Startseite > Data Privacy Statement

Data Privacy Statement for the website of www.eureos.de

We take the subject of data protection very seriously. In the text below, we will inform you about our processing of your data pursuant to Art. 13 of the General Data Protection Regulation (GDPR).

Name and address of the Controller

The Controller within the meaning of the GDPR and other national data protection legislation of the EU Member States as well as other data protection law is:

eureos gmbh steuerberatungsgesellschaft rechtsanwaltsgesellschaft
Kramergasse 4
01067 Dresden, Germany
Phone.: +49 (0) 351 4976 1500
E-mail: tax.legal@eureos.de
Website: www.eureos.de

Name and address of the Data Protection Officer

External data protection officer:

Fabian Marterer

Company:

SiDIT GmbH
Langgasse 20
97261 Güntersleben
info@sidit.de
https://sidit.de

General information on data processing

Scope of the processing of personal data               

As a basic principle, we process personal data of our users only to the extent necessary to provide a functional website and to present our Internet content and services. Ordinarily, our users’ personal data are processed only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for substantive reasons and the processing of their data is permitted by law.

Legal basis for processing of personal data                  

To the extent that we obtain consent of the data subject for processing of personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for this.

When processing personal data which are necessary for performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR is the legal basis for the processing. This also applies to processing operations which are necessary in order to take steps prior to entering into a contract.

To the extent that the processing of personal data is necessary for compliance with a legal obligation to which our firm is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our firm or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the legitimate interests of our company or a third party, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Data erasure and duration of storage  

The personal data of the data subject will be erased or blocked as soon as the purpose for storing the data no longer applies. Data may be stored beyond this period if this is provided for by European or national legislatures under EU regulations, laws or other regulations to which the Controller is subject. Data will also be blocked or erased when a storage period prescribed by the above-referenced legal norms expires, except where there is a need to continue storing the data for purposes of concluding or performing a contract.

Provision of the website and creation of log files

Description and scope of data processing          

Whenever our website is accessed, our system automatically collects data and information from the computer system of the computer accessing the website.

The following data are collected:

  1. Information about the browser type and version used
  2. The user’s operating system
  3. The IP address of the user
  4. The date and time of access
  5. Websites from which the user’s system accessed our website
  6. Websites accessed by the user’s system via our website

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

Legal basis for data processing                

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

Purpose of data processing        

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data are stored in log files to ensure the functionality of our website. In addition, the data enable us to optimize the website and to ensure the security of our IT systems. Our system does not perform any evaluation of data for marketing purposes in this context.

The purposes of data processing also include our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

Duration of storage

The data will be erased as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for provision of the website, this will be the case where the session in question is terminated.

In the case of data storage in log files, this will be the case after seven days, at the latest. Storage beyond this period is possible. In such case, the users’ IP addresses will be erased or disguised such that it is no longer possible to match them with the client which accessed the website.

Right to object and withdraw consent

Collection of data for the provision of the website and storage of the data in log files is mandatory for the operation of our website. Thus, there is no right of objection on the part of the user.

Technically necessary cookies

Description and scope of data processing          

Our website uses cookies. Cookies are text files stored in or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on that user’s operating system. This cookie contains a characteristic string of characters enabling that browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require the browser accessing our website to be identifiable even after a page change.

The following data are stored and transmitted via the cookies: Language settings

Legal basis for data processing            

The legal basis for the processing of personal data by means of cookies is Art. 6 (1) (f) GDPR.

Purpose of data processing          

The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be provided without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We require cookies for the following applications: Application of language settings

The user data collected by means of technically necessary cookies are not used to create user profiles.

These purposes also include our legitimate interest in processing personal data in accordance with Art. 6 (1) (f) GDPR.

Duration of storage, right to object and withdraw consent        

Cookies are stored on the user’s computer and transmitted by it to our site. Thus, you as a user have full control over the use of cookies. By changing the settings of your Internet browser, you can deactivate or restrict transmission of cookies. Cookies which are previously stored may be erased at any time. This may also be done automatically. If cookies for our website are deactivated, it may not be possible to use all of the functions of our website to their full extent.

Use of Google Analytics

Description and scope of data processing          

When accessing our website, users are informed regarding the use of Google Analytics and the setting of cookies for analysis purposes in this context, and the user’s consent is obtained for this purpose. In this context, reference is also made to this Data Privacy Statement.

Google Analytics is a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can view Google’s Privacy Policy here: https://www.google.com/intl/de_at/cloud/security/gdpr/ . We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR, i.e. Google processes data transferred by us only based on our instructions.

