We are very pleased about your interest in our company. Data protection is of particular importance for the management of Dr. Reuthlinger & Breig und Partner GdbR, MTG Mittelbayerische Treuhandgesellschaft mbH and MTG Consulting GmbH („MTG Wirtschaftskanzlei“ in the following).
The processing of your personal data always takes place in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and in accordance with the country-specific data protection regulations applicable to the MTG Wirtschaftskanzlei.
“Personal Data” entail any information relating to an identified or identifiable natural person. That is, all personal data that is related to you, such as name, address, email address or telephone number.
“Processing”, for example, means the collection, recording, structuring, storage, use, dissemination or deletion of personal data.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The MTG Wirtschaftskanzlei, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security lapses, so that absolute protection cannot be guaranteed. For this reason, you and any data subject are free to submit personal data to us by alternative means, for example, by telephone.
For security reasons and to protect the transmission of confidential content, this site uses an SSL or
TLS encryption such as orders or requests that you send to us as a site operator. An encrypted connection is indicated by the browser’s address bar changing from “http: //” to “https: //” and the lock icon in your browser bar. If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
1. Name and address of the controller
Dr. Reuthlinger & Breig und Partner GdbR
Phone: +49 9441 2970-0
MTG Mittelbayerische Treuhandgesellschaft mbH
Phone: +49 9441 2970-0
MTG Consulting GmbH
Phone: +49 941 208645-0
2. Contact details of the data protection officer
All interested parties and visitors to our website can access our data protection officer in privacy matters at: firstname.lastname@example.org
3. Collection of general data and information
The website of MTG Wirtschaftskanzlei collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information are stored in the log files of the server. The following can be recorded:
(1) used browser types and versions,
(2) the operating system used by the accessing system,
(3) the website, from which an accessing system comes to our website (so-called referrer URL),
(4) the sub-websites, which are accessed via an accessing system on our website,
(5) the date and time of access to the website,
(6) an Internet protocol address (IP address),
(7) the Internet service provider of the accessing system and
(8) other similar data and information used in the event of attacks on our information technology systems.
When using this general data and information, the MTG Wirtschaftskanzlei does not draw any conclusions about the data subject. This information is needed rather for the following purposes: in order to
(1) allow the visit to the site,
(2) deliver the contents of our website correctly,
(3) optimize the content of our website as well as the advertisement for it,
(4) ensure the permanent functioning of our information technology systems and the technology of our website as well,
(5) provide law enforcement authorities with the information necessary for law enforcement in the event of cyber attack
This anonymously collected data and information are therefore statistically and further evaluated by the MTG Wirtschaftskanzlei with the aim of increasing data protection and data security in our company in order to ultimately ensure the best possible level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for the collection of the above-mentioned general data is Article 6 (1) sentence 1 lit. f GDPR, as the processing of this data is required to show you our website and to ensure the stability and security of the website.
4. Legal basis of processing
Article 6 (1) sentence 1 lit. a GDPR serves our company as a legal basis for processing operations where we obtain a voluntary consent from the data subject for a particular processing purpose.
If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, the processing is based on Article 6 (1) sentence 1 lit. b GDPR. This is the case, for example, for processing operations that are necessary for the supply of goods or the provision of any other service or consideration. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 (1) sentence 1 lit. c GDPR.
In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 (1) sentence 1 lit. d GDPR.
The processing operations can be based on Article 6 (1) sentence1 lit. f GDPR. Processing is based on this legal basis if processing is necessary to safeguard the legitimate interests of our company or a third party, provided the interests, fundamental rights and fundamental freedoms of the data subject do not prevail. Before proceeding with processing, the existence of a legitimate interest is considered on a case-by-case basis, including the question of whether a data subject can reasonably foresee at the time of collection of the personal data and in view of the circumstances in which it occurs that there may be processing done for this purpose.
5. Recipients or categories of recipients of personal data
In general, personal data that you provide to us about you will only be processed by us as the controller. If, in the course of our processing, we disclose data to other persons and companies, such as web hosts, contract processors or third parties, transmit them to them or otherwise grant access to the data, this is done on the basis of a legal permission (e. g. if a transmission of the data to third parties in accordance with Article 6 (1) sentence 1 lit. b GDPR is required to fulfil the contract), if the parties have given their consent, a legal obligation to do so, it is necessary to perform a task that is in the public interest or based on our legitimate interests.
These requirements also apply to any data transfers within the MTG Wirtschaftskanzlei between Dr. Reuthlinger & Breig and Partner GdbR, MTG Mittelbayerische Treuhandgesellschaft mbH and MTG Consulting GmbH. If this transfer takes place for administrative purposes, the transfer of the data is based on our legitimate interests or takes place if it is necessary to fulfill our contractual obligations, or if the consent of the person concerned or a legal permission is available.
