_Data privacy

Privacy policy

Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The aim of this data protection declaration is to inform you as a user of the website about the nature, scope and purpose of the processing of personal data and the rights that exist for you, insofar as you are deemed to be a data subject within the meaning of Article 4 No. 1 of the General Data Protection Regulation.


1. Responsible entity

This website and the range of services are operated by:

ba audit gmbh Wirtschaftsprüfungsgesellschaft
Oranienburger Str. 1-3
10178 Berlin

ba tax gmbh Wirtschaftsprüfungsgesellschaft
Alstertwiete 3
20099 Hamburg

Tel: +49 (0)40 46899180
Email: dsgvo@ba-group.de

 

2. Data Privacy Officer

We have commissioned an independent data privacy officer.

www.mein-datenschutzbeauftragter.de
Herr Philipp Herold
Hafenstraße 1a
23568 Lübeck

E-Mail:  dsgvo@ba-group.de

 

3. General

The development of the website has been designed to collect as little data from you as possible. In doing so, we always ensure that your personal data is only processed in accordance with a legal basis or consent granted by you. We adhere to the regulations of the General Data Protection Regulation (GDPR) which have been in force since 25.5.2018 and the respective applicable national regulations, such as the Federal Data Protection Act, the Telecommunications Telemedia Data Protection Act or other more specific laws on data protection.

4. Purpose and legal basis for the processing of personal data

We always process your personal data for a specific purpose. In summary, we process your personal data for the following purposes:

a) In order to be able to handle your request when contacting you (e.g., email address, first name, last name);
b) For the technical realisation of our website and to be able to provide you with our information on this website (e.g., IP address, cookies, browser information)
c) To receive and process an application from you for one of our career opportunities.

The specific purposes of the processing operations described here are described.

With regard to the legal basis for the processing of your personal data, the following applies: We process personal data that is required for the justification, implementation or processing of our service offerings (contract processing) on the legal basis of Art. 6 (1) lit. b GDPR. Insofar as we obtain consent from you for the processing of your personal data, the consent pursuant to Art. 6 (1) lit. a GDPR forms the legal basis for the processing of the data. Data processing is also permissible if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data are not overridden. (Art. 6 para. 1 lit. f GDPR) Insofar as we use external service providers within the scope of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.

5. Collection of personal data when visiting our website

In the case of solely informational use of the website i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Data volume transmitted in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

In addition to the data mentioned above, cookies are stored on your computer when you use our website. You can find further information on this under the heading “Cookies” in this privacy policy and in the consent management tool used.

 

6. Integration of services from other providers

Our website uses content, services and performances from other providers. These include, for example, services for the statistical evaluation of the use and visit of our website. In order for this data to be called up and displayed in the user’s browser, the user’s IP address must be transmitted to the third-party providers that are used.

Even though we endeavour to solely use third-party providers who only need the IP address to be able to deliver content or even work with anonymised IP addresses, we have no influence on whether or not the IP address may be stored. Information on the third-party providers used can be found below in this privacy policy.

 

Facebook Pixel
Type and scope of processing: we use Facebook Pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to create so-called Custom Audiences, i.e. to segment groups of visitors to our online offering, to determine conversion rates and to subsequently optimise these. This happens in particular when you interact with advertisements that we have placed with Meta Platforms Ireland Limited.

Purpose and legal basis: we process your data with the help of Facebook Pixel for the purpose of optimising our website and for marketing purposes based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR.

Storage period: the specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook Pixel: https://www.facebook.com/privacy/explanation.

 

Facebook Plugin
Nature and scope of data processing: we have integrated Facebook Plugin components on our website. Facebook Plugin is a service of Meta Platforms Ireland Limited and offers us the possibility to aggregate content from the social media platform and display it on our website. When you access this content, you establish a connection to servers of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of Facebook Plugin. If a user is registered with Meta Platforms Ireland Limited, Facebook Plugin can associate the content viewed with the profile.

Purpose and legal basis: the use of the service is based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR.

Storage period: the specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook Plugin: https://www.facebook.com/policy.php.

 

Google Analytics
Nature and scope of data processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offerings. This includes, for example, the number of views of our online offerings, subpages visited and the length of stay of visitors. Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis: we process data using Google Analytics for the purpose of optimising our website and for marketing purposes on the basis of your consent pursuant to Art. 6 Abs. 1 lit. a. GDPR and § 25 para. 1 of the German Teleservices Data Protection Act (TTDSG).

