Data privacy statement
LKC respects your privacy and takes the protection of your data very seriously, so we comply with the statutory data protection provisions as a matter of course. This data privacy statement will inform you about our data protection provisions and measures, as well as the decisions you are entitled to make as part of informational self-determination regarding how your information will be collected and used online. You can easily retrieve this statement in the footer of any page of our online services.
1. Name and contact data for the controller of the processing and for the data protecion officer
This data privacy information applies to data processing through:
The controller's data protection officer is:
Mr. Milomir Mikulovic, Data Security GmbH, Bodenseestr. 12, 83059 Kolbermoor, email: firstname.lastname@example.org
The law firms and companies listed on this website under locations are each responsible for their concerns for data processing, with the responsible persons and contact details listed in the respective imprint.
Mr. Dominik Mikulovic, Data Security GmbH, Bodenseestr. 12, 83059 Kolbermoor, email: email@example.com, is the data protection officer for those responsible for the following law firms and companies:
- BRG Treuhand- und Steuerberatungsgesellschaft mbH
- LKC Rosenheim Steuerberatungsgesellschaft und Rechtsanwaltsgesellschaft mbH
- LKC Schebitz Stock Winterstein Ecker & Partner Steuerberatungsgesellschaft mbB
- LKC Tegernsee Steuerberatungsgesellschaft KG
- Datag Steuerberatungsgesellschaft KG
- LKC Robl & Kollegen Steuerberatungsgesellschaft mbH
- LKC Schrödinger Leeb-Wittmann Steuerberatungsgesellschaft mbH & Co. KG
- LKC Löwenau & Partner Steuerberatungsgesellschaft
- W & P – Treuhand GmbH Steuerberatungsgesellschaft
- LKC Kellerer Steuerberatungsgesellschaft mbH
- LKC Dr. Kräußlein & Kollegen GmbH Steuerberatungsgesellschaft
- LKC Rechtsanwaltsgesellschaft mbH
- LKC Analytics GmbH
Mr. Milomir Mikulovic, Data Security GmbH, Bodenseestr. 12, 83059 Kolbermoor, email: firstname.lastname@example.org, is the data protection officer for those responsible for the following law firms and companies:
- LKC Bauer, Konold & Kollegen Steuerberatungsgesellschaft, Rechtsanwaltsgesellschaft mbH
- LKC Kemper Czarske v. Gronau Berz GbR (Sozietät)
- LKC Rauch und Kollegen Steuerberatungsgesellschaft mbH & Co. KG
- LKC Dr. Schoberer & Kollegen GbR
- LKC TREUBEG mbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft
- LKC Weichselgärtner Brockschmidt GmbH Steuerberatungsgesellschaft
Due to their size (no data protection officer), those responsible for data protection are direct contact persons for tdata protection at the law firms and companies listed below:
- LKC Jordan GmbH & Co. KG
- LKC Transaction GmbH
- LKC Dr. Ruso & Partner Steuerberatungsgesellschaft
- W & P GmbH Wirtschaftsprüfungsgesellschaft
- LKC Ziegler & Partner Steuerberatungsgesellschaft
2. Collecting and storing personal data, and the type and purpose of their use
When you access our website www.lkc.de, information will be sent to our website’s server automatically, through the browser used on your end device. This information will be temporarily stored in a log file. In so doing, the following information will be recorded without any action on your part and stored until it is deleted automatically:
- IP address of the inquiring computer,
- Date and time of access,
- Name and URL of the accessed file,
- Website from which the access is made (referrer URL),
- The browser you are using, possibly your computer’s operating system, and the name of your access provider.
We will process the aforementioned data for the following purposes:
- To guarantee that the website’s connection setup runs smoothly,
- To guarantee that our website can be used comfortably,
- To evaluate system security and stability, and
- For additional administrative purposes.
The legal basis for storing the data and the log files temporarily is Art. 6(1)(1)(f) GDPR. We collect those data to be able to display the website for you and guarantee that our IT systems are secure. To do so, we must collect those data to operate our website.
