Our website uses cookies and by using the site you agree to this.

You

find more information on our cookie policy in our data

protection statement.


Privacy Policy


1 Introduction

The aim of this information is to inform visitors and users of the website about the type, scope and purpose of the processing of personal data when visiting the website or using the services provided on it. We also provide information about the rights held by data subjects in relation to data processing.

It is possible to visit our website without personal data being collected. However, for the use of some services offered on the website, it may be necessary to process personal data. The processing is carried out either on the basis of statutory permission, or, in the event that no such statutory permission exists, on the basis of the data subject’s prior consent.

Technical and organisational measures have been implemented to protect the personal data of website visitors and users. However, security gaps cannot be completely excluded when using the Internet.


2 Definitions

The information and explanations provided here are based on the terminology used in the General Data Protection Regulation (GDPR):


2.1 Personal data

Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


2.2 Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the data controller.


2.3 Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


2.4 Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.


2.5 Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.


2.6 Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.


2.7 (Data) controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.  Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law


2.8 Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


2.9 Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.


2.10 Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.


2.11 Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.



3 Data protection officer

3.1 TLI Consulting GmbH

Adam Dubielecki,

TLI Consulting GmbH, Wichertstrasse 14a, 10439 Berlin, Germany

Tel.: +49 (0) 30 5557443 033

e-mail: datenschutz@tligroup.eu


The external data protection officer is:

Dr. Markus Lintner, Lawyer

Äußere-Sulzbacher Strasse 155a, 90491 Nuremberg, Germany

Tel.: +49 (0) 911 4775 213 0

e-mail: info@lintner-rechtsanwaelte.de


3.2 TLI VAT Services

Andreas Fietz und Robert Hammerl,

TLI VAT Services PartG mbB

Hammerl Fietz Steuerberater

Promenadeplatz 12, 80333 Munich, Germany

Tel.: +49 (0) 89 2154668 -0

e-mail: vat@tligroup.eu


4 Cookies

This website uses cookies. Cookies are text files that are stored on computers.

Many cookies contain a unique identifier consisting of a string of characters that the computer system can use to recognise users. This means that the internet offer can be adapted individually and in a user-friendly way to each visitor.

There are different types of cookies. Most cookies are deleted from the hard disk when the browser is closed (session cookies). Other cookies remain on the computer, enabling that computer to be recognised during the next visit (permanent cookies). These cookies are used, for example, to greet users with their individual user name and mean that users do not have to re-enter user names and passwords or fill out forms.

If they do not wish to use cookies, visitors can adjust their browser settings to prevent them from being used and stored. Existing cookies can also be deleted at any time in the settings. This is possible in all common internet browsers.

If a visitor to the website has prevented the use of cookies in the settings, it is possible that not all of the website's function will be fully usable.

Cookies from third party providers are as a general rule not used.


5 Collection of data and information

When the website is accessed, general data and information are collected and then stored in log files on the server.

Data are collected on the type of browser used and the version of the browser, the operating system used to access the website, the website from which the visitor accesses the website, the subpages accessed by the visitor, the date and time of access, the IP address, the internet service provider and other similar data and information used to protect against attacks on the IT system.

Under no circumstances are conclusions drawn about the person of the visitor. Rather, the information is needed so that the contents of the website can be displayed correctly. The data are also collected so that, in the event of a cyber attack, the information required for prosecution by the relevant law enforcement authorities is available.

Data are always collected anonymously and stored separately from other personal data that may be collected elsewhere in compliance with statutory data protection regulations.


6 Contact via the website

Due to statutory regulations, the website contains information that enables rapid electronic contact or direct communication with the website operator.

In the event of contact, e.g. by e-mail or via a contact form, the transmitted personal data are automatically stored.

The data will only ever be processed for the purpose resulting from the establishment of contact and will as a general rule not be disclosed to third parties unless any such disclosure is necessary given the reason for the establishment of contact.


7 Routine erasure and blocking of personal data

Personal data will only be stored for the period of time required for the respective purpose of processing or in accordance with statutory requirements.

After the purpose has been achieved or the legally prescribed retention period has expired, the personal data will be deleted routinely and in accordance with the statutory provisions. If the intended purpose of the processing has been achieved, but the data may not yet be deleted due to statutory requirements, the data will be blocked.


