1. Controller
2. Data Protection Officer
3. Collecting and Processing of Personal Data When the DATEV Websites Are Visited
4. Necessary Cookies and Comparable Technologies
5. Collection and Processing of the Personal Data of Interested Parties
6. Collection and Processing of the Personal Data of Customers
7. Collection and Processing of the Personal Data of Suppliers
8. Collection and Processing of the Personal Data of Applicants
9. Additional Processing Purposes
10. Duration of Data Storage
11. Recipients of personal data
12. Third Countries
13. Automated Decision Making
14. Subjects’ Rights
15. Obligation to provide data
16. Security
17. Social Media
18. Friendly Captcha
19. Video Integration via YouTube
20. Links to Other Websites
DATEV eG, Nuremberg
Represented by Prof. Dr. Robert Mayr (chairman)
Julia Bangerth (deputy chairwoman)
Prof. Dr. Peter Krug (deputy chairman)
Prof. Dr. Christian Bär
Diana Windmeißer
Chairman of the Supervisory Board: Nicolas Hofmann
Contact
Paumgartnerstrasse 6-14
90429 Nuremberg
Phone: +49 (0)911 3190
Email: info@datev.de
DATEVeG
Data Protection Officer
Walter Deinzer
Paumgartnerstrasse 6–14
90429 Nuremberg
Phone +49-911-3190
Email: datenschutz@datev.de
Responsible data protection supervisory authority: Bavarian State Office of Data Protection Supervision
DATEV logs personal usage data for up to two months to protect website functionality, to optimise the website and to guarantee website security. The legal basis for this processing is DATEV’s legitimate interest (Article 6 (1) (f) GDPR). When you visit our website, anonymised web server logbooks are generated which DATEV stores for statistical purposes (for example the number of page views) and for error tracking. Your usage data is not evaluated in any other way without your consent.
The following user information can be collected when the closed section of our websites and online applications is used (business processes between DATEV and its customers):
The user-specific details are stored for a maximum of two months. This data is evaluated solely for the purposes of error and performance analysis, for customer service and to understand effected transactions. The legal basis for this processing is DATEV’s legitimate interest (Article 6, paragraph 1, letter (f) GDPR). The information aggregated under a consultant number, e.g. which consultant number retrieved which transaction on which day, is retained in accordance with the statutory provisions, e.g. the data retention periods pursuant to the German Commercial Code (HGB) and Germany’s Fiscal Code (AO). The same applies to application-specific information collected for billing purposes.
The legal basis for this processing is DATEV’s legitimate interest (Article 6 (1) (f) GDPR). The information aggregated under a consultant number, e.g. which consultant number retrieved which transaction on which day, is retained in accordance with the statutory provisions, e.g. the data retention periods pursuant to the German Commercial Code (HGB) and Germany’s Fiscal Code (AO). The same applies to application-specific information collected for billing purposes.
Legal basis: This processing is required for the purposes of contractual performance (Article 6 (1) (b) GDPR) and due to legal obligations (Article 6 (1) (c) GDPR).
Your personal data including your email address will additionally only be stored if you yourself provide us with these details, e.g. in a survey or when placing an order. Your data shall also only be used for the purpose stipulated on the page in question, e.g. to process your order.
Legal basis: Depending on the purpose stipulated on the page in question, this processing occurs
DATEV uses temporary and permanent cookies on its own websites. Temporary cookies are time-limited and contain data such as an identification number (known as a session ID). They allow the server to associate consecutive browser enquiries with the same user. They are deleted automatically as soon as the user closes the browser. In contrast, permanent cookies remain in place even after the user has closed the browser. At DATEV, permanent cookies used for preferences and settings serve to make working with the SmartCard easier for you. DATEV additionally uses permanent cookies for non-personalised statistics in order to further develop and improve the services we provide. No personal data is evaluated in the process. Cookies from first-party providers are cookies that belong to the host domain datev.de, while cookies from third-party providers are assigned to another domain. We use cookies that are absolutely necessary on the legal grounds of our legitimate interest, Article 6 (1) (f) GDPR, namely, to provide a functional and usable website. Access to and storage of information on a user’s device is carried out in accordance with section 25 (2) of the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, TDDDG).