All aforementioned data will be erased when you end your session on our website.
Possibility for objection and rectification
For the LKC site to be operated, data must be collected so the LKC website can be provided and those data must be stored in log files. To that extent, no possibility for objection exists.
3 Contact form and email
If you have any questions, please contact us via a form provided on the LKC website. To do so, you must give us your name and a valid email address so we will know where the inquiry comes from and how to answer it. You may provide us with other information voluntarily.
Data and purpose of the processing
The following data will be collected and transmitted to us: Your name, your email address, the subject, and your message.
When the message is sent, the following data will be stored as well: your IP address, the date and time at which the message was sent.
As an alternative, contact can be made via the email address provided. In this case, your personal data transmitted along with the email will be stored.
Processing the personal data from the input mask serves the exclusive purpose of helping us process the contact that is made. Making contact through email also constitutes the required legitimate interest in processing those data.
The other personal data processed during the sending procedure serve to prevent misuse of the contact form and ensure the security of our IT systems.
In this context, the data will not be forwarded to third parties. The data will be used exclusively to process the conversation.
Legal basis for data processing
Data processing for the purpose of contacting us occurs in accordance with Art. 6(1)(1)(a) GDPR based on your voluntarily granted consent.
The data will be erased when they are no longer needed to attain the objective of their collection. Personal data from the input screen of the contact form and those which were sent via email will be erased when the respective conversation with you has ended. The conversation will end when circumstances reveal that the situation concerned has been resolved conclusively.
Possibility for objection and rectification
If you contact us via email, you may object at any time to having your personal data stored. In such a case, the conversation cannot be continued. In this case, all personal data that were stored when contact was established will be erased.
Information related to the specific end device used is placed in the cookie. But this does not mean that we are directly informed of your identity.
Legal basis for data processing
The data processed through cookies are necessary for the aforementioned purposes of protecting our legitimate interests and those of third parties under Art. 6(1)(1)(f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a notice will always appear before a new cookie is placed. But deactivating cookies completely might prevent you from using all of our website’s functions.
Possibility for objection and rectification
You may withdraw your consent at any time. By changing your browser settings, you can deactivate or restrict the transmission of cookies and delete cookies that have been stored.
5. Analysis tools
We implement the tracking measure “Google Analytics” ,listed in the following, on the legal basis of Art. 6(1)(1)(f) GDPR. We use that measure to make sure we continually optimise our website and give it a needs-based design. We also use the tracking measure to record the use of our website statistically and to evaluate our optimisation of our services for you. These interests are deemed legitimate for the purpose of the aforementioned provision.
The data processing purpose and data categories are revealed by the appropriate tracking tool.
To continually optimise our websites and give them a needs-based design, we use Google Analytics, a web analysis service of Google Ireland Limited. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”), who works for us as a processor.
The following data will be collected:
- browser type and version,
- operating system used,
- referrer URL (the previously visited site),
- hostname of the accessing computer (IP address),
- time of server request,
The IP address transmitted as part of Google Analytics will not be pooled with other Google data. We have also extended Google Analytics on this website by the code “anonymizeIP”. This guarantees that your IP address will be masked so that all data will be collected anonymously. This means that your IP address will be truncated in advance within EU Member States or other Contracting Parties to the EEA Agreement. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of this website’s operator, Google will use this information to evaluate how you use the website, compile reports about website activities, and render additional services for the website operator which are connected with the use of the website and the internet.
These purposes also include our legitimate interest in data processing. The legal basis for the use of Google Analytics is Art. 6(1)(1)(f) GDPR. For the exceptional cases in which personal data are transmitted to the USA, Google participates in the EU-US Privacy Shield.
Sessions and campaigns will end after a certain period of time has elapsed. Sessions will normally end after 30 minutes and campaigns after six months. The maximum time limit for campaigns is two years. You will find more information about usage conditions and data privacy under https://www.google.com/analytics/terms/de.html or https://policies.google.com
You can prevent cookies from being stored by adjusting your browser software, but if you do, you might not be able to use all of this website’s features to their full extent.
