The controller responsible for the website in accordance with Article 4(7) of the General Data Protection Regulation (GDPR) can be contacted at the following address:
MÖHRLE HAPP LUTHER Service GmbH
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: info@mhl.de
Further information on MÖHRLE HAPP LUTHER companies can be found on our Legal Disclosures website.
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: datenschutz@mhl.de
When processing your personal data, it is possible that the MÖHRLE HAPP LUTHER Group's operating companies will work closely with MÖHRLE HAPP LUTHER Service GmbH when it comes to certain processing activities and is jointly responsible for processing your personal data. We have contractually stipulated the exact nature of our collaboration in the event that we share responsibility. We would be happy to provide you with information on this upon request.
To be able to offer our services and optimize our website on an ongoing basis, your personal data may also be transferred to other service providers who then process it. Our service providers are carefully selected and contractually bound as required by law, including as data processors in accordance with Article 28 GDPR. If these providers process your data outside the European Union and European Economic Area, we ensure that you have actively given your consent beforehand for your data to be processed or that the providers are bound by standard EU standard data protection clauses that correspond to the legal requirements.
When you visit the website, your internet browser automatically sends certain data to our server and stores it temporarily in a log file. This data includes:
Your data is processed for the following purposes on the basis of our legitimate interest in accordance with Article 6(1) sentence 1f GDPR:
Our firm's website is hosted by domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany. A data processing agreement has been concluded with the service provider in accordance with Article 28 GDPR. Personal data is only transferred to third parties if this is necessary to defend against or investigate criminal acts or if we are otherwise legally required to do so.
Our website uses online fonts from Monotype Imaging Holdings, Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA (fonts.com) and online fonts and icons from Fonticons, Inc, 307 S Main St Ste Bentonville, AR, 72712-9214 USA.
When you view a page, your browser loads the required fonts and icons into your browser cache so that it can display text and fonts correctly. This tells the provider that our website has been accessed via your IP address. It also provides some technical information regarding your browser as virtually every web browser automatically sends this data to the server each time a page is accessed. Even if the provider only requires the transmitted information – and the IP address in particular – so that it can deliver the requested contents, we have no way of knowing whether the provider also stores or statistically evaluates this information and have no influence on this either.
The providers' data protection provisions can be found here:
Monotype Imaging Holdings, Inc.: https://www.monotype.com/legal/privacy-policy
Fonticons, Inc.: https://fontawesome.com/privacy
If your browser does not support online fonts, a standard font from your computer will be used instead. You can prevent online fonts from being loaded by deactivating the 'Java script' function in your browser settings.
We use web analytics service Google Analytics to collect and analyze data about your behavior on our website. For example, this includes data relating to the internet page from which you accessed our website, which subpages you called up, how frequently you accessed them and how much time you spent on each of them. Your device's IP address is shortened and anonymized by Google if our websites are accessed from a member state of the European Union or from another signatory state to the Agreement on the European Economic Area.
Processing personal data allows us to analyze the surfing behavior of visitors to our website. By evaluating this data, we are able to compile and optimize information about how the individual areas and features are used. When our website is called up, you can determine through your consent – in accordance with Article 6(1) sentence 1a GDPR – whether your personal data will be processed. A data processing agreement has been concluded with the service provider.
The Google Analytics components are operated by Google Ireland, Gordon House, Barrow Street, Dublin 4, Ireland.
Subject to your consent in accordance with Article 49(1a) GDPR, your personal data may be transferred within Google to the parent organization Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA – i.e. to a third country. Due to the legal provisions to which Google LLC is subject, the possibility that your personal data will be accessed by government authorities cannot be ruled out.
To bring about improvements to our website, the data is stored for 26 months and then automatically erased.
You can revoke the consent that you originally granted at the beginning of the data processing here; this means that your personal data will no longer be passed on to the operator and that the cookie will be deleted. This does not affect data processing that took place before you revoked your consent.
