Privacy Policy

We are pleased to welcome you to our homepage.

Protecting your personal data is very important to SW Germany GmbH Germany Wirtschaftsprüfungsgesellschaft/Steuerberatungsgesellschaft, Anton-Jordan-Strasse 1, 56070 Koblenz, Germany, e-mail: datenschutz@sw-germany.com (hereinafter referred to as ‘SW Germany’).

With that in mind, we will provide information below about what personal data of yours we process, and in what form, when you use our website. Please do not hesitate to contact us if you have any questions.

You will find relevant contact details above and at the end of this Privacy Policy.

When you contact us via e-mail or via a contact form, the data you provide (your e-mail address, and, if applicable, your name and your telephone number) will be stored by us in order to answer your questions. We erase data collected in this context after retention is no longer necessary, or limit processing if statutory retention obligations apply.

If we wish to use commissioned service providers for specific functions of our offerings, or use your data for marketing purposes, we will inform you in detail about the respective processes below. We will also indicate the criteria for determining how long your data will be stored.

In some cases, we use external service providers to process your data (‘processors’). They have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. For example, applicant data that you enter via the corresponding tool on our website is transmitted to a third party based in the Federal Republic of Germany who has been commissioned to process the application.

Last updated: August 2022

Our most recent version of this document applies in all cases.

Data Protection Officer

If you have any questions regarding the processing of your personal data, you can contact the Data Protection Officer for the relevant company in the SW Germany GmbH who is available in cases of requests for information, comments or complaints. You can find them under the site information.

Mail: datenschutz@sw-germany.com
As on: January 2022

Personal data

Personal data comprises all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information such as your name, address, telephone number, email address, bank details or date of birth.

Processing personal data

When processing your data, we treat your personal information with the utmost care and responsibility. Therefore, your personal data will of course be processed in compliance with the applicable national (in particular the Federal Data Protection Act – ‘BDSG’) and European data protection regulations (EU General Data Protection Regulation, hereinafter also referred to as ‘GDPR’).

Processing personal data for such purposes means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data. Without limitation, data processing means the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Collection of personal data when you visit our website

If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, or use a contact form or create an account, we only collect the personal data which your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee the stability and security of your visit to our website (applicable legal basis is Art. 6(1)(f) GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (specific page)
  • Access status/HTTP status code
  • The volume of data transferred in each case
  • Website from which the request came (referrer, if applicable)
  • Browser
  • Operating system and interface, screen resolution and colour depth
  • Language and browser software version

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in association with the browser you are using and through which the party setting the cookie (in this case, us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make our website more user-friendly and functional.

Use of Cookies

This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies
  • Persistent cookies

Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called ‘session ID’ by means of which various requests from your browser can be assigned to a common session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period. This period may differ depending on the particular cookie. You can delete the cookies at any time using your browser’s security settings.

You can configure your browser settings according to your needs and, for example, refuse to accept third-party cookies or all cookies. However, please note that, if you do so, you may not be able to use all the functions of this website.

We also use cookies to identify you for follow-up visits if you have an account with us. Otherwise, you will have to log in again for each visit.

Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google, Inc. (‘Google’).

We use Google Analytics to analyse and regularly improve the use of our website. The statistics gathered in this fashion make it possible to improve our website and make it more attractive for you as a user.

Google Analytics uses cookies, which are text files placed on your computer that permit an analysis to be made of how you use the website.

Google also processes your personal data in the United States. Before giving your consent pursuant to Art. 49(1)(a) GDPR, please note that, in the absence of an adequacy decision and suitable safeguards, there may not be an adequate level of data protection in the United States, as data protection laws do not comply with the requirements of the GDPR and, in particular, data subjects’ rights may not be enforceable.

Cookies are only set if you provide us your consent to do so. The legal basis for doing so is Art. 6(1)(a) GDPR (‘consent’). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect without risk of any disadvantage as a result.

As a rule, the information generated by the cookie about your use of the website will be transmitted to, and stored by, Google on servers in the United States. However, if IP anonymisation is enabled on this website, your IP address will first be abbreviated by Google within the Member States of the European Union or countries which are contracting parties to the Agreement on the European Economic Area. This website uses Google Analytics with the extension ‘_anonymizeIp()’. This means that IP addresses are further processed in a shortened form, thus preventing the identification of specific individuals. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible. Only in exceptional cases will the complete IP address be transferred to a Google server in the United States and shortened there.

Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities for website operators, and to provide additional services related to the use of the website and the internet.

The IP address transferred by your browser in connection with Google Analytics will not be associated with other data held by Google.

Information about the third-party service provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User terms and conditions: www.google.com/analytics/terms/de.html, data protection overview: www.google.com/intl/de/analytics/learn/privacy.html,

as well as the privacy policy: https://policies.google.com/privacy.

Use of Google Tag Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tool Tag Manager itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will apply to all tracking tags implemented with Google Tag Manager.

Google also processes your personal data in the United States. Before giving your consent pursuant to Art. 49(1)(a) GDPR, please note that, in the absence of an adequacy decision and suitable safeguards, there may not be an adequate level of data protection in the United States, as data protection laws do not comply with the requirements of the GDPR and, in particular, data subjects’ rights may not be enforceable.

The actions described above will only be taken if you have given us your consent. The legal basis for doing so is Art. 6(1)(a) GDPR (‘consent’). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect without risk of any disadvantage as a result.

Contact form

We will process any data you provide to us when you contact us by e-mail or via a contact form. The only mandatory information includes your name and e-mail address, the desired SW Germany location to which you wish to send your contact request and the subject of your request. This information is necessary so that we can respond to your enquiry appropriately. You can provide other personal data on a voluntary basis if you wish (for example, we need your telephone number if you ask us to call you back; we need your address if you want us to send you informational material by post). We will store your personal data in order to answer your questions and satisfy your requests. We erase data collected in this context after retention is no longer necessary, or limit processing if statutory retention obligations apply.

The legal basis for doing so is Art. 6(1)(f) GDPR (‘legitimate interest’).

Advertising

In the case of existing client relationships, or other fee-based contractual relationships, we additionally intend to process data you have provided to us, or that we have collected, for marketing purposes.

According to the recitals to the GDPR, there is a legitimate interest with regard to so-called direct marketing (Recital 47, seventh sentence). The term direct marketing refers to direct contact with a customer by a provider with the aim of promoting the sale of fee-based services. Satisfaction surveys or participation in other surveys may also fall within the legal definition of marketing. Other applicable legal requirements (in particular section 7(3) Act on Unfair Competition (‘UWG’) and the ePrivacy Regulation) are, of course, observed.

In this context, the legal basis is Art. 6(1)(f) GDPR (‘legitimate interest’).

Absent an existing client relationship or other fee-based contractual relationship, we will only process your personal data for marketing purposes if you have given us your consent to do so (Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR). Based on your voluntary consent, you can, for example, also subscribe to our newsletter which we use to provide you information about our current offerings. Services, etc. that are included in the advertising are referred to below and additionally in the declaration of consent. We use the ‘double opt-in’ process to register for our newsletter on our homepage. This means that after you register, we will send an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this process is to be able to verify your registration and, if necessary, to clarify any potential misuse of your personal data. The only mandatory information to send the newsletter is your e-mail address and the desired information. The provision of additional, separately marked data is voluntary and is used to be able to personalise your content. After your confirmation, we will store your personal data for the purpose referred to above.

The legal basis for doing so is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR (‘consent’). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result, whereby we will not be able to send you the newsletter in such cases. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, e-mail) to the contact details shown above without fearing any disadvantage as a result.

The failure to provide this consent, or its withdrawal, does not preclude application of statutory authorisation bases for data processing including, without limitation, Art. 6(1)(b) GDPR (‘necessary for the performance of a contract’), Art. 6(1)(c) GDPR (‘legal obligation’) and Art. 6(1)(f) GDPR (‘legitimate interest’).

Marketing is sent by post, electronically (including e-mail, social media), by SMS/MMS or by phone call to the extent permitted by law.

Without limitation, marketing measures relate to newsletters, info letters, invitations and announcements of events as well as all services provided by SW Germany.

Marketing may also be undertaken by other DORNBACH Group companies (an overview of the individual companies can be found here) to the extent permitted by law. Your personal data may be sent to these DORNBACH Group companies for the marketing purposes referred to above and processed for such marketing purposes.

