Privacy Policy

1. Introduction

In the following, we inform about the processing of personal data when using

• our website

Personal data is any data that can be related to a specific natural person, e.g. your name or IP address.

1.1 Contact data

The responsible party pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Pilgerrain Vermögenstreuhand GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft.


Am Pilgerrain 17
61352 Bad Homburg

We are legally represented by Ralph Haydu, Certified Public Accountant and Tax Advisorand Oliver Bösen, Tax Advisor.

1.2 Scope of data processing, processing purposes and legal bases

We detail the scope of data processing, processing purposes and legal bases below. In principle, the following come into consideration as the legal basis for data processing:

• Art. 6 para. 1 p. 1 it. a DSGVO serves as our legal basis for processing operations for which we obtain consent.

• Art. 6 para. 1 p. 1 lit. b DSGVO is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. if a site visitor purchases a product from us or we perform a service for him. This legal basis also applies to processing that is necessary for pre-contractual measures, such as in the case of inquiries about our products or services.

• Art. 6 para. 1 p. 1 lit. c DSGVO applies if we fulfill a legal obligation with the processing of personal data, as may be the case, for example, in tax law.

• Art. 6 para. 1 p. 1 lit. f DSGVO serves as the legal basis when we can invoke legitimate interests to process personal data, e.g. for cookies that are necessary for the technical operation of our website.

1.3 Data processing outside the European economic area (EEA)

Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed, insofar as (e.g. for the UK, Canada and Israel) existing, by adequacy decisions of the EU Commission (Art. 45 Ab. 3 DSGVO).

If no adequacy decision exists (e.g. for the USA), the legal basis for the data transfer is usually, i.e. unless we indicate otherwise, standard contractual clauses. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Art. 46 (2) lit. b DSGVO, they ensure the security of the data transfer. Many of the providers have given contractual guarantees that protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding an obligation on the part of the third party to notify data subjects if law enforcement agencies want to access data.

1.4 Storage period

Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for reasons of commercial or tax law.

1.5 Rights of the data subjects

Data subjects have the following rights in relation to us regarding the personal data concerning them:

• Right to information,

• Right to rectification or erasure,

• Right to restriction of processing,

• Right to object to processing,

• Right to data portability,

• Right to withdraw consent given at any time.

Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data.

1.6 Obligation to provide data

In the context of a business relationship or other relationship, customers, interested parties or third parties only have to provide us with the personal data that is required for the establishment, implementation and termination of the business relationship or for the other relationship, or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude a contract or provide a service, or will no longer be able to perform an existing contract or other relationship.

Mandatory data are marked as such.

1.7 No automatic decision making in individual cases

For the establishment and implementation of a business relationship or other relationship, we generally do not use fully automated decision-making pursuant to Article 22 DSGVO. Should we use these procedures in individual cases, we will inform about this separately if this is required by law.

1.8 Contact form

When contacting us, e.g. by e-mail or telephone, the data provided to us (e.g. names and e-mail addresses) will be stored by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 p. 1 lit. f DSGVO) to answer inquiries directed to us. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

2. Data processing on our website

2.1 Informational use of the website

During the informational use of the website, i.e. when site visitors do not separately transmit information to us, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

These data are:

• IP address

• date and time of the request

• time zone difference to Greenwich Mean Time (GMT)

• content of the request (concrete page)

• access status/HTTP status code

• amount of data transferred in each case

• website from which the request comes

• browser operating system and its interface

• language and version of the browser software.

These data are also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.

2.2 Web hosting and provision of the website

We host our website with STRATO. The provider is STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter: STRATO). When you visit our website, STRATO collects various log files including your IP addresses. For details, please refer to STRATO's privacy policy:

Die STRATO's use is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

2.3 Contact form

When contacting us via the contact form on our website, we store the data requested there and the content of the message. The legal basis for the processing is our legitimate interest in answering inquiries directed to us. The legal basis for the processing is therefore Art. 6 para. 1 p. 1 lit. f DSGVO.

We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations.

2.4 Job Postings

We publish vacancies that are available in our company on our website, on pages linked to the website or on third-party websites.

The processing of the data provided as part of the application is carried out for the purpose of implementing the application process. Insofar as this is necessary for our decision to establish an employment relationship, the legal basis is Art. 88 (1) DSGVO in conjunction with Section 26 (1) BDSG. We have marked the data required to carry out the application process accordingly or refer to them. If applicants do not provide this data, we cannot process the application.
Further data is voluntary and not required for an application. If applicants provide further information, the basis is their consent (Art. 6 para. 1 p. 1 lit. a DSGVO).

We ask applicants to refrain from providing information on political opinions, religious beliefs and similarly sensitive data in their CV and cover letter. They are not required for an application. If applicants nevertheless provide such information, we cannot prevent their processing as part of the processing of the resume or cover letter. Their processing is then also based on the consent of the applicants (Art. 9(2)(a) DSGVO).

Finally, we process the applicants' data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO.

We pass on the applicants' data to the responsible employees in the HR department, to our order processors in the area of recruiting and to the employees otherwise involved in the application process.

If we enter into an employment relationship with the applicant following the application process, we delete the data only after the employment relationship has ended. Otherwise, we delete the data no later than six months after rejecting an applicant.

If applicants have given us their consent to also use their data for further application procedures, we will not delete their data until one year after receipt of the application.

3. Modification of this privacy policy

We reserve the right to modify this privacy policy with effect for the future. A current version is always available here.

4. Questions and comments

If you have any questions or comments regarding this privacy policy, please feel free to contact us using the contact information provided above.