Privacy Policy

Data protection
for website visitors - January 2021

Our Privacy Policy explains what information we collect, for what reason and how we use this information. In particular, we provide information in accordance with the provisions of Art. 12-14 GDPR (EU-Verordnung 216/679) and your rights as a data subject.

Responsible party

Dr. Dienst, Zerfass & Kollegen GmbH
Tax consulting firm

Speicherstraße 53
60325 Frankfurt am Main

Telephone: +49 69 95 68 09-0


Please direct any questions, declarations and queries concerning data use to

Dr. Dienst, Zerfass & Kollegen GmbH

FAO the Data Protection Officer
Speicherstraße 53
60325 Frankfurt am Main

Telephone: +49 69 95 68 09-0

Preferably also by e-mail to

Scope of application

The following declaration applies to all websites of the Dr. Dienst & Partner Group and associated companies which make reference to the policy.

Purposes of processing

The purposes of processing are to provide the website, optimise our content, identify sources of error, secure the website and optimise performance.

If you use our contact form, another purpose of processing is to handle communication.

Categories of data subjects

  • Website visitors
  • Clients and other contractual partners
  • Prospective clients

Types of processed data

  • Inventory data (e.g. names, addresses)
  • Content data (e.g. test entries, photographs, videos)
  • Contact data (e.g. email, telephone numbers)
  • Meta/communication data (e.g. device information, IP addresses)
  • Usage data (e.g. websites visited, interest in content, access times)

Relevant legal provisions

In order to legitimately process personal data, processing must be lawful. We process personal data in connection with your visit to this website on the basis of the legal provisions listed below:

Consent in accordance with Article 6 (1) (a) GDPR (EU-Verordnung 216/679)

The processing is legitimate if specific consent has been granted, whereby this consent can be withdrawn at any time in the future.

Contractual fulfilment or pre-contractual measures in accordance with Article 6 (1) (b) GDPR (EU-Verordnung 216/679)

The processing is necessary for the fulfilment of a contract to which the data subject is a party or for pre-contractual measures required for the execution of this contract which take place at the request of the data subject.

Legal obligation in accordance with Article 6 (1) (c) GDPR (EU-Verordnung 216/679)

The processing is required to fulfil a legal obligation to which the controller is subject.

Legitimate interests in accordance with Article 6 (1) (f) GDPR (EU-Verordnung 216/679)

The processing is lawful if it is necessary to safeguard the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular if the data subject is a child.

National regulations

In addition to the General Data Protection Regulation, national statutory provisions in connection with data protection also apply. The Federal Data Protection Act (BDSG) specifies the rights of data subjects (right to information, right to deletion, right of objection), the processing of special categories of personal data according to Article 9 GDPR, profiling, data processing within the scope of an employment relationship (Section 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships and the consent of employees. Finally, data protection laws may also apply at the state level.

Security measures taken

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures in particular include securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, but also access to the data, its input, forwarding of the data and ensuring its availability and separation. We have also set up procedures which ensure that the rights of data subjects can be exercised, data can be deleted and measures are taken if the data is under threat. Furthermore, we take the protection of personal data into account when developing and selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

We use SSL encryption to protect your data when transmitted using our online service. You can recognise these encrypted connections by the prefix https:// in the address line of your browser.

Information about cookies

We use cookies. Cookies are text files which are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters which enables the browser to be clearly identified when the website is accessed again. We use cookies to make our website user-friendly. Some elements of our website require the accessing browser to be identified after changing pages. The following data is stored and transmitted in the cookies: Language settings, items in a shopping cart, log-in information, etc.

The purpose of using technically necessary or functional cookies is to enable the website to function (necessary) or to simplify the use of websites for users (functional). Some functions of our website cannot be provided without the use of cookies. For these functions to work, the browser also needs to be recognised after changing pages. We need cookies to make the shopping cart available, adopt language settings, remember search terms, etc. Processing is therefore based on Article 6 (1) (b) or (f) GDPR.

We also use cookies on some of our websites to allow us to analyse users’ surfing behaviour. This involves the transfer of entered search terms, the frequency of page views, the use of website functions etc. The user data collected in this way is pseudonymised as a technical precaution. It is then no longer possible to link the data to the accessing user. The data is not stored together with the other personal data of the user.

Legal basis for data processing using cookies:  The legal basis for processing personal data using technically necessary cookies is Article 6 (1) (f) GDPR). The legal basis for processing personal data using cookies for analysis purposes is Article 6 (1) (a) GDPR) if the user has granted relevant consent, otherwise Article 6 (1) (f) GDPR in conjunction with Recital 47.

External integration, tracking and re-targeting

We embed external content on our website, both due to technical necessity and for needs-based design, as described in the following.


We use the video portal YouTube operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on some of our pages. We use this service to embed videos stored on YouTube's servers and deliver content which is optimised for performance and on the basis of geographic location. We have integrated YouTube in a data protection-friendly way. You IP address may be passed on, along with data about your user behaviour.

Consent in accordance with Article 6 (1) (a) GDPR therefore forms the legal basis for embedding external content. Further information about data protection is also available at the following link:


When contacting us using a contact form, by email, telephone or social media, the information provided to answer the request and, if necessary, also carry out the requested measures, are processed.

Your request will be answered on the basis of Art. 6 (1) (b) GDPR in order to fulfil our contractual obligations or answer pre-contractual enquiries. In certain cases, legitimate interests in accordance with Article 6 (1) (f) GDPR may also form a legal basis.

Rights of the data subject

You have the right

  • in accordance with Article 15 GDPR, to confirmation that personal data relating to you is or has been processed by us and can request such information from us.
  • in accordance with Article 16 GDPR, to request without undue delay the rectification of your inaccurate or incomplete personal data stored by us;
  • in accordance with Article 17 GDPR, to request the erasure of your personal data stored by us provided the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • in accordance with Article 18 GDPR, to request the restriction of processing your personal data if you dispute the accuracy of the data, the processing is unlawful, but you oppose the erasure of the personal data and we no longer need the data but you require it for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Article 21 GDPR;
  • in accordance with Article 20 GDPR, to receive your personal data which you have provided us with in a structured, commonly used and machine-readable format or to request the transfer to another controller;
  • in accordance with Article 7 (3) GDPR, to withdraw your consent at any time. As a consequence, we will no longer be able to continue with the data processing which was based on this consent in future and
  • in accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. As a rule you can turn to a supervisory authority in your habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the EU’s General Data Protection Regulation (GDPR).

Data deletion 

Your data will generally be deleted if the data is not subject to any statutory retention periods, if the storage period - to which you have consented - has expired or if you exercise your right to deletion.