Storage period: the specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy

 

Google Tag Manager
Nature and scope of processing

We use the Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the precise integration of services on our website This allows us to flexibly integrate additional services to evaluate user access to our website.

Purpose and legal basis
The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 of the German Data Protection Act (TTDSG).

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/ about/analytics/tag-manager/use-policy/.

 

LinkedIn PlugIn
This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page of this website containing functions of LinkedIn is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to this website with you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.

The use of the LinkedIn plugin is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 of the German Teleservices Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: //www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

For more information, please see LinkedIn’s privacy policy at: //www.linkedin.com/legal/privacy-policy.

7. Cookies

Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier.

Cookies enable our systems to recognise the user’s device and make any preferences available immediately. As soon as a user accesses the platform, a cookie is transferred to the hard disk of the respective user’s computer. Cookies help us to improve our website and to offer you a better and more tailored service. They enable us to recognise your computer or (mobile) device when you return to our website and thereby:

  • store information about your preferred activities on the website and thus tailor our website to your individual interests.
  • To speed up the processing of your requests.

We work with third party services to help us make the internet experience and website more interesting for you. Therefore, cookies from these partner companies (third-party providers) are also stored on your hard drive when you visit the website. These are cookies that are automatically deleted after the specified time.

For more information on the individual third-party providers, please refer to the Cookie Consent Tool and the data protection information provided therein.

If you do not wish to use browser cookies, you can set your browser not to accept cookies. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only wish to accept our own cookies, but not the cookies of our service providers and partners, you can select the setting in your browser “Block third-party cookies”. We do not accept any responsibility for the use of third-party cookies.

 

8. Contacting us (contact forms, offer forms etc.)

You can contact us by e-mail or via our contact form. In this case, we store the personal data you provide in order to process your request and to contact you in order to process your request. If we request information via our contact form, the mandatory fields required for contacting us are marked accordingly (asterisk). The voluntary information is used to specify your request and to improve the processing of your request. The data requested is transmitted to us by you on a purely voluntary basis. Depending on the type of enquiry, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for enquiries that you yourself make as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your enquiry is of a different nature. The legitimate interest follows from the purposes mentioned under point a.). If personal data is requested that we do not need for the fulfilment of a contract or for the protection of legitimate interests, the transfer to us is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

 

9. Application procedure

We publish job vacancies on our website, for which you can apply via our application form.
If you decide to apply for a vacancy, we process the personal data you provide there and send to us exclusively for the purpose of carrying out the application procedure.

The legal basis for the processing of your personal data as part of the
application process is § 26 para. 1 in conjunction with para. 2 of the German Federal Data Protection Act (BDSG).

In the event of a rejection, we will delete your data as soon as a retention period of 6 months, as required by labour law, has expired. The period begins with the dispatch of the rejection. If you have expressly consented to the further use of your data for subsequent contact regarding positions that may be of interest to you, we will continue to store your data in accordance with your consent.

If an employment relationship is established following the application process, the data will initially continue to be stored to the extent necessary and permissible and then transferred to the personnel file.

Your personal data will be processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In doing so, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.

Otherwise, data is only forwarded to recipients outside the company if this is permitted or required by law, if the forwarding is necessary for the fulfilment of legal obligations or if you have consented to it. A transfer to a third country is not intended.

The provision of personal data in the context of application processes is neither legally nor contractually required. You are therefore not obliged to provide the personal data. However, the provision of personal data is necessary for the decision on an application or the conclusion of a contract for employment with us. However, when submitting your application, you should only provide personal data that is required to start and complete the application. If you do not provide us with any personal data in an application, we cannot make a decision on the establishment of an employment relationship.

Please note that applications sent to us by email are transmitted without encryption. In this respect, there is a risk that unauthorised persons may intercept and use this data.

 

10. Presence in social media

In order to be able to present our company in the best possible way and communicate with you as a user, customer or interested party and to inform you about the services we offer, we make use of our presence in social networks.

You will find us on the following platforms and social networks

  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Xing

When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection to that which applies in the EU cannot be guaranteed in all countries outside the EU. In this context, it can lead to risks for you as a user if the transmitted data is processed in so-called third countries that do not provide an adequate level of data protection.

This makes it more difficult to enforce known user rights. In addition, your data may not be processed in accordance with your interests by the provider in the third country. In the USA, the level of data protection is not comparable to the requirements of the GDPR. It is possible that government agencies access personal data without either your or our knowledge. It is therefore unlikely that it will be possible to enforce your rights in the USA.

