Data protection

Below you will find information on specific individual data processing activities.

We identify the controller(s), explain the purposes and legal basis of the data processing, and the criteria for the period of storage of your personal data.

(1) Entity responsible for data processing (controller)

The controller is:
Esche Schümann Commichau
Rechtsanwälte Wirtschaftsprüfer Steuerberater
Partnerschaftsgesellschaft mbB.
The contact details of the controller can be found above under section 1. a.

(2) Type and purposes of data processing

(a) Processing of data transmitted in the background
The type and scope of the processing of your personal data differs depending on whether you visit our website only to retrieve information or whether you use the services we offer on the website.
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we collect the following data and store it in our system's log files. This includes the following data:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page),
• Access status/HTTP status code,
• Amount of data transmitted in each case,
• Website from which the request originates,
• Operating system used and its interface,
• Browser, language and version of the browser software.
   

The log file data that we do not assign to a specific person is stored separately from all personal data you provide. We evaluate this anonymously collected data and information statistically and with the aim of increasing data protection and data security in order to ultimately ensure an optimal level of protection for the personal data we process.

(b) Use of technical cookies that support the functioning of the website
In addition to the aforementioned data, so-called cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.

There are two types of cookies used on this website: So-called technical cookies and so-called performance and tracking cookies.
Technical cookies (also known as ‘necessary cookies’) are cookies that are absolutely necessary to ensure the operation of the website and to maintain functions of the site, such as access to protected areas of the website. These are mainly session cookies or connection cookies. The legal basis for processing is Art. 6 (1) sentence 1 point (f) GDPR. Our legitimate interest in this respect is to maintain the functions of the website.
These strictly necessary cookies are stored in your browser for the duration of your visit to the site and are deleted when you close your browser.

(c) Analysis tools performance and tracking cookies
Provided you give us your consent to the use of performance and tracking cookies, this website uses software from the web analysis service Matomo (formerly PIWIK) to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. The data collected in this way is not used for direct marketing purposes or passed on to third parties. Mamoto also does not have access to the data.

Mamoto is only used if you have given your consent to the use of performance and tracking cookies in the cookie banner displayed when you visit our website.

If you have consented to the use of performance and tracking cookies, cookies (see above for details) will be stored on your computer.

These performance and tracking cookies collect the following data:

• IP address (truncated)
• Date and time of access
• Page accessed (title and URL)
• Page from which the current page was accessed (referrer URL)
• Time in the local user's time zone
• Links to an external domain that was clicked on (outlink)
• Page generation time (the time it takes for web pages to be generated by the web server and then downloaded by the user: page speed)
• User location: country, region, city, approximate geographical latitude and longitude (geolocation)
• Main language of the browser used (Accept-Language header)
• User agent of the browser used (User-Agent header)

This website uses Matomo with the ‘AnonymizeIP’ extension. This means that IP addresses are truncated before being processed, thus ruling out any direct subsequent personal references or identifications. Even after truncation, the IP address transmitted by your browser via Matomo is not merged with other data collected by us.

We store the information collected in this way exclusively on our server in Germany.

Withdrawal of your consent to the use of performance and tracking cookies / opt-out for online tracking after submitting a declaration of consent
You can prevent the above-described evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies by adjusting your browser settings, please note that you may not be able to use this website to its full extent. You can prevent the storage of cookies by adjusting your browser settings.

You can also prevent the use of Matomo by not giving us your consent or by withdrawing your consent after you have given it. You can send your declaration of withdrawal or objection in writing or by email to our address given above in section 1. a.

The cookie ‘pk_id*’ is used to register a unique ID for a website visitor, which logs how the visitor uses the website. The data is used for statistical purposes. The cookie is deleted after 13 months. In addition, the cookie ‘pk_ref*’ with a duration of 6 months is used in this context as a reference to anonymous tracking sessions on the site. The cookie ‘pk_ses*’ stores the unique session ID for 30 minutes. Finally, the session cookie ‘MATOMO_SESSID’ is used, which stores the web visit based on a session and visitor ID and is deleted when the browser is closed.

(d) Events
You can register for a forum or other event organised by ESC Unternehmensberatung GmbH via this website. For more information, please see section 2. c. below.