Further information and Google's data protection policy can be found at the following links:
https://policies.google.com/privacy?hl=policies&gl=de
https://marketingplatform.google.com/about/analytics/terms/de/
Our website allows you to sign up to receive a regular email newsletter free of charge. This newsletter informs readers about our auditing, tax advisory and legal counsel services and any recent developments in these areas.
We need your email address to register you for our email newsletter. We use a double opt-in procedure for this. This means that we will only send you the email newsletter after you have confirmed by clicking on the link contained in an email we sent you after you registered.
Your registration and confirmation are logged. The IP address of your device, your email address and the time of confirmation are saved. This allows us to ensure that you yourself have registered for our email newsletter service as the user of the email address specified.
Once you have provided the necessary confirmation, your email address is processed so that the email newsletter can be sent to the correct target groups. Your email address is used for the sole purpose of sending the email newsletter. The legal basis for processing your personal data after you sign up for the email newsletter is your consent in accordance with Article 6(1) sentence 1a GDPR.
Logging your registration prior to your confirmation and processing your IP address and time of registration constitute a legitimate interest on our part (in accordance with Article 6(1) sentence 1f GDPR). This is because it allows us to enable and document your registration and, if necessary, may be used to investigate potential improper use of your personal data.
For distributing our email newsletter and collecting user data for this purpose, we use the service provider Newsmailservice, 4OfficeAutomation GmbH, Schlägelweg 46a, 31275 Lehrte, Germany, with whom we have signed a data processing agreement in accordance with Article 28 GDPR. When you sign up for our email newsletter, the data provided during registration is transferred to 4OfficeAutomation GmbH, where it is processed in accordance with legal requirements.
Your personal data will be erased if you revoke your consent or if the service is discontinued. If you revoke your consent, you will no longer receive the email newsletter. Your data will be erased from all IT systems unless another legal basis exists for processing your email address. If you have not confirmed that you have signed up to receive the email newsletter, your data will be automatically erased within 4 weeks.
You can unsubscribe from the email newsletter at any time. This can be done by clicking on a specially provided link appearing at the bottom of the email newsletter or by sending an email to newsletter@mhl.de.
We have a number of social media accounts providing information about our services and the latest news from our firm. You can also contact us directly via these social media accounts.
Links to these social media profiles can be found on our website. As a rule, no personal data is sent to the providers to begin with when you visit our website. This only happens when you click on the link to the provider in question, who then receives the information that you have visited our website with your device.
If personal data has been collected with the help of our social media links or accounts and forwarded to the provider in question, we are responsible for this processing this data together with the service provider in question. By contrast, the provider of the service in question is solely responsible for any further processing.
We have accounts on the following social media platforms:
Facebook and Instagram
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
XING and Kununu
Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
LinkedIn
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We have no influence on how and to what extent the service provider processes your data. You will find further information on the type and scope of data processing in the data protection declarations for the provider in question. Some platforms provide us with statistical data that we use to analyze how our social media pages are used and to tailor them to the needs of our target group.
Facebook: We use statistical reports like, for example, the total number of page views, 'likes', terminal devices used, page activities, post interaction and reach, user activities (comments, shared content, replies), origin (country and city), language, age group, gender, level of education, profession, relationship status, clicks on telephone numbers or Facebook groups linked with our page. For instance, we use the distributions according to age and gender to tailor our communication, render our design more attractive and use the preferred visiting times of users to plan the timing and content of our posts for maximum effect. In connection with using Facebook ad campaigns, target groupspecific data is also used to define the exact target group, but this is shown in anonymized form for this purpose. You can find further information on how data is processed by Facebook in the data protection declaration of service provider Meta at https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Instagram: As with Facebook, we receive statistical data via Instagram Insights. You can find further information on how data is processed by Instagram in its data protection declaration at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
XING: XING provides us with statistical data to allow us to analyze how our profile is used. You can find further information on how data is processed by XING in its data protection declaration at https://privacy.xing.com/en.
