Data Protection

Below you will find information on specific individual data processing activities.

We explain the controller(s), the purposes and legal basis of the data processing, and the criteria for the storage period of your personal data.

(1) Responsible party
The responsible party for data processing is:

Esche Schümann Commichau
Rechtsanwälte Wirtschaftsprüfer Steuerberater
Partnerschaftsgesellschaft mbB.

The contact details of the controller can be found above under section 1. a.

(2) Type and purposes of data processing

(a) Processing of data transmitted in the background

The type and scope of the processing of your personal data differs depending on whether you visit our website only to retrieve information or whether you use the services we offer on the website.

If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we collect the following data and store it in our system's log files. This includes the following data:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• content of the request (specific page),
• access status/HTTP status code,
• amount of data transferred in each case,
• website from which the request originates,
• operating system and its interface,
• browser, language and version of the browser software.

The log file data that we do not assign to a specific person is stored separately from all personal data you provide. We evaluate this anonymously collected data and information statistically and with the aim of increasing data protection and data security in order to ultimately ensure an optimal level of protection for the personal data we process.

(b) Use of technical cookies that support the function of the website

In addition to the aforementioned data, so-called cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.

There are two types of cookies used on this website: So-called technical cookies and so-called performance and tracking cookies.

Technical cookies (also known as ‘necessary cookies’) are cookies that are absolutely necessary to ensure the operation of the website and to maintain functions of the site, such as access to protected areas of the website. These are mainly session cookies or connection cookies. The legal basis for processing is Art. 6 (1) (f) GDPR. Our legitimate interest in this respect is to maintain the functions of the website.

These strictly necessary cookies are stored in your browser for the duration of your visit to the site and are deleted when you close your browser.

The following special features apply to technical cookies on the website karriere.esche.de, which is linked to our pages:

The cookie ‘sid’ is used there as a technically necessary cookie in order to be able to assign several requests from a user to the same http session for a period of one hour using an anonymised user ID. This cookie is deleted after one hour. Another technically necessary cookie is the ‘cookieconsent_status’ cookie, which stores your cookie settings (declarations of consent) for a period of 30 days.

You can configure your browser settings according to your preferences and refuse to accept cookies. Please note that you may then not be able to use all the functions of this website.

(c )Analysis tools; performance and tracking cookies

Provided you give us your consent to the use of performance and tracking cookies, this website uses software from the web analysis service Matomo (formerly PIWIK) to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. The data collected in this way is not used for direct marketing purposes or passed on to third parties. Mamoto also does not have access to the data.

Mamoto is only used if you have given your consent to the use of performance and tracking cookies in the cookie banner displayed when you visit our website.

If you have consented to the use of performance and tracking cookies, cookies (see above for details) will be stored on your computer.

These performance and tracking cookies collect the following data:

• IP address (truncated)
• Date and time of access.
• Page accessed (title and URL)
• Page from which the current page was accessed (referrer URL)
• Time in the local user's time zone
• Links to an external domain that was clicked on (outlink)
• Page generation time (the time it takes for web pages to be generated by the web server and then downloaded by the user: page speed)
• User location: country, region, city, approximate geographical latitude and longitude (geolocation)
• Main language of the browser used (Accept-Language header)
• User agent of the browser used (User-Agent header)

This website uses Matomo with the ‘AnonymizeIP’ extension. This means that IP addresses are shortened before being processed, thus ruling out any direct subsequent personal references. Even after truncation, the IP address transmitted by your browser via Matomo is not merged with other data collected by us.

We store the information collected in this way exclusively on our server in Germany.

Revocation of your consent to the use of performance and tracking cookies / opt-out for online tracking after submitting a declaration of consent

You can prevent the above-described evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies by adjusting your browser settings, please note that you may not be able to use this website to its full extent. You can prevent the storage of cookies by adjusting your browser settings.

You can also prevent the use of Matomo by not giving us your declaration of consent or by revoking your declaration of consent after you have given it. You can send your revocation or objection in writing or by email to our address given above in section 1. a.

The aforementioned website is separate from the website ‘esche.de’ with regard to the use of cookies. Therefore, you will be informed about the use of cookies in a different way and asked for your consent to the use of cookies.

