Transparency declaration
Transparency declaration for our customers (m/f/d)
Reason
Information
Affected
This privacy statement is addressed to all persons who conclude customer contracts with the responsible party (see below), regardless of whether these contracts are subject to a charge or not. All personal designations refer to all genders and the associated language forms, in particular diverse, female, male. Each person designation is to be understood with the addition “(m/f/d)”.
Responsible
The person responsible for the processing described here is: Expat Services UG (haftungsbeschränkt), Almstadtstr. 25, 10119 Berlin, [email protected]
Rights
(1) The data subjects have the following rights with regard to the data stored about them: the right to information, the right to correct incorrect data, the right to delete data for which there is no longer a reason for storage, to restrict processing and to data portability. Furthermore, they have the right to complain to the supervisory authority responsible for the controller.(2) Insofar as the processing is based on the consent of the data subjects, the data subjects may revoke their consent at any time and with effect for the future; for example, by sending an informal message to one of the above-mentioned contact channels (controller).
(3) Insofar as the processing is based on the fulfillment of a legitimate interest, thus on Article 6 (1) sentence 1 lit. f DSGVO, the data subjects may object to the processing at any time; for example, by sending an informal message to one of the above-mentioned contact channels (responsible party). If the objection is justified, the processing will be terminated. If the legitimate interest lies in direct marketing; the objection is always justified.
Further notes
(1) Automated decision-making, including profiling, does not take place.
(2) A legal obligation to process exists only if reference is made below to Article 6 (1) sentence 1 lit. c DSGVO.
Data processing
(1) The initiation of the contract proceeds as follows: Either the data subjects make initial contact with the controller or vice versa. Here, the controller processes all data that the data subjects voluntarily provide. This is often the contact data (name, contact data such as e-mail address and address). The data controller stores this data. The purpose is the initiation or establishment of a contract. The legal basis is Article 6 (1) sentence 1 lit. b DSGVO.
(2) After the conclusion of the contract, the responsible party collects the further communication data (IP address, delivery of service, answering follow-up questions) in order to fulfill the contract. The purpose is the performance of a contract. The legal basis is Article 6(1) sentence 1 lit. b DSGVO, Article 6(1) sentence 1 lit. c DSGVO, according to which the processing is necessary for compliance with a legal obligation to which the controller is subject and Article 6(1) sentence 1 lit. f.
(3) After the end of the contract, the customer data will be kept as follows.
- Data that are relevant for the taxation of the Responsible Party are generally retained for six years. Deviating from this, data is retained for ten years. The respective period begins in the year in which the document was created. The purpose is to fulfill a legal retention obligation. The legal basis is Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO.
- If the processing of the data is based on consent, the data processed on the basis of the consent is retained until the consent is revoked or until the purpose associated with its processing expires. The purpose is stated in the respective declaration of consent. The legal basis is Article 88 DSGVO in conjunction with. § Section 26 (2) BDSG2018.
- Data proving the granting of consent is retained for three years, with this period beginning on December 31 of the calendar year in which either the consent is revoked or the data is deleted for other reasons. The purpose is to fulfill a legal obligation to retain data. The legal basis is Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. Article 7 (1) DSGVO.
(4) In addition to paragraph 2, the Controller may transfer accounting data to an external tax consultancy. The legal basis is Article 6 (1) sentence 1 lit. f DSGVO. The legitimate interest follows from the necessity of providing external tax advice/support. Insofar as data is processed at the tax consulting firm, this does not constitute commissioned processing (cf. DSK Brief Paper 13), but rather a data transfer, which in turn is justified by Article 6 (1) sentence 1 lit. f DSGVO. This is therefore a case of other outsourcing.
(5) In addition to paragraph 2, the Controller shall transfer accounting data to the provider of external accounting software. The legal basis is Article 6 (1) sentence 1 lit. f DSGVO. The legitimate interest follows from the necessity of providing external, tax law advice/support.
(6) In addition to paragraph 2, the data controller may contact the data subjects by e-mail for promotional purposes. For this purpose, the data controller uses the following data: Name and e-mail address. The purpose is to address the data subjects in an advertising manner who are in a contractual relationship with the data subject. The legal basis is Article 6 (1) sentence 1 lit. f DSGVO, whereby the legitimate interest follows from the aforementioned purpose in conjunction with. Recital 47. The data subjects are informed that they may object to this processing at any time and without justification, without incurring any costs other than the transmission costs according to the prime rates.
(7) In addition to paragraph 2, the data controller shall transmit the data to the credit agency selected by the data controller for the purpose of fulfilling the contract.
Processors and third parties that receive data
The following third-party providers receive personal data:
Third-party providers: The accounting tool “Lexoffice” of Haufe-Lexware GmbH & Co. KG (Germany – EU) is used, which has been commissioned in accordance with Article 28 DSGVO.
Third-party providers: The accounting data is transmitted to an external tax consultancy firm. Insofar as data is processed at the tax consultancy firm, this does not constitute commissioned processing (cf. DSK Brief Paper 13), but rather a data transfer, which in turn is justified by Article 6 (1) sentence 1 lit. f DSGVO. It is, therefore a case of other outsourcing.
Third-party providers: This website uses Sendinblue to send emails and newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service with which, among other things, the sending of emails and newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on Sendinblue’s servers in Germany.
Third-party providers: This website uses Pension-Refund and Fundsback verification for the pension refund eligibility test. The providers are PR Pension-Refund GmbH, Bardelebenstr. 6, 40545 Düsseldorf, Germany and German Pension Contribution Service UG (haftungsbeschränkt), Schiffgraben 43, 30175 Hannover, Germany. The data provided by customers as part of the eligibility process is transmitted to the providers. The respective contractual and data protection provisions of the respective providers apply to these transactions. Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consents can be revoked at any time for the future.
Third-party providers: We include payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contract and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6 para. 1 lit. b DSGVO (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f DSGVO). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consents can be revoked at any time for the future. We use the following payment services / payment service providers within the scope of this website:
- PayPal – The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
- Stripe – The provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”). Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation. Details can be found in Stripe’s Privacy Policy at the following link: https://stripe.com/de/privacy.
- Mollie – The provider of this payment service is Mollie B.V, Keizersgracht 126, 1015CW Amsterdam, Netherlands (hereinafter “Mollie”). With the help of Mollie, we can integrate various payment methods on our website. Details can be found in Mollie’s privacy policy: https://www.mollie.com/de/privacy.