Subject matter and scope

Data protection, like tax advice, is a matter of trust and we value the trust of our members. The protection and confidentiality of the personal data of the users of our website are of particular importance to us.

Personal data is information that relates to an identified or identifiable natural person. Personal data is therefore already available when the data in itself does not enable the person concerned to be identified directly.

With this data protection declaration we inform you about the type and scope of the collection, processing and use of personal data on this website as well as the processing purposes.

Responsible for data processing and data protection officer

The Mia san Lohnsteuerhilfeverein eV is responsible for the collection, processing and use of personal data within the meaning of the GDPR and the BDSG and at the same time the service provider within the meaning of the TMG. Further information and contact options can be found in our legal notice.

Processing framework

a) Legal bases

The legal basis for the processing of personal data in connection with electronic communication services on the Internet, in particular the operation of a website and electronic communication about it, can be found in the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and the Law against Unfair Competition (UWG).

aa) Consent (Art. 6 Abs. 1 lit. a DSGVO)

Art. 6 para. 1 lit. a GDPR serves our association as the legal basis for processing operations for which we obtain the consent of the user for certain processing purposes.

If you have given us your consent to the processing of personal data for certain purposes, e.g. B. the use of your email address for the purpose of communication or the setting of cookies, the lawfulness of this processing is given on the basis of your consent. Consent given can be revoked at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

bb) Fulfillment of contractual obligations (Art. 6 Para. 1 lit. b GDPR)

The processing of personal data on this website is based in accordance with Article 6 (1) (b) GDPR, also on the basis of the users' interest in the information and functions provided on this website.

The processing of personal data for the fulfillment of a contract to which the user concerned is a party is permitted insofar as the processing is necessary, e.g. for the provision of tax assistance by our association or in personnel matters. The same applies to such processing operations that are necessary to carry out pre-contractual measures, e.g. for inquiries about member services or in application procedures.

cc) Safeguarding a legitimate interest of our association (Art. 6 Para. 1 lit.f GDPR)

Ultimately, the processing operations on this website are based on Art. 6 Paragraph 1 lit.f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our association or a third party, provided that the interests, fundamental rights and freedoms of the person concerned do not prevail.

The processing of personal data by our website takes place, among other things, for the purpose of optimizing the website and better achieving the goals of the website, in particular ensuring a smooth connection, ensuring comfortable use, evaluating system security and stability and for other administrative purposes.

Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible or is in his service (Recital 47 sentence 2 GDPR). Processing for the purpose of direct marketing can also be regarded as processing serving a legitimate interest (recital 47 sentence 7 GDPR).

b) Calling up the website

When you visit our website, your browser automatically transmits certain data to our web server in order to provide the information and functions of the website you have requested. This is done in order to enable the accessed Internet pages to be used at all. The following data is processed, for example:

IP address, date and time of access, browser type / version, browser settings, the operating system used, the page you last visited (referrer URL), the amount of data transferred and the access status (file transferred, file not found, etc.)

This data is processed for a limited period of time in accordance with Article 6 (1) (f) GDPR to ensure a smooth connection setup and convenient use, to evaluate system security and stability and for other administrative purposes. A combination of this data with other data sources is not carried out, a personal evaluation does not take place.

c) Use of cookies

Our website uses so-called "cookies", which are text files that are stored by our web server on the user's device and that can be sent back to us when you visit our website again. Information is recorded in this that results in connection with the respective terminal device (laptop, tablet, smartphone, etc.) used and enables its identification. Direct identification of the user is not possible.

They are used to optimize the website and to better achieve the website's goals, in particular to ensure a smooth connection and convenient use, to evaluate system security and stability and for other administrative purposes.

aa) Types of cookies

Session-Cookies

With the use of session cookies we pursue the purpose of making the use of the website more pleasant by recording that individual pages of our website have already been visited. These are automatically deleted after leaving our site. We use the following session cookie on our website:

[PHPSESSID]

Function: Identification of your session on the server. It contains an alphanumeric string. This cookie is stored until the end of your session and is a so-called first-party cookie, i.e. a cookie that is controlled from our website.

Temporary cookies

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimization (see no. These cookies enable the recognition of visitors and are automatically deleted after the period specified in this data protection declaration.

With the help of cookies, usage profiles are created using pseudonyms in order to facilitate navigation on the Internet or to call up information about user behavior. These serve to make the website more user-friendly, more effective and safer. The created usage profiles are not merged with data about the bearer of the pseudonym and thus remain anonymous.

Permanent Cookies

Permanent cookies (e.g. for functions such as "remember password") remain stored on your computer's hard drive until they are deleted by your browser. If you prevent the installation of cookies by setting your browser software accordingly (see "Deactivating cookies" below), a permanent cookie will also be used for this purpose.

bb) Consent

The basis for processing operations using cookies is the consent of the users concerned for the processing purposes stated in this data protection declaration in accordance with Art. Any further processing by cookies, e.g. before completing the consent process, is necessary for the purposes stated in this data protection declaration to safeguard our legitimate interests in accordance with Art. 6 Paragraph 1 Sentence 1 lit.

