Heisterborg GmbH & Co. KG Steuerberaterungsgesellschaft
Heisterborg Holding GmbH Steuerberatungsgesellschaft
Heisterborg Audit GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft
Heisterborg Rechtsberatungsgesellschaft mbH
Heisterborg International Steuerberatungsgesellschaft mbH
Heisterborg International Rechtsanwaltsgesellschaft mbH
Registered office:
Eschstraße 111
48703 Stadtlohn
Fon +49 (0) 25 63 / 922 0
Fax +49 (0) 25 63 / 922 999
info@heisterborg.de
www.heisterborg.de
Contact details of the data protection officer:
The office's data protection officer can be reached at the above address and under datenschutz@heisterborg.de.
The personal data collected on this website is stored on the host's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website visits and other data generated through a website.
The hoster is used for the performance of the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of safe, fast and efficient delivery of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).
Our hoster will only process your data to the extent necessary for the performance of its service obligations and will follow our instructions with regard to this data.
Conclusion of a processing order agreement
In order to ensure data protection-compliant processing, we have concluded an order processing agreement with our host.
Access to the website
When calling up this website, the Internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file for a limited time. Until automatic deletion, the following data will be stored without further input by the visitor:
The processing expressly does not take place with the aim of gaining knowledge of the person of the visitor to the website.
Contact Form
Visitors can message the office via an online contact form on the website. To receive a response, at least the mandatory fields must be completed. All other information may be provided voluntarily by the person making the request. By sending the message via the contact form, the visitor agrees to the processing of the personal data. The data is processed exclusively for the purpose of processing and answering requests via the contact form. This is done on the basis of voluntarily given consent in accordance with Article 6 (1) sentence 1 a) DSGVO. The personal data collected for the use of the contact form will be automatically deleted as soon as the request has been processed and there are no reasons for further storage (e.g. a subsequent order to our office).
Application form
Applicants can submit notices and applications to the office through an online application form on the website. To receive a response, at least the mandatory fields must be completed. More information about the processing of personal data via the application form can be found in the chapter: Processing of applicant data.
Newsletter
By registering to receive the newsletter, the visitor expressly agrees to the processing of the personal data provided. To register for the newsletter, at least the mandatory fields must be completed. The legal basis for the processing of the visitor's personal data for sending newsletters is in accordance with Art. 6 (1) sentence 1 a) DSGVO.
The visitor can unsubscribe from receiving future newsletters at any time. This can be done via a special link at the end of the newsletter or by sending a corresponding message by e-mail to info@heisterborg.de.
In other cases, the personal data will not be provided to third parties.
These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this regard, cookies cannot harm the devices used. In particular, they do not contain viruses or other malware. Information is stored in cookies that is related to the specific terminal device used. The office can therefore in no way directly learn the identity of the visitor to the website.
Cookies are usually accepted according to the basic settings of the browsers. The browser settings can be configured in such a way that cookies are not accepted on the devices used, or that a special message is displayed each time before a new cookie is created. However, it should be noted that disabling cookies may mean that not all functions of the website can be used optimally.
The use of cookies serves to make the use of the office's web offering more comfortable. For example, session cookies can be used to determine whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.
Temporary cookies are used to improve user-friendliness. They are temporarily stored on the visitor's device. When the website is visited again, it is automatically recognized that the visitor has previously called up the page and what input and settings were made then, so that they do not have to be repeated.
Cookies are also used to analyze website visits for statistical purposes and to improve the website. These cookies make it possible to automatically recognize on a new visit that the website has already been called up by the visitor. In that case, the cookies are automatically deleted after a certain period.
The data processed by cookies is justified for the above purposes in order to protect the legitimate interests of the office in accordance with Art. 6 (1) sentence 1 letter f) DSGVO.
| Name | Domain | Recipient | Duration | Legal basis |
| accept_maps_cookie | www.heisterborg.de | No | Session | Consent according to art. 6 I a DSGVO |
| PHPSESSID | www.heisterborg.de | No | Session | Protection of the legitimate interests of the controller in accordance with Art. 6 I f DSGVO |
Note about data transfers to the USA and other third countries
We use, among other things, tools from companies based in the USA or other third countries that are not secure from a data protection perspective. If these tools are active, your personal data may be transferred to these third countries and processed there. We point out that in these countries no level of data protection comparable to that in the EU can be guaranteed. For example, American companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data on US servers for control purposes. We have no influence on these processing operations.