(e) Newsletter
If you give your consent, you can subscribe to our newsletter, which we use to inform you about our current interesting offers. You can also order our client information ‘compact’ or ‘compact special’. Further information can be found below under section 2. d.

(3) Legal basis
The legal basis for processing is Art. 6 (1) sentence 1 point (f) GDPR: The processing of personal data in the case of purely informational use of our website serves our legitimate interest in displaying our website to you and ensuring the stability and security of this website. The use of technical cookies (see above) serves our legitimate interest in making the website user-friendly and effective overall by ensuring the functionality of the website through these cookies. The use of the Matomo web analysis service is based on your consent. The legal basis for the processing of personal data on the basis of a declaration of consent is Art. 6 (1) sentence 1 point (a) GDPR. 

(4) Criteria for the storage period

In the case of purely informational use of our website, we store the above-mentioned data for seven days. However, storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to assign them to the client visiting our website.

This website uses the following types of cookies, the storage period and functionality of which are explained below.
(aa) Technical cookies within the meaning of this privacy policy (transient cookies) are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

(bb) Performance and tracking cookies (persistent cookies) are automatically deleted after a specified period, which may vary depending on the cookie and your browser settings. You can delete cookies at any time in your browser's security settings.
The use of the Matomo web analysis service – as described above in 2 a. (2) (c) – only leads to the storage on our storage media of data which – among other things due to the anonymised IP addresses – cannot be assigned to you personally by us.

In all other respects, the information under section 1. g. applies.

(1) Entity responsible for data processing (controller)

The controller is the respective ESCHE company to which you direct your request or with which you have concluded an engagement agreement. If personal data relating to you is transmitted to us by third parties, the controller is the ESCHE company that is the recipient of your personal data. The contact details of the controller can be found above under section 1. a.

(2) Purposes of data processing
If you contact us within the scope of an engagement or to enter into an engagement agreement, we will store the personal data transmitted with your request. We process the personal data necessary for the establishment and execution of the engagement relationship. This includes, in particular, your first name and surname, your contact details and other data necessary for the execution of the engagement, depending on the type and scope of the existing or future engagement.

If your personal data relating to an existing or future engagement is transmitted to us by third parties, the data processing serves the purpose of executing the engagement. If your personal data is transferred to us because our client is considering asserting claims against you, or because our client expects that claims could be asserted against them, the data processing also serves to assert, establish, exercise or defend legal claims.

(3) Legal basis
The legal basis for the processing of data is, on the one hand, Art. 6 (1) sentence 1point (b) GDPR, insofar as you are our client or provide us with your personal data for the purpose of entering into a future engagement relationship with us. The processing of this data serves the performance of a contract or is necessary for the implementation of pre-contractual measures.

If your personal data relating to an existing or future engagement is transmitted to us by third parties, in particular by our clients, the legal basis for the processing of the data is, on the one hand, also Art. 6 (1) sentence 1 point (b) GDPR, if the subject matter of our engagement is the conclusion of a contract with you, the assertion or establishment of claims arising from a contract or advice relating to these matters. On the other hand, the legal basis is Art. 6 (1) sentence 1 point (f) GDPR: The data processing serves to safeguard the legitimate interests of our client, which may lie in particular in the assertion, establishment, exercise or defence of legal claims.

(4) Criteria for the storage period
We store your data until the end of the engagement, plus the duration of any retention obligations under professional law or based on any other grounds.

In all other respects, the information under section 1. g. applies.

Controllers, purposes, legal bases and criteria for the storage period for individual data processing activities

(1) Entity responsible for data processing (controller)
The controller is the respective ESCHE company that is listed as the organiser in the event documents or on our website www.esche.de. The contact details of the respective controller can be found above under section 1. a.

(2) Type and purpose of data processing
You can register for a workshop, forum or other event via our website www.esche.de. Mandatory information for registering for an event includes your first and last name, your address and your email address. The provision of further data marked accordingly is voluntary. Of course, you can also register for events by telephone, fax, letter, email, etc. Your data will be used to organise and conduct the event.

If you also indicate that you would like to receive invitations to events by email in future, your personal data, including your email address, will be used for the purpose of informing you about events that you have indicated you are interested in.