8 Legal basis of the processing

8.1 Data processing is based on Art. 6(1) of the GDPR, according to which data processing is permitted if it

  • is carried out with the data subject’s consent;
  • is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • is necessary for compliance with a legal obligation;
  • is necessary in order to protect the vital interests of the data subject or of another natural person;
  • is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child

Insofar as data processing cannot be based on any other legal basis, data processing will only be carried out with the consent of the data subject, to be obtained and documented before the processing begins.


8.2 Insofar as data processing is based on a legitimate interest, it is additionally necessary to weigh up the interests of the data subject before processing begins, which may nevertheless result in data processing being excluded, even if it appears expedient for business purposes. Expediency is usually not yet sufficient in this case. Rather, it is necessary for significant interests of the company, its employees or shareholders or owners to be directly affected by data processing.


9 Right to information, rectification and erasure

Persons whose data are processed by us are legally entitled to information, and to the rectification and erasure of their data. Data subjects may exercise these rights at any time by submitting a request to the data protection officer or the management.

In the event of a request for information, the following information must be provided:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; the transfer of data to a third country or to an international organisation, and the appropriate guarantees in relation to this data flow.

In the event of a request for rectification, incorrect data must be corrected or completed. In the event of a request for erasure, the relevant personal data must be erased without delay,

  • if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data were collected solely with the consent of the data subject, which the data subject has withdrawn;
  • the data subject objects to the processing pursuant to Article 21 of the GDPR and in the case of objection pursuant to Article 21 (1) there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the erasure is required by law.

In the event that the data to be erased have been made public, reasonable steps will be taken, taking into account the available technology and the implementation costs, to inform third parties processing the published personal data about the request for erasure in accordance with Art. 17 (1) of the GDPR.


10 Right to restriction of processing

Data subjects have a legal right to demand the restriction of the processing of their data if they dispute the accuracy of their personal data or have lodged an objection pursuant to Article 21(1) of the GDPR. In this case, processing shall be limited for a period of time necessary to verify the accuracy of the personal data or to determine whether there are reasons for data processing that override the interests of the data subject. If the processing is unlawful on this basis and the data subject opposes the erasure of the personal data , he or she may instead also demand the restriction of the processing of that data.

The processing of the data shall also be restricted if the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

Data subjects may exercise these rights at any time by submitting a request to the data protection officer or the management.


11 Right to data portability

Persons whose data are processed by us have a legal entitlement to their data being transferred in a structured, commonly used and machine-readable format or being transmitted to a third party without hindrance if the processing is based on the consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Data subjects may exercise these rights at any time by submitting a request to the data protection officer or the management.


12 Right to object

Data subjects have a legal right to object to data processing at any time.

In the event of an objection, the data will no longer be processed unless there are demonstrably compelling legitimate grounds for the continuation of processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

In the event of an objection to processing for advertising purposes, the objection shall take precedence. The data will then no longer be used for advertising purposes.

Data subjects may exercise these rights at any time by submitting a request to the data protection officer or the management.


13 Automated individual decision-making including profiling

Data subjects have a legal right not to be subject to a decision based solely on automated processing or reached by similar means which produces legal effects concerning them or similarly significantly affects them. This shall not apply to decisions necessary for the conclusion or performance of a contract with the data subject or which are permitted by law and contain appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests or that are made with the data subject’s express consent.

Where the decision to conclude or fulfil a contract is necessary or where the automated decision is taken with the express consent of the data subject, appropriate measures shall be taken to safeguard the rights, freedoms and legitimate interests of the data subject, such as measures allowing the data subject to influence and intervene in the procedure and to express his or her views.

If the data subject wishes to assert rights relating to automated decisions, he or she may contact our data protection officer or another employee of the controller at any time.

Data subjects may exercise these rights at any time by submitting a request to the data protection officer or the management.


14 Right to revoke consent under data protection law

Data subjects may revoke their consent to data processing at any time.

Data subjects may exercise these rights at any time by submitting a request to the data protection officer or the management.


15 Candidatures

Personal data transmitted by post or electronically, e.g. by e-mail, as part of an application will be stored exclusively for the purpose of processing the application. In the event that no employment contract is concluded with the applicant, the applicant will be informed that the position has been given to another candidate and the application documents will be kept for a further two months. Temporary storage takes place on the basis of a legitimate interest, in particular in order to be able to fulfil burden of proof obligations in the case of proceedings under the General Equal Treatment Act (AGG).


