We, Scheja & Partners GmbH & Co. KG, appreciate your interest in our consulting services. Your privacy is our top priority. We take the protection of your personal data and its confidential treatment very seriously. Below, we inform you about the processing of your personal data in the context of our consulting activities and about your data protection rights. 

The controller responsible for data processing is: 

Scheja & Partners GmbH & Co. KG (hereinafter referred to as “we”)
Adenauerallee 136
D-53113 Bonn
T.: +49 228-227 226-0
Email: Encrypted contact form

You can contact our Data Protection Officer as follows: 

Scheja & Partners GmbH & Co. KG
Datenschutzbeauftragter
Adenauerallee 136
D-53113 Bonn
Email: Encrypted contact form

In the course of our consulting activities, we process the following personal data: 

• Contact details: first name and last name, email address, postal address (if applicable), telephone numbers, position, client or associated company/department;
• Consulting data: Content of inquiries, consulting communication, documents, file notes;
• Activity data: consulting documentation, service records, invoices.
• Web meeting data: Data related to web meetings, such as user data, audio and video data, contributions, and content shared by you during the web meeting. 

a. Preparation and performance of our consulting activities 

We process personal data if this is necessary for the preparation and performance of our consulting activities. Processing is carried out in particular to respond to and invoice any inquiries. 

Data processing is carried out on the basis of Article 6 para. 1 b) or f) of the GDPR. In doing so, we pursue the interest of fulfilling our contractual and legal obligations towards clients and data subjects. 

b. Compliance with legal obligations

We also process personal data in order to comply with legal obligations to which we are subject. Insofar as we perform our activities as Data Protection Officers, data processing is carried out on the basis of our legal obligations under Article 38 para. 4 and Article 39 GDPR. Further obligations may arise, for example, from commercial, tax, money laundering, financial, or criminal law. The purposes of the processing arise from the respective legal obligation; in these cases, the processing generally serves the purpose of complying with state control and information obligations.  

Data processing is carried out on the basis of Article 6 para. 1 c) GDPR. 

c. Conducting web meetings

We process personal data in connection with web meetings to enable the smooth running of the web meeting. We conduct web meetings within the framework of a business relationship with the company for which you work (Article 6 para. 1 f) GDPR – in the interests of carrying out joint projects and other business relationships) or if you have given us your informed consent in individual cases (Article 6 para. 1 a) GDPR). 

If we use Microsoft services to participate in web meetings, Microsoft is responsible for data processing. With regard to the processing of personal data by Microsoft, we refer to their privacy policy: https://privacy.microsoft.com/de-de/privacystatement. 

You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for a consultation. If you do not provide us with this personal data, we may not be able to provide you with a consultation. 

In addition to direct collection, we may also collect personal data from clients, other companies/agencies, affected persons, and supervisory authorities in the course of preparing and carrying out our consulting activities. 

Only those persons who need your personal data for the purposes specified in section 4 have access to it. We only pass on your personal data to external recipients if this is necessary for the performance of our consulting activities or if there is another legal permission to do so. 

External recipients may include: 

Processors:  
Service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance of our IT systems. 

Public authorities:  
Authorities and government institutions to which we are required by law to transfer personal data. 

Private entities:  
Contact persons of our clients, other companies or bodies that are contacted for the purpose of processing client mandates, as well as auxiliary persons to whom data is transferred on a legal basis. In the case of web meetings, the providers of such services and participants in the meetings may also be recipients. 

We use service providers whose headquarters are not located in the European Union or the European Economic Area for IT services and IT infrastructure. In cases other than those permitted by law, we ensure prior to the transfer that the recipient either has an adequate level of data protection or that suitable safeguards are in place. You can request an overview of the recipients in third countries and a copy of the appropriate or adequate safeguards. Please use the information provided in section 1 for this purpose. 

The personal data collected by us for the purpose of providing advice will be deleted after expiry of the statutory retention period for lawyers (6 years after the end of the calendar year in which the mandate was terminated), unless we are obliged to store it for longer due to statutory retention and documentation obligations. In this case, we will delete your personal data once the legal obligation has expired. 

As a data subject, you have the following rights under the GDPR, provided that the respective legal requirements are met: 

Right of access: You have the right to obtain information about the data we process about you.

Right to rectification: You can request the rectification of inaccurate data concerning you. In addition, you can request the completion of incomplete data. 

Right to erasure: In certain cases, you can request the deletion of your personal data. 

Right to restriction of processing: In certain cases, you may request that we restrict the processing of your data. 

Right to data portability: If you have provided us with data on the basis of a contract or consent, you can request that you receive the data you have provided in a structured, commonly used and machine-readable format or that we transfer it to another controller

Right to object 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6 para. 1 f) GDPR. We will then no longer process this personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 

Exercising your rights: To exercise any of the above rights, please contact us using the contact details provided in section 1. Please ensure that we are able to clearly identify you. 

Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you is unlawful. 

Automated decisions in individual cases, including profiling within the meaning of Article 22 GDPR, do not take place in connection with our consulting activities.