The controller responsible for the website in accordance with Article 4(7) of the General Data Protection Regulation (GDPR) can be contacted at the following address:
MÖHRLE HAPP LUTHER Service GmbH
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: info[at]mhl.de
Further information on MÖHRLE HAPP LUTHER companies can be found on our Legal Disclosures page.
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: datenschutz[at]mhl.de
When you visit the website, your internet browser automatically sends certain data to our server and stores it temporarily in a log file:
Your data is processed for the following purposes on the basis of our legitimate interest in accordance with Article 6(1) sentence 1f GDPR:
Article 21 GDPR states that – at any time and for reasons pertaining to your specific situation – you have the right to lodge an objection to your data being processed. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing this data that outweigh your interests, rights and liberties – or if the data is processed for the purposes of asserting, exercising or defending legal claims.
Our firm’s website is hosted by domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany. A data processing agreement has been concluded with the service provider in accordance with Article 28 GDPR.
Moreover, your personal data may only be transferred to third parties if this is necessary to defend against or investigate criminal acts or if we are otherwise legally required to do so.
We use web analytics service Google Analytics to collect and analyze data about your behavior on our website. For example, this includes data relating to the internet page from which you accessed our website, which subpages you called up, how frequently you accessed them and how much time you spent on each of them. Your device’s IP address is shortened and anonymized by Google if our web pages are accessed from a member state of the European Union or from another signatory state to the Agreement on the European Economic Area.
Processing personal data allows us to analyze the surfing behavior of visitors to our website. By evaluating this data, we are able to compile and optimize information about how the individual areas and features are used. According to section 25(1) of the New German Telecommunications-Telemedia Data Protection Act (TDDDG) and Art. 6(1) sentence 1a GDPR, the legal basis for processing is the consent that you gave when you called up our website by making a selection on our cookie banner.
If you have consented to using Google Analytics, you can revoke this at any time here without being required to cite reasons. Revoking your consent will not affect the legality of the data processing implemented up until the time of revocation.
Integration via
This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager itself does not set any cookies (just tags) and does not collect any personal data. The service triggers other tags that can record data (e.g. Google Analytics). However, Google Tag Manager does not access this data. If deactivation has been undertaken at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
The Google Analytics components and Google Tag Manager are operated by Google Ireland, Gordon House, Barrow Street, Dublin 4, Ireland. We have signed a data processing agreement with the service provider in accordance with Article 28 GDPR.
Your personal data can be transferred within Google Ireland to the parent organization Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The European Commission has recognized the data protection level for specific companies from the USA in an adequacy decision published on the EU-US Data Privacy Framework. Google LLC is self-certified under this framework and therefore obliged to comply with it. This self-certification means that it is permitted to send personal data to the USA based on the EU-US Data Privacy Framework.
To bring about improvements to our website, the data is stored for 26 months and then automatically erased.
Further information and Google’s data protection policy can be found at the following links:
https://policies.google.com/privacy?hl=policies&gl=de
https://marketingplatform.google.com/about/analytics/terms/de/
Our website allows you to sign up to receive a regular email newsletter free of charge. In this way, we inform you about our auditing, tax advisory and legal counsel services and any recent developments in these areas.
To register you for our email newsletter, we record your email address and, in some cases, your first name and surname. We use a double opt-in procedure for this. This means that we will only send you the email newsletter once you have confirmed your identity by clicking on the link contained in an email we sent you after you registered.
We record your registration and your confirmation of identity. The IP address of your device, your email address and the time of confirmation are saved. This allows us to ensure that you yourself have registered for our email newsletter service as the user of the email address specified.
Your personal data is processed initially for the purposes of sending a link through which you can confirm your identity and, following this, sending the email newsletter. The legal basis for processing your personal data is your consent in accordance with Article 6(1) sentence 1a GDPR.
You can revoke this consent at any time without being required to cite reasons. To do so, you can send an email to newsletter@mhl.de or unsubscribe in the link indicated in the newsletter. Revoking your consent will not affect the legality of the data processing implemented up until the time of revocation.
Logging your registration and processing your IP address and time of registration prior to confirming your identity are both based on a legitimate interest on our part (in accordance with Article 6(1) sentence 1f GDPR). Our legitimate interest is in enabling and documenting your registration as a visitor to our website and, if necessary, being able to investigate potential improper use of your personal data.