LinkedIn: We use Insight Data provided by LinkedIn to analyze how our profile is used. You can find further information on how data is processed by LinkedIn in its data protection declaration at https://www.linkedin.com/legal/privacy-policy.
Kununu: Kununu provides us with statistical data to allow us to analyze how our profile is used. You can find further information on how data is processed by Kununu in its data protection declaration at https://privacy.xing.com/en.
Your personal data is processed to allow you to use social media platforms. The legal basis for processing this data is our legitimate interest (in accordance with Article 6(1) sentence 1 f) GDPR) to draw attention to our services and to be able to make contact with you.
The recipients of your personal data are those employees who are responsible for social media at our company and the operators of the social media platforms in question.
We delete direct messages received from you when we no longer need them for contacting you. If you comment on our posts, these will be saved until you delete them yourself. The platform operator in question is solely responsible for decisions about whether your other personal data is to be saved.
Some of the social media platforms that we use process your personal data outside the European Union, i.e. in the United States. If your data is processed outside the European Union, EU standard contractual clauses in accordance with Article 46(2) c) GDPR help to ensure an adequate level of protection for your data. However, the possibility that this data will be accessed by government authorities cannot be ruled out. You will find further information on this on the relevant platform operator's web pages:
Facebook and Instagram: https://www.facebook.com/help/566994660333381
LinkedIn: https://www.linkedin.com/help/linkedin/answer/a1343190?lang=en
As only the platform provider has full access to the user data, we recommend that you contact the provider of the social media platform directly if you want to exercise the rights outlined under 1.7. below. Alternatively, we can help you to exercise your rights vis-à-vis the service provider. Should you require this, we can be contacted at the address stated under 1.1.1. above.
If your personal data is processed when you visit our website and use our services, you are defined as a "data subject" by the GDPR and, if the legal preconditions are met, have the following rights:
Art. 15 GDPR: Right of notification for data subjects
Article 15 GDPR states that you have the right to receive information from us regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
Article 16 GDPR states that, if data about you is incorrect or incomplete, you have the right to request that this be corrected or completed.
Art. 17 GDPR: Right to have data erased
Article 17 GDPR states that you have the right to request that your personal data be erased. This right depends on a number of factors, including whether we still require your data to fulfill our contractual or statutory duties or whether we (or third parties) have a legitimate interest in processing your personal data, e.g. for asserting, exercising or defending legal claims.
Art. 18 GDPR: Right to limit processing of data
Article 18 GDPR states that you have the right to request that your personal data only be processed to a limited extent.
Art. 20 GDPR: Right to data portability
Article 20 GDPR states that you have the right to receive the data you provided in a structured, standard and machine-readable format and to have this transmitted to other data controllers.
Art. 21 GDPR: Right of objection
Article 21 GDPR states that – at any time and for reasons pertaining to your specific situation – you have the right to lodge an objection to your data being processed. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing this data that outweigh your interests, rights and liberties – or if the data is processed for the purposes of asserting, exercising or defending legal claims. If your personal data is processed for the purposes of direct advertising, you have the right to object at any time to this personal data being processed for the purposes of such advertising; this also applies for profiling insofar as this is in connection with direct advertising. If you lodge an objection, your personal data will no longer be used for the purposes of direct advertising.
Art. 7(3) GDPR: Right to withdraw consent
Article 7(3) GDPR states that you have the right to revoke, at any time, your consent to having your personal data processed. Revoking your consent will not affect the legality of the data processing implemented up until the time of revocation.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
If you are of the opinion that the processing of your personal data is unlawful, Article 77 GDPR gives you the right to lodge a complaint with the data protection authorities who are responsible for your place of residence or work or for the place in which the alleged breach occurred.
We reserve the right to update this information at the relevant time to bring it in line with changed administrative practice or court decisions.