On this website www.karriere.esche.de, we also use software from the web analysis service Matomo (formerly PIWIK) to analyse and regularly improve the use of our website, provided that you give us your consent to the use of web statistics cookies there. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. The data collected in this way is not used for direct marketing purposes or passed on to third parties. Matomo also does not have access to the data. The detailed information on the use of Matomo, as described at the beginning of this section for www.esche.de, also applies here.

For the website www.karriere.esche.de, we provide the following additional information on the use of cookies.

The cookie ‘pk_id*’ is used to register a unique ID for a website visitor, which logs how the visitor uses the website. The data is used for statistical purposes. The cookie is deleted after 13 months. In addition, the cookie ‘pk_ref*’ with a duration of 6 months is used in this context as a reference to anonymous tracking sessions on the site. The cookie ‘pk_ses*’ stores the unique session ID for 30 minutes. Finally, the session cookie ‘MATOMO_SESSID’ is used, which stores the web visit based on a session and visitor ID and is deleted when the browser is closed.

Note on revoking your consent to the use of web statistics cookies on www.karriere.esche.de:

You can prevent the use of the aforementioned cookies by not giving us your declaration of consent or by revoking your declaration of consent after you have given it. You can send your revocation or objection in writing or by email to our addresses listed above under section 1. a.

(d) Events

You can register for a forum or other event organised by ESC Unternehmensberatung GmbH via this website. For more information, please see section 2.c. below.

(e) Newsletter

With your consent, you can subscribe to our newsletter, which we use to inform you about our current interesting offers. You can also order our client information compact or compact special. Further information can be found below under section 2. d.

(3) Legal basis

The legal basis for processing is Art. 6 (1) sentence 1 lit. f. GDPR: The processing of personal data in the case of purely informational use of our website serves our legitimate interest in displaying our website to you and ensuring the stability and security of this website.

The use of technical cookies (see above) serves our legitimate interest in making the website user-friendly and effective overall by ensuring the functionality of the website through these cookies.

The use of the Matomo web analysis service is based on your consent. The legal basis for the processing of personal data on the basis of a declaration of consent is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) Criteria for the storage period

In the case of purely informational use of our website, we store the above-mentioned data for seven days. However, storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to assign them to the calling client.

This website uses the following types of cookies, the storage period and functionality of which are explained below.

(aa) Technical cookies within the meaning of this privacy policy (transient cookies) are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

(bb) Performance and tracking cookies (persistent cookies) are automatically deleted after a specified period, which may vary depending on the cookie and your browser settings. You can delete cookies at any time in your browser's security settings.

The use of the Matomo web analysis service on our storage media – as described above in 2 a. (2) (c) – only leads to the storage of data which – among other things due to the anonymised IP addresses – cannot be assigned to you personally by us.

In all other respects, the information under section 1. g. applies.

a. Data processing when using this website

(1) Responsible party

The responsible party for data processing is the respective ESCHE company to which you direct your enquiry or with which you have concluded a client agreement. If personal data relating to you is transmitted to us by third parties, the responsible party is the ESCHE company that is the recipient of your personal data. The contact details of the controller can be found above under section 1a.

(2) Purposes of data processing

If you contact us within the scope of a client relationship or to enter into a client relationship, we will store the personal data transmitted with your enquiry. We process the personal data necessary for the establishment and execution of the client relationship. This includes, in particular, your first name and surname, your contact details and other data necessary for the execution of the mandate, depending on the type and scope of the mandate that has been or is to be granted.

If your personal data relating to an existing or future mandate is transmitted to us by third parties, the data processing serves the purpose of executing the mandate. If your personal data is transferred to us because our client is considering asserting claims against you, or because he expects that claims could be asserted against him, the data processing also serves to assert, exercise or defend legal claims.

(3) Legal basis

The legal basis for the processing of data is, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR, insofar as you are our client or provide us with your personal data for the purpose of entering into a future client relationship. The processing of this data serves the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.

If your personal data relating to an existing or future client relationship is transmitted to us by third parties, in particular by our clients, the legal basis for the processing of the data is also Art. 6 (1) sentence 1 lit. b GDPR, if the subject matter of our client relationship is the conclusion of a contract with you, the assertion of claims arising from a contract or advice relating to these matters. On the other hand, the legal basis is Art. 6 (1) sentence 1 lit. f GDPR: The data processing serves to safeguard the legitimate interests of our client, which may lie in particular in the assertion, exercise or defence of legal claims.

(4) Criteria for the storage period

We store your data until the end of the mandate, plus any professional and other retention obligations.

In all other respects, the information under section 1. g. applies.

