Notes on data processing
(As of 11/2020)
We implement the requirements of the European General Data Protection Regulation (GDPR) and other legal requirements for the protection of personal data. In particular, technical and organizational security measures are implemented that correspond to the current security standards.
With the following data protection information we inform you about the processing of personal data by MERKUR TAX Dambeck Großhauser Förster Partnerschaft mbB Steuerberater Wirtschaftsprüfer and sworn accountants as well as MERKUR AUDIT GmbH – Wirtschaftsprüfungsgesellschaft as part of our general business activities and for the purpose of providing services on a mandate basis and about the rights of those affected.
1. Contact details of the person responsible for processing
These data protection notices apply to data processing by (controller):
MERKUR TAX Dambeck Großhauser Förster Partnerschaft mbB
Tax advisor, auditor and sworn auditor
as well as the
MERKUR AUDIT GmbH – auditing company
Garmischer Strasse 8-10
D-80339 Munich
Telephone: 0049 89 5003750 and fax: 0049 89 5024137
Email: kanzlei@merkur-ta.de
Website: www.merkur-ta.de
2. Which personal data do we process?
The term “personal data” in this document means personal data as defined in Article 4 No. 1 GDPR. This is all information that relates to a person (a natural person) and with which this person can be directly or indirectly identified.
As part of our general business activities and for the purpose of providing services to our clients, we usually process not only contact details such as name, address, telephone number and e-mail address, but also information such as bank details and payment details, as well as further information on personal and professional relationships, if applicable. insofar as these play a role in the provision of services.
In many cases it is not possible or disproportionate to work with anonymized or pseudonymized data in the course of our activities. Due to legal professional requirements, we are obliged to process certain personal data of a person, e.g. to implement the obligations under the Money Laundering Act and professional independence requirements.
3. For what purpose do we process personal data and on what legal basis?
As an auditor / auditing company, we process personal data in the context of our general business activities and for the purpose of providing services to our clients in the areas of auditing, tax advice and management consulting (§ 2 WPO) on the basis of one of the following legal bases:
a) Fulfillment of contractual obligations (Article 6 Paragraph 1 Clause 1 Letter b GDPR)
The processing of personal data takes place for the execution of a contract or already when a contractual relationship is initiated with a natural person. The scope and details of the data processing result from the respective contract and, if applicable, the associated order conditions.
b) Fulfillment of legal requirements (Article 6 Paragraph 1 Clause 1 Letter c GDPR)
As an auditor / auditing company, we are subject to legal requirements, which may result in an obligation to process personal data (e.g. auditor regulations, professional statutes for auditors / sworn auditors, money laundering law). On the basis of these specifications, we are particularly obliged to properly store and document all services and to archive documents and work results in appropriate IT systems and, if necessary, also in paper form. In order to guarantee our independence, which is required under professional law, we carry out conflict checks when accepting an order, in which personal contact details are also processed.
c) Safeguarding legitimate interests (Article 6 Paragraph 1 Sentence 1 Letter f GDPR)
In the context of general business operations and for the purpose of providing services for our clients, we process personal data on the basis of a weighing of interests, provided that the legitimate interests of the persons concerned do not outweigh the interests. One of our specific interests lies primarily in the performance of contractual obligations towards our clients. We process personal data provided by clients only to the extent that this is actually necessary for the provision of the service.
In order to safeguard the legitimate interests of the persons affected by the data processing, it makes a significant contribution that we as auditors / auditing company and professional secrecy