Ziehms & Schwartz

Menu

Data Protection

Data protection notices for clients, employees, website visitors and other stakeholders

With the following information, we would like to give you an overview of how Ziehms & Schwartz GmbH processes your personal data and of your rights under data protection law. Which individual data is processed and how it is used depends substantially on your relationship with us, whether you are a client, an applicant, employee, website visitor or otherwise affected data subject (such as a freelancer employed by us for a certain project or parties interested in our services). For this reason, not all parts of this information will apply to you.

Who is responsible for data processing and whom can I contact?
Ziehms & Schwartz GmbH
Mainzer Landstrasse 10
60325 Frankfurt am Main
info@zs-forensic.com
+49 173 523 6895

What data and sources do we use?
We process personal data that we receive from our clients in the course of our business relationship and from applicants and employees (including interns and working students) for hiring decisions or carrying out the employment relationship, from visitors to our website or other data subjects. In addition, we process – insofar as necessary for the provision of our service – personal data that we have obtained legally from publicly accessible sources (e.g. commercial and company registers, land registers, press, Internet) or which have been made available to us by third parties.
Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality) and identification data). In addition, this may also include order information, data from fulfilling our contractual obligations (e.g. from our payment transactions), documentation data (e. g. consultation report) as well as other data comparable with the categories mentioned.

Why and on which legal basis do we process your data?
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

(1) Within the scope of employment (Art. 6 para. 1 lit. b GDPR)
We process personal data of our employees (including interns and working students) for the purpose of hiring, carrying out and terminating the respective employment relationship.

(2) Based on consent (Art. 6 para. 1 lit. a GDPR)
If you have given us your consent to process personal data for certain purposes (e.g. contacting, newsletter mailing, registration for our annual restructuring meeting), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25/05/2018. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.

(3) To fulfill (pre)contractual obligations (Art. 6 para. 1 lit. b GDPR)
The processing of personal data of our clients and freelancers employed by us on a project basis is carried out for the provision of our services in the context of the performance of our contracts with our clients or for the implementation of pre-contractual measures, which are carried out upon request. Further details on the data processing purposes can be found in the relevant contractual documents and terms and conditions.

(4) Based on legal obligations (Art. 6 para. 1 lit. c GDPR)
In addition, as a stock corporation we are subject to various legal obligations (e. g. in the German Commercial Code (HGB), Stock Corporation Act (AktG), Securities Trading Act (WphG), the German Money Laundering Act (GwG), tax laws). Processing purposes include, among others, the identification obligation for the prevention of money laundering, the obligation to create and retain manual files and the fulfillment of reporting obligations under tax law.

(5) Based on a balancing of interests (Art. 6 para. 1 lit. f GDPR)
If required in order to safeguard legitimate interests on our part, we will process your data beyond the purposes stated above, especially for
Measures for business management and further development of services and products
Advertising (also by way of direct approach) and market research insofar as you have not objected to the use of your data,
Assertation of legal claims and defense in legal disputes.

Who gets my data?
Access to your data is granted to those persons who need it to fulfill our contractual and legal obligations. We also use service providers outside our company (esp. freelancers and IT service providers) and vicarious agents may receive data for these purposes and are contractually obligated to maintain confidentiality and comply with data protection regulations in this regard. If the conditions for this exist, we also conclude data processing agreements. Other data recipients may be those entities for which you have given us your consent to transfer data or to which we are authorized to transfer personal data based on a balancing of interests.

Will data be transferred to a third country?
A data transfer to entities in countries outside the European Union (in so-called “third countries”) does not take place in principle, unless,
it is required by law (e.g. due to reporting obligations under tax law, regulations to combat money laundering, terrorist financing and other criminal acts),
you have given us your consent to do so, or

it is necessary to ensure the IT operation and the CRM system  to possibly transfer your personal data to an IT service provider in  another third country in compliance with the European data protection level.

How long will my data be stored?
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which in any case is intended to last for several months and in many cases for years.
If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their (temporary) further processing is necessary for the following purposes:
Fulfillment of retention obligations under commercial and tax law, which may arise especially from the German Commercial Code, the German Stock Corporation Act, the German Money Laundering Act, the German Securities Trading Act and the German Fiscal Code. The periods specified there for the retention of corresponding documentation are generally two to ten years.
Preservation of evidence within the limits of the statutory limitation provisions. According to Sec. 195 et seqq. of the German Civil Code, these limitation periods can be up to 30 years, whereby the regular limitation period being three years.

What data protection rights do I have?

Each data subject has the

  • Right to withdraw consent according to Art. 7 para. 3 GDPR,
  • Right of access according to Art. 15 GDPR,
  • Right to rectification according to Art. 16 GDPR,
  • Right to erasure according to Art. 17 GDPR,
  • Right to restriction of processing according to Art. 18 GDPR,
  • Right to object according to Art. 21 GDPR,
  • Right to data portability according to Art. 20 GDPR.

Regarding the right of access and the right to erasure, the restrictions pursuant to Sec. 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority pursuant to Art. 77 GDPR in conjunction with Sec. 19 BDSG. The data protection supervisory authority responsible  is the Hessian Commissioner for Data Protection and Freedom of Information. He can be reached at the following contact details:

The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box (Postfach) 3163
65021 Wiesbaden
Germany
Telephone: +49 611 1408 – 0

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to Ziehms & Schwartz GmbH before the applicability of the GDPR, i.e. before 25/05/2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

How is the right to object under Art. 21 GDPR designed?
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of a balance of interests (Art. 6 para. 1 lit. f GDPR); this also applies to profiling based on this provision within the meaning of Art. 4 no. 4 GDPR. In the case of so-called “profiling”, we process your data in part automatically with the aim of evaluating certain personal aspects, for example in order to be able to provide you with targeted information and advice about our products and services. This enables us to provide needs-based communication, advertising and market research.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made informally with the subject “objection”, stating your name, address and date of birth, and should be addressed to our data protection officer (see above).