(1) Responsible party

The responsible party for data processing is the respective ESCHE company that is listed as the organiser in the event documents or on our website www.esche.de. The contact details of the respective responsible party can be found above under section 1. a.

(2) Type and purpose of data processing

You can register for a workshop, forum or other event via our website www.esche.de. Mandatory information for registering for an event includes your first and last name, your address and your email address. The provision of further data marked accordingly is voluntary. Of course, you can also register for events by telephone, fax, letter, email, etc. Your data will be used to organise the event.

If you also indicate that you would like to receive invitations to events by email in future, your personal data, including your email address, will be used for the purpose of informing you about events that you have indicated you are interested in.

If you are our client or an employee of our client who is entrusted with handling their legal, tax or financial affairs, such as a managing director, legal advisor, head of accounting, employee of the human resources department or the patent and trademark department, we will also send you information about training events, such as workshops and forums, without your express consent, if the topics covered are comparable to our consulting services that are the subject of the mandate and can therefore meaningfully supplement or deepen them. On the other hand, we will invite you to events that serve to promote our business relationship with our clients, such as client summer parties, receptions, etc. For this purpose, we store and process your first and last name, your address and your email address.

(3) Right of revocation and objection

You may object to the use of your personal data for the purpose of sending you invitation emails and event information at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your objection in writing or by email to the above address. You can also use the option provided in an email sent to you to prevent further emails from being sent by clicking a button.

(4) Legal basis

The legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR, as data processing is necessary for the performance of a contract.

The legal basis is also Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to be able to offer you events with and without a training character that meet your requirements and thereby promote our business relationship with our clients.

(5) Criteria for the storage period

We store your data until the event has taken place or, if you have expressed an interest in being invited to further events in the future, or if you are our client or an employee of our client who is entrusted with the handling of their legal, tax or financial affairs, until you object to the further use of your personal data.

You may object to the use of your personal data for the purpose of sending you invitation emails and event information at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your objection in writing or by email to the above address. You can also use the option provided in an email sent to you to prevent further emails from being sent by clicking on a button.

In all other respects, the information under section 1. g. applies.

(1) Responsible party
The responsible party for data processing is the respective ESCHE company named as the responsible party in the publication. If no other responsible party is named in the publication, the responsible party for data processing is:

ESCHE SCHÜMANN COMMICHAU
Rechtsanwälte, Wirtschaftsprüfer, Steuerberater
Partnerschaftsgesellschaft mbB

The contact details of the controller can be found above under section 1a.

(2) Type and purposes of data processing

With your consent, we will send you publications such as our newsletter, client information compact or compact special, etc.
We use the so-called double opt-in procedure for registration for our newsletter and client information ESCHE news or ESCHE news special. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this data processing is to verify your registration and, if necessary, to investigate any possible misuse of your personal data.
Your email address is required for the newsletter and client information ESCHE news or ESCHE news spezial to be sent by email. The provision of further data, such as your title and your first and last name, is voluntary. If you wish to order our client information ESCHE news or ESCHE news spezial as a print publication, we require your first and last name as well as your address as mandatory information. After your confirmation, we will process your email address and any data you have voluntarily provided for the purpose of sending you the newsletter. If you would like to receive our client information compact or compact Spezial by post, we will process your first and last name and the address you have provided for the purpose of sending you the publication by post.
If you are our client or an employee of our client who is entrusted with handling their legal, tax or financial affairs, such as a managing director, legal advisor, head of accounting, employee of the human resources department or the patent and trademark department, we will send you our newsletter and our client information, such as compact or compact Spezial, even without your express consent, if these publications are comparable in terms of their thematic focus to our consulting services that are the subject of the mandate and can therefore meaningfully supplement or expand upon them. We will also send you Christmas cards and similar communications in accordance with social customs. For this purpose, we store and process your title, first and last name, address and, if the publication is sent by email, your email address.
You may revoke your consent at any time and object to the use of your personal data for the purpose of sending you our newsletter or client information, such as compact or compact Spezial, at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your revocation or objection in writing or by email to our address mentioned above in section 1. a. You can also use the option provided in our newsletter emails to stop receiving further emails by clicking a button.

(3) Right of revocation and objection

You may object at any time to the use of your personal data for the purpose of sending you our newsletter or our client information, such as compact or compact Spezial, without incurring any costs other than the transmission costs according to the basic rates. You can send your revocation or objection in writing or by email to our address specified above in section 1. a. You can also use the option provided in our newsletter emails to prevent further emails from being sent by clicking on a button.