When you visit our website for the first time, a cookie banner is displayed on which consent can be given to the use of cookies that require consent. If you give your consent to this, we will save a cookie on your device and the banner will not be displayed again for the lifetime of the cookie. We use the following consent cookie on our website:

[allow_Cookie]

Function: Saves your answer to the question of whether you agree to the use of cookies on this website. It contains the content "true" (yes). The cookie is stored for one month and is a so-called first-party cookie, i.e. a cookie that is controlled from our website.

If you neither agree to the use of cookies on the banner nor make use of one of the options mentioned in this data protection declaration to deactivate cookies or terminate tracking measures, we understand the continuation of the use of our website as tacit consent declared by coherent behavior of the user in the use of cookies.

cc) Deactivating cookies

Most browsers generally accept cookies automatically. Affected users can change this through settings in the browser used by completely deactivating the storage of cookies, restricting it to certain websites or configuring the browser so that it automatically notifies you as soon as a cookie is to be set and the affected user for feedback asks. Individual cookies can also be blocked or deleted. For technical reasons, however, this can mean that some functions of our website are impaired and no longer function completely.

d) website analysis

The tracking measures listed below and used by us are based on the consent of the users concerned to receive cookies for the processing purposes stated in this data protection declaration, in accordance with Article 6 (1) (a) GDPR. In addition, they are based on a legitimate interest in accordance with Art. 6 Paragraph 1 Sentence 1 lit. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. These interests are to be regarded as legitimate within the meaning of the aforementioned regulation.

The respective data processing purposes and data categories can be found in the information on the tracking tools used.

aa) Google Analytics

We use Google Analytics, a web analysis service of the company Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043) for the purpose of the needs-based design and continuous optimization of our website , USA; hereinafter “Google”). We use this service as part of an order processing relationship.

Google Analytics uses cookies, which are described in detail below. The information generated by cookies about your use of this website, e.g. referring URL, pages visited on our website, language setting, screen resolution, operating system, etc., are used to create pseudonymised user profiles. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user and thus analyze their activities across devices.

The information obtained about your use of this website is usually transferred to a Google server in the USA and stored there. This information is processed to evaluate the use of the website, to compile reports on website activity and to provide us as the website operator with other services related to website activity and internet usage for the purposes of market research and the needs-based design of our website.

Under no circumstances will your IP address be merged with other Google data. At our request, the IP addresses are anonymized by Google so that personal assignment is not possible (IP masking). IP anonymization is carried out by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. Google is also certified under the EU-US Privacy Shield framework, according to which an adequate level of data protection must be established for Google's data in the USA.

You can prevent the installation of cookies by setting the browser software accordingly - as described above; however, we would like to point out that in this case not all functions of this website can be used to their full extent.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link, Deactivate Google Analytics. This will set an opt-out cookie that will prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. In order to prevent data collection across different devices, you must perform the opt-out on all end devices used.

If you delete the cookies in this browser, you will have to set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help Center:

https://support.google.com/analytics/answer/6004245?hl=de

You can find Google's privacy policy at:

https://www.google.com/policies/privacy/partners/?hl=de.

bb) Google-Analytics-Cookies

We use the following cookies from Google Analytics on our website:

[_ga]

Function: This cookie is part of Google Analytics (see below) and is used to identify a user. It contains a sequence of digits and is stored for two years. The cookie is a so-called first-party cookie, i.e. a cookie that is controlled from our website.

[_gid]

Function: This cookie is part of Google Analytics (see below) and is used to identify a user. It contains an alphanumeric string and is stored for one day. The cookie is a so-called first-party cookie, i.e. a cookie that is controlled from our website.

[_gat]

Function: This cookie is part of Google Analytics (see below) and is used to control the query rate for website usage. It typically contains a number and is stored for 1 minute. The cookie is a so-called first-party cookie, i.e. a cookie that is controlled from our website.

[_gac]

Function: This cookie is part of Google Analytics (see below) and is used to store information about advertising campaigns with Google AdWords and user behavior on the advertised website. It contains an alphanumeric string and is stored for three months. The cookie is controlled from our website or by the Google website when you click on the AdWords ad.

[_ga-disable]

Function: This cookie is part of Google Analytics (see below) and is used to save your decision that your user behavior should not be recorded by Google Analytics. It contains the content "true" and is saved until December 31st, 2099. The cookie is a so-called first-party cookie, i.e. a cookie that is controlled from our website.

cc) Google AdWords Conversion Tracking

In order to statistically record the use of the AdWords advertising used by us as a Google AdWords customer and for the purpose of optimizing our advertising and improving the design of our website, we also use Google Conversion Tracking.