6. Data transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or data transfer to third parties, this will only be done if it is to fulfil our (pre) contractual obligations, it is on the basis of your consent, or on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Article 44 ff. GDPR. Thus, the processing is, e.g., on the basis of specific guarantees, such as the officially recognized level of data protection compliance with officially recognized special contractual obligations (so-called ” standard contractual clauses “).
Note on the third country transfer of personal data to the U.S. by Google, Facebook, Inst gram, YouTube etc.
7. Period of storage of personal data or criteria for determining the period
We as the controller are only processing and storing the personal data of the data subject for the period required to achieve the purpose of storage or, if so required by the European directive and regulatory body or other legislator in laws or regulations, for which we are subjected to for the processing of the data.
If the storage purpose is omitted or if a storage period prescribed by the European directive and / or regulatory body expires, in particular statutory retention, the personal data are routinely deleted and in accordance with the legal requirements, if they are no longer necessary for the purpose, fulfilment of the contract or preliminary agreement.
The criterion for the duration of the storage of personal data is thus the respective statutory retention period.
8. Rights of the data subject
As far as your personal data are processed by the MTG Wirtschaftskanzlei, you are “data subject” within the meaning of the GDPR and you have the following rights. If you, as the data subject, wish to avail yourself of any of these rights, you can contact our data protection officer or any employee of the controller at any time.
a) Right of access by the data subject
As a data subject, you can obtain confirmation from us as to whether or not personal data concerning you is being processed by us.
In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that your right to information may be restricted under certain circumstances in accordance with the statutory provisions (in particular § 34 BDSG).
b) Right to rectification
As the data subject, you have the right to demand from us the correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you as the data subject also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
c) Right to erasure(“right to be forgotten”)
According to Art. 17 GDPR, you can request the erasure of your personal data. The right can be restricted under certain conditions. In addition, your right to erasure depends, among other things. on whether the data relating to you is still required by us to fulfill our legal tasks.
d) Right to restriction of processing
According to Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.
e) Right to data portability
You have the right to receive personal data concerning you that you provide to us as the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance by the controller to which the personal data have been provided, where
- the processing is based on a consent in accordance with Article 6 (1) sentence 1 lit. a GDPR or Article 9 (2) lit. a GDPR or on a contract pursuant to Article 6 (1) sentence 1 lit. b GDPR and
- the processing is carried out by automated methods.
In exercising this right, you also have the right to ensure that the personal data relating to you are transmitted directly from one controller to another controller, as far as this is technically feasible. Freedoms and rights of other persons may not be impaired.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
f) Right to object in accordance with Article 21 GDPR
You have the right at any time, for reasons arising from your particular situation, to appeal against the processing of your personal data, which takes place pursuant to Article 6 (1) sentence 1 lit. e or f GDPR, including profiling based on those provisions. Profiling means the use of personal data to evaluate certain aspects relating to natural persons, in particular to analyse or predict aspects relating to work performance, economic condition, health, personal preferences of that natural person.
The controller will no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
Where the personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
9. Right t to lodge a complaint with a supervisory authority
If our data protection officer cannot answer your request to your satisfaction or if you believe that the processing of your personal data violates the GDPR, you have the right to complain in any case to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement.
The “Bayerische Landesamt für Datenschutzaufsicht” (Bavarian State Office for Data Privacy Supervision) is the data protection supervisory authority responsible for our company based in Bavaria and can be reached at:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Phone: +49 (0) 981 180093-0
Telefax: +49 (0) 981 180093-800
10. Conditions for consent/ withdrawal of consent
If you have given us your consent for the purposes you have chosen, the processing of your personal data is based on Article 6 (1) sentence 1 lit. a GDPR. Separate consent must be given for different purposes and processing operations. Before you give your consent, you as the data subject will be informed of the purpose and scope of the processing.
The submission of your declaration of consent is voluntary. It can be completely or partially refused or withdrawn without giving reasons, without fear of disadvantages. The consent can be withdrawn at any time with effect for the future. The withdrawal of your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawing. Statutory permissions remain unaffected by a withdrawal of consent. Your data will be saved until you inform us that you withdraw your consent. Your data will then be deleted immediately, unless there are statutory retention periods to the contrary.