(4) Legal basis

The legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR, as data processing is necessary for the performance of a contract.
The legal basis is also Art. 6 (1) sentence 1 lit. f GDPR if you are our client or an employee of our client who is entrusted with the handling of their legal, tax or financial affairs. Our legitimate interest is to send you publications tailored to your consulting needs as well as communications in line with social customs, such as Christmas cards, thereby promoting our business relationship with you.

(5) Criteria for the storage period

If the data processing is based on your consent, we will store your data until you revoke your consent. We will then delete your data. The same applies if you object to the further use of your personal data for the purpose of sending publications (see above).
In all other respects, the information under section 1. g. applies.
 

If you are applying to one of the companies listed under 1.a. above as an employee, trainee, intern or for any other contractual relationship, we would like to provide you with the following information in addition to the general information (under 1. above).

(1) Decision on the establishment of an employment relationship, apprenticeship, internship or other contractual relationship

(a) Purposes of data processing

We collect and process your personal data for the purpose of deciding whether to establish a contractual relationship for which you are applying (employment relationship, training relationship, internship or other contractual relationship).

(b) Legal basis

The legal basis for processing is the General Data Protection Regulation (GDPR) in conjunction with Section 26 of the Federal Data Protection Act (BDSG). If the contractual relationship for which you are applying is not an employment relationship within the meaning of Section 26 (8) BDSG (i.e. in particular not an employment relationship or employment for vocational training), the legal basis for the processing of your personal data is Article 6 (1) (b) GDPR. Personal data may also be processed on the basis of other legal provisions, in particular those relating to labour law, vocational training law and social law, in their respective versions. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the controller is subject, it is based on Art. 6 (1) (c) GDPR. If you give us your consent to the processing of your personal data, the legal basis for data processing is Art. 6 (1) (a) GDPR.

(c ) Criteria for the storage period

Personal data processed for the purpose of deciding on the establishment of a contractual relationship will generally be deleted when the processing is no longer necessary for the decision on the establishment of a contractual relationship. The duration of storage therefore depends on the duration of the decision-making process.

If you have sent us a speculative application – i.e. an application that does not relate to a specific position advertised by us – we will also process your personal data in order to decide on the establishment of a contractual relationship. The above statements apply accordingly, whereby we will generally delete your data if we believe that your personal data is unlikely to be used to decide on the establishment of a contractual relationship.

If the processing of your personal data is based on consent, the storage period resulting from the declaration of consent and the possible exercise of your right of revocation are the decisive criteria for the storage period, whereby revocation does not affect processing based on other legal grounds.

(2) Any processing for the assertion, exercise or defence of legal claims in connection with applications

(d) Purposes of data processing

Under certain circumstances, your personal data may be used to assert, exercise or defend legal claims if you or the controller to whom you have addressed your application has legal claims or asserts such claims.

(e) Legal basis, legitimate interests

The legal basis in these cases is Art. 6(1)(f) GDPR. According to Art. 6(1)(f) GDPR, the processing of personal data is lawful if the processing is necessary to safeguard a legitimate interest of the controller or a third party, unless your interests and rights to exclude the processing outweigh the legitimate interests of the controller or the third party. The legitimate interests of the controller or third party lie in the assertion, exercise or defence of legal claims.

(f) Criteria for the storage period

In individual cases, the storage period may therefore exceed the decision on the establishment of a contractual relationship. This would be the case, for example, if there are indications that you will assert claims against the controller. The data will then be stored for as long as the processing of the data is necessary for the assertion, exercise or defence of legal claims. The criteria for the storage period may include the time limits set out in the General Equal Treatment Act and the Labour Court Act (Section 15 (4) sentence 1 AGG; Section 61 b ArbGG) as well as limitation periods or statutory retention periods.

Storage may also take place if this is provided for or prescribed by European or national legislators in EU regulations, laws or other provisions to which the controller is subject.

(3) Legal or contractual obligations to provide personal data in relation to applications

You are not obliged to provide us with personal data for the application process. However, without the information required to assess your suitability, check the requirements for lawful employment and your availability, and to contact you, we cannot carry out the application process.