Article 21 GDPR states that – at any time and for reasons pertaining to your specific situation – you have the right to lodge an objection to your data being processed. If you lodge an objection, we will no longer process your personal data.
For collecting login data, distributing our email newsletter and collecting user data for our email newsletter, we use the service provider News&Mailservice, 4OfficeAutomation GmbH, Schlägelweg 46a, 31275 Lehrte, Germany, with which we have signed a data processing agreement in accordance with Article 28 GDPR. When you sign up for our email newsletter, the data provided during registration is transferred to 4OfficeAutomation GmbH, where it is processed in accordance with legal requirements.
Your personal data will be erased if you revoke your consent to receiving the email newsletter or if the service is discontinued. If you revoke your consent, you will no longer receive the email newsletter. Your data will be erased from all IT systems unless another legal basis exists for processing it. If you have not confirmed that you have signed up to receive the email newsletter, your data will be automatically erased within four weeks.
We have a number of social media accounts providing information about our services and the latest news from our firm. You can also contact us directly via these social media accounts.
Links to these social media profiles can be found on our website. No personal data is sent to the providers to begin with when you visit our website. This only happens when you click on the link to the provider in question, who then receives the information that you have visited our page with your device.
If personal data has been collected with the help of our social media links or accounts and forwarded to the provider in question, we are responsible for processing this data together with the service provider in question. By contrast, the provider of the service in question is solely responsible for any further processing.
We have accounts on the following social media platforms:
Facebook and Instagram
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
XING and Kununu
Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We have no influence on how and to what extent the service provider processes your data. You will find further information on the type and scope of data processing in the data protection declarations for the provider in question. Some platforms provide us with statistical data that we use to analyze how our social media pages are used and to tailor them to the needs of our target group.
Facebook: We use statistical reports like, for example, the total number of page views, ‘likes’, terminal devices used, page activities, post interaction and reach, user activities (comments, shared content, replies), origin (country and city), language, age group, gender, level of education, profession, relationship status, clicks on telephone numbers or Facebook groups linked with our page. For instance, we use the distributions according to age and gender to tailor our communication, render our design more attractive and use the preferred visiting times of users to plan the timing and content of our posts for maximum effect. In connection with using Facebook ad campaigns, target group-specific data is also used to define the exact target group, but this is shown in anonymized form for this purpose. You can find further information on how data is processed by Facebook in the data protection declaration of service provider Meta at https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Instagram: As with Facebook, we receive statistical data via Instagram Insights. You can find further information on how data is processed by Instagram in the data protection declaration of service provider Meta at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
XING: XING provides us with statistical data to allow us to analyze how our profile is used. You can find further information on how data is processed by XING in its data protection declaration at https://privacy.xing.com/en.
LinkedIn: We use Insight Data provided by LinkedIn to analyze how our profile is used. You can find further information on how data is processed by LinkedIn in its data protection declaration at https://www.linkedin.com/legal/privacy-policy.
Kununu: Kununu provides us with statistical data to allow us to analyze how our profile is used. You can find further information on how data is processed by Kununu in its data protection declaration at https://privacy.xing.com/en.
Your personal data is processed to allow you to use social media platforms. The legal basis for processing your personal data is our legitimate interest in accordance with Article 6(1) sentence 1f GDPR. Our legitimate interest is in drawing attention to our services on the social media platforms and being able to make contact with you.
Article 21 GDPR states that – at any time and for reasons pertaining to your specific situation – you have the right to lodge an objection to your data being processed. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing this data that outweigh your interests, rights and liberties – or if the data is processed for the purposes of asserting, exercising or defending legal claims.
The recipients of your personal data are those employees who are responsible for social media at our company and the operators of the social media platforms in question.
We delete direct messages received from you when we no longer need them for contacting you. If you comment on our posts, these will be saved until you delete them yourself. The platform operator in question is solely responsible for decisions about whether your other personal data is to be saved.
Some of the social media platforms that we use process your personal data outside the European Union, i.e. in the United States. If your data is processed in the United States, the EU Commission’s adequacy decision (EU US Data Privacy Framework) from June 10, 2023, will ensure that an adequate level of data protection is provided by certified companies (see Art. 45(1) sentence 1 GDPR).
