1. Name and contact details of the responsible person

This privacy policy informs about the processing of personal data on the website of:

STRATEGUS Steuerberatungsgesellschaft mbH
STRATEGUS GmbH Wirtschaftsprüfungsgesellschaft


Europaallee 3
22850 Norderstedt.

Telephone: +49 40 535401-0
Fax: +49 40 535401-45

Contact details of the data protection officer:

STRATEGUS GmbH Wirtschaftsprüfungsgesellschaft, Mr. WP/StB Thomas Krambeer

The data protection officer of the law office can be reached under the above-mentioned law office and under

Data Protection Inspectorate:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein

Holstenstraße 98
24103 Kiel

Telephone: +49 431 988-1200


2. Scope and purpose of the processing of personal data

2.1 Aufruf der Webseite

When the website is opened, the internet browser used by the visitor automatically sends data to the server of this website and stores it for a limited time in a log file. Until the automatic deletion, the following data is stored without further input of the visitor:

  • IP address of the visitor's terminal,
  • Date and time of access by the visitor,
  • Name and URL of the page visited by the visitor,
  • Website from which the visitor accesses the law firm website (so-called referrer URL),
  • Browser and operating system of the visitor's terminal as well as the name of the access provider used by the visitor.

The processing of this personal data is in accordance with. Article 6 (1) (1) (f) of the DSGVO. The firm has a legitimate interest in the processing of data for the purpose of

  • building up the connection to the website of the firm quickly,
  • to enable a user-friendly application of the website
  • to identify and ensure the safety and stability of the systems and
  • facilitate and improve the administration of the website.

The processing is explicitly not for the purpose of obtaining knowledge about the person of the visitor of the website.

2.2 Newsletter

We send a newsletter once a year or if required at other points in time. By registering for the newsletter, the visitor expressly agrees to the processing of the transmitted personal data. To register for the newsletter, you only need to enter an e-mail address of the visitor. The legal basis for the processing of the personal data of the visitor for the purpose of sending newsletters is the consent acc. Article 6 (1) sentence 1 (a) DSGVO.

The visitor can unsubscribe from receiving future newsletters at any time. This can be done by using a special link at the end of the newsletter or by sending an e-mail to

2.3 Cookies

Websites partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and cookies only in individual cases allow, the acceptance of cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you wish to use are stored on the basis of Art. 6 (1f) DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically correct and optimized provision of its services. If other cookies (such as cookies for analyzing your browsing behavior) are stored, they will be treated separately in this privacy policy.

3. Disclosure of data

Personal data will be transmitted to third parties, if

it was explicitly consented to by the data subject pursuant to Article 6 (1) (1) (a) DSGVO,

disclosure pursuant to Art. 6 (1) sentence 1 letter f) DSGVO is required to assert, exercise or defend legal claims and there is no reason to believe that the data subject has a predominantly legitimate interest in not disclosing their data,

there is a legal obligation for the transfer of data pursuant to Art. 6 (1) sentence 1 letter c) DSGVO, and / or

this is required under Article 6 (1) (1) (b) DSGVO to fulfill a contractual relationship with the data subject.

In other cases, personal data will not be disclosed to third parties.

4. Your rights as an affected person

As far as your personal data are processed during the visit of our website, you have the following rights as "data subject" within the meaning of the DSGVO:

4.1 Information

You can request information from us as to whether personal data is being processed by us. No right of access exists if the granting of the coveted information against the duty of confidentiality acc. Sec. 57 (1) StBerG, or the information must be kept secret for other reasons, in particular because of a predominantly legitimate interest of a third party. Deviating from this, there may be an obligation to provide the information if, in particular, taking into account any imminent damage, your interests outweigh the interests of secrecy. The right of access is also excluded if the data are stored only because they may not be deleted due to statutory or statutory retention periods or serve exclusively for purposes of data protection or data protection control, if the disclosure would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organizational measures. If in your case the right to information is not excluded and your personal data are processed by us, you can ask us for information about the following information:

  • purposes of processing,
  • categories of personal data you process,
  • recipients or categories of recipients to whom your personal data are disclosed, in particular to recipients in third countries,
  • if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the duration of storage,
  • the right of rectification or deletion or limitation of the processing of your personal data or a right to object to such processing;
  • the existence of a right of appeal to a data protection supervisory authority,
  • if the personal data have not been collected from you as the data subject, the information available on the origin of the data,
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, and the implications and implications of automated decision-making, where appropriate;
  • if applicable, in the case of transmission to recipients in third countries, unless there is a decision by the EU Commission on the adequacy of the level of protection pursuant to Art. 45 (3) DSGVO, information on which suitable guarantees pursuant to Art. Art. 46 para. 2 DSGVO for the protection of personal data.