You can also prevent Google from collecting and processing the data generated by the cookie regarding your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on (especially for browsers on mobile end devices), you can prevent Google Analytics from collecting data by clicking this link:
An opt-out cookie will be placed, which prevents your data from being recorded when you visit our website in the future: The opt-out cookie applies only in this browser, and only for our website, and is placed on your device. If you delete the cookies in this browser, you must reset the opt-out cookie. (You will find information on embedding the opt-out cookie under: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable).
You can find additional information about data privacy in connection with Google Analytics in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de).
6. Inclulsion of Google Maps
We use the services of Google Maps on individual pages of this website. This means we can show you interactive maps directly on the website and enable you to use the map function comfortably.
When you visit the website, Google is informed that you have accessed the respective subpage of our website. In addition, the data named under item 5 of this declaration will be transmitted. This will occur regardless of whether Google provides a user account into which you are logged, or whether a user account exists.
If you are logged in with Google, your data will be assigned directly to your account. To keep this from happening, you must log out of Google before activating the button. Google will store your data as a usage profile and use it for advertising, market research, or to design its website based on user needs. In particular, such an assessment will be made to render needs-based advertisement (even for users who are not logged in). You may contact Google to object to this user profile being formed.
For additional information about the purpose and scope of the data collection and how the plug-in’s provider will process the data, please read that provider’s data privacy statement. There you can also obtain additional information about your rights in this regard, and options for adjusting your settings to protect your privacy: http://www.google.de/intl/de/policies/privacy.
Google also processes your personal data in the USA and participates in the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
7. Use of script libraries (web fonts)
To present our content correctly and make it visually appealing in all browsers, we use script libraries and font libraries such as Google web fonts (https://www.google.com/web fonts/). Web fonts are transmitted to avoid multiple loading in your browser’s cache. If the browser does not support web fonts or prohibits access, content will be shown in a default font.
The retrieval of script libraries or font libraries automatically triggers a connection to the library’s operator when the font is reloaded. As part of this process, it is theoretically possible for operators of such libraries to collect data, although it is currently unclear if this takes place or for what purposes. All the web fonts used on this website are hosted locally and loaded by our web server (located in Germany), which prevents a data connection to the service provider.
You will find the data privacy guidelines of Google’s library operator here: https://www.google.com/policies/privacy/
You can subscribe to the free newsletter of the LKC Group on our internet site. When you register for the newsletter, the data from the input screen will be transmitted to us.
Data and purpose of processing
To provide you with the LKC Group’s newsletter, we need your name and email address. They will be used only to provide our newsletter.
In addition, the following data will be collected during the registration. The IP address of the accessing computer, as well as the date and time.
To process the data, your consent will be obtained during the registration procedure and this data privacy statement will be referred to.
Data processed to send newsletters will not be forwarded to third parties. Your email address will be collected only to provide you with the newsletter. Other personal data are collected during the registration process only to prevent misuse of the services or the email address used and verify the “double opt-in” procedure.
Legal basis for data processing
If data are processed after you have registered for the newsletter and your consent has been obtained, the legal basis is Art. 6(1)(1)(a) GDPR.
Your email address will be stored as long as the subscription to the newsletter is active.
The other personal data collected during the registration process will normally be erased after 12 months from the last use of the email distribution. The time limit will begin on expiry of the year in which you are no longer to receive the newsletter (e.g. from the revocation of your consent).
Transmission to a service provider
We use the external service provider Cleverreach GmbH & Co. KG, Muehlenstr. 43, 26180 Rastede, to process your data whilst distributing the newsletter. We have selected them carefully and commissioned them in writing. They are bound by our instructions, and we regularly monitor them. The service provider will not forward your data to third parties without your consent. The information so collected will be stored by the newsletter’s provider (Cleverreach GmbH & Co. KG, Muehlenstr. 43, 26180 Rastede) in computer centres located exclusively in Europe.
