Privacy Policy

Privacy policy and data protection information in accordance with Articles 13 and 14 GDPR

In the following, we inform you about the processing of your personal data (hereinafter also referred to as “data” for short) if

  • you use this website,
  • you or a third party provide or transmit data about you to us in relation to an existing or future client relationship,
  • you attend one of our events,
  • you obtain a publication from us,
  • you apply for employment,
  • you apply for the award of a prize,
  • you contact us as a supplier, service provider or visitor, or
  • you have been filmed as part of our video surveillance.

Personal data is any data relating to an identified or identifiable natural person, such as your name, address and email address.

Insofar as this data protection declaration and data protection information refers to “we” or “us“, this refers to the legal entities listed below in section 1.a. either jointly or, depending on the context, individually.

We process personal data in accordance with the applicable provisions of data protection provisions, in particular on the basis of the General Data Protection Regulation of the European Union (“GDPR“) and the Federal Data Protection Act (“BDSG“).

Overview of the following contents

1. Allgemeine Informationen zur Datenverarbeitung
   a. Name and contact details of the data controller
   b. Data Protection Officer
   c. Persons responsible, purposes, legal bases and criteria for the storage period for individual data processing activities.
   d. Recipient
   e. Transfer to third countries
   f. Data subject rights
   g. Storage period
   h. Obligation to provide personal data

2. Specific information on individual data processing activities
   a. Data processing when using this website
   b. Data processing in relation to an existing or future clients
   c. Data processing in relation to our events
   d. Data processing in relation to our publications
   e. Data processing in relation to job applications
   f. Processing of personal data for direct marketing purposes, your right to object
   g. Data processing in relation to suppliers, service providers and visitors
   h. Money laundering prevention
   i. Third party content and services on this website
   j. Online meetings, webinars and screen sharing via Microsoft Teams
   k. Data processing in relation to an existing or future clients
   l. Online meetings, webinars and screen sharing via ZOOM
   m. Data processing in relation to an existing or future clients
   n. Podcasts

1. General information on data processing

In this section 1, we would like to provide you with some general information on the processing of your personal data by us, which applies to all our data processing activities.

Under the following point 2. you will find information that only applies to specific processing activities in each case.

a. Name and contact details of the data controller

Responsible for the processing of your personal data is the legal entity the „WPNO GmbH Wirtschaftsprüfungsgesellschaft “ :

WPNO GmbH Wirtschaftsprüfungsgesellschaft can be reached at the following contact details:

WPNO GMBH
Wirtschaftsprüfungsgesellschaft
Mittelstrasse 12-14

b. Data Protection Officer

You can reach the data protection officer of WPNO GmbH Wirtschaftsprüfungsgesellschaft as follows:

WPNO GMBH
Wirtschaftsprüfungsgesellschaft
Mittelstrasse 12-14
D – 50672 Köln
Email: 
Datenschutz@wpno.com

c. Persons responsible, purposes, legal bases and criteria for the storage period for individual data processing activities.

We provide information on the respective persons responsible, the purposes and legal bases for data processing, as well as the criteria for the storage period for individual data processing activities in:

  • Point 2. a.: Data processing when using this website,
  • Point 2. b.: Data processing in relation to a mandate,
  • Point 2. c.: Data processing in relation to our events,
  • Point 2. d.: Data processing in relation to our publications,
  • Point 2. e.: Data processing in relation to job applications,
  • Point 2. f.: Data processing for direct marketing purposes, your right to object
  • Point 2. g.: Data processing in relation to the awarding of prizes,
  • Point 2. h.: Data processing in relation to suppliers, service providers and visitors.
  • Point 2. i.: Data processing in relation to our video surveillance.
  • Point 2. j.. Data processing in relation to money laundering prevention.
  • Point 2. k.. Data processing in relation to third party services of the website
  • Point 2. l. Data processing in relation to Microsoft Teams
  • Point 2. m. Data processing in relation to Zoom
  • Point 2. n. Data processing in relation to Podcast

d. Recipient

If requested by you or required for the processing of the mandate or the fulfillment of another contract with you, or if we have a legitimate interest in the transfer of data, we will also transfer your personal data to third parties. In the context of the mandate work, we transmit this data in any case only if this is permitted by professional law.

In some cases, we use external service providers to process personal data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

This may involve the following categories of recipients:

  • Courts, tax offices, employment offices, patent and trademark offices, registration and other authorities in the context of litigation, tax matters and other legal matters,
  • Lawyers, auditors, tax consultants,
  • service providers such as debt collection agencies, credit agencies, detective agencies, IT services, banking services, communications services, services in the area of our financial management and the destruction of data carriers, couriers, freight forwarders and carriers, interpreters and translators, printers, letter stores, envelope service providers, travel agencies, advertising agencies and photographers.
  • Recruiters and personnel consultants who assist us in finding personnel and, if necessary, in deciding whether to establish an employment relationship.

e. Transfer to third countries

If you so request or if it is necessary for the processing of a mandate or for the fulfillment of another contract with you, we will transfer your personal data to countries outside the European Union. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to third parties, this will only occur if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA by the new “Trans-Atlantic Data Privacy Framework “).

https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/fact-sheet-united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework/

https://ec.europa.eu/commission/presscorner/detail/en/FS_22_2100

or compliance with officially recognized specific contractual obligations (so-called “standard contractual clauses”).

If a transfer to recipients outside the European Union takes place, we will ensure that an adequate level of protection exists at the recipient, appropriate safeguards are provided, you have consented or the transfer is permitted for other reasons, e.g. if this is necessary at your request for the preparation or performance of a contract with you. If we base a transfer to countries outside the European Union on appropriate safeguards, you can request a copy of the same using the contact details provided under point 1. a. above.

There is also the possibility that due to cooperation based on the division of labor, e.g. in the area of IT service providers, in particular with regard to services in the area of maintenance, repair and security of IT systems, a possibility of knowledge of your personal data by employees of a service provider in a country outside the European Union arises. If there is no level of data protection in this state comparable to that of the European Union and accordingly there is no so-called adequacy decision of the European Commission in relation to this state, we will protect your data protection interests by concluding so-called EU standard data protection clauses issued by the European Commission and agreed with the recipient or in another appropriate manner.

Information page of the EU Commission:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

You can request a copy of the EU standard data protection clauses and, if applicable, the other guarantees from us using the contact details provided under point 1. a. above.

Any other transfer of your personal data to other countries outside the European Union is not intended, but also – if lawful – not excluded. Please note that with regard to the submission of the aforementioned copies of guarantees, we may have to take into account overriding rights of third parties as well as any existing legal or contractual confidentiality obligations that may conflict with the disclosure of information in individual cases.

f. Data subject rights

(1) Information, correction, deletion, restriction of processing and data portability.
According to the GDPR, you are entitled to the following data subject rights, among others:

  • Art. 15 GDPR: Data subject’s right to information. You have the right to obtain information from us about what personal data we process about you. Please note that we may not be able to comply with your request for information in all cases, in particular if the confidentiality of our mandate pursuant to Section 29 of the German Federal Data Protection Act (BDSG), which we must observe, prevents us from providing the information.
  • Art. 16 GDPR: Right to rectification. If the data concerning you is incorrect or incomplete, you may request that incorrect information be corrected or that incomplete information be completed.
  • Art. 17 GDPR: Right to erasure. Under the conditions of Art. 17 GDPR, you may request the erasure of your personal data. Your right to erasure depends, among other things, on whether the data concerning you is still needed by us to fulfill our contractual and legal obligations.
  • Art. 18 GDPR: Right to restriction of processing. Under the conditions of Art.18 GDPR, you may request the restriction of the processing of personal data concerning you.
  • Art.20 GDPR: Right to data portability. Under the conditions of Art.20 GDPR, you may obtain your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller. Please note that we are not able to comply with such a request in all cases, in particular if the client confidentiality pursuant to Section 29 BDSG, which we must observe, conflicts with this.

(2) Revocation of consent
If you have given your consent to the processing of your data, you may revoke this consent at any time without affecting the lawfulness of the processing that took place until the revocation. If applicable, the permissibility of processing the data on the basis of other legal grounds also remains unaffected. Insofar as your consent was the exclusive legal basis for the processing of your data, in particular there is no legitimate interest on our part in the processing pursuant to Art. 6 (1) sentence 1 lit. f GDPR, we will delete the data immediately after revoking your consent.

(3) Objection to certain processing pursuant to Art. 21 GDPR
Insofar as we base the processing of your personal data on a balance of interests (Article 6 (1) sentence 1 lit. e or f GDPR), you may object to the processing of the personal data in question at any time for reasons arising from your particular situation. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

You may object to the processing of your personal data for purposes of advertising and data analysis at any time without incurring any costs other than the transmission costs according to the prime rates.

(4) Complaints to the supervisory authority
Furthermore, you have the right to complain to the supervisory authority if you believe that the processing of your data is not lawful (Article 77 GDPR). The address of the supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: +49 211 38424-0
Fax: +49 211 38424-999
E-mail: poststelle@ldi.nrw.de

If you want to be sure that your e-mail remains unread on its way to the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information, encrypt your message. You can use our public PGP – Key for this purpose.

