1. An Overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator.
Notice concerning the party responsible (Art. 4 (7) GDPR)
The party responsible for processing data on this website is:
knk Customer Engagement GmbH
Meßberg 1 20095 Hamburg
Phone: +49 (0)431) 57 97 2-0
You will find more information on the Legal Notice page.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about the respective personal data as well as correction or deletion or restriction of the processing or a right of objection against the processing as well as the right of data portability. You can contact us at any time using the contact data (responsible party) given above if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities (Independent Center for Privacy Protection Schleswig-Holstein, Kiel).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Right to data portability
You have the right to have data which we processed based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company.
TASCO Revision und Beratung GmbH
Herr Sami Abbas
Telefon: +49 611 9491 2224
4. Data collection on our website
To enable anonymous use of our blog, we deliberately refrain from logging or storing IP addresses in full form. Your IP address is transmitted anonymously to our server and used there in the anonymized form to detect attacks on the blog. Our Google Analytics and Matomo also receive only a pseudonymized form of their IP address from us to provide us with statistics for our blog.
In the case of comments, we do not record the IP address at all.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
When visiting the website for the first time, a cookie notice will appear that allows you to make a cookie choice. When clicking on the button “Accept all cookies”, you accept the use of third party cookies, tracking cookies and session cookies on this website and their storage on your computer. When choosing the button “Only allow necessary cookies”, you will only allow session cookies and the cookie for saving the cookie settings on your computer.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data due to legitimate interest on the basis of IT security and website operation.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission. This excludes linked businesses.
We will, therefore, only process any data you enter onto the contact form only with your consent per Art. 6 DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Please note that if you do not provide data that might be necessary for the processing we might not be able to process your request or only process it partially.
Data protection for applications and in the application process
We collect and process the personal data of applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, by e-mail. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of handling the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will generally be deleted six months after notification of the rejection decision. Please note that failure to provide data that may be necessary for processing may mean that we are unable to process your application.
5. Microsoft Bookings
We use the Microsoft Bookings service (https://www.microsoft.com/de-de/microsoft-365/business/scheduling-and-booking-app) of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (in the following: “Microsoft”) to make appointments online. To make an appointment, your entries in the appointment form are transferred to Microsoft. You can find further information on the handling of your data in the Microsoft data protection declaration (https://privacy.microsoft.com/de-de/privacystatement).
We process the following personal data from you:
- Telephone number
- E-mail address
- Size of the company
- Form of communication (phone, video call)
- Reason for your request
- Your free text
- Time of appointment request and agreed date
This data is necessary for contacting you in order to best manage the appointment with you and organize it in coordination with you. We process the data to confirm the appointment and to contact you. The legal basis for processing your data is Art. 6 para. 1 lit. a DSGVO (consent). You have the right to revoke your consent at any time with effect for the future without giving reasons, even partially. You can address your revocation to the e-mail address stated in the imprint of this website.
Non-consent will preclude you from making appointments via Microsoft Bookings. Alternatively, you can send an e-mail to the e-mail address stated in the imprint of this website with the request to contact us directly.
We delete your data as soon as the purpose of collection ceases to apply.
This is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. If, as a result of the contact, a contract is concluded or a relationship similar to a contract arises from which mutual rights and obligations can arise, we delete the data when it is clear that there are no longer any rights and obligations arising from this relationship. This is regularly the case after expiry of the relevant limitation period, which is three years. If there are legal obligations to retain data (e.g. under tax or commercial law), we delete the data after this retention period has expired.
6. Adobe Typekit Web Fonts
Type and Purpose of processing
Adobe Typekit Web Fonts are used in the interest of a consistent and appealing presentation of our online offers across devices, improved loading times that benefit you, and a smaller administrative effort to keep our website up to date. This presents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.
Duration of storage, possibility of objection and elimination
We do not collect any personal data by including Adobe Typekit web fonts. You can set your browser to not load the fonts from Adobe servers (for example, by installing add-ons such as NoScript or Ghostery). If your browser does not support Adobe fonts, or if you disable access to Adobe servers, the website text is displayed in your system’s default font.
7. iThemes Security
Type and purpose of processing
The use of iThemes Security is in the interest of a secure use of our website and serves the stability of our server as well as the protection of users from infiltrated malware, Trojans, etc.. The plugin protects our website from technical attacks and unauthorized access attempts. The legal basis is a legitimate interest according to Art. 6 para. 1 lit. f DSGVO in the collection and processing of the IP address by “iThemes Security”.
Duration of storage, possibility of objection and elimination
Attempts to access the administrative area are stored in our database together with the IP address for 7 days and are then deleted. In case of multiple unlawful access attempts, the IP is stored and blocked beyond this period. The IP addresses used for the check are used by “iThemes Security” only for this purpose. The brute force protection refers only to the administrative area of our website and therefore does not affect the use of our website outside the protected area.