Is there an obligation for me to provide data?
In the context of your business relationship with Ziehms & Schwartz GmbH, you must provide all personal data that is necessary for the establishment, performance and termination of a business relationship and for the fulfillment of the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will generally not be able to enter into, perform or terminate a contract with you.
In particular under money laundering regulations we are obliged to identify you by means of your identification document prior to the establishment of the business relationship and to collect and record your name, place of birth, date of birth, nationality, address and identification data (cf. Sec. 11 para. 1, 4 of the Money Laundering Act). In order for us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.

To what extent does automated decision-making or profiling take place?
For the establishment and performance of business relationships, Ziehms & Schwartz GmbH does not use fully automated decision-making pursuant to Art. 22 GDPR.

What data is collected, processed or used for what purpose on the Ziehms & Schwartz GmbH website?

(1) Logging
The websites of Ziehms & Schwartz GmbH collect a series of general data and information with each call. General data and information are stored in the server’s log files. The following can be recorded:

  • the browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system arrives at our website (so-called Referrer),
  • the sub-websites that are accessed via an accessing system on our website,
  • the date and time of an access to the website,
  • an Internet Protocol (IP) address,
  • the Internet service provider of the accessing system and
  • other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, Ziehms & Schwartz GmbH does not draw any conclusions about the data subject. Rather, this information is needed to

  • display the contents of our websites correctly,
  • optimize the content of our websites and the advertising for them,
  • ensure the long-term functionality of our information technology systems and the technology of our website, and
  • provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

Therefore, Ziehms & Schwartz GmbH analyzes anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our company, with the aim of ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

(2) Contacting per e-mail and contact management
You can contact us by email. The data processing is justified under Art. 6 para. 1 lit. f GDPR. We have an interest in contacting you through the website to address your concern. Insofar as your request is aimed at the fulfillment of a contractual or pre-contractual measure with you as a natural person, Art. 6 para. 1 lit. b GDPR is legal basis for data processing.

We will delete the data generated during your concern/contact as soon as it is no longer required for processing your concern. Insofar as legal storage obligations exist, the data will be stored for the duration of the legally prescribed storage obligation. The use of the contact form is completely voluntary for you.

Data processing by Microsoft
The purpose of the processing by Microsoft is to provide a workplace that enables collaboration and communication within and outside of Ziehms & Schwartz GmbH.
The processing of personal data refers to employees of Ziehms & Schwartz GmbH and all persons such as customers and contractors (current, former, future) who communicate with Ziehms & Schwartz GmbH via Microsoft 365 applications.
Microsoft processes on behalf of Ziehms & Schwartz GmbH among others the following categories of personal data:

  • Professional contact, work, and organizational data (e.g. first name, last name, e-mail, company, social media identifiers, if applicable photo)
  • Private telephone numbers and private data that users enter into the system
  • Authentication data (e.g. user name, password or PIN code, security question)
  • Unique identification numbers and signatures (e. g. IP addresses, signature)
  • Position data and location data (e.g. location at start/end of call)
  • Administrative events (e.g. joining a team, creating a channel, sending an e-mail, etc.)
  • Photos, videos and audio
  • Contents (e.g. contents of the files and communications you enter, upload, receive, create, and control)
  • Metadata (for example, about calls and meetings (e.g. network status, date/time/duration, terminals used, audio quality data))
  • Internet activities (e.g. browsing history, search history)
  • Device identification (e.g. SIM card number)

Data processing specifically when deploying and using Microsoft Teams
Through the Microsoft Teams video conferencing solution, Ziehms & Schwartz GmbH can offer participation via video/audio in online events. Ziehms & Schwartz GmbH uses Microsoft Teams to conduct online events, enable collaborative work on files and internal company communication. In doing so, Ziehms & Schwartz GmbH uses the Team Meetings mode with Microsoft Teams. In general, there is no recording of the event.
In exceptional cases, recording may take place under the following conditions:

  • Prior explicit announcement of the planned recording to the participants twice (firstly when inviting and secondly before the start of the event to be recorded)
  • Participants will be provided with the link to this general data protection information

Participants are provided with the following supplemental privacy information:

  • Concrete purpose of the recording
  • Person responsible for recording (function, role)
  • Authorized users of the recording or Addressees to whom the recording is to be made available
  • Location and duration of the recording.

In particular the following personal data is processed by Microsoft Teams:

  • Communication data (e.g. e-mail address, if this is specified on a personal basis).
  • Log files, log data
  • Metadata (e.g. IP address, time of participation, etc.)

Microsoft implements and maintains technical and organizational measures to protect   your personal data from destruction, loss, or unauthorized access or other forms of unauthorized or unlawful processing of personal data.

Cookies
Microsoft uses cookies and similar technologies to store and maintain preferences and settings.

Legal basis
The data processing is carried out for the fulfillment of (pre)contractual obligations according to Art. 6 para. 1 lit. b GDPR for external parties and internal employees, in the case of image and sound recordings, on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR. Processing within the scope of log files and metadata is carried out on the basis of legitimate interest pursuant to. Art. 6 para. 1 lit. f GDPR (legitimate interest to detect misuse and ensure IT security and continuous improvement of services).

You can revoke your consent at any time. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.