Privacy Policy

As the operator of the website at “www.stakeholder-reporting.com”, we attach great importance to protecting your privacy and personal sphere.

We collect and use the personal data of visitors to our website only to the extent necessary to provide the website and our content and services in a functional manner and to make it convenient for visitors to use.

Personal data is regularly only processed with the consent of the person visiting our website. In addition, processing may take place if prior consent cannot be obtained for factual reasons and data processing is permitted by law – in particular by the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

According to Art. 4 No. 1 GDPR, “personal data” means any information relating to an identified or identifiable natural person (“data subject”). This includes, for example, the name, address, date of birth, email address and telephone number.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (e.g. collection, storage, use or disclosure), in accordance with Art. 4 No. 2 GDPR.

According to Art. 4 No. 7 GDPR, the “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

With this privacy policy, we first inform you how you can contact us as the controller or our data protection officer (Section 1.).

Furthermore, we explain what data is processed when you visit or use our website, for what purposes and on what legal basis this is done, whether there is an obligation to provide the data and how long the data is stored (section 2.).

We also explain the extent to which data is transferred, to which third parties and which legal guarantees we use for data transfers to third countries (sections 3 to 5).

Finally, we will inform you of the rights to which you are entitled with regard to the processing of your personal data (section 7).

1. Names and contact details of the processor, contact details of the data protection officer

The controller responsible for data processing is:

Stakeholder Reporting GmbH & Co. KG
Schulterblatt 58 (Haus A)
20357 Hamburg
Tel.: +49 40 288 01 3800
E-Mail: info[at]stakeholder-reporting.com

Our company data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection. You can reach our external data protection officer via: datenschutz@mazars.de

2. Data processing when visiting and using our website

2.1 Storage of access data in log files

In principle, you can visit and use our website without providing any personal data. When you visit our website, the Internet browser you use automatically transmits certain access data to our server. This is the following data:

  • IP address
  • Browser used and its version and language
  • Operating system of the requesting computer
  • Date and time of access
  • Name and URL oft he page or file accessed
  • Website from which the access was made
  • Access status/http status code
  • Amount of data transferred in each case

Type and purposes of data processing:

This data is temporarily stored in a separate log file. The primary purpose of this is to ensure system security and stability in the long term and to enable technical administration in order to ensure a trouble-free connection and operation of our website and its convenient use. This data is also analysed in order to improve our online offering.

Legal basis

The legal basis for technical security is Art. 6 para. 1 lit. f) GDPR. With this data processing, we pursue the legitimate interest of maintaining the operational security of our website in order to be able to provide this website and the information contained therein without disruption and conveniently.

Storage period

The data is deleted as soon as it is no longer required to fulfil the aforementioned purposes for which it was collected.

2.2 Use of cookies

Type and purposes of data processing and storage duration of cookies

The website of Stakeholder Reporting GmbH & Co. KG website uses cookies. Cookies are small files that are sent by us to the browser of your end device and stored there when you visit our website.

Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, enable us to carry out various analyses.

For example, cookies are able to recognise the browser you use when you visit our website again and to transmit various information to us. With the help of cookies, we can make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings).

If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device.

Legal basis for the use of cookies

In the case of technically necessary cookies, the legal basis for the processing of personal data lies in Section 25 (2) TDDDG.

If you have given us your consent to the use of cookies for statistical or analytical purposes on the basis of a notice (“cookie banner”) provided by us on the website, the lawfulness of the processing is governed by Section 25 (1) TDDDG. The legal basis for the data processing that follows the storage of information in your terminal equipment or access to information is Art. 6 para. 1 lit. a) GDPR.

You can revoke your consent at any time with effect for the future by opening the cookie settings at the bottom left of the browser window. Withdrawing your consent does not affect the lawfulness of the processing of your data based on your consent prior to its withdrawal.

Storage duration

As soon as the data transmitted to us via the cookies is no longer required to fulfil the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law.

Configuration of the browser settings regarding cookies

Most browsers are set to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all.

However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are deactivated by your browser settings on our website.

You can also use your browser settings to delete cookies already stored in your browser. It is also possible to set your browser to notify you before cookies are stored.

As the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the configuration options.

If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.

2.3 Application and use of Google Maps

Type and scope of data processing by Google Maps

Content from Google Maps (“Google”) is integrated on our website. When you visit a subpage of our website on which Google Maps is integrated, data about your behaviour when using Google Maps is transmitted to Google and processed by Google. The processing and transmission to Google does not take place automatically, but only through an active click by the person visiting our website. Only through this conscious use is data about your behaviour when using Google Maps transmitted to Google and processed by Google. For example, Google receives the information that you have accessed the corresponding subpage of our website. The data processed by Google may include, in particular, your IP address and location data, which are not collected without your consent (usually in the context of your mobile device settings).

