Skip to content

You are here:

Revoke cookie settings

Privacy Policy of PKF Munich

I. Preface

Data protection in general and the protection of personal data in particular have always been an important part of our procedures and processes - also because of our legal confidentiality obligation. The European wide applicable Basic Data Protection Regulation (DS-GVO) does not change our principle. However, we have adapted our previous procedures and processes to the European regulations.

Whether you are a client, prospect, applicant or visitor to our website, we respect and protect your privacy. Under no circumstances do we sell personal information to third parties.

In addition to this general data protection declaration, you will find further explanations on the DS-GVO page.

Your data subject rights
You can exercise the following rights at any time using the contact details provided by our data protection officer:

  • Information about your data stored by us and its processing (Art. 15 DSGVO),
  • Correction of incorrect personal data (Art. 16 DSGVO),
  • Deletion of your data stored by us (Art. 17 DSGVO),
  • Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),
  • Objection to the processing of your data by us (Art. 21 DSGVO) and
  • Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).

If you have given us consent, you can revoke it at any time with effect for the future.
You may at any time lodge a complaint with a supervisory authority, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller.

You can find a list of supervisory authorities (for the non-public sector) with address at:

SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

II. The entity responsible for data protection

The entity responsible for the purposes of the basic Data Protection Regulation (DS-GVO) and other national data privacy laws, such as the Federal Privacy Act (BDSG) or the Tele-Media Act (TMG) of the Member States, as well as other data protection regulations, is the:

PKF Industrie- und Verkehrstreuhand GmbH (PKF Munich)
Maximilianstrasse 27
80539 München

Tel. +49 89 290 32-0

PKF Munich is a member of the PKF International Limited Network and a member of a network of auditors in Germany pursuant to § 319b HGB. The network consists of legally independent member companies.

III. Data protection supervisor

If you have any questions about this Privacy policy, please contact our Data Protection Officer:

complimant AG
Franz Obermayer
Edt 4
84558 Kirchweidach


IV. To whom does this Data Protection Regulation apply?

The DS-GVO protects sensitive data of all entities. We store, use and transmit the personal data of clients, their shareholders or employees, exclusively to fulfill the respective order. This data is collected with the cooperation of the client or from information in public registers.

All other parties who come into contact with us, such as applicants, but also visitors to our website and persons who register on our website, are also protected.

V. What data are we talking about?

According to Art 4 DS-GVO, personal data are all information relating to an individual (the person concerned): first and last name, address, birth name, birth date, tax number, tax identification number. Technical information, such as email address, telephone number, IP address, is considered to be personal if, together with the other information, it allows a person to be identified.

The category of ‘particularly sensitive data’ includes, for example, information on ethnic origin, religious affiliation, health data, trade union affiliation or children's data. Unless there is a special permit under Article 9 of the DS-GVO, this ‘particularly sensitive data’ is not collected when using our website.

VI. Legal basis for processing

In so far as we obtain the consent of the persons concerned for processing of personal data, Article 6 para 1a DS-GVO serves as a legal basis. There is a ‘double Opt in’ procedure for consent to subscribe to our newsletter.

VII. Safety

We have taken measures to ensure all processing is in accordance to Article 32 of the DS-GVO. Only authorized persons can access personal data (access, entry and access control). Our data networks and servers are protected by state of the art technology against unauthorized access. i.e. hackers.

We encrypt your data in e-mail traffic in the most secure way technically possible, and as far as your IT technology is capable of decrypting the e-mail. Wherever this is not the case, you must give us written consent for unencrypted data exchange.

VIII. Data erasure and storage time

The personal data of the entity concerned will be deleted or blocked as soon as the purpose of its collection is completed.

If the data is no longer required for the fulfilment of contractual or legal obligations, it is deleted, unless its temporary retention is required by law.

IX. Provision of the website

1. Description and scope of data processing

Every time you access our website, our system automatically collects data and information from the computer system of the calling computer. The National Tele-Media Act (TMG) stipulates in § 13 para 1 that the user is to be informed at the beginning of their interface session about the nature, scope and purpose of the collection and use of personal data.

The following data is collected during use:

1. Information about the browser type and the version used
2. The user's operating system
3. The user's internet service provider (ISP)
4. The IP address of the user
5. Date and time of access
6. Websites from which the user's system reaches our website
7. Websites that are accessed by the user's system through our website

2. Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to enable the delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

Storage of ‘Logfiles’ is conducted to ensure the functionality of the website. We also use the data to optimize the website and to ensure the safety of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

3. Duration of storage

Data will be deleted as soon as it is no longer required to achieve the purpose of its collection. In the event that data is collected to provide access to the site, this is the case when the respective session is terminated.

In the case of storing data in Logfiles, deletion takes place after 30 days at the latest. However, in some necessary cases it will be stored longer than the normal 30 days. In this case, the IP addresses of the users are deleted or alienated, so that mapping of the calling client is no longer possible.

4. Special rights

Please refer to sections XIII to XVIII of the special rights in dealing with personal data.

X. Data protection information for online applications

1. Collection, processing and use of personal data

In the case of online applications, your personal data will also be protected in accordance with the applicable legal regulations, in particular the BDSG (new).