As part of the Google Analytics service, Google sets cookies on the computer accessing our website as described below. The information generated by the cookie regarding your use of this website is usually transferred to a Google server in the United States and stored there. In this way, the following data may be transferred:

  • Browser type/Version
  • Operating system used
  • Hostname of the computer accessing our website (IP address)
  • Time of server request
  • Search terms entered
  • Frequency of page views
  • Use of website functions
  • Areas where the user clicks most (heat map)
  • Session duration (time spent on the website, which ends after 20 minutes because it is assumed that the user has merely failed to close the page)
  • Bounce rate (if someone visits a page and leaves it without interacting, this counts as a bounce)
  • Viewing contact information
  • Viewing ratings
  • Playing of media
  • Refreshing of the page
  • Adding to Favorites
  • Referrer URL (the previously visited website) for campaign tracking – Analysis of user’s origin (e.g. e-mail, Google Search)
  • Truncated IP address of the accessing computer

On this website, IP anonymization has been activated so that the IP addresses of Google’s users within European Union Member States or other states which are party to the agreement on the European Economic Area will be truncated beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. It is thus no longer possible to match the data to the user accessing the site. The data, in particular the IP address transmitted by your browser via Google Analytics, are not combined and stored together with other personal data of users or other Google data. Specifically: By means of a JavaScript on our website, available data are taken from the user’s client (browser provider & version, language etc.) and transferred to a Google LLC server in the United States. Using another Java code from Google LLC, these data are then stored together with an anonymous ClientID in a cookie generated by our website (so-called “first party cookie”) on your end device. The IP addresses of users are anonymized or masked as soon as the data are received by the Google Analytics data collection network and even before they are saved or processed. You can find more information on this at https://support.google.com/analytics/answer/2763052?hl=de .

You can prevent the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do so, you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by cookies and related to your use of the website (including your IP address) by Google and its processing of this data by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser add-on, particularly for browsers on mobile devices, you may also prevent Google Analytics from collecting data by clicking on this link: Deactivate Google Analytics . An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you erase the cookies in this browser, you may need to set the opt-out cookie again.

For more information on data protection in connection with Google Analytics, please refer to Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de ).

Legal basis for data processing

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR, where the user has given consent to this.

Purpose of data processing        

The analysis cookies are used for improving the quality of our website and its contents. The analysis cookies enable us to find out how the website is used and thus to constantly optimize the content we offer.

On behalf of the operator of this website, Google will compile reports on website activities and provide further services to the website operator in connection with use of the website and of the Internet.

Duration of storage        

Cookies are stored on the user’s computer and transmitted by it to our site. Thus, you as a user have full control over the use of cookies. By changing the settings of your Internet browser, you can deactivate or restrict transmission of cookies. Cookies which are previously stored may be erased at any time. This may also be done automatically. If cookies for our website are deactivated, it may not be possible to use all of the functions of our website to their full extent.

The data transmitted by our website to Google will be erased on Google’s servers after 14 months have elapsed.

Withdrawal of consent  

The user may at any time withdraw his or her consent to the processing of personal data.

Such withdrawal does not require any specific form. You will enable us to more quickly process your withdrawal of consent if you click on the opt-out link shown above from each end device on which you wish to prevent processing of your personal data by Google Analytics, which will set an opt-out cookie on your end device. Unfortunately, a simple e-mail to us does not suffice to activate your withdrawal of consent, because we do not know which end devices you own.

In such case, all personal data stored in the course of the use of Google Analytics will be erased.

Newsletter

Description and scope of data processing

On our website, users have the option of subscribing to a free newsletter. When users register for the newsletter, the data from the input mask are transmitted to us (* = mandatory):

  • E-mail *
  • Salutation *
  • First name *
  • Last name *
  • Title
  • – academic title
  • – title of nobility
  • – additional title
  • Company name
  • Street address
  • ZIP/Postcode
  • City
  • State

In addition, the following data are collected during registration

  1. Date and time of registration

For the processing of data, your consent will be obtained during the registration process and reference will be made to this Data Privacy Statement.

In connection with data processing for the purpose of dispatching newsletters, your data will only be forwarded to a service provider who will use your data on our behalf in connection with a data processing agreement in order to dispatch the newsletter. The data will not be passed on to other third parties. The data will be used exclusively for the purpose of dispatching the newsletter.

Legal basis for data processing           

The legal basis for the processing of data after users have registered for the newsletter is Art. 6 (1) (a) GDPR, if the user has given his or her consent.

Purpose of data processing        

The user’s e-mail address is collected for the purpose of sending the newsletter to the user.

Other personal data are collected during the registration process in order to prevent misuse of the services or the e-mail address used.

Duration of storage  

The data will be erased as soon as they are no longer necessary for the purpose for which they were collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process will usually be erased after a period of seven days.

Right to object and withdraw consent

Subscription to the newsletter may be canceled by the individual user at any time. There is a corresponding link for this purpose in each newsletter.