Google Web Fonts
This site uses so-called Web Fonts from Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google's servers.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of reCAPTCHA is to check whether the data entered on this website (e.g. in a contact form) was created by a human or by an automated program. To this end, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements of the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyzes run completely in the background. Visitors to the website are not informed that an analysis is taking place. The data processing is based on Art. 6 paragraph 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers against unlawful automated espionage and against SPAM. More information about Google reCAPTCHA can be found in Google's privacy policy and Google's terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms? hl=de.
Use of Google Maps
This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Web Fonts for the uniform display of fonts. When you call up Google Maps, your browser loads the required Web Fonts into your browser's cache to display the texts and fonts correctly. The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 paragraph 1 lit. f DSGVO. Insofar as corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 paragraph 1 lit. a DSGVO and § 25 paragraph 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time. The data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. More information about the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.
Embedded YouTube videos with enhanced data protection
This website contains videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transmission of data to YouTube partners is not necessarily excluded by the extended data protection mode. YouTube therefore establishes a connection to the Google DoubleClick network, regardless of whether you watch a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server then tells you which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account. In addition, YouTube may store various cookies on your terminal device after starting a video or use similar recognition technologies (e.g. device fingerprints). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent attempts at fraud. If necessary, further data processing processes may be initiated after the start of a YouTube video, over which we have no control. YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 paragraph 1 lit. f DSGVO. If corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 paragraph 1 lit. a DSGVO and § 25 paragraph 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time. More information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
Deubner videos
This website uses plugins from the video portal Deubner-Online. The provider is Deubner Verlag GmbH & Co. KG, Oststraße 11, 50996 Cologne. When you visit one of our pages with Deubner videos, a connection to the Deubner servers is established. The Deubner server is informed which of our pages you have visited. In addition, Deubner obtains your IP address. The use of Deubner is in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 paragraph 1 lit. f DSGVO. If corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) DSGVO and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device within the meaning of the TTDSG. Consent can be withdrawn at any time. Details can be found here: https://www.deubner-steuern.de/infopoint/datenschutz.html.
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis.
Information
You can ask us whether your personal data is processed by us. There is no right to information if providing the requested information would conflict with the obligation of confidentiality under Article 83 StBerG, or if the information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. Notwithstanding the above, there may be an obligation to provide the information if your interests outweigh the interest of confidentiality, especially in view of the threat of damage. The right to information is also excluded if the data is only stored because it may not be erased due to legal or statutory retention periods or serves exclusively for data security or data protection control, provided that providing information would require a disproportionately large effort and processing for other purposes is excluded by appropriate technical and organizational measures. Provided that the right to information is not excluded in your case and your personal data is processed by us, you can ask us for information about the following:
– Purposes of the processing,
– Categories of personal data processed by you,
– Recipients or categories of recipients to whom your personal data is disclosed, in particular in the case of recipients in third countries,
– If possible, the planned duration of storage of your personal data or, if this is not possible, the criteria for determining the storage period,
– The existence of a right to correct, erase or restrict the processing of your personal data or a right to object to such processing,
– The existence of a right of appeal to a data protection supervisory authority,
– If the personal data has not been collected from you as the data subject, the available information about the origin of the data,
– Where applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the scope and intended consequences of the automated decision-making,
– Where applicable, in case of transfer to recipients in third countries, if there is no decision by the EU Commission on the adequacy of the level of protection in accordance with Article 45(3) of the GDPR, information on what appropriate safeguards are provided for the protection of personal data in accordance with Article 46(2) of the GDPR.
Correction and completion
If you determine that we have incorrect personal data about you, you can request us to correct this incorrect data without delay. If your personal information is incomplete, you can request that it be completed.
Removal
You have the right to have personal data erased (“right to be forgotten”), unless the processing is necessary for the exercise of the right to freedom of expression, the right to information or to comply with a legal obligation or for the fulfillment of a task of general interest and one of the following reasons applies:
– The personal data are no longer necessary for the purposes for which they were processed.
– The justification for the processing was solely with your consent, which you have withdrawn.
– You have objected to the processing of your personal data that we have made public.
– You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing.
– Your personal data has been processed unlawfully.
– The deletion of the personal data is necessary to comply with a legal obligation to which we are subject.
There is no right to deletion if, in the case of lawful non-automated data processing, deletion is not possible or only possible with disproportionate effort due to the special nature of the storage and your interest in deletion is minor. In that case, the restriction of processing replaces deletion.
Restriction of processing
You can request us to restrict processing if one of the following reasons applies:
– You dispute the accuracy of the personal data. In that case, the restriction may be requested for the period that allows us to check the accuracy of the data.
– The processing is unlawful and you request restriction of the use of your personal data instead of deletion.
– Your personal data is no longer needed by us for the processing, but you require it for the establishment, exercise or defense of legal claims.