2. Storage and deletion of personal data

Your personal data will be collected, processed and used for the purpose of application processing and, where appropriate, within the framework of an employment relationship. However, for the purposes of application processing, it is retained for a maximum period of 6 months and is subsequently deleted, unless there is no permissible processing within the framework of an employment relationship. For statistical purposes, the data will still be processed and used in an anonymous form: it is not possible to assign this data to a single applicant.

3. Special rights

Please refer to sections XIII to XVIII of the special rights in dealing with personal data.

XI. Newsletter

1. Description and scope of data processing

We transmit our newsletters with the software CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. By ordering our newsletter, you agree that your data may be stored on CleverReach. We have a contract with CleverReach GmbH & Co. KG for the processing of personal data according to DSGVO.

It is possible for users to subscribe to and receive a free newsletter via our website. When registering for the newsletter, the data from the input form provided by our service provider (CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany) is stored. This data is retrieved via HTTPS and is encrypted.

The following data is collected via the newsletter registration process:

Email address

The following data is also collected at the point of registration:

1. IP address of the calling computer
2. Date and time of registration

Your consent will be obtained for the processing of the data as part of the registration process. You will receive a "welcome e-mail" with a request to confirm your registration for the newsletter ("double-opt-in") and refer to this privacy statement. Only then will we send you the newsletter.

Furthermore, you allow us to use the tracking options of CleverReach for the purpose of evaluation (opening behavior, click behavior, etc.). You may at any time revoke your consent to the storage and use of your personal data by PKF Industrie- und Verkehrstreuhand GmbH. This can be done via a link in our newsletters, via the unsubscribe form on our website, or via the contacts stated on our website. If you have subscribed to our German as well as the English newsletter, please note that you have to unsubscribe separately, as these are different mailing lists. For this purpose you will find the unsubscribe form for the German newsletter here.

2. Purpose of data processing

The user's e-mail address is collected for delivery of the newsletter.

3. Duration of storage

Data will be deleted as soon as it is no longer required to achieve the purpose of its collection. The e-mail address of the user will be saved as long as the subscription to the newsletter is active.

The other personal data collected as part of the registration process is generally deleted after a period of 30 days.

4. Possibility of opposition and elimination

The user can terminate the subscription to the newsletter at any time. For this purpose, you will find a link in each newsletter.

This also allows withdrawal of consent to the storage of the personal data collected during the registration process. Please refer to sections XIII to XVIII of the special rights in dealing with personal data.

XII. Contact form and e-mail contact

1. Description and scope of data processing

On our website there is a contact form which can be used for electronic contact. Data entered in the input fields on this form is transferred encrypted and retrieved by our employees in an encrypted form (HTTPS). This data is:

Telephone number
E-mail address (only required field)

The following data is also stored at the time of sending the message:

1. The IP address of the user
2. Date and time of registration

For the processing of the data, your consent is obtained within the framework of the submit operation and referred to this data protection declaration.

Alternatively, you can contact us via the email address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the request.

2. Purpose of data processing

The processing of the personal data from the input fields is used by us solely to process the contact. In the case of contact by e-mail, this also includes the necessary legitimate interest in the processing of the data.

3. Duration of storage

Data will be deleted as soon as it is no longer required to achieve the purpose of its collection. This is the case for the personal data from the input fields of the contact form and those sent by e-mail, if the respective conversation with the user is  terminated. The conversation ends when it is clear from the circumstances that the facts concerned have been clarified.

The additional personal data collected during the submit operation will be deleted at the latest after a period of 30 days.

4. Special Rights

Please refer to sections XIII to XVIII of the special rights in dealing with personal data.

XIII. Who gets your data (and why)?

Within PKF Munich and our PKF network, only those authorised will have access to your data, which they need to protect our legitimate interests or to fulfil the purpose or contractual and legal obligations.

For third parties outside the European Economic Area (EEA), the protection of personal data is handled differently than in the EEA. Therefore, we do not use service providers outside the EEA.

XIV. Your rights as an affected person of personal data

As a subject of the personal data you have the right to information, rectification, deletion, forgetting or limitation of its processing. You have the right to revoke your data protection consent at any time. The revocation of your consent does not affect the legality of the processing due to the consent until the revocation.

XV. Provision of personal data

You have the right to the personal data relating to you and which you have provided us, in a structured, common and machine-readable format. You also have the right to transmit this data to another responsible person without hindrance by the person responsible for providing the personal data.

XVI. Right to object

You have the right, for reasons arising from your particular situation to appeal at any time against the processing of the personal data relating to you, which is based on article 6 (1) lit. (e) or (f) DS GVO. This also applies to profiling based on these provisions.

XVII. Right to appeal

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority if you believe that the processing of your personal data is in breach of the DS-GVO.

XVIII. Automatic decision-making and Profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have a legal effect or affect you in a similar manner.

XIX. Cookies, social media, google analytics, and similar technologies

For more information about our use of these technologies and how to limit them, please refer to our statement regarding Cookies, Social Media, Google Analytics, and similar technologies.

XX. Questions about privacy policy

If you have any questions or suggestions regarding this privacy policy, you can contact our data protection officer:

complimant AG
Franz Obermayer
Edt 4
84558 Kirchweidach


Back to top of page