Privacy Statement for eBilanz-Online

General

The

Bundesanzeiger Verlag GmbH
Amsterdamer Str. 192
50735 Cologne

Tel.: +49 (0)221 9 76 68-0
Fax: (02 21) 9 76 68-278
Email: service(at)bundesanzeiger.de

operates this website to offer services and information.

We process your personal data according to the provisions of the relevant data protection laws. Refer to “Definitions” in the glossary for explanations of the data protection terminology. The following provisions inform you about the type, scope and purpose of collection, processing and use of personal data. This Privacy Statement applies only to our web pages. If you are directed to other websites by a link on our pages, you must refer to the data privacy information on these websites.
When possible, we will use digital security systems to encrypt your personal data and take technical and organisational measures to protect it from damage, destruction or unauthorised access.

Browser data

For technical reasons and to maintain and improve functionality, we will automatically collect and store the data transferred by your Internet browser to us. We will transfer this data to third parties when necessary. Refer to “Transfer” for more information. Our legitimate interest in processing according to Art. 6 paragraph 1 point (f) GDPR is to ensure the operational safety of our website.

The information we collect is:

– Browser type and version
– Operating system
– Website from which you visit us (referrer URL)
– Web page that you visit
– Date and time of your access
– Your Internet protocol data (IP address)
– Volume of data transmitted
– Access status (files transferred, files not located etc.)

This anonymous data will be stored separately from any personal data you provide, and hence will not permit any conclusions to be drawn about any particular person. It can be analysed for statistical purposes in order to optimise our web presence and services. After analysis, the data will be deleted.

Anonymised user profiles

Unless otherwise stated, it is not necessary to provide personal data to use our website. Data is stored in a log file each time a user accesses the aforementioned web pages or requests a file. We use this data for technical reasons to enable your visit to our website. Moreover, we use this data for statistical purposes to improve the design and layout of our website. This data is not associated with any particular person. Our legitimate interest in processing according to Art. 6 para 1 sentence 1 letter f) of the EU-GDPR is to ensure the operational safety and functionality of our website.

The following dataset is stored with each request:

•    Name of the requested file
•    Date and time of the request
•    Volume of data transmitted

Message whether the request was successful
•    Description of the type of web browser used
•    Requesting domain
•    The domain’s country of origin

Creating a user profile (registration)

You have the option to register on our website and in doing so create a user profile. In addition to the data that your browser transmits automatically, we collect the following data during your registration on our website. This information is marked as obligatory or voluntary, depending on the purpose of processing:•    Date of registration•    Your first name and last name•    Your address details•    Your email addressYour user profile then gives you access to other parts of our website, as well as the opportunity to sign in for the services you have purchased. The legal basis for data processing is the consent provided by an individual according to Art. 6 paragraph 1 sentence 1 letter a) of the EU-GDPR.

Collection and use of personal data

Your personal data, insofar as it is necessary for the establishment, wording or modification of the contractual relationship (inventory data), will be used exclusively for the fulfilment of a contract. We explicitly reserve the right to use permissions granted in certain circumstances under relevant legislation and for particular legal grounds.

We do not ask for personal data when you make contact with us by email, fax or telephone. We only request the data that we need to process your enquiry in a meaningful manner, which shall at least be your last name, first name, email address and telephone number. The legal basis is our legitimate interest in processing according to Art. 6 para 1 sentence 1 letter f) GDPR. The obligatory data fields are marked accordingly. In addition, you may provide us with additional information on a voluntary basis when making contact with us. We will store the data and use it to answer your enquiry. Some services on our portal are provided in cooperation with partner firms. It may be necessary to transfer your personal data to these partner firms in order to provide these partner services. Your data will be used exclusively for the purposes of answering your enquiries in this case as well, and also by our partners. Your voluntary provision of this data constitutes your consent to use of the data as stated above. We log your consent for the collection and use of data. The legal basis for data processing is the consent provided by the data subject according to Art. 6 para 1 sentence 1 letter a) of the EU-GDPR.
As one example, we will need to pass on your name and address to the payment service provider in order to charge you for paid services. Your personal data will not be passed on to third parties that are uninvolved in contractual fulfilment without your explicit consent or a statutory requirement.

In individual cases, we are entitled to provide information on inventory data on the orders of competent agencies, where this is necessary for the purposes of criminal prosecution, for security reasons of the state police forces, to satisfy the statutory tasks of the federal and state offices for the protection of the constitution and counterterrorism, the Bundesnachrichtendienst (BND) or the Military Counterintelligence Service, or to exercise rights to intellectual property.
Where we receive these requests, we review them carefully with the means at our disposal and only disclose your data if our legal obligation is substantiated. In these cases, the legal basis for data processing is compliance by the controller with legal obligations according to Article 6 para 1 sentence 1 letter c) of the EU-GDPR and other relevant statutes.