Meta and LinkedIn are self-certified under the EU US Data Privacy Framework and therefore obliged to comply with its principles. This self-certification means that it is permitted to send data based on the EU-US Data Privacy Framework.
In addition, EU standard contractual clauses in accordance with Article 46(2) c) GDPR help to ensure an adequate level of protection for your data. However, the possibility that this data will be accessed by government authorities cannot be ruled out. You will find further information on this on the relevant platform operator’s web pages:
Xing: https://privacy.xing.com/en/privacy-policy/who-may-receive-information-about-you/third-countries
Kununu: https://privacy.xing.com/en/privacy-policy/who-may-receive-information-about-you/third-countries
LinkedIn: https://www.linkedin.com/help/linkedin/answer/a1343190/?trk=microsites-frontend_legal_privacy-policy&lang=de
As only the platform provider has full access to the user data, we recommend that you contact the provider of the social media platform directly if you want to exercise the rights outlined under 1.7. below. Alternatively, we can help you to exercise your rights vis-à-vis the service provider. Should you require this, we can be contacted at the address stated under 1.1.1. above.
If your personal data is processed when you visit our website and use our services, you are defined as a “data subject” by the GDPR and, if the legal preconditions are met, have the following rights:
Art. 15 GDPR: Right of notification for data subjects
Article 15 GDPR states that you have the right to receive information regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
Article 16 GDPR states that, if data about you is incorrect or incomplete, you have the right to request that this be corrected or completed.
Art. 17 GDPR: Right to have data erased
Article 17 GDPR states that you have the right to request that your personal data be erased. This right depends on a number of factors, including whether we still require your data to fulfill our contractual or statutory duties or whether we (or third parties) have a legitimate interest in processing your personal data, e.g. for asserting, exercising or defending legal claims.
Art. 18 GDPR: Right to limit processing of data
Article 18 GDPR states that you have the right to request that your personal data only be processed to a limited extent.
Art. 20 GDPR: Right to data portability
Article 20 GDPR states that you have the right to receive the data you provided in a structured, standard and machine-readable format and to have this transmitted to other data controllers.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
If you are of the opinion that the processing of your personal data is unlawful, Article 77 GDPR gives you the right to lodge a complaint with the data protection authorities who are responsible for your place of residence or work or for the place in which the alleged breach occurred.
There is no legal or contractual requirement for you to make available the personal data mentioned in this data protection declaration. However, without this data we will not be able to offer you the functions of our website that you have requested.
We do not use any automated means (including profiling) to process your data to make decisions as defined in Art. 22 GDPR. Such automated decision-making is a process that does not involve any evaluation and subsequent decision-making by an actual person. Should we intend to use processes such as these in the future, we will inform you in accordance with our legal obligations.
This data protection declaration was last updated on March 7, 2024. We reserve the right to update this information at the relevant time to bring it in line with changed administrative practice or court decisions.
The MÖHRLE HAPP LUTHER Group company that is organizing the online conference is responsible for data processing. You can contact the MÖHRLE HAPP LUTHER Group as follows:
MÖHRLE HAPP LUTHER
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: info[at]mhl.de
You will find an overview of the MÖHRLE HAPP LUTHER Group companies responsible for data processing at https://www.mhl.de/en/imprint.php/.
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: datenschutz[at]mhl.de
The information on data protection is provided in connection with your registration for and participation in events. This includes in-person and online events (especially online meetings, video conferences and webinars). We need your data in order to plan and conduct your participation in the event. Depending on the field of application, different regulations serve as the legal basis for processing your data.
We process personal data that we have received from you or that you transmit yourself within the scope of online events. Online events can be operated in different ways. During these conferences, different personal data is processed by us or by the operator. The extent of the data processing also depends on the data you transmit prior to or during participation in the event.
In connection with in-person events, we process the following categories of personal data belonging to you:
Personal master and communication data, e.g. first and last name, company (if applicable) and email address.
