Nexia Ebner Stolz

The Firm

Information about Data Protection for our Clients

I. Who is res­pon­si­ble for data pro­ces­sing and whom can I con­tact?

We are jointly res­pon­si­ble for the pro­ces­sing of your data on this web­site:

  • Ebner Stolz Mön­ning Bachem Wirt­schafts­prü­fer Steu­er­be­ra­ter Rechts­an­wälte Part­ner­schaft mbB
  • Ebner Stolz GmbH & Co. KG Wirt­schafts­prü­fungs­ge­sell­schaft Steu­er­be­ra­tungs­ge­sell­schaft
  • Ebner Stolz Mana­ge­ment Con­sul­tants GmbH
  • Dr. Ebner, Dr. Stolz Mana­ge­ment Sup­port GmbH

The con­tact details of these com­pa­nies ("Ebner Stolz") can be found on the legal noti­ces page of our web­site. To regu­late our data pro­tec­tion res­pon­si­bi­li­ties, these com­pa­nies have ente­red into an agree­ment, the essen­tial con­tent of which we will send to you by email upon requ­est.

If you have any ques­ti­ons about data pro­tec­tion, please con­tact our data pro­tec­tion offi­cer using the con­tact details below:

Ebner Stolz, Daten­schutz­be­auf­trag­ter, Kro­nen­straße 30, 70174 Stutt­gart, Email: daten­schut­z@eb­ner­stolz.de

II. Why is your data pro­ces­sed?

Ebner Stolz pro­ces­ses data in order to per­form the enga­ge­ment and fee agree­ments we enter into with our cli­ents, or to carry out pre-con­trac­tual mea­su­res. Ebner Stolz pro­ces­ses data for the fol­lo­wing pur­po­ses (depen­ding on the enga­ge­ment):

  • Legal, tax-rela­ted and mana­ge­ment con­sul­ting, busi­ness audits and spe­cial audits, finan­cial acco­un­ting, finan­cial sta­te­ment pre­pa­ra­tion
  • Rep­re­sen­ta­tion in admi­ni­s­t­ra­tive and court pro­cee­dings
  • Cor­res­pon­dence
  • Veri­fi­ca­tion of the iden­tity of our cli­ents, che­cking for con­f­licts of inte­rest and file crea­tion
  • Invoi­cing
  • Sett­ling and asser­ting poten­tial lia­bi­lity claims and other claims

The legal basis for the data pro­ces­sing is Art. 6(1b) of the Gene­ral Data Pro­tec­tion Regu­la­tion (GDPR). If you have given your con­sent, the legal basis is Art. 6(1a) of the GDPR. If you sub­mit spe­cial cate­go­ries of data to Ebner Stolz (Art. 9(1) of the GDPR), the legal basis is eit­her your con­sent (Art. 9(2a) of the GDPR) or Art. 9(1f) of the GDPR.

Ebner Stolz uses your data to send mar­ke­ting mate­rials and Christ­mas cards via the pos­tal sys­tem, and if you have pro­vi­ded us with your email address, to send email mar­ke­ting. The legal basis is Art. 6(1f) of the GDPR. We have a legiti­mate inte­rest in direct mar­ke­ting. You may object to the pro­ces­sing of your data for mar­ke­ting pur­po­ses at any time and free of charge, by sen­ding an email to info@eb­ner­stolz.de.

If necessary, Ebner Stolz also pro­ces­ses your data for pur­po­ses of con­trol­ling, inter­nal audits and IT admi­ni­s­t­ra­tion. The legal basis is Art. 6(1f) of the GDPR. Ebner Stolz has a sig­ni­fi­cant inte­rest in com­p­lying with legal requi­re­ments and ensu­ring the secu­rity of its IT sys­tems.

Ebner Stolz may pro­cess your data to ful­fill legal obli­ga­ti­ons under Art. 6(1c) of the GDPR for the fol­lo­wing pur­po­ses:

  • Pre­ven­tion of money laun­de­ring under §§ 10 ff., 23 of the Money Laun­de­ring Act
  • Sto­rage of docu­ments rela­ted to enga­ge­ments, finan­cial acco­un­ting and busi­ness records (see Sec­tion III).

III. How long is data sto­red?

Ebner Stolz may store your data after the ter­mi­na­tion of the cli­ent rela­ti­onship at least until all fees are paid. For the mar­ke­ting pur­po­ses men­tio­ned above, Ebner Stolz may store your data for up to four years, pro­vi­ded that you have not objec­ted to use of your data for mar­ke­ting pur­po­ses. To assert or defend legal claims, Ebner Stolz may store data wit­hin the period of the regu­lar sta­tute of limi­ta­ti­ons of three years and in excep­tio­nal cases until the maxi­mum sta­tute of limi­ta­ti­ons periods expire. If and as long as Ebner Stolz is requi­red to store data, Ebner Stolz is entit­led to store such data until the end of the sto­rage periods spe­ci­fied in § 50 of the Federal Lawy­ers Act, § 66 of the Tax Con­sul­ting Act, § 51b of the Audi­tors Act, § 257 of the Com­mer­cial Code, § 147 of the Tax Code and § 8 of the Money Laun­de­ring Act. These periods are up to 10 years.

