Privacy policy and data protection information in accordance with Articles 13 and 14 of the GDPR
Below, we provide information about the processing of your personal data (hereinafter also referred to as ‘data’) when
- you use this website,
- you or a third party provide us with personal data in connection with an existing or future mandate,
- you participate in one of our events,
- you obtain one of our publications,
- you apply for a job with us,
- you apply for an award,
- you contact us as a supplier, service provider or in any other capacity, or
- you are recorded by our video surveillance system,
we process your personal data.
Personal data is any data that relates to an identified or identifiable natural person, e.g. your name, address and email address.
Where this privacy policy and privacy information refers to ‘we’ or ‘us’, this refers to the legal entities listed in section 1.a. below, either jointly or, depending on the context, individually.
We process personal data in accordance with the applicable data protection regulations, in particular on the basis of the General Data Protection Regulation of the European Union (‘GDPR’) and the Federal Data Protection Act (‘BDSG’).
The following legal entities (collectively referred to as the ‘ESCHE companies’) are responsible for processing your personal data:
- Esche Schümann Commichau Rechtsanwälte Wirtschaftsprüfer Steuerberater Partnerschaftsgesellschaft mbB
- Esche Restructuring GmbH
- ESC Wirtschaftsprüfung GmbH Wirtschaftsprüfungsgesellschaft
- ESC Steuerberatungsgesellschaft mbH
- ESC Unternehmensberatung GmbH
- ESC Beteiligungsgesellschaft mbH
- ESC – Esche Schümann Commichau Foundation
Please note that only individual ESCHE companies are responsible for certain data processing activities. We explain which companies these are in section 2.
All ESCHE companies can be reached at the following contact details:
Am Sandtorkai 44
20457 Hamburg
Telephon: +49 (40) 36805-0
Telefax: +49 (40) 36805-333
E-Mail: esche@esche.de
You can contact the data protection officer at Esche Schümann Commichau Rechtsanwälte Wirtschaftsprüfer Steuerberater Partnerschaftsgesellschaft mbB using the following contact details:
Data protection officer at
Esche Schümann Commichau
Partnerschaftsgesellschaft mbB
c/o beck Service GmbH
Ericusspitze 4
20457 Hamburg
datenschutz.esche.pg@beckservice.gmbh
You can contact the data protection officer at ESC Wirtschaftsprüfung GmbH using the following contact details:
Data protection officer at
ESC Wirtschaftsprüfung GmbH
c/o beck Service GmbH
Ericusspitze 4
20457 Hamburg
datenschutz.esche.wp@beckservice.gmbh
You can contact the data protection officer at Esche Restructuring GmbH using the following contact details:
Data protection officer at
Esche Restructuring GmbH
c/o beck Service GmbH
Ericusspitze 4
20457 Hamburg
datenschutz.esche.rs@beckservice.gmbh
You can contact the data protection officer at ESC Unternehmensberatung GmbH using the following contact details:
Data protection officer at
ESC Unternehmensberatung GmbH
c/o beck Service GmbH
Ericusspitze 4
20457 Hamburg
datenschutz.esche.ub@beckservice.gmbh
No data protection officer has been appointed for other ESCHE companies
We provide information about the respective responsible parties, the purposes and legal bases of data processing, and the criteria for the storage period for individual data processing activities in:
- Section 2. a.: Data processing when using this website,
- Section 2. b.: Data processing in relation to a mandate,
- Section 2. c.: Data processing in relation to our events,
- Section 2. d.: Data processing in relation to our publications,
- Section 2. e.: Data processing in relation to applications,
- Section 2. f.: Data processing for direct marketing purposes, Your right to object
- Section 2. g.: Data processing in relation to the awarding of prizes,
- Section 2. h.: Data processing in relation to suppliers, service providers and visitors, and
- Section 2. i.: Data processing in relation to our video surveillance.
If you request it, if it is necessary for the processing of a mandate or the fulfilment of another contract with you, or if we have a legitimate interest in the transfer of data, we will also transfer your personal data to third parties. In the context of our mandate work, we will only transfer this data if it is permitted under professional law.
In some cases, we use external service providers to process personal data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
This may involve the following categories of recipients:
- Courts, tax offices, employment offices, patent and trademark offices, registration and other authorities in the context of legal disputes, tax matters and other legal matters,
- attorney at law, auditors, tax advisors,
- service providers such as debt collection agencies, credit agencies, detective agencies, IT services, banking services, communication services, services in the area of our financial management and the destruction of data carriers, couriers, freight forwarders and carriers, interpreters and translators, printing companies, letter shops, mailing service providers, travel agencies, advertising agencies and photographers.