In connection with online events, we process the following categories of personal data belonging to you:
Personal master and communication data, such as display name, first and last name, language setting, company (if applicable) and email address;
Meeting metadata, such as subject and duration of the meeting, start and end (time) of participation, meeting description (optional), chat status, participants, IP addresses, Mac addresses and other device IDs (if applicable); approximate location of the end device to connect to the nearest data center; device/hardware, information such as device type, operating system type and version, client version, camera type, microphone or speaker, or type of connection or survey details;
Meeting recordings: Video and audio recordings and presentations, chats, audio log file and other information shared while using the service;
Telephone usage data, such as caller’s phone number, country name, IP address, emergency contact number, start and end time, host name, host email, Mac address of the device in use.
We have defined data protection-friendly settings for online events.
The recording function is always deactivated during our online events. If, in isolated cases, an online event is to be recorded, this will be communicated clearly and in good time and your consent will be obtained if your personal data is processed during the recording.
Chat content or survey details may be logged if this is required for the purpose of logging the findings of an online event. As a rule, however, this is not the case and will also be communicated in advance.
Software-based ‘attention tracking’ is used during webinars. For each participant, the products register whether or not the online conference is the topmost (active) window. For example, if you are reading your emails, then the email program is the active window rather than the online event. If the attention span drops dramatically, then the presenter can make his or her online event more attractive. Unfortunately, it is not possible to turn off this function at present.
If we conduct the event as part of initiating or implementing contractual relationships – e.g. when conducting seminars – your data will be processed in accordance with Article 6(1) sentence 1b GDPR.
If we are required by law to process personal data, this is done in accordance with Article 6(1) sentence 1c GDPR in conjunction with the law that specifies the data processing requirement. This regularly comes into consideration if evidence of participation in seminars is required for tax reasons.
If the event is necessary for initiating or implementing an employee relationship, the processing is carried out in accordance with Article 6(1) sentence 1b GDPR in conjunction with section 26 BDSG.
If the event is to be recorded and personal data of yours processed, your consent will be obtained in advance in accordance with Article 6(1) sentence 1a GDPR.
You can revoke your consent at any time without being required to cite reasons. Should you exercise your right to revoke your consent, this will not affect the legality of the data processing implemented up until the time of revocation.
Following the event, we process your personal data in order to send you documentation about the event and/or further information about our firm or we may contact you by telephone. We also produce statistical evaluations with a view to increasing the efficiency of our events, e.g. by measuring participant satisfaction.
The legal basis for processing your personal data is your consent (Article 6(1) sentence 1a GDPR), which you gave when registering for the event or at the event itself.
You can revoke your consent at any time without being required to cite reasons. Should you exercise your right to revoke your consent, this will not affect the legality of the data processing implemented up until the time of revocation.
If you have not given any consent, the data will be processed based on our legitimate interest (Article 6(1) sentence 1f) GDPR). This consists of providing our (potential) business partners with information about our services.
You can lodge an objection in accordance with Art. 21(1) GDPR to having your data processed for marketing purposes to which you did not consent. Should you exercise your right of objection, we will no longer process your personal data based on our legitimate interest in accordance with Art. 6(1) sentence 1f) GDPR.
Within our company, access to your personal data is reserved exclusively for those employees who need to use it for the purposes mentioned under section 4.4. and only to the extent required. In some cases, we send your personal data to companies that are affiliated with us provided that this is permitted under the purposes and legal bases set out under section 4.4.
We only send your data to external third parties if this is necessary for purposes mentioned under section 4. This includes in particular external service providers (e.g. IT service providers, providers of video conference systems and external speakers if this is necessary for planning and running online conferences), public bodies and institutions (e.g. government offices, fiscal authorities) if there is a legal or official obligation to do so.
If the service in question includes processing personal data on our behalf, we have entered into a data processing agreement with the service provider in accordance with the requirements of Art. 28 GDPR.
We use Zoom and Microsoft Teams to conduct online conferences. When individuals register, their personal data is transmitted to the service provider. For the order-related implementation of the online event, an agreement pursuant to Art. 28 GDPR has been concluded with the order processors.
Further information on the service providers can be found here:
Zoom Video Communications Inc., Lionheart Squared Ltd., 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, D02 EK84, Ireland
Microsoft Ireland Operations Limited, Microsoft Place, South County Business Park, Leopardstown, D18 P521, Ireland
Please note that we are bound to secrecy with respect to all client-related data when passing on data to recipients outside MÖHRLE HAPP LUTHER.
Particularly when conducting online conferences, your data will be sent to the USA through the chosen provider of video conference systems.
