Data Protection and Privacy Notice

Below you will find our data protection information, which applies to our website https://rueterpartner.com/en/, in accordance with Section 5 and Section 13 of the German Telemedia Act (TMG), Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR).

We inform you about the processing of your personal data by us and the rights and claims to which you are entitled on the basis of data protection regulations.Translated with DeepL.com (free version)

1. Responsible party for data processing

Rüter und Partner Steuerberatungsgesellschaft mbB
Prielmayerstraße 3
80335 Munich

Phone +49 89 55 25 36-0
Fax +49 89 55 37 81
E-Mail info@rueterpartner.de

2. Sources and data for the processing of personal data

We receive and process personal data that you have provided to us, for example via our contact form, or that we obtain through the use of our website or social media.
‍
This may include the following types of data:
- Inventory data (name, address).
- Contact data (email, telephone numbers).
- Content data (text entries, photographs, videos).
- Usage data (websites visited, interest in content, access times).
- Meta/communication data (device information, IP addresses).
‍
We may also process other data comparable to the categories mentioned above.

Data is also stored in server log files, which are collected and automatically stored by the provider and mostly transmitted to us by your browser. These are:
‍
- Referrer URL
- Host name of the accessing computer
- Date and time of the server request
- Name of the requested file
- Page from which the corresponding file was requested
- Web browser and operating system used
- (Full) IP address of the requesting computer
- Amount of data transferred
‍
We may process other data comparable to the categories mentioned above.
The legal basis for the temporary storage of this data or the log files is Art. 6 para. 1 lit. f) GDPR. We collect the listed data to ensure a smooth connection to the website and to enable users to use our website comfortably. The log file is used to evaluate system security and stability and for administrative purposes.
We currently offer the following social media channels:
‍
- Kununu
- LinkedIn
‍
The legal basis for retrieving data when using social media is Art. 6 para. 1 lit. f) GDPR. Through the use of social media, we can retrieve statistical usage data from the respective social media company. This may include information about page views and activities, visits to individual articles, videos, and services, etc.

3. Hosting

We use the following hosting provider for our website:
Cloudflare Germany GmbH
Rosental 7, c/o Mindspace
80331 Munich
‍
Contact:
Phone: +49 (89) 26207202
Email: support@cloudflare.com‍
‍https://www.cloudflare.com/

‍We have concluded a data processing agreement with Cloudflare Germanay GmbH. As the parent company Cloudflare, Inc. is a US company, we would like to point out that data transfer to the USA cannot be completely ruled out. Cloudflare, Inc. is currently DPF certified.
‍
We use the following hosting services: infrastructure and platform services, computing capacity, storage space, database services, security services, and technical maintenance services for the purpose of operating the online offering. We process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR in conjunction with Art. 28 GDPR in order to be able to provide you with an efficient and secure online offer. The hosting provider collects data about every access to the server on which this service is located (so-called server log files). The logged data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider. This log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum period of XX days and then deleted. Data that needs to be stored for further evidence purposes is excluded from deletion.

The privacy policy of the hosting provider can be found here: https://www.cloudflare.com/nl-nl/privacypolicy/
‍
4. Purpose of processing and legal basis

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Where necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. We collect the data listed above to ensure a smooth connection to the website and to enable convenient use by users. The log file is used to evaluate system security and stability and for administrative purposes. We also store your data for technical security reasons, in particular to defend against attempts to attack our web server.
‍
Examples in this context:
‍
- Provision of the online offer, its functions and content,
- Responding to contact requests and communicating with users,
- Reviewing and optimizing procedures for needs analysis and direct customer contact;
- Advertising or market and opinion research, e.g., through the use of cookies, provided you have not objected to the use of your data;
- Assertion of legal claims and defense in legal disputes;
- Ensuring IT security and IT operations;
- Measures for business management and further development of services and products.