The MÖHRLE HAPP LUTHER Group company that is organizing the online conference is responsible for data processing. You can contact the MÖHRLE HAPP LUTHER Group as follows:
MÖHRLE HAPP LUTHER
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: info@mhl.de
You will find an overview of the MÖHRLE HAPP LUTHER Group companies responsible for data processing at https://www.mhl.de/en/imprint.php/.
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: datenschutz@mhl.de
The information on data protection is provided in connection with your registration for and participation in online meetings, video conferences and webinars (hereinafter referred to as "online conferences"). We need your data to plan and facilitate your participation in the online conference. Depending on the field of application, different regulations serve as the legal basis for processing your data.
We process personal data that we have received from you or that you transmit yourself within the scope of the online conference. The online conferences can be operated in different variants. During these conferences, different personal data is processed by us or by the operator. The extent of the data processing also depends on the data you transmit before or while participating in the online conference. We process the following categories of personal data belonging to you:
When using the online conferences, we have defined data protection-friendly settings.
The recording function is always deactivated during our online conferences. If, in isolated cases, an online conference is to be recorded, this will be communicated clearly and in good time and your consent will be obtained if your personal data is processed during the recording.
Chat content or survey details may be logged if this is required for the purpose of logging the findings of an online conference. As a rule, however, this is not the case and will also be communicated in advance.
Software-based 'attention tracking' is used during webinars. For each participant, the products register whether or not the online conference is the topmost (active) window. For example, if you are reading your emails, then the email program is the active window rather than the online conference. If the attention span drops dramatically, then the presenter can make their online conference more attractive. Unfortunately, it is not possible to turn off this function at present.
We do not use automated profiling or decision-making and have no plans to do so.
Please note: Processing certain types of personal data (e.g. health data) or data with high or very high protection requirements for data subjects and the respective companies is not permitted with the selected service provider. Before an online conference is held, we would ask you to check whether this might be able to transmit sensitive data and, if so, whether an alternative should therefore be used.
If we conduct the online conference as part of initiating or implementing contractual relationships – e.g. when conducting seminars – your data will be processed in accordance with Article 6(1) sentence 1b GDPR. This also includes post-processing participation data for our event management. If we are required by law to process personal data, this is done in accordance with Article 6(1) sentence 1c GDPR. This regularly comes into consideration if evidence of participation in seminars is required for tax reasons.
If the online conference is necessary for initiating or implementing a contractual relationship or an employee relationship, the processing is carried out in accordance with Article 6(1) sentence 1b GDPR. In the case of an employee relationship, the processing will take place in conjunction with section 26 of the Federal Data Protection Act (BDSG).
If the online conference is to be recorded and personal data of yours processed, your consent will be obtained in advance in accordance with Article 6(1) sentence 1a GDPR in conjunction with Article 7 GDPR.
Unless there are contractual or legal obligations, the planning and implementation of the online conference will be carried out after a weighing-up of interests in accordance with Article 6(1) sentence 1f GDPR. Our legitimate interest lies in:
We also produce statistical evaluations. Our legitimate interest here is to increase the efficiency of our online conferences, e.g. by measuring participant satisfaction. We use Zoom and Microsoft Teams to conduct online conferences. These are from the following providers:
When individuals register, their personal data is transmitted to the service provider. We have entered into an agreement in accordance with Article 28 GDPR with the data proces-sors for holding online conferences on an order-related basis.
Your personal data will be sent to:
Please note that we are bound to secrecy with respect to all client-related data when passing on data to recipients outside MÖHRLE HAPP LUTHER.
For the purpose of conducting online conferences, your data will be processed by the following service providers:
To ensure an adequate level of protection for your data, we have concluded EU standard contractual clauses in accordance with Article 46(2) c) GDPR. However, we cannot rule out the possibility that this data will be accessed by government authorities.