If you are our client or an employee of our client who is entrusted with handling their legal, tax or financial affairs, such as a managing director, legal advisor, head of accounting, employee of the human resources department or the patent and trademark department, we will also send you information about training events, such as workshops and forums, without your express consent, if the topics covered are comparable to our consulting services that are the subject of the engagement and can therefore meaningfully supplement or deepen them. We will also invite you to events that serve to promote our business relationship with our clients, such as client summer parties, receptions, etc. For this purpose, we store and process your first and last name, your address and your email address.

(3) Right of withdrawal and objection
You may object to the use of your personal data for the purpose of sending you invitation emails and event information at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your objection in writing or by email to the above address. You can also use the option provided in an email sent to you to prevent further emails from being sent by clicking a button.

(4) Legal basis
The legal basis for processing is Art. 6 (1) sentence 1 point (b) GDPR, as data processing is necessary for the performance of a contract.
The legal basis is also Art. 6 (1) sentence 1 point (f) GDPR. Our legitimate interest is to be able to offer you events with and without a training character that meet your requirements and thereby promote the business relationship with our clients.

(5) Criteria for the storage period
We store your data until the event has taken place or, if you have expressed an interest in being invited to further events in the future, or if you are our client or an employee of our client who is entrusted with the handling of their legal, tax or financial affairs, until you object to the further use of your personal data.

You may object to the use of your personal data for the purpose of sending you invitation emails and event information at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your objection in writing or by email to the above address. You can also use the option provided in an email sent to you to prevent further emails from being sent by clicking a button.

In all other respects, the information under section 1. g. applies.
 

(1) Entity responsible for data processing (controller)
The controller is the respective ESCHE company named as the controller in the publication. If no other controller is named in the publication, the controller is:

ESCHE SCHÜMANN COMMICHAU
Rechtsanwälte, Wirtschaftsprüfer, Steuerberater
Partnerschaftsgesellschaft mbB

The contact details of the controller can be found above under section 1. a.

(2) Type and purposes of data processing
If you give your consent, we will send you publications such as our newsletter, client information ‘compact’ or ‘compact special’, etc.

We use the so-called double opt-in procedure for registration for our newsletter and client information ESCHE news or ESCHE news special. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this data processing is to evidence your registration and, if necessary, to investigate any possible misuse of your personal data.

Your email address is required for the newsletter and client information ESCHE news or ESCHE news special to be sent by email. The provision of further data, such as your title and your first and last name, is voluntary. If you wish to subscribe to our client information ESCHE news or ESCHE news special as a print publication, we require your first and last name as well as your address as mandatory information. After your confirmation, we will process your email address and any data you have voluntarily provided for the purpose of sending you the newsletter. If you would like to receive our client information ‘compact’ or ‘compact special’ by post, we will process your first and last name and the address you have provided for the purpose of sending you the publication by post.

If you are our client or an employee of our client who is entrusted with handling their legal, tax or financial affairs, such as a managing director, legal advisor, head of accounting, employee of the human resources department or the patent and trademark department, we will send you our newsletter and our client information, such as ‘compact’ or ‘compact special’, even without your express consent, if the topics covered by the publications are comparable to our consulting services that are the subject of the engagement and can therefore meaningfully supplement or deepen them. We will also send you Christmas cards and similar communications in accordance with social customs. For this purpose, we store and process your title, first and last name, address and, if the publication is sent by email, your email address.

You may withdraw your consent at any time and object to the use of your personal data for the purpose of sending you our newsletter or client information, such as ‘compact’ or ‘compact special’, at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your declaration of withdrawal or objection in writing or by email to our address mentioned above in section 1. a. You can also use the option provided in our newsletter emails to prevent further emails from being sent by clicking a button.

(3) Right of withdrawal and objection
You may object at any time to the use of your personal data for the purpose of sending you our newsletter or our client information, such as ‘compact’ or ‘compact special’, without incurring any costs other than the transmission costs according to the basic rates. You can send your declaration of withdrawal or objection in writing or by email to our address specified above in section 1. a. You can also use the option provided in our newsletter emails to prevent further emails from being sent by clicking a button.