- Recruitment agencies and personnel consultants who support us in our search for personnel and, if necessary, in deciding whether to establish an employment relationship.
If you wish, or if it is necessary for the processing of a mandate or for the fulfilment of another contract with you, we will transfer your personal data to countries outside the European Union.
If a transfer is made to recipients outside the European Union, we will ensure that an adequate level of protection exists at the recipient, that appropriate safeguards are in place, that you have given your consent, or that the transfer is permissible for other reasons, e.g. if it is necessary at your request to prepare or fulfil a contract with you. If we base a transfer to countries outside the European Union on appropriate safeguards, you can request a copy of these from the contact details provided in section 1. a.
It is also possible that, due to cooperation based on the division of labour, e.g. in the field of IT service providers, in particular with regard to services in the area of maintenance, repair and security of IT systems, employees of a service provider in a country outside the European Union may become aware of your personal data. If this country does not have a level of data protection comparable to that of the European Union and, accordingly, there is no so-called adequacy decision by the European Commission with regard to this country, we will protect your data protection interests by concluding so-called EU standard data protection clauses, which have been issued by the European Commission and agreed with the recipient, or by other appropriate means. You can request a copy of the EU standard data protection clauses and, if applicable, other guarantees from us using the contact details provided in section 1. a.
Any other transfer of your personal data to countries outside the European Union is not intended, but is also not excluded, provided that it is lawful.
Please note that with regard to the submission of the above-mentioned copies of guarantees, we may have to take into account the overriding rights of third parties and any existing legal or contractual confidentiality obligations that may prevent the disclosure of information in individual cases.
(1) Information, correction, deletion, restriction of processing and data portability
Under the GDPR, you have the following rights as a data subject:
- Art. 15 GDPR: Right of access by the data subject
- You have the right to obtain information from us about which data we process about you. Please note that we cannot comply with your request for information in all cases, in particular if the client confidentiality we are required to observe in accordance with Section 29 of the Federal Data Protection Act (BDSG) prevents us from providing the information.
- Art. 16 GDPR: Right to rectification
- If the data concerning you is incorrect or incomplete, you can request that incorrect information be corrected or incomplete information be completed.
- Art. 17 GDPR: Right to erasure
- Under the conditions of Art. 17 GDPR, you may request the erasure of your personal data. Your right to erasure depends, among other things, on whether the data concerning you is still required by us to fulfil our contractual and legal obligations.
- Art. 18 GDPR: Right to restriction of processing
- Under the conditions of Art. 18 GDPR, you may request the restriction of the processing of personal data concerning you.
- Art. 20 GDPR: Right to data portability
- Under the conditions of Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request its transfer to another controller. Please note that we may not be able to comply with such a request in all cases, in particular if this conflicts with the client confidentiality we are required to observe in accordance with Section 29 of the Federal Data Protection Act (BDSG).
(2) Revocation of consent
If you have given your consent to the processing of your data, you can revoke this consent at any time without affecting the lawfulness of the processing carried out until the revocation. The permissibility of processing the data on the basis of other legal grounds may also remain unaffected. If your consent was the sole legal basis for the processing of your data, in particular if we have no legitimate interest in the processing pursuant to Art. 6 (1) sentence 1 lit. f GDPR, we will delete the data immediately after you withdraw your consent.
(3) Objection to certain processing operations pursuant to Art. 21 GDPR
Insofar as we base the processing of your personal data on a balancing of interests (Art. 6 para. 1 sentence 1 lit. e or f GDPR), you may object to the processing of the personal data concerned at any time for reasons arising from your particular situation. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling legitimate reasons for continuing the processing.
You may object to the processing of your personal data for advertising and data analysis purposes at any time without incurring any costs other than the transmission costs according to the basic tariffs.
(4) Complaints to the supervisory authority
Furthermore, you have the right to complain to the supervisory authority if you believe that the processing of your data is not lawful (Art. 77 GDPR). The address of the supervisory authority responsible for us is:
The Hamburg Commissioner
für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22
20459 Hamburg
Tel.: 040 / 428 54 - 4040
Fax: 040 / 428 54 - 4000
E-Mail: mailbox@datenschutz.hamburg.de
Unless otherwise specified in section 2 for individual data processing activities, the following applies to the duration of storage of your personal data:
We will delete your personal data as soon as the purpose of storage no longer applies. We may also store your data if this is provided for by European or national legislators in EU regulations, national laws or other regulations to which we are subject. Exceptions to the principle of deletion after the purpose has been achieved may arise, for example, from the provisions of the GDPR and the provisions of German federal law, in particular the BDSG. Furthermore, deletion will not take place, for example, as long as commercial, tax and professional law retention obligations exist.
