Privacy policy
Thank you for visiting the Haufe Group websites. The protection of your personal data is very important to us. With this privacy policy we would like to inform you about the handling of your personal data when you visit our websites and about your rights.
1. Who are we and how can you reach us?
We, the
Haufe Service Center GmbH
A company of the Haufe Group
Munzinger Straße 9
79111 Freiburg
Email: service@haufe.de
are responsible for protecting your personal data. If you have any questions about the processing of your data, your rights or the privacy policy, our data protection officer Raik Mickler will be happy to assist you. You can reach him at:
dsb@haufe-lexware.com
2. What data is processed when you visit our websites?
In the following, we inform you regarding what data is collected when you visit our websites, for which purposes it is processed, on what legal basis the processing takes place, what your options are to control the collection and processing of the data yourself, and when the data is erased.
2.1 Amazon Web Services
2.1.1 Data collected:
The eAcademy combines learning new content with application in one’s own business context and is supported by project coaching. To provide the eAcademy service we use solutions and technologies from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (AWS).
Data collected includes in particular:
• Email addresses
• First name
• Surname
• Telephone number (optional)
• IP address of the requesting compute
2.1.2 Purposes of data processing:
We process your data in order to provide you with the requested service.
2.1.3 Legal basis:
We process this data for the fulfilment of a contract according to Art. 6 (1)(b) GDPR.
2.1.4 Storage duration and control options:
We store your data as long as you have an active account with us. If you delete this account, or the account is closed for another reason, we delete all existing data, provided that no legal or contractual retention periods prevent deletion.
2.1.5 Third country transfer:
The data is generally processed in European data centres. In the context of maintenance and support measures, data may also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases, we have obliged Amazon Web Services to comply with a level of data protection corresponding to EU law using the corresponding EU Standard Contractual Clauses.
2.2 Log-Files
2.2.1 Data collected:
When you visit our websites, the following data is automatically transmitted by your browser:
• Your IP address
• The website you are coming from
• Web pages you access through our site
• The pages you click on, and
• The time you access the page
• The name of your internet service provider
• Your browser type and its version
• The operating system of your device
• The date and duration of your visit.
2.2.2 Purposes of data processing:
The temporary storage of this data is necessary to enable the provision of the website to your computer and to ensure the functionality of the website. By means of this data, we also gain statistical insights into how our websites are used. In addition, we collect the data in order to be able to trace and prevent unauthorized access to the web server and misuse of the web pages, and to secure our information technology systems.
2.2.3 Legal basis:
We temporarily store this data on the basis of legitimate interests (Art. 6 (1)(f) GDPR). Our legitimate interest is to achieve the purposes described above.
2.2.4 Storage duration and control options:
The data is deleted when it is no longer necessary for the achievement of purposes. Log files are deleted after 90 days at the latest.
2.3 General information on cookies and targeting technologies
2.3.1 Data collected:
When you visit our website, cookies are set. These are small text files that are stored on the device. Cookies usually contain a specific sequence of characters, the so-called cookie ID, with which your browser can be identified the next time you visit our website.
In addition, we use so-called tags, which are small code elements that help us to measure the behaviour of our users and the success of advertising activities.
Depending on the type of cookies or tags, different data is collected and processed.
We use our own cookies as well as cookies from other providers (third party cookies). cookies are described in detail below in section 2.3.
2.3.2 Purposes of data processing:
Technically necessary cookies enable the technical functionality of the website. Some functions of our websites cannot be offered without the use of cookies.
Functionality cookies are used to make our websites more user-friendly and to guarantee certain functionalities, e.g. the cross-page shopping basket display, in which you can see how many items are currently in your shopping basket, and the storage of your login data so that you can access the data and settings you have already entered when you return to the site.
Analysis cookies and tags enable us to generate aggregate statistics, e.g. about the number of views, which areas of the websites are viewed most frequently, information about locations and about the average stay on the websites. This allows us to improve the quality of our websites and content.