(4) Legal basis
The legal basis for processing is Art. 6 (1) sentence 1 point (b) GDPR, as data processing is necessary for the performance of a contract.

The legal basis is also Art. 6 (1) sentence 1 point (f) GDPR if you are our client or an employee of our client who is entrusted with the handling of their legal, tax or financial affairs. Our legitimate interest is to send you publications tailored to your consulting needs as well as communications in line with social customs, such as Christmas cards, thereby promoting our business relationship with you.

(5) Criteria for the storage period
If the data processing is based on your consent, we will store your data until you withdraw your consent. We will then delete your data. The same applies if you object to the further use of your personal data for the purpose of sending publications (see above).
In all other respects, the information under section 1. g. applies.

If you are applying to one of the companies listed under 1. a. above as an employee, trainee, intern or for any other contractual relationship, we would like to provide you with the following information in addition to the general information (under 1. above).

(1) Decision on the establishment of an employment relationship, apprenticeship, internship or other contractual relationship

(a) Purposes of data processing
We collect and process your personal data for the purpose of deciding whether to establish a contractual relationship for which you are applying (employment relationship, apprenticeship, internship or other contractual relationship).

(b) Legal basis
The legal basis for processing is the General Data Protection Regulation (GDPR) in conjunction with Section 26 of the German Federal Data Protection Act (BDSG). If the contractual relationship for which you are applying is not an employment relationship within the meaning of Section 26 (8) BDSG (i.e. in particular not a dependent employment relationship or an employment for occupational training purposes), the legal basis for the processing of your personal data is Article 6 (1) point (b) GDPR. Personal data may also be processed on the basis of other legal provisions, in particular those relating to employment law, occupational training law and social law, in their respective versions. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the controller is subject, it is based on Art. 6 (1) point (c) GDPR. If you give us your consent to the processing of your personal data, the legal basis for data processing is Art. 6 (1) point (a) GDPR.

(c) Criteria for the storage period
Personal data processed for the purpose of deciding on the establishment of a contractual relationship will generally be deleted when the processing is no longer necessary for the decision on the establishment of a contractual relationship. The duration of storage therefore depends on the duration of the decision-making process.

If you have sent us a speculative application – i.e. an application that does not relate to a specific position advertised by us – we will also process your personal data in order to decide on the establishment of a contractual relationship. The above statements apply accordingly, whereby we will generally delete your data if we believe that your personal data is unlikely to be used to decide on the establishment of a contractual relationship.

If the processing of your personal data is based on consent, the storage period resulting from the declaration of consent and the possible exercise of your right of withdrawal are the decisive criteria for the storage period, whereby withdrawal does not affect processing based on another legal basis.

(2) Possible processing for the assertion, establishment, exercise or defence of legal claims in connection with applications(d) Purposes of data processing

Under certain circumstances, your personal data may be used to assert, establish, exercise or defend legal claims if you or the controller to whom you have addressed your application has legal claims or asserts or establishes such claims.

(e) Legal basis, legitimate interests
The legal basis in these cases is Art. 6 (1) point (f) GDPR. According to Art. 6 (1) point (f) GDPR, the processing of personal data is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by your interests and rights to exclude the processing. The legitimate interests of the controller or third party lie in the assertion, establishment, exercise or defence of legal claims.

(f) Criteria for the storage period
In individual cases, the storage period may therefore exceed the period of decision-making on the establishment of a contractual relationship. This would be the case, for example, if there are indications that you will assert claims against the controller. The data will then be stored for as long as the processing of the data is necessary for the assertion, establishment, exercise or defence of legal claims. The criteria for the storage period may include the time limits set out in the German General Equal Treatment Act (AGG) and the German Labour Court Act (ArbGG) (Section 15 (4) sentence 1 AGG; Section 61 b ArbGG) as well as limitation periods or statutory retention periods.

Storage may also take place if this is provided for or prescribed by European or national legislators in EU regulations, laws or other regulations to which the controller is subject.

(3) Legal or contractual obligations to provide personal data in connection with applications
You are not obliged to provide us with personal data for the application process. However, without the information required to assess your suitability, check the requirements for lawful employment and your availability, and to contact you, we cannot carry out the application process.

