Privacy Notice

Information about the controller and the data protection officer

In the following we provide information about the collection of personal data during your use of our website.

Controller pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (the “GDPR”) and other national data protection acts valid in the member states and in accordance with other provisions under data protection law is:

Treuhand Heidelberg Steuerberatungsgesellschaft mbH
Friedrich-Ebert-Anlage 46/1
69117 Heidelberg
Phone: +49 (6221) 9043-80
Fax: +49 (6221) 9043-32

You can contact our data protection officer as follows:

General information on the processing of personal data

We generally collect and use the personal data of our users only to the extent to which this is required to provide a functional website and our content and services. As a rule, before collecting and using our users’ personal data we obtain the consent of the respective user concerned. As an exception to this rule, data are also collected and processed if it proves impossible to obtain prior consent for factual reasons or if legal provisions permit the processing of such data.

To the extent that we obtain the consent of the user (also called the “data subject”) to the processing of his or her personal data, Art. 6 para. 1 letter a of the GDPR serves as the legal basis. When it comes to the processing of personal data that is required to perform a contract to which the data subject is a party, Art. 6 para. 1 letter b of the GDPR serves as the legal basis. This also applies to processing operations required to take steps prior to entering into a contract. To the extent that the processing of personal data is required to meet a legal obligation to which our company is subject, Art. 6 para. 1 letter c of the GDPR serves as the legal basis. In the event that interests that are essential for the life of the data subject or of another natural person require the processing of personal data, Art. 6 para. 1 letter d of the GDPR serves as the legal basis. If processing is necessary to protect the legitimate interests of our company or of a third party, and unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, Art. 6 para. 1 letter f of the GDPR serves as the legal basis.

As soon as the purpose of storing the personal data of the data subject no longer exists, such data is deleted or blocked. Personal data can be stored if European or national legislation with regard to regulations, laws, or other provisions to which the controller is subject provides for the storage. The data is also blocked or deleted if the storage period prescribed by the aforementioned standards ends, unless further storage of the data is required to enter into or perform a contract.

When you contact us per email, the data you provide is stored by us to enable us to answer your question. We delete the data produced in this context after storage is no longer required, i.e., when the purpose of the storage no longer exists, or we restrict processing of the data in the event of statutory retention periods.

If we commission external service providers to provide individual functions of our offer, or if we intend to use your data for commercial purposes, we will inform you in detail below about the respective procedures. In doing so, we will also advise you of the criteria fixed concerning the duration of storage.

Your rights as a data subject

You have the following rights in relation to us with regard to your personal data:

  • The right to claim access
  • The right to claim rectification and/or completion or erasure
  • The right to claim restriction of processing
  • The right to claim erasure
  • The right to be informed
  • The right of data portability
  • The right to object to the processing
  • The right to withdraw your declaration of consent under data protection law
  • Automated decision-making in individual cases including profiling

You also have the right to file a complaint with the supervisory authority responsible for data protection about our processing of your personal data.

Should you have questions, comments, or inquiries regarding our collection, processing, and use of your personal data, please do not hesitate to contact us, too, with the help of the contact details provided above.

Collection of personal data during your visit to our website

Our website can usually be used without entering personal data. If you only use our website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to browse our website, we collect the following data that we need for technical reasons to show you our website and ensure stability and security (Art. 6 para. 1 letter f of the GDPA forms the legal basis):

  • IP address
  • Date and time of the request
  • Content of the request (webpage retrieved)
  • Access status/HTTP status code
  • Data volume transmitted each time
  • Website from which the request was sent (type of browser)
  • User’s operating system
  • Language and version of the browser software

The data is also stored in our system’s log files. This data will not be stored together with other personal data of the user (Art. 6 para. 1 letter f of the GDPR forms the legal basis).

Log file storage is necessary to ensure the website’s functioning. Moreover, the data help us to optimize our website and to ensure the security of our information systems. No data analyses for marketing purposes are performed in this context.