4.2 Correction and completion

If you discover that we have inaccurate personal information, you may request immediate correction of such incorrect data. In the event of incomplete personal data concerning you, you may request the completion.

4.3 Deletion

They are entitled to be deleted ("right to be forgotten"), unless the processing is necessary for the exercise of the right to freedom of expression, the right to information or to fulfill a legal obligation or to carry out a task of public interest and one of the following is true:

  • The personal data are no longer necessary for the purposes for which they were processed.
  • The justification for processing was solely your consent, which you have revoked.
  • You have objected to the processing of your personal data that we have made public.
  • You have objected to the processing of personal data not disclosed to us and there are no legitimate reasons for the processing.
  • Your personal data has been processed unlawfully.
  • The deletion of personal data is required to fulfill a legal obligation that we are subject to.

There is no claim for deletion if, in the case of legitimate non-automated data processing, deletion is not possible or only possible with disproportionately high outlay due to the special nature of the storage and your interest in deletion is low. In this case, the deletion is replaced by the limitation of processing.

4.4 Limitation of processing

You may require us to restrict processing if any of the following applies:

  • You deny the accuracy of your personal information. The restriction may be required in this case for the duration that allows us to verify the accuracy of the data.
  • The processing is unlawful and you require instead of deletion the restriction of the use of your personal data.
  • Your personal information will no longer be needed by us for the purposes of processing that you may need to assert, exercise or defend your rights.
  • You have contradiction gem. Art. 21 para. 1 DSGVO. The restriction of processing may be required as long as it is not certain that our legitimate reasons outweigh your reasons.

Restriction of processing means that the personal data are processed only with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have a duty to inform you.

4.5 Data portability

You have a right to data portability, provided that the processing is based on your consent (Article 6 (1), first sentence, subparagraph (a) or Article 9 (2) (a) GDPR) or on a contract of which you are a party and the processing is done by automated methods. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of others: You may require us to receive the personal information you provide to us in a structured, common and machine-readable format , You have the right to transmit this data to another person without hindrance on our part. As far as technically feasible, you may require us to transfer your personal information directly to another person in charge.

4.6 Appeal

Insofar as the processing is based on Article 6 (1) sentence 1 letter e) DSGVO (exercise of a task in the public interest or in the exercise of official authority) or on Article 6 (1) sentence 1 letter f) DSGVO (legitimate interest of the person responsible or a third party), you have the right, at any time, to object to the processing of the personal data concerning you for reasons of your particular situation. This also applies to a profiling based on Art. 6 (1) sentence 1 letter e) or letter f) of the DSGVO. Upon exercise of the right of opposition, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

You may at any time object to the processing of personal data relating to you.

4.7 Revocation of consent

You have the right to revoke your consent at any time with effect for the future. The revocation of the consent can be communicated by phone, by e-mail, by fax or to our postal address informal. The revocation does not affect the lawfulness of the data processing which has taken place on the basis of the consent until receipt of the revocation. Upon receipt of the revocation, the data processing, which was based solely on your consent, is discontinued.

4.8 Complaint

If you believe that the processing of your personal information is unlawful, you may lodge a complaint with a data protection supervisory authority that has jurisdiction over your place of residence or employment or the location of the alleged infringement.

5. Status and Update of this Privacy Policy

This Privacy Policy is dated May 24, 2018. We reserve the right to update our privacy policy in due course to improve privacy and / or adapt it to changes in regulatory practice or jurisdiction.


Public procedure directory
Information about the responsible body

1. Name
STRATEGUS Steuerberatungsgesellschaft mbH
STRATEGUS GmbH Wirtschaftsprüfungsgesellschaft

2. Management
See Legal Notice

3. Address
Europaallee 3, 22850 Norderstedt

Information on the procedures of automated processing

4. Business purposes/goals
The main purpose of the collection, processing and use of personal data is the processing of orders placed, for example, the management of books, the preparation of tax returns, subcontracting and the audit of financial statements.

Accountants and tax consultants work independently. They are not contract data processors within the meaning of Art. 28 DSGVO.

The term "personal data" in this document means personal data as defined in Article 4 (1) of the DSGVO. This is all information that relates to a person (a natural person) and with which this person can be identified directly or indirectly.

As part of our general business activities and for the provision of services to our clients, we generally process not only contact details such as name, address, telephone number and e-mail address but also information such as bank details and payment data, as well as other personal and professional information, if necessary. as far as they play a role in the provision of services.

In many cases, it is not possible or disproportionate to work with anonymous or pseudonymised data as part of our activities. Also due to legal professional requirements, we are obliged to provide certain personal data of a person, e.g. to implement the obligations under the Money Laundering Act and professional independence requirements to process.