The processing purposes pursued by the social networks usually differ from ours. For example, the data collected from you on social networks is usually processed for the purposes of

 market research, advertising and the creation of user profiles for personalised advertising (e.g. Facebook, Google, Instagram, etc.).

In order to realise this, cookies that record user behaviour and enable profiling of the user are deployed. In the case of Facebook, a user profile is also created for persons who do not have a registered account on Facebook. A concrete list of the purposes for which user data is processed can be found in the data protection notices of the respective providers. By selecting the appropriate settings in your user account, you can restrict the creation of profiles, at least to a certain extent. For details on how to do this, please read the respective provider’s data protection information.

 

Facebook Fanpage

When you visit our Facebook page, Facebook collects, among other things
Information that is present on your PC in the form of cookies. This information is used to provide us, as operators of
the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more
detailed information on this under the following link: http://de-de.facebook.com/help/pages/insights .

By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan page in order to
make it available for communication and interaction with us. This collection usually includes your name, message content, comment content and the profile information you provide “publicly”.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 lit. f GDPR. Should you, as a user, have given your consent to the data processing vis-à-vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 lit. a, Art. 7 GDPR.

Due to the fact that the data processing itself is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfil your user rights (information request, deletion request, objection, etc.). 

The most effective way to assert your rights is therefore to contact the provider directly.

However, should you require assistance in this matter, please do not hesitate to contact us.

 

Data subject rights

“The Facebook “”Page Controller Addendum”” sets out the rights and obligations to be complied with together with
Facebook. You can find these under the following link:”
https://www.facebook.com/legal/terms/page_controller_addendum

In the event of a request for information, we will forward this to Facebook and ask you to fill out the corresponding contact form at
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fhelp%2Fcontact%2F308592359910928 

Below you will find a detailed description of the respective data processing by the providers and their objection options (so-called opt-out) via the corresponding links to the providers’ websites:

 

11. Rights of the data subject

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, 
    the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • to demand the correction of inaccurate or incomplete personal data stored by us pursuant to Art. 16 GDPR
  • to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right
    to freedom of expression and information, for the fulfilment of a legal obligation, or for reasons of legitimate interest
    reasons of public interest or for the assertion, exercise or defence of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR.
    if the accuracy of the data is disputed by you, if the processing is unlawful, but you object to its deletion and we no longer need the data, but you require them for the assertion, exercise or defence of
    legal claims or you have lodged an objection to the processing in accordance with Art. 21 of the GDPR.
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another responsible party (data portability);
  • to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future; and complain to a supervisory authority
  • in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
  • Right of objection
  • If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising.
    In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.

If you would like to make use of your right of revocation or objection, it is sufficient to send an email to dsgvo@ba-group.de.

 

12. Disclosure of your personal data

Your personal data will be disclosed as described below.

Data will also be disclosed if we are entitled or obliged to disclose data on the basis of statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.

Insofar as your data is disclosed to service providers to the extent necessary, they will only have access to your personal data to the extent that this is necessary for the fulfilment of their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR. Insofar as your personal data is processed on our behalf on the basis of order processing contracts pursuant to Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.

We attach importance to processing your data within the EU / EEA. However, we may use service providers who process data outside the EU / EEA. In these cases, we ensure that the recipient establishes an adequate level of data protection comparable to the standards within the EU before transferring your personal data. This can be achieved, for example, via EU standard contracts or Binding Corporate Rules or special agreements to whose regulations the company can submit.

 

13 Data security

We secure our website by means of technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. In particular, we transmit your personal data in encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments.

 

14. Storage period for personal data

With regard to the storage period, we delete personal data as soon as their storage is no longer necessary for the fulfilment of the original purpose and there are no longer any legal retention periods. The statutory retention periods form the criterion for the final duration of the storage of personal data. After expiry of the period, the corresponding data is routinely deleted. If retention periods exist, processing is restricted in the form of blocking the data.

 

15. References and links

When calling up Internet pages referred to within the framework of our website, information such as name, address, e-mail address, browser properties etc. may be requested again. This privacy policy does not govern the collection, disclosure or handling of personal data by third parties.

Third party service providers may have different and their own regulations regarding the collection, processing and use of personal data. It is therefore advisable to inform yourself on the websites of third parties about their practices regarding the handling of personal data before entering personal data.