Furthermore, we use optional cookies for the purposes of analytical evaluations and marketing activities, for which we also use external service providers. This only takes place if you have consented to this (Article 6 (1) (a) GDPR, TDDDG section 25 (1) (1). You can revoke your consent or adjust your preferences at any time in the cookie settings in the footer. You can find an overview of the individual cookies that process personal data via the “Cookie Settings” in the footer of the website.
Furthermore, you can deactivate the storage of optional cookies through your browser settings and delete cookies that have already been stored in your browser at any time. Please note, however, that rejecting optional cookies means that the convenience functions of our website will be lost. If you delete your cookies, we will ask you for your consent again when you visit the page at a later date.
We use Adobe Launch Manager, a service provided by Adobe Systems Software Ireland Ltd., 4–6 Riverwalk, Citywest Business Campus, Saggart Dublin 24, Republic of Ireland.
Adobe Launch is a tag manager that serves as a sort of container for managing tracking tools and services from external providers such as OneTrust on the website and allows the use of tags. This makes it possible to control which elements of the page or service and tracking methods are activated and loaded on the website. Adobe Launch itself does not set any cookies and does not have access to the data collected by the tags. For more information, see Adobe’s Privacy Policy.
Necessary cookies help make a website usable by enabling basic functions such as page navigation, access to secure areas of the website, user input and serve the security of the application. The website cannot function properly without these cookies.
The legal grounds for accessing and storing information on a user’s device are provided in TDDDG section 25 (2) (2). The legal grounds for downstream data processing are DATEV’s legitimate interest (Article 6 (1) (f) GDPR).
These cookies are also used to store your preferences and settings, making it easier for you to use the website. In addition, we use cookies for statistical Web analysis and reach measurements, further development and improvement of our products, error analysis, crawling analysis, and user recognition.
The legal grounds for accessing and storing information on a user’s device are based on your consent pursuant to TDDDG section 25 (1). The legal grounds for downstream data processing are your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent or adjust your preferences at any time via the cookie settings in the footer.
These cookies and similar technologies are used in order to display personalized and thus relevant advertisement content to you. These cookies also enable us to monitor the success of marketing campaigns. The tracking methods are applied not only on DATEV websites, but also on the websites of advertising partners, i.e., third-party providers. Data may be transferred to a third country during this process. For example, pseudonymous profiles of your interests may be created and relevant advertisement content made available to you, including on third-party websites.
The legal grounds for accessing and storing information on a user’s device are based on your consent pursuant to TDDDG section 25 (1). The legal grounds for downstream data processing are your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent or adjust your preferences at any time via the cookie settings in the footer.
DATEV uses the Adobe Analytics service of the service provider Adobe Systems Software Ireland Ltd., 4–6 Riverwalk, Citywest Business Campus, Saggart Dublin 24, Republic of Ireland. The information collected by cookies on your device is processed by Adobe Analytics, in particular for audience measurement, statistical Web analysis, visitor recognition, and the creation of pseudonymous profiles. For more information on the storage duration, description, and purpose of the individual Adobe Analytics cookies, please refer to the cookie settings in the footer.
The legal grounds for accessing and storing information on a user’s device are based on your consent pursuant to TDDDG section 25 (1). The legal grounds for downstream data processing are your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent or adjust your preferences at any time via the “Cookie Settings” in the footer.
DATEV collects your personal data when you contact us, in particular if you are interested in our products, wish to position your products with DATEV, register for our online services or contact us my email or phone.
DATEV can process the following data relating to you: contact details, customer group/interest, offer data, quotations, credit rating data, log data, company data.
Legal bases and purposes of processing
Insofar as you have given your consent to the processing of personal data for specific purposes (e.g. the evaluation of data for marketing purposes), such processing is lawful on the basis of the consent granted by you. You may revoke the consent you have granted at any time. Please note that a revocation is effective for the future only. Data processing performed prior to a revocation is not affected.
Personal data is processed for us to provide our services, in particular for us to implement pre-contractual measures.
DATEV may process your personal data on the basis of other legal obligations, such as court orders.
Where required, DATEV processes your data beyond the actual performance of the contract for the purposes of safeguarding our legitimate interests or those of third parties. For instance, for:
DATEV collects your personal data when you contact us, i.e. in particular when you register for our online services or contact us by email or phone or when you use our products and services on the basis of existing business relations. We additionally process personal data from publicly accessible sources if said data is necessary for our service. We acquire this data in a permissible manner, e.g. from debtors’ lists or commercial registers and registers of associations. We are additionally provided with personal data by other third parties (e.g. credit reference agencies).