Social media companies use your usage behavior to create so-called usage profiles, which are used to place advertisements. Cookies are usually stored on your computer for this purpose.The lawfulness of the processing of personal data for specific purposes (e.g., transfer of data to third parties, evaluation of data for marketing purposes) is based on your consent, provided that you have given us your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Consent that has been given can be revoked at any time.

We would like to point out that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
‍
If you have given the social media companies consent to a specific data processing, the processing is carried out on the legal basis of Art. 6 para. 1 lit. a) GDPR. We are also subject to legal requirements. Insofar as data is processed in connection with this, this is done exclusively on the basis of legal regulations.

5. Relevant legal basis
‍
- Consent, Art. 6 (1) (a) and Art. 7 GDPR;
- To fulfill our services and carry out contractual measures as well as respond to inquiries, Art. 6 (1) (b) GDPR;
- To fulfill legal obligations, Art. 6 (1) (c) GDPR;
- in the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR;
- for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Art. 6 para. 1 lit. e GDPR;
- to protect legitimate interests, Art. 6 para. 1 lit. f GDPR.
‍
The processing of data for purposes other than those for which it was collected is governed by the provisions of Art. 6 para. 4 GDPR. The processing of special categories of data (in accordance with Art. 9 para. 1 GDPR) is governed by the provisions of Art. 9 para. 2 GDPR.

6. Data transfer

Within the company, only those departments that need your data to fulfill our contractual and legal obligations will receive it. Processors employed by us (Art. 28 GDPR) may also receive data for the purposes mentioned above. These are companies in the categories of IT services, telecommunications, consulting, and sales and marketing.

When transferring data to recipients outside the company, please note that we only pass on your data if this is permitted or required by law, if we have your consent, or if we are authorized to provide information. Recipients of personal data in this context may include public authorities and institutions (e.g., public prosecutors, police, supervisory authorities) if there is a legal or official obligation to do so.

7. Data transfer to third countries

Data will only be transferred to third countries or abroad if this is required by law, if you have given us your consent, or if this is necessary for the execution of our social media services. If required by law, we will inform you separately about further details.
‍
The EU-U.S. Data Privacy Framework can now be used as the legal basis for data transfers to US companies. The US companies we use are predominantly companies that are DPF-certified. If a US company we use is not DPF-certified, we will, where possible, ensure that an adequate level of data protection in accordance with European data protection law is maintained by means of appropriate contracts (e.g., EU standard contractual clauses). You will be informed of this separately in the privacy policy. When you visit our social media sites, we point out that data about you as a user may be processed outside the EU.

8. Use of cookies

Our website uses cookies that are stored by your browser on your device and contain certain settings for using the website (e.g., for the current session). If personal data is also processed by individual cookies implemented by us, processing is carried out in accordance with Art. 6 (1) lit. b) GDPR either for the performance of the contract or in accordance with Art. 6 (1) lit. f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted after you close your browser. Other cookies remain stored on your device until you delete them or the storage period expires. These cookies enable us to recognize your browser when you next visit our website.
‍
Some cookies are used to simplify website processes by storing settings (e.g., retaining previously selected options).
‍
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. If cookies are deactivated, the functionality of this website may be restricted.
‍
You can declare a general objection to cookies used for online marketing purposes via the US website http://www.aboutads.info/choices/ or via the EU website http://www.youronlinechoices.com/.
‍
You can also deactivate the storage of cookies in your browser settings. Please note that in this case, you may not be able to use all the functions of this online offer.

a. Google APIS

We use Google APIS on our website. The data controller responsible for processing your information depends on your usual place of residence, unless otherwise specified in the privacy policy of a specific service:
‍
Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, for users of Google services who are resident in the European Economic Area or Switzerland.
‍
Processing also takes place in a third country for which no adequacy decision has been made by the Commission. Therefore, the level of protection required by the GDPR cannot be guaranteed during transmission, as it cannot be ruled out that authorities in the third country may have access to the data collected. Therefore, the transfer of personal data is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR. We use Google APIS to be able to load additional Google services on the website. Google APIS is a collection of interfaces for communication between the various Google services used on your website. The following data is collected for processing: IP address. You can revoke your consent at any time by changing the settings made via our cookie banner.