You can object to the processing of your personal data for marketing purposes at any time. The relevant contact details are provided above and at the end of this document. In such cases, your personal data will no longer be processed for marketing purposes and will be deleted from the corresponding marketing distribution lists.

You may withdraw your consent at any time. You can withdraw your consent by clicking on the link provided in each newsletter e-mail or by sending a message to the contact details listed in this document. Withdrawing your consent does not affect the lawfulness of processing performed prior to your withdrawal.

Among other means, we use the CleverReach e-mail tool to send our newsletter. This tool is operated by CleverReach GmbH & Co KG, Mühlenstrasse 43, 26180 Rastede, Germany. As part of this process, your data (e-mail address, IP address) will also be processed by CleverReach in accordance with our instructions on the basis of a contract data processing agreement entered into pursuant to Art. 28 GDPR. Your data will not be shared with other third parties for purposes of receiving the newsletter and CleverReach is not granted any rights to share your data. You can find additional information in the CleverReach privacy policy: https://www.cleverreach.com/en-de/privacy-policy/.

Seminar registration / events

We regularly organise seminars, online seminars and events for clients and prospective clients on current topics in auditing, tax consultancy, legal advice and IT services.

In general, you can make a binding registration for these seminars, online seminars and events online via our portal, by post or by e-mail.

We process the following mandatory data in this regard: company, attendee name and e-mail address and, if applicable, the participant’s address. Without limitation, this serves to enable us to associate your registration to a specific person and to send you relevant information on the date and content of the seminar, online seminar or event as well as a certificate of participation if desired. We also need your address in order to send you an invoice if the seminar, online seminar or event is subject to fee.

All other data that may be requested (title, function, telephone number, how did you hear about our event?) may be provided on a voluntary basis, but you are not obliged to do so.

If you register online for a seminar, an online seminar or an event, your data will be stored and processed on the systems operated by our partner EMO EventManager Online GmbH, Winterhuder Weg 29, 22085 Hamburg (seminars and events) or LogMeIn Ireland Limited, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland (online seminars). A corresponding commissioned data processing contract has been concluded with these providers in accordance with Art. 28 GDPR. Our partners will process your data only in accordance with applicable legal requirements and only in accordance with instructions provided within the scope of performing a contract as a commissioned data processor. They have also taken the necessary security measures as well as implementing technical and organisational measures.

If you do not provide us the mandatory information referred to above, we cannot provide you access to our seminars, online seminars and events as this information is required for the performance of the contract.

The legal basis is Art. 6(1)(b) GDPR (‘necessary for the performance of a contract’).

Integration of YouTube videos

We have integrated YouTube videos into our website. These videos are stored at www.YouTube.com and can be played directly from our website.

Our company uses the ‘two-click’ solution. This means that if you visit our website, initially, no personal data will be sent to the provider. All videos are integrated in the ‘Extended Privacy Mode’, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. We give you the opportunity to communicate directly with the provider via the video. Data referred to in the section ‘Collection of personal data when visiting our website’ of this Privacy Policy will only be transmitted once you play the videos. In addition, YouTube will then be notified that you have accessed the corresponding sub-page of our website. This is regardless of whether YouTube has provided a user account through which you are signed in or even if you do not have a user account. If you are signed in, your data will be directly associated with your account. If you do not wish this information to be associated with your YouTube profile, you must sign out before clicking a button. YouTube stores your data as usage profiles and uses your data for the purposes of advertising, market research and/or tailoring its website to your needs. Such evaluation also takes place (even for users who are not signed in) for the purposes of providing customised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles; you must contact YouTube to exercise this right.

YouTube also processes your personal data in the United States. Before giving your consent pursuant to Art. 49(1)(a) GDPR, please note that, in the absence of an adequacy decision and suitable safeguards, there may not be an adequate level of data protection in the United States, as data protection laws do not comply with the requirements of the GDPR and, in particular, data subjects’ rights may not be enforceable. The actions described above will only be taken if you have given us your consent. The legal basis for doing so is Art. 6(1)(a) GDPR (‘consent’). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect without risk of any disadvantage as a result.

For more information on the purpose and scope of data collection and processing by YouTube, please refer to its privacy policy. There, you will also find further information about your rights and setting options to protect your privacy: https://policies.google.com/privacy.