IV. Are you requi­red to pro­vide data?

Pro­vi­sion of your data is vol­un­tary. Howe­ver, for a cli­ent rela­ti­onship, you must pro­vide your name and com­pany name and an address, because other­wise Ebner Stolz would not be able to iden­tify you and send you an invoice. Pro­vi­sion of addi­tio­nal data may be necessary for us to per­form the enga­ge­ment.

V. What are the sour­ces of your data?

You will usually share data with Ebner Stolz your­self. Ebner Stolz may also receive data from the fol­lo­wing sour­ces:

  • Bureau van Dijk Elec­tro­nic Pub­lis­hing GmbH, Frank­furt, Sikom Soft­ware GmbH and Sil­ler Por­tal Inte­g­ra­tors GmbH, Heil­b­ronn (name, date of birth, address) to iden­tify our cli­ents and to main­tain mas­ter data, as far as we requi­red or entit­led by law to do so
  • Aut­ho­ri­ties and courts (data from file inspec­tion), cre­dit agen­cies (address), pub­lic tran­s­pa­rency, com­mer­cial and asso­cia­tion regis­ters and land regis­ters (name, address and if app­lica­ble, date of birth)

VI. Is data pas­sed on to third par­ties?

Your data will not be pas­sed on wit­hout a legal basis. In addi­tion, lawy­ers, tax con­sul­tants and audi­tors are legally bound to con­fi­den­tia­lity. In part, Ebner Stolz may trans­fer your data to the fol­lo­wing pro­ces­sors for the fol­lo­wing pur­po­ses:

  • DATEV e.G., Nurem­berg (ope­ra­tion of the DATEV soft­ware)
  • DRA­COON GmbH, Regens­burg (cloud ser­vices)
  • FTAPI Soft­ware GmbH (sen­ding encryp­ted emails)
  • Inx­mail GmbH, Frei­burg (email news­let­ters)
  • REISS­WOLF GmbH & Co. KG, Ham­burg (file destruc­tion)
  • Sol­vAct GmbH, Stutt­gart (print news­let­ters)
  • Vod­a­fone GmbH, Düs­sel­dorf (data backup)
  • the com­pa­nies refer­red to in sec­tion V
  • other pro­ces­sors based in Ger­many that pro­vide the fol­lo­wing ser­vices: main­tenance of com­pu­ter pro­grams or hard­ware, hard­ware setup, pro­vi­sion of com­pu­ter pro­grams, tele­phone or web con­fe­ren­ces via the Inter­net, destruc­tion of data sup­port media, data backup, addres­sing and dis­patch of let­ters

These pro­ces­sors pro­cess data only on our instruc­ti­ons and not for their own pur­po­ses.

In cer­tain cases your data is pas­sed on to the fol­lo­wing reci­pi­ents, if you have con­s­en­ted to it (Art. 6(1a) of the GDPR), it is necessary to per­form the enga­ge­ment (Art. 6(1b) of the GDPR), we are requi­red to do so by law in excep­tio­nal cases despite our duty of con­fi­den­tia­lity (Art. 6(1c) of the GDPR) or this is necessary to safe­guard legiti­mate inte­rests (Art. 6(1f) of the GDPR):

  • other Ebner Stolz com­pa­nies, if requi­red for inter­nal com­mu­ni­ca­tion or other admi­ni­s­t­ra­tive pur­po­ses
  • exter­nal audi­tors, tax con­sul­tants, lawy­ers, nota­ries, insol­vency admi­ni­s­t­ra­tors
  • courts, aut­ho­ri­ties, experts, address inves­ti­ga­tors, pos­tal and tele­com­mu­ni­ca­ti­ons ser­vice pro­vi­ders
  • your com­pany's con­tact per­sons, oppo­sing par­ties in pro­cee­dings, con­trac­tual part­ners and their rep­re­sen­ta­ti­ves for pur­po­ses of cor­res­pon­dence and to assert and defend your rights
  • legal pro­tec­tion and pro­fes­sio­nal lia­bi­lity insurance to settle pos­si­ble claims
  • trans­la­tion agen­cies

VII. Does "auto­ma­ted deci­sion-making" take place pur­su­ant to Art. 22 of the GDPR?

Accor­ding to Regu­la­ti­ons (EC) No. 2580/2001 and No. 881/2002 and the Money Laun­de­ring Act, we are requi­red to com­bat the finan­cing of ter­r­o­rism, and if necessary, to con­duct a money laun­de­ring audit. To do this, some of your mas­ter data may be com­pa­red with pub­lic lists that con­tain indi­vi­duals and orga­niza­ti­ons affec­ted by sanc­ti­ons. If you are affec­ted by these sanc­ti­ons, we will not estab­lish a cli­ent rela­ti­onship with you.

VIII. What rights do you have with regard to your data?

You can find infor­ma­tion about your rights at the end of our Pri­vacy Policy.

back to top