Privacy Policy

Privacy Policy

1. Name and contact details of the person responsible


The following Privacy Policy is a joint declaration of the following companies of the Andrä Consulting Group:

Andrä Steuerberatung - Andrä & Kollegen Partnerschaft Steuerberater und Rechtsanwalt mbB - Andrä Consultants Unternehmensberatung GmbH - A&P Auditing Wirtschaftsprüfungsgesellschaft

Please refer to the imprint on our website for further information on these companies.

Contact: Andrä Consulting Group, Steinbeisstraße 13, 71332 Waiblingen,, +49 7151 959500


2. Scope and purpose of the processing of personal data


2.1 Accessing the website

When this website is called up, data is automatically sent to the server of this website by the Internet browser used by the visitor and stored in a log file for a limited period of time. Until automatic deletion, the following data will be stored without further entry by the visitor:

  • IP address of the visitor's mobile device,
  • date and time of the visitor’s access,
  • name and URL of the page accessed by the visitor,
  • website from which the visitor arrives at the firm's website (so-called referrer URL),
  • browser and operating system of the visitor's end device and the name of the access provider used by the visitor.

The processing of these personal data is in accordance with art. 6 para. 1 (1) letter. f) GDPR. The firm has a legitimate interest in data processing for the purpose of

  • quickly establishing a connection to the firm's website,
  • enabling a user-friendly use of the website,
  • recognising and ensuring the security and stability of the systems and
  • facilitating and improving the administration of the website.

The processing expressly does not take place for the purpose of gaining knowledge about the visitor of the website.


3. Sharing data

Personal data are transmitted to third parties if

  • pursuant to art. 6 (1) first sentence, a) of the GDPR, the data subject has expressly consented thereto,
  • the transfer pursuant to art. 6(1), first sentence, f) of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that the data subject has an overriding interest worthy of protection in not sharing his/her data,
  • for the data transfer pursuant to art. 6(1), first sentence, c) of the GDPR there is a legal obligation and/or
  • pursuant to art. 6(1) first sentence, b) GDPR this is necessary for the fulfilment of a contractual relationship with the data subject.

In other cases, personal data will not be shared with third parties.


4. Cookies 

In other cases, personal data will not be passed on to third parties. These are data packs that are exchanged between the server of the firm's website and the visitor's browser. These are stored when visiting the website by the devices used (PC, notebook, tablet, smartphone, etc.). In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. Information is stored in the cookies that results in each case in connection with the specifically used terminal device. Under no circumstances can the firm obtain direct knowledge of the identity of the website’s visitor.

Cookies are largely accepted according to the basic browser settings. The browser settings can be set so that cookies are either not accepted on the devices used or that a special message is displayed before a new cookie is created. However, it should be noted that the deactivation of cookies may result in not all functions of the website being used in the best possible way.

The use of cookies serves to make the use of the firm's website more convenient. For example, session cookies can be used to determine whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.

Temporary cookies are used to improve user-friendliness. They are stored on the visitor's device for a temporary period of time. When the website is visited again, the fact that the visitor has visited the site before is automatically recognised as are the entries and settings that were made in order not to have to repeat them.

Cookies are also used to analyse website accesses for statistical purposes and to improve the service. When the site is visited again, these cookies make it possible to automatically recognise that the visitor has previously accessed the web page. Here, cookies are automatically deleted after a specified period of time.

The data processed by cookies for the aforementioned purpose to protect the justified interests of the firm are authorised by art. 6 para. 1(1) letter f) GDPR.


5. Analysis services for websites, tracking


The legal basis for the use of the analysis tools is art. 6 para. 1(1) letter f) GDPR. The website analysis is in the legitimate interest of our firm and serves the statistical recording of the use of the website for the continuous improvement of our firm website and the offer of our services.


6. Your rights as a data subject

If your personal data are processed during your visit to our website, you as the "data subject" are entitled to the following rights within the meaning of the GDPR:


6.1 Information art. 15 GDPR

You may request information from us as to whether your personal data is processed by us. There is no right to information if the provision of the requested information would violate the duty of confidentiality pursuant to § 83 StBerG or if the information must be kept secret for other reasons, in particular because of a predominant legitimate interest of a third party. Deviating from this, there may be an obligation to provide information if your interests outweigh the interest in confidentiality, especially taking into account impending damages. Furthermore, the right to information is excluded if the data are only stored because they may not be deleted due to legal or statutory retention periods or exclusively serve purposes of data securing or data protection control, provided that the provision of information would require a disproportionately high effort and processing for other purposes is excluded by suitable technical and organisational measures. If in your case the right to information is not excluded and your personal data is processed by us, you can request information from us about the following information:

  • purpose of the processing,
  • categories of your personal data that is processed,
  • recipients or categories of recipients to whom your personal data is disclosed, in particular recipients in third countries,
  • if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the storage period,
  • the existence of a right to rectification, deletion or limitation of the processing of personal data concerning you or a right of opposition to such processing,
  • the existence of a right of appeal to a data protection supervisory authority,
  • if the personal data have not been collected from you as the data subject, the available information on the origin of the data,
  • the existence of automated decision making, including profiling and meaningful information on the logic involved, as well as the scope and intended effects of automated decision making,
  • if applicable, in the case of transfer to recipients in third countries, unless the EU Commission decides on the adequacy of the level of protection in accordance with art. 45 para. 3 GDPR exists, information on which suitable guarantees according to art. 46 para. 2 GDPR for the protection of personal data are intended.


6.2 Correction and completion art.16 GDPR

In the even that you discover that we have incorrect personal data from you, you can ask us to correct this incorrect data immediately. In the case of incomplete personal data concerning you, you may request the completion.


6.3 Deletion art. 17 GDPR

You have a right to deletion ("right to be forgotten"), provided that the processing is not necessary to exercise the right to freedom of expression, the right to information or to fulfil a legal obligation or to perform a task which is in the public interest and one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were processed.
  • The basis of justification for the processing was exclusively your consent, which you have revoked.
  • You have filed an objection to the processing of your personal data, which we have made public.
  • You have objected to the processing of personal data not made public by us and there are no overriding legitimate reasons for the processing.
  • Your personal data has been processed unlawfully.
  • The deletion of personal data is necessary to fulfil a legal obligation to which we are subject.

There is no entitlement to deletion if deletion is not possible or only possible with disproportionate effort in the case of legal, non-automated data processing due to the special type of storage and your interest in deletion is low. In this case, a limitation of processing takes the place of deletion.


6.4 Limitation of processing art. 18 GDPR

You may request us to limit processing if one of the following reasons applies:

    • You dispute the accuracy of your personal data. In this case, a limitation may be required for the duration that enables us to verify the accuracy of the data.
    • The processing is unlawful and instead of deletion you request the limitation of the use of your personal data.
  • We no longer need your personal data for the purposes of processing, but for asserting, exercising or defending legal claims.
  • You have lodged an objection as per art. 21 para. 1 GDPR. The limitation of processing may be required as long as it is not yet clear whether our justified reasons outweigh your reasons.

Limitation of processing means that personal data will only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest. Before we lift the restriction, we have a duty to inform you.


6.5 Data transferability art. 20 GDPR

You have a right to data transferability, provided that the processing is based on your consent (art. 6 para. 1(1) letter a) or art. 9, para. 2, a) of the GDPR) or is based on a contract to which you are a party and the processing is carried out by means of automated procedures. In this case, the right to data transferability includes the following rights, provided that this does not affect the rights and freedoms of other persons: You can ask us to receive the personal data you have provided to us in a structured, common and machine-readable format. You have the right to pass this data on to another person responsible without hindrance on our part. If technically feasible, you can request that we transfer your personal data directly to another person responsible.


6.6 Right to objection art. 21 GDPR

As long as the processing is based on art. 6 para. 1(1) e) GDPR (performance of a task in the public interest or in the exercise of official authority) or art. 6 para. 1(1) f) GDPR (legitimate interest of the person responsible or a third party), you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation. This also applies for a profiling supported by art. 6 para. 1(1) letter e) GDPR. After exercising the right of objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You may at any time object to the processing of personal data concerning you for direct marketing purposes. This also applies to profiling in connection with such direct advertising. After exercising this right of objection, we will no longer use the personal data concerned for direct marketing purposes.

You have the option to inform us of your objection informally by telephone, by e-mail or to our postal address listed at the beginning of this privacy policy.


6.7 Revocation of consent

You have the right to revoke your consent at any time with effect for the future. The revocation of the consent can be communicated informally by telephone, by e-mail or to our postal address. The legality of the data processing, which is based on the consent until receipt of the revocation, is not affected by the revocation. After receipt of the revocation the data processing, which was based exclusively on your consent, is stopped.


6.8 Complaint

If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with a data protection supervisory authority responsible for your place of residence or work or for the place of the alleged infringement.


7. Data security

We use the popular SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this uses a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether an individual page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.


8. Newsletter - conclusion of a contract for order data processing

We concluded a contract for the processing of order data with our web host Weise&Stark GmbH & Co. KG. As a result of this, they concluded a contract with Newsletter2Go in which Newsletter2Go is obliged to protect the data of our customers and not to share these with third parties. This contract can be seen under the following link:


9. Version and updating of this Privacy Policy

This Privacy Policy was updated on May 25, 2018. We reserve the right to update the privacy policy in due course in order to improve data protection and/or adapt it to changes in official practice or case law.