1.1. Name of and contact details for the controller responsible
1.1.1. Controller responsible for the website
The controller responsible for the website in accordance with Article 4(7) of the General Data Protection Regulation (GDPR) can be contacted at the following address:
MÖHRLE HAPP LUTHER Service GmbH
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Further information on MÖHRLE HAPP LUTHER companies can be found on our Legal Disclosures website.
1.1.2. Company data protection officer
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
When processing your personal data, it is possible that the MÖHRLE HAPP LUTHER Group's operating companies will work closely with MÖHRLE HAPP LUTHER Service GmbH when it comes to certain processing activities and is jointly responsible for processing your personal data. We have contractually stipulated the exact nature of our collaboration in the event that we share responsibility. We would be happy to provide you with information on this upon request.
1.2. Processing personal data
To be able to offer our services and optimize our website on an ongoing basis, your personal data may also be transferred to other service providers who then process it. Our service providers are carefully selected and contractually bound as required by law, including as data processors in accordance with Article 28 GDPR. If these providers process your data outside the European Union and European Economic Area, we ensure that you have actively given your consent beforehand for your data to be processed or that the providers are bound by standard EU standard data protection clauses that correspond to the legal requirements.
1.3. Operating the website and storing log files
1.3.1. Type of processing
When you visit the website, your internet browser automatically sends certain data to our server and stores it temporarily in a log file. This data includes:
- Browser type and version
- Operating system used
- Name of website just visited
- IP address/host name of your device
- Date and time of server request
1.3.2. Purposes and legal basis for processing
Your data is processed for the following purposes on the basis of our legitimate interest in accordance with Article 6(1) sentence 1f GDPR:
- To enable our website to be used
- To present our service portfolio
- To allow a uniform and attractive presentation with online fonts
- To make it easy for existing and prospective clients to contact us
- To ensure that our website is operated properly
- To have evidence that you have consented to the use of web analysis services
- To fulfill legal obligations, such as defending against and investigating cyber attacks.
1.3.3. Recipients and categories of recipients
Our firm's website is hosted by domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany. A data processing agreement has been concluded with the service provider in accordance with Article 28 GDPR. Personal data is only transferred to third parties if this is necessary to defend against or investigate criminal acts or if we are otherwise legally required to do so.
Our website uses online fonts from Monotype Imaging Holdings, Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA (fonts.com) and online fonts and icons from Fonticons, Inc, 307 S Main St Ste Bentonville, AR, 72712-9214 USA.
When you view a page, your browser loads the required fonts and icons into your browser cache so that it can display text and fonts correctly. This tells the provider that our website has been accessed via your IP address. It also provides some technical information regarding your browser as virtually every web browser automatically sends this data to the server each time a page is accessed. Even if the provider only requires the transmitted information – and the IP address in particular – so that it can deliver the requested contents, we have no way of knowing whether the provider also stores or statistically evaluates this information and have no influence on this either.
The providers' data protection provisions can be found here:
Monotype Imaging Holdings, Inc.: https://www.monotype.com/legal/privacy-policy
Fonticons, Inc.: https://fontawesome.com/privacy
If your browser does not support online fonts, a standard font from your computer will be used instead. You can prevent online fonts from being loaded by deactivating the 'Java script' function in your browser settings.
1.4. Web analysis with Google Analytics
1.4.1. Type of processing
We use web analytics service Google Analytics to collect and analyze data about your behavior on our website. For example, this includes data relating to the internet page from which you accessed our website, which subpages you called up, how frequently you accessed them and how much time you spent on each of them. Your device's IP address is shortened and anonymized by Google if our websites are accessed from a member state of the European Union or from another signatory state to the Agreement on the European Economic Area.
1.4.2. Purposes and legal basis for processing
Processing personal data allows us to analyze the surfing behavior of visitors to our website. By evaluating this data, we are able to compile and optimize information about how the individual areas and features are used. When our website is called up, you can determine through your consent – in accordance with Article 6(1) sentence 1a GDPR – whether your personal data will be processed. A data processing agreement has been concluded with the service provider.
1.4.3. Recipients or categories of recipients
The Google Analytics components are operated by Google Ireland, Gordon House, Barrow Street, Dublin 4, Ireland.