Possibility for objection and rectification
You can cancel your subscription to the newsletter, or object to receiving it, at any time. Every newsletter contains a link for this purpose.
9. Use of social media components and plug-ins
We use social media plug-ins from the social networks Facebook and Xing, to make our website and our company more well known (on the legal basis of Art. 6(1)(1)(f) GDPR). The underlying advertising purpose is deemed a legitimate interest as defined by the GDPR. The provider of the respective operation is responsible for ensuring that operation complies with data protection law.
Our website uses components and plug-ins of the social network facebook.com. facebook.com is operated by Facebook Inc., Hacker Way, Menlo Park, CA 94025, USA (in the following: “Facebook”). If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
You can identify those plug-ins by the Facebook logo (white “F” on a blue tile), by the “thumbs up” symbol, or by buttons labelled “LIKE” or “SHARE”. This is a Facebook service. Whenever you access a page from our internet presence which contains such a plug-in, your browser establishes a direct connection with Facebook’s servers. Facebook will transmit the plug-in’s contents directly to your browser, which incorporates them into the website. By incorporating the plug-in, Facebook is informed that your browser has accessed the page of our internet presence in question, even if you don’t have a Facebook account or are not logged into Facebook. This information (including your IP address) will be transmitted from your browser directly to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook can assign your visit to our website to your Facebook account. If you interact with the plug-in (by clicking the “Like” or “Share” buttons, for example), the appropriate information will be transmitted directly to a Facebook server and stored there. The information is also published on Facebook and shown to your Facebook friends, depending on your Facebook settings.
Facebook may use this information for advertisement, market research, or a needs-based design of the Facebook pages. To that end, Facebook creates usage, interest, and relationship profiles (e.g. to evaluate your use of our website regarding the ads Facebook inserts for you), to inform other Facebook users about your activities on our website, and to render additional services connected to the use of Facebook.
If you do not wish for Facebook to assign the data collected via our internet presence to your Facebook account, you must log out of Facebook before you visit our website.
You must consult Facebook’s data privacy notice to learn the purpose and scope of data collection, how Facebook will continue to process and use the data, your rights in the matter, and how to change your settings to protect your privacy (https://de-de.facebook.com/privacy/explanation ).
Our website uses components and plug-ins of the social network xing.com. xing.com is operated by Xing SE, Dammtorstrasse 30, 20354 Hamburg, Germany (hereinafter: “Xing”). Xing is a social network especially intended for business contacts.
You can identify the plug-ins from Xing by the buttons with the Xing logo or by the designation “XING”. This is a Xing service. By retrieving pages of this internet site on which Xing plug-ins have been integrated, your browser will establish a direct connection with Xing servers. Xing will transmit the plug-in’s contents directly to your browser, which incorporates them into the website. By incorporating the plug-in, Xing is informed that your browser has accessed the page of our internet presence in question. If you are logged into Xing with your own profile, Xing can assign your visit on our website, the subpages visited, and the length of your session, directly to your Xing account. This occurs whether or not you have used a Xing button. If you interact with the plug-in (by clicking the “Like” or “Share” button, for example), the appropriate information will be transmitted directly to a Xing server and stored there. The information is also published on Xing and shown to your Xing contacts, depending on your Xing settings.
If you do not wish for Xing to assign the data collected via our internet presence to your Xing account, you must log out of Xing before you visit our website.
10. Forwarding data
Your personal data will be forwarded to third parties only for the following purposes.
- If you have granted us your express consent to do so, or
- if those data must be forwarded to assert, exercise, or defend against legal claims and there is no reason to assume that you have an interest in the data not being forwarded that is worth protecting and takes precedence, or
- if we must transmit them due to a statutory obligation, or
- if the transmission is legally permissible and necessary to execute the contractual relationship.
