Skip to content
Startseite » Data Protection Information

Data Protection Information

We, FACT GmbH Wirtschaftsprüfungsgesellschaft and FACT Rechtsanwaltsgesellschaft mbH, treat your personal data confidentially in compliance with the data protection regulations. Irrespective of the nature of your business relationship with us or the context in which you contact us, we would like to explain below how we process your data and ensure its protection. 

For reasons of readability, gender-specific language is not used. All personal designations apply equally to all genders.

General information on data processing

Controller for data processing

The controller responsible for data processing is:

FACT GmbH Wirtschaftsprüfungsgesellschaft

Johanna-Waescher-Straße 13

34131 Kassel Germany

Contact 

Tel.: +49 (0) 561 316686-0

E-Mail: info@fact-ks.de info@fact-ks.de

Within the scope of data processing, we act as joint controllers pursuant to Art. 26 GDPR together with FACT Rechtsanwaltsgesellschaft mbH with regard to the joint operation of the website and the use of jointly used databases, platforms and IT systems. For this purpose, we have set out in an agreement on joint controllership how the respective tasks and responsibilities for the processing of personal data are structured and who fulfils which data protection obligations. In particular, we have defined how an adequate level of security and your data subject rights can be ensured. The group of companies is hereinafter referred to as “FACT”.

Data Protection Officer

It is important to us that data processing is compliant with data protection law and secure. In order to demonstrate this externally, we have appointed an external Data Protection Officer.

Datenschutzberatung Moers GmbH

Neue Straße 22

34369 Hofgeismar Germany

Bei Fragen zum Datenschutz steht Ihnen unser Datenschutzbeauftragter unter fact-ks@dsb-moers.de gerne zur Verfügung. Möchten Sie Ihr Anliegen direkt und vertraulich an den Datenschutzbeauftragten richten, finden Sie unter www.dsb-moers.de further contact details.

Purposes and legal bases of data processing

The purposes of data processing by FACT are the provision of services, fulfilment of contracts, fulfilment of legal obligations, provision of information about FACT services and enabling contact with us.

Otherwise, personal data are processed on the basis of one of the following legal bases:

  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
  • Art. 6(1)(c) GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject under applicable EU law or the law of a country in which the GDPR is wholly or partly applicable.
  • Art. 6(1)(f) GDPR for the processing of personal data necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our legitimate interests include, in particular, our economic interest in ensuring information security on our website and in our systems, informing about our services and enforcing our legal claims as well as compliance with further legal provisions.

Recipients of data

For our data processing activities, we use service providers bound to confidentiality and data protection obligations. These categories of recipients include: IT service providers, software providers, hosting companies, data destruction companies as well as financial authorities, social security institutions, banks, company registers and external advisers. For quality control of auditing activities, data may be transmitted to other auditors. Disclosure to authorities shall only take place where overriding legal provisions exist. Data shall only be transferred to third countries if the requirements of Art. 44 et seq. GDPR are fulfilled.

Storage period and erasure of personal data

We process personal data only for as long as necessary to achieve the purpose. If the purpose of processing ceases to apply, we erase the data in accordance with Art. 17 GDPR. After the purpose has ceased, we retain the data in accordance with statutory retention periods. Any further storage shall only take place if an exception pursuant to Art. 17(3) GDPR applies.

Your rights to access, rectification, erasure, objection and data portability

You may exercise your rights to access, rectification and erasure of data at any time. Simply contact us using the contact details provided above. If you request erasure of your data but we are still legally obliged to retain them, access to your data will be restricted (blocked). The same applies in the event of an objection. You may exercise your right to data portability insofar as the technical possibilities are available both to the recipient and to us. 

If we have obtained your explicit consent for data processing, you may withdraw your consent at any time with effect for the future using the contact options described above.

Right to lodge a complaint

Sollten Sie sich hinsichtlich der Verarbeitung Ihrer Daten beschweren wollen, haben Sie stets die Möglichkeit, uns direkt telefonisch +49 (0) 561 316686-0 oder per E-Mail an info@fact-ks.de zu kontaktieren. Möchten Sie Ihr Anliegen direkt und vertraulich an den Datenschutzbeauftragten richten, verwenden Sie die E-Mail-Adresse fact-ks@dsb-moers.de . Weitere Kontaktdaten finden Sie unter www.dsb-moers.de. Weiterhin steht Ihnen die Möglichkeit offen, eine Beschwerde bei einer Datenschutz-Aufsichtsbehörde einzureichen.

Obligation to provide data

Without accurate information from you, it is not possible to use our services, perform contractual agreements or process your request. You are therefore obliged to provide correct information to the best of your knowledge.

Currency and amendment of this privacy information

This privacy information is dated 12 May 2026. The privacy information is regularly reviewed and further developed. The current version is available at: https://www.fact-ks.de/de/datenschutz/. https://www.fact-ks.de/de/datenschutz/.

Privacy information for visitors to the website

When providing our website, we comply with the requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the German Digital Services Act (DDG) and the Telecommunications Digital Services Data Protection Act (TDDDG). The purpose of data processing on this website is to provide information about our company’s products and services, combined with enabling users to contact the relevant persons in a targeted manner.

When you visit the website, a connection is established with your browser. The following information collected in this context is temporarily stored in system files and recorded automatically: IP address of your device, date and time of access, name and URL of retrieved files, website from which access is made or from which you were redirected to our site (referrer URL), browser used and, if applicable, the operating system of your device as well as the name of your provider.

The aforementioned data are processed for the purpose of ensuring a smooth connection and system security. The connection data are automatically deleted. If the website is misused, log data required for evidential purposes will be retained until the incident has been clarified.

Contact form

If you contact us via our contact form, your data from the form will be processed for handling your request. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future. The data will then be erased. If your request does not give rise to a retention obligation, the data will be erased after three years. Your data will be forwarded internally to the responsible contact person. Data will not be disclosed to third parties without your consent.

Use of storage technologies on your terminal device

This website uses storage technologies (“cookies” and/or your browser storage) to enable storage of your use of the website. The information generated by cookies about your use of this website is used to pursue the purpose of data processing in compliance with the respective legal bases.

Where the use of storage technologies is necessary for the functionality of the website, we use them on the basis of our legitimate interests. The legal basis is Art. 6(1)(f) GDPR in conjunction with Section 25(2) No. 2 TDDDG. The cookies are deleted at the end of the session.

Where cookies are used that are not necessary for the operation of the website, we request your prior consent. The legal basis is Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. The cookies are deleted after a maximum of 2 years. You can prevent the installation of cookies by adjusting your browser software; however, please note that you may not be able to use all functions of this website to their full extent. Data collection is anonymised; the data collected cannot be related to your person.

Borlabs Cookie Banner

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents. Borlabs Cookie does not process personal data for its own purposes. The borlabs-cookie stores the consents you have given when entering the website. If you wish to withdraw these consents, simply delete the cookie in your browser. When you revisit/reload the website, you will be asked again for your cookie consent.

Google Tag Manager

We use “Google Tag Manager” of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to manage Google services. This is used to manage the Google services on our site; no data processing is carried out by Google Tag Manager.


Google Ads

We use Google Ads tags from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to optimise our advertising. This is done on the basis of your consent pursuant to Art. 6(1)(a) GDPR for the analysis of our website and the economic optimisation of our services.

Data processing with Google Ads serves the purpose of ensuring that advertising is only displayed to interested persons. Within the scope of remarketing, code, small graphics and cookies from Google are integrated into our website. These make it possible to trace which websites you visit outside our site and which content interests you. This enables us to determine which advertising on Google has led to actions/orders by users on our site. We only receive the number of users who clicked on an advertisement and cannot establish any connection to your person. Within the scope of this processing, it cannot be ruled out that this information is transmitted to a Google server in the USA. Data transfer to the USA only takes place if the requirements of Art. 44 et seq. GDPR are met. The contents are processed pseudonymously and are not combined with other data such as your name or email address, unless you allow Google to do this yourself via your user account. Further information can be found in Google’s detailed privacy informationhttps://www.google.com/policies/privacy). If you have a Google account, you can manage the settings for Google services and also object to data processing here: https://policies.google.com/technologies/ads.

Google Analytics

This website uses Google Analytics 4, a web analytics service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

With your consent, “cookies” (text files) are stored on your terminal device in order to enable an analysis of the use of the website. Your IP address is transmitted to Google servers in the USA in anonymised form. For this purpose, we use a server-side tagging server (SSTS). On our behalf, Google uses the information to evaluate the use of the website, to compile reports on website activities and to provide us with further services associated with website use and internet use. User data are deleted after 2 years at the latest. 

Sie können Ihre Einwilligung jederzeit mit Wirkung für die Zukunft widerrufen, und die Nutzung von Daten durch Google verhindern, indem Sie das verfügbare Browser-Plugin herunterladen und aktivieren: http://tools.google.com/dlpage/gaoptout?hl=de

You may also prevent the storage of cookies by making the appropriate settings in your browser software; however, we point out that in this case you may not be able to use all functions of this website to their full extent.

Further information on data protection at Google can be found at https://policies.google.com/privacy. https://policies.google.com/privacy.

TranslatePress

Wir verwenden das Plugin TranslatePress der SC Reflection Media SRL, Str. Armoniei, nr. 23A, Ap. 46, Timis County, Timisoara City, Rumänien, um unsere Website in mehreren Sprachen bereitzustellen. Die Übersetzungen werden lokal in unserer WordPress-Datenbank gespeichert. Beim Besuch der Website wirdein Cookie gesetzt, um die vom Nutzer gewählte Spracheinstellung zu speichern. Eine automatische Sprachumleitung oder Standorterkennung auf Basis von IP-Adresse oder Geolocation erfolgt nicht. Externe Übersetzungsdienste werden von uns nicht verwendet. Rechtsgrundlage ist unser berechtigtes Interesse ander nutzerfreundlichen mehrsprachigen Bereitstellung unserer Website gemäß Art. 6 Abs. 1 lit. f DSGVO.Weitere Informationen finden Sie in den Datenschutzinformationen von TranslatePress: https://translatepress.com/privacy-policy/

Data security/encryption

This website uses “Hypertext Transfer Protocol Secure” (https). The connection between your browser and our server is encrypted.

3. Data processing in the context of client mandates

The processing of personal data within the scope of our mandates in the areas of financial auditing, legal advice and tax advisory services is carried out for the establishment, performance and execution of the respective mandate relationship on the basis of Art. 6(1)(b) GDPR.

Insofar as the processing is necessary for the fulfilment of statutory or professional obligations, it is carried out on the basis of Art. 6(1)(c) GDPR in conjunction with the respectively applicable professional regulations, in particular the German Tax Consultancy Act (StBerG), the German Public Accountant Act (WPO) and the Federal Lawyers’ Act (BRAO).

The processing of special categories of personal data within the scope of the mandate is carried out, where necessary, for the establishment, exercise or defence of legal claims pursuant to Art. 9(2)(f) GDPR.

In the case of personal data of opposing parties, witnesses, employees, family members or other third parties who are not contractual parties to the mandate relationship, the processing is carried out on the basis of Art. 6(1)(f) GDPR. The legitimate interest lies in the proper handling of the mandate and, where applicable, in the pursuit or defence of legal claims by us, our clients or third parties. Insofar as special categories of personal data are processed in this context, this is also carried out on the basis of Art. 9(2)(f) GDPR.

In this context, we process the following categories of data: client identification and contact data (for example client number, name, contact details, bank details, email address) as well as all information within the scope of tax advisory services, financial auditing and legal advice.

In addition, on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR, we contact our clients to provide them with information on developments at FACT and relevant legal changes.

Your data will be stored for the duration of the performance of the contract; after the end of the contractual relationship, we are obliged to retain tax-relevant documents for 10 years after the end of the financial year and calendar year. The data will then be deleted unless professional regulations make longer storage necessary for the purpose of conflict checks. Data relating to clients in legal mandates are stored for up to 30 years in accordance with the regular limitation periods.

4. Data processing in the job application process

When you submit a job application, we process your data for the purpose of carrying out the application process and deciding whether to establish an employment relationship, on the basis of Art. 6(1)(b) GDPR, Art. 88(1) GDPR in conjunction with Section 26 German Federal Data Protection Act (BDSG). Your data will not be disclosed to other companies. Disclosure to authorities will only take place where overriding legal provisions apply. In this context, we process the following categories of data: name, interests, qualification data, contact details, date of birth, educational background and employment history.

Your data will be stored for the duration of the job application process. If you enter into an employment relationship with us, your application data will be stored for the duration of your employment relationship, where required. If your application is rejected, we will retain your data on a legal basis for a further six months and then delete it. In the case of speculative applications or if you consent to longer retention of your data for possible future employment opportunities, we will retain your data until you withdraw your consent or for a maximum of two years.

5. Processing of data of business partners, service providers and third parties

If you express an interest in a business relationship with us, we process your data for the initiation of the contractual relationship on the basis of Art. 6(1)(b) GDPR. If you are in contact with us as a business partner, we process personal data for the performance of our contractual agreements with you on the basis of Art. 6(1)(b) GDPR and on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR in maintaining our business relationships. This includes credit checks, planning, management, control of business units and quality standards, and maintenance of business relationships. In this context, we process the following categories of data: bank details; payment data; contact details; address data; job title; name; product data.

If you contact us and there is no initiation of a contract, we process your data on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR for the organisation of our business operations. In doing so, we take into account that no processing of personal data takes place without an overriding legitimate interest. The following data may be processed: identification and contact data (e.g. first and last name, email address, telephone number, address), communication- and occasion-related data (e.g. content of your enquiry, correspondence), organisational and context data (e.g. role, position or company affiliation, if provided) as well as technical data (e.g. IP address and log data when using electronic means of communication).

Your data will be stored for the duration of the performance of the contract. If no contract is concluded, the data will be deleted after 3 years. After the end of the contractual relationship, we are obliged to retain tax-relevant documents for 10 years after the end of the financial year and calendar year. The data will then be deleted.

6. Data processing relating to our LinkedIn presence

We use our LinkedIn presence to provide information about our company, our products and services, combined with the possibility for users to interact with us directly. The legal basis for data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interest is, in particular, our economic interest in sharing information about our company with customers, prospective customers, applicants and third parties and being able to contact them.

If we publish image and audio recordings of persons, this is carried out on the basis of consent (legal basis: Art. 6(1)(a) GDPR) or on the basis of a contractual assignment of usage rights (legal basis: Art. 6(1)(b) GDPR).

An agreement on data processing has been concluded between us and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, which is available here: https://legal.linkedin.com/dpa https://legal.linkedin.com/dpa/DE.

It cannot be ruled out that user data are processed on systems outside the European Union. LinkedIn has undertaken to comply with EU data protection standards. Data transfers to systems outside the EU shall only take place if the requirements of Art. 44 et seq. GDPR are met. Further information can be found at: https://www.linkedin.com/help/linkedin/answer/a1343190/?lang=en-US

LinkedIn’s privacy policy can be found here https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy..

Disclosure of your data to authorities shall only take place where overriding legal provisions exist. 

If your rights need to be asserted against LinkedIn, we will forward your request to LinkedIn. Further information regarding the exercise of your data subject rights in relation to LinkedIn can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy..

Further information on how you can assert or exercise your data subject rights directly against LinkedIn (e.g. account settings, downloads or requests) can be found at: https://www.linkedin.com/help/linkedin/answer/50191?trk=microsites-frontend_legal_privacy-policy&lang=de.

Use of Insights Data

We place advertisements on LinkedIn and use Insight Data provided by LinkedIn in order to evaluate the behaviour of our target group or users in the context of interaction with our page. The targeted delivery of advertising is a legitimate interest of our company. LinkedIn users are informed of this; responsibility for data collection lies primarily with LinkedIn. An agreement on joint controllership has been concluded with LinkedIn. Users’ conflicting legitimate interests, in particular the display of individually targeted advertising, do not outweigh our interests. The legal basis for us is Art. 6(1)(f) GDPR in conjunction with joint controllership with LinkedIn. The agreement on joint controllership can be found here: https://legal.linkedin.com/pages-joint-controller-addendum. If you assert your data subject rights against us, we will forward them to LinkedIn in accordance with the agreement.