16 Use of analysis tools

16.1 General information

This website may include components from different third party companies with which information about visitors to the website and their surfing behaviour can be recorded and analysed, partly in real time. Among other elements, customer interactions are statistically and visually displayed and processed in order to obtain an overview of the online activities of website visitors and users. These components are used firstly for the purpose of tailoring the marketing of the internet offering to visitors and users and thus increasing the advertising effectiveness of the internet pages. They also help to detect and correct technical or other errors.

The components are software components from third-party companies. Insofar as such components are used, the type, content and scope as well as the purpose of data processing are explained and pointed out below:


16.2 Privacy policy for the use and application of Google Analytics (with anonymisation function)

The data controller has integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analytics service. Web analysis is the compilation, collection and evaluation of data on the behaviour of visitors to internet sites. A web analysis service collects, among other things, data on the website from which a data subject has accessed a website (the referrer), which subpages of the website have been accessed or how often, and for how long a subpage has been viewed. A web analysis is mainly used to optimise a website and for cost-benefit analysis of internet advertising.

The Google Analytics component is operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the suffix ""_gat._anonymizeIp"" for the web analysis via Google Analytics. By means of this addition, Google shortens and anonymises the IP address of the internet connection of the data subject when our internet pages are accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information collected to evaluate the use of our website, among other things, to compile online reports for us that show the activities on our website and to provide other services in connection with the use of our website.

Google Analytics places a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is able to analyse use of our website. Each time one of the individual pages of this website is called up, which is operated by the data controller and into which a Google Analytics component has been integrated, the internet browser on the data subject’s IT system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the data subject’s IP address, which enables Google, among other things, to trace the origin of visitors and clicks, and subsequently to produce commission statements.

Cookies are used to store personal information, such as access time, the location from which the site was accessed, and the frequency of visits to our website by the data subject. For every visit to our website, these personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may under certain circumstances disclose personal data collected through the technical process to third parties.

The data subject may prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting in his or her internet browser and thus permanently object to the setting of cookies. Adjusting the internet browser settings in this way would also prevent Google from placing a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, it is possible for the data subject to object to and prevent the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on via the link https://tools.google.com/dlpage/gaoptout This browser add-on informs Google Analytics via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics. Google considers the installation of the browser add-on as an objection. If the data subject’s IT system is deleted, formatted or reinstalled at a later time, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within the data subject’s control, it is possible to reinstall or reactivate the browser add-on.

Further information and Google's current privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html Google Analytics is explained in more detail under this link https://www.google.com/intl/de_en/analytics/.


16.3 Privacy Policy for Google Remarketing

The data controller has integrated Google Remarketing services into this website. Google Remarketing is a feature of Google AdWords that allows a company to display advertisements to internet users who have previously visited the company's website. The integration of Google Remarketing therefore allows a company to create user-related advertisements and consequently to display personalised advertisements to the internet user.

The operator of Google Remarketing services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to display personalised advertising. Google Remarketing allows us to display advertisements on the Google Advertising Network or on other websites that are tailored to the individual needs and interests of internet users.

Google Remarketing places a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google will be able to recognise the visitor to our website when he or she subsequently visits websites that are also members of the Google advertising network. Every time a website is accessed into which the Google Remarketing service has been integrated, the data subject's internet browser automatically identifies itself with Google. As part of this technical procedure, Google obtains knowledge of personal data, such as the IP address or the user's surfing behaviour, which Google uses, among other things, to display personalised advertising.

The cookie is used to store personal information, such as the web pages visited by the data subject. Personal data, including the IP address of the internet connection used by the data subject, is therefore transferred to Google in the United States of America each time he or she visits our internet pages. These personal data are stored by Google in the United States of America. Google may under certain circumstances disclose personal data collected through the technical process to third parties.

The data subject may prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting in his or her internet browser and thus permanently object to the setting of cookies. Adjusting the internet browser settings in this way would also prevent Google from placing a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option of objecting to personalised advertising by Google. To do this, the data subject must access the www.google.de/settings/ads link from each of the internet browsers they use and make the required settings there.

Further information and Google's current privacy policy can be found at https://www.google.de/intl/de/policies/privacy/


16.4 Privacy policy for Google AdWords

The data controller has integrated Google AdWords into this website. Google AdWords is an internet advertising service that allows advertisers to place ads in both Google's search engine results and the Google Advertising Network. Google AdWords allows an advertiser to pre-define certain keywords to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. On the Google Network, ads are distributed to thematically relevant websites using an automatic algorithm and using the previously defined keywords.