We store your participant data, such as the name and email address provided, for one month in reports about how the software is used. Data on your device is retained until your browser data is erased. Before recording begins, you will be notified about the storage period for recorded online meetings. We erase data relating to participation in paid events after six years in compliance with legal retention periods. We erase invoice data after ten years.
If participants have consented to their data being used, this data will be erased – in compliance with any statutory retention periods – if consent is revoked. If you wish to revoke your consent to your data being processed, please contact us directly.
If the legal preconditions are met, you have the following rights:
Art. 15 GDPR: Right of notification for data subjects
You have the right to receive information from us regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
If data about you is incorrect or incomplete, you have the right to request that this be corrected or completed.
Art. 17 GDPR: Right to have data erased
You have the right to request that your personal data be erased. Your right to have your data erased depends, among other things, on whether we still need this data to meet our legal requirements.
Art. 18 GDPR: Right to limit processing of data
You have the right to request that your personal data only be processed to a limited extent.
Art. 20 GDPR: Right to data portability
You have the right to receive the personal data you provided in a structured, standard and machine-readable format or to request that this be transmitted this to another data control-ler.
Art. 21 GDPR: Right of objection
You have the right – at any time and for reasons pertaining to your specific situation – to lodge an objection to your data being processed.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a data protection supervisory authority. The authorities that are responsible for us, depending on which company within the MÖHRLE HAPP LUTHER Group is concerned, are:
In the following section, you will find further information on how data is processed by service providers:
Zoom:
Information about data protection
https://explore.zoom.us/de/gdpr/
Terms of use
https://explore.zoom.us/de/terms
Data protection notice
https://explore.zoom.us/de/privacy/
FAQ – International transfer of data
https://explore.zoom.us/media/faqs-international-transfer-of-data-updated-september-2021.pdf
Data processing agreement and EU standard contractual clauses
https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf
Microsoft Teams:
Data protection notice
https://docs.microsoft.com/de-de/microsoftteams/teams-privacy
EU standard contractual clauses
https://docs.microsoft.com/de-de/microsoft-365/compliance/offering-eu-model-clauses?view=o365-worldwide
The MÖHRLE HAPP LUTHER Group company, to which you sent your application, is responsi-ble for processing your data. You can contact the MÖHRLE HAPP LUTHER Group as follows:
MÖHRLE HAPP LUTHER
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
email: info@mhl.de
You will find an overview of the MÖHRLE HAPP LUTHER Group companies responsible for data processing at https://www.mhl.de/en/imprint.php/.
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: datenschutz@mhl.de
We process only personal data that we have received in connection with your application, either from you directly or from you via an application portal. This includes personal master data (e.g. title, first name, last name, date of birth, address), communication data (e.g. email address and telephone number), application data (e.g. letter of application, CV, application photo, attachments, references, certificates and any other information you sent) and information arising from the job interviews.
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
The data is processed for the purposes of processing a job application. If this concerns a decision regarding the establishment of an employment relationship or vocational training position, the legal basis is section 26(1) sentence 1 BDSG. For the initiation of other contractual relationships, the legal basis is Article 6(1) sentence 1b) GDPR.
It may also be necessary to process personal data in order to meet labor law, vocational training law and/or social law requirements (Article 6(1) sentence 1c) GDPR).
If necessary, we will process your data in accordance with Article 6(1) sentence 1f) GDPR to safeguard our legitimate interests or those of third parties, e.g. for:
According to this, it is lawful to process personal data if this is necessary to safeguard our legitimate interests or the interests of third parties, provided that these are not out-weighed by your interest in and right to excluding the processing of this personal data.
If you have given us your consent to process your personal data for specific purposes, we will process your data on this basis (Article 6(1) sentence 1a) GDPR). You can revoke this consent for the future at any time by contacting us at the address indicated above.
In the course of the application process, you can give us your consent for adding you to our pool of applicants and passing on your application to other companies in our Group so that we can take your application into account within the Group in future.
We do not use automated profiling or decision-making and have no plans to do so.