Your data will be sent based on the EU-US Data Privacy Framework, through which the European Commission has recognized an adequate level of data protection for certain US companies. Both the Microsoft Corporation and Zoom Video Communications Inc. have self-certified under this framework and are therefore obliged to comply with the principles of the EU-US Data Privacy Framework. The data transfer is permitted under data protection law because of the self-certification.
As a rule, we only store your personal data for as long as is needed to fulfill the purpose for which we collected it.
Should you revoke your consent for your data to be processed, your data will be erased in compliance with any statutory retention periods.
Before recording begins, you will be notified about the storage period for recorded online events.
If the legal preconditions are met, you have the following rights:
Art. 15 GDPR: Right of notification for data subjects
You have the right to receive information regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
Subject to the conditions of Art. 16 GDPR, you have the right to have any personal data relating to you corrected and/or completed without undue delay.
Art. 17 GDPR: Right to have data erased
You have the right to have any personal data relating to you erased without undue delay provided that the conditions under Art. 17 GDPR exist.
Art. 18 GDPR: Right to limit processing of data
In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be limited.
Art. 20 GDPR: Right to data portability
You have the right to receive the personal data you provided in a structured, standard and machine-readable format or to request that this be transmitted this to another data controller.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a data protection supervisory authority. The authorities that are responsible for us, depending on which company within the MÖHRLE HAPP LUTHER Group is concerned, are:
Hamburg: The Hamburg Officer for Data Protection and Freedom of Information (www.datenschutz-hamburg.de)
Schwerin: The Mecklenburg-Vorpommern State Officer for Data Protection and Freedom of Information (www.datenschutz-mv.de)
Berlin: The Berlin Officer for Data Protection and Freedom of Information (www.datenschutz-berlin.de)
There is no legal or contractual obligation for you to provide the collected data. However, processing your personal data is necessary for planning and organizing the event. This means that you will not be able to take part in our events if you do not make your data available.
No automated decision-making or profiling takes place.
Last amended: March 21, 2024
The MÖHRLE HAPP LUTHER Group company, to which you sent your application, is responsi-ble for processing your data. You can contact the MÖHRLE HAPP LUTHER Group as follows:
MÖHRLE HAPP LUTHER
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
email: info@mhl.de
You will find an overview of the MÖHRLE HAPP LUTHER Group companies responsible for data processing at https://www.mhl.de/en/imprint.php/.
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: datenschutz@mhl.de
We only process personal data that we have received from you directly or via our application portal as part of your application. In addition, we regularly work with recruitment agencies through which we may receive personal data about you. The data processed by us includes, in particular, personal master data (such as first name, surname and, if applicable, date of birth and address), communication data (such as e-mail address and, if applicable, telephone number), application data (such as cover letter, CV, application photo, attachments, references, certificates and, if applicable, other information provided by you) and information resulting from the job interviews. We cannot rule out the possibility that we may also collect special categories of personal data, in particular information about your political opinions, religious or ideological beliefs or health data.
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
The data is processed for the purposes of processing a job application. If this concerns a decision regarding the establishment of an employment relationship or vocational training position, the legal basis is section 26(1) sentence 1 BDSG. For the initiation of other contractual relationships, the legal basis is Article 6(1) sentence 1b) GDPR.
It may also be necessary to process personal data in order to meet labor law, vocational training law and/or social law requirements (Article 6(1) sentence 1c) GDPR).
If necessary, we will process your data in accordance with Article 6(1) sentence 1f) GDPR to safeguard our legitimate interests or those of third parties, e.g. for:
According to this, it is lawful to process personal data if this is necessary to safeguard our legitimate interests or the interests of third parties, provided that these are not out-weighed by your interest in and right to excluding the processing of this personal data.
If you have given us your consent to process your personal data for specific purposes, we will process your data on this basis (Article 6(1) sentence 1a) GDPR). You can revoke this consent for the future at any time by contacting us at the address indicated above.
In the course of the application process, you can give us your consent for adding you to our pool of applicants and passing on your application to other companies in our Group so that we can take your application into account within the Group in future.
We do not use automated profiling or decision-making and have no plans to do so.