1.4.4. Transfers to a third country and existence of an 'adequacy decision'
Subject to your consent in accordance with Article 49(1a) GDPR, your personal data may be transferred within Google to the parent organization Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA – i.e. to a third country. Due to the legal provisions to which Google LLC is subject, the possibility that your personal data will be accessed by government authorities cannot be ruled out.
1.4.5. Duration of and criteria for data storage
To bring about improvements to our website, the data is stored for 26 months and then automatically erased.
1.4.6. Right to erasure, objection and rectification
You can revoke the consent that you originally granted at the beginning of the data processing here; this means that your personal data will no longer be passed on to the operator and that the cookie will be deleted. This does not affect data processing that took place before you revoked your consent.
1.4.7. Further information
Further information and Google's data protection policy can be found at the following links:
1.5. Email newsletters
1.5.1. Type of processing
Our website allows you to sign up to receive a regular email newsletter free of charge. This newsletter informs readers about our auditing, tax advisory and legal counsel services and any recent developments in these areas.
We need your email address to register you for our email newsletter. We use a double opt-in procedure for this. This means that we will only send you the email newsletter after you have confirmed by clicking on the link contained in an email we sent you after you registered.
Your registration and confirmation are logged. The IP address of your device, your email address and the time of confirmation are saved. This allows us to ensure that you yourself have registered for our email newsletter service as the user of the email address specified.
1.5.2. Purposes and legal basis for processing
Once you have provided the necessary confirmation, your email address is processed so that the email newsletter can be sent to the correct target groups. Your email address is used for the sole purpose of sending the email newsletter. The legal basis for processing your personal data after you sign up for the email newsletter is your consent in accordance with Article 6(1) sentence 1a GDPR.
Logging your registration prior to your confirmation and processing your IP address and time of registration constitute a legitimate interest on our part (in accordance with Article 6(1) sentence 1f GDPR). This is because it allows us to enable and document your registration and, if necessary, may be used to investigate potential improper use of your personal data.
1.5.3. Recipients or categories of recipients
For distributing our email newsletter and collecting user data for this purpose, we use the service provider Newsmailservice, 4OfficeAutomation GmbH, Schlägelweg 46a, 31275 Lehrte, Germany, with whom we have signed a data processing agreement in accordance with Article 28 GDPR. When you sign up for our email newsletter, the data provided during registration is transferred to 4OfficeAutomation GmbH, where it is processed in accordance with legal requirements.
1.5.4. Duration of and criteria for data storage
Your personal data will be erased if you revoke your consent or if the service is discontinued. If you revoke your consent, you will no longer receive the email newsletter. Your data will be erased from all IT systems unless another legal basis exists for processing your email address. If you have not confirmed that you have signed up to receive the email newsletter, your data will be automatically erased within 4 weeks.
1.5.5. Right to erasure, objection and rectification
You can unsubscribe from the email newsletter at any time. This can be done by clicking on a specially provided link appearing at the bottom of the email newsletter or by sending an email to email@example.com.
1.6. Social media
We have a number of social media accounts providing information about our services and the latest news from our firm. You can also contact us directly via these social media accounts.
Links to these social media profiles can be found on our website. As a rule, no personal data is sent to the providers to begin with when you visit our website. This only happens when you click on the link to the provider in question, who then receives the information that you have visited our website with your device.
If personal data has been collected with the help of our social media links or accounts and forwarded to the provider in question, we are responsible for this processing this data together with the service provider in question. By contrast, the provider of the service in question is solely responsible for any further processing.
We have accounts on the following social media platforms:
Facebook and Instagram
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
XING and Kununu
Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
1.6.2. Type of data processing
We have no influence on how and to what extent the service provider processes your data. You will find further information on the type and scope of data processing in the data protection declarations for the provider in question. Some platforms provide us with statistical data that we use to analyze how our social media pages are used and to tailor them to the needs of our target group.
Facebook: We use statistical reports like, for example, the total number of page views, 'likes', terminal devices used, page activities, post interaction and reach, user activities (comments, shared content, replies), origin (country and city), language, age group, gender, level of education, profession, relationship status, clicks on telephone numbers or Facebook groups linked with our page. For instance, we use the distributions according to age and gender to tailor our communication, render our design more attractive and use the preferred visiting times of users to plan the timing and content of our posts for maximum effect. In connection with using Facebook ad campaigns, target groupspecific data is also used to define the exact target group, but this is shown in anonymized form for this purpose. You can find further information on how data is processed by Facebook in the data protection declaration of service provider Meta at https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Instagram: As with Facebook, we receive statistical data via Instagram Insights. You can find further information on how data is processed by Instagram in its data protection declaration at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
XING: XING provides us with statistical data to allow us to analyze how our profile is used. You can find further information on how data is processed by XING in its data protection declaration at https://privacy.xing.com/en.