Where legally permissible, we generally intend to use personal data that we receive from you, including your email address, for the purpose of advertising our services and events. To this end, we may contact you by post or email. You have the right to object to the use of your personal data – in particular the use of your email address – for advertising purposes at any time, without incurring any costs other than the transmission costs at the basic rates. You can send your objection to the person responsible for processing your data using the contact details above.

(1) Responsible party
The responsible party for data processing is:

ESC – Esche Schümann Commichau Stiftung.

The contact details of the person responsible can be found above under section 1. a.

(2) Purposes of data processing

You have the opportunity to apply to us for the foundation's sponsorship award. This includes, in particular, your first and last name, your contact details and your CV. We collect and process your personal data for the purpose of deciding whether to grant sponsorship. If you are awarded a prize, we will also need your account details in order to transfer the prize money.

We process the personal data of the ESC – Esche Schümann Commichau Foundation prize winners for the purpose of organising the award ceremony (invitations, programme booklets, etc.). We publish your name and the title of your dissertation in the list of previous award winners, which is available on our website.

You have the option of donating to the ESC – Esche Schümann Commichau Foundation. In this case, we process the personal data you provide, in particular your payment details. We receive your payment details from your account-holding bank when you transfer a donation to us.

(3) Legal basis

The legal basis for the processing of your personal data in the context of the selection process and for the award ceremony is Art. 6 (1) sentence 1 lit. b GDPR (implementation of pre-contractual measures or fulfilment of a contract).

The legal basis for processing in the context of compiling the overview of previous award winners and publishing it is the protection of legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR). Our legitimate interests consist of providing information about the foundation's award winners and the respective topics of their dissertations, postdoctoral theses and diploma theses, thereby promoting the purpose of our foundation. The publication of the award winners serves to enhance the reputation of the foundation and is intended to draw the attention of applicants and donors to us.

With regard to the processing of personal data of donors, the legal basis is Art. 6 (1) sentence 1 lit. b GDPR and Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in receiving the donation to promote the purpose of our foundation.

(4) Criteria for the storage period

Personal data processed for the purpose of deciding on the award of the foundation's sponsorship prize will generally be deleted if the processing is no longer necessary for the decision and the foundation has decided against sponsoring you. The duration of storage therefore depends on the duration of the decision-making process.

The names of the award winners and the titles of the dissertations, postdoctoral theses and diploma theses will be published for as long as this is necessary to promote the purpose of the ESC – Esche Schümann Commichau Foundation.

Donor data will be deleted after the donation has been processed and the relevant retention obligations have expired, in particular due to tax regulations.

In all other respects, the information under section 1. g. applies.

(1) Responsible party
If you contact us as an existing or future supplier or service provider, or if we contact you, the responsible party for data processing is the ESCHE company that you contact or that contacts you.
If you enter our premises or drive into our car park as a visitor, the responsible party for data processing is:

Esche Schümann Commichau
Rechtsanwälte Wirtschaftsprüfer Steuerberater 
Partnerschaftsgesellschaft mbB.

The contact details of the controller can be found above under section 1. a.

Please note that if video recordings are made of you, including recordings of your vehicle registration number when driving into our underground car park, the information below under section 2. f. applies.

(2) Purposes of data processing

If you contact us to initiate, conclude or execute a contract, we will process the personal data you provide to us in order to decide whether we wish to conclude such a contract with you and, if applicable, to conclude and execute such a contract. This also applies if we contact you on our own initiative to initiate, conclude or execute a contract because we wish to engage you as a supplier or service provider.

If you visit our premises, including our underground car park, and provide us with personal data, for example by giving your name to our reception staff, your personal data will be processed for the purpose of exercising our domiciliary rights. We want to control who enters our premises in order to prevent unauthorised access.

(3) Legal basis

The legal basis for the processing of your personal data that you provide to us in order to initiate the conclusion of a contract with us, to conclude a contract with us or to execute a contract is Article 6(1), sentence 1, lit. b GDPR.

The legal basis for processing is also Article 6(1)(b) GDPR if we store your personal data that is necessary for establishing contact beyond the termination of a specific contract. We have a legitimate interest in being able to rely on proven suppliers and service providers.

If you enter our premises or drive into our car park as a visitor, the legal basis for the processing of your personal data is Article 6(1), sentence 1, lit. f GDPR. We have a legitimate interest in controlling who enters or drives into our premises, including our car park, in order to prevent unauthorised access.