Where legally permissible, we generally intend to use personal data that we receive from you, including your email address, for the purpose of advertising our services and events. To this end, we may contact you by post or email. You have the right to object to the use of your personal data – in particular the use of your email address – for advertising purposes at any time, without incurring any costs other than the transmission costs according to the basic rates. You can send your objection to the person responsible for processing your data using the contact details above.

(1) Entity responsible for data processing (controller)

The controller is:
ESC – Esche Schümann Commichau Stiftung.
The contact details of the controller can be found above under section 1. a.

(2) Purposes of data processing
You have the opportunity to apply to us for the foundation's sponsorship award. This includes, in particular, your first and last name, your contact details and your CV. We collect and process your personal data for the purpose of deciding whether to grant sponsorship. If you are awarded a prize, we will also need your account details in order to transfer the prize money.

We process the personal data of the ESC – Esche Schümann Commichau Stiftung prize winners for the purpose of organising the award ceremony (invitations, programme booklets, etc.). We publish your name and the title of your dissertation in the list of previous award winners, which is available on our website.

You have the option of donating to the ESC – Esche Schümann Commichau Stiftung. In this case, we process the personal data you provide, in particular your payment details. We receive your payment details from your account-holding bank when you transfer a donation to us.

(3) Legal basis
The legal basis for the processing of your personal data in the context of the selection process and for the award ceremony is Art. 6 (1) sentence 1 point (b) GDPR (implementation of pre-contractual measures or performance of a contract).

The legal basis for processing in the context of compiling the overview of previous award winners and publishing it is the protection of legitimate interests (Art. 6 (1) sentence 1 point (f) GDPR). Our legitimate interests consist of providing information about the foundation's award winners and the respective topics of their dissertations, postdoctoral theses and diploma theses, thereby promoting the purpose of our foundation. The publication of the award winners serves to enhance the reputation of the foundation and is intended to draw the attention of applicants and donors to us.

With regard to the processing of personal data of donors, the legal basis is Art. 6 (1) sentence 1 point (b) GDPR and Art. 6 (1) sentence 1 point (f) GDPR. Our legitimate interest lies in receiving the donation to promote the purpose of our foundation.

(4) Criteria for the storage period
Personal data processed for the purpose of deciding on the award of the foundation's sponsorship prize will generally be deleted if the processing is no longer necessary for the decision and the foundation has decided against sponsoring you. The duration of storage therefore depends on the duration of the decision-making process.

The names of the award winners and the titles of the dissertations, postdoctoral theses and diploma theses will be published for as long as this is necessary to promote the purpose of the ESC – Esche Schümann Commichau Stiftung.

Donor data will be deleted after the donation has been processed and the relevant retention obligations, in particular those under tax law regulations, have expired.

In all other respects, the information under section 1. g. applies.

(1) Entity responsible for data processing (controller)
If you contact us as an existing or future supplier or service provider, or if we contact you, the controller is the ESCHE company that you contact or that contacts you.

If you enter our premises or drive into our car park as a visitor, the controller is:

ESCHE SCHÜMANN COMMICHAU
Rechtsanwälte Wirtschaftsprüfer Steuerberater 
Partnerschaftsgesellschaft mbB.

The contact details of the controller can be found above under section 1. a.
Please note that if video recordings are made of you, including recordings of your vehicle registration number when driving into our underground car park, the information below under section 2. f. applies.

(2) Purposes of data processing
If you contact us to initiate, conclude or perform a contract, we will process the personal data you provide to us in order to decide whether we wish to conclude such a contract with you and, if applicable, to conclude and perform such a contract. This also applies if we contact you on our own initiative to initiate, conclude or perform a contract because we wish to engage you as a supplier or service provider.

If you visit our premises, including our underground car park, and provide us with personal data, for example by giving your name to our reception staff, your personal data will be processed for the purpose of exercising our right to undisturbed possession of premises and to keep out trespassers ("Hausrecht"). We want to control who enters our premises in order to prevent unauthorised access.

(3) Legal basis
The legal basis for the processing of your personal data that you provide to us in order to initiate the conclusion of a contract with us, to conclude a contract with us or to perform a contract is Article 6 (1) sentence 1point (b) GDPR.