This also enables the user to withdraw his or her consent to the storage of personal data collected during the registration process.

Events

Description and scope of data processing          

On our website, users have the option of registering for events. When users register for the newsletter, the data from the input mask are transmitted to us (* = mandatory):

  • Salutation (Mr./Ms.)
  • First name *
  • Last name *
  • Title
    • academic title
    • title of nobility
    • additional title
  • Company name
  • Street address
  • ZIP/Postcode
  • City
  • E-mail *
  • Telephone
  • Fax
  • I am particularly interested in the following topics:
  • I am a member of Silicon Saxony e.V. or biosaxony e.V. (Yes/No)

In addition, the following data are collected during registration

  • Date and time of registration

For the processing of your data, your consent is obtained during the registration process and reference will be made to this Data Privacy Statement.

In connection with data processing for the purposes of holding events, your data will only be forwarded to a service provider who will use your data on our behalf in connection with a data processing agreement to send information about the event and invitations to future events. The data will not be passed on to other third parties. The data will be used exclusively for purposes of sending invitations and information.

Legal basis for data processing

The legal basis for the processing of data after the user’s registration for an event is Art. 6 (1) (b) (Performance of a contract) and if the user has given consent, Art. 6 (1) (a) GDPR.

Purpose of data processing          

The user’s e-mail address is collected for the purpose of sending the user a confirmation regarding his or her attendance at the event and further information on this (including the venue and time of the event), as well as invitations to further events in the future, where applicable.

Other personal data are collected during the registration process in order to prevent misuse of the services or the e-mail address used.

Duration of storage 

The data will be erased as soon as they are no longer necessary for the purpose for which they were collected. The user’s e-mail address will therefore be stored for so long as there may still be follow-up questions regarding events or documents have to be sent to the user or as long as the user has not withdrawn his or her consent.

The other personal data collected during the registration process will usually be erased after a period of seven days.

Right to object and withdraw consent

If we use your data to carry out an event for which you have registered, you cannot object to this use of your data, as we need your data for this purpose. However, you may cancel your registration if necessary. The personal data in connection with registrations will then be erased.

The user’s consent to the dispatch of invitations to events may be withdrawn by the individual user at any time. For this purpose, each invitation contains a corresponding link. This also enables users to withdraw their consent to the storage of personal data collected during the registration process.

E-mail contact

Description and scope of data processing            

Users may contact us via the e-mail address provided. In this case, the user’s personal data transmitted with that e-mail will be stored.

No data will be passed on to third parties in connection with this. The data will be used exclusively for processing the e-mail exchange.

Legal basis for data processing          

The legal basis for the processing of data transferred in the course of transmitting e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact is made with the aim of entering into a contract, the additional legal basis for data processing is Art. 6 (1) (b) GDPR.

Purpose of data processing           

The processing of the personal data from the e-mail enables us only to process the e-mail contact with the user. This also includes the necessary legitimate interest in processing the data.

Duration of storage   

The data will be erased as soon as they are no longer necessary for the purpose for which they were collected. For personal data sent by e-mail, this will be the case when the e-mail exchange with the user in question has ended. The exchange is terminated when it appears from the circumstances that the matter in question has been resolved with final effect.

Right to object and withdraw consent     

Users may object to the storage of their personal data at any time. In such case, the exchange of e-mail cannot be continued.

Users may object without adhering to any specific form. You can make it easier for us to process your objection by sending us an e-mail with the subject line “Objection to e-mail data” to the e-mail address a.doering@eureos.de.

All personal data stored in the course of your contact with us will be erased in this case.

Online questionnaire tool (“Sec. 2b VAT Act Check”)

Description and scope of data processing

On our website, users have the option of using an online questionnaire tool to analyze a tax issue (“Sec. 2b VAT Act Check”). The following data from the questionnaire are transmitted to us:

  • E-mail address

The following data are also collected:

  • Date and time of access

For the processing of your data, your consent will be obtained in connection with your use of the website and reference will be made to this Data Privacy Statement.

In connection with data processing for purposes of using the online tool, the data are passed on only to a service provider engaged by us in connection with a data processing agreement to technically implement the functionality of the online questionnaire. The data will not be passed on to other third parties. The data will be used exclusively to safeguard your use of the questionnaire.

No automated decision-making at your expense is performed.

Legal basis for data processing

Art. 6 (1) (1) GDPR (Consent)

Purpose of data processing              

The user’s e-mail address is collected for the purpose of sending the user the results of the questionnaire.

In addition, the e-mail address is used to contact the user in order to ask any follow-up questions regarding the use of the online tool or to offer the user the option of registering for our eureos newsletter and inform him/her regarding changes to the legal rules underlying the online tool.