Use of cookies and analysis tools

a) Cookies

Our website makes use of cookies. Cookies are small text files which our web server will send to your computer to store certain information (e.g. attributes for identification). Cookies will be used for statistical analysis of usage, including the recording of new and recurring visits when you use our website anonymously. We also use Cookies to determine the extent to which free content is used. Our website will send a Unit ID to your browser to determine this parameter. This will be an anonymous code used exclusively to establish the already used free content. When you visit our website under your user profile, Cookies will be used for the duration of your visit to identify your browser and the various Web pages you are visiting.

Our website can also be used without allowing the storage of Cookies. You can block the storage of Cookies in your browser settings or tell your browser to inform you when a web page wants to store Cookies. You may then decide to accept or reject the storage of Cookies. For our website to remain fully functional, it will, however, be necessary for technical reasons to allow the unrestricted storage of temporary Cookies. Even when Cookies are deactivated, our website will send the above Unit ID to your browser to measure the usage of free content. The legal basis for this is a legitimate interest pursuant to Article 6 (1) f) GDPR. You may refer to the Help pages for your Internet browser for further information on the blocking of Cookies. Look under windows.microsoft.com for Windows Internet Explorer and under support.mozilla.com for Firefox, for example.

In detail, the following cookies are used:

  1. cc

Lifetime: 90 days (if you click on “Accept Cookies” in Cookie Consent Banner), otherwise 1 day
Purpose of data collection: Technically necessary cookie to store the settings regarding the cookie consent.

  1. JSESSIONID

Lifetime: Duration of the session
Purpose of data collection: technically necessary cookie to manage the user session.

  1. lang

Lifetime: 2 days
Purpose of data collection: technically necessary cookie to store the language settings.

  1. validade-cookie

Lifetime: End of the session
Purpose of data collection: technically necessary cookie to check whether cookies may be set.

  1. wordpress_test_cookie

Lifetime: End of the session

Purpose of data collection: technically necessary cookie, description: A test cookie to check if cookies may be set.

  1. pll_language

Lifetime: 1 year
Purpose of data collection: technically necessary cookie to store the language settings.

  1. NSC_cboa_xxx.fcjmboapomjof.ef

Lifetime: End of the session
Purpose of data collection: technically necessary cookie for load balancing.

b) Matomo

With your consent, this website uses Matomo, an open source web analysis tool (https://matomo.org), to collect and store data for optimization purposes. From this data, user profiles can be created under a pseudonym. Cookies can be used for this purpose. The cookies enable the recognition of the internet browser. The data collected with Matomo will not be used to personally identify the visitor of this website and will not be combined with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. The software runs exclusively on the servers of the Bundesanzeiger Verlag GmbH. The information generated by the cookie about your use of this website is also not passed on to third parties. The legal basis for the processing is your consent according to Article 6 paragraph 1 of the GDPR.

Im Einzelnen werden folgende Cookies eingesetzt:

_pk_id
Type: Statistics
Lifetime: 13 months
Data: visitorID.cookieCreationTimestamp, visitsCount.currentVisitTimestamp, lastVisitTimestamp.lastEcommerceOrderTimestamp
Purpose: Stores user details, e.g. the unique visitor ID

_pk_ref
Type: Statistics
Lifetime:  6 months
Daten: Referrer URL
Purpose: Saves referrer information from the first time you enter the website

_pk_ses, _pk_cvar, _pk_hsr
Type: Statistics
Lifetime: 30 minutes
data: Matomo sessionId, if it is not set at visit, the visitCount in _pk_id is increased, page specific variable keys and values, Matomo Heatmap session recording data
Purpose: To store short-term data about visits to the website

_pk_testcookie
Type: Statistics
Lifetime: short term (< 1 second)
data: Test data
Purpose: Is created and deleted directly to test whether the user’s browser supports cookies.

In the default setting the web analysis is deactivated. You can decide whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data. If you would like to decide against this at a later date, please select the appropriate option under the following link “Revoke cookie settings” to store the Matomo deactivation cookie in your browser.

c) Mouseflow

This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected individual visits (only with anonymous IP address). For this purpose, data is collected and stored for marketing and optimization purposes.
These data are:
– Clicks, mouse movements, hovering, scrolling
– Browser
– Device (Desktop/Tablet/Mobile)
– Language
– Operating system
– Screen resolution
– Visit duration
– Navigation (URLs)
– Page content (HTML)
– ISP & Location (City, State/Region, Country)
– Type of visitor (first visitor/returnee)
– Individual tags or variables

This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website.

Furthermore, feedback campaigns are played out via mouseflow, which are intended to record the satisfaction with the website or certain specific contents. The play of such feedback campaigns and participation are also recorded in the cookie.