Advertising cookies and retargeting technologies enable us to provide you with offers and information tailored to you. This enables us to make our websites more interesting for you and to address you with personalized, interest-based advertising on other websites.
2.3.3 Legal basis:
We use technically necessary cookies and functionality cookies on the basis of legitimate interests (Art. 6 (1)(f) GDPR). Our legitimate interest is to ensure the functioning of our websites and their optimal usability.
We use analysis cookies and advertising cookies as well as tags and retargeting technologies on the basis of your consent (Art. 6 (1)(a) GDPR), which we obtain via a cookie banner. You can revoke consent at any time informally and with future effect by using the opt-out links in this privacy policy.
2.3.4 Storage duration and control options:
Some of the cookies we use are automatically deleted after you close the browser (so-called session cookies); others remain on your device permanently and enable us to recognize your browser (so-called persistent cookies).
You have full control over the use of cookies and can delete cookies in your browser, disable the storage of cookies altogether or selectively accept certain cookies. Please make use of the help function of your browser to find out how to change these settings. This may limit the functionality of our websites.
2.4 Cookies and tracking technologies used by third parties
2.4.1 Usercentrics Consent Management Platform
2.4.1.1 Data collected:
We use the consent management service Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (“Usercentrics”). Usercentrics is used on the website as an order processor for the purpose of consent management. The following data is collected: opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.
2.4.1.2 Purpose of data processing:
We use Usercentrics to comply with the legal obligations of consent retention.
2.4.1.3 Legal basis:
We use Usercentrics to comply with our legal obligation, Art. 6 (1) Sentence 1 lit. c GDPR.
2.4.1.4 Storage duration and control options:
The consent data (consent and revocation of consent) is stored for three years. The data will then be deleted immediately. For further information, please refer to the Usercentrics privacy policy.
2.4.2 3Q SDN video hosting
2.4.2.1 Data collected:
We have integrated the SaaS platform 3Q SDN on our website to display video content. 3Q SDN is a platform for processing video material and all related services. The operating company of 3Q SDN is 3Q GmbH, Kurfürstendamm 102, 10711 Berlin.
3Q stores a cookie in your browser. This provides 3Q with insights into how extensively our video offer is used. The personal data transmitted to 3Q is usually the IP address, timestamp, URL, user agent and data required for statistical purposes. The applicable data protection provisions of 3Q can be found at https://www.3qsdn.com/de/datenschutz_und_richtlinien.
2.4.2.2 Purpose of data processing:
The 3Q platform collects data on the use of the audiovisual content offered by the responsible parties. We use 3Q to offer you our learning content and thus meet our obligation to fulfil the contract.
2.4.2.3 Legal basis:
We use 3Q to provide your training content via video, as included in our contract offer. Therefore, the data processing takes place on the basis of the contract concluded between us, Art. 6 (1) lit. b GDPR.
2.4.2.4 Storage duration:
Your data will only be stored for as long as is necessary to fulfil the purpose.
You can also prevent cookies from being stored on your browser by selecting the appropriate settings in your browser. We would like to point out that this may lead to display problems and you may not be able to use all the functions of our website.
2.4.3 Econda
2.4.3.1 Data collected:
We use solutions and technologies from Econda GmbH, Eisenlohrstraße. 43, 76135 Karlsruhe
(“Econda”). Econda creates pseudonymous user profiles across pages by means of cookies. In doing so, data is collected that enables the recognition of your browser. Your IP address is made unrecognizable immediately after receipt in order to prevent it from being allocated to a user profile.
2.4.3.2 Purpose of data processing:
We use Econda for the needs-based design and optimization of our websites.
2.4.3.3 Legal basis:
We use Econda if you have given your consent. We obtain your consent via the cookie banner at the bottom of the web pages when you access our websites.
2.4.3.4 Storage duration and control options:
Econda stores this data and it is regularly deleted.