Use of Google reCAPTCHA

We use Google reCAPTCHA, a service provided by Google, on our websites.

Google reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, Google reCAPTCHA analyses the behaviour of the respective website visitor based on various characteristics. This analysis starts automatically as soon as the visitor accesses the website. To perform this analysis, Google reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The Google reCAPTCHA analyses run completely in the background. Visitors to the website are not informed that an analysis is taking place.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/policie...

The legal basis is Art. 6(1)(f) GDPR (‘legitimate interest’).

No use of social media plug-ins

We do not use social media plug-ins.

Our pages merely include links to our profile on: LinkedIn.

For more information about the purpose and scope of data collection and its processing by the provider when you visit its website, please refer to the respective provider’s privacy policy listed below. Here, you will also find further information on your rights and the settings options for protecting your privacy.

Addresses for the provider and URL for its privacy policies:

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States; http://www.linkedin.com/legal/privacy-policy.

Use of Google Maps

We use the functions of Google Maps, a service provided by Google, on our website. This allows us to display interactive maps directly on our website and enables you to conveniently use the map function.

Our company uses the ‘two-click’ solution. This means that if you visit our website, initially, no personal data will be sent to the provider. We give you the opportunity to communicate directly with the provider via our map. The provider only receives the information that you have accessed our website when you click on the designated field and activate it. In addition, data referred to in the section ‘Collection of personal data when visiting our website’ of this Privacy Policy will be transmitted. This is done regardless of whether you are signed into a Google account or not. If you are also signed into Google, your information will be directly associated with your account. If you do not wish this information to be associated with your Google profile, you must sign out of Google before clicking a button. Google stores your data as usage profiles and uses it for purposes of advertising, market research and/or tailoring its website to your needs. Such evaluation also takes place (even for users who are not signed in) for the purpose of providing customised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right.

Google also processes your personal data in the United States. Before giving your consent pursuant to Art. 49(1)(a) GDPR, please note that, in the absence of an adequacy decision and suitable safeguards, there may not be an adequate level of data protection in the United States, as data protection laws do not comply with the requirements of the GDPR and, in particular, data subjects’ rights may not be enforceable. The actions described above will only be taken if you have given us your consent. The legal basis for doing so is Art. 6(1)(a) GDPR (‘consent’). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect without risk of any disadvantage as a result.

For more information about the purpose and scope of data collection and its processing, please refer to the provider’s privacy policy. You will find further information on your corresponding rights and options for protecting your privacy at: www.google.de/intl/de/policies/privacy.

Duration of data processing

The maximum duration of data processing depends on the purpose of the data processing concerned. The retention period depends on the period for which retention is necessary to fulfil the relevant purpose for which data is being processed. This does not change statutory retention obligations.

Recipients of the personal data

We transmit personal data to operational departments at SW GERMANY.

In addition to the transfers discussed above, such transfers are also made to:

  • DORNBACH

Location of data processing activities

Your personal data is processed entirely within Germany or other member states of the European Union. We will not transfer your personal data to countries outside the member states of the European Union (so-called third countries) or to other international organisations unless a reference to transfers to third countries is set out above.

Security / technical and organisational measures

Taking into account the provisions of Articles 24, 25 and 32 GDPR, we undertake all necessary technical and organisational measures to protect your personal data against loss, destruction, access, modification, dissemination by unauthorised persons and misuse.

For example, we comply with legal requirements regarding the pseudonymisation and encryption of personal data, confidentiality, integrity, availability and resilience of systems and services related to data processing, the availability of personal data and the ability to quickly restore such data in the event of a physical or technical incident, and the establishment of procedures for the regular testing, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of the processing.

Furthermore, we also observe the requirements of Art. 25 GDPR with regard to the principles of ‘privacy by design’ and ‘privacy by default’.

Your rights

You have a legal right to access personal data held about you free of charge and, if the legal requirements are met, the right to rectification, blocking and erasure of your data, to restriction of processing, to data portability and the right to object.

You also have the opportunity to lodge a complaint with the competent supervisory authority.

If you have any questions regarding the processing of your personal data, questions relating to the above-mentioned rights and their exercise, or suggestions, please contact us by e-mail at datenschutz@sw-germany.com or using the contact details set out above.