Further information can be found in Google's privacy policy at: https://policies.google.com/privacy

b. Gstatic

We use the Gstatic service provided by Google on our website. The data controller responsible for processing your information depends on your usual place of residence, unless otherwise specified in the privacy policy of a particular service:
‍
Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, for users of Google services who are resident in the European Economic Area or Switzerland.
‍
The processing takes place in a third country for which no adequacy decision has been made by the Commission. Therefore, the level of protection required by the GDPR cannot be guaranteed during the transfer, as it cannot be ruled out that authorities in the third country may have access to the data collected. The legal basis for the transfer of your personal data is your consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR. Gstatic is a service used by Google to retrieve static content in order to reduce bandwidth usage and preload required catalog files.
‍
You can withdraw your consent at any time by changing the settings made via our cookie banner. For more information on withdrawing your consent, please refer to Google's privacy policy at: https://policies.google.com/privacy

c. Google Fonts

We integrate fonts (“Google Fonts”) into our online offering. The data controller responsible for processing your information depends on your usual place of residence, unless otherwise specified in the privacy policy of a particular service:
‍
Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, for users of Google services who have their habitual residence in the European Economic Area or Switzerland.
Google Fonts are only integrated on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR via our cookie banner.
‍
Google collects data such as:- the browser,- the website visited by the user,- the user's operating system,- the user's screen resolution- the user's IP address, and- the browser's language settings.
‍
Privacy policy: https://policies.google.com/privacy?hl=de&fg=1
‍Opt-out: https://adssettings.google.com/authenticatedGoogle

9. Cloudfront

We use the Content Delivery Network (CDN) Amazon CloudFront from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to increase the security and delivery speed of our website.
A CDN is a network of servers distributed [worldwide] that is capable of delivering optimized content to website users. For this purpose, personal data may be processed in AWS server log files.
‍
AWS is the recipient of your personal data and acts as a processor on our behalf. We process your data on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR. You have the right to object to the processing. Whether the objection is successful must be determined in the context of a balancing of interests.
‍
The processing of the data specified in this section is neither required by law nor contractually required. The functionality of the website cannot be guaranteed without this processing.
‍
Your personal data will be stored by AWS for as long as necessary for the purposes described.
Further information on your rights to object and to request erasure from AWS can be found at: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf
‍
AWS has implemented compliance measures for international data transfers. These apply to all global activities in which AWS processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Amazon is currently DPF certified.
Further information can be found at: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
10. Bootstrap CDN - jsdelivr
‍
We integrate the CSS framework Bootstrap from LLC. NetDNA, 3575, Cahuenga Blvd Suite 630, Los Angeles, CA90068, USA (hereinafter: Bootstrap CDN) into our website in order to optimally display the content we offer on different end devices and to reduce the loading speeds of our website.
‍
Bootstrap CDN is a public content delivery network (CDN) for the provision of content. Users of Bootstrap CDN can load CSS, JavaScript, and images remotely from their servers. The use or integration of Bootstrap CDN is necessary for the purposes mentioned above to protect our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If JavaScript is enabled in your browser and no (Java) script blocker is installed, your browser will transmit personal data (e.g., your IP address and browser) to Bootstrap CDN when loading our site. The provider's privacy policy can be found at https://www.bootstrapcdn.com/privacy-policy/

11. Social media links

We use the following social media links on our website to our profiles:
‍
a. kununu
‍We operate a Kununu page at: https://www.kununu.com/de/rueter-und-partner-steuerberatungsgesellschaft1
‍
New Work SE (New Work SE Am Strandkai1 20457 Hamburg) is solely responsible for the processing of personal data when you visit our Kununu profile. Kununu is an online employer review portal and, like Xing, is part of New Work SE. This means that the information provided above regarding Xing also applies to our Kununu profile. 
‍
Further information on data processing can be found at: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence on the type and scope of data processed by NEW WORK SE, the type of processing and use, or the transfer of this data to third parties. We also have no effective means of control in this regard. When you use Xing, your personal data is collected, transferred, stored, disclosed, and used by NEW WORK SE and, regardless of your place of residence, transferred to other countries, stored there, and used.