In doing so, Google AdWords stores a cookie and possibly so-called tracking pixels on your device if you have reached our website via a Google ad. This cookie loses its validity after three months and is not used for personal identification. If the visitor obtained in this way visits certain pages on our website and the cookie has not yet expired, Google can recognize that the user clicked on the ad and was redirected to our website.

With the help of the information obtained through conversion cookies, conversion statistics are created for us as AdWords customers by Google. This tells us the total number of users who clicked on our ad and were forwarded to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

If affected users do not want to take part in this tracking process, they can generally deactivate the saving in the browser settings (see No. 7). Cookies for conversion tracking can also be deactivated by setting the browser so that it blocks cookies from the www.googleadservices.com domain.

You can find Google's data protection information on conversion tracking here:

https://services.google.com/sitestats/de.html

e) Use of contact forms

Using the contact form offered on our website, it is possible to contact us directly. It is necessary to provide personal data that are required to process the respective request, for example address or email address, a message; they are marked as mandatory information, further information can be provided voluntarily.

The processing of personal data is based on your voluntarily given consent in accordance with Art. 6 Para. 1 lit. a as well as to safeguard the legitimate interests of the association in accordance with Art. 6 Para. 1 S. 1 lit. to provide the service requested by the person concerned, for example to provide advice centers near the place of residence, to provide information about joining or to establish contact with an advice center of the association. This personal data is not passed on to third parties.

We have taken technical and organizational precautions to protect the data transmitted to us via contact forms from manipulation and unauthorized access. The transmission is also encrypted in accordance with the currently recognized state of the art (SSL / TLS technology).

f) Use of social media / social sharing functions

On the basis of your consent in accordance with Article 6 (1) (a) GDPR, but also based on Article 6 (1) (1) (f) GDPR, we use social sharing buttons from social networks, e.g. Facebook, Twitter, on our website , Google , to make our association better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

In connection with the integration of social media / social sharing functions to protect the persons concerned, we use the "Shariff script" developed by Heise.de. The integration of the sharing buttons from Facebook, Twitter or Google is deactivated by default, so that no data is initially sent to the operator of the social media platform when the website is accessed.

By clicking on the button of a social sharing button, you consent to the processing of personal data and contact is established between you and the selected provider of the social network.

Via these buttons, data, including personal data, can then be sent to the US service providers and, if necessary, used by them. Responsibility for the data protection compliant operation is to be guaranteed by the respective provider.

You can find more information about the Shariff solution on the provider's website, Heise Medien GmbH & Co. KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz- 2467514.html.

The control ring itself does not collect any personal data using the social media / social sharing functions or their use.

In addition, the access to our website by users registered and logged in with social media providers can be registered by the respective social networks when activating and using the social sharing functions on this website and linked to the user account. This can be avoided if affected users log out of their user account before activating the social sharing button.

Further information on this can be found in the following information on the individual social media providers.

aa) Facebook

Social media buttons from Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA) are used on our website in order to make their use more personal.

After clicking on the social media button, the browser of the user concerned establishes a direct connection to the Facebook servers. We have no influence on the nature and scope of the data that the plugin transmits to the Facebook Inc. server.

By activating the plugin, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is sent directly from your browser to a Facebook server in the USA and stored there.

If you are logged into Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example press the “Like” or “Share” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and shown to your Facebook friends.

Facebook can use this information for the purpose of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate the use of our website with regard to the advertisements shown to the users concerned on Facebook, to inform other Facebook users about their activities on our website and to provide further information about the use to provide Facebook related services.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options of users to protect their privacy can be found in Facebook's data protection information (https://www.facebook.com/about/privacy/) .

cc) Google

We use the " 1" button on our site from Google from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google".

If you have clicked on the button of the social media button, your browser establishes a direct connection with the Google servers. The content of the plugin is transmitted directly from Google to your browser, which integrates it into the website. This provides Google with the information that you have visited our site with your IP address.

Your activities within Google are saved by Google and can be displayed as information along with your profile name and photo in Google services, such as in search results or in your Google profile, or in other places on websites and advertisements on the Internet.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or their use by Google . If you do not want Google to assign the data collected via our website to your Google account, you must log out of Google before clicking on the social media button.

You can access Google's data protection information on the “ 1” button with all further information on the collection, transfer and use of data by Google, your rights in this regard and your profile setting options here: https://www.google.com/intl /de/ /policy/ 1button.html

i) Integration of Google Maps

We use the Google Maps map service for the interactive display of site plans from the advice centers. The display of the maps requires a connection to Google servers, which is established when our website is accessed. The map information is requested directly from Google by your browser and transmitted from there to your device.