11. Rights of the data subject
You have the right:
- under Art. 15 GDPR, to demand access to information about the personal data about you that we are processing. In particular, you may demand access to information about the processing purpose, the categories of personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage duration, the existence of rights to rectification, erasure, restriction of processing, objection, or complaint, the origin or your data (if those data were not collected by us), and information about the existence of an automated decision-making procedure, including profiling, and any meaningful information about its details;
- under Art. 16 GDPR, to demand that the personal data about you, which we have stored, be rectified or completed without undue delay if necessary;
- under Art. 18 GDPR, to demand the restriction of the processing of your personal data if you dispute its correctness, the processing is illegal, but you waive your right to have those data erased and we no longer need the data but you need them to assert, exercise, or defend against legal claims, or you have lodged an objection against their processing under Art. 21 GDPR;
- You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to which the personal data were provided, as long as
- a) the processing is based on consent in accordance with Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(1)(b) GDPR and
b) the processing occurs with the help of automated procedures.
- In exercising this right, you may also have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. Doing so must not impair the rights and freedoms of others.
The right to data portability does not apply if personal data must be processed to carry out a task in the public interest or in the exercise of public authority vested in the controller:
- under Art. 7(3) GDPR, to withdraw at any time a consent you have granted to us. This will mean that we must discontinue the data processing based on this consent;
- under Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can do so by contacting the supervisory authority where you normally live or work, or by contacting our company headquarters, if you believe that the processing of the personal data concerning you breaches the GDPR.
The supervisory authority to which the complaint is submitted will inform the complainant about the status and results of that complaint, including the possibility for judicial remedy under Art. 78 GDPR;
- You may demand from the controller that the personal data concerning you be erased without undue delay, and the controller will be obligated to do so provided one of the following grounds applies:
- a) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- b) You withdraw your consent, on which the processing is based under Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
- c) You object to the processing under Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing under Art. 21(2) GDPR.
- d) The personal data concerning you were processed unlawfully.
- e) The personal data concerning you must be erased to fulfil a legal obligation under EU or member state law to which the controller is subject.
- f) The personal data concerning you were collected in connection with information society services offered pursuant to Art. 8(1) GDPR.
Information to third parties
If the controller has publicised the personal data concerning you but is obligated under Art. 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not exist if the processing is necessary:
- a) to exercise the right to information and freedom of expression;
- b) to fulfil a legal obligation which requires the processing under EU or Member State law to which the controller is subject, or to carry out a task in the public interest or in the exercise of public authority vested in the controller;
- c) for reasons of the public interest in the area of public health under Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
- d) for archiving, scientific, or historical research purposes in the public interest, or statistical purposes under Art. 89(1) GDPR, insofar as the right mentioned in section a) is expected to prevent or seriously impair the realisation of the objectives of this processing, or
- e) to establish, exercise, or defend against legal claims.
- If you have asserted your right to rectification, erasure, or restriction of the processing toward the controller, that controller is obligated to communicate such correction or deletion of the data or restriction of its processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or would entail a disproportionate effort.
- You have the right to be informed by the controller about those recipients.
12. Right to object
If your personal data are being processed based on legitimate interests under Art. 6(1)(1)(f) GDPR, you have the right under Art. 21 GDPR to lodge an objection against the processing of your personal data if there are reasons arising from your particular situation or the objection is to direct marketing. In the latter case, you have a general right to object that we will implement without the need for any information about your particular situation.
If you would like to take advantage of your right of withdrawal or right to object, sending an email to email@example.com will be sufficient.
13. Data security
When you visit our website, we use the popular SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption your browser will support. This is normally 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit V3 technology instead. If an individual page of our internet presence is transmitted in encrypted form, the key or lock symbol in your browser’s lower status bar will be depicted as locked.
Apart from that, we take suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction and unauthorised third-party access. Our security measures are continually improved to keep up with technological advancements.
14. Updating and amending this data privacy statement
This data privacy statement was last revised in October 2019 and is currently valid.
It might be necessary to amend it due to refinements made to our website and services offered through it, or due to amended statutory or official regulations. You may access and print the current data privacy statement at any time, with the revision date, under https://lkc.de/en/privacy-policy/.