12. Contact and email enquiries

If you send us inquiries via the contact form or email, your details from the inquiry form or your email, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. The provision of an email address and your name is required for contact purposes. This data will not be passed on without your consent. We process your data on the legal basis of our legitimate interest in responding to your inquiries in accordance with Art. 6 para. 1 lit. f) GDPR and, if applicable, Art. 6 para. 1 lit. b) GDPR, provided that your inquiry is aimed at concluding a contract. After processing your request, your data will be deleted unless there are legal obligations to retain it. You can object to the processing of your data at any time in the case of Art. 6 para. 1 lit. f) GDPR.

Newsletter
By subscribing to our newsletter, you agree to receive it and to the procedure described below. Newsletters, emails, and other electronic notifications containing advertising information will only be sent with the consent of the recipient or with legal permission.
‍
Registration for our newsletter is done by using a double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone else from registering with a different email address. Subscriptions to the newsletter are logged in order to be able to verify the registration process in accordance with legal requirements. For this purpose, the time of registration and confirmation, as well as the IP address, are logged. Changes to your data stored by the mailing service provider are also logged. To subscribe to the newsletter, simply provide your email address. Optionally, you can provide a name for personalization in the newsletter. The newsletter is sent and its success measured on the basis of the recipient's consent in accordance with Art. 6 (1) lit. a) GDPR or on the basis of the legal permission in accordance with § 7 (3) UWG. The registration process is logged on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that meets the expectations of users and allows us to prove consent. The newsletter can be canceled at any time. A link to cancel the newsletter can be found at the end of each newsletter.
‍

13. Apply via Personio or by email

We use Personio for our application process. This database is operated and managed by Personio SE & Co.KG, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). We have concluded a data processing agreement with Personio SE & Co.KG in accordance with Art. 28 GDPR. Your data will be stored exclusively on ISO-certified servers in Germany.
‍
The data submitted as part of your application will be transmitted via TLS encryption and stored in a database.
‍
If you apply for an open position or submit an unsolicited application via the online application system on our website or by email, you voluntarily provide personal data and information (first name, last name, email address, telephone number, and any attachments such as your resume, cover letter, etc.).
The application process requires you to provide us with certain personal data about yourself.
The data required for the application process are:
- Name (first and last name)
- Email address
- Availability
- Cover letter (as a file upload)
- Resume (as a file upload)
‍
You can also provide additional information on a voluntary basis. This includes, for example, your telephone number, address, date of birth, etc. If you provide this information, we will also collect and process it.
If you send us an unsolicited application directly by email, the encryption depends on your email service provider.
‍
Only authorized employees of the company have access to your data for the purpose of filling a vacant position.
‍
We process applicant data only for the purpose of conducting the application process in accordance with legal requirements. The processing of applicant data is carried out to fulfill our (pre)contractual obligations within the framework of the application process in accordance with Art. 6 para. 1 sentence 1 lit. b. GDPR and Art. 6 para. 1 sentence 1 lit. f. GDPR, insofar as data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, § 26 BDSG applies in addition).
‍
Your data will be stored exclusively for the above-mentioned purpose of conducting the application process.
Subject to a legitimate revocation by the applicant, the storage period is 6 months for applications for specific job vacancies, beginning with the date of rejection. This is necessary in order to answer any follow-up questions regarding the application process and to comply with our documentation obligations under the Equal Treatment Act.
‍
In the case of unsolicited applications, your data will be stored for operational and organizational purposes for a period of 12 months from the date of receipt of the application.
The above statements apply in principle to applications for training positions within the company. This period may be extended to 12 months from the date of rejection with your written consent. In this case, storage is based on Art. 6 (1) lit. a GDPR.
‍
Invoices for any travel expenses incurred during the application process will be archived in accordance with tax regulations and deleted after the expiry of the statutory requirements. After the period for storing your data in the application process has expired, all your personal data will be automatically anonymized by our system. Anonymization does not allow any conclusions to be drawn about your identity. The meta data generated by anonymization may be used by us for statistical evaluation (e.g., number of applications per period, etc.).
‍
Further information can be found in Personio's privacy policy at: https://www.personio.de/ueber-uns/datenschutz/
‍
‍14. Administration, financial accounting, office organization, contact management

