Data Protection Information for Clients of Mauer Unternehmensberatung GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft

We inform you below about how and on what basis we process your personal data and what rights you are entitled to.

1. Who is responsible for data processing?

Mauer Unternehmensberatung GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft
Borsigstraße 6
72760 Reutlingen
Tel.: +49 7121 90 90 20
Email: kontakt@mauer-gruppe.com

You can reach our Data Protection Officer at:
Email: datenschutz@mauer-gruppe.com

2. Purposes of processing and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other relevant data protection regulations. Further details and supplements regarding the purposes of processing can be found in our contractual documents, forms, consent declarations, and other information provided to you (e.g., the website or general terms and conditions).

We process personal data for the purposes of:

• Executing and managing the mandate relationship, including correspondence,
• Fulfilling our contractual and legal obligations as tax consultants and auditors,
• Handling mutual claims arising from the contractual relationship (e.g., invoicing, performance, remuneration, and liability claims, etc.).

2.1 Consent (Art. 6 (1) (a) GDPR

If you have explicitly given us consent to process personal data for specific purposes, that consent serves as the legal basis for the processing in question. You may withdraw your consent at any time with effect for the future.

2.2 Performance of pre-contractual measures and fulfillment of contractual obligations (Art. 6 (1) (b) GDPR

We process your personal data to carry out measures and activities within the scope of pre-contractual relationships, particularly for contract negotiations. Furthermore, your personal data will be processed for fulfilling our mandate contract and utilizing our services.

2.3 Fulfillment of legal obligations (Art. 6 (1) (c) GDPR

We process your personal data as required to comply with commercial and tax retention obligations or other legal norms (e.g., according to the Money Laundering Act).

2.4 Protection of legitimate interests of us or a third party (Art. 6 (1) (f) GDPR

We may also process your personal data on the basis of a balancing of interests to protect the legitimate interests of us or a third party. In particular, maintaining a continuous business relationship with our clients is in our legitimate interest.

3. Categories of personal data we process

The following categories of data are processed:

• First and last name, salutation, and possibly title
• Postal addresses
• Phone numbers
• Possibly fax numbers
• Email addresses
• Information necessary for the proper execution of the mandate

4. Who receives your data?

We share your personal data within our company with the departments that need this data to fulfill contractual and legal obligations or to implement our legitimate interests.

The transmission of personal data to third parties only occurs on your instructions and with your consent. We provide personal data within the scope of the mandate relationship to the following recipients:

• Tax authorities and courts
• Social security agencies
• Bundesanzeiger Verlag GmbH
• Banks, credit institutions, insurance companies, and professional associations
• Processors (e.g., data centers, IT service providers, printing service providers, disposal companies, etc.), whose services we use only if they have been obligated to maintain our professional secrecy under Section 203 (3) of the Criminal Code.
• Depending on the individual case, to other recipients that we will coordinate with you in advance.

5. Transfer of your data to a recipient in a third country or an international organization

Data transfers to third countries (countries outside the European Economic Area – EEA) only take place if necessary for the execution of the mandate contract (e.g., payment orders) or if you have given us your consent or if it is otherwise legally permissible. In this case, we take measures to ensure the protection of your data, such as through contractual agreements. We only transfer data to recipients who ensure the protection of your data according to the provisions of the GDPR for transfers to third countries (Articles 44 to 49 GDPR).

6. How long do we store your data?

If necessary, we process your personal data for the duration of our contractual relationship with you. In addition, we are subject to various retention and documentation obligations that result from legal frameworks. Generally, this is 10 years plus an additional grace period of 4 years to account for potential limitation periods. After 14 years, we assess whether there are reasons for further retention. Ultimately, the storage duration is also determined by the legal limitation periods, which can generally be three years, but in certain cases, up to thirty years according to Sections 195 ff. of the German Civil Code (BGB).

7. Is there automated decision-making, including profiling?

We do not use purely automated decision-making procedures under Article 22 GDPR. Should we use such procedures in individual cases, we will inform you separately.

8. No obligation to provide us with your data

You are not obliged to provide us with your personal data. However, without providing the data, the execution of a mandate contract would not be possible, which could ultimately result in the refusal to conclude or the termination of the mandate relationship. In this context, you only need to provide those data that are:

• Required for the initiation and execution of the contractual relationship with us,
• Required by law, or
• Subject to our legitimate interest.

If we request additional data, you will be separately informed about the voluntary nature of the provision.

9. Rights of the data subject

You have the right to:

• Request information about your personal data processed by us according to Article 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of the right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from you, and the existence of automated decision-making, including profiling and, if applicable, meaningful information about the details thereof;
• Request the rectification of inaccurate or completion of your personal data stored by us according to Article 16 GDPR;
• Request the erasure of your personal data stored by us according to Article 17 GDPR, provided that the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
• Request the restriction of processing your personal data according to Article 18 GDPR, if the accuracy of the data is contested by you, the processing is unlawful but you oppose erasure, and we no longer need the data but you need it for the establishment, exercise, or defense of legal claims or if you have objected to the processing under Article 21 GDPR;
• Receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or request the transmission to another controller according to Article 20 GDPR;
• Withdraw your consent at any time according to Article 7 (3) GDPR. This means that we will no longer continue processing the data based on that consent in the future.

If you wish to exercise any of these rights, please contact us or our Data Protection Officer.

Information about your right to object under Article 21 GDPR
You have the right to object to the processing of personal data concerning you that is based on Article 6 (1) (f) GDPR (processing for the protection of legitimate interests) or Article 6 (1) (e) GDPR (processing for tasks carried out in the public interest).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Information about your right to withdraw consent under Article 7 (3) GDPR
If we process your personal data for specific purposes based on your consent, you have the right to withdraw your consent at any time according to Article 7 (3) GDPR. Upon receipt of your withdrawal, we will cease processing the data for the purposes for which you had given consent. The lawfulness of processing before the withdrawal remains unaffected.

Please note that the withdrawal only affects future processing. Processing that occurred before the withdrawal is not affected.

Objections can be made informally and should preferably be directed to:
Mauer Unternehmensberatung GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft
Borsigstraße 6
72760 Reutlingen
E-Mail: kontakt@mauer-gruppe.com

11. Your right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority if you believe that the processing of your data violates the GDPR (Article 77 GDPR). The competent supervisory authority for us is:

The State Commissioner for Data Protection and Freedom of InformationP.O. Box 10 29 32 in 70025 Stuttgart, Tel: 0711/615541-0, E-Mail: poststelle@lfdi.bwl.de

‍