Information about the use of this website, including your IP address and the place names or postcodes entered when searching for an advice center, is transferred to the USA. The legal basis is our legitimate interest in integrating the map service for the presentation of our advice centers in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Through certification according to the EU-US data protection shield ("EU-US Privacy Shield") https://www.privacyshield.gov, Google guarantees compliance with the EU data protection requirements when processing data in the USA.

If you call up the Google map service on our website while you are logged into your Google profile, Google can assign your visit to our website and the interaction with the Google Maps map service directly to your Google profile. If you do not want this, it is necessary that you log out of Google before calling up our websites on which Google Maps is integrated.

Google stores your data and uses it for advertising, market research and the personalized presentation of Google Maps. The purpose and scope of the data collection and the further processing of the data by Google as well as your related rights and setting options to protect your privacy can be found in Google's data protection information.

Data recipient

Within the association, only those departments have access to your data that need it to fulfill our contractual and legal obligations. Processors employed by us (Art. 28 GDPR) can also receive data for these purposes. These are companies in the IT services, telecommunications, website hosting, and email providers categories.

With regard to the transfer of data to recipients outside the association, it should first be noted that we are legally obliged to maintain secrecy about all member-related information that we gain knowledge of (Section 21 (1) StBerG). We are only allowed to pass on information about you if this is required by law, if you have given your consent or if we are authorized to do so. Under these conditions, recipients of personal data can be, for example:

Public bodies (e.g. supervisory or financial authorities of the federal states via the advice centers and the association's headquarters) in the event of a legal or official obligation or on your behalf. Service companies to which we transmit personal data in order to carry out the business relationship with you (e.g. IT service providers, Telecommunications company, website hosting, email provider).

Other data recipients can be those bodies for which you have given us your consent to transfer data or for which you have released us from the requirement of confidentiality in accordance with the agreement or consent.

Storage periods

In principle, we process and store personal data of the data subject only for the period necessary to achieve the processing purpose. Storage periods longer than those specified in this data protection declaration can result from the fact that the data are necessary for the establishment, exercise or defense of legal claims before an authority or that there are statutory storage obligations. The data is stored for as long as is necessary to fulfill these purposes.

Integration of the services of third parties and transfer to third parties

When making this website available and for the purposes set out in this data protection declaration, we involved specialized service providers as processors. In addition to the service providers mentioned, other service providers are involved as processors for website maintenance, quality assurance and hosting services. If other processors are commissioned with maintenance activities, they can also have access to your data.

The Mia san Lohnsteuerhilfeverein e. V. carefully selects these service providers and, in such a case, contractually obliges them to comply with the applicable data protection regulations. These service providers are bound by our instructions and are regularly checked by us.

Your personal data will only be transmitted to third parties for purposes other than those listed in the data protection declaration if:

You have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR that disclosure is required in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR for the establishment, exercise or defense of legal claims and no There is reason to assume that you have an overriding legitimate interest in not disclosing your data in the event that there is a legal obligation for the disclosure in accordance with Art. 6 Paragraph 1 Clause 1 lit. c GDPR, as well as legally permissible and according to Art. 6 Para. 1 S. 1 lit. b GDPR is necessary for the processing of contractual relationships with you.

As far as the Mia san Lohnsteuerhilfeverein e. V. wants to use your data in a way that goes beyond what is described above, your express consent will be obtained in advance.

Affected Rights

You have the right:

to request information about your personal data processed by us in accordance with Art. 15 GDPR. To request the correction of incorrect personal data or the completion of your personal data stored by us immediately according to Art. 16 GDPR; Art. 17 GDPR to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is; according to Art. 18 GDPR to demand the restriction of the processing of your personal data if you dispute the correctness of the data, if the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or Need defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR; 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible; Art. 7 Para. 3 GDPR to revoke your once given consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent in the future and Art. 77 GDPR in conjunction with § 19 BDSG to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our association headquarters.

Please contact us in order to assert these rights or to obtain additional information about them. The individual options for this can be found in our imprint.

Right to object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation.

If you would like to exercise your right to object, please contact us. The individual options for this can be found in our imprint.

Data security

We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

The transmission is also encrypted in accordance with the currently recognized state of the art (SSL / TLS technology). Our employees are also obliged to maintain confidentiality.

In principle, however, Internet-based data transmissions can have security gaps so that absolute protection cannot be guaranteed. Every person concerned is free to transmit personal data to us in other, non-digital ways, e.g. by telephone.

Links to other websites

This data protection declaration only applies to the use of our website, but not to the websites of other providers to which reference is made, e.g. via links. The data protection information and declarations there apply to them.

If you call up an external website from our website (external link), the respective operator will receive the information from your browser as to which of our websites you have come from. Like any other website provider, we are unable to influence this process.

Current status and changes to this data protection declaration

This data protection declaration is currently valid and is dated January 2021.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to change this data protection declaration.