11. Data processing in the context of tax advice, auditing, legal advice and other (pre) contractual legal relationships
We process personal data as part of our client relationship and to provide you with (pre) contractual services in the field of tax advice, auditing and legal advice. We also process personal data within the framework of other (pre) contractual relationships with our business or contractual partners. This is done to fulfill our (pre) contractual or legal, for example professional, obligations on the basis of the consent of the mandate or business or contractual partner, or if there is a legitimate interest on our part (Article 6 (1) sentence 1 lit. b, c, f GDPR).
A transfer of personal data to third parties only takes place insofar as this is necessary for the fulfillment of the purposes and services just mentioned. In the context of tax advice, auditing and legal advice, for example, disclosure to authorities may be necessary to fulfill contractual or legal obligations.
Payment service provider
We use trustworthy payment service providers to process payments within the framework of contractual or other relationships with our clients, business or contractual partners. Personal data (e.g. name, bank details, etc.) required to process the payment are transmitted to the respective payment service provider. The payment service provider is responsible for your payment data. With regard to the information on data protection, the corresponding instructions from the payment service provider apply.
12. Video conferences
We use “Microsoft Teams” to conduct video conferences.
As part of the video conference, both user data (e.g. name, e-mail address, possibly telephone number) and content data (e.g. date and time of participation, approved screen content and files, chat content) are processed by us. This is done in order to be able to carry out (pre) contractual measures with you and thus to carry out internal and external meetings. A video conference can only be recorded with prior express consent (for the criteria for consent, see point 10).
All data in “Microsoft Teams” are stored on Microsoft’s servers in the EU.
Legal basis for the processing of the data can be Article 6 (1) sentence 1 lit. a, b or f GDPR.
Microsoft provides detailed information on security and compliance in “Teams”: https://docs.microsoft.com/de-de/microsoftteams/security-compliance-overview?view=o365-worldwide.
13. Automated decisions in individual cases including profiling
You have the right not to be subjected to a decision based solely on automated decision-making – including profiling – that will have legal effect or similarly impair you substantially in a similar manner. By law, exceptions to this right are provided for.
As a responsible company, we refrain from automatic decision-making or profiling.
14. Data protection in applications and in the application process
We as the controller process personal data of applicants for the purpose of handling the application process.
The processing of applicant data is based on Article 88 (1) GDPR in conjunction with § 26 BDSG.
The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents by electronic means, for example by email or via a web form located on the website of the MTG Wirtschaftskanzlei, to us as the controller.
As part of the selection process, the applications are viewed, if necessary, queries are made, invitations to interviews sent and collected in interviews in the recruitment of additional personal data in order to ultimately make a decision regarding the selection of candidates.
If the controller concludes a contract of employment with an applicant, the data transmitted will be processed for the purposes of the employment relationship in compliance with the law.
If there is no employment after the application process, the application documents will be deleted six months after the announcement of the rejection decision. The deletion period results from the application of Article17 (3) lit. b GDPR (exception to the fundamental obligation to delete if personal data processing is required to fulfil an obligation under German law or EU law) in conjunction with § 15 (4) General Equal Treatment Act (AGG) and § 61b (1) Labour Court Act ( ArbGG) (Duty of storage under the burden of proof according to the General Equal Treatment Act).
The legal basis for the processing of personal data using cookies is Article 6 (1) sentence 1 lit. f GDPR, insofar as cookies are essential for the operation of the website and thus a legitimate interest of the website operator with regard to the the use of these cookies predominates. By using cookies, we can provide you as a user of this website with more user-friendly services that would not be possible without the cookie setting.
The legal basis for the processing of personal data using cookies is also Article 6 (1) sentence 1 lit. a GDPR, insofar as these are non-essential cookies and you have given your consent to this via our cookie banner.
You as the data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser that is used and thus permanently contradict the setting of cookies. Furthermore, cookies already set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. The transfer of Flash cookies cannot be prevented by setting the browser, but by changing the setting of the Flash Player. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
16. Contact via the website
Due to legal regulations, the MTG Wirtschaftskanzlei website contains information that enables quick electronic contact with our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If you, as the data subject, contact us as the controller by email or via a contact form, the transmitted personal data will be stored automatically. Such personal data provided on a voluntary basis by the data subject to the controller is stored for the purpose of processing or contacting the data subject. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. There is no disclosure of this personal data to third parties.
Legal basis for processing the data is in case of the presence of the consent of the user Article 6 (1) sentence 1 lit. a GDPR. The legal basis for processing the data transmitted in the course of sending an email is Article 6 (1) sentence 1 lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Article 6 (1) sentence 1 lit. b GDPR.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
17. Google Maps
We use Google Maps on this website. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to save your IP address. It cannot be ruled out that this information will be transmitted to and stored on a server operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We have no influence on this data transfer.
