1. Name and contact details of the controller

Responsible for the data processing on this website and in our law firm is

T2C Steuerberatungsgesellschaft mbH
Herrengraben 31
20459 Hamburg
E-mail: office@t2c-hamburg.com, Phone: +49 (0)40-3786880, Fax: +49
(0)40-37868810;

Contact details of the data protection officer:

The firm’s data protection officer can be contacted at the above office address and at datenschutzbeauftragter@t2c-hamburg.com.

2. Scope and purpose of the processing of personal data

2.1 Accessing the website

External hosting

Our website is hosted on a server of the following internet service provider
(hoster)
IONOS SE
Elgendorfer Str. 57
56410 Montabaur

An order processing contract has been concluded with the hoster.

What data is processed?

The host stores all data from our website. This also includes all personal data that is collected automatically or through your input. This can be in particular Your IP address, pages accessed as well as meta and
communication data. When processing data, the hoster adheres to our instructions and only processes the data to the extent necessary to fulfil its service obligation to us.

Server log files record all enquiries and access to our website and record error messages. They also include personal data, in particular your IP address. This is only provided by the hoster in anonymised form (the last
octet of the IP address is deleted) address is deleted) and therefore we cannot assign the IP address to a
person (apart from that, we have no interest in doing so). The data is automatically transmitted from your browser to our provider.

How do we process your data?

Our provider stores the server log files in order to be able to track the
activities on our website and identify errors. The files contain the following
data

• Browser type and version
• Operating system used
• referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address (anonymised by the provider after 7 days; only
  provided to us in anonymised form)

We do not merge this data with other data, but only use it to see how many visitors are interested in our website. In the event of illegal use, e.g. attacks on a website, the hoster may use this information for further
investigations or security measures.

On what legal basis do we process your data?

Since we address potential customers via our website and maintain contact with existing customers, the data processing by our hoster serves to initiate and fulfil contracts and is therefore based on Art. 6 para. 1 lit. b)
GDPR. Furthermore, it is our legitimate interest as a company to provide a professional website that fulfils the necessary requirements in terms of security, speed and efficiency. It is also in our legitimate interest to obtain an anonymised overview of access to our website. In this respect, we also process your data on the
basis of Art. 6 para. 1 lit. f) GDPR.

How long do we store your data?

As the connection data provided to us by the hoster is already anonymised, it is no longer personal data and therefore the GDPR no longer applies. Nevertheless, we review these log files once a year and decide whether they should continue to be used for statistical purposes or be deleted.

2.2 Contacting us by email, telephone or fax

You can send us a message by e-mail or fax or give us a call.

How do we process your data?

We store your message and the contact details you have provided or the telephone number you have transmitted in order to be able to process your enquiry, including any follow-up questions. We will not pass the data on to other persons without your consent.

On what legal basis do we process your data?

Sofern Ihre Anfrage mit unserer vertraglichen Beziehung in Zusammenhang steht oder der Durchführung vorvertraglicher Maßnahmen dient, verarbeiten wir Ihre Daten auf der Grundlage von Art. 6 Abs. 1 lit. b) DSGVO. In allen anderen Fällen ist es unser berechtigtes Interesse, an uns gerichtete Anfragen effizient zu bearbeiten. Rechtsgrundlage der Datenverarbeitung ist somit Art. 6 Abs. 1 lit. f) DSGVO.

How long do we store your data?

We delete your data as soon as one of the following points occurs:

• Your enquiry has been finally processed.
• You ask us to delete the data.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

3. Forwarding of data

Personal data is transferred to third parties if

• the data subject has expressly consented to this in accordance with Art. 6 para. 1 sentence 1 letter a) GDPR,
• the transfer is necessary for the establishment, exercise or defence of legal claims pursuant to Art. 6 (1) sentence 1 (f) GDPR and there is no reason to assume that the data subject has an overriding
• there is a legal obligation for the data transfer pursuant to Art. 6
  para. 1 sentence 1 lit. c) GDPR there is a legal obligation, and/or
• this is necessary for the fulfilment of a contractual relationship with
  the data subject pursuant to Art. 6 para. 1 sentence 1 letter b) GDPR.

In other cases, personal data will not be passed on to third parties.