– You have filed an objection pursuant to Article 21(1) DSGVO. Restriction of processing can be requested as long as it is not yet clear whether our legitimate reasons outweigh your reasons.
Restriction of processing means that the personal data will only be processed with your consent or for the establishment, exercise or defense of a legal right or to protect the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we must inform you.
data transfer
You have the right to data portability if the processing is based on your consent (Art. 6 (1) sentence 1 (a) or Art. 9 (2) (a) DSGVO) or on a contract to which you are a party and the processing is carried out using automated procedures. The right to data portability in this case includes the following rights, provided that this does not prejudice the rights and freedoms of other persons: You may request that we provide you with the personal data that you have provided to us in a structured, commonly used and machine-readable format . You have the right to transfer this data to another controller without hindrance from us. If this is technically possible, you can request that we transfer your personal data directly to another controller.
Objection
To the extent that the processing is based on Art. 6 (1) sentence 1 (e) DSGVO (performance of a task carried out in the public interest or exercise of official authority) or Art. 6 (1) sentence 1 (f) DSGVO (legitimate interest of the controller or of a third party), you have the right to object at any time to the processing of your personal data on grounds relating to with your special situation. This also applies to profiling based on Article 6 (1) sentence 1 (e) or f) of the GDPR. After exercising the right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is intended to assert or exercise legal claims or to defend.
You can object to the processing of your personal data for direct marketing at any time. This also applies to profiling in connection with such direct marketing. After exercising this right of objection, we will no longer use the personal data concerned for direct marketing.
You have the option to inform our office informally of your objection by telephone, by email or to our postal address stated at the beginning of this privacy policy.
Withdrawal of consent
You have the right to withdraw your consent at any time with future effect. The revocation of consent can be communicated informally by telephone, by e-mail or to our postal address. The withdrawal does not affect the lawfulness of the data processing that took place on the basis of the consent until receipt of the withdrawal. After receipt of the revocation, data processing, which was based solely on your consent, will be stopped.
Complaint
If you believe that the processing of your personal data is unlawful, you may lodge a complaint with a data protection supervisory authority competent for the place where you live or work or for the place of the alleged infringement.
In the case of links on our websites to external companies and other third parties, Heisterborg is not responsible for the data protection regulations or the content of these websites.
We do not pass on this information without your permission. The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if requested. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for storing the data no longer applies (for example, after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
Below we inform you about the scope, purpose and use of your personal data collected during the application procedure. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection legislation and all other legal provisions and that your data will be treated in strict confidence.
Scope and purpose of data collection
When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.). The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. . 6 paragraph 1 lit. b DSGVO (general initiation of a contract) and – if you have given your consent – Art. 6 paragraph 1 lit. a DSGVO. Consent can be withdrawn at any time. Your personal data will only be passed on within our company to persons involved in the processing of your application. If the application is successful, the data you provide will be processed on the basis of § 26 BDSG and Art. 6 (1) (b) DSGVO stored in our data processing systems for the execution of the employment relationship.
Retention period of the data
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you provide for up to 6 months after the end of the application procedure (rejection or withdrawal of the application) on the grounds of our legitimate interests (Art. 6 para. 1 lit. f DSGVO). The data will then be erased and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is clear that the data will be needed after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies. Longer storage can also take place if you have given consent (Art. 6 (1) lit. a DSGVO) or if legal storage obligations prevent deletion.
Inclusion in the candidate pool
If we do not offer you a job, it is possible to include you in our candidate pool. If you are accepted, all documents and data from your application will be transferred to the candidate pool so that we can contact you if suitable vacancies arise. Inclusion in the candidate pool is solely based on your express consent (Art. 6 para. 1 lit. a DSGVO). Providing consent is voluntary and is not related to the current application procedure. The data subject may withdraw his consent at any time. In that case, the candidate pool data will be irrevocably deleted, unless there are legal reasons for keeping them. The candidate pool data will be irrevocably deleted no later than two years after permission has been given.
The social networks we use are shown in detail below. Social networks such as Facebook, Twitter, etc. can generally make a comprehensive analysis of your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). When you visit our social media, numerous data protection-relevant processing operations are carried out. In detail: If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, under certain circumstances your personal data may also be collected if you are not logged in or do not have an account with the relevant social media portal. In this case, this data collection takes place, for example, via cookies stored on your terminal device or by recording your IP address. Using the data thus collected, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you within and outside the respective social media. Provided you have an account with the relevant social network, the interest-based advertising can be displayed on all devices on which you are or were logged in. Please also note that we cannot monitor all processing procedures on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media are intended to guarantee the most complete possible presence on the internet. This is a legitimate interest within the meaning of art. 6(1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) of the GDPR).