You can prevent the collection and processing of your data by Econda by selecting the appropriate setting in your browser or via this link [ https://www.econda.de/widerruf-zur-datenspeicherung ].
2.5 plista:
2.5.1 Data collected:
We use the services of plista GmbH, Torstraße 33-35, 10119 Berlin via the Burda Media agency.
plista is a tool for providing recommendation technology. plista compares the interests of visitors to websites with each other and recommends the favourites of similar visitors in each case. Recommendations are generally made anonymously – i.e. ratings and click data are used in the algorithm, while it is not possible for third parties to see or read the data basis. In order for plista to be able to provide the corresponding recommendations to the website visitor, which falls within their area of interest, plista combines this rating and click data into a usage profile and evaluates it. plista requires anonymous data to provide this service. Anonymous usage data provides information about the website visits, clicks of a website visitor and that visitor’s reading behaviour without any personal reference.
2.5.2 Purposes of data processing:
plista anonymously collects information to measure the success and control of advertising campaigns.
2.5.3 Legal basis:
The processing is based on your consent (Art. 6 (1) a GDPR).
2.5.4 Storage duration:
The data will not be stored for longer than 12 months.
Option to prevent processing (opt-out): https://www.plista.com/de/about/opt-out
2.6 Google:
2.6.1 Google Tag Manager
Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offer). The Tag Manager itself (which implements the tags) does not process any personal data. With regard to the processing of personal data, please refer to the information on the respective Google services. You can access the usage guidelines of the Google Tag Manager here: https://www.google.com/intl/de/tagmanager/use-policy.html
2.6.2 Google Signals
We also partially use the Signals function from Google Inc. The Google Signals function recognizes individual users across different devices (so-called cross-device tracking). We ourselves only have anonymous data in the form of a report that shows patterns in user behaviour.
The function is only active if you:
• have a Google account,
• are logged into your Google account when you access the corresponding Haufe Group website,
• and have activated the “personalized advertising” function in your Google account.
If you do not wish to use this function, you must deactivate the “personalized advertising” function in your Google account.
2.6.3 Google Remarketing and Double Click
We use Google Remarketing and Google Double Click. This technology stores cookies that evaluate how you use our website and make it possible to recognize your browser when you visit websites that belong to the Google advertising network. For this purpose, the Google Analytics tracking code uses so-called DoubleClick cookies in addition to the Google Analytics cookies. These collect data on which third party websites in the Google Display Network you have visited and which advertisements you have clicked on. In addition, data from first party cookies (e.g. Google Analytics cookies) and third party cookies (e.g. Google cookie for display preferences) are linked. This allows us to evaluate the display of advertisements and your interaction with these advertisements.
2.6.4 Google AdWords Conversion Tracking
We use Google AdWords Conversion Tracking. With this technology, cookies are stored when you interact with one of our advertisements, e.g. click on it. The cookies are used to analyze what happens after you have interacted with an ad, e.g. whether you have bought our product, accessed the ad from a mobile phone, downloaded our app or signed up for a newsletter.
2.6.5 Purposes of data processing:
Google Remarketing and Double Click: We use this technology to present you with interest-based advertisements on other websites in the Google advertising network. The advertisements relate to content that you have previously viewed on our websites.
Google AdWords Conversion Tracking: We use this technology to improve our offering.
2.6.6 Legal basis:
We use the Google products described if you have consented to them. We obtain your consent via the cookie banner when you access our websites.
2.6.7 Storage duration:
The data collected by the Google functions are saved and regularly deleted.
You can prevent the storage of cookies by selecting the appropriate settings in your browser.
You can also prevent the collection and processing of data by Google by downloading and installing the browser add-on available at the following link [https://tools.google.com/dlpage/gaoptout?hl=de].
