As the operator of this website, we take the protection of your personal data very seriously, treat it confidentially and in accordance with the current legal data protection regulations and this Privacy Policy. In the following we inform you according to article 13 of the EU data protection-Basic Regulation (EU-DSGVO) on the processing of your personal data (hereinafter referred to as "data").

1.definition

The following data protection statement is based on the concepts defined by the European directives and regulations were used in the adoption of the EU DSGVO. In order to ensure easy readability and comprehensibility, we would like to explain the terms used in advance.

We use the following terms, among others, in this privacy policy:

a) personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject (user)

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

c) processing

Processing is any operation carried out with or without the help of automated procedures or any such operation series of operations concerning personal data, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling

Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the need for additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller or data controller

Controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the

Those responsible, or the specific criteria for their designation, may be laid down by Union or national law.

h) Contractor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. public authorities which, in the context of a specific investigation mandate, are subject to the Union law or the law of the Member States may receive personal data, but are not considered to be recipients.

j) Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

k) Consent

Consent is any freely given, informed and unequivocal expression of will by the data subject in a specific case, in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

2. the data controller

payroll service germany GmbH

Jakob-Saur-Strasse 9

79199 Church types

Legal representative: Claudia Bosenius

phone: +4976616298740

fax: +4976616298738

e-mail: cb@payroll-service-germany.com

3. general information on data processing

a) Scope of data processing

As a matter of principle, we only process personal data of our users as far as this is necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

b) Legal basis for data processing

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a of the Basic Data Protection Regulation (EU-DSGVO) serves as the legal basis.

The processing of personal data necessary for the performance of a contract whose Party is the data subject, Art. 6 para. 1 lit. b EU-DSGVO serves as Legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c EUDSGVO serves as the legal basis.

In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) EU-DSGVO serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) lit. f EU-DSGVO serves as the legal basis for the processing.

c) the duration of processing

We process your data only as long as it is necessary to fulfil the contract, to maintain our relationship or according to applicable legal regulations.

Different retention periods apply to the retention of business documents. In accordance with the German Fiscal Code, a retention period of 10 years generally applies to data relevant to tax law, and 6 years for other data in accordance with the provisions of the German Commercial Code.

As long as you do not object, we will use your data within the scope of our trustful business relationship to mutual advantage.

Should you wish your data to be deleted, we will delete it immediately, unless the deletion conflicts with legal obligations to retain data.

4. SSL encryption

This website uses SSL (Secure Socket Layer) encryption to transfer data from your browser to our server and to servers that provide files that we embed on our website. You can recognise the presence of SSL encryption by the preceding text "https" in front of the address of the web page you are visiting in your browser.

5. providing the website and creating log files

a) Description and scope of data processing

Whenever our website is called up, our system automatically collects data and information from the system of the calling terminal. The following data is collected:

Browser type and version used
Operating system of the user
Internet service provider of the user
IP address of the user
Date and time of access
Websites from which the system accesses our website
web pages that are called up by the user's system via our website

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

b) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f EUDSGVO.

c) Purposes of the processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f EU-DSGVO.

d) Duration of processing

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the purpose of providing the website, this is the case when the relevant session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an allocation of the calling client is no longer possible.

e) Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.

6. use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. We also use cookies on our website which enable an analysis of the surfing behaviour of the users.

The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

When calling up our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this data protection declaration.

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f EU-DSGVO. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a EU-DSGVO if the user has given his consent to this.

c) Purpose of the processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its contents. The analysis cookies enable us to find out how the website is used and thus to constantly optimise our offer.

These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f EU-DSGVO.

d) Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted by the user to our site. Therefore you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may not be possible to use all the functions of the website to their full extent.

7. online marketing

a) Description and scope of data processing

On our website, we process personal data for online marketing purposes, which includes in particular the presentation of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in so-called cookies or similar procedures are used, by means of which the user information relevant for the presentation of the aforementioned contents is stored. This information may include, for example, the content viewed, web pages visited, online networks used, but also communication partners and technical details such as the browser used, the computer system used and information on usage times. Provided that the user has consented to the collection of his location data, these can also be processed. The user's IP address is also stored. However, we use IP masking procedures (i.e., pseudonymisation by shortening the IP address) to protect the user. In general, no clear data of the user (such as e-mail addresses or names) are stored within the scope of the online marketing procedure, but pseudonyms. This means that the identity of the user is not known, but only the information stored in his profiles. As a rule, the information in the profile is stored in the cookies or by means of similar procedures. These cookies can later generally also be read out on other websites that use the same online marketing procedure and analysed for the purpose of presenting content, as well as supplemented with additional data and stored on the server of the online marketing procedure provider.