(4) Criteria for the storage period

Personal data that is processed for the purpose of deciding whether to establish a contractual relationship is generally deleted by us when the processing is no longer necessary for the decision on the establishment of a contractual relationship.

The duration of storage depends on the duration of the decision-making process. If we have concluded a contract with you, we will store your personal data until the contract has been fully executed or terminated, plus the duration of any statutory retention obligations.

In individual cases, the storage period may exceed the decision on the establishment of a contractual relationship or, after conclusion of such a contract, its execution or termination, if there are indications that you will assert claims against us. The same applies in the event that we intend to assert claims against you. The data will then be stored for as long as the processing of your personal data is necessary for the assertion, exercise or defence of legal claims. The criteria for the storage period may include the limitation periods.

If you are a supplier or service provider with whom we work repeatedly, we will store your personal data that is necessary for repeated contact beyond the termination of a specific contract until we no longer consider using your services.

If you have provided us with personal data as a visitor, your personal data will generally be deleted after the end of your visit, unless you have expressly requested that we continue to store your personal data, for example in order to be invited to our events in the future or to receive information from us. A longer storage period may also apply in these cases if there are indications in individual cases that you will assert claims against us or that we may consider asserting such claims.

(1) Verantwortlicher
Verantwortlicher für die Datenverarbeitung ist:

Esche Schümann Commichau
Rechtsanwälte Wirtschaftsprüfer Steuerberater 
Partnerschaftsgesellschaft mbB.

Die Kontaktdaten des Verantwortlichen finden Sie oben unter Ziffer 1. a.

(2) Zwecke der Datenverarbeitung
Eine Verarbeitung Ihrer personenbezogenen Daten erfolgt, sofern Bilder von Ihnen von Videokameras, die wir installiert haben, um unser Eigentum (oder das eines Dritten) oder unser Hausrecht (oder das eines Dritten) zu schützen, aufgenommen werden. Eine Tonaufzeichnung erfolgt nicht.

Die Videoüberwachung soll aufgrund ihrer Erkennbarkeit vorbeugend wirken und Verhalten, dass unsere Interessen verletzten kann, verhindern. Die Aufzeichnungen dienen gleichfalls der Aufklärung von Straftaten und anderen relevanten Vorfällen. Sie sollen zudem eine etwaige Strafverfolgung und die Ausübung, Geltendmachung und Verteidigung von Rechtsansprüchen des Verantwortlichen ermöglichen sowie zu Beweiszwecken dienen.

(3) Rechtsgrundlagen, berechtigte Interessen
Die Rechtsgrundlage für die Datenverarbeitung sind Art. 6 Abs. 1 Satz 1 lit. f DS-GVO und §§ 4, 26 BDSG. Unsere berechtigten Interessen ergeben sich aus der vorstehenden Beschreibung der Zwecke der Videoüberwachung und liegen insbesondere im Schutz unseres Eigentums und des Eigentums Dritter sowie in der Durchsetzung unseres Hausrechts und des Hausrechts Dritter.

(4) Kriterien für die Speicherdauer
Da die Speicherung auf der Abwägung unserer Interessen mit Ihren Interessen beruht, sind der Bestand und die Veränderung der Interessenlage maßgebliche Kriterien für die Speicherdauer. Die Daten werden grundsätzlich gelöscht, wenn unsere berechtigten Interessen nicht mehr bestehen oder gegenüber Ihren Interessen an der Löschung nicht mehr überwiegen. Aufzeichnungen werden grundsätzlich nur 72 Stunden gespeichert. Für die konkrete Speicherdauer ist relevant, dass anlässlich von Zeiten der Betriebsruhe (Wochenenden, Feiertage, Betriebsferien etc.) eine Auswertung ggf. nur verzögert vorgenommen werden kann. Für den Fall, dass Videoaufnahmen zur Geltendmachung, Verteidigung und Ausübung von Rechtsansprüchen oder zu Beweiszwecken und zur Aufklärung von Sachverhalten erforderlich sind, bleiben diese Daten bis zur Erfüllung dieser Zwecke gespeichert. Ausnahmen von den Löschungsfristen können sich aus den Bestimmungen der DS-GVO und den Bestimmungen des BDSG ergeben.

Es gelten im Übrigen die Hinweise unter Ziffer 1. g.