DATEV can process the following data relating to you: contact details, customer group/interest, sales data, offer data, quotations, credit rating data, payment data, log data, audit data, billing data, protocols and company data.
If you are the employee of a client, DATEV may have saved your contact details, in particular in your capacity as the contact for a certain process. If you work with DATEV applications/programs, log data from these applications and technical data from the systems with which you work may additionally be saved.
Legal bases and purposes of processing
Insofar as you have given your consent to the processing of personal data for specific purposes, e.g. the evaluation of data for marketing purposes, such processing is lawful on the basis of the consent granted by you. You may revoke the consent you have granted at any time. Please note that a revocation is effective for the future only. Data processing performed prior to a revocation is not affected.
Personal data is processed for us to provide our services, in particular to execute our contracts or pre-contractual measures agreed with you and to perform your orders as well as in the course of customer management and care.
DATEV may process your personal data on the basis of other legal obligations, such as court orders.
Where required, DATEV processes your data beyond the actual performance of the contract for the purposes of safeguarding our legitimate interests or those of third parties. For instance, for:
DATEV collects your personal data when you contact us. We additionally process personal data from publicly accessible sources. We acquire this data in a permissible manner, e.g. from debtors’ lists or commercial registers and registers of associations.We are additionally provided with personal data by other third parties (e.g. credit reference agencies).
DATEV can process the following data relating to you: contact details, sales data, offer data, quotations, credit rating data, log data, audit data, service provision data, billing data, protocols, company data.
If you are the employee of a supplier, DATEV may have saved your contact details,in particular in your capacity as the contact for a certain process. If you work with DATEV applications/programs, log data from these applications and technical data from the systems with which you work may additionally be saved.
Legal bases and purposes of processing
Insofar as you have given your consent to the processing of personal data for specific purposes (e.g. the evaluation of data for marketing purposes), such processing is lawful on the basis of the consent granted by you. You may revoke the consent you have granted at any time. Please note that a revocation is effective for the future only. Data processing performed prior to a revocation is not affected.
Personal data is processed for the execution of and payment for your services and in the course of supplier management. Additionally, for cooperation partners, it is processed for collaboration with DATEV.
DATEV may process your personal data on the basis of other legal obligations, such as court orders.
Where required, DATEV processes your data beyond the actual performance of the contract for the purposes of safeguarding our legitimate interests or those of third parties. For instance, for:
We process personal data which relates to your application. This may be general information about you (such as name, address and contact details), details of your professional qualifications and school education or professional development, or other information with which you provide us in connection with your application. Insofar as we do not collect data directly from you and you have an active profile on XING and LinkedIn or disclose an inactive or only partially active profile to us in the course of the application process, we may also collect personal data from here.
We process your personal data for the purpose of processing your application for an employment relationship insofar as this is necessary in order to reach a decision regarding the establishment of an employment relationship with us. The legal basis for this is Section 26 (1) in conjunction with Section 8 sentence 2 of the Federal Data Protection Act (BDSG).
Further, we can process your personal data insofar as this is necessary for the defence of legal claims asserted against us on the basis of the application process. The legal basis for this is Article 6 (1) (f) GDPR (safeguarding the legitimate interests of the controller). DATEV’s legitimate interest is, for example, the burden of proof in legal proceedings pursuant to Germany’s General Act on Equal Treatment (AGG).
Insofar as an employment relationship is established between you and us, pursuant to Section 26 (1) BDSG we may continue to process the personal data provided by you for the purposes of the employment relationship if this is necessary for the execution or termination of the employment relationship or to exercise or perform the rights and obligations regarding employee advocacy pursuant to a law or company agreement.
Within DATEV, the internal entities or organizational units receiving your data are the ones that require your data in order to fulfill our contractual and statutory obligations, such as recruitment managers and specialists who are looking for a new employee or who are involved in the decision regarding the appointment of a new employee; accounting departments, the company doctor, if applicable; occupational safety, employee representation, or in the context of processing and realizing our legitimate interests.