The operator of Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying tailored advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If a data subject reaches our website via a Google ad, a conversion cookie will be stored on his or her IT system by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to determine whether certain subpages, such as the shopping basket of an online shop system, have been called up on our website. The conversion cookie enables both us and Google to track whether a person who has accessed our website via an AdWords ad has generated revenue, i.e. has completed or cancelled a purchase of goods.

The data and information collected through the use of the conversion cookie is used by Google to generate visit statistics for our website. We use these visit statistics to determine the total number of users who have been referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.

The conversion cookie is used to store personal information, such as the websites visited by the data subject. Personal data, including the IP address of the internet connection used by the data subject, is therefore transferred to Google in the United States of America each time the data subject visits our internet pages. These personal data are stored by Google in the United States of America. Google may under certain circumstances disclose personal data collected through the technical process to third parties.

The data subject may prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting in his or her internet browser and thus permanently object to the setting of cookies. Adjusting the internet browser settings in this way would also prevent Google from placing a conversion cookie on the data subject’s IT system. In addition, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option of objecting to personalised advertising by Google. To do this, the data subject must access the www.google.de/settings/ads link from each of the internet browsers they use and make the required settings there.

Further information and Google's current privacy policy can be found at https://www.google.de/intl/de/policies/privacy/


16.5 Privacy policy for LinkedIn

The controller has integrated components from the LinkedIn Corporation into this website. LinkedIn is an internet-based social network that enables users to connect to existing business contacts and make new business contacts. More than 400 million registered users in more than 200 countries use LinkedIn. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Privacy matters outside the USA are the responsibility of LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time our website is accessed, an integrated LinkedIn component (LinkedIn plug-in) causes the data subject’s browser to download and display that plug-in.  Further information on the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins In the course of this technical process, LinkedIn receives information on which specific subpage of our website has been visited by the data subject.

If the data subject is simultaneously logged in to LinkedIn, every time the data subject visits our website and for the entire duration of the visit to our website, LinkedIn recognises which specific subpage of our website the data subject accesses. This information is collected by the LinkedIn component and assigned by LinkedIn to the data subject’s LinkedIn account. If the data subject clicks a LinkedIn button integrated into our website, LinkedIn assigns this information to the data subject’s personal LinkedIn account and stores the personal data.

LinkedIn receives information via the LinkedIn component that the data subject has visited our website whenever the data subject is logged in to LinkedIn at the same time as accessing our website; this happens regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

LinkedIn offers the possibility to unsubscribe from e-mail messages, SMS communications and targeted ads as well as to manage ad settings at https://www.linkedin.com/psettings/guest-controls LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy LinkedIn's current privacy policy is available at https://www.linkedin.com/legal/privacy-policy LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy


16.6 Privacy Policy for Xing

The controller has integrated Xing components into this website. Xing is an internet-based social network that enables users to connect to existing business contacts and make new business contacts. Individual users may create their own personal profile on Xing. For example, companies can create company profiles or publish job offers on Xing.

Xing is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time one of the individual pages of this website operated by the controller and into which a Xing component (Xing plug-in) has been integrated is accessed, the data subject’s internet browser is automatically prompted by the Xing plug-in to download the corresponding component from Xing and display it. More information about the Xing plug-ins can be found at https://dev.xing.com/plugins In the course of this technical process, Xing receives information on which specific subpage of our website has been visited by the data subject.

If the data subject is simultaneously logged in to Xing, every time the data subject visits our website and for the entire duration of the visit to our website, Xing recognises which specific subpage of our website the data subject accesses. This information is collected by the Xing component and assigned by Xing to the data subject’s Xing account. If the data subject presses one of the Xing buttons integrated into our website, for example the ""Share"" button, Xing assigns this information to the data subject’s personal Xing user account and stores these personal data.

Xing receives information via the Xing component that the data subject has visited our website whenever the data subject is logged in to Xing at the same time as accessing our website; this happens regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.

The data protection regulations published by Xing, which can be accessed at https://www.xing.com/privacy, provide information on the collection, processing and use of personal data by Xing. Xing has also published privacy notices for its share button at https://www.xing.com/app/share?op=data_protection.