personal data unless it can be shown that there are compelling, legally protected reasons for processing such personal data that outweigh the interests, rights and freedoms of the data subject, or such data are processed to prosecute, exercise, or defend legal rights or claims. Consent may be revoked at any time without thereby affecting the lawfulness of any data processing that has taken place prior to revocation. If consent is revoked, we will stop processing the data involved.
F. Right to Lodge Complaint
Each data subject has the right to lodge a complaint with a supervisory authority if he or she believes that the processing of his or her personal data violates data protection law. The right to lodge a complaint may be exercised in particular before a supervisory authority in the EU member state in which the data subject resides or at the place where the alleged violation occurred. In Hamburg this is the Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str. 22, 20459 Hamburg.
G. Contact Information for Data Protection Officer
Peter Suhren
FIRST PRIVACY GmbH, Konsul-Smidt-Str. 88, 28217 Bremen
Email: office@first-privacy.com
Phone: 0421 69 66 32 80