Access to your data is afforded to those within DATEV who need it for the purposes stipulated above. Processors contracted by DATEV (Article 28 GDPR) and other service providers may likewise receive data for the purposes stipulated. Here you will find an overview of all processors employed by DATEV in various matters. These are companies in the areas of IT services, logistics, telecommunications and marketing. DATEV additionally cooperates with universities to develop and improve its services. Data shall only be shared with recipients outside of DATEV if provisions allow for this or mandate this, you have given your consent or we are otherwise authorised to share data. Under these circumstances, the recipients of personal data may be, for example:
We store your personal data for as long as it is necessary to decide on your application. If an employment relationship is not established between you and us, we may also continue to store data insofar as this is necessary for defense against possible legal claims. The application documents are deleted six months after notification of the rejection decision, unless it is necessary to store them for a longer period due to legal disputes.
Upon successful recruitment, the application documents will be kept for 12 months from the date of acceptance in order to be able to review your classification after successfully completing the probation period. The data relevant to the employment relationship is also transferred to the employee file and is subject to the deletion dates applicable to that.
The provision of personal data is not required by law or contract and you are not obliged to do so. However, the provision of personal data is necessary for the conclusion of an employment contract with us. This means that we cannot enter into an employment relationship with you unless you provide us with personal data in an application.
DATEV may process your personal data on the basis of other legal obligations, such as court orders. The legal basis is legal provisions (Article 6 (1) (c) GDPR) or public interest (Article 6 (1) (e) GDPR). Where required, DATEV processes your data beyond the actual performance of the contract for the purposes of safeguarding our legitimate interests or those of third parties. For instance, for:
The legal basis for this processing is DATEV’s legitimate interest (Article 6 (1) (f) GDPR).
If your personal data is no longer required for the above purposes, it is deleted on a regular basis, unless its – temporary – retention is still necessary for the purposes of fulfilling contractual or legal obligations. Grounds for this may include:
Once these periods have passed, the data is deleted following a subsequent period of review. For data with a statutory retention period of ten years, this may last up to four years.
Within DATEV, the internal entities or organizational units receiving your data are the ones that require your data in order to fulfill our contractual and statutory obligations, such as recruitment managers and specialists who are looking for a new employee or who are involved in the decision regarding the appointment of a new employee; accounting departments, the company doctor, if applicable; occupational safety, employee representation, or in the context of processing and realizing our legitimate interests.
Access to your data is afforded to those within DATEV who need it for the purposes stipulated above. Processors contracted by DATEV (Article 28 GDPR) and other service providers may likewise receive data for the purposes stipulated. Here you will find an overview of all processors employed by DATEV in various matters. These are companies in the areas of IT services, logistics, telecommunications and marketing. DATEV additionally cooperates with universities to develop and improve its services. Data shall only be shared with recipients outside of DATEV if provisions allow for this or mandate this, you have given your consent or we are otherwise authorised to share data. Under these circumstances, the recipients of personal data may be, for example:
In the course of remote maintenance of standard IT components, it cannot be ruled out that an IT service provider from a third country (e.g. USA) may in rare cases have controlled and limited insights into personal data for troubleshooting purposes. A transfer of personal data e.g. to Microsoft as well as other service providers outside of the European Economic Area (EEA) will only take place if the third country has been confirmed by the European Commission to have an adequate level of data protection or other appropriate data protection guarantees are in place, e.g.:
A transfer to a third country may also take place if you have consented to it or if it is necessary in the context of a contract performance, Article 6 (1), Article 49 (1) GDPR.
To a degree, your data is processed by us automatically with the aim of evaluating certain aspects of relevance to customer relations (profiling for, for example, ABC analysis). However, we do not make any automated decisions on this basis which would have a legal impact on you or would otherwise considerably harm you without the involvement of a person. Should we solely make use of automated decisions in individual cases in the future, we shall notify you of this separately insofar as this is stipulated by law.
To exercise a right as a data subject, please contact info@datev.de, stating your contact details and the data subject’s rights that you wish to exercise.
Right to access: You have the right to information about the stored data concerning you and about how we collect, process, and store this data in accordance with Article 15 (1) GDPR. Information is available on request within the scope provided by statutory provisions.
Right to rectification: You may request that incorrect or incomplete data concerning you be corrected or supplemented in accordance with Article 16 of the GDPR.
Right to erasure: In certain situations, you have the right to request the erasure of data concerning you in accordance with Article 17 (1) GDPR. For example, you may request erasure if the data is no longer required for the intended purpose or is processed unlawfully, or if you have withdrawn your previously granted consent or have raised a legitimate objection to the processing. However, we may only delete your personal data if there are no statutory or other retention obligations.