Longer storage may also be necessary in individual cases due to the assertion or possible assertion of claims against us in connection with a contract or pre-contractual measures. This would be the case, for example, if there are indications that you will assert claims against us. The same applies if, in individual cases, we assert claims, intend to assert claims or consider asserting claims due to specific circumstances. The data will then be stored for as long as the processing of the data is necessary for the assertion, exercise or defence of legal claims, plus the duration of any statutory retention obligation that may exist.
If a statutory retention obligation prevents deletion, we will initially store your data in such a way that it can only be processed by a limited group of people and will only delete it after the retention obligation has expired.
You are not legally or contractually obliged to provide us with personal data. However, if you wish to enter into a contract with one of our ESCHE companies, in particular a mandate agreement, an employment relationship or a contract as our service provider or supplier, you will be required to provide personal data. If you do not provide us with personal data in individual cases, you will not be able to enter into a contract with us.
The same applies if you wish to attend one of our events, obtain one of our publications, visit our premises as a visitor or receive an award from us. You can only make use of all these services if you provide us with the personal data required in each case, which in any case includes your name and address and, if publications are to be sent online, your email address. In the case of further data, we will indicate in each case whether it is mandatory or voluntary.
(1) Responsible party
The responsible party for data processing is:
Esche Schümann Commichau
Rechtsanwälte Wirtschaftsprüfer Steuerberater
Partnerschaftsgesellschaft mbB.
The contact details of the controller can be found above under section 1. a.
(2) Type and purposes of data processing
(a) Processing of data transmitted in the background
The type and scope of the processing of your personal data differs depending on whether you visit our website only to retrieve information or whether you use the services we offer on the website.
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we collect the following data and store it in our system's log files. This includes the following data:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- content of the request (specific page),
- access status/HTTP status code,
- amount of data transferred in each case,
- website from which the request originates,
- operating system and its interface,
- browser, language and version of the browser software.
The log file data that we do not assign to a specific person is stored separately from all personal data you provide. We evaluate this anonymously collected data and information statistically and with the aim of increasing data protection and data security in order to ultimately ensure an optimal level of protection for the personal data we process.
(b) Use of technical cookies that support the function of the website
In addition to the aforementioned data, so-called cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.
There are two types of cookies used on this website: So-called technical cookies and so-called performance and tracking cookies.
Technical cookies (also known as ‘necessary cookies’) are cookies that are absolutely necessary to ensure the operation of the website and to maintain functions of the site, such as access to protected areas of the website. These are mainly session cookies or connection cookies. The legal basis for processing is Art. 6 (1) (f) GDPR. Our legitimate interest in this respect is to maintain the functions of the website.
These strictly necessary cookies are stored in your browser for the duration of your visit to the site and are deleted when you close your browser.
The following special features apply to technical cookies on the website karriere.esche.de, which is linked to our pages:
The cookie ‘sid’ is used there as a technically necessary cookie in order to be able to assign several requests from a user to the same http session for a period of one hour using an anonymised user ID. This cookie is deleted after one hour. Another technically necessary cookie is the ‘cookieconsent_status’ cookie, which stores your cookie settings (declarations of consent) for a period of 30 days.
You can configure your browser settings according to your preferences and refuse to accept cookies. Please note that you may then not be able to use all the functions of this website.
(c )Analysis tools; performance and tracking cookies
Provided you give us your consent to the use of performance and tracking cookies, this website uses software from the web analysis service Matomo (formerly PIWIK) to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. The data collected in this way is not used for direct marketing purposes or passed on to third parties. Mamoto also does not have access to the data.
Mamoto is only used if you have given your consent to the use of performance and tracking cookies in the cookie banner displayed when you visit our website.
If you have consented to the use of performance and tracking cookies, cookies (see above for details) will be stored on your computer.
These performance and tracking cookies collect the following data:
- IP address (truncated)
- Date and time of access.
- Page accessed (title and URL)
- Page from which the current page was accessed (referrer URL)
- Time in the local user's time zone
- Links to an external domain that was clicked on (outlink)
- Page generation time (the time it takes for web pages to be generated by the web server and then downloaded by the user: page speed)
- User location: country, region, city, approximate geographical latitude and longitude (geolocation)
- Main language of the browser used (Accept-Language header)
- User agent of the browser used (User-Agent header)
This website uses Matomo with the ‘AnonymizeIP’ extension. This means that IP addresses are shortened before being processed, thus ruling out any direct subsequent personal references. Even after truncation, the IP address transmitted by your browser via Matomo is not merged with other data collected by us.
We store the information collected in this way exclusively on our server in Germany.