When you visit the website, Google receives the information that you have accessed the corresponding sub-page of our website. This happens regardless of whether Google provides a user account that you are logged in to, or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you must log out before activating the button. Google stores your data as a usage profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right.
The legal basis for the use of the map service is Article 6 (1) sentence 1 lit. a GDPR (For the criteria for consent, see point 10.).
The banner on the card ensures that a connection with Google is only established when the confirmation button on the card is clicked, and that the personal data is forwarded to Google. Only after clicking this confirmation button will the content be loaded for the user and thus the IP address of the user will be transmitted
18. Social media links
Within our websites there are links to different social media. These are not social media plugins, just links to our offerings within these media. For example, there is a link to a Facebook account. These accounts are – like this website – also operated by MTG Wirtschaftskanzlei. If you click on one of these links, your IP address will always be transmitted to the operators of different platforms. Should you use one of these services and you are also logged in with your specific account, you may be able to collect information about your surfing behaviour from the social media operator. The transfer of your IP address to the operators of the accessed websites is technically necessary and applies to all websites.
The legal basis for the processing of your personal data is Article 6 (1) Sentence 1 lit. f GDPR.
For more information on the processing of your data by this website, in particular the rights to which you are entitled, please refer to the links below:
The data protection declaration for the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be viewed at https://www.facebook.com/about/privacy/update?ref=old_policy. Agreement on joint processing of personal data on Facebook pages and further information on this: https://www.facebook.com/legal/terms/page_controller_addendum; https://www.facebook.com/legal/terms/information_about_page_insights_data.
The data protection declaration for the social network Instagram, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be viewed at http://instagram.com/about/legal/privacy.
The data protection declaration for the social network Xing, which is operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany, can be viewed at https://privacy.xing.com/de/datenschutzerklaerung.
The data protection declaration for the social network YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be viewed at https://policies.google.com/privacy.
We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software places a cookie on the user’s computer (see above for cookies). If individual pages of our website are called up, the following data is stored: Two bytes of the IP address of the calling system of the user, the called up website, the website from which the user came to the called up website (referrer), the sub-pages that were accessed by the website accessed, the length of time spent on the website and the frequency with which the website is accessed.
The software runs exclusively on the servers of our website. The personal data of the users are only stored there. The data will not be passed on to third parties.
The software is set in such a way that the IP addresses are not saved in full, but 2 bytes of the IP address are marked. In this way, it is no longer possible to assign the shortened IP address to the calling computer.
The legal basis for the use of Matomo is your consent as soon as you have given this via our cookie banner.
The processing of user data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymizing the IP address, the interests of users in protecting their personal data are adequately taken into account.
The data will be deleted as soon as they are no longer required for our recording purposes.
We offer our users the option of opting out of the analysis process on our website. To do this, you have to follow the corresponding link. In this way, another cookie is set on your system, which signals our system not to save the user’s data. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again.
You can find more information on the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.
On our website, users are given the opportunity to subscribe to our company’s newsletter. We inform you at regular intervals by means of our newsletter about the consulting and ser-vices of our company.
The newsletter of our company can only be received by a person if the person
has a valid e-mail address and the person registers for the newsletter dispatch. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail is used to check whether the owner of the e-mail address has authorized receipt of the newsletter. The legal basis for the processing of your personal data is your consent in ac-cordance with Article 6 (1) sentence 1 lit. a GDPR.
We also send newsletters to existing customers and clients. The legal basis for this is our le-gitimate interest (Article 6 (1) sentence 1 lit.. f GDPR)
When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the person concerned at the time of registration, as well as the date and time of registration. The collection of this data is neces-sary in order to be able to trace the (possible) misuse of the e-mail address of a person con-cerned at a later point in time and therefore serves to provide legal protection for the person responsible for processing. In this respect, it is necessary for us to store this data for security purposes and the processing of this data is therefore covered by the legal basis in ac-cordance with Article 6 (1) sentence 1 lit. f GDPR.
The personal data collected as part of registering for the newsletter will only be used to send our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail for the operation of the newsletter service or for registration in this regard, as could be the case in the event of changes to the newsletter offer or a change in the technical conditions.
The subscription to our newsletter can be canceled at any time. The consent to the storage of personal data that the person concerned has given us for sending the newsletter can be revoked at any time with effect for the future. You can object to receiving the newsletter at any time. For the purpose of revoking consent or objecting, there is a corresponding link in every newsletter. It is also possible to inform us of this by sending a message to the contact details given in the imprint.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored for as long as the subscription is active.