Google Dynamic Remarketing and Double Click as well as Google AdWords: You can object to the storage of cookies and the associated data processing by deactivating personalized advertising in your advertising settings [http://www.google.com/ads/preferences/html/opt-out.html]. You can deactivate the use of cookies by third party providers via the deactivation website of the Network Advertising Initiative [http://optout.networkadvertising.org/#/]. Alternatively, you can deactivate DoubleClick cookies by installing a browser plug-in [https://www.google.com/settings/u/0/ads/plugin?hl=de].
This may limit the functionality of our websites.
For more information, please refer to the Google Privacy Policy [https://www.google.de/intl/de/policies/privacy/].
2.7 Microsoft Advertising Remarketing and Microsoft Clarity
This technology uses cookies that evaluate how you use our website and allow us to recognize your browser when you visit websites that are part of the Microsoft advertising network.
Purposes of data processing:
We use this technology to present you with interest-based advertisements on other websites in the Microsoft advertising network. The advertisements relate to content you have previously viewed on our websites.
Data collected:
Bing Conversion Tracking (“UET”, also called Microsoft Advertising Universal Event Tracking): We use Microsoft Advertising Universal Event Tracking, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). When you access our website via Microsoft Ads, a cookie is stored on your computer. In addition, a UET tag is integrated on our websites. This is a code, which when combined with the cookie, stores pseudonymized data to track what actions you take on our websites after clicking on a Microsoft Ads advertisement. Data collected includes time spent on the website, which areas of the website were accessed and which ad you used to access the website. In addition, Microsoft may track your usage patterns across multiple electronic devices by means of cross-device tracking. The information collected is transferred to a Microsoft server in the USA. Microsoft is certified under the EU-US Privacy Shield.
Bing Webmaster Tools: The Bing Webmaster Tools from Microsoft store cookies and so-called beacons on your computer. Beacons or tracking pixels are small invisible graphics that can be used to register whether a website has been accessed.
Purposes of data processing:
Microsoft Advertising Universal Event Tracking: UET allows us to track your activity on our websites if you have arrived at our websites via Microsoft Ads advertisements, and enables us to improve our service. Cross-device tracking allows Microsoft to display personalized ads.
Bing Webmaster Tools: With the help of this tool, Microsoft can provide its Bing services and optimize search results.
Legal basis:
We use Microsoft Advertising Tracking if you have consented to it. We obtain your consent via the cookie banner at the bottom of the page when you visit our website.
Storage duration and control options:
The data is stored by Microsoft for a maximum period of 180 days. You can prevent the collection and processing of data by deactivating the setting of cookies. This may restrict the functionality of the websites under certain circumstances. You can deactivate cross-device tracking at the following link https://account.microsoft.com/privacy/ad-settings/signedout?ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings.
For more information about Bing’s analytics services, please visit the Bing Ads website [https://help.ads.microsoft.com/#apex/3/de/53056/2 ]. For more information on privacy at Microsoft, please refer to Microsoft’s Privacy Policy [https://privacy.microsoft.com/de-de/privacystatement].
2.8 Oracle (Eloqua)
We use the Eloqua service provided by ORACLE Deutschland B.V. & Co. KG, Riesstrasse. 25, 80992 Munich. Eloqua stores a permanent cookie on your browser on the respective registration website.
2.8.1 Purposes of data processing:
We use Eloqua to analyze the use of our websites, in order to continually improve them.
2.8.2 Legal basis:
We use Eloqua if you have consented to this. We obtain your consent via the cookie banner at the bottom of our web pages when you access our websites.
2.8.3 Storage duration and control options:
Eloqua stores your data and this data is deleted regularly. You can prevent the collection and processing of your data by Eloqua by selecting the appropriate settings in your browser or via the following link [https://www.oracle.com/de/legal/privacy/privacy-choices.html].
For more information, please see Oracle’s privacy policy [https://www.oracle.com/de/legal/privacy/privacy-policy.html].
2.9 LinkedIn Insights Tag and LinkedIn Ads
2.9.1 Data collected:
We use the LinkedIn Insight Tag for this website. The LinkedIn Insight Tag creates a LinkedIn
“browser cookie” which collects the following data: IP address, timestamp, page activity, LinkedIn demographic data if the user is an active LinkedIn member.