Revocation of your consent to the use of performance and tracking cookies / opt-out for online tracking after submitting a declaration of consent
You can prevent the above-described evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies by adjusting your browser settings, please note that you may not be able to use this website to its full extent. You can prevent the storage of cookies by adjusting your browser settings.
You can also prevent the use of Matomo by not giving us your declaration of consent or by revoking your declaration of consent after you have given it. You can send your revocation or objection in writing or by email to our address given above in section 1. a.
Special information for the linked website www.karriere.esche.de:
The aforementioned website is separate from the website ‘esche.de’ with regard to the use of cookies. Therefore, you will be informed about the use of cookies in a different way and asked for your consent to the use of cookies.
On this website www.karriere.esche.de, we also use software from the web analysis service Matomo (formerly PIWIK) to analyse and regularly improve the use of our website, provided that you give us your consent to the use of web statistics cookies there. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. The data collected in this way is not used for direct marketing purposes or passed on to third parties. Matomo also does not have access to the data. The detailed information on the use of Matomo, as described at the beginning of this section for www.esche.de, also applies here.
For the website www.karriere.esche.de, we provide the following additional information on the use of cookies.
The cookie ‘pk_id*’ is used to register a unique ID for a website visitor, which logs how the visitor uses the website. The data is used for statistical purposes. The cookie is deleted after 13 months. In addition, the cookie ‘pk_ref*’ with a duration of 6 months is used in this context as a reference to anonymous tracking sessions on the site. The cookie ‘pk_ses*’ stores the unique session ID for 30 minutes. Finally, the session cookie ‘MATOMO_SESSID’ is used, which stores the web visit based on a session and visitor ID and is deleted when the browser is closed.
Note on revoking your consent to the use of web statistics cookies on www.karriere.esche.de:
You can prevent the use of the aforementioned cookies by not giving us your declaration of consent or by revoking your declaration of consent after you have given it. You can send your revocation or objection in writing or by email to our addresses listed above under section 1. a.
(d) Events
You can register for a forum or other event organised by ESC Unternehmensberatung GmbH via this website. For more information, please see section 2.c. below.
(e) Newsletter
With your consent, you can subscribe to our newsletter, which we use to inform you about our current interesting offers. You can also order our client information compact or compact special. Further information can be found below under section 2. d.
(3) Legal basis
The legal basis for processing is Art. 6 (1) sentence 1 lit. f. GDPR: The processing of personal data in the case of purely informational use of our website serves our legitimate interest in displaying our website to you and ensuring the stability and security of this website.
The use of technical cookies (see above) serves our legitimate interest in making the website user-friendly and effective overall by ensuring the functionality of the website through these cookies.
The use of the Matomo web analysis service is based on your consent. The legal basis for the processing of personal data on the basis of a declaration of consent is Art. 6 para. 1 sentence 1 lit. a GDPR.
(4) Criteria for the storage period
In the case of purely informational use of our website, we store the above-mentioned data for seven days. However, storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to assign them to the calling client.
This website uses the following types of cookies, the storage period and functionality of which are explained below.
(aa) Technical cookies within the meaning of this privacy policy (transient cookies) are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
(bb) Performance and tracking cookies (persistent cookies) are automatically deleted after a specified period, which may vary depending on the cookie and your browser settings. You can delete cookies at any time in your browser's security settings.
The use of the Matomo web analysis service on our storage media – as described above in 2 a. (2) (c) – only leads to the storage of data which – among other things due to the anonymised IP addresses – cannot be assigned to you personally by us.
In all other respects, the information under section 1. g. applies.
a. Data processing when using this website
(1) Responsible party
The responsible party for data processing is the respective ESCHE company to which you direct your enquiry or with which you have concluded a client agreement. If personal data relating to you is transmitted to us by third parties, the responsible party is the ESCHE company that is the recipient of your personal data. The contact details of the controller can be found above under section 1a.
(2) Purposes of data processing
If you contact us within the scope of a client relationship or to enter into a client relationship, we will store the personal data transmitted with your enquiry. We process the personal data necessary for the establishment and execution of the client relationship. This includes, in particular, your first name and surname, your contact details and other data necessary for the execution of the mandate, depending on the type and scope of the mandate that has been or is to be granted.
If your personal data relating to an existing or future mandate is transmitted to us by third parties, the data processing serves the purpose of executing the mandate. If your personal data is transferred to us because our client is considering asserting claims against you, or because he expects that claims could be asserted against him, the data processing also serves to assert, exercise or defend legal claims.
(3) Legal basis
The legal basis for the processing of data is, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR, insofar as you are our client or provide us with your personal data for the purpose of entering into a future client relationship. The processing of this data serves the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.