Right to restriction of processing: You may also request the restriction of data processing based on the conditions of Article 18 GDPR.
Right to data portability: Pursuant to Article 20 GDPR, you have the right to have data that we process automatically on the basis of your consent or for the performance of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transmission of the data to another controller, this will only be done to the extent that is technically feasible.
Right to object: Pursuant to Article 21 (1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you, insofar as the processing is carried out after balancing interests (Article 6 (1) (f) GDPR) or in the public interest (Article 6 (1) (e) GDPR). You can object to the use of your personal data for direct marketing at any time without stating a reason by contacting widerspruch@datev.de.
Right to lodge a complaint with a supervisory authority: In the event of a complaint, you can contact a data protection supervisory authority. The Bavarian Data Protection Authority (BayLDA) is the responsible supervisory authority for DATEV.
We require the following personal data from you in the course of the business relationship:
Without this personal data, we are unable to enter into or execute a contract with you.
DATEV takes suitable technical and organisational measures to ensure a level of protection appropriate to the risk involved and to protect personal data from destruction, loss, alteration or unauthorised disclosure and access. The effectiveness of these measures is reviewed, assessed and evaluated on a regular basis.
We operate accounts on various social media platforms in order to better communicate with our existing and prospective customers, and also to better present DATEV as a company as well as our products and services. Furthermore, we also use our social media accounts for advertising purposes, with target audiences being defined in order to be able to address them in a targeted manner. In this context, we also use services from external service providers that may be located in a third country outside the EU. We process personal data as part of our social media activities on the legal grounds of our legitimate interest pursuant to Art. 6 (1) (f) GDPR, insofar as the processes do not require consent.
We operate several Facebook fan pages in joint responsibility with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as “Facebook”) in order to present our products and services via this platform, offer interested parties a communication channel, and market DATEV as a company.
In this context, we may receive information from Facebook, such as a statistical evaluation of the use of the fan page by means of interactions, likes, or comments, and device information such as the IP address, operating system, or browser type may also be included. More information on these statistical analyses can be found here or in the Data Policy. You can manage your personal settings for ads here. We use the information we receive, for example, to make our Facebook presence and our services even more attractive to our customers and relevant to their interests. This data is processed on the legal grounds of a legitimate interest pursuant to Article 6 (1) (f) GDPR.
Further information on the controllers can be found in the Facebook Page Insights addendum. Please note that we have no control over the extent to which Facebook collects and processes data on its own responsibility. However, you can assume that Facebook will use the aforementioned information for detailed statistics and its own market research and marketing purposes. You can find out how Facebook processes data here in Facebook’s Privacy Policy. If you wish to exercise your rights as a data subject, it is easiest to contact Facebook directly as they have access to the platform and thus all user data as well as the specific purposes for which it is processed. We are of course happy to assist you in asserting your rights.
Furthermore, we use the Instagram service in joint responsibility with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter “Instagram”). As Facebook and Instagram are operated by the same service provider, the above information on Facebook essentially also applies to Instagram. To this end, we operate Instagram accounts in order to present ourselves as a company and as an employer, market our products and services, and offer our prospective customers a simple and fast channel for communication and interaction. If you contact us via our account, for example by commenting on posts or writing private messages, Instagram processes and stores your personal data.
We have no control over the extent to which Instagram collects and processes personal data for its own purposes, such as the IP address of your device or other information about log-ons. However, it cannot be ruled out that Instagram may use this collected data for advertising purposes and transfer personal data to a third country, in particular the US, on its own responsibility. For more information on data processing, please refer to the Instagram Privacy Policy of Meta Platforms Ireland Limited. You can manage your individual privacy and security settings on Instagram here.
DATEV also uses the X short message service provided by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereinafter referred to as “XX”). For this purpose, we operate XX profiles in order to present our products and services, offer prospective customers a communication channel, and market DATEV as a company.
If you are on X, which includes when you visit our X profile, X processes personal data as a data protection controller independently of us and may transfer this data to countries outside the EU/EEA. In addition to the data you voluntarily provide, such as your name, username, and e-mail address, X processes the following additional data: IP address, information about visited websites, location data, data about the cellular service provider, and information about the device used (device ID and application ID). X also processes the personal data of unregistered visitors. We have no influence on the nature or scope, or on the type of processing or use, or on the disclosure of this data by X to third parties. You can find more information about which data is processed by X and for what purposes it is used here.
