Our services
Our strengths
Our references
Costs
Contact
Imprint
Data Protection
Deutsch

Data Protection

Privacy information for those affected
This is only a translation of the German Data Protection whose wording is decisive in all cases of doubt.

TIPAL GmbH Wirtschaftsprüfungsgesellschaft, Berlin (“TIPAL”), implements the requirements of the European General Data Protection Regulation (DS-GVO) and other legal requirements for the protection of personal data. In particular, technical and organizational security measures are implemented that comply with current security standards.

With the following data protection notices we inform about the processing of personal data by TIPAL in the context of our general business activity and for the purpose of providing services in the mandate relation as well as over the persons concerned rights.

 

  1. Who is responsible for data processing?

TIPAL GmbH
Herr WP Tilo Drebes
Schrammstr. 4
D-10715 Berlin
E-Mail: tilo.drebes@tipal.eu

 

  1. How do I contact the data protection officer?

Confidential to the attention of the data protection officer either under the postal address mentioned under 1. or by e-mail.

 

  1. What personal data do we process?

The term “personal data” in this document means personal data as defined in Article 4 (1) of the DS-GVO. This is all information that relates to a person (a natural person) and with which this person can be identified directly or indirectly.

As part of our general business activities and for the provision of services to our clients, we generally process not only contact details such as name, address, telephone number and e-mail address but also information such as bank details and payment data, as well as other personal and professional information, if applicable, as far as they play a role in the provision of services.

In many cases it is not possible or disproportionate to work with anonymised or pseudonymised data as part of our activities. Also, due to statutory professional requirements, we are obliged to transfer certain personal data of a person, e.g. to implement the obligations under the Money Laundering Act and professional independence requirements.

 

  1. For what purpose do we process personal data and on what legal basis?

As an auditing firm, we process personal data in the course of our general business activities and for the purpose of providing services for our clients in the areas of auditing and business consulting (§ 2 WPO) on the basis of one of the following legal bases:

a) Fulfillment of contractual obligations (Art. 6 (1) S. 1 lit. b DS-GVO)

The processing of personal data takes place to carry out a contract or already at the initiation of a contractual relationship with a natural person. Scope and details of the data processing arise from the respective contract and, if applicable, the associated order terms.

b) Fulfillment of legal requirements (Art. 6 (1) S. 1 lit. c DS-GVO)

As an auditing firm, TIPAL is subject to legal requirements that may give rise to an obligation to process personal data (for example, auditors’ regulations, professional chartered accountants / certified accountants, money laundering legislation). On the basis of these specifications, TIPAL is committed to the proper storage and documentation of all services and archives documents and work results in appropriate IT systems and, if necessary, also in paper form. In order to guarantee our professionally required independence, we carry out conflict checks at the time of order acceptance, which also process personal contact data.

c) Safeguarding legitimate interests (Art. 6 (1) S. 1 lit. f DS-GVO)

TIPAL processes personal data in the context of general business operations and for the purpose of providing services for our clients on the basis of a balance of interests, provided that the interests of the persons concerned do not predominate. A concrete interest of TIPAL lies in the provision of the contractual obligations towards the clients. TIPAL processes personal data provided by clients only to the extent that this is actually necessary for the provision of services.

In order to safeguard the legitimate interests of the persons concerned by the processing of data by TIPAL, TIPAL, as an accounting firm and professional secrecy subject, is subject to and governed by mandatory statutory provisions of professional law and professional supervision and is responsible for ensuring that all services, including the related processing of personal data, are independent, conscientious and keep secret. All TIPAL employees are trained to comply with data protection regulations and are required to provide confidentiality.

d) Consent of the person concerned (Art. 6 (1) S.1 lit. a), Art. 7 EU DS-GVO)

If none of the above Legal basis according to a) to c) exists, TIPAL bases the processing of personal data on the informed consent of the data subject, which is explicitly requested by the data subject.

  1. To whom are personal data disclosed?

In compliance with the statutory and professional confidentiality obligations, personal data may be disclosed to the following recipients:

  • If necessary, authorities, courts or other public bodies at home and abroad.
  • Strictly dedicated to other IT service providers and other contract processors, such as Hosting, cloud services, document destruction, archiving, subject-related service providers (for example in the field of tax consulting mandates), public relations (for example sending newsletters, client information, studies).

When integrating service providers into TIPAL’s data processing processes, TIPAL’s high privacy standards are contractually transferred to service providers. In the case of contract data processing relationships pursuant to Art. 28 EU DS-GVO, legally standardized data protection contracts are agreed.

 

  1. Is data transmitted to a third country or to an international organization?

A transfer of personal data to countries outside the European Economic Area (EEA) will only take place to the extent necessary for mandate supervision, on the basis of consent, to fulfill legal requirements (for example, professional conflict of interest checks) or through the involvement of contract processors.

For service providers (including the use of cloud services) outside the EEA the appropriate level of data protection required under EU data protection law is ensured by complying with Art. 45 et seq. EU DS-GVO.

 

  1. How long will personal data be stored?

TIPAL stores personal data, as long as this is required for the performance of the respective performance relationship or – as long as your personal data are the subject of statutory retention obligations or part of documents that are subject to statutory retention requirements – for the duration of the statutory retention period (eg in WPO, HGB, AO, GwG, KWG, WpHG).

The retention periods vary in length and usually cover a period of 6 to 10 years; in justified individual cases (for example, preservation of evidence), the retention period may also be longer.

Insofar as the data concerned is subject to different retention periods, the longest storage period is decisive.

 

  1. Which data protection rights do those affected have?

Data subjects have rights of access concerning the processing of their personal data by TIPAL (including the purpose of processing, any recipients and the expected duration of storage), rights to correct incorrect data, deletion, limitation of processing and data portability of the data transferred and the right to Objection to use for marketing purposes and due to processing of legitimate interest. Consents granted once may be revoked against TIPAL at any time with effect for the future. To protect these rights, any interested party can contact the TIPAL Data Protection Officer (see paragraph 2). In addition, there is also a right of appeal to a data protection supervisory authority.