2.9.2 Purposes of data processing:
We process your data to evaluate campaigns and collect information about website visitors who may have reached us through our campaigns on LinkedIn.
2.9.3 Legal basis:
We use LinkedIn if you have consented to it. We obtain your consent via the cookie banner when you visit our website.
2.9.4 Storage duration:
We store your data for as long as we need it for the respective purpose (campaign evaluation) or if you have not objected to the storage of your data or revoked your consent.
The collected data is encrypted. More information can be found here [https://www.linkedin.com/help/linkedin/answer/65521]. You can find the LinkedIn privacy policy [https://www.linkedin.com/legal/privacy-policy], as well as the LinkedIn opt-out [https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out].
2.10 Facebook-Pixel and Facebook Custom Audience (Remarketing):
2.10.1 Data collected:
On our website, we use the so-called “Facebook Pixel” from the “Facebook” company (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Facebook Pixel allows us to classify visitors to our website into specific target groups in order to display relevant advertisements (“ads”) to you on Facebook. The data collected (e.g. IP addresses, information on the web browser, the location of the website, buttons clicked, pixel IDs if applicable and other characteristics) are not visible to us specifically but can only be used in the context of displaying certain advertisements. So-called cookies are also stored as part of the use of the Facebook Pixel code.
If you have a Facebook account and are logged in, your visit to this website will be assigned to your Facebook user account.
In some cases, we also use the remarketing function “Custom Audiences” from the “Facebook” company. This allows users of the site to be shown interest-based advertisements (“Facebook ads”) when visiting Facebook or other websites that also use this procedure. In this way, we pursue the interest of displaying advertisements that correspond to your interests in order to make our website more interesting for you.
In order to exchange the respective data, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding web page of our website, or that you have clicked on one of our advertisements. If you are registered with a “Facebook” service, “Facebook” can assign the visit to your account. Even if you are not registered with Facebook, or are not logged in, it is possible that the provider may obtain your IP address and other identifying features.
Insofar as you have consented to this, we may pass on your telephone number or email address to “Facebook” in order to be able to show you advertisements corresponding to your interests.
You can find out how Facebook Pixel is used for advertising campaigns
at [https://www.facebook.com/business/learn/facebook-ads-pixel]
You can find more information on Facebook’s data policy at [https://www.facebook.com/policy.php].
You can obtain further information on data processing by Facebook at [https://www.facebook.com/about/privacy].
2.10.2 Purposes of data processing:
We use these functions in order to provide you with advertising offers that correspond to your interests.
2.10.3 Legal basis:
We use Facebook if you have consented to this. We obtain consent via the cookie banner when you visit our website.
2.10.4 Storage duration:
We store your data for as long as we need it for the respective purpose (display of interest-based advertising) or if you have not objected to the storage of your data or revoked your consent.
Deactivation of the “Facebook Custom Audiences” function is possible for logged-in users at [https://www.facebook.com/settings/?tab=ads#_].
You can change your Facebook ad settings at [https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen] if you are logged into Facebook.
3. What data is processed when you contact us, subscribe to a newsletter, open a user account and make use of our online products and services?
In the following, we inform you about what data is collected and processed when you contact us, subscribe to a newsletter, open an account or purchase online products, for which purposes and by which recipients it is processed, the legal basis for the data processing and when the data is deleted.
3.1 Opening an account
3.1.1 Data collected:
When you open an account with us, we ask for the following data about you: First and last name, email address, billing address (company address and, if applicable, another email address that is to be used for billing) and your individual, freely selectable password. In addition, you can – voluntarily – upload a profile picture that can be seen in the application.
After registration, you will receive a verification email from us, which on the one hand serves to confirm your identity and on the other hand to enable invoicing. The verification link is valid for two weeks.
3.1.2 Purposes of data processing:
We process this data to create your account so that you can access the services we offer and so that we can process the contract.