MÖHRLE HAPP LUTHER employees will only have access to your data if they need it for fulfilling the purposes mentioned above. It may also be necessary for the company to which you have sent an application to pass your data on to other Group companies for a specific purpose.
Service providers and vicarious agents commissioned by us can also receive data for these purposes. We commission these as data processors in accordance with the requirements of Article 28 GDPR, particularly in IT service and support and in data destruction.
If service providers are used in the third country, these are – in addition to written instructions – required to meet European data protection levels by signing EU standard contractual clauses. If you would like to receive further information about the adequate safeguards that we have implemented with service providers outside the European Union, please contact our data protection officer.
Your data will be stored for 6 months after the decision regarding the establishment of a contractual relationship; if this does not come to pass, your data will be erased after the deadline expires. If you would like to be added to our pool of applicants, we will retain your data in our systems for a further year. This data will then also be erased once this year has expired.
In isolated cases, data may be stored after the decision regarding the establishment of the desired contractual relationship is taken. For example, this would be the case if there were indications that you would make claims against us. In this case, the data would be stored for as long as it is necessary to process the data for asserting, exercising or defending legal claims. Here, the criteria for storage data can include the deadlines in accordance with laws such as section 15(4) of the German Anti-Discrimination Act (AGG), section 61b of the Labor Court Act (ArbGG) paragraph 1, limitation periods or legally required retention periods.
Data can also be stored for a longer period of time if this is provided for or set out in European or German legislature in EU regulations, laws or other provisions to which we are subject.
If the legal preconditions are met, you have the following rights:
Art. 15 GDPR: Right of notification for data subjects
You have the right to receive information from us regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
If data about you is incorrect or incomplete, you have the right to request that this be corrected or completed.
Art. 17 GDPR: Right to have data erased
You have the right to request that your personal data be erased. Your right to have your data erased depends, among other things, on whether we still need this data to meet our legal requirements.
Art. 18 GDPR: Right to limit processing of data
You have the right to request that your personal data only be processed to a limited extent.
Art. 20 GDPR: Right to data portability
You have the right to receive the personal data you provided in a structured, standard and machine-readable format or to request that this be transmitted this to another data controller.
Art. 21 GDPR: Right of objection
You have the right – at any time and for reasons pertaining to your specific situation – to lodge an objection to your data being processed.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a data protection supervisory authority. The authorities that are responsible for us, depending on which company within the MÖHRLE HAPP LUTHER Group is concerned, are:
You are under no obligation to provide us with personal data for the purposes of processing a job application. However, without your personal data – which is needed for assessing your career, your qualifications and your availability and also for contacting you – we will not be able to carry out the application process.
The MÖHRLE HAPP LUTHER Group company, to which you sent your application, is responsible for processing your data. You can contact the MÖHRLE HAPP LUTHER Group as follows:
MÖHRLE HAPP LUTHER
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
email: info@mhl.de
You will find an overview of the MÖHRLE HAPP LUTHER Group companies responsible for data processing at https://www.mhl.de/en/imprint.php/.
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: datenschutz@mhl.de
We process personal data that we have received from you. We also process personal data that we have obtained permissibly from publicly accessible sources (e.g. commercial register) and are allowed to process. Relevant personal data can include: Personal master data, ad-dress data, communication data, company data and other order-related data.
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
Personal data is processed for the purposes of preparing and entering into client agree-ments and providing tax advisory services, auditing services, legal advice and/or manage-ment consulting and IT consulting within the scope of client agreements entered into with you. The legal basis is Article 6(1) sentence 1b) GDPR.
We are subject to various legal obligations (e.g. Money Laundering Act (GwG), tax laws, pro-fessional conduct). Accordingly, further purposes for processing data include verifying age and identity and preventing fraud and money laundering. The basis for processing personal data required for fulfilling legal obligations such as these is Article 6(1) sentence 1c) GDPR.