4. Your rights as a data subject

If your personal data is processed when you visit our website, you have the following rights as a “data subject” within the meaning of the GDPR

4.1 Information

You can request information from us as to whether your personal data is being processed by us. There is no right to information if the provision of the requested information would violate the duty of confidentiality pursuant
to Section 57 (1) StBerG or if the information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. Deviating from this, there may be an obligation to provide the information if your interests outweigh the interest in confidentiality, in particular taking into account the threat of damage. The right to information is also excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or exclusively serves the purposes of data backup or data protection control, provided that the provision of information would require a disproportionately high effort and processing for other purposes is excluded by suitable technical and organisational measures. If the right to information is not excluded in your case and your personal data is processed by us, you can request the following information from us:

• Purposes of the processing,
• Categories of personal data processed by you,
• the recipients or categories of recipients to whom your personal data is disclosed, in particular in the case of recipients in third countries
• if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the storage period
• the existence of a right to rectification or erasure or restriction of processing of personal data concerning you or a right to object to such processing, the existence of a right to lodge a complaint with a data protection supervisory authority,
• if the personal data have not been collected from you as the data subject, the available information on the origin of the data
• where applicable, the existence of automated decisionmaking including profiling and profiling and meaningful information about the logic involved, as well as the significance and envisaged consequences of automated decisionmaking,
• where applicable, in the case of transfer to recipients in third
  countries, unless a decision has been made by the EU Commission
  on the adequacy of the level of
  level of protection pursuant to Art. 45 para. 3 GDPR, information on the
  appropriate safeguards pursuant

4.2 Correction and completion

If you discover that we have incorrect personal data about you, you can request that we correct this incorrect data immediately. If your personal data is incomplete, you can request that it be completed.

4.3 Erasure

You have the right to erasure (“right to be forgotten”), unless the processing is necessary for exercising the right of freedom of expression, the right to information or for compliance with a legal obligation or for the
performance of a task carried out in the public interest and one of the following reasons applies:

• The personal data are no longer necessary in relation to the purposes for which they were processed.
• The justification for the processing was solely your consent, which you have withdrawn.
• You have objected to the processing of your personal data, which we have made public.
• You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing.
• Your personal data has been processed unlawfully.
• The erasure of personal data is necessary to fulfil a legal
  obligation to which we are subject.

There is no right to erasure if, in the case of lawful non-automated data processing, erasure is not possible or only possible with disproportionate effort due to the special type of storage and your interest in erasure is low. In this case, the restriction of processing takes the place of erasure.

4.4 Restriction of processing

You can request that we restrict processing if one of the following reasons
applies:

• You contest the accuracy of the personal data. In this case, the restriction may be requested for a period enabling us to verify the accuracy of the data.
• The processing is unlawful and you request the restriction of the use of your personal data instead of erasure.
• We no longer need your personal data for the purposes of the processing, but you need it for the establishment, exercise or
  defence of legal claims.
• You have lodged an objection pursuant to Art. 21 para. 1 GDPR.
  The restriction of processing can be requested as long as it is not yet clear whether our legitimate reasons outweigh your reasons.

Restriction of processing means that the personal data will only be
processed with your consent or for the establishment, exercise or defence
of legal claims or for the protection of the rights of another natural or legal
person or for reasons of important public interest. We are obliged to
inform you before we lift the restriction.

4.5 Data portability

You have a right to data portability if the processing is based on your consent (Art. 6 para. 1 sentence 1 letter a) or Art. 9 para. 2 letter b). a) GDPR) or on a contract to which you are a party and the processing is
carried out by automated means. In this case, the right to data portability includes the following rights, provided that this does not adversely affect the rights and freedoms of other persons: You may request to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller without hindrance from us. Where technically feasible, you can request that we transfer your personal data directly to another controller.

4.6 Objection

If the processing is based on Art. 6 para. 1 sentence 1 letter e) GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or on Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate
interest of the controller or a third party), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This also applies to profiling based on Article 6 (1)
sentence 1 (e) or (f) GDPR. Once you have exercised your right to object, we will no longer process your
personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

You can object to the processing of your personal data for direct marketing purposes at any time. This also applies to profiling in connection with such direct marketing. After exercising this right to object, we will no longer use
the personal data concerned for direct marketing purposes.

You have the option to inform us informally of your objection by telephone, email,
fax or to our postal address listed at the beginning of this privacy policy.

4.7 Revocation of consent

You have the right to withdraw your consent at any time with effect for the future. The revocation of consent can be communicated informally by telephone, e-mail, fax or to our postal address. The revocation does not
affect the legality of the data processing that has taken place on the basis of the consent until receipt of the revocation. After receipt of the revocation, the data processing that was based exclusively on your consent will be
discontinued.

4.8 Complaint

If you believe that the processing of your personal data is unlawful, you
can lodge a complaint with a data protection supervisory authority.

5. Further information

a) SSL- bzw. TLS-Verschlüsselung

When you enter your data on websites, place online orders or send emails via the Internet, you must always expect that unauthorised third parties will access your data. There is no complete protection against such
access. However, we do everything we can to protect your data as well as possible and to close security gaps as far as we can.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data that you transmit to us cannot be read by third parties. You can recognise the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:/ / and not with http:/ / .

b) Data processing outside the European Union

We do not process data outside the European Union.

6. Status and updating of this privacy policy

We reserve the right to update the privacy policy in due course in order to
improve data protection and/or adapt it to changes in official practice or case
law.