Please note that you use the various functions of X, e.g., sharing, liking, commenting, etc., on your own responsibility and that we have no influence on the extent to which X collects and processes data as a data controller independent of us. In particular, we are not aware of how X uses the data from your visit to X for its own purposes, how long X stores this data, and whether this data is passed on to third parties.
This data is processed by X in the US, although X undertakes to comply with European data protection law. Through using X, data may reach third parties, in particular the operators of these systems. Their processing can be found in their privacy policy. We expressly point out that in instances like these where data is transferred to third countries, the level of data protection in the third country may not have been determined by the EU Commission in accordance with Article 45 GDPR and that there are no suitable guarantees within the meaning of Article 46 GDPR. It is therefore possible that the level of data protection in the third country is not equivalent to that of the GDPR. Possible risks of transfer to these countries include access by third parties, in particular by state security authorities, and processing for commercial purposes in order to display specific advertising to users.
We ourselves do not collect, process, or receive any personal data from X arising from your use, only aggregated analyses of your use. However, if we retweet or respond to your tweets or even compose tweets that link to your profile, we will also process the data you enter into the service, in particular your (user) name and the content published on your account, insofar as it is incorporated into our offer and made available to our followers.
If you are logged into X as a user, X may be able to associate this information with your user account. If you want to avoid this, you should log out of X, delete the cookies on your device, and close and restart your browser. You can also restrict the processing of your data by applying further restrictions in the general settings of your X account and under “Privacy and Security.” Depending on the operating system, mobile devices (smartphones, tablets, etc.) let you restrict X’s access to contacts, calendar data, photos, location data, etc. in the settings options. You can also customize your settings for personalized ads here.
Further information on X’s privacy and data protection can be found here:
We are also present on the LinkedIn platform of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”). On this platform, we operate our LinkedIn company page in joint responsibility with LinkedIn within the meaning of Article 26 of the GDPR.
If you are on LinkedIn, but not on our LinkedIn company page, LinkedIn processes personal data as a data controller independent of us. Please note that you use the various functions of LinkedIn, e.g. sharing, liking, and commenting, on your own responsibility and that we have no influence on the extent to which LinkedIn collects and processes data as a data controller independent of us. In particular, we are not aware of how LinkedIn uses the data from your visit to the LinkedIn website for its own purposes, how long LinkedIn stores this data, and whether this data is passed on to third parties. However, you can assume that LinkedIn uses your IP address, information about your device, and other personal data for detailed statistics and its own market research and marketing purposes. If you are logged into LinkedIn as a user, LinkedIn may be able to associate this information with your user account. If you want to avoid this, you should log out of LinkedIn, delete the cookies on your device, and close and restart your browser. You can find further information here on data processing by LinkedIn as a data controller independent of us.
When you visit our LinkedIn company page, LinkedIn also processes the personal data of users of our LinkedIn company page and provides us with statistical analyses of the use of our LinkedIn company page by means of interactions, likes, or comments (“page insights”). In order to compile the statistical analysis, LinkedIn also processes data that you have already provided to LinkedIn using the information in your profile, e.g., age, country of origin, sector, employer, and employment status. When we do this, we do not receive any personal data from you and cannot make any inferences about a specific person. Beyond this, we do not collect any data from your use of our LinkedIn company page.
The processing of personal data in the context of page insights is carried out by LinkedIn and us as joint controllers. We use the information we receive, for example, to make our LinkedIn company page and our services even more attractive for our customers and relevant to their interests. The legal grounds for this processing is your consent pursuant to GDPR Art. 6(1)(a). For more information on these statistical analyses, please refer to the LinkedIn Privacy Policy.
In order to fulfill data protection obligations, we have entered into an agreement with LinkedIn on processing as joint controllers. You can find the agreement here.
Essentially, it provides the following:
LinkedIn assumes the obligations to inform you about the joint processing of data by LinkedIn and us on our LinkedIn company page. Please regularly read LinkedIn’s Privacy Policy, which you can find here.
If you wish to exercise your rights as a data subject under data protection law, it is easiest to contact LinkedIn or its data protection officer directly, as they have access to the platform and thus all user data as well as the specific processing purposes associated with it. We are happy to assist you in asserting your rights as a data subject under data protection law. You can also contