Privacy policy, last updated: 02/2025

On this page, you will find information about how personal data is processed when you use our website www.sabine-houben.de.

The term “personal data” refers to all data that can be linked with your person, such as your name, address, e-mail address, IP address or user behaviour.

Definitions of the terms used here, such as “processing”, “controller” or “data subject” can be found in Art. 4 GDPR. Here you will find the following information in particular:

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 (1) GDPR).

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 (2) GDPR).

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4 (7) GDPR).

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4 (8) GDPR).

The terms “processing” and “personal data” in particular are so wide ranging that they can be deemed to apply to virtually any handling of data.

Contents:

1. Who is the controller?
2. Is there a data protection officer?
3. Who is affected by data processing?
4. Which of your personal data do we collect, and for what purposes and/or on which legal basis do we process it?
5. To whom do we transmit your data?
6. Is your data transmitted to bodies outside the EU?
7. For how long do we process your data?
8. What are your rights?
9. When and how can you object to data processing?
10. When and how can you withdraw your consent?
11. Where can you lodge a complaint?
12. When and why is it necessary to provide personal data?
13. Do we use automated decision-making processes (e.g. profiling)?
14. How can you get in contact with us?
15. How do we protect our website?
16. How do we handle the data of applicants?
17. What are cookies and how do we use them?

1. Who is the controller?

The following persons are responsible for the processing of your personal data:

Steuerberaterin Sabine Houben & Partner mbB
Partners: Sabine Houben, tax consultant and specialist for international tax law, Barbara Lunatschek, tax consultant and Johann Houben, tax consultant, LL.M.
Duffenterstr. 89 B
52222 Stolberg
Germany

Tel. +49 (0) 2402 709 50 40
Fax +49 (0) 2402 709 50 69
steuerberaterin@sabine-houben.de

2. Is there a data protection officer?

We are not required by law to appoint a data protection officer.

3. Who is affected by data processing?

If you visit our website as a client, supplier, service provider or other interested party, your personal data will be processed within the context of the legal provisions or the specifications of this privacy policy. The term “user” hereafter refers to all visitors to our website.

4. Which of your personal data do we collect, and for what purposes and/or on which legal basis do we process it?

If you visit our website without registering or providing us with information in any other way, we will only process the personal data that is transmitted from your browser to our server. This includes, to the best of our knowledge, the data listed below, which is required in order to display our website in your browser and ensure its stability and security:

• IP address of the accessing computer
• Date and time of the access
• Name and URL of the requested file
• Access status/HTTP status code
• Quantity of data transmitted
• Website from which the request came (referrer URL)
• Browser used
• Operating system

If you provide us with further personal data, such as in an enquiry via e-mail, we may also process further data, such as:

• User data (e.g. name, address)
• Contact data (e.g. e-mail address, telephone number)
• Content data (e.g. text entered)
• Usage data (e.g. visited pages)
• Communication data/metadata (e.g. IP addresses)

We also process the following personal data, insofar as you provide it, for the purposes of providing contractually agreed services, as well as for customer service and customer management:

• Contractual data (e.g. subject matter of the contract, client number)
• Payment data (e.g. bank details)

We process the personal data collected when you visit our website for following purposes:

• Providing the functions and content of our website
• Ensuring the establishment of a smooth connection to our website
• Ensuring convenient use of our website
• Assessing and ensuring system stability and security, as well as general security measures
• Responding to any contact requests or communication with you
• Further administrative purposes
• Providing contractually agreed services
• Customer service
• Marketing/advertising

Should this privacy policy not refer to any specific legal basis, the processing of your personal data will be subject to the following: The legal basis for obtaining consent results from Art. 6 (1) lit. a, Art. 7 GDPR. The legal basis for data processing for the purposes of providing our services and performing contractual and pre-contractual measures, as well as for responding to enquiries of any kind is Art. 6 (1) lit. b GDPR. The legal basis for data processing for the purposes of complying with legal obligations is Art. 6 (1) lit. c GDPR. The legal basis for data processing that is necessary to protect the vital interests of the data subject or another natural person is Art. 6 (1) lit. d GDPR. The legal basis for data processing necessary for the purposes of our legitimate interests is Art. 6 (1) lit. f GDPR. A legitimate interest on our part results from the aforementioned purposes of data processing.

If, in the course of processing your personal data, we disclose this data to third parties, transmit it to them or allow them to access it in any other way, this shall occur exclusively on the basis of legal permission insofar as you have consented to this, if we are legally obliged to do so, or as the result of our legitimate interest. Legal permission shall be granted in particular if the transmission of the data is necessary in order to comply with contractual obligations (e.g. transmission to payment or postal service providers). A legitimate interest can also arise if we use your data for direct advertising or the prevention of fraud, or if you are already one of our clients. A legitimate interest can also arise when using web or e-mail hosting services, cloud computing providers or other service providers. Such service providers often act as so-called data processors on the basis of a corresponding agreement. They are also legally obliged to comply with data privacy regulations and ensure this compliance on the basis of a contract. The legal basis for this kind of data processing relationship is Art. 28 GDPR.

5. To whom do we transmit your data?

Unless otherwise specified in this privacy policy, we regularly work with the following data recipients in particular:

• Web hosters
• IT service providers

We carefully choose all external service providers with whom we work. In the event of data processing relationships with these service providers (Art. 28 GDPR), the service providers are contractually bound to our instructions and are regularly checked by us. In the event of a joint controller relationship (Art. 26 GDPR), this will be subject to corresponding contractual provisions. You can find further information about this in the following descriptions of the individual services. The legal basis for transmitting your personal data is specified above under point 4.

6. Is your data transmitted to bodies outside the EU?

Your personal data is not transmitted to third countries (i.e. countries outside the EU or EEA).

7. For how long do we process your data?

The period for which your personal data is stored is generally determined on the basis of the applicable statutory retention periods (e.g. based on commercial law or tax law). Unless otherwise specified below, your personal data will be routinely erased following the end of any applicable period, provided that it is no longer required for the purposes of fulfilling or initiating a contract, we have no legitimate interest in continued storage and/or you have not consented to continued storage.

In Germany, data is subject to specific retention periods, such as the following:

• According to commercial law (six years, e.g. for opening balances, annual accounts, accounting documents, etc.)
• According to tax law (ten years for all tax-relevant documents)
• According to labour law (e.g. six months for documents of rejected applicants)

8. What are your rights?

In regard to the processing of your personal data, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you (Art. 22 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)
• Right to lodge a complaint (Art. 77 GDPR)

The last three of these aforementioned rights will be explained in more detail below. If you have questions about your rights, please do not hesitate to contact us. You will find our contact information in the section about the controller above.

9. When and how can you object to data processing?

If your personal data is processed on the basis of a legitimate interest in accordance with Art. 6 (1) lit. f GDPR, you have the right to object to data processing at any time. As a consequence, we will no longer be allowed to continue processing your data in future, unless we can provide overriding reasons to do so that outweigh your interests, rights and freedoms, or if the data processing serves the assertion, exercise or defence of legal claims.

The right to object only applies insofar as there are reasons for this resulting from your specific situation or if you object to direct advertising, however. In the case of the latter, you have a general right to object that we will implement without the need to specify a specific situation.

Should you wish to exercise your right to object, please send a message to our postal address or e-mail address (see point 1 above).

10. When and how can you withdraw your consent?

You can withdraw consent at any time after granting it to us. As a consequence, we will no longer be allowed to continue the data processing on which this consent was based in future.

Should you wish to withdraw your consent, please send a message to our postal address or e-mail address (see point 1 above).

11. Where can you lodge a complaint?

You have the right to lodge a complaint in regard to our processing of your personal data with a data protection supervisory authority. You can find a list of data processing supervisory authorities in Germany via the following address:

https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

12. When and why is it necessary to provide personal data?

You provide us with personal data (e.g. your name or e-mail address) in the context of every enquiry or contact.
In some cases, you are legally required to provide your personal data (e.g. due to the provisions of tax law). You may also need to provide data for the purposes of performing contractual and pre-contractual measures. Not providing your personal data may make it impossible to conclude a contract with you or respond to your enquiry.
For the purposes of forming contractual or pre-contractual measures, or for communication with us, we require the following data in particular:

• Name/company name
• Address
• Email address/telephone number (e.g. for questions or responding to enquiries)
• In some cases, your client number (e.g. for support activities)

The provision of all other personal data is voluntary, unless otherwise specified in this privacy policy.

13. Do we use automated decision-making processes (e.g. profiling)?

We do not use automated decision-making processes such as profiling.

14. How can you get in contact with us?

You can contact us via post, fax, telephone, e-mail or our contact form, for example. You will find our contact information in the section about the controller above.

If you contact us via e-mail or our contact form, we will automatically store the personal data you voluntarily send to us for the purposes of processing your enquiry or contacting you. This personal data is not transferred to third parties.

15. How do we protect our website?

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (Art. 32 GDPR). These include measures to ensure the confidentiality, integrity and availability of data in particular. We have also set up business processes that ensure the safeguarding of data subjects’ rights, the erasure of data and reaction to data breaches in particular. Furthermore, we observe the principles of data protection law, including privacy by design and privacy by default (Art 25 GDPR).

Our website uses encrypted data transmission via SSL/TLS certificate for security reasons and to protect the transmission of your personal data and other confidential contents. You can see this in the address bar of your browser, where you will see “https” (instead of “http”), along with a padlock symbol and a different colour.

16. How do we handle the data of applicants?

We list job vacancies on our website as required, to which applicants can respond in electronic form (i.e. via e-mail and/or with PDF files), as well as accepting unsolicited applications. The data of applicants is processed electronically for the purposes of processing their applications. This application data includes in particular the applicant’s name, address, telephone number, e-mail address and date of birth, as well as information about their education or grades.

If the application results in the conclusion of an employment contract, the applicant’s data may be stored for the usual organisational and administrative purposes of the respective employee record. Otherwise, if the applicant is rejected, their data is erased six months after notice of the rejection. This applies unless there are no objecting legal requirements or if the respective applicant has consented to their data being stored for a longer time.

17. What are cookies and how do we use them?

Our website uses so-called cookies. These are small files containing information in text form that are saved on your browser and stored on your end device.

Transient cookies (also known as temporary cookies) are automatically deleted when you close your browser. These include session cookies in particular. Session cookies save a specific identifier (known as a session ID) with which your end device can be recognised when you visit our website again. This makes it possible to save the contents of a virtual shopping cart in an online shop or the user’s login status, for example. The session cookies are deleted when you log out or close your browser.

Persistent cookies (also known as permanent cookies) are automatically deleted after a certain period, which varies depending on the respective cookie. This can result in data being stored for longer periods, such as user information for measuring reach or marketing purposes, or a login status.

Both temporary and permanent cookies can be divided into so-called first-party cookies and third-party cookies. First-party cookies are used by the controller, while third-party cookies are used by third parties.

You can delete cookies or object to the use of third-party cookies at any time via the security settings in your browser. Should you wish to generally object to the use of cookies for the purposes of online marketing, you can do so via various services or providers such as the American website www.aboutads.info/choices or the European website www.youronlinechoices.com. Please note that if you do so, it may not be possible to use all the functions of our website.

We can use both first-party and third-party temporary and permanent cookies on our website, so that we can identify you when you return to our website if you have an account with us, for example (otherwise you would have to log in again every time you visit). You may find further information on this in our privacy statement.

We only use cookies that are technically necessary for the operation of our website.

The legal basis for the use of cookies is Art. 6 (1) lit. f GDPR or on the basis of your consent (Art. 6 (1) lit. a GDPR).

We use the cookies that are technically necessary for the operation of our website (e.g. “WSESSIONID” for session management or “wDisableWaNextRequest” to prevent repeat recording in the Weblication statistics when you access our website).