The associated fingerprint is :

EA14 18FA B79C A892 B172 850D 5C01 04F6 43DF 6F2E

g. Storage period

Unless otherwise specified in Section 2. for individual data processing activities, the following applies to the duration of storage of your personal data:

We delete your personal data as soon as the purpose of storage ceases to apply. Storage by us may take place beyond this if this has been provided for by the European or national legislator in Union regulations, in national laws or other regulations to which we are subject. Exceptions to the principle of deletion after the purpose has been achieved may arise, for example, from the provisions of the GDPR and the provisions of federal German law, in particular the BDSG. Furthermore, deletion does not take place, for example, as long as retention obligations exist under commercial law, tax law and professional law.

Longer storage may also be necessary in individual cases due to the assertion or possible assertion of claims against us in connection with a contract or pre-contractual measures. This would be the case, for example, if there are indications that you will assert claims against us. The same applies if, in an individual case, an assertion of claims by us has taken place, is intended or is possible due to concrete circumstances. The data will then be stored for as long as the processing of the data is necessary for the assertion, exercise or defense of legal claims plus the duration of any existing legal obligation to retain data.

If a legal obligation to retain data precludes deletion, we will initially store your data in such a way that it can only be processed by a restricted group of persons and will not delete it until the obligation to retain data has ended.

h. Obligation to provide personal data

You are under no legal or contractual obligation to provide us with personal data. However, if you wish to conclude a contract with WPNO GmbH Wirtschaftsprüfungsgesellschaft, in particular a mandate contract, an employment relationship or a contract as our service provider or supplier, the provision of personal data by you is required. If you do not provide us with personal data in an individual case, you will not be able to conclude a contract with us.

The same applies if you wish to attend one of our events, obtain one of our publications, enter our premises as a visitor or receive an award from us. You can only make use of all these services if you provide us with the necessary personal data, including your name and address and, if you wish to receive publications online, your e-mail address. In the case of further data, we will indicate in each case whether it is mandatory or voluntary.

2. Specific information on individual data processing activities

Below you will find information on certain individual data processing activities.

In each case, we will explain the controller(s), the purposes and legal bases of the data processing, and the criteria for the storage period of your personal data.

a. Data processing when using this website

(1) Person responsible
The person responsible for data processing is:

The contact details of the responsible person can be found above under point 1. a.

(2) Nature and purposes of data processing

(a) Processing of data transmitted in the background
The type and scope of the processing of your personal data differ depending on whether you visit our website merely to retrieve information or make use of services offered by us on the website.

In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we collect the following data and store it in the log files of our system. This includes the following data:

  • IP address,
  • Date and time of the request,
  • Time zone difference from Greenwich Mean Time (GMT),content of the request (specific page),
  • Access status/HTTP status code,
  • Amount of data transferred in each case,
  • Website from which the request came,
  • Operating system and its interface,
  • Browser, language and version of the browser software.

The log file data that we do not assign to a specific person is stored separately from any personal data that you provide. This anonymously collected data and information is evaluated by us on the one hand statistically and on the other hand with the aim of increasing data protection and data security, in order to ultimately ensure an optimal level of protection for the personal data we process.

(b) Use of technical cookies to support the function of the website.
In addition to the previously mentioned data, so-called cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the body that sets the cookie (here by us), certain information flows. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

The cookies used by this website can be divided into two types: so-called technical cookies and so-called performance and tracking cookies.

Technical cookies (also called “necessary cookies”) are cookies that are absolutely necessary to ensure the operation of the website and to maintain functions of the site, such as access to protected areas of the website. These are mainly session cookies (session cookies) or connection cookies. The legal basis of the processing in this respect is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interest in this respect is to maintain the functions and security of the website.

These strictly necessary cookies are stored in your browser for the duration of your visit to the site and are deleted when you close it.

The following peculiarities apply to our site with regard to technical cookies:

As a technically necessary cookie, the cookie “sid” is used there to be able to assign several requests of a user to the same http session for the duration of one hour, using an anonymized user ID. This cookie is deleted after one hour. As a further technically necessary cookie, the cookie “cookieconsent_status” is used to store your cookie settings (declarations of consent) for a period of 30 days.

You can configure your browser settings according to your preferences and refuse to accept cookies. We would like to point out that you may then not be able to use all the functions of this website.

For the website bewerbung.wpno.com linked on our pages, the following specifics apply with regard to technical cookies:

As a technically necessary cookie, the cookie “sid” is used there to be able to assign several requests of a user to the same http session for the duration of one hour using an anonymized user ID. This cookie is deleted after one hour. As a further technically necessary cookie, the cookie “cookieconsent_status” is used to store your cookie settings (declarations of consent) for a period of 30 days.

You can configure your browser settings according to your preferences and refuse to accept cookies. We would like to point out that you may then not be able to use all the functions of this website.

(c) Analysis tools; performance and tracking cookies
This website uses – if you give us your consent to the use of performance and tracking cookies – software from the web analysis service Matomo (formerly PIWIK) to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The data collected in this way is not used for direct marketing purposes or passed on to third parties. Mamoto also does not gain access to the data.

Mamoto is only used if you have given us your consent to the use of performance and tracking cookies in the cookie banner displayed to you when you visit our website.

If you have consented to the use of performance and tracking cookies, cookies (see above for more details) are stored on your computer.

These performance and tracking cookies collect the following data:

  • IP address (shortened)
  • Date and time of access.
  • Page accessed (title and URL).
  • Page from which the current page was called (referrer URL)
  • Time in the local user’s time zone
  • Links to an external domain that was clicked on (outlink)
  • Page generation time (the time it takes for web pages to be generated by the web server and then downloaded by the user: Speed of pages)
  • Location of the user: country, region, city, approximate latitude and longitude (geolocation)
  • Main language of the browser used (Accept-Language header)
  • User agent of the browser used (User-Agent header)

This website uses Matomo with the extension “AnonymizeIP”. This means that IP addresses are processed in a shortened form, which means that a direct subsequent reference to a person can be ruled out. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us, even after truncation. We store the information collected in this way exclusively on our server in Germany.

Withdrawal of your consent to the use of performance and tracking cookies / opt-out for online tracking after giving consent

You can prevent the evaluation described above on the one hand by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies by settings in your browser, we point out that you may not be able to use this website in full. Preventing the storage of cookies is possible through the settings in your browser.

Preventing the use of Matomo is also possible by not giving us your declaration of consent or by revoking your declaration of consent after giving it. You can send your revocation or objection in writing or by e-mail to our address mentioned above under point 1. a..

Provided that you have given us your consent, they will here To stop using the tracking tool Matomo, you can also remove the following check mark and thus activate the opt-out plug-in:

Opt-In for Online Tracking

Special information: 
With regard to the use of cookies from the website, you will be informed there in a different way about the use of cookies and asked for your consent to the use of cookies.

On the website www. wpno.com, we also use software from the web analysis service Matomo (formerly PIWIK) – provided you give us your declaration of consent to the use of web statistics cookies there – in order to be able to analyze and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user. The data collected in this way is not used for direct marketing purposes or passed on to third parties. Matomo also does not gain access to the data. The more detailed information on the use of Matomo, as described at the beginning of this section for www.wpno.com, also applies here.

For the site www.wpno.com we provide the following supplementary information on the use of cookies.

The cookie “pk_id*” is used that registers a unique ID for a website visitor, which logs how the visitor uses the website. The data is used for statistics. The cookie is deleted after 13 months. In addition, the cookie “pk_ref* with a duration of 6 months is used in this context, which is used as a reference to anonymous tracking session on the site. The cookie “pk_ses*” stores the unique session ID for 30 minutes. Finally, the session cookie “MATOMO_SESSID” is used, which stores the web visit based on a session and visitor ID and is deleted when the browser is closed.

Note on revoking your consent to the use of web statistics cookies on www. wpno.com

The prevention of the use of the aforementioned cookie is possible for you by not giving us your declaration of consent or by revoking the declaration of consent after giving us your declaration of consent. You can send your revocation or objection in writing or by e-mail to our addresses mentioned above under point 1. a..

We offer our users the option of opting out of the analysis process on our website. In this case, a cookie is set on their system, which signals to our system not to store the user’s data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again.

More information about the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/

Alternatively, users can also tell us with their browser that they do not want us to perform any analysis. The do-not-track technology we use is a way for users to independently decide whether their behavior is tracked by websites, ad networks, and social networks. If users have the “I don’t want to be tracked” setting on their browser, Mamoto will not record those visits.

Instructions on Do-not-Track can be found here and elsewhere:

The tracking opt-out function requires cookies to be enabled.

(d) Events
You can register for a forum or other event via this website. For more information, please see section 2.c below.

(e) Newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. Furthermore, you can order our client information. You will find more detailed information on this below under section 2. d.

(3) Legal basis
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit f. GDPR: The processing of personal data in the case of purely informational use of our website serves our legitimate interest in displaying our website to you and ensuring the stability and security of this website.

The use of technical cookies (see above) serves our legitimate interest in making the website as a whole user-friendly and effective by establishing the functionality of the website through these cookies.