1. Purpose of processing

   We use the services to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: ‘online meetings’). The use of “Teams” also serves the purpose of collaboration with our customers and internally between our employees, including the exchange of chat messages and files (hereinafter: ‘collaboration’). ‘Online meetings’ and ‘collaboration’ are summarised as ‘service use’ in this privacy policy. ‘Zoom’ is a service provided by Zoom Video Communications, Inc., which is based in the USA. “Teams” is a service provided by Microsoft Corporation, which is also based in the USA, and is part of the ‘Microsoft 365’ environment.
    

2. Responsible party

   The responsible party for data processing directly related to ‘service use’ is, depending on the entity communicating with you, Esche Schümann Commichau Partnerschaftsgesellschaft mbB or ESC Wirtschaftsprüfung GmbH (respective address: Am Sandtorkai 44, 20457 Hamburg).Note: If you visit the Zoom or Teams website, the provider specified there is responsible for data processing. However, accessing the respective website is only necessary for the use of the services in order to download the software for using ‘Zoom’ and/or ‘Teams’. You can also use the services if you enter the respective meeting ID and, if necessary, further access data for the meeting directly in the “Zoom” or ‘Teams’ app. If you do not want to or cannot use the ‘Zoom’ or ‘Teams’ app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” or ‘Teams’ website.
    

3. What data is processed? 

   Various types of data are processed when using the services. The scope of the data also depends on the information you provide before or during participation in an online meeting and/or in the context of collaboration. The following personal data is subject to processing:

   1. User details: first name, surname, telephone number (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)
   2. Metadata: topic, description (optional), participant IP addresses, device/hardware information
   3. For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
   4. When dialling in by telephone: Information on the incoming and outgoing phone number, country name, start and end time. Additional connection data, such as the IP address of the device, may also be stored.
   5. Text, audio and video data: You may have the option of using the chat, question or survey functions in an ‘online meeting’. In this respect, the text entries you make will be processed in order to display them in the ‘online meeting’ and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the ‘Zoom’ or ‘Teams’ applications.
   6. In order to participate in an ‘online meeting’ or enter the ‘meeting room’, you must at least provide your name.
   7. In addition, ‘collaboration’ allows you to exchange text, audio and video files.
       

4. Scope of processing

   We use the services for ‘service use’. If we wish to record ‘online meetings’, we will inform you of this in advance and, if necessary, ask for your consent. The fact that the meeting is being recorded will also be displayed in the “Zoom” or ‘Teams’ app. If necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will not usually be the case. In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up on webinars. If you are registered as a user with ‘Zoom’ or ‘Teams’, reports on ‘online meetings’ (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month with “Zoom” or ‘Teams’. Automated decision-making within the meaning of Art. 22 GDPR is not used.
    

5. Legal basis for data processing

   Insofar as personal data of employees of Esche Schümann Commichau Partnerschaftsgesellschaft mbB and ESC Wirtschaftsprüfung GmbH is processed, § 26 BDSG (Federal Data Protection Act) is the legal basis for data processing. If, in connection with the ‘use of services’, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an essential component of the use of the services, Art. 6 (1) (f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective implementation of the ‘use of services’. Otherwise, the legal basis for data processing within the scope of ‘service use’ is Art. 6 (1) (b) GDPR, insofar as communication is carried out within the scope of contractual relationships. If no contractual relationship exists, the legal basis is Art. 6 (1) (f) GDPR. Here, too, our interest lies in the effective implementation of the ‘use of services’.
    

6. Recipients/disclosure of data

   Personal data processed in connection with the ‘use of services’ is generally not disclosed to third parties unless it is specifically intended for disclosure. Please note that content from ‘online meetings’ and ‘collaboration’, as well as from face-to-face meetings, is often used to communicate information to customers, interested parties or third parties and is therefore intended for disclosure.

   The providers of the services (see above) necessarily become aware of the above-mentioned data to the extent that this is provided for in our data processing agreement with them. In some cases, the providers of the services also process your personal data for their own purposes. Further information on this can be found in the providers' data protection notices.
    

7. Data processing outside the European Union

   Both services are provided by providers from the USA. Personal data is therefore also processed in a third country. We have concluded a data processing agreement with each of the service providers that complies with the requirements of Art. 28 GDPR.

   An adequate level of data protection is ensured by the conclusion of the so-called EU Standard Contractual Clauses and by the adequacy decision on the EU-U.S. Data Privacy Framework.

   Data protection officer

   You can contact the data protection officer of the above-mentioned companies at the following email address: datenschutz.esche.pg@beckservice.gmbh