The data is deleted as soon as it is no longer required to fulfill the purpose of its collection. If the data has been recorded in order to provide the website, this is the case when the respective session ends.

If the data is stored in log files, this is the case at the latest after seven days. The data will possibly also be stored beyond this period. In this event the users’ IP addresses are deleted or obscured so that they can no longer be linked to the client that made the request.

Recording the data to provide the website and storing the data in log files is absolutely necessary for operating the website. Users will therefore not be successful in objecting to the above.

Right to object to the processing of your data, or revocation

Should you have given your consent (Art. 6 para. 1 letter a of the GDPR) to the processing of your data, you can revoke your consent at any time. The revocation of your consent, once made, influences the permissibility of our processing of your personal data.

To the extent that we base our processing of your personal data on the weighting of interests, you can file an objection against the processing. This is the case if the processing is not required in particular to perform a contract with you, which we would present in each instance together with the following description of functions (e.g., Art. 6 para. 1 letter f of the GDPR). If you elect to object to our processing of your personal data, we would like to ask you to explain the reasons why we should not process your personal data in the manner we usually do. If your objection turns out to be justified, we will review the facts and either stop or adapt the processing of your personal data or explain to you our mandatory reasons that merit protection and induce us to continue the processing.

Please address your revocation or objection to:

Fonts by Hoefler & Co.

For uniform representation of fonts, this page uses web fonts provided by Hoefler & Co.. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Hoefler & Co. servers. Hoefler & Co. thus becomes aware that our web page was accessed via your IP address. The use of Hoefler & Co. Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found in Hoefler & Co.’s privacy policy at

Use of Google Maps

This website uses Google Maps for presenting interactive maps and for route planning. Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this website including your IP address, the start address, and the specified destination entered in the route planning function can be transmitted to Google in the US.

When you access a page of our website that contains Google Maps, your browser establishes a direct connection with Google’s servers. Google directly transmits the map content to your browser, which integrates the content into the page. We therefore have no influence whatsoever on the scope of data collected in this way by Google. As far as we know, the scope includes at least the following data:

  • Date and time when the page concerned was visited,
  • Internet address or URL of the page accessed,
  • IP address.

The use of Google Maps is in the interest of an attractive presentation of our online offering and of simplifying the process of finding the places referred to on the page. This is a legitimate interest within the meaning of Art. 6 para. 1 letter f of the GDPR.

We do not have any influence whatsoever on the further processing and use of the data by Google and can therefore not accept any responsibility in this respect.

You can deactivate JavaScript in your browser settings if you do not wish Google to collect, process, or use data about you through our website. However, in this case you cannot use the map display function.

Please refer to Google’s privacy policy for information about the purpose and scope of data collection and the further processing and use of data by Google as well as your related rights and options for changing settings to protect your privacy:

Google processes your personal data in the US and has subjected itself to the EU-US Privacy Shield,

Data security

Any and all information that you transmit to us will be stored on servers within the European Union, unless this Privacy Notice specifies otherwise. Unfortunately, the transmission of information through the internet is not entirely secure, so we cannot guarantee the security of the data transmitted through the internet to our website.

However, we protect our website and other systems from loss, destruction, access, manipulation, or dissemination of your data by unauthorized persons through technical and organizational measures.

No disclosure of your personal data

We do not share your personal data with third parties unless you have given your consent to the disclosure of your data or we are entitled or obliged to do so on the basis of statutory provisions and/or court order or order by a public authority. These cases may especially include the provision of information for purposes of criminal prosecution, to avoid danger, or to enforce intellectual property rights.

Data protection and third-party websites

The website can include hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please assure yourself of the respective applicable data protection conditions before you transmit personal data to these websites.

Changes of these data protection provisions

We reserve the right to change the data protection provisions at any time with effect for the future. The most current version will always be available on the website. Please visit the website at regular intervals to inform yourself of the applicable data protection provisions.