As an exception, clear data can be assigned to the profile. This is the case if the user, for example is a member of a social network whose online marketing methods we use and the network links the user's profile with the aforementioned information. It should be noted that the user can make additional agreements with the providers, e.g. by giving his consent during registration.

As a matter of principle, we only have access to summarised information on the success of our advertisements. However, within the scope of so-called conversion measurements we can check which of our online marketing processes have led to a so-called conversion, i.e., for example

Conclusion of contract with us. Conversion measurement is used solely to analyse the success of our marketing measures.

b) Legal basis for data processing

If the user has given his consent, the legal basis for the processing of personal data is Art. 6 para. 1 lit. a EU-DSGVO.

Otherwise, the legal basis for the processing of personal data is Art. 6 para. 1 lit. f EUDSGVO, i.e. our legitimate interests (e.g. the provision of efficient, economic and recipient-friendly services).

c) Purpose of the processing

The purposes of data processing are tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, visitor action evaluation, interest based and behaviour related Marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), range measurement (e.g. access statistics, recognition of recurring visitors), target group formation (determination of target groups relevant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes), click tracking.

These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f EU-DSGVO.

The purposes of data processing are

Tracking (e.g. interest/behavioural profiling, use of cookies) Remarketing
Visitor action evaluation
Interest-based and behaviour-based marketing
Profiling (creation of user profiles)
Conversion measurement (measuring the effectiveness of marketing measures)
Range measurement (e.g. access statistics, recognition of returning visitors)
Target group formation (determination of target groups relevant for marketing purposes or other output of content)
Cross-device tracking (cross-device processing of user data for marketing purposes)
Click tracking

d) Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and are transmitted by the user to our site. Therefore you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may not be possible to use all the functions of the website to their full extent.

e) services and service providers used

DoubleClick

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Website: https://marketingplatform.google.com/intl/de/about/analytics/;

Privacy Shield (ensuring the level of data protection when processing data in the USA):

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active;

Opt-out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://adssettings.google.com/authenticated.

8. contact form and e-mail contact

a) Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this data protection declaration.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

b) Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a EU-DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 letter f EU-DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Article 6 (1) (b) EU-DSGVO.

c) Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

d) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be concluded from the circumstances that the matter in question has been conclusively clarified.

Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

e) Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

All personal data stored in the course of the contact will be deleted in this case.

9. Google fonts (web fonts)

a) Scope of data processing

Our website page uses certain Google fonts for display. When calling up a page, the user's browser loads these fonts. In the process, the user's IP address together with the page (Internet address) that the user has visited is sent to a server of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.

b) Legal basis for data processing

The legal basis for the processing of the user's personal data is Art. 6 para. 1 letter f EUDSGVO.

c) Purpose of the data processing

The use of Google fonts serves the visual representation of text content.

10.blog with comment function

a) Scope of data processing

We offer users of the blog found on our website the possibility to leave individual comments on individual blog posts. A blog is a regular public portal on a website where one or more people (bloggers) can publish (post) articles.

If a user leaves a comment in our blog after prior consent, information on the time of the comment entry as well as the user name chosen by the user (pseudonym) will be stored and published in addition to the comment left. In addition, the user's IP address is logged.

Personal data will not be passed on to third parties unless such a transfer is required by law or serves the purpose of legal defence.

b) Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a EU-DSGVO and Art. 6 para. 1 lit. f EU DSGVO.

c) Purpose of the data processing

The comment function gives users the opportunity to leave opinions, criticism and comments on a specific blog post.

The data collected and the IP address are stored for security reasons and in the event that the user violates the rights of third parties or posts illegal content through a comment submitted.

d) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

e) Possibility of objection and removal

Users have the option at any time to either remove their own comments and thus their associated data themselves, or to instruct us to remove them.

11. YouTube

a) Scope of data processing

We use YouTube videos on our website. The operator of the corresponding plugin is YouTube, LLC (901 Cherry Ave., San Bruno, CA 94066, USA). When the user visits a page with the YouTube badge, a connection to YouTube servers is established. This tells YouTube which website the user is visiting.

If the user is logged in to his YouTube account, YouTube can personally assign his user behaviour.

If a YouTube video is started, the provider uses cookies (see above), which collect information about user behaviour.