The use of the web analytics service Matomo is based on your consent. The legal basis for the processing of personal data on the basis of a declaration of consent is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) Criteria for the storage period
In the case of purely informational use of our website, we store the above data for seven days. However, storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

This website uses the following types of cookies, the storage period and functionality of which are explained below.

(aa) Technical cookies within the meaning of this privacy policy (transient cookies) are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

(bb) Performance and tracking cookies (persistent cookies) are automatically deleted after a specified period of time, which may vary depending on the cookie and your browser settings. You can delete the cookies in the security settings of your browser at any time.

The use of the web analytics service Matomo leads on our storage media – as described above under 2 a. (2) (c) – only leads to the storage of data, which – among other things because of the anonymized IP addresses – are not assigned by us to your person.

In all other respects, the information under point 1. g. shall apply.

b. Data processing in relation to an existing or future client/p>

(1) Person responsible
The person responsible for data processing is WPNO GmbH Wirtschaftsprüfungsgesellschaft, to whom you address your inquiry or with whom you have concluded a mandate agreement. If personal data relating to you is transmitted to us by third parties, WPNO GmbH Wirtschaftsprüfungsgesellschaft is the recipient of your personal data. The contact details of the responsible party can be found above under point 1a.

(2) Purposes of data processing,
If you contact us within the scope of a client relationship or in order to enter into a client relationship, your personal data transmitted with the inquiry will be stored by us. We process the personal data that are required for the establishment and implementation of the client relationship. In particular, these are first and last names and your contact details as well as other data required for the execution of the mandate, depending on the type and scope of the mandate granted or still to be granted.

If your personal data is transmitted to us by third parties in relation to an existing or future mandate, the data processing serves the purpose of carrying out the mandate. If your personal data are transmitted to us because our client is considering asserting claims against you or because he anticipates that claims could be asserted against him, the data processing shall furthermore serve the purpose of asserting, exercising or defending legal claims.

(3) Legal basis
The legal basis for the processing of data is, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR, insofar as you are our client or provide us with your personal data for the purpose of entering into a future client relationship. The processing of this data serves to fulfill a contract or is necessary for the implementation of pre-contractual measures.

If your personal data is transmitted to us by third parties in relation to an existing or future mandate, in particular by our clients, the legal basis for processing the data is also, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR if the subject of our mandate is the conclusion of a contract with you, the assertion of claims arising from a contract or advice in relation to these items. On the other hand, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR: The data processing serves to safeguard the legitimate interests of our client, which may lie in particular in the assertion, exercise or defense of legal claims.

(4) Criteria for the storage period
We store your data until the termination of the mandate plus the retention obligations existing under professional law and otherwise.

In all other respects, the information under point 1. g. shall apply.

c. Data processing in relation to our events

(1) Person responsible
The responsible party for data processing is WPNO GmbH Wirtschaftsprüfungsgesellschaft, which is identified as the organizer in the event documents or on our website www.wpno.com. The contact details of the respective responsible person can be found above under point 1. a.

(2) Nature and purposes of data processing
You can register for a workshop, forum or other event via our website www.wpno.com. Mandatory data for registering for an event are, your first and last name, your address and your e-mail address. The provision of further data marked with an asterisk is voluntary. Of course, you can also register for events by phone, fax, letter, e-mail, etc. Your data will be used to carry out the event.

If you also declare that you would like to be invited to future events by e-mail, your personal data, including your e-mail address, will be used for the purpose of informing you about the events in which you have informed us that you are interested.

If you are our client or an employee of our client who is entrusted with the management of his legal, tax or financial affairs, such as a managing director, legal counsel, head of accounting, employee of the human resources department or the patent and trademark department, we will also send you, without your express consent, on the one hand, information on events of a training nature, such as workshops and forums, which are comparable in terms of their thematic focus to our consulting services that are the subject of the mandate and can therefore usefully supplement or deepen them. On the other hand, we invite you to events that serve to promote the business relationship with our clients, such as client summer parties, receptions and the like. For this purpose, we store and process your first and last name, your address and your e-mail address.

(3) Right of revocation and objection
You may object to the use of your personal data for the purpose of sending you invitation e-mails and event information at any time, without incurring any costs other than the transmission costs according to the prime rates. You can send your objection in writing or by e-mail to the above address. You can also use the option provided in an e-mail sent to you to stop receiving further e-mails by clicking a button.

(4) Legal basis
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR, as the data processing is necessary for the performance of a contract.

Furthermore, the legal basis is Art. 6 para.1 sentence 1 lit. f GDPR. Our legitimate interest is to be able to offer you events of a training and non-training nature in accordance with your wishes and thereby to promote our business relationship with our clients.

(5) Criteria for the storage period
We will store your data until the event has been held or, if you have expressed an interest in being invited to further events in the future or are our client or an employee of our client entrusted with the management of his legal, tax or financial affairs, until you object to any further use of your personal data.

You may object to the use of your personal data for the purpose of sending you invitation e-mails and event information at any time without incurring any costs other than the transmission costs according to the prime rates. You can send your objection in writing or by e-mail to the above address. You can also use the option provided in an e-mail sent to you to stop receiving further e-mails by clicking a button.

In all other respects, the information in section 1. g. shall apply.

d. Data processing in relation to our publications

(1) Person responsible
The responsible party for data processing is WPNO GmbH Wirtschaftsprüfungsgesellschaft, which is named as the responsible party in the publication. If no other responsible party is named in the publication, the responsible party for data processing is:

The contact details of the responsible person can be found above under point 1a.

(2) Nature and purposes of data processing
With your consent, we will send you publications such as our newsletter, client information and the like.

To register for our newsletter and client information, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this data processing is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

Mandatory data for sending the newsletter and client information by e-mail are your title, your first and last name and your e-mail address. The provision of further data marked with an asterisk is voluntary. If you would like to order our client information as a print publication, we will need your address in addition to the above-mentioned mandatory data. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter and, if applicable, your address for sending you our client information by mail.

If you are our client or an employee of our client who is entrusted with the management of his legal, tax or financial affairs, such as a managing director, legal counsel, head of accounting, employee of the human resources department or the patent and trademark department, we will also send you our newsletter and our client information without your express consent, if these publications are comparable in their thematic orientation to our consulting services which are the subject of the mandate and can therefore usefully supplement or deepen them. In addition, we will send you Christmas cards and similar communications in line with social custom. For this purpose, we store and process your salutation, your first and last name, your address and – if the publication, which is sent by e-mail – your e-mail address.

You can revoke your consent at any time as well as object to the use of your personal data for the purpose of sending you our newsletter or client information at any time without incurring any costs other than the transmission costs according to the prime rates. You can send your revocation or objection in writing or by e-mail to our address stated above under point 1. a.. You can also use the option provided in our newsletter e-mails to stop receiving further e-mails by clicking a button.

(3) Right of revocation and objection
You can object to the use of your personal data for the purpose of sending you our newsletter or client information at any time without incurring any costs other than the transmission costs according to the basic rates. You can send your revocation or objection in writing or by e-mail to our address stated above under point 1. a.. You can also use the option provided in our newsletter e-mails to stop receiving further e-mails by clicking a button.

(4) Legal basis
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR as the data processing is necessary for the performance of a contract.

Furthermore, the legal basis is Art. 6 (1) sentence 1 lit. f GDPR if you are our client or an employee of our client who is entrusted with the management of his legal, tax or financial affairs. Our legitimate interest is to send you publications tailored to your consulting needs as well as communications that follow social customs, such as Christmas cards, and thereby to promote our business relationship with you.

(5) Criteria for the storage period
If data processing is based on your consent, we will store your data until you revoke your consent. We will then delete your data. The same applies if you object to further use of your personal data for sending publications (see above).

In all other respects, the information under point 1. g. shall apply.

e. Data processing in relation to job applications

In the event that you apply to one of the companies mentioned above under 1.a. as an employee, trainee, intern or for any other contractual relationship, we would like to provide you with the following information in addition to the general information (above under 1.).

(1) Decision on the establishment of an employment relationship, apprenticeship relationship, trainee relationship or other contractual relationship.

(a) Purposes of data processing
Your personal data will be collected and processed by us for the purpose of deciding on the establishment of a contractual relationship for which you are applying (employment relationship, apprenticeship relationship, trainee relationship or other contractual relationship).

(b) Legal basis
The legal basis for the processing is the General Data Protection Regulation (GDPR) in conjunction with Section 26 of the German Federal Data Protection Act (BDSG). If the contractual relationship for which you are applying is not an employment relationship within the meaning of Section 26 (8) of the BDSG (i.e., in particular, not an employment relationship or employment for vocational training), the legal basis for processing your personal data is Article 6 (1) (b) of the GDPR. Processing of personal data may also be carried out on the basis of other statutory provisions, in particular employment law, vocational training law and social law provisions in their respective versions. Insofar as processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, it is based on Art. 6 para. 1 lit. c GDPR. Insofar as you declare your consent to us with regard to the processing of your personal data, the legal basis of the data processing is Art. 6 (1) a GDPR.

(c) Criteria for the storage period
Personal data processed for the decision on the establishment of a contractual relationship will generally be deleted when the processing is no longer necessary for the decision on the establishment of a contractual relationship. In this respect, the duration of storage depends on the duration of the decision-making process.

If you have sent us an unsolicited application – i.e. an application that does not relate to a specific position advertised by us – we will also process your personal data in order to decide on the establishment of a contractual relationship. The above statements apply accordingly, whereby we will generally delete your data if, in our opinion, it is not foreseeable that your personal data could possibly be used for the decision on the establishment of a contractual relationship.

If the processing of your personal data is based on consent, the storage period resulting from the declaration of consent as well as the possible exercise of your right of revocation are the fundamentally decisive criteria for the storage period, whereby the revocation does not affect the processing based on other legal bases.

(2) Possible processing for the assertion, exercise or defense of legal claims in connection with job applications.

(a) Purposes of data processing.
In certain circumstances, there is a possibility that your personal data may be used for the assertion, exercise or defense of legal claims, if you or the controller to whom you have submitted the application has or asserts legal claims.

(b) Legal basis, legitimate interests.
The legal basis in these cases, is Art. 6(1)(f) GDPR. According to Art. 6(1)(f) GDPR, processing of personal data is lawful if the processing is necessary for the purposes of a legitimate interest of the controller or a third party, unless your interests and rights to an exclusion of the processing override the legitimate interests of the controller or the third party. The legitimate interests of the controller or third party then lie in the assertion, exercise or defense of legal claims.

(c) Criteria for the storage period
In individual cases, a storage period may therefore arise that goes beyond the decision on the establishment of a contractual relationship. This would be the case, for example, if there are indications that you will assert claims against the responsible party. The data is then stored for as long as the processing of the data is necessary for the assertion, exercise or defense of legal claims. In this context, the criteria for the storage period may include the periods under the General Equal Treatment Act and the Labor Court Act (Section 15 (4) sentence 1 AGG; Section 61 b ArbGG) as well as periods of limitation or statutory retention periods.

Storage may also take place if this is provided for or prescribed by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject.

(3) Legal or contractual obligations to provide personal data in relation to applications.
You are not obliged to provide us with personal data in order to carry out the application process. However, we cannot carry out the application process without the information required to assess your suitability, check the requirements for lawful employment and your availability, and contact you.

f.  Processing of personal data for direct marketing purposes, your right to object

To the extent legally permissible, we generally intend to use personal data we receive from you, including your e-mail address, for purposes of advertising our services and events. For this purpose, we might contact you by mail or e-mail. You have the right at any time to object to the use of your personal data – in particular the use of your e-mail address – for advertising purposes without incurring any costs other than the transmission costs at the basic rates. You can address an objection to the person responsible for processing your data and use the above contact details.

g. Data processing in relation to suppliers, service providers and visitors

(1) Controller
If you contact us as an existing or future supplier or service provider, or we contact you, the data controller is the ESCHE company that you contact or that contacts you.

If you enter our premises as a visitor or drive into our parking garage, the responsible party for data processing is:

The contact details of the responsible person can be found above under point 1. a.

Please note that insofar as video recordings are made of you, including recordings of your vehicle license plate when driving into our underground parking garage, the instructions below under section 2. f. apply.

(2) Purposes of data processing
If you contact us in order to initiate, conclude or execute a contract, we process the personal data you provide us with in order to decide whether we wish to conclude such a contract with you and, if applicable, to conclude such a contract and execute it. This applies equally if we contact you on our own initiative in order to initiate, conclude or execute a contract because we would like to use you as a supplier or service provider.

If you visit our premises, including our underground car park, as a visitor and provide us with personal data in the process, for example by giving your name to our staff at reception, the processing of your personal data serves to exercise our domiciliary rights. We want to control who enters our premises in order to exclude entry by unauthorized persons.

(3) Legal basis
The legal basis for the processing of your personal data that you provide to us in order to initiate the conclusion of a contract with us, to conclude a contract with us or to execute a contract is Article 6 (1), sentence 1, lit. b GDPR.

The legal basis for the processing is furthermore Article 6 para. 1, sentence 1, lit. b GDPR, if we store your personal data required for contacting you beyond the termination of a specific contract. We have a legitimate interest in being able to rely on proven suppliers and service providers.

If you enter our premises as a visitor or drive into our parking garage, the legal basis for processing your personal data is Article 6 (1), sentence 1 lit. f GDPR. We have a legitimate interest in controlling who enters or drives into our premises, including our parking garage, in order to exclude unauthorized access.

(4) Criteria for the storage period
Personal data that is processed for the decision on the establishment of a contractual relationship will generally be deleted by us if the processing is no longer required for the decision on the establishment of a contractual relationship. In this respect, the duration of storage depends on the duration of the decision-making process. If we have concluded a contract with you, we store your personal data until the complete execution or termination of the contract plus the duration of statutory retention obligations.

In individual cases, a storage period may arise that extends beyond the decision on the establishment of a contractual relationship or, after the conclusion of such a contract, beyond its execution or termination, if there are indications that you will assert claims against us. The same applies in the event that we intend to assert claims against you. The storage then takes place for as long as the processing of your personal data is necessary for the assertion, exercise or defense of legal claims. In this context, the criteria for the storage period may include the statute of limitations.

If you are a supplier or service provider with whom we work repeatedly, we will store your personal data required for repeated contact beyond the termination of a specific contract, until a use of your services by us is no longer considered.

If you have provided us with personal data of you as a visitor, your personal data will generally be deleted after the end of your visit, unless you have expressly requested that we continue to store your personal data, for example in order to be invited by us to our events in the future or to receive information from us. A longer storage period may also arise in these cases if there are indications in the individual case that you will assert claims against us or that the assertion of such claims is being considered by us. The data will then be stored for as long as is necessary for the assertion, exercise or defense of legal claims, plus the duration of any existing statutory retention periods.

In all other respects, the notes under point 1. g.apply.

(a) Data processing in relation to our video surveillance.

(1) Person responsible
The person responsible for data processing is:

The contact details of the data controller can be found above under point 1. a.

(2) Purposes of data processing
Processing of your personal data takes place insofar as images of you are recorded by video cameras that we have installed to protect our property (or that of a third party) or our domiciliary rights (or those of a third party). There is no audio recording.

Video surveillance is intended to have a preventive effect due to its recognizability and to prevent behavior that may violate our interests. The recordings also serve to clarify criminal offenses and other relevant incidents. They are also intended to enable possible criminal prosecution and the exercise, assertion and defense of legal claims of the responsible party, as well as to serve as evidence.

(3) Legal basis, legitimate interests.
The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR and §§ 4, 26 BDSG. Our legitimate interests result from the above description of the purposes of video surveillance and lie in particular in the protection of our property and the property of third parties as well as in the enforcement of our house right and the house right of third parties.

(4) Criteria for the storage period
Since the storage is based on the balancing of our interests with your interests, the existence and the change of the interest situation are decisive criteria for the storage period. The data is generally deleted when our legitimate interests no longer exist or no longer outweigh your interests in deletion. Records are generally only stored for a few days. For the specific storage period, it is relevant that on the occasion of periods of operational rest (weekends, holidays, company vacations, etc.), an evaluation may only be possible with a delay. In the event that video recordings are required for the assertion, defense and exercise of legal claims or for evidentiary purposes and the clarification of facts, this data remains stored until these purposes are fulfilled. Exceptions to the deletion periods may result from the provisions of the GDPR and the provisions of the BDSG.

In all other respects, the information under point 1. g. applies.

WPNO GMBH
Wirtschaftsprüfungsgesellschaft

h. Money laundering prevention

Data processing in relation to an existing or future mandate for money laundering prevention concerning “information” and information on offenses relating to money laundering (Section 261 of the Criminal Code) on persons and companies that have their registered office in Austria or abroad.

(1) Responsible person

Is the person responsible for data processing:

The contact details of the data controller can be found above under point 1. a.

https://www.wpk.de/mitglieder/bekaempfung-der-geldwaesche/praxis/ 

(2) Purposes of data processing
If you contact us within the scope of an attorney-client relationship or in order to enter into an attorney-client relationship, your personal data transmitted with the inquiry will be stored by us. We process the personal data that are required for the establishment and implementation of the client relationship. In particular, these are first and last names and your contact details as well as other data required for the execution of the mandate, depending on the type and scope of the mandate granted or still to be granted.

If your personal data is transmitted to us by third parties in relation to an existing or future mandate, the data processing serves the purpose of carrying out the mandate. If your personal data are transmitted to us because our client is considering asserting claims against you or because he anticipates that claims could be asserted against him, the data processing will also serve to assert, exercise or defend legal claims.

(3) Legal basis
The legal basis for the processing of data is, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR, insofar as you are our client or provide us with your personal data for the purpose of entering into a future client relationship. The processing of this data serves to fulfill a contract or is necessary for the implementation of pre-contractual measures.

If your personal data is transmitted to us by third parties in relation to an existing or future mandate, in particular by our clients, the legal basis for processing the data is also, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR if the subject of our mandate is the conclusion of a contract with you, the assertion of claims arising from a contract or advice in relation to these items. On the other hand, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR: The data processing serves to safeguard the legitimate interests of our client, which may lie in particular in the assertion, exercise or defense of legal claims.

(4) Criteria for the storage period
We store your data until the termination of the mandate plus the retention obligations existing under professional law and otherwise.

In all other respects, the information under point 1. g. shall apply.

i. Third party content and services on this website

The following third-party content and services have been integrated by us:

CONTENT THIRD PARTY
Maps from OpenStreetMap (via proxy, so that the user’s IP address is not transmitted to the third-party provider). Openstreetmap Stiftung

132 Maney Hill Road

Sutton Coldfield

West Midlands B72 1JU

Vereinigtes Königreich

Datenschutzerklärung:

https://wiki.openstreetmap.org/wiki/Privacy_Policy.

(1) Person responsible

WPNO GmbH Wirtschaftsprüfungsgesellschaft is responsible under data protection law for data processing directly related to the conduct of online meetings.

Responsible

is the person responsible for data processing:

The contact details of the data controller can be found above under point 1. a

j. Online meetings, webinars and screen sharing via Microsoft Teams

(1) Controller.

WPNO GmbH Wirtschaftsprüfungsgesellschaft is the data controller for data processing directly related to the conduct of online meetings.

Responsible

is the person responsible for data processing:

The contact details of the data controller can be found above under point 1. a.

If you access the Microsoft Teams website, the Microsoft Teams provider is responsible for data processing. However, accessing the website is only necessary for the use of Microsoft Teams in order to download the software for the use of Microsoft Teams. If you do not want to or cannot use the Microsoft Teams application, you can also use Microsoft Teams via your web browser. The service will then also be provided via the Microsoft Teams website to this extent.

(2) Description and scope of data processing

We use Microsoft Teams to conduct online meetings, webinars and screen sharing. Microsoft Teams is a service provided by Microsoft Corporation.

If we want to record online meetings, we will transparently inform you in advance and – if necessary – ask for consent.

When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an online meeting, webinars and screen sharing.

The following personal data is subject to processing:

  • User details: e.g. display name, email address if applicable, profile picture (optional), preferred language.
  • Metadata of the online meeting: e.g. date, time, meeting ID, phone numbers, location.

Text, audio and video data: You may have the option of using the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time through the Microsoft Teams app.

We use Microsoft Teams to conduct online meetings webinars and screen sharing. Teams is a service of the microsoft.com domain, including all subdomains (sub-sites), and for all Microsoft websites and services.

Provider in the sense of §5 TMG: 

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052-6399

USA

Universal Business Identifier: 600 413 485

Authorized representative: Benjamin O. Orndorff

Tel.: +49 (0) 1806 – 67 22 55

You can contact the Microsoft Corporation representative in the EU or the UK:
https://privacy.microsoft.com/de-de

You may also contact the WPNO Privacy Officer by sending an email to Datenschutz@wpno.com.

(3) Legal basis for data processing

Insofar as personal data of employees of WPNO GmbH Wirtschaftsprüfungsgesellschaft are processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Microsoft Teams, Art. 6 (1) lit. f GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of online meetings.

For the rest, the legal basis for data processing when conducting online meetings is Art. 6 (1) lit. b GDPR, insofar as the meetings are conducted in the context of contractual relationships.

Should no contractual relationship exist, the legal basis is Art. 6 (1) lit. f GDPR. Here, too, our interest is in the effective conduct of online meetings.

(4) Purpose of data processing

We use the Microsoft Teams tool to conduct online meetings, video conferences, telephone conferences and webinars (hereinafter collectively “online meetings”).

(5) Duration of storage

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

(6) Recipients / forwarding of data

Personal data processed in connection with participation in online meetings will generally not be passed on to third parties unless it is intended to be passed on. Please note that content from online meetings, as well as face-to-face meetings, is often used to communicate information with customers, prospects, or third parties and is therefore intended for disclosure.

The Microsoft Teams provider necessarily obtains knowledge of the above data to the extent provided for under our order processing agreement with Microsoft.

k. Data processing in relation to an existing or future clients

(1) Person responsible
The responsible party for data processing is WPNO GmbH Wirtschaftsprüfungsgesellschaft, to whom you have addressed your inquiry or with whom you have concluded a mandate agreement. If personal data relating to you is transmitted to us by third parties, WPNO GmbH Wirtschaftsprüfungsgesellschaft is the company that is the recipient of your personal data. The contact details of the responsible party can be found above under point 1a.

(2) Purposes of data processing
If you contact us within the scope of an attorney-client relationship or in order to enter into an attorney-client relationship, your personal data transmitted with the inquiry will be stored by us. We process the personal data that are required for the establishment and implementation of the client relationship. In particular, this includes your first and last name and your contact details as well as other data required for the execution of the mandate, depending on the type and scope of the mandate granted or still to be granted.

If your personal data is transmitted to us by third parties in relation to an existing or future mandate, the data processing serves the purpose of carrying out the mandate. If your personal data are transmitted to us because our client is considering asserting claims against you or because he anticipates that claims could be asserted against him, the data processing shall furthermore serve the purpose of asserting, exercising or defending legal claims.

(3) Legal basis
The legal basis for the processing of data is, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR, insofar as you are our client or provide us with your personal data for the purpose of entering into a future client relationship. The processing of this data serves to fulfill a contract or is necessary for the implementation of pre-contractual measures.

If your personal data is transmitted to us by third parties in relation to an existing or future mandate, in particular by our clients, the legal basis for processing the data is also, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR if the subject of our mandate is the conclusion of a contract with you, the assertion of claims arising from a contract or advice in relation to these items. On the other hand, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR: The data processing serves to safeguard the legitimate interests of our client, which may lie in particular in the assertion, exercise or defense of legal claims.

(4) Criteria for the storage period
We store your data until the termination of the mandate plus the retention obligations existing under professional law and otherwise.

In all other respects, the information under point 1. g. shall apply.

l. Online meetings, webinars and screen sharing via ZOOM

(1) Person responsible

WPNO GmbH Wirtschaftsprüfungsgesellschaft is responsible under data protection law for data processing directly related to the conduct of online meetings.

Responsible

is the person responsible for data processing:

The contact details of the data controller can be found above under point 1. a.

Insofar as you call up the Zoom website, the Zoom provider is responsible for data processing. However, a call to the Internet site is only necessary for the use of Zoom in order to download the software for the use of Zoom. If you do not want to or cannot use the Zoom application, you can also use Zoom via your web browser. The service will then also be provided via the Zoom website to that extent.

(2) Description and scope of data processing

If we want to record online meetings, we will transparently communicate this to you in advance and – if necessary – ask for consent.

When using Zoom, various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an online meeting.

The following personal data are subject to processing:

  • User details: e.g. display name, email address if applicable, profile picture (optional), preferred language.
  • Metadata of the online meeting: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: You may have the option of using the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Zoom application.

We use Zoom through Host in Bremen- Germany to conduct online meetings. Zoom is a service of the

Provider in the sense of §5 TMG:

Zoom Video Communications, Inc.
Attention: Data Privacy Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113, USA

You can contact the Zoom representative in the EU or the UK:

Lionheart Squared Ltd
Attn: Data Privacy
2 Pembroke House
Upper Pembroke Street 28-32
Dublin
DO2 EK84
Republik lrland
E-Mail: zoom@LionheartSquared.eu

Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
Fordingbridge
Hampshire
SP6 1QX
Vereinigtes Königreich
Contact: zoom@LionheartSquared.co.uk

You may also contact Zoom’s Privacy Officer by sending an email to privacy@zoom.us .

You may also contact the WPNO Privacy Officer by sending an email to Datenschutz@wpno.com.

If we want to record online meetings, we will transparently communicate this to you in advance and – if necessary – ask for consent.

When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an online meeting.

The following personal data is the subject of the processing of a Zoom:

What personal data do we receive?

Personal data is any information from or about an identified or identifiable individual, including information that Zoom can attribute to an individual. When you use or interact with Zoom products, we may collect or process the following categories of personal data on behalf of our customers:

  • Account information: Information associated with an account that licenses Zoom products, such as the administrator’s name, contact information, account ID, billing information, and subscription information.
  • Profile and Subscriber Information: Information associated with the Zoom profile of a user using Zoom Products under a licensed account or provided by an unlicensed attendee joining a meeting, such as name, display name, picture, email address, phone number, job information, specified location, user ID, or other information provided by the user or their account holder.
  • Contacts and Calendar Integrations: Contact information added by accounts or their users to create contact lists on Zoom products, which may include contact information that a user integrates from a third-party app. Users can also integrate their calendars from other services into their Zoom profile or Zoom account.
  • Preferences: Information associated with the preferences and settings of a Zoom account or user profile, such as audio and video settings, file recording location, screen sharing settings, and other settings and configuration information.
  • Registration Information: Information people provide when registering for a Zoom meeting, webinar, or recording, such as name and contact information, answers to registration questions, and other registration information requested by the host.
  • Device Information: Information about the computers, phones, and other devices that people use when interacting with Zoom products, such as speaker, microphone, camera, operating system version, hard drive ID, PC name, MAC address, IP address (which can be used to infer location generally at the city or country level), device attributes (such as operating system version and battery level), Wi-Fi information, and other device information (such as Bluetooth signals).
  • Meeting, webinar, and chat content and context: content generated in meetings, webinars, or chats hosted on Zoom Products, such as audio, video, in-event messages, chat message content, transcripts, written feedback, survey responses and Q&A, files, and associated context, such as invitation details, meeting or chat name, or meeting agenda. Depending on account owner settings, what you’ve shared, your preferences, and what you do in Zoom products, content may include your voice and image.
  • Product and website usage: information about how people and their devices interact with Zoom products, such as. : when attendees join and leave a meeting; whether attendees have sent messages and with whom they exchange messages; performance data; mouse movements, clicks, keystrokes or actions (such as mute/unmute or video on/off); and other user inputs that help Zoom understand feature usage, improve product design, and suggest features; Which third-party apps users add to a meeting or other product, and what information the app is allowed to access and perform actions on; usage of third-party apps and the Zoom App Marketplace; features used (such as screen sharing, emojis, or filters); and other usage information and metrics. This also includes information about when and how people visit and interact with Zoom’s websites, including the pages they viewed, their interaction with website features, and whether or not they registered for a Zoom product.
    Communications with Zoom: Information about your communications with Zoom, including in connection with support issues, your account, and other inquiries.
  • Information from Partners: Zoom receives information about account holders and their users from third-party companies, such as market data preparers, such as information about an account holder’s business size or industry, contact information, or the activity of certain enterprise domains. Zoom may also obtain information from third-party advertising partners that provide advertisements displayed on Zoom products, such as whether you clicked on an advertisement displayed by those advertising partners.

How do we use personal data?

Zoom employees do not access meeting, webinar, or chat content (including, but not limited to, audio, video, files, and messages) unless directed to do so by an account holder or as required for legal or security reasons, as described below. Zoom uses personal information for the following activities:

  • Providing Zoom Products and Services: To provide products, features, and services to account holders, their users, and those they invite to participate in meetings and webinars conducted on their accounts, including to customize Zoom product features and recommendations for accounts or their users. Zoom also uses personally identifiable information, including contact information, to forward invitations and messages to recipients when individuals send invitations and messages using Zoom products. This may also include the use of personal information for customer support, which may include access to audio and video, files and messages at the direction of the account holder or their users. We also use personal information to administer our relationship and contracts with account holders, including for billing, compliance with contractual obligations and related administrative activities.
  • Product Research and Development: to develop, test and improve Zoom products, including, for example, content-related features (such as background filters), and to troubleshoot products and features.
  • Third Party Marketing, Promotions and Advertising: To enable Zoom and/or its third party marketing partners to market, promote and advertise Zoom products, features and services, including based on your product usage, information we receive from third party partners or, if you visit our websites, information about how and when you visit and interact with them. We may also use cookies or similar technologies, including from third-party advertising partners, to display advertisements to you in Zoom products about third-party products, services or destinations. Zoom does NOT use meeting, webinar, or chat content (including, without limitation, audio, video, files, and messages) for third-party marketing, promotions, or advertising purposes.
  • Authentication, Integrity and Security: To authenticate accounts and activities, detect malicious, harmful, unauthorized or illegal behavior or unsafe experiences, remediate security threats, protect public safety and secure Zoom products.
  • Communications with You: We use personal information (including contact information) to communicate with you about Zoom products, features, and services, including about product updates, your account, and changes to our policies and terms. We also use your information to respond to you when you contact us.
  • Legal Reasons: To comply with applicable laws or to respond to a valid legal order, including by law enforcement or other authorities; to investigate or assist in investigating the facts of legal proceedings, disputes or other contested legal proceedings; and to investigate potential violations of our Terms of Use or policies and enforce our rights.

Zoom uses advanced tools to automatically scan content such as virtual backgrounds, profile pictures, and files uploaded or shared via chat to detect and prevent violations of our terms or policies, as well as illegal or other harmful activity.

How do we share personal data?

Zoom will only disclose personal information to third parties with your consent or in one of the following circumstances (subject to your prior consent where required by applicable law):

  • Distributors: If an Account Holder has licensed or purchased Zoom Products from a third-party Zoom Products reseller, the reseller may be able to access personal data and content about users, including meetings, webinars, and messages hosted by the Account Holder.
  • Vendors: Zoom works with third-party service providers to provide, support, and enhance Zoom products and technical infrastructure, and for business services such as payment processing. Zoom may also work with third-party service providers to provide advertising and business analytics for Zoom products. These providers may access personal data subject to contractual and technical requirements to protect personal data. They may use this personal data solely for the purpose of providing services to Zoom or as required by law.
  • For legal reasons: Zoom may disclose personal information when necessary to: (1) comply with applicable laws or cooperate with, respond to, or investigate valid legal process or legal process, including by law enforcement or other authorities; (2) enforce or investigate its rights regarding potential violations of its Terms of Use or policies; (3) detect, prevent, or investigate potential fraud, abuse, or security concerns, including threats to public safety; (4) fulfill our corporate and social responsibility obligations; (5) protect our customers’ rights and property; and (6) resolve disputes and enforce contracts.
  • Marketing, Advertising and Analytics Partners: Zoom uses third-party marketing, advertising and analytics providers to compile statistics and analytics about the use of Zoom Products and our website, to provide advertising and marketing for Zoom Products, including targeted advertising based on your use of our website, and to display third-party advertising in Zoom Products to you. These third parties may be able to obtain information about your activities on Zoom’s website through third-party cookies placed on Zoom’s website. To opt out of our use of third-party cookies that share data with these partners, visit our cookie management tool, which you can find Cookie Preferences. To the extent required for legal reasons, Zoom will first ask for your consent before conducting the marketing or promotional activities described.
  • Affiliated Companies: Zoom shares personal information with affiliated companies such as Zoom Voice Communications, Inc. to provide integrated and consistent experiences across all Zoom products (e.g., to enable a user to integrate a Zoom Phone call with a meeting) and to detect, investigate and prevent fraud, abuse and public safety threats.
  • Change of Control: We may disclose Personal Information to actual or potential acquirers, their representatives and other relevant participants in or during negotiations for a sale, merger, acquisition, reorganization or change of control involving all or a portion of Zoom’s business or assets, including in connection with a bankruptcy or similar proceeding.

Who can see and share my personal data when I use Zoom?

When you send messages through Zoom or participate in meetings and webinars on Zoom, other people and organizations, including third parties outside of the meeting, webinar or message, may see content and information shared through you:

  • Account Holder: An account holder is the organization or person who registers for a Zoom account. Typically, an account owner designates one or more people (called an “administrator”) who can manage their account and grant permissions to users on the account. Depending on his or her license with Zoom, the Account Owner may authorize additional users on his or her account, and the Account Owner may create and/or access profile information for all users on his or her account. The account owner and their users can invite others (including guests who are not on their account) to meetings or webinars hosted on their account.Zoom provides controls and features that allow account owners to specify whether certain types of content, such as recordings or messages sent outside of the meeting, can be created or sent, and which third-party apps can be used for meetings and webinars hosted on their account. Depending on their settings, account holders and their designees may have access to personal information about people who attend meetings and webinars or send messages to users through their account. Specifically, account holders may have access to the following information:
    • Account Usage:
      • Product usage: information about how people and their devices interact with their account, such as who sent messages to their users in chat, email addresses, IP addresses, device information, and other information about who joined meetings or webinars on their account, whether users viewed or downloaded a recording, how long people attended their meetings, the time a message was sent, information about Zoom Phone integrations, and other usage information and feedback metrics.
      • Attendee list: Information about participants in a Zoom meeting, webinar, or chat, such as name, display name, email address, phone number, and participant or user ID.
    • Registration Information: Information provided when registering for a webinar, meeting, or recording conducted through the account.
    • Zoom Chat Out-of-Meeting Messages: When enabled in the account, account holders can see who has sent and received out-of-meeting messages to users on their account, along with information about the message (e.g., date and time and number of participants). Depending on their settings, account owners can also see sender and recipient information and other chat data, as well as the content of messages sent to and from users on their account, unless the account owner has enabled advanced chat encryption.
    • In-Meeting/Webinar Messages: Depending on their settings, account holders may be able to see sender and recipient information and the content of messages sent to and from users on their account under the following circumstances:
      • Messages sent to Everyone in a meeting that is being recorded.
      • Messages sent to panelists in a webinar that is being recorded.
      • Direct messages, if the account owner has enabled archiving
    • Recordings: Account holders can view the content of recordings of meetings and webinars conducted on their account. They can also view a transcript of an audio meeting if this feature is enabled.
    • Surveys, Q&A, and Feedback: Account holders can see information about who provided responses to their surveys, Q&A, or requests to provide feedback following meetings or webinars, including name and contact information, along with responses or feedback, unless the responses are submitted anonymously.
  • Meeting hosts and attendees: Hosts and other meeting attendees may be able to see your email address, display name, and profile picture. Meeting hosts and attendees may also see meeting content, audio transcripts, messages sent to “All” or to them directly, and files, whiteboards, or other information shared during a meeting, and (depending on the account owner’s settings) record or save them. Hosts may also be able to see Q&A responses and surveys created during the meeting.
  • Discussants and webinar participants: During a webinar, only panelists may be visible to participants, but participants who agree to be unmuted may be heard by other participants. If an attendee agrees to become a panelist during a webinar, they may be visible to other attendees depending on their settings. Discussants and participants may be able to see the name of a participant who asks a question during a Q&A, along with their question, unless the participant submits the question anonymously.
  • Livestreams: hosts of meetings and webinars can choose to livestream to a third-party website or service, which means that anyone who has access to the livestream can watch the meeting or webinar.
  • Third-party apps and integrations: 
    • Account holders can choose to add third-party apps to their account and the Zoom products they use, including through the use of the Zoom App Marketplace, and they can also control whether their users can add and use certain third-party apps, including in meetings, webinars, and chats hosted on their account. Depending on their settings, Account Owners and their users and guests may share your personal information and content with third-party apps and integrations that they approve, which may include all of the personal information listed above that is available to Account Owners, hosts, and attendees, such as account information, profile and contact information, registration information, attendee list, settings, content, product usage, and device information.
    • Other meeting attendees may be able to see the third-party app that you use in a meeting if the third-party app receives real-time features and information from the meeting.
    • Third-party developers may also integrate or embed Zoom Meetings into their website or app experiences, or create versions of Zoom that allow access to Zoom products through a third-party app.
    • Personal data shared by account holders and users with third-party apps and integrations is subject to the terms and privacy policies of the app developers, not Zoom, when collected and processed.

