I. Who is responsible for data processing and whom can I contact?
We are jointly responsible for the processing of your data on this website:
- Ebner Stolz Mönning Bachem Wirtschaftsprüfer Steuerberater Rechtsanwälte Partnerschaft mbB
- Ebner Stolz GmbH & Co. KG Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft
- Ebner Stolz Management Consultants GmbH
- Dr. Ebner, Dr. Stolz Management Support GmbH
The contact details of these companies ("Ebner Stolz") can be found on the legal notices page of our website. To regulate our data protection responsibilities, these companies have entered into an agreement, the essential content of which we will send to you by email upon request.
If you have any questions about data protection, please contact our data protection officer using the contact details below:
Ebner Stolz, Datenschutzbeauftragter, Kronenstraße 30, 70174 Stuttgart, Email: firstname.lastname@example.org
II. Why is your data processed?
Ebner Stolz processes data in order to perform the engagement and fee agreements we enter into with our clients, or to carry out pre-contractual measures. Ebner Stolz processes data for the following purposes (depending on the engagement):
- Legal, tax-related and management consulting, business audits and special audits, financial accounting, financial statement preparation
- Representation in administrative and court proceedings
- Verification of the identity of our clients, checking for conflicts of interest and file creation
- Settling and asserting potential liability claims and other claims
The legal basis for the data processing is Art. 6(1b) of the General Data Protection Regulation (GDPR). If you have given your consent, the legal basis is Art. 6(1a) of the GDPR. If you submit special categories of data to Ebner Stolz (Art. 9(1) of the GDPR), the legal basis is either your consent (Art. 9(2a) of the GDPR) or Art. 9(1f) of the GDPR.
Ebner Stolz uses your data to send marketing materials and Christmas cards via the postal system, and if you have provided us with your email address, to send email marketing. The legal basis is Art. 6(1f) of the GDPR. We have a legitimate interest in direct marketing. You may object to the processing of your data for marketing purposes at any time and free of charge, by sending an email to email@example.com.
If necessary, Ebner Stolz also processes your data for purposes of controlling, internal audits and IT administration. The legal basis is Art. 6(1f) of the GDPR. Ebner Stolz has a significant interest in complying with legal requirements and ensuring the security of its IT systems.
Ebner Stolz may process your data to fulfill legal obligations under Art. 6(1c) of the GDPR for the following purposes:
- Prevention of money laundering under §§ 10 ff., 23 of the Money Laundering Act
- Storage of documents related to engagements, financial accounting and business records (see Section III).
III. How long is data stored?
Ebner Stolz may store your data after the termination of the client relationship at least until all fees are paid. For the marketing purposes mentioned above, Ebner Stolz may store your data for up to four years, provided that you have not objected to use of your data for marketing purposes. To assert or defend legal claims, Ebner Stolz may store data within the period of the regular statute of limitations of three years and in exceptional cases until the maximum statute of limitations periods expire. If and as long as Ebner Stolz is required to store data, Ebner Stolz is entitled to store such data until the end of the storage periods specified in § 50 of the Federal Lawyers Act, § 66 of the Tax Consulting Act, § 51b of the Auditors Act, § 257 of the Commercial Code, § 147 of the Tax Code and § 8 of the Money Laundering Act. These periods are up to 10 years.
IV. Are you required to provide data?
Provision of your data is voluntary. However, for a client relationship, you must provide your name and company name and an address, because otherwise Ebner Stolz would not be able to identify you and send you an invoice. Provision of additional data may be necessary for us to perform the engagement.
V. What are the sources of your data?
You will usually share data with Ebner Stolz yourself. Ebner Stolz may also receive data from the following sources:
- Bureau van Dijk Electronic Publishing GmbH, Frankfurt, Sikom Software GmbH and Siller Portal Integrators GmbH, Heilbronn (name, date of birth, address) to identify our clients and to maintain master data, as far as we required or entitled by law to do so
- Authorities and courts (data from file inspection), credit agencies (address), public transparency, commercial and association registers and land registers (name, address and if applicable, date of birth)
VI. Is data passed on to third parties?
Your data will not be passed on without a legal basis. In addition, lawyers, tax consultants and auditors are legally bound to confidentiality. In part, Ebner Stolz may transfer your data to the following processors for the following purposes:
- DATEV e.G., Nuremberg (operation of the DATEV software)
- DRACOON GmbH, Regensburg (cloud services)
- FTAPI Software GmbH (sending encrypted emails)
- Inxmail GmbH, Freiburg (email newsletters)
- REISSWOLF GmbH & Co. KG, Hamburg (file destruction)
- SolvAct GmbH, Stuttgart (print newsletters)
- Vodafone GmbH, Düsseldorf (data backup)
- the companies referred to in section V
- other processors based in Germany that provide the following services: maintenance of computer programs or hardware, hardware setup, provision of computer programs, telephone or web conferences via the Internet, destruction of data support media, data backup, addressing and dispatch of letters
These processors process data only on our instructions and not for their own purposes.
In certain cases your data is passed on to the following recipients, if you have consented to it (Art. 6(1a) of the GDPR), it is necessary to perform the engagement (Art. 6(1b) of the GDPR), we are required to do so by law in exceptional cases despite our duty of confidentiality (Art. 6(1c) of the GDPR) or this is necessary to safeguard legitimate interests (Art. 6(1f) of the GDPR):
- other Ebner Stolz companies, if required for internal communication or other administrative purposes
- external auditors, tax consultants, lawyers, notaries, insolvency administrators
- courts, authorities, experts, address investigators, postal and telecommunications service providers
- your company's contact persons, opposing parties in proceedings, contractual partners and their representatives for purposes of correspondence and to assert and defend your rights
- legal protection and professional liability insurance to settle possible claims
- translation agencies
VII. Does "automated decision-making" take place pursuant to Art. 22 of the GDPR?
According to Regulations (EC) No. 2580/2001 and No. 881/2002 and the Money Laundering Act, we are required to combat the financing of terrorism, and if necessary, to conduct a money laundering audit. To do this, some of your master data may be compared with public lists that contain individuals and organizations affected by sanctions. If you are affected by these sanctions, we will not establish a client relationship with you.
VIII. What rights do you have with regard to your data?