Duration of storage       

The data will be deleted as soon as they are no longer required for the purpose for which they were collected. The user’s e-mail address will thus be stored as long as queries could be made regarding his or her use of the online questionnaire or as long as the user has not withdrawn his or her consent.

Right to object and withdraw consent

The user has the right to withdraw his or her consent to the processing of personal data at any time. Withdrawal of consent does not require any specific form. There is no obligation to provide the data; however, the results of the online analysis cannot then be delivered to the user.

Rights of the data subject

If your personal data are processed, then you are the data subject within the meaning of the GDPR and you are entitled to exercise the following rights in relation to the Controller:

Right of access

You have the right to request confirmation from the Controller as to whether personal data concerning you are being processed by us.

Where such processing takes place, you may request information from the Controller regarding the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipient to whom your personal data have been or will be disclosed;

(4) the envisaged period for which your personal data will be stored or, if it is not possible to furnish specific details, criteria used to determine the duration of storage;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to obtain from the Controller restriction of processing or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) any available information as to the source of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in such cases, meaningful information regarding the logic involved and the scope and intended effects of such processing regarding the data subject

You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification

You have the right to request that the Controller rectify and/or complete any incorrect or incomplete personal data which we process concerning you. The Controller shall make the corrections without delay.

Right to restriction of processing              

Under the following conditions, you may request restriction of the processing of personal data concerning you:

(1) if you dispute the accuracy of the personal data concerning you for a period which enables the Controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you object to erasure of the personal data and instead request restriction of the use of the personal data;

(3) the Controller no longer needs the personal data for purposes of the processing, but you need the personal data for purposes of asserting, exercising or defending against legal claims; or

(4) you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons given by the Controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may be processed (apart from storage of the data) only with your consent or for purposes of asserting, exercising or defending against legal claims or protecting the rights of another natural person or legal entity or on grounds of an important public interest of the EU or of a Member State.

If the restriction of processing has been implemented in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.

Right to erasure

  1. Duty to erase

You may request that the Controller erase personal data concerning you without delay, and the Controller is then obliged to erase such data without delay, if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent which was the basis for the processing under Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.

(3) You lodge an objection to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you lodge an objection to the processing pursuant to Art. 21 (2) GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The erasure of personal data concerning to you is necessary to comply with a legal obligation under EU law or under the law of a Member State to which the Controller is subject.

(6) The personal data concerning you have been collected in relation to the offer of information society services pursuant to Art. 8 (1) of the GDPR.

  1. Information to third parties

If the Controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 (1) GDPR, the Controller shall take reasonable measures, including technical measures, and taking into account the available technology and the cost of implementation, to inform Controllers who process the personal data that you, as a data subject, have requested that they erase all links to these personal data or copies or replications of such personal data.

  1. Exceptions

The right to erasure does not apply where the processing is necessary

(1) in order to exercise a right of freedom of expression and information;

(2) in order to comply with a legal obligation requiring processing under EU or Member State law to which the Controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the Controller;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;

(4) for archival, scientific or historical research purposes in the public interest, or for statistical purposes pursuant to Art. 89 (1) GDPR, where the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or

(5) to assert, exercise or defend against legal claims.

Right of notification        

If you have asserted the right to rectification, erasure or restriction of processing with the Controller, the Controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of the rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to require the Controller to inform you regarding the identity of these recipients.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used and machine-readable format. You also have the right to have this data transferred to another Controller without hindrance from the Controller to which the personal data have been provided, where

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have personal data concerning you transferred directly from one Controller to another Controller where technically feasible. The rights and freedoms of other persons must not be affected by this.

The right to data portability shall not apply to processing of personal data necessary for performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

Right to withdraw consent under data protection law                 

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of your consent does not affect the legality of the processing that has taken place on the basis of your consent prior to such withdrawal of consent.

Automated decision-making in individual cases, including profiling

You have the right not to be subject to decision-making based solely on automated processing, including profiling, that has a legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

(1) is necessary for conclusion and performance of the contract between you and the Controller,

(2) is authorized by EU or Member State law to which the Controller is subject, and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

(3) is taken with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the Controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, which shall include at least the right to obtain human intervention on the part of the Controller, to present your own point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State in which you are resident, in which your place of work is located or at the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Right to object        

You have the right to object at any time, for reasons arising out of your particular situation, to the processing of personal data concerning you which is carried out pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on those provisions.

The controller will no longer process the personal data concerning you, unless it is able to demonstrate compelling legitimate reasons for which merit legal protection and which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend against legal claims.

If the personal data concerning you are processed for purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing, including profiling to the extent it is linked to such direct marketing.

If you object to processing for purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.

You have the right to exercise your right to object in relation to the use of information society services (without prejudice to Directive 2002/58/EC), by automated means using technical specifications.