The legal basis for processing is also Article 6 (1) sentence 1 point (b) GDPR if we store your personal data that is necessary for establishing contact beyond the termination of a specific contract. We have a legitimate interest in being able to rely on proven suppliers and service providers.

If you enter our premises or drive into our car park as a visitor, the legal basis for the processing of your personal data is Article 6 (1) sentence 1 point (f) GDPR. We have a legitimate interest in controlling who enters or drives into our premises, including our car park, in order to prevent unauthorised access.

(4) Criteria for the storage period
Personal data that is processed for the purpose of deciding whether to establish a contractual relationship is generally deleted by us when the processing is no longer necessary for the decision on the establishment of a contractual relationship.

The duration of storage depends on the duration of the decision-making process. If we have concluded a contract with you, we will store your personal data until the contract has been fully performed or terminated, plus the duration of any statutory retention obligations.

In individual cases, the storage period may exceed the period of decision-making on the establishment of a contractual relationship or, after conclusion of such a contract, its performance or termination, if there are indications that you will assert claims against us. The same applies in the event that we intend to assert claims against you. The data will then be stored for as long as the processing of your personal data is necessary for the assertion, establishment, exercise or defence of legal claims. The criteria for the storage period may include the limitation periods.

If you are a supplier or service provider with whom we work repeatedly, we will store your personal data that is necessary for repeated contact beyond the termination of a specific contract until we no longer consider using your services.

If you have provided us with personal data as a visitor, your personal data will generally be deleted after the end of your visit, unless you have expressly requested that we continue to store your personal data, for example in order to be invited to our events in the future or to receive information from us. A longer storage period may also apply in these cases if there are indications in individual cases that you will assert claims against us or that we may consider asserting such claims.
 

(1) Entity responsible for data processing is:

ESCHE SCHÜMANN COMMICHAU
Rechtsanwälte Wirtschaftsprüfer Steuerberater 
Partnerschaftsgesellschaft mbB.

The contact details of the controller can be found above under section 1. a.

(2) Purposes of data processing
Your personal data will be processed if images of you are recorded by video cameras that we have installed to protect our property (or that of a third party) or our domiciliary rights (or those of a third party). No sound recordings are made.

Video surveillance is intended to have a preventive effect due to its recognisability and to prevent behaviour that could harm our interests. The recordings also serve to investigate criminal offences and other relevant incidents. They are also intended to enable any criminal prosecution and the exercise, assertion and defence of legal claims by the controller, as well as to serve as evidence.

(3) Legal basis, legitimate interests

The legal basis for data processing is Art. 6(1)(f) GDPR and Sections 4 and 26 BDSG. Our legitimate interests arise from the above description of the purposes of video surveillance and lie in particular in the protection of our property and the property of third parties, as well as in the enforcement of our domiciliary rights and the domiciliary rights of third parties.

(4) Criteria for the storage period

Since storage is based on a balancing of our interests with your interests, the existence and change of interests are decisive criteria for the storage period. The data will generally be deleted when our legitimate interests no longer exist or no longer outweigh your interests in deletion. Recordings are generally only stored for 72 hours. It is relevant for the specific storage period that, during periods of operational downtime (weekends, public holidays, company holidays, etc.), evaluation may only be carried out with a delay. In the event that video recordings are necessary for the assertion, defence and exercise of legal claims or for evidence purposes and to clarify facts, this data will remain stored until these purposes have been fulfilled. Exceptions to the deletion periods may arise from the provisions of the GDPR and the provisions of the BDSG.

In all other respects, the information under section 1. g. applies.

(1) Purpose of processing
We use the services to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: ‘online meetings’). The use of ‘Teams’ also serves the purpose of collaboration with our clients and internally between our employees, including the exchange of chat messages and files (hereinafter: ‘collaboration’). ‘Online meetings’ and ‘collaboration’ are summarised as ‘service use’ in this data protection information. ‘Zoom’ is a service provided by Zoom Video Communications, Inc., which is based in the USA. ‘Teams’ is a service provided by Microsoft Corporation, which is also based in the USA, and is part of the ‘Microsoft 365’ environment.
 

(2) Entity responsible for data processing (controller)
The controller with regard to data processing directly related to ‘service use’ is, depending on the entity communicating with you, Esche Schümann Commichau Partnerschaftsgesellschaft mbB or ESC Wirtschaftsprüfung GmbH 
(address in both cases: Am Sandtorkai 44, D-20457 Hamburg).

Note: If you visit the ‘Zoom’ or ‘Teams’  website, the provider specified there is responsible for data processing. However, accessing the respective website is only necessary for the use of the services in order to download the software for using ‘Zoom’ and/or ‘Teams’. You can also use the services if you enter the respective meeting ID and, if necessary, further access data for the meeting directly in the ‘Zoom’ or ‘Teams’ app. If you do not want to or cannot use the ‘Zoom’ or ‘Teams’ app, the basic functions can also be used via a browser version, which you can also find on the ‘Zoom’ or ‘Teams’ website.

(3) What data is processed? 
Various types of data are processed when using the services. The scope of the data also depends on the information you provide before or during participation in an online meeting and/or in the context of collaboration.
The following personal data is subject to processing:

1. User details: first name, surname, telephone number (optional), email address, password (if ‘single sign-on’ is not used), profile picture (optional), department (optional)
2. Metadata: topic, description (optional), participant IP addresses, device/hardware information
3. For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
4. When dialling in by telephone: Information on the incoming and outgoing phone number, country name, start and end time. Additional connection data, such as the IP address of the device, may also be stored.
5. Text, audio and video data: You may have the option of using the chat, question or survey functions in an ‘online meeting’. In this respect, the text entries you make will be processed in order to display them in the ‘online meeting’ and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the ‘Zoom’ or ‘Teams’ apps.
6. In order to participate in an ‘online meeting’ or enter the ‘meeting room’, you must at least provide your name.
7. In addition, ‘collaboration’ allows you to exchange text, audio and video files.

(4) Scope of processing
We use the services for ‘service use’. If we wish to record ‘online meetings’, we will inform you of this in advance and, if necessary, ask for your consent. The fact that the meeting is being recorded will also be displayed in the ‘Zoom’ or ‘Teams’ app. If necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will not usually be the case. In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up on webinars. If you are registered as a user with ‘Zoom’ or ‘Teams’, reports on ‘online meetings’ (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month with ‘Zoom’ or ‘Teams’. Automated decision-making within the meaning of Art. 22 GDPR is not used.

(5) Legal basis for data processing
Insofar as personal data of employees of Esche Schümann Commichau Partnerschaftsgesellschaft mbB and ESC Wirtschaftsprüfung GmbH is processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in connection with ‘service use’, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an essential component of the use of the services, Art. 6 (1) point (f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective implementation of ‘service use’. 

Otherwise, the legal basis for data processing within the scope of ‘service use’ is Art. 6 (1) point (b) GDPR, insofar as communication is carried out within the scope of contractual relationships. If no contractual relationship exists, the legal basis is Art. 6 (1) point (f) GDPR. Here, too, our interest lies in the effective implementation of ‘service use’.

(6) Recipients/disclosure of data
Personal data processed in connection with ‘service use’ is generally not disclosed to third parties unless it is specifically intended for disclosure. Please note that content from ‘online meetings’ and ‘collaboration’, as well as from face-to-face meetings, is often used to communicate information to clients, interested parties or third parties and is therefore intended for disclosure.

The providers of the services (see above) necessarily become aware of the above-mentioned data to the extent that this is provided for in our data processing agreement with them. In some cases, the providers of the services also process your personal data for their own purposes. Further information on this can be found in the providers' data protection information.

(7) Data processing outside the European Union
Both services are provided by providers from the USA. Personal data is therefore also processed in a third country. We have concluded a data processing agreement with each of the service providers that complies with the requirements of Art. 28 GDPR. An adequate level of data protection is ensured by the conclusion of the so-called EU standard contractual clauses and by the adequacy decision on the EU-U.S. Data Privacy Framework.

Data protection officer
You can contact the data protection officer of the above-mentioned companies at the following email address: datenschutz.esche.pg@beckservice.gmbh