Responsible and enforcement of rights
If you visit one of our social media sites (e.g. Facebook), we are responsible together with the operator of the social media platform for the data processing initiated during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
We would like to point out that, despite joint responsibility with the operators of social media portals, we do not have full influence over the data processing procedures of the social media portals. Our options are largely determined by the respective provider's corporate policies.
Storage period
The data collected by us directly through the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to its storage or the purpose for storing the data no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the social network operators for their own purposes. For details, please contact the operators of the social networks directly (for example in their privacy policy, see below).
Social networks in detail
Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Meta”). According to Meta, the collected data is also transferred to the US and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies the data processing for which we or Meta are responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
The data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For details, see Facebook's privacy policy: https://www.facebook.com/about/privacy/.
Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For details about their treatment of your personal data, see Instagram's privacy policy: https://help.instagram.com/519522125107875.
LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn's advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The transfer of data to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Details about their handling of your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
Xing
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de.
Communication via WhatsApp
We use the instant messaging service WhatsApp to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp gains access to metadata generated in the course of the communication process (e.g. sender, recipient and time). We would also like to point out that according to its own statement, WhatsApp shares personal data of its users with its parent company Facebook, which is based in the US. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy. WhatsApp is used on the basis of our legitimate interest to communicate with customers, stakeholders and other business and contractual partners as quickly and effectively as possible (Art. 6 para. 1 lit. f DSGVO). If corresponding consent has been requested, data processing takes place exclusively on the basis of consent; this can be revoked at any time with effect for the future. The communication content exchanged between and on WhatsApp will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for storing the data no longer applies (e.g. after the processing of your request is completed). Mandatory legal provisions – in particular retention periods – remain unaffected. We use WhatsApp in the “WhatsApp Business” variant. The data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum. We have set our WhatsApp accounts so that they do not automatically match data with the address book on the smartphones used. We have concluded an order processing agreement (AVV) with the above-mentioned provider.
Microsoft Forms is a service that can be used to analyze form responses. The data you enter to obtain information is stored on Microsoft USA or Ireland servers. This tool is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in processing the data to facilitate the performance of the contract. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. Device Fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time. For more information, please refer to Microsoft's privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
Note about data transfers to the US: Your personal data may be transferred to Microsoft servers in the US. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. American companies are obliged to transfer personal data to security authorities without you as the data subject being able to take legal action. It cannot therefore be excluded that US authorities (e.g. secret services) process, analyze and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities. The transfer of data to the USA is based on the European Commission's Standard Contractual Clauses. In addition, Microsoft is certified in accordance with the EU-US Data Privacy Framework (EU-US DPF) (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active).
Retention period: The data you enter on the form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Order processing: We have entered into an order processing contract with Microsoft and fully implement the strict requirements of the German data protection authorities when using Microsoft Forms.
Data transfer: Data is transferred to locations in countries outside the EU or the European Economic Area (EEA) – so-called third countries – if this is necessary for the execution of an order/contract, if this is legally required, if this is in the context of a legitimate interest or if permission has been given. The processing of personal data in a third country may also take place in connection with the involvement of service providers as part of order processing. If the EU Commission has not decided on an adequate level of data protection in the country in question, EU data protection regulations ensure that the rights and freedoms of business partners and stakeholders are adequately protected and guaranteed through appropriate contracts.
Cookies: The Microsoft Forms site sometimes uses so-called cookies. These cookies include:
| Bezeichnung | Empfänger |
| MUID | .office.com |
| MSO | .microsoft.com |
| fptctx2 | .microsoft.com |
| MicrosoftApplicationsTelemetryDeviceId | forms.microsoft.com |
| bm_sv | .microsoft.com |
| ak_bmsc | .microsoft.com |
| MSFPC | forms.microsoft.com |
| ai_session | forms.microsoft.com |
| RpsAuthNonce | forms.microsoft.com |
| __RequestVerificationToken | forms.microsoft.com |
| FormsWebSessionId | forms.microsoft.com |
| RpsAuthNonce | forms.microsoft.com |
| _ga_KF2MST0C8W | .microsoft.com |
| _ga_2V1LWVMFEQ | .microsoft.com |
| _ga | .microsoft.com |
| MC1 | .microsoft.com |
| MSCC | .microsoft.com |
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Cookies that are necessary to carry out the electronic communications process or to provide certain functions you have requested are stored on the basis of Art. 6 par. 1 paragraph. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services.
We reserve the right to update the Privacy Policy in due course to improve data protection and/or to adapt to changes in government practice or case law. Information about our data protection agreement between us and our customers can be found here .
Please feel free to inquire about what we can do for you.