Purpose and legal basis for data processing by Google Maps

Google processes this data as user profiles and uses it for the purposes of market research and/or customising Google Maps. If you are a Google customer and are logged in to a Google service, this data will be linked directly to your Google account. If you do not wish this to happen, you must log out of Google before visiting our website.

The data is processed on the basis of Section 25(1) TDDDG and Art. 6(1)(a) GDPR. This serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it may mean that you will not be able to use our website or will not be able to use it to its full extent.

Google also processes your data in the USA. Google is an active participant in the Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find further information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Deactivation option for Google Maps

If you wish to prevent the transfer of data, you cannot use the functions of Google Maps. Irrespective of this, we recommend that you regularly log out of your user account after using a social network, especially before activating integrated content, as this will prevent you from being assigned to your profile with the respective provider.

Further information on data processing by Google can be found at https://policies.google.com/privacy?hl=de .

3. processing of customer and prospective customer data

3.1  Data categories

As part of the contact and contract initiation process, we collect and process personal data for contacting and communicating with you. This involves the following data:

  • Company details,
  • Address of the company
  • Surname, first name
  • Position
  • Telephone number
  • E-Mail Address

Type and purposes of data processing

This data is stored and processed as contact data for contact and contract initiation.

Legal basis for the processing of customer and prospective customer data

The legal basis for contact and contract initiation is Art. 6 para. 1 lit. b) GDPR for contract initiation and lit. f) the legitimate interest in collecting new customer contacts within the framework of the permissible legal requirements.

Storage period

The data will be deleted as soon as it is no longer required to achieve the aforementioned purposes of its collection.

4. Legal bases of the processing

We process personal data if you have given your consent (Art. 6 para. 1 lit. a GDPR), for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 para. 1 lit. b GDPR), for compliance with a legal obligation to which Stakeholder Reporting GmbH & Co. KG is subject to (Art. 6 para. 1 lit. c GDPR) or for the protection of overriding legitimate interests of the controller or a third party (Art. 6 para. 1 lit. f GDPR). The legitimate interests may be either the preservation of evidence for criminal prosecution and cases of damage, the presentation of the company and public relations work or the guarantee of technical security.

Storage period of processed personal data

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data.

We will inform you about the specific storage periods or criteria for storage in the individual processing operations.

Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and in the event of statutory retention obligations.

5. Data transfers to third countries

In order to ensure an adequate level of data protection at all times, if we transfer your personal data to countries outside the EEA, we will either use the European Commission’s standard contractual clauses with appropriate additional measures to guarantee a comparable level of data protection or take other appropriate safeguards as set out in Art. 46 GDPR.

6. Data transfers to third parties

We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfilment of the purposes and is covered by a permissible legal basis (e.g. consent or protection of legitimate interests) in individual cases. In addition, in individual cases we disclose personal data to third parties if this serves the assertion, exercise or defence of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.

7. Your rights as a data subject

You have the following rights with regard to the processing of your personal data:

Right to information (Art. 15 GDPR in conjunction with Section 34 BDSG)

You have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

Right to rectification (Art. 16 GDPR)

You have the right to demand the immediate rectification of data concerning you that we have stored incorrectly or to demand the completion of incomplete data stored by us.

Right to erasure (Art. 17 GDPR in conjunction with Section 35 BDSG)

You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

Right to restriction of processing (Art. 18 GDPR)

You have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete the data, if we no longer need the data but you need it for the assertion, exercise or defence of legal claims, or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.

Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.

Right to withdraw your consent at any time (Art. 6 para. 1 sentence 1 lit. a) in conjunction with Art. 7 para. 3 GDPR). Art. 7 para. 3 GDPR)

You have the right to withdraw your consent from us at any time. If you give your consent, you can withdraw it at any time with effect for the future; the withdrawal of consent does not affect the lawfulness of data processing before the withdrawal. If you give your consent, we will explain how you can withdraw it just as easily.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Section 19 (2) BDSG)

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

You also have a

Right to object (Art. 21 GDPR)

If we process your personal data on the basis of legitimate interests, you can object to this on grounds relating to your particular situation.

You can also object to data processing if we process your data for direct marketing purposes.

No use of automated decision-making, including profiling

We do not use profiling or other decision-making processes that are based solely on automated data processing and have a legal effect on you or significantly affect you in a similar way.

The best way to exercise your rights is to use the contact details of our data protection officer provided in section 1. However, you can also contact us using any of the other contact details in section 1.