MÖHRLE HAPP LUTHER employees will only have access to your data if they need it for fulfilling the purposes mentioned above, and only to the extent necessary for this. It may also be neces-sary for the company to which you have sent an application to pass your data on to other Group companies for a specific purpose.
We will only send your data to external third parties if this is necessary for the aforementioned purposes. These include in particular external service providers (e.g. IT service providers, per-sonnel service providers and in some cases tax consultants and auditors), contractual partners and authorities. If the service in question includes processing personal data and the service pro-vider is processing the personal data on our behalf, we have entered into a data processing agreement with the service provider in accordance with the requirements of Art. 28 GDPR.
We do not intend to transfer your personal data to a third country or an international organization.
However, we cannot rule out the possibility that your personal data will, within the corporate group structure of our service providers, be sent to parent organizations based in the USA. Should this be the case, we only work with service providers whose parent organizations are certified under the EU-US Data Privacy Framework. In this case, the transfer of your personal data to the USA will be covered by the EU Commission’s adequacy decision.
As a rule, we only store your personal data for as long as is needed to fulfill the purpose for which we collected it. In this connection, your personal data will be erased six months after the application procedure has been completed. In exceptional cases, we may retain your personal data for longer to comply with legal retention periods, or we may have a legitimate interest in retaining the data for longer, for example because we need it for asserting, exercising or defending legal claims.
If we process personal data of yours based on your consent, we will erase it as soon as you have revoked your consent, but at the latest after one year has passed. In these cases, your data will be erased unless there is another legal basis for processing it further.
If the legal preconditions are met, you have the following rights:
Art. 15 GDPR: Right of notification for data subjects
Article 15 GDPR states that you have the right to receive information regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
Article 16 GDPR states that, if data about you is incorrect or incomplete, you have the right to request that this be corrected or completed.
Art. 17 GDPR: Right to have data erased
Article 17 GDPR states that you have the right to request that your personal data be erased. Your right to have your data erased depends, among other things, on whether we are still re-quired to retain this data.
Art. 18 GDPR: Right to limit processing of data
Article 18 GDPR states that you have the right to request that your personal data only be pro-cessed to a limited extent.
Art. 20 GDPR: Right to data portability
Article 20 GDPR states that you have the right to receive the data you provided in a structured, standard and machine-readable format and to have this transmitted to other data controllers.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data is unlawful, you may lodge a complaint with a data protection supervisory authority responsible for your place of residence or work or for the place of the alleged infringement in accordance with Art. 77 GDPR.
You are under no obligation to provide us with personal data for the purposes of processing a job application. However, without your personal data – which is needed for assessing your career, your qualifications and your availability and also for contacting you – we will not be able to carry out the application process.
We do not use any automated means (including profiling) to process your data to make deci-sions as defined in Art. 22 GDPR. Such automated decision-making is a process that does not in-volve any evaluation and subsequent decision-making by an actual person. Should we intend to use processes such as these in the future, we will inform you in accordance with our legal obliga-tions.
The privacy policy was last updated on March 31, 2025. We reserve the right to update this information in due course in order to adapt the information to changes in official practice or case law.
The MÖHRLE HAPP LUTHER Group company, to which you sent your application, is responsible for processing your data. You can contact the MÖHRLE HAPP LUTHER Group as follows:
MÖHRLE HAPP LUTHER
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
email: info@mhl.de
You will find an overview of the MÖHRLE HAPP LUTHER Group companies responsible for data processing at https://www.mhl.de/en/imprint.php/.
Our company data protection officer can be contacted at:
MÖHRLE HAPP LUTHER Service GmbH
Attn: Data Protection Officer
Brandstwiete 3
20457 Hamburg, Germany
Tel.: +49 40 85 301 - 0
Fax: +49 40 85 301 - 166
Email: datenschutz@mhl.de
We process personal data that we have received from you. We also process personal data that we have obtained permissibly from publicly accessible sources (e.g. commercial register) and are allowed to process. Relevant personal data can include: Personal master data, ad-dress data, communication data, company data and other order-related data.
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
Personal data is processed for the purposes of preparing and entering into client agree-ments and providing tax advisory services, auditing services, legal advice and/or manage-ment consulting and IT consulting within the scope of client agreements entered into with you. The legal basis is Article 6(1) sentence 1b) GDPR.
