1. Data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.
Data collection on this website
Who is responsible? Data processing on this website is carried out by the website operator. Contact details can be found in the section "Information on the responsible party".
How do we collect your data? Firstly, we collect this information when you provide it to us (e.g., via a contact form). Other data is collected automatically or with your consent by our IT systems when you visit the website (e.g., browser, operating system, time of page access).
What do we use your data for? Some of the data is used to ensure the website functions correctly; other data may be used to analyze your user behavior.
What rights do you have? You have the right to free access to information, rectification, erasure, restriction of processing, and objection to processing, as well as the right to data portability. You also have the right to lodge a complaint with the competent supervisory authority.
2. Hosting
We host the content of our website with the following provider:
Amazon Web Services (AWS)
Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg („AWS“).
When you visit our website, personal data is processed on AWS servers. This may also involve transferring data to the parent company in the USA. The transfer to the USA is based on EU Standard Contractual Clauses (SCCs). Details: AWS GDPR DPA, AWS Privacy.
The use of AWS is based on Article 6(1)(f) GDPR (legitimate interest in a reliable service provision). If consent has been requested, processing is additionally based on Article 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG (e.g., for cookies/device access); this consent can be revoked at any time.
Order processing
We have concluded a data processing agreement (Art. 28 GDPR) with AWS. AWS processes personal data only according to our instructions and in compliance with the GDPR.
3. General information and mandatory disclosures
Data protection
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Please note that data transmission over the internet can have security vulnerabilities.
Note regarding the responsible body
Responsible
Financial Forensics GmbH
Würzburger Str. 59
D-63639 Flörsbachtal
Telephone: +49 151 21017420
E-mail: postfach@finanz-forensik.de
Data Protection Officer
Pursuant to Section 38 of the German Federal Data Protection Act (BDSG) in conjunction with Article 37 of the GDPR, we are currently not obliged to appoint a data protection officer.
Storage duration
Unless a more specific retention period is stated within this declaration, personal data will remain with us until the purpose of processing no longer applies. Statutory retention obligations remain unaffected.
Legal basis for processing
Depending on the purpose, we process data on the basis of Art. 6 para. 1 lit. a GDPR (consent), lit. b (contract/initiation), lit. c (legal obligation) or lit. f (legitimate interests). When accessing end devices/storing information, this is also done – if necessary – on the basis of § 25 para. 1 TTDSG.
Note on data transfer to third countries
We use tools from providers in the USA and other third countries. Activating these tools may result in the transfer of personal data to these countries. A level of data protection comparable to that of the EU is not always guaranteed there. Where possible, transfers are based on EU standard contractual clauses or adequacy decisions.
Recipients of personal data
As part of our business activities, we transfer data to external parties if this is necessary for the performance of a contract, if there is a legal obligation to do so, if there is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, or if consent has been given. We have contracts with data processors pursuant to Art. 28 GDPR.
Revocation of your consent
You can withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out until the withdrawal remains unaffected.
Right to object pursuant to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling. If you object, we will no longer process the data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your data is processed for direct marketing purposes, you can object to this processing at any time; this also applies to profiling insofar as it is related to direct marketing.
Right of appeal
Data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. In Hesse, for example, the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) is responsible.
Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format or to have it transferred to a third party, insofar as technically feasible.
Information, rectification, erasure and restriction of processing
Within the framework of the legal provisions, you have the right at any time to free information about your stored personal data and, if applicable, a right to rectification, erasure or restriction of processing.
SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection by "https://" and the padlock symbol in your browser. Data you transmit cannot then be intercepted by third parties.
4. Data collection on this website
Consent with Borlabs Cookie
We use the consent technology from Borlabs Cookie (Borlabs GmbH, Rübenkamp 32, 22305 Hamburg) to obtain and document consent for certain cookies/technologies. The legal basis is Article 6(1)(c) GDPR. Details: Borlabs – stored data.
Server log files
The provider automatically collects and stores the following information: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, and IP address. This data is not combined with other data. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in technical stability/optimization).
Contact form
When you contact us, we process the information you provide in the form, including your contact details, to handle your request and any follow-up questions. The legal basis for this processing is Article 6(1)(b) GDPR (contract/initiation) or (f) GDPR (legitimate interest in efficient communication) or (a) GDPR (consent, if requested). Data is stored until the purpose for which it was collected has been fulfilled or until you withdraw your consent or request its deletion; statutory retention periods remain unaffected.
Inquiry via email or telephone
When you contact us by email or telephone, we process your information (e.g., name, inquiry) for the purpose of handling your request. Legal basis: Art. 6 para. 1 lit. b or lit. f GDPR.
5. Analytics tools and advertising
Google Tag Manager
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager does not create user profiles or store cookies, but it does collect IP addresses (transfer to the USA is possible). Legal basis: Art. 6 para. 1 lit. f GDPR; possibly also Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TTDSG for tags requiring consent.
Google Analytics
We use Google Analytics (Google Ireland Limited) to analyze user behavior (e.g., page views, time spent on the site, origin). Google uses cookies and similar technologies; the data is generally processed on servers in the USA. Legal basis: Your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TTDSG. You may withdraw your consent at any time.
Data transfers to the USA are based on standard contractual clauses. Details: Google – SCC. More information: Data privacy at Google Analytics.
Browser plugin: You can prevent tracking by Google by installing the plugin at https://tools.google.com/dlpage/gaoptout install.
Google Signals
We may use Google Signals for cross-device reporting and personalized advertising, provided you have enabled the corresponding settings in your Google account. Legal basis: Consent (Art. 6 para. 1 lit. a GDPR). You can disable this feature in your Google account.
Google Ads & Conversion Tracking
We use Google Ads including conversion tracking (Google Ireland Limited). This allows Google and us to recognize whether users have performed certain actions (e.g., clicks/conversions). We do not receive any information that allows for personal identification. Legal basis: Consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG). Details: Google Privacy.
6. Plugins and Tools
Google Fonts (local hosting)
For consistent display, we use locally embedded Google Fonts. No connection to Google servers is established. More information: Google Fonts FAQ.
Google Maps
Provider: Google Ireland Limited. Your IP address is processed for the use of Google Maps; the data is generally transferred to the USA. Legal basis: Art. 6 para. 1 lit. f GDPR (interest in an appealing presentation and easy location of our sites) or Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TTDSG, if consent has been requested. SCC details: Google SCC. More information: Google Privacy.
Google reCAPTCHA
We use reCAPTCHA (Google Ireland Limited) to verify that data entries are made by humans. For this purpose, reCAPTCHA analyzes, among other things, IP address, time spent on the page, and mouse movements. Legal basis: Art. 6 para. 1 lit. f GDPR (interest in protection against misuse/spam) or Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TTDSG, if consent is required. Details: Privacy and Terms.