We process data within the scope of administrative tasks and the organization of our business, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The legal basis for processing is Art. 6 (1) lit. c) GDPR and Art. 6 (1) lit. f) GDPR. Customers, interested parties, business partners, and website visitors are affected by the processing. The purpose of the processing is administration, financial accounting, office organization, archiving of data, performance of our tasks, and provision of our services. To ensure this, data is passed on to the financial administration, consultants (e.g., tax advisors or auditors) and other fee collection agencies and payment service providers. Based on our business interests, information about suppliers, event organizers, and other business partners is also stored for the purpose of possible future contact.

15. Contractual services

In order to provide our contractual and pre-contractual services to our contractual partners, interested parties, other clients, customers, clients, or contractual partners, we process data in accordance with Art. 6 (1) lit. b) GDPR. We process master data of our contractual partners (e.g., names and addresses), contact details (e.g., email addresses and telephone numbers), contract data (e.g., services used, contract content, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history). We do not process special categories of personal data as a matter of principle, but only if they are part of commissioned or contractual processing. We process the data that is necessary for the establishment and fulfillment of the contractual services. Data is only disclosed to external persons and companies if this is necessary within the scope of a contract. When processing data provided to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements. If our online services are used, we may store the IP address and the time of the respective user action. This storage is based on our legitimate interest, as well as the interest of the user in protection against misuse and other unauthorized use.

16. Duration of storage of personal data
‍
To the extent permitted by law, we process and store your personal data, in particular for as long as this is necessary to fulfill the respective purposes and there are no legal retention obligations that prevent deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies in particular to data that must be retained for commercial or tax reasons. Due to legal requirements, books, records, management reports, accounting documents, and documents relevant for taxation pursuant to Sections 147 (1) of the German Fiscal Code (AO) and Sections 257 (1) No. 1 and 4, (4) of the German Commercial Code (HGB) are retained for 10 years. A six-year retention period applies to commercial letters in accordance with Section 257 (1) No. 2 and 3, (4) HGB.

17. Your rights

We would like to inform you of your rights as a data subject vis-à-vis the controller with regard to the processing of your personal data in accordance with the General Data Protection Regulation:

a. Right of information
pursuant to Art. 15 GDPR, to request information about your personal data processed by us.
‍
b. Right to rectification
‍pursuant to Art. 16 GDPR, to request the immediate rectification of inaccurate personal data stored by us or the completion of your personal data.

c. Right to erasure
‍pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right of freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

d. Right to restriction of processing
‍pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.
‍
e. Right to data portability pursuant to Art. 20 GDPR
‍You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller, provided that this is technically feasible.
‍
f. Right to lodge a complaint
‍You can lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which we are based or, if applicable, your usual place of residence or workplace.

‍g. Right of withdrawal
You can withdraw your consent already given in accordance with Art. 7 para. 3 GDPR. You also have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
‍
h. Right to object
‍You may, for reasons arising from your particular situation, object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) of the General Data Protection Regulation (data processing based on a balancing of interests). This also includes profiling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. The objection can be made informally and should be addressed to the above address if possible.

‍
18. Obligation to make data available

When using the Internet or social media, you only need to provide personal data that is necessary for use or that we are legally obliged to collect. Without this data, meaningful use may be restricted or impossible.

19. External links

Should links to other websites exist, we have no influence or control over the linked content and the data protection provisions there. We recommend that you check the privacy policies of these websites when you visit them to determine whether and to what extent personal data is collected, processed, used, or made available to third parties.