Privacy Policy

Below, we provide information about the processing of personal data when you use our website and the rights you have as a data subject. We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other relevant laws governing the processing of personal data.

A. General Information

Data Controller

The “data controller” pursuant to Article 4(7) of the GDPR is:

WIRA AG Wirtschaftsprüfungsgesellschaft, Linprunstraße 49, D-80335 Munich, Tel.: (089) 54 70 90-500, Email: muenchen@wira-audit.org.

We are not required to appoint a data protection officer.

Security of Processing, Data Processors

(1) Your personal data is protected at all times against loss and misuse by appropriate technical and organizational measures. It is stored in a secure operating environment that is not accessible to the public. When you transmit personal data to us via the website, it is encrypted during transmission using Transport Layer Security (TLS) technology. This means that communication between your computer and our servers takes place using a recognized, state-of-the-art encryption method.

(2) In some cases, we rely on the support of third parties and/or data processors to provide the website. As part of these support activities, processing may be carried out by the third parties or data processors. If these are service providers, they have been carefully selected and commissioned by us. In particular, data processors are contractually bound by our instructions in accordance with Art. 28 of the GDPR and are regularly monitored. A data processing agreement has been concluded with all of them to ensure the protection of your personal data.

Provision of Personal Data and Profiling

(1) The provision of your personal data on our website is generally not required by law or contract. If personal data is required to conclude a contract, it is marked separately. There are no negative consequences associated with not providing voluntary data. However, if you do not provide your data, you may not be able to use the website at all or only to a limited extent.

(2) The data collected on our website is not used for automated decision-making, including profiling.

Your Rights as a Data Subject

Pursuant to Art. 15(1) of the GDPR, the right to access the personal data stored about you, as well as, pursuant to Art. 16 of the GDPR, the right to have inaccurate data corrected or deleted, provided that one of the grounds specified in Art. 17 of the GDPR applies. You also have the right to restrict processing if one of the conditions specified in Article 18 of the GDPR applies, and, in the cases specified in Article 20 of the GDPR, the right to data portability. Under Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you.

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR. In particular, you may exercise this right to lodge a complaint with a supervisory authority in the Member State where you are located or where the alleged infringement occurred. In Baden-Württemberg, the competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information in Stuttgart.

You may exercise your rights by contacting the data controller using the contact information provided above.

Your Right to Withdraw Consent

You have the right to withdraw consent granted on the basis of Article 6(1)(a) of the GDPR at any time, without this affecting the lawfulness of the processing carried out to date. If consent is withdrawn, we will cease the corresponding data processing and delete your data processed for this purpose.

Your right to object in cases of legitimate interests

Pursuant to Article 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is collected on the basis of Article 6(1)(f) of the GDPR. We will then no longer process the personal data unless there are demonstrable compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.

B. Specific Information – Data Processing by the Data Controller

Informational Use of the Website

Description: When you visit our website, your browser automatically transmits personal data to our server and stores it in log files.

Data Categories: IT log data (access logs: IP address (anonymized, including IPv6), directory protection user, date, time, pages accessed, protocols, status code, data volume, referrer, user agent, hostname accessed, client information (e.g., browser, operating system); Error logs: error message, accessing IP address, and—depending on the error—the website accessed)

Purpose: Ensuring functionality, analyzing malfunctions, detecting unauthorized access and unlawful use, troubleshooting, technical optimization and further development of the website and its functions, and ensuring IT security and IT infrastructure

Legal basis: Art. 6(1), sentence 1, lit. f GDPR, based on the legitimate interest in ensuring the smooth operation of our website.

Third-party recipients: Data is transferred to Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, for the web and server hosting of this website and for technical support in its operation.

Right to object: You have the right to object to the processing by contacting the controller. You can reach the controller using the contact information provided above.

Retention Period: Access logs are deleted after 60 days; error logs after 7 days. Information regarding the directory protection user is anonymized after one day. Storage beyond these periods is possible in the event of security-related incidents. In such cases, the data will be deleted after the respective security-related incident has been fully investigated and resolved.

Cookies and Other Technologies

This website does not use cookies or other technologies.

Contacting Us via Email

Description: You can contact us via email through our website.

Data Categories: Name, email address, personal data that you provide to us in your email

Purpose: To respond to inquiries via the selected communication channel

Legal basis: Art. 6(1)(b) GDPR, if the purpose of contacting us is to conclude a contract; Art. 6(1)(f) GDPR based on our legitimate interest in contacting you

Third-party recipients: Data is transferred to our email server for the exchange of electronic correspondence.

Right to object: In the case of a legitimate interest, you have the right to object to the processing by contacting the controller. You can reach the controller using the contact information provided above.

Retention period: We generally delete personal data once storage is no longer necessary or the purpose for which the data was collected has ceased to exist. In the event of an objection, personal data will be deleted immediately without any obligation to retain it. We delete personal data related to correspondence six years after the end of the year in which the correspondence concluded. Correspondence with you is generally considered concluded when the circumstances of the correspondence indicate that the matter in question has been definitively resolved.

As part of a network

WIRA AG is part of AGN International, a network of independent consultants from more than 90 countries.