If your personal data relating to an existing or future client relationship is transmitted to us by third parties, in particular by our clients, the legal basis for the processing of the data is also Art. 6 (1) sentence 1 lit. b GDPR, if the subject matter of our client relationship is the conclusion of a contract with you, the assertion of claims arising from a contract or advice relating to these matters. On the other hand, the legal basis is Art. 6 (1) sentence 1 lit. f GDPR: The data processing serves to safeguard the legitimate interests of our client, which may lie in particular in the assertion, exercise or defence of legal claims.
(4) Criteria for the storage period
We store your data until the end of the mandate, plus any professional and other retention obligations.
In all other respects, the information under section 1. g. applies.
(1) Responsible party
The responsible party for data processing is the respective ESCHE company that is listed as the organiser in the event documents or on our website www.esche.de. The contact details of the respective responsible party can be found above under section 1. a.
(2) Type and purpose of data processing
You can register for a workshop, forum or other event via our website www.esche.de. Mandatory information for registering for an event includes your first and last name, your address and your email address. The provision of further data marked accordingly is voluntary. Of course, you can also register for events by telephone, fax, letter, email, etc. Your data will be used to organise the event.
If you also indicate that you would like to receive invitations to events by email in future, your personal data, including your email address, will be used for the purpose of informing you about events that you have indicated you are interested in.
If you are our client or an employee of our client who is entrusted with handling their legal, tax or financial affairs, such as a managing director, legal advisor, head of accounting, employee of the human resources department or the patent and trademark department, we will also send you information about training events, such as workshops and forums, without your express consent, if the topics covered are comparable to our consulting services that are the subject of the mandate and can therefore meaningfully supplement or deepen them. On the other hand, we will invite you to events that serve to promote our business relationship with our clients, such as client summer parties, receptions, etc. For this purpose, we store and process your first and last name, your address and your email address.
(3) Right of revocation and objection
You may object to the use of your personal data for the purpose of sending you invitation emails and event information at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your objection in writing or by email to the above address. You can also use the option provided in an email sent to you to prevent further emails from being sent by clicking a button.
(4) Legal basis
The legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR, as data processing is necessary for the performance of a contract.
The legal basis is also Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to be able to offer you events with and without a training character that meet your requirements and thereby promote our business relationship with our clients.
(5) Criteria for the storage period
We store your data until the event has taken place or, if you have expressed an interest in being invited to further events in the future, or if you are our client or an employee of our client who is entrusted with the handling of their legal, tax or financial affairs, until you object to the further use of your personal data.
You may object to the use of your personal data for the purpose of sending you invitation emails and event information at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your objection in writing or by email to the above address. You can also use the option provided in an email sent to you to prevent further emails from being sent by clicking on a button.
In all other respects, the information under section 1. g. applies.
(1) Responsible party
The responsible party for data processing is the respective ESCHE company named as the responsible party in the publication. If no other responsible party is named in the publication, the responsible party for data processing is:
ESCHE SCHÜMANN COMMICHAU
Rechtsanwälte, Wirtschaftsprüfer, Steuerberater
Partnerschaftsgesellschaft mbB
The contact details of the controller can be found above under section 1a.
(2) Type and purposes of data processing
With your consent, we will send you publications such as our newsletter, client information compact or compact special, etc.
We use the so-called double opt-in procedure for registration for our newsletter and client information ESCHE news or ESCHE news special. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this data processing is to verify your registration and, if necessary, to investigate any possible misuse of your personal data.
Your email address is required for the newsletter and client information ESCHE news or ESCHE news spezial to be sent by email. The provision of further data, such as your title and your first and last name, is voluntary. If you wish to order our client information ESCHE news or ESCHE news spezial as a print publication, we require your first and last name as well as your address as mandatory information. After your confirmation, we will process your email address and any data you have voluntarily provided for the purpose of sending you the newsletter. If you would like to receive our client information compact or compact Spezial by post, we will process your first and last name and the address you have provided for the purpose of sending you the publication by post.
If you are our client or an employee of our client who is entrusted with handling their legal, tax or financial affairs, such as a managing director, legal advisor, head of accounting, employee of the human resources department or the patent and trademark department, we will send you our newsletter and our client information, such as compact or compact Spezial, even without your express consent, if these publications are comparable in terms of their thematic focus to our consulting services that are the subject of the mandate and can therefore meaningfully supplement or expand upon them. We will also send you Christmas cards and similar communications in accordance with social customs. For this purpose, we store and process your title, first and last name, address and, if the publication is sent by email, your email address.