If necessary, we will process your data in accordance with Article 6(1) sentence 1f) GDPR to safeguard our legitimate interests or those of third parties, e.g. for:
If you have given us your consent to process your personal data for specific purposes, we will process your data on this basis (Article 6(1) sentence 1a) GDPR). You can revoke this consent for the future at any time by contacting us at the address indicated above.
We do not use automated profiling or decision-making and have no plans to do so.
MÖHRLE HAPP LUTHER employees will only have access to your data if they need it for ful-filling the purposes mentioned above. It may also be necessary for the company that you have commissioned to pass your data on to other Group companies for a specific purpose.
Service providers and vicarious agents commissioned by us can also receive data for these purposes. We commission these as data processors in accordance with the requirements of Article 28 GDPR, particularly in IT service and support and in data destruction.
We also pass on your data to third parties if this is necessary for work in connection with our client relationship (e.g. to opposing parties in disputes, courts, public authorities).
Needless to say, we are bound to secrecy with respect to all client-related data when passing on data to recipients outside MÖHRLE HAPP LUTHER. We are only permitted to pass on in-formation if required to do so by law, if you have given your consent and/or if the data pro-cessors commissioned by us guarantee that they will comply in the same way with confiden-tiality requirements and the specifications of the General Data Protection Regulation (GDPR).
Data is only transferred to locations in 'third countries' (i.e. countries outside the EU and EEA) if this is required by law for consulting and implementing the orders you have placed (e.g. tax reporting requirements) or if you have given us your consent. If service providers are used in the third country, these are – in addition to written instructions – required to meet Europe-an data protection levels by signing EU standard contractual clauses. If you would like to re-ceive further information about the adequate safeguards that we have implemented with service providers outside the European Union, please contact our data protection officer.
If the data is no longer needed for fulfilling contractual or legal requirements, it will be regu-larly erased unless it needs to be processed further for the following purposes:
If the legal preconditions are met, you have the following rights:
Art. 15 GDPR: Right of notification for data subjects
You have the right to receive information from us regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
If data about you is incorrect or incomplete, you have the right to request that this be cor-rected or completed.
Art. 17 GDPR: Right to have data erased
You have the right to request that your personal data be erased. Your right to have your data erased depends, among other things, on whether we still need this data to meet our legal requirements.
Art. 18 GDPR: Right to limit processing of data
You have the right to request that your personal data only be processed to a limited extent.
Art. 20 GDPR: Right to data portability
You have the right to receive the personal data you provided in a structured, standard and machine-readable format or to request that this be transmitted this to another data control-ler.
Art. 21 GDPR: Right of objection
You have the right – at any time and for reasons pertaining to your specific situation – to lodge an objection to your data being processed.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a data protection supervisory authority. The authorities that are responsible for us, depending on which company within the MÖHRLE HAPP LUTHER Group is concerned, are:
Our client portal allows you to exchange documents with our employees and to perma-nently save documents for the purposes of our business relationship. For this, you will need to receive a login and password from us. The following data is typically processed when you upload documents:
The registration process and use of our client portal are logged on the basis of our legiti-mate interest in exchanging documents with you securely and easily and documenting the proper legal usage of our client platform.
Only authorized employees have access to your data on the client portal. For maintenance and support, we use IT service providers with whom data processing agreements are in place. Data is not transferred to third countries.
Your data may be erased by authorized users of the client portal if necessary. The data will be erased from the client portal after the business relationship has ended.
You may have your uploaded documents corrected and erased at any time if you have been allocated the rights to do so. In other cases, we would ask you to get in touch with your main contact at our company to exercise your rights.
You are under no obligation to provide us with your personal data. However, without the da-ta that we need to enter into and implement the client agreement or that we are legally obliged to collect, we are not able to enter into or implement a contract with you.
We reserve the right to update this information in due course in order to adapt it to changes in official practice or jurisdiction.
Date: April 2023.