3.1.3 Legal basis:
Insofar as we need your data to execute the contract with our contractual parties (usually your employer) and to provide you with our services, or to carry out pre-contractual measures based on your enquiry, the data processing is based on Art. 6 (1) lit. b GDPR.
3.1.4 Storage duration and control options:
We store your data for as long as you have an account on our platform. You can delete your profile yourself at any time. You can also download your data as a zip file at any time.
If you delete your account, all data relating to the account will be irrevocably deleted. This includes courses which have already been purchased or completed.
You can delete your voluntarily provided profile picture, which we store based on your consent, yourself at any time by clicking on “Delete picture” in your profile. This constitutes a revocation of consent within the context of Art. 7 (3) GDPR.
3.2 Contact and support
3.2.1 Data collected:
We collect and process the data provided by you, such as your contact details, your name and your request, when you contact us by telephone or email. All data transmitted to us by you is transferred in encrypted form between your browser and our server.
3.2.2 Purposes of data processing:
The data processing is carried out by our customer service or service providers contracted by us exclusively on the basis of and for the processing of your enquiry.
3.2.3 Legal basis:
We process your data for the implementation of pre-contractual and contractual measures, which are carried out at your request (Art. 6 (1)(b) GDPR)
3.2.4 Storage duration:
We store your data for as long as we need it for the specific processing purpose, for warranty purposes or to comply with statutory retention periods.
3.2.5 Third country transfer:
We use, among others, the service provider Salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London, UK) to manage your data.
Data is generally processed in European data centres. In the context of maintenance and support measures, data may also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases as well, we have obligated the service provider Salesforce Inc. to comply with a level of data protection corresponding to EU law using the corresponding EU Standard Contractual Clauses.
3.3 Seminar registration and invoicing
3.3.1 Data collected:
We collect and process data provided by you as part of the account registration, e.g. contact details such as your name and address as well as information on the booked topic, location and period and, if applicable, other circumstances of the respective seminar.
3.3.2 Purposes of data processing:
We process your data in order to be able to provide you with the relevant seminar, to create your invoice and send it to you, and to be able to send you promotional offers for similar seminars and products in the future, if applicable.
3.3.3 Legal basis:
We process your data in order to be able to fulfil our contractual obligation to you (Art. 6 (1)(b) EU-GDPR). In addition, we process your data on the basis of legitimate interest (Art. 6 (1)(f) EU-GDPR) in order to be able to provide you with similar interesting offers in the future.
3.3.4 Storage duration and control options:
We store your data for as long as we need it for the specific processing purpose, for warranty purposes or to comply with legal retention periods.
Insofar as we use your data to contact you with advertising based on your previous bookings of eAcademy offers, you can object to the data processing. To do so, simply contact our customer service or unsubscribe directly via the unsubscribe link in the advertising emails.
3.4 Coaching
3.4.1 Data collected:
You can also book coaching sessions on our websites. If you do so, we will pass on your data (first name, last name, login email address, as well as the parameters of your individual course project) to the selected coach. In addition, you can voluntarily provide a telephone number when booking, which we will then also pass on to the coach. The coach will then contact you personally to discuss the desired communications options with you. We have no influence on this and do not process any further data in this context.
3.4.2 Purposes of data processing:
We process your data in order to be able to offer you the booked coaching and to enable communication between you and your coach.
3.4.3 Legal basis:
This data processing is based on the execution of the contract (Art. 6 (1) lit. b GDPR).
3.4.4 Storage duration:
We store your data for the duration of the contract and then delete the data, insofar as no legal retention obligations prevent erasure.
3.5 Customer surveys
3.5.1 Data collected:
For the purpose of online surveys, we use the services of the provider Netigate Deutschland GmbH, Luisenforum, Kirchgasse 2, 65185 Wiesbaden. Netigate processes the information provided by users solely for the purpose of evaluating the survey on our behalf and, insofar as no personal data, such as names or email addresses, is requested, stores it anonymously, i.e. in particular without the IP address of the users. Insofar as personal data is requested within the scope of the survey beyond the topic of the survey (e.g. name, address, company, etc.), we point out separately within the scope of the survey that this is additional, voluntary information.
3.5.2 Purposes of data processing:
We use Netigate to design and optimize our products and services according to your needs.
3.5.3 Legal basis:
We use Netigate if you fill in a corresponding questionnaire. The completion of the questionnaire is completely voluntary. If you disclose personal data as part of the survey, the data processing is based on your consent, see Art. 6 (1) lit. a GDPR.
3.5.4 Storage duration and control options:
In the case of surveys with personal data, these are automatically deleted after 13 months. If you have disclosed personal data on a voluntary basis, you can revoke your consent at any time with future effect, see Art. 7 (3) GDPR. All you need to do is send a message to our customer service.
4. What rights do you have and how can you exercise them?
4.1 Revocation of consent
You can revoke any consent you may have given for the processing of your personal data at any time with future effect. Please note that the revocation has no effect on the lawfulness of the previous data processing and that it does not extend to such data processing for which there is a legal reason for permission, and which may therefore also be processed without your consent.
4.2 Further data subject rights
In addition, you are entitled to the following data subject rights in accordance with Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR) if the legal requirements are met:
4.2.1 Information:
You can request at any time that we provide you with information about which of your personal data we process and how it is processed and provide you with a copy of the personal data we hold about you, Art. 15 GDPR.
4.2.2 Rectification:
You can request the correction of incorrect personal data and the completion of incomplete personal data, Art. 16 GDPR.
4.2.3 Erasure:
To erase your personal data: Please note, data that we need for the implementation and execution of contracts and for the assertion, exercise and defence of legal claims, as well as data for which there are legal, supervisory or contractual retention obligations, Art. 17 GDPR, is excluded from this erasure.
4.2.4 Restriction of processing:
You can request the restriction of processing under certain circumstances, e.g. if you believe that your data is inaccurate, if the processing is unlawful or if you have objected to the data processing. This means that your data may only be processed in a very restricted manner without your consent, e.g. for the assertion, exercise and defence of legal claims or for the protection of the rights of other natural and legal persons, Art. 18 GDPR.
4.2.5 Objection to data processing:
You have the right to object to data processing for direct marketing purposes at any time. In addition, you can object at any time to data processing based on a legitimate interest if there are special reasons, Art. 21 GDPR.
4.2.6 Data portability:
You have the right to receive the data that you have provided to us, and that we process on the basis of your consent or for the performance of a contract, in a commonly used, machine-readable format and, within the limits of what is technically feasible, to request direct transfer of this data to third parties, Art. 20 GDPR.
5. Contact channels
You can exercise your rights via the following contact channels:
Haufe Group
Mr Raik Mickler
Data protection officer
Munzinger Straße 9
79111 Freiburg
E-Mail: dsb@haufe-lexware.com
You can revoke your consent to data processing by cookies and tracking technologies by selecting the appropriate settings in your browser or by using the opt-out options described in detail under 2.3.
6. Right to lodge a complaint with a supervisory authority
If, for example, you believe that our data processing is unlawful or that we have not granted the rights described above to the extent necessary, you have the right to lodge a complaint with the competent data protection supervisory authority.
7. General information on third country transfers
The provision of the contractually agreed data processing takes place exclusively in a member state of the European Union (European data centres) or in another contracting state of the Agreement in the European Economic Area. However, in the context of maintenance and support measures, data may also be transferred to the third country USA. We always ensure an adequate level of protection for the transfer of data by implementing appropriate safeguards in accordance with Art. 44 et seq. GDPR. For each of these third country transfers, a contract with standard data protection clauses of the European Commission (Art. 46 (2) (c) and (d) GDPR) has been concluded with the respective recipient.
Status: March 2021