You may revoke your consent at any time and object to the use of your personal data for the purpose of sending you our newsletter or client information, such as compact or compact Spezial, at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your revocation or objection in writing or by email to our address mentioned above in section 1. a. You can also use the option provided in our newsletter emails to stop receiving further emails by clicking a button.
(3) Right of revocation and objection
You may object at any time to the use of your personal data for the purpose of sending you our newsletter or our client information, such as compact or compact Spezial, without incurring any costs other than the transmission costs according to the basic rates. You can send your revocation or objection in writing or by email to our address specified above in section 1. a. You can also use the option provided in our newsletter emails to prevent further emails from being sent by clicking on a button.
(4) Legal basis
The legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR, as data processing is necessary for the performance of a contract.
The legal basis is also Art. 6 (1) sentence 1 lit. f GDPR if you are our client or an employee of our client who is entrusted with the handling of their legal, tax or financial affairs. Our legitimate interest is to send you publications tailored to your consulting needs as well as communications in line with social customs, such as Christmas cards, thereby promoting our business relationship with you.
(5) Criteria for the storage period
If the data processing is based on your consent, we will store your data until you revoke your consent. We will then delete your data. The same applies if you object to the further use of your personal data for the purpose of sending publications (see above).
In all other respects, the information under section 1. g. applies.
If you are applying to one of the companies listed under 1.a. above as an employee, trainee, intern or for any other contractual relationship, we would like to provide you with the following information in addition to the general information (under 1. above).
(1) Decision on the establishment of an employment relationship, apprenticeship, internship or other contractual relationship
(a) Purposes of data processing
We collect and process your personal data for the purpose of deciding whether to establish a contractual relationship for which you are applying (employment relationship, training relationship, internship or other contractual relationship).
(b) Legal basis
The legal basis for processing is the General Data Protection Regulation (GDPR) in conjunction with Section 26 of the Federal Data Protection Act (BDSG). If the contractual relationship for which you are applying is not an employment relationship within the meaning of Section 26 (8) BDSG (i.e. in particular not an employment relationship or employment for vocational training), the legal basis for the processing of your personal data is Article 6 (1) (b) GDPR. Personal data may also be processed on the basis of other legal provisions, in particular those relating to labour law, vocational training law and social law, in their respective versions. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the controller is subject, it is based on Art. 6 (1) (c) GDPR. If you give us your consent to the processing of your personal data, the legal basis for data processing is Art. 6 (1) (a) GDPR.
(c ) Criteria for the storage period
Personal data processed for the purpose of deciding on the establishment of a contractual relationship will generally be deleted when the processing is no longer necessary for the decision on the establishment of a contractual relationship. The duration of storage therefore depends on the duration of the decision-making process.
If you have sent us a speculative application – i.e. an application that does not relate to a specific position advertised by us – we will also process your personal data in order to decide on the establishment of a contractual relationship. The above statements apply accordingly, whereby we will generally delete your data if we believe that your personal data is unlikely to be used to decide on the establishment of a contractual relationship.
If the processing of your personal data is based on consent, the storage period resulting from the declaration of consent and the possible exercise of your right of revocation are the decisive criteria for the storage period, whereby revocation does not affect processing based on other legal grounds.
(2) Any processing for the assertion, exercise or defence of legal claims in connection with applications
(d) Purposes of data processing
Under certain circumstances, your personal data may be used to assert, exercise or defend legal claims if you or the controller to whom you have addressed your application has legal claims or asserts such claims.
(e) Legal basis, legitimate interests
The legal basis in these cases is Art. 6(1)(f) GDPR. According to Art. 6(1)(f) GDPR, the processing of personal data is lawful if the processing is necessary to safeguard a legitimate interest of the controller or a third party, unless your interests and rights to exclude the processing outweigh the legitimate interests of the controller or the third party. The legitimate interests of the controller or third party lie in the assertion, exercise or defence of legal claims.
(f) Criteria for the storage period
In individual cases, the storage period may therefore exceed the decision on the establishment of a contractual relationship. This would be the case, for example, if there are indications that you will assert claims against the controller. The data will then be stored for as long as the processing of the data is necessary for the assertion, exercise or defence of legal claims. The criteria for the storage period may include the time limits set out in the General Equal Treatment Act and the Labour Court Act (Section 15 (4) sentence 1 AGG; Section 61 b ArbGG) as well as limitation periods or statutory retention periods.
Storage may also take place if this is provided for or prescribed by European or national legislators in EU regulations, laws or other provisions to which the controller is subject.
(3) Legal or contractual obligations to provide personal data in relation to applications
You are not obliged to provide us with personal data for the application process. However, without the information required to assess your suitability, check the requirements for lawful employment and your availability, and to contact you, we cannot carry out the application process.
Where legally permissible, we generally intend to use personal data that we receive from you, including your email address, for the purpose of advertising our services and events. To this end, we may contact you by post or email. You have the right to object to the use of your personal data – in particular the use of your email address – for advertising purposes at any time, without incurring any costs other than the transmission costs at the basic rates. You can send your objection to the person responsible for processing your data using the contact details above.
(1) Responsible party
The responsible party for data processing is:
ESC – Esche Schümann Commichau Stiftung.
The contact details of the person responsible can be found above under section 1. a.
(2) Purposes of data processing
You have the opportunity to apply to us for the foundation's sponsorship award. This includes, in particular, your first and last name, your contact details and your CV. We collect and process your personal data for the purpose of deciding whether to grant sponsorship. If you are awarded a prize, we will also need your account details in order to transfer the prize money.
We process the personal data of the ESC – Esche Schümann Commichau Foundation prize winners for the purpose of organising the award ceremony (invitations, programme booklets, etc.). We publish your name and the title of your dissertation in the list of previous award winners, which is available on our website.
You have the option of donating to the ESC – Esche Schümann Commichau Foundation. In this case, we process the personal data you provide, in particular your payment details. We receive your payment details from your account-holding bank when you transfer a donation to us.
(3) Legal basis
The legal basis for the processing of your personal data in the context of the selection process and for the award ceremony is Art. 6 (1) sentence 1 lit. b GDPR (implementation of pre-contractual measures or fulfilment of a contract).
The legal basis for processing in the context of compiling the overview of previous award winners and publishing it is the protection of legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR). Our legitimate interests consist of providing information about the foundation's award winners and the respective topics of their dissertations, postdoctoral theses and diploma theses, thereby promoting the purpose of our foundation. The publication of the award winners serves to enhance the reputation of the foundation and is intended to draw the attention of applicants and donors to us.
With regard to the processing of personal data of donors, the legal basis is Art. 6 (1) sentence 1 lit. b GDPR and Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in receiving the donation to promote the purpose of our foundation.
(4) Criteria for the storage period
Personal data processed for the purpose of deciding on the award of the foundation's sponsorship prize will generally be deleted if the processing is no longer necessary for the decision and the foundation has decided against sponsoring you. The duration of storage therefore depends on the duration of the decision-making process.
The names of the award winners and the titles of the dissertations, postdoctoral theses and diploma theses will be published for as long as this is necessary to promote the purpose of the ESC – Esche Schümann Commichau Foundation.
Donor data will be deleted after the donation has been processed and the relevant retention obligations have expired, in particular due to tax regulations.
In all other respects, the information under section 1. g. applies.
(1) Responsible party
If you contact us as an existing or future supplier or service provider, or if we contact you, the responsible party for data processing is the ESCHE company that you contact or that contacts you.
If you enter our premises or drive into our car park as a visitor, the responsible party for data processing is:
Esche Schümann Commichau
Rechtsanwälte Wirtschaftsprüfer Steuerberater
Partnerschaftsgesellschaft mbB.
The contact details of the controller can be found above under section 1. a.
Please note that if video recordings are made of you, including recordings of your vehicle registration number when driving into our underground car park, the information below under section 2. f. applies.
(2) Purposes of data processing
If you contact us to initiate, conclude or execute a contract, we will process the personal data you provide to us in order to decide whether we wish to conclude such a contract with you and, if applicable, to conclude and execute such a contract. This also applies if we contact you on our own initiative to initiate, conclude or execute a contract because we wish to engage you as a supplier or service provider.
If you visit our premises, including our underground car park, and provide us with personal data, for example by giving your name to our reception staff, your personal data will be processed for the purpose of exercising our domiciliary rights. We want to control who enters our premises in order to prevent unauthorised access.
(3) Legal basis
The legal basis for the processing of your personal data that you provide to us in order to initiate the conclusion of a contract with us, to conclude a contract with us or to execute a contract is Article 6(1), sentence 1, lit. b GDPR.
The legal basis for processing is also Article 6(1)(b) GDPR if we store your personal data that is necessary for establishing contact beyond the termination of a specific contract. We have a legitimate interest in being able to rely on proven suppliers and service providers.
If you enter our premises or drive into our car park as a visitor, the legal basis for the processing of your personal data is Article 6(1), sentence 1, lit. f GDPR. We have a legitimate interest in controlling who enters or drives into our premises, including our car park, in order to prevent unauthorised access.
(4) Criteria for the storage period
Personal data that is processed for the purpose of deciding whether to establish a contractual relationship is generally deleted by us when the processing is no longer necessary for the decision on the establishment of a contractual relationship.