LinkedIn: We use Insight Data provided by LinkedIn to analyze how our profile is used. You can find further information on how data is processed by LinkedIn in its data protection declaration at https://www.linkedin.com/legal/privacy-policy.
Kununu: Kununu provides us with statistical data to allow us to analyze how our profile is used. You can find further information on how data is processed by Kununu in its data protection declaration at https://privacy.xing.com/en.
1.6.3. Purposes and legal bases for processing
Your personal data is processed to allow you to use social media platforms. The legal basis for processing this data is our legitimate interest (in accordance with Article 6(1) sentence 1 f) GDPR) to draw attention to our services and to be able to make contact with you.
1.6.4. Recipients or categories of recipients
The recipients of your personal data are those employees who are responsible for social media at our company and the operators of the social media platforms in question.
1.6.5. Duration of and criteria for data storage
We delete direct messages received from you when we no longer need them for contacting you. If you comment on our posts, these will be saved until you delete them yourself. The platform operator in question is solely responsible for decisions about whether your other personal data is to be saved.
1.6.6. Transfers to a third country and existence of an 'adequacy decision'
Some of the social media platforms that we use process your personal data outside the European Union, i.e. in the United States. If your data is processed outside the European Union, EU standard contractual clauses in accordance with Article 46(2) c) GDPR help to ensure an adequate level of protection for your data. However, the possibility that this data will be accessed by government authorities cannot be ruled out. You will find further information on this on the relevant platform operator's web pages:
Facebook and Instagram: https://www.facebook.com/help/566994660333381
1.6.7. Your rights as the data subject
As only the platform provider has full access to the user data, we recommend that you contact the provider of the social media platform directly if you want to exercise the rights outlined under 1.7. below. Alternatively, we can help you to exercise your rights vis-à-vis the service provider. Should you require this, we can be contacted at the address stated under 1.1.1. above.
1.7. Your rights as the data subject
If your personal data is processed when you visit our website and use our services, you are defined as a "data subject" by the GDPR and, if the legal preconditions are met, have the following rights:
Art. 15 GDPR: Right of notification for data subjects
Article 15 GDPR states that you have the right to receive information from us regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
Article 16 GDPR states that, if data about you is incorrect or incomplete, you have the right to request that this be corrected or completed.
Art. 17 GDPR: Right to have data erased
Article 17 GDPR states that you have the right to request that your personal data be erased. This right depends on a number of factors, including whether we still require your data to fulfill our contractual or statutory duties or whether we (or third parties) have a legitimate interest in processing your personal data, e.g. for asserting, exercising or defending legal claims.
Art. 18 GDPR: Right to limit processing of data
Article 18 GDPR states that you have the right to request that your personal data only be processed to a limited extent.
Art. 20 GDPR: Right to data portability
Article 20 GDPR states that you have the right to receive the data you provided in a structured, standard and machine-readable format and to have this transmitted to other data controllers.
Art. 21 GDPR: Right of objection
Article 21 GDPR states that – at any time and for reasons pertaining to your specific situation – you have the right to lodge an objection to your data being processed. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing this data that outweigh your interests, rights and liberties – or if the data is processed for the purposes of asserting, exercising or defending legal claims. If your personal data is processed for the purposes of direct advertising, you have the right to object at any time to this personal data being processed for the purposes of such advertising; this also applies for profiling insofar as this is in connection with direct advertising. If you lodge an objection, your personal data will no longer be used for the purposes of direct advertising.
Art. 7(3) GDPR: Right to withdraw consent
Article 7(3) GDPR states that you have the right to revoke, at any time, your consent to having your personal data processed. Revoking your consent will not affect the legality of the data processing implemented up until the time of revocation.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
If you are of the opinion that the processing of your personal data is unlawful, Article 77 GDPR gives you the right to lodge a complaint with the data protection authorities who are responsible for your place of residence or work or for the place in which the alleged breach occurred.
1.8. Status and updating of this information
We reserve the right to update this information at the relevant time to bring it in line with changed administrative practice or court decisions.