The data collected with Mouseflow will not be used to personally identify the visitor of this website and will not be merged with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. The processing is based on your consent in accordance with Article 6 paragraph (1) a) GDPR. You have the right to revoke your consent at any time.
If you do not wish a recording, you can deactivate it on all websites that use mouseflow by clicking on the following link: www.mouseflow.de/opt-out/.
The data will be deleted as soon as they are no longer required for the purpose of their collection and no legal retention periods exist. Deletion usually takes place after 12 months.
In detail, the following cookies are used:

Cookie Name: Mf_[website-id]
Purpose: 1st party cookie,
identifies the current session on the website
Lifetime: Duration of the session

Cookie Name: Mf_user
Purpose: 1st party cookie,
checks whether a new or returning user is entering the site
Lifetime: persistent

External links or hyperlinks to websites of other providers

Our website contains external links or hyperlinks to websites of other providers. These are distinguishable from the contents which we provide. We do not produce this external content, nor are we able to influence any content on pages provided by third parties.

You are directed from our website to the website of an external provider when you click on a link or hyperlink. We are unable to guarantee in these cases that the external providers will treat your data confidentially or adhere to the provisions of data protection. Responsibility in this regard rests exclusively with the website provider.

We remove links immediately if we become aware of illegal content in external links or hyperlinks published on our website. Kindly contact our data protection officer if you have any relevant information in this regard: dsb@bundesanzeiger.de.

Your rights/contact details/objection

Objection and revocation

You may object at any time to the use of your data without prior consent, effective for the future.

Kindly be aware that you are entitled at any time to revoke the consent you may have already provided, partially as well as wholly, and with effect for the future.
To do so, send an email to:

The Data Protection Officer, Bundesanzeiger Verlag GmbH, Amsterdamer Straße 192, 50735 Cologne,

Phone: +49 (0) 2 21 / 9 76 68-0

eMail: dsb(at)bundesanzeiger.de

You have the following rights

Article 13, 14 EU-GDPR – Right to information
Article 15, EU-GDPR – Right to access: We will inform you on request of the personal information we have stored about you. The information is available in text form. See below for the contact details.
Article 16 EU-GDPR – Right to rectification
Article 17 EU-GDPR – Right to erasure
Article 18 EU-GDPR – Right to restriction of processing
Article 19 EU-GDPR – Notification
Article 20 EU-GDPR – Right to data portability
Article 21 EU-GDPR – Right to object
Article 22 EU-GDPR – Automated individual decision-making, including profiling
Article 23 EU GDPR – Restrictions
Article 77 EU GDPR – Right to lodge a complaint with a supervisory authority

The legislator has introduced a variety of statutory retention obligations and periods. As a matter of routine, the data is erased at the end of these periods.

Note:

We do everything we can to take all technical and organisational means possible to store your data in such a way that it is protected from access by third parties. We are unable to guarantee complete data security when communicating by email, and we therefore advise you to send confidential information by post.

Currency and amendment of the Privacy Statement

Each amendment of this Privacy Policy shall be published here on this website and shall apply from its date of publication. Where the Bundesanzeiger Verlag GmbH uses your data for any additional purposes, we shall request your consent. The purpose for which your data shall be used will only change upon provision of your consent.

This privacy policy is currently valid and dated 09.12.2020.

Definitions/Glossary

“Anonymisation” means the modification of personal data so that the information concerning personal or material circumstances can no longer or only with a disproportionate amount of time, expense and labour be attributed to an identified or identifiable individual.

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Controller” means any person or body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Special categories of personal data” means information on a person’s racial or ethnic origin, political opinions, religious or philosophical convictions, union membership, health or sex life.

“Consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“Recipient” means any person or body receiving data. Third party means any person or body other than the controller. This shall not include the data subject or persons and bodies commissioned to collect, process or use personal data in Germany, in another Member State of the European Union or in another state party to the Agreement on the European Economic Area.

“Collection” means the acquisition of data on the data subject.

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

“Pseudonymisation” means replacing a person’s name and other identifying characteristics with a label, in order to preclude identification of the data subject or to render such identification substantially difficult.

“Company” is any natural or legal person engaging in economic activity, regardless of the legal form, including partnerships or associations that regularly pursue economic activity.

“Corporate group” is a group comprising a controlling enterprise and dependent enterprises.

“Processing” means the storage, modification, transfer, blocking and erasure of personal data. In particular cases, irrespective of the procedures applied:

1.    “storage” means the entry, recording or preservation of personal data on a storage medium so that they can be processed or used again;
2.    “modification” means the alteration of the substance of stored personal data;
3.    “transfer” means the disclosure to a third party of personal data stored or obtained by means of data processing either
a) through transmission of the data to the third party or
b) through the third party inspecting or retrieving data held ready for inspection or retrieval;
4.   “blocking” means labelling stored personal data so as to restrict their further processing or use;
“erasure” means the deletion of stored personal data.

Extrajudicial Online Dispute Resolution

The European Commission has established a platform for extrajudicial online dispute resolution (OS Platform), which is available at ec.europa.eu/consumers/odr/. Please be aware that we will not participate in dispute resolution proceedings in front of a consumer arbitration body.

Allgemeine Informationen der DSGVO in der Steuerverwaltung

Do you have anymore questions? Then call us free of charge on: 0800 – 1 23 43 36