Data protection rights and choices

If you are located in the European Economic Area (EEA), Switzerland or the United Kingdom, or are a California resident, please see the relevant sections below. Otherwise, at your request and as required by law, we will:

  • Inform you of what personal information we have about you that is under our control;
  • amend or correct that personal data or any privacy settings you have previously selected, or direct you to the appropriate tools; and/or
  • delete that personal data or direct you to the appropriate tools.

To exercise your rights in relation to the personal data controlled by Zoom, please click here. To the extent permitted by law, we may refuse to process unreasonably frequent or systematic requests or requests that require disproportionate technical effort or jeopardize the privacy of others. As an account holder or user of a licensed account, you can also influence your personal data by logging into your account and changing your personal data yourself

Retention

We retain personal information for as long as is necessary for the uses described in this Privacy Policy, unless a longer retention period is required by applicable law.

The criteria used to determine our retention periods include the following:

  • The period of time during which we maintain an ongoing business relationship with you and provide our Zoom Products to you (e.g., as long as you have an account with us or use our products);
  • Whether account holders change information or their users delete information about their accounts;
  • The legal requirement to retain the information (e.g., certain laws require us to retain records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (e.g., in light of enforcing our contracts, resolving disputes and applicable statutes of limitations, legal proceedings or government investigations).

Information related to data protection in Europe

Rights of the data subjects

If you are in the EEA, Switzerland or the United Kingdom, your rights in relation to your personal data processed by us as a data controller include, in particular:

  • Right of access and/or portability: You have the right to access any personal data we hold about you and, in certain circumstances, to have that data made available to you so that you can provide it to another provider or “port” it;
  • Right to erasure: In certain circumstances, you have the right to have personal data we hold about you erased (for example, if it is no longer needed for the purposes for which it was originally collected);
  • Right to object to processing: In certain circumstances, you have the right to request that we stop processing your personal data and/or sending you marketing communications;
  • Right to rectification: you have the right to request us to rectify inaccurate or incomplete personal data;
  • Right to restrict processing: you have the right to request that we restrict the processing of your personal data in certain circumstances (for example, if you believe that the personal data we hold about you is not accurate or is not being held lawfully).

To exercise your rights, please click here. If you have other questions about our use of your personal information, please send a request to one of the addresses listed in the Contacts section of this Privacy Policy. Please note that we may ask you for additional information to confirm your identity and to ensure that you are authorized to access the relevant personal data.

You also have the right to lodge a complaint with a data protection authority. To obtain further information, please contact your local data protection authority.

Legal basis for the processing of personal data

We will only use your information in a lawful manner, fairly and in a way that is understandable to you. When Zoom, as a data controller, processes personal data of individuals in regions such as the EEA, Switzerland and the United Kingdom, we rely on the following legal bases applicable in your jurisdiction, depending on the type of personal data and factual context:

  • To the extent necessary for our contract: If we enter into a contract directly with you, we process your personal data on the basis of our contract to create and enter into the contract and to perform and administer our contract (i.e., providing Zoom’s products, features, and services to account holders, their users, and those they invite to participate in meetings and webinars hosted on their accounts, and administering our relationship and contract, including billing, compliance with contractual obligations, and related administrative matters). If we do not process your personal data for these purposes, we may not be able to provide you with all of our products, features and services;
  • In accordance with certain revocable consents: We rely on your previously given consent to use cookies and advertising and analytics partners to provide tailored advertising and analyze the use of our website. You are entitled to withdraw your consent at any time by visiting our cookie management tool, which you can find Cookie Settings;
  • To comply with our legal obligations: We process your personal data to comply with legal obligations to which we are subject, to comply with EEA laws, regulations, codes of practice, guidelines or rules applicable to us, and to respond to requests from and otherwise communicate with relevant EEA authorities and other agencies and judicial authorities. This includes detecting, investigating, preventing and stopping fraudulent, harmful, unauthorized or illegal activities (“fraud and abuse detection”) and complying with data protection laws;
  • To protect our fundamental interests and those of others: We process certain personal information to protect fundamental interests, to detect and prevent illegal activities that affect fundamental interests and public safety, including child sexual abuse materials; and
  • Where necessary for our (or others’) legitimate interests, unless your interests or fundamental rights and freedoms requiring the protection of personal data override those interests: We process your Personal Data on the basis of these legitimate interests (i) to enter into and perform the contract with the Account Holder and/or the Distributor providing the Products to you (this includes billing, compliance with contractual obligations and related administration and support); (ii) to develop, test and improve our Products and to troubleshoot products and features; (iii) to ensure the authentication, integrity, security and safety of accounts, activities and products, including detecting and preventing malicious behavior and violations of our terms and policies, to prevent or investigate bad or unsafe experiences and to remediate security threats; (iv) to send marketing communications, advertisements and offers in connection with the Products; and (v) to comply with applicable laws, regulations, rules, policies or rules outside the EEA applicable to us and to respond to requests from competent public, governmental, judicial or other regulatory authorities outside the EEA and for other communications to such regulatory authorities and to fulfill our corporate and social responsibility obligations to protect our rights and property and those of our customers, resolve disputes and enforce agreements.

International data transmission

Zoom operates globally, which means that Personal Data may be transferred, stored (e.g., in a data center), and processed outside of the country or region where it was originally collected, where Zoom or its service providers have customers or facilities – including in countries where meeting attendees or account holders who host meetings or webinars you attend or receive messages you send are located.

By using Zoom products or providing personal information for any of the above purposes, you acknowledge that your personal information may be transferred to or stored in the United States, where we are based, as well as other countries outside the EEA, Switzerland and the United Kingdom. These countries may have different data protection laws than your country.

Regardless of where it is processed, we will protect your personal data in accordance with this Privacy Policy and will take reasonable contractual or other steps to protect your personal data in accordance with applicable law. If personal data is transferred from users in the EEA, Switzerland or the United Kingdom to a recipient located in a country outside the EEA, Switzerland or the United Kingdom whose level of data protection is not considered adequate, we will ensure that the transfer is governed by the European Commission’s standard contractual clauses. Please contact us if you require further information in this regard.

Privacy Rights in California

California Consumer Privacy Act

Under the California Consumer Privacy Act of 2018 (CCPA), California residents may have the following rights:

  • Access the categories and specific portions of personal data collected by Zoom, the categories of sources from which the personal data was collected, the business purpose(s) for collecting the personal data, and the categories of third parties with whom Zoom has shared personal data;
  • Erasure of personal data under certain conditions; and
  • Refusal to “sell” personal data. We do not sell your personal data in the traditional sense. However, like many companies, we use advertising services that attempt to tailor online advertisements to your interests based on information collected about your online activities through cookies and similar technologies. This is referred to as “interest-based advertising.” The legal definition of “sale” in the CCPA is broad and may include interest-based advertising. You can get more information and opt out of the use of cookies on our sites for interest-based advertising by clicking on theDo not sell my personal information link, also on our homepage, and setting your preferences. You mustSet your preferences on each device and web browser on which you wish to opt out of the use of your data. This feature uses a cookie to store your preferences. So if you delete all cookies from your browser, you will need to reset your settings.

Zoom will not discriminate against you if you exercise any of these rights. This is also consistent with your rights under the CCPA.

To exercise your rights, please click here or call us at +1-888-799-9666. To opt-out of the use of cookies on our Sites for interest-based advertising, follow the instructions above.

We will acknowledge receipt of your request within 10 business days and provide you with a substantiated response within 45 calendar days or notify you in writing of the reason and the extension period (up to 90 days).

Under CCPA, only you or an authorized representative may make a request regarding your personal information. Note that we must verify your identity in order to respond to your request for access or to delete personal information under CCPA. We may do so by requesting that you log into your Zoom account (if any), provide information related to your account (which will be cross-checked against information we have, such as profile information), provide an affidavit of your identity, and/or provide additional information. You may authorize an authorized representative to submit your verified consumer application by providing written authorization and proof of identity, or by providing proof of a power of attorney.