Further information is available at https://www.google.de/intl/de/policies/privacy/.

b) Legal basis for data processingThe legal basis is Art. 6 (1) lit. f EU-DSGVO.

c) Possibility of objection and removal

Users can prevent the setting of cookies, as described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. This would also prevent Google from setting a cookie on the user's computer system. In addition, cookies already set can be deleted at any time via the internet browser or other software programs.

12. processors

We use external service providers (order processors), e.g. for the dispatch of goods, newsletters or payment processing. With the service providers, a separate Contract processing contract concluded to ensure the protection of your personal data.

We work together with the following service providers:

Heise Medien GmbH & Co KG, Karl-Wiechert-Allee 10, 30625, Hanover, Germany

13. your rights as a data subject

Under the EU DSGVO you have the following rights:

(a) Right of information

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.

In the event of such processing, you may request the following information from the data controller:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed

(4) the planned duration of the storage of personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;

(5) the existence of a right of correction or deletion of the personal data concerning you data, a right to have the controller restrict processing or object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision making, including profiling, in accordance with Article 22 (1) and (4) of the EU-DSA and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards in accordance with Article 46 of the EU data protection regulation in connection with the transfer.

b) Right to rectify your data

You have the right to ask the data controller to correct and/or complete any personal data processed concerning you if it is incorrect or incomplete. The data controller must make the correction without delay.

c) Right to limit the processing of your data

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

(1) if you dispute the accuracy of the personal data concerning you for a period that allows the person responsible to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data

(3) the controller no longer needs the personal data for the purposes of the processing, but you need it in order to exercise or defend your rights, or

(4) if you have lodged an objection to the processing pursuant to Art. 21 (1) EU-DSGVO and it is still not clear whether the legitimate reasons given by the controller outweigh the reasons given by you.

If the processing of personal data concerning you has been restricted, such data may - apart from their storage - only with your consent or for assertion, exercise or processed for the defence of legal claims or to protect the rights of another natural or legal person or for reasons of major public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

d) Right to deletion of your data aa) Obligation to delete

You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing was based in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a EU-DSGVO and there is no other legal basis for the processing.

(3) You object to the processing in accordance with Art. 21 (1) EU-DSGVO and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) EU-DSGVO.

(4) Personal data concerning you have been processed unlawfully.

(5) The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you has been collected in relation to information society services offered, in accordance with Article 8 (1) of the EU-DSGVO.

bb) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to do so in accordance with the provisions of the law, he/she is obliged to inform the public of the data.

If a Member State is obliged to delete a data file under Article 17 (1) EU-DSGVO, it shall, taking into account the available technology and implementation costs, to inform data controllers who process personal data that you, as a data subject, have requested them to delete all links to such personal data or to make copies or replications of such personal data.

cc) Exceptions

The right of cancellation does not apply if the processing is necessary

(1) on the exercise of the right to freedom of expression and information;

(2) in order to comply with a legal obligation requiring processing under the law of the Union or of the Member States to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller

(3) for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. dog i and Article 9 (3) EU-DSGVO;

(4) for archiving purposes in the public interest, scientific or historical for research or statistical purposes in accordance with Art. 89 (1) EU-DSGVO, insofar as the law referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or

(5) to assert, exercise or defend legal claims.

e) Right to information

If you have asserted the right to rectify, erase or limit the processing to the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

They have the right to be informed of these recipients by the person responsible.

f) Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been communicated, provided that

(1) the processing is based on a consent pursuant to Art. 6 para. 1 letter a EU-DSGVO or Art. 9 para. 2 letter a EUDSGVO or on a contract pursuant to Art. 6 para. 1 letter b EU-DSGVO and

(2) the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data transferability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right of objection

You have the right to object at any time, for reasons arising from your specific situation, to the processing of personal data concerning you, which is carried out pursuant to Art. 6, paragraph 1, letter e or f of the EUDSGVO, including profiling based on these provisions.

The person responsible will no longer process the personal data concerning you unless he/she can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If personal data concerning you are processed for the purpose of direct marketing, you have the right to you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling, insofar as it is linked to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility of exercising your right of objection in connection with the use of Information Society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

h) Right to withdraw the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the lawfulness of the processing that has taken place on the basis of your consent until revocation.

i) Right to complain to the data protection supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, in which you work or in which the suspected infringement occurred, if you consider that the processing of personal data concerning you is contrary to the EU GMO. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 EU-DSGVO

The competence of the supervisory authority depends on your place of residence. A list of the supervisory authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

This privacy statement was prepared by ASG Rechtsanwälte.