The duration of storage depends on the duration of the decision-making process. If we have concluded a contract with you, we will store your personal data until the contract has been fully executed or terminated, plus the duration of any statutory retention obligations.
In individual cases, the storage period may exceed the decision on the establishment of a contractual relationship or, after conclusion of such a contract, its execution or termination, if there are indications that you will assert claims against us. The same applies in the event that we intend to assert claims against you. The data will then be stored for as long as the processing of your personal data is necessary for the assertion, exercise or defence of legal claims. The criteria for the storage period may include the limitation periods.
If you are a supplier or service provider with whom we work repeatedly, we will store your personal data that is necessary for repeated contact beyond the termination of a specific contract until we no longer consider using your services.
If you have provided us with personal data as a visitor, your personal data will generally be deleted after the end of your visit, unless you have expressly requested that we continue to store your personal data, for example in order to be invited to our events in the future or to receive information from us. A longer storage period may also apply in these cases if there are indications in individual cases that you will assert claims against us or that we may consider asserting such claims.
(1) Verantwortlicher
Verantwortlicher für die Datenverarbeitung ist:
Esche Schümann Commichau
Rechtsanwälte Wirtschaftsprüfer Steuerberater
Partnerschaftsgesellschaft mbB.
Die Kontaktdaten des Verantwortlichen finden Sie oben unter Ziffer 1. a.
(2) Zwecke der Datenverarbeitung
Eine Verarbeitung Ihrer personenbezogenen Daten erfolgt, sofern Bilder von Ihnen von Videokameras, die wir installiert haben, um unser Eigentum (oder das eines Dritten) oder unser Hausrecht (oder das eines Dritten) zu schützen, aufgenommen werden. Eine Tonaufzeichnung erfolgt nicht.
Die Videoüberwachung soll aufgrund ihrer Erkennbarkeit vorbeugend wirken und Verhalten, dass unsere Interessen verletzten kann, verhindern. Die Aufzeichnungen dienen gleichfalls der Aufklärung von Straftaten und anderen relevanten Vorfällen. Sie sollen zudem eine etwaige Strafverfolgung und die Ausübung, Geltendmachung und Verteidigung von Rechtsansprüchen des Verantwortlichen ermöglichen sowie zu Beweiszwecken dienen.
(3) Rechtsgrundlagen, berechtigte Interessen
Die Rechtsgrundlage für die Datenverarbeitung sind Art. 6 Abs. 1 Satz 1 lit. f DS-GVO und §§ 4, 26 BDSG. Unsere berechtigten Interessen ergeben sich aus der vorstehenden Beschreibung der Zwecke der Videoüberwachung und liegen insbesondere im Schutz unseres Eigentums und des Eigentums Dritter sowie in der Durchsetzung unseres Hausrechts und des Hausrechts Dritter.
(4) Kriterien für die Speicherdauer
Da die Speicherung auf der Abwägung unserer Interessen mit Ihren Interessen beruht, sind der Bestand und die Veränderung der Interessenlage maßgebliche Kriterien für die Speicherdauer. Die Daten werden grundsätzlich gelöscht, wenn unsere berechtigten Interessen nicht mehr bestehen oder gegenüber Ihren Interessen an der Löschung nicht mehr überwiegen. Aufzeichnungen werden grundsätzlich nur 72 Stunden gespeichert. Für die konkrete Speicherdauer ist relevant, dass anlässlich von Zeiten der Betriebsruhe (Wochenenden, Feiertage, Betriebsferien etc.) eine Auswertung ggf. nur verzögert vorgenommen werden kann. Für den Fall, dass Videoaufnahmen zur Geltendmachung, Verteidigung und Ausübung von Rechtsansprüchen oder zu Beweiszwecken und zur Aufklärung von Sachverhalten erforderlich sind, bleiben diese Daten bis zur Erfüllung dieser Zwecke gespeichert. Ausnahmen von den Löschungsfristen können sich aus den Bestimmungen der DS-GVO und den Bestimmungen des BDSG ergeben.
Es gelten im Übrigen die Hinweise unter Ziffer 1. g.
ESC Wirtschaftsprüfung GmbH
Wirtschaftsprüfungsgesellschaft
Am Sandtorkai 44 | 20457 Hamburg
+49 (0)40 36805-0
+49 (0)40 374620
escwp@esche.de
Managing Board
Beatrix Arlitt | Certified Auditor, Tax Advisor
Michael Kapitza | Certified Auditor, Tax Advisor
Johan Sieveking | Dipl.-Kfm. Tax Advisor