As an auditing firm / tax consulting firm, we process personal data in the course of our general business activities and for the purpose of providing services for our clients in the areas of auditing, tax consultancy and business consulting on the basis of one of the following legal bases:

a) Fulfillment of contractual obligations (Article 6 (1) (1) (b) of the DSGVO)
The processing of personal data takes place to carry out a contract or already at the initiation of a contractual relationship with a natural person. Scope and details of the data processing result from the respective contract and, if applicable, the associated order conditions.

b) Fulfillment of legal requirements (Article 6 (1) sentence 1 letter c DSGVO)
As an auditing firm / tax consulting firm, we are subject to legal requirements that may give rise to an obligation to process personal data (for example, the Tax Advisory Act, Wirtschaftsprüferordnung, Berufsassatzung für Wirtschaftsprüfer/vereidigte Buchprüfer, Geldwäschegesetz). STRATEGUS is committed to the proper storage and documentation of all services on the basis of these requirements and archives documents and work results in appropriate IT systems and, if necessary, also in paper form. In order to guarantee our professionally required independence, we carry out conflict checks at the time of order acceptance, which also process personal contact data.

c) Safeguarding legitimate interests (Article 6 (1) (1) (f) of the DSGVO)
STRATEGUS processes personal data in the context of general business operations and for the purpose of providing services for our clients on the basis of a balance of interests, provided that the interests of the persons concerned do not predominate. A specific interest of STRATEGUS lies in the provision of the contractual obligations to the clients. STRATEGUS processes personal data provided by clients only to the extent that this is actually necessary for the provision of services.

In order to safeguard the legitimate interests of the persons affected by data processing by STRATEGUS, STRATEGUS, as an accounting firm / tax consultant and professional secrecy subject, is subject to and governed by mandatory statutory provisions of professional law and professional supervision, and independently governs all services, including the related processing of personal data to render conscientious and secretive. All employees of STRATEGUS are trained to comply with data protection regulations and are obliged to provide confidentiality.

d) Consent of the person concerned (Article 6 (1) (1) (a), Article 7 EU DSGVO)
If none of the above mentioned g. Legal bases according to a) to c), STRATEGUS bases the processing of personal data on the informed consent of the data subject, which is explicitly requested by the data subject.

Secondary purposes of the collection, processing and use of personal data are client administration as well as personnel administration and supplier communication.

5. Description of the groups of persons concerned and the related data or data categories
The affected groups of persons result from the purpose (No 4). These are the following data categories:

Clients: Data related to order management
Employees: address and contract data
Suppliers: Address and contract data

6. Recipients or categories of recipients to whom personal data (No 5) may be transmitted
In compliance with the statutory and professional confidentiality obligations, personal data may be disclosed to the following recipients:

Datev e.G. data center,
Tax office,
Authorities and courts,
Health insurance,
Public accident insurance.

In addition, no data transfers to third parties are planned.

7. Standard deadlines for the deletion of the data
STRATEGUS stores personal data as long as these are required for the performance of the respective service or - as far as your personal data are the subject of statutory storage obligations or part of documents that are subject to legal storage obligations - for the duration of the statutory retention period (e.g. in StBG , WPO, HGB, AO, GwG, KWG, WpHG).

The retention periods vary in length and usually cover a period of 6 to 10 years; in justified individual cases (e.g. preservation of evidence), the retention period may also be longer.

Insofar as the data concerned are subject to different retention periods, the longest storage period is decisive.

The deletion of the data takes place after expiration of the legal or contractual retention periods.

If data are not affected, they will be deleted if the purposes set out under point 4 have ceased.

8. Planned data transfer to third countries
A transfer of personal data to countries outside the European Economic Area (EEA) will only take place to the extent necessary for mandate assistance, on the basis of consent, to meet legal requirements (e.g. professional interest conflict assessments) or through the involvement of processor companies.

For service providers (including the use of cloud services) outside the EEA, the appropriate level of data protection required under EU data protection law is ensured by complying with the provisions of Article 45 et seq. Of the EU DSGVO.

9. Which data protection rights do those affected have?
Data subjects have rights of access to the processing of their personal data by STRATEGUS (including the purpose of the processing, possible recipients and the expected duration of storage), rights to correcting incorrect data, deletion, restriction of processing and data portability of the data transferred and the right to Objection to any use for marketing purposes and due to processing of legitimate interest. Once granted, consents to STRATEGUS may be revoked at any time with effect for the future. To protect these rights, anyone concerned can contact the Privacy Officer of STRATEGUS. In addition, there is also a right of appeal to a data protection supervisory authority.

As of May 2018