California “Shine the Light” Law

California Civil Code Section 1798.83, also known as the “Shine The Light” law, allows California residents to annually request information about the disclosure of your personal information (if any) to third parties for their direct marketing purposes during the previous calendar year. We do not disclose personal information to third parties for their direct marketing purposes.

California Privacy Rights

California Consumer Privacy Act

Nach dem California Consumer Privacy Act of 2018 (CCPA) haben Einwohner Kaliforniens die folgenden Rechte:

  • Access to the categories and specific pieces of personal information Zoom collects, the categories of sources from which the personal information was collected, the business purpose(s) for collecting the personal information, and the categories of third parties with whom Zoom shared personal data;
  • Deletion of personal data under certain conditions; and
  • Refusal to “sell” personal information. We do not sell your personal information in the traditional sense. However, like many companies, we use advertising services that attempt to tailor online advertisements to your interests based on information collected via cookies and similar technologies about your online activities. This is known as “interest-based advertising”. The legal definition of a sale in the CCPA is broad and may include interest-based advertising. You can obtain more information and opt-out of the use of cookies on our interest-based advertising pages by clicking the Do not sell my personal information Do not sell my personal information link, also on our home page, and setting your preferences. You need to

Set your preferences on any device and web browser where you wish to opt out of having your data used. This feature uses a cookie to save your preferences. So if you delete all cookies in your browser, you will need to reset your settings.

Zoom will not discriminate against you for exercising any of these rights. This is also your rights under the CCPA.

To exercise your rights, please click here or call us at +1-888-799-9666. To opt-out of the use of cookies on our interest-based advertising pages, follow the instructions above.

We will acknowledge receipt of your request within 10 business days and provide you with an informed response within 45 calendar days or inform you in writing of the reason and the extension period (up to 90 days).

Under the CCPA, only you or an authorized representative can make a request related to your personal information. Note that we need to verify your identity in order to respond to your request to access or delete personal information under the CCPA. We may do this by asking you to log into your Zoom account (if you have one), provide information relating to your account (which will be checked against information we have, e.g. profile information), an affidavit of yours identity and/or provide additional information. You may authorize an authorized agent to submit your verified consumer application by providing written authorization and proving your identity, or by proving a power of attorney.

California Shine the Light Law

California Civil Code Section 1798.83, also known as the “Shine The Light” statute, permits California residents to obtain information annually about the disclosure of your personal information (if any) to third parties for their direct marketing purposes in the preceding year request calendar year. We do not share personal information with third parties for their direct marketing purposes.

Legal basis for data processing

Insofar as personal data of employees of WPNO GmbH Wirtschaftsprüfungsgesellschaft are processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Zoom, Art. 6 (1) lit. f GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of online meetings.

For the rest, the legal basis for data processing when conducting online meetings is Art. 6 (1) lit. b GDPR, insofar as the meetings are conducted in the context of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 (1) lit. f GDPR. Here, too, our interest is in the effective conduct of online meetings.

(3) Purpose of data processing

We use the Zoom tool to conduct online meetings, video conferences, telephone conferences and webinars (hereinafter collectively “online meetings”).

(4) Duration of storage

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

(5) Recipients / forwarding of data

Personal data processed in connection with participation in online meetings will generally not be passed on to third parties unless it is intended to be passed on. Please note that the content of online meetings, as well as face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure.

Zoom’s provider necessarily obtains knowledge of the above data to the extent provided for under our contract processing agreement with Zoom.

m. Data processing in relation to an existing or future client

(1) Person responsible
The responsible party for data processing is WPNO GmbH Wirtschaftsprüfungsgesellschaft, to whom you have addressed your inquiry or with whom you have concluded a mandate agreement. If personal data relating to you is transmitted to us by third parties, WPNO GmbH Wirtschaftsprüfungsgesellschaft is the company that is the recipient of your personal data. The contact details of the responsible party can be found above under point 1a.

(2) Purposes of data processing
If you contact us within the scope of an attorney-client relationship or in order to enter into an attorney-client relationship, your personal data transmitted with the inquiry will be stored by us. We process the personal data that are required for the establishment and implementation of the client relationship. In particular, this includes your first and last name and your contact details as well as other data required for the execution of the mandate, depending on the type and scope of the mandate granted or still to be granted.

If your personal data is transmitted to us by third parties in relation to an existing or future mandate, the data processing serves the purpose of carrying out the mandate. If your personal data are transmitted to us because our client is considering asserting claims against you or because he anticipates that claims could be asserted against him, the data processing shall furthermore serve the purpose of asserting, exercising or defending legal claims.

(3) Legal basis
The legal basis for the processing of data is, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR, insofar as you are our client or provide us with your personal data for the purpose of entering into a future client relationship. The processing of this data serves to fulfill a contract or is necessary for the implementation of pre-contractual measures.

If your personal data is transmitted to us by third parties in relation to an existing or future mandate, in particular by our clients, the legal basis for processing the data is also, on the one hand, Art. 6 (1) sentence 1 lit. b GDPR if the subject of our mandate is the conclusion of a contract with you, the assertion of claims arising from a contract or advice in relation to these items. On the other hand, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR: The data processing serves to safeguard the legitimate interests of our client, which may lie in particular in the assertion, exercise or defense of legal claims.

(4) Criteria for the storage period
We store your data until the termination of the mandate plus the retention obligations existing under professional law and otherwise.

In all other respects, the information under point 1. g. shall apply.

n. Podcasts

(1) Person responsible

WPNO GmbH Wirtschaftsprüfungsgesellschaft is responsible under data protection law for data processing directly related to the performance of podcast.

Responsible

is the person responsible for data processing:

The contact details of the data controller can be found above under point 1. a.

Provider in the sense of §5 TMG:

Podigee GmbH
Geschäftsführer: Mateusz Sojka
Schlesische Straße 20
10997 Berlin
Deutschland

Registry Court: Amtsgericht Berlin (Charlottenburg)
Registration number: HRB 200793 B

Privacy policy

https://www.podigee.com/de/ueber-uns/datenschutz?hsLang=de

Insofar as you call up the Podigee website, the Podigee provider is responsible for data processing. However, a call to the internet page is only necessary for the use of Podigee in order to download the software for the use of Podigee. If you do not want to or cannot use the Podigee application, you can also use Podigee via your web browser. To that extent, the service will then also be provided through Podigee’s website.

We use hosting and analytics services provided by service providers to offer our audio content for listening or downloading and to obtain statistical information on the retrieval of the audio content.

Types of Data Processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors), conversion measurement (measurement of the effectiveness of marketing measures), profiles with user-related information (creation of user profiles).

Services used and service providers:

Podigee: Podigee – music and podcast hosting; service provider: Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany; website: https://www.podigee.com/de; Privacy Policy: https://www.podigee.com/de/about/privacy/.

Spotify: Spotify – music hosting and widget; service provider: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; website: https://www.spotify.com/de; Privacy Policy:: https://www.spotify.com/de/legal/privacy-policy/.

Notes on legal bases: If we ask for consent to use the cloud services, the legal basis of the processing is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the cloud services has been agreed within this framework. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient and secure management and collaboration processes)

Types of data processed: inventory data (e.g., names, addresses), contact data (e.g., e-mail, phone numbers), content data (e.g., entries in online forms), usage data (e.g., web pages visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects: Customers, employees (e.g., employees, applicants, former employees), prospective customers, communication partners.

Purposes of processing: office and organizational procedures.

Legal basis: consent (Art. 6 para. 1 p. 1 lit. a. GDPR), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Services used and service providers:

Google Cloud Services: cloud storage services; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website:https://cloud.google.com/; Privacy Policy: https://www.google.com/policies/privacy, Safety instructions: https://cloud.google.com/security/privacy; Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): https://cloud.google.com/terms/data-processing-termshttps://cloud.google.com/terms/data-processing-terms.

You may also contact the Pogidee Privacy Officer by sending an email to:

Herting Oberbeck Datenschutz GmbH
Hallerstr. 76
20146 Hamburg
E-mail: datenschutzbeauftragter@podigee.com
Website: https://www.datenschutzkanzlei.de

You may also contact the WPNO Privacy Officer by sending an email to Datenschutz@wpno.com.

(2) Legal basis for data processing

Insofar as personal data of employees of WPNO GmbH Wirtschaftsprüfungsgesellschaft are processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If in connection with the use of personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Podigee, Art. 6 (1) lit. f GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of Podcast.

For the rest, the legal basis for data processing in the performance of podcast is Art. 6 (1) lit. b GDPR, insofar as the podcasts are performed in the context of contractual relationships.

Should no contractual relationship exist, the legal basis is Art. 6 (1) lit. f GDPR. Here, too, our interest is in the effective performance of podcasts.

(3) Purpose of data processing

We use the Podigee tool to perform podcasts (hereinafter collectively “podcast “).

(4) Duration of storage

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

(5) Recipients / forwarding of data

Personal data processed in connection with participation in podcast will generally not be disclosed to third parties unless it is intended for disclosure. Please note that podcast content, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

The podcast provider necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with Pogidee.

Cologne, December 2024