We are subject to various legal obligations (e.g. Money Laundering Act (GwG), tax laws, pro-fessional conduct). Accordingly, further purposes for processing data include verifying age and identity and preventing fraud and money laundering. The basis for processing personal data required for fulfilling legal obligations such as these is Article 6(1) sentence 1c) GDPR.
If necessary, we will process your data in accordance with Article 6(1) sentence 1f) GDPR to safeguard our legitimate interests or those of third parties, e.g. for:
If you have given us your consent to process your personal data for specific purposes, we will process your data on this basis (Article 6(1) sentence 1a) GDPR). You can revoke this consent for the future at any time by contacting us at the address indicated above.
We do not use automated profiling or decision-making and have no plans to do so.
MÖHRLE HAPP LUTHER employees will only have access to your data if they need it for ful-filling the purposes mentioned above. It may also be necessary for the company that you have commissioned to pass your data on to other Group companies for a specific purpose.
Service providers and vicarious agents commissioned by us can also receive data for these purposes. We commission these as data processors in accordance with the requirements of Article 28 GDPR, particularly in IT service and support and in data destruction.
We also pass on your data to third parties if this is necessary for work in connection with our client relationship (e.g. to opposing parties in disputes, courts, public authorities).
Needless to say, we are bound to secrecy with respect to all client-related data when passing on data to recipients outside MÖHRLE HAPP LUTHER. We are only permitted to pass on in-formation if required to do so by law, if you have given your consent and/or if the data pro-cessors commissioned by us guarantee that they will comply in the same way with confiden-tiality requirements and the specifications of the General Data Protection Regulation (GDPR).
Data is only transferred to locations in 'third countries' (i.e. countries outside the EU and EEA) if this is required by law for consulting and implementing the orders you have placed (e.g. tax reporting requirements) or if you have given us your consent. If service providers are used in the third country, these are – in addition to written instructions – required to meet Europe-an data protection levels by signing EU standard contractual clauses. If you would like to re-ceive further information about the adequate safeguards that we have implemented with service providers outside the European Union, please contact our data protection officer.
If the data is no longer needed for fulfilling contractual or legal requirements, it will be regu-larly erased unless it needs to be processed further for the following purposes:
If the legal preconditions are met, you have the following rights:
Art. 15 GDPR: Right of notification for data subjects
You have the right to receive information from us regarding the personal data of yours that we are processing.
Art. 16 GDPR: Right to have data corrected
If data about you is incorrect or incomplete, you have the right to request that this be cor-rected or completed.
Art. 17 GDPR: Right to have data erased
You have the right to request that your personal data be erased. Your right to have your data erased depends, among other things, on whether we still need this data to meet our legal requirements.
Art. 18 GDPR: Right to limit processing of data
You have the right to request that your personal data only be processed to a limited extent.
Art. 20 GDPR: Right to data portability
You have the right to receive the personal data you provided in a structured, standard and machine-readable format or to request that this be transmitted this to another data control-ler.
Art. 21 GDPR: Right of objection
You have the right – at any time and for reasons pertaining to your specific situation – to lodge an objection to your data being processed.
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a data protection supervisory authority. The authorities that are responsible for us, depending on which company within the MÖHRLE HAPP LUTHER Group is concerned, are:
Our client portal allows you to exchange documents with our employees and to perma-nently save documents for the purposes of our business relationship. For this, you will need to receive a login and password from us. The following data is typically processed when you upload documents:
The registration process and use of our client portal are logged on the basis of our legiti-mate interest in exchanging documents with you securely and easily and documenting the proper legal usage of our client platform.
Only authorized employees have access to your data on the client portal. For maintenance and support, we use IT service providers with whom data processing agreements are in place. Data is not transferred to third countries.
Your data may be erased by authorized users of the client portal if necessary. The data will be erased from the client portal after the business relationship has ended.
You may have your uploaded documents corrected and erased at any time if you have been allocated the rights to do so. In other cases, we would ask you to get in touch with your main contact at our company to exercise your rights.
You are under no obligation to provide us with your personal data. However, without the da-ta that we need to enter into and implement the client agreement or that we are legally obliged to collect, we are not able to enter into or implement a contract with you.
We reserve the right to update this information in due course in order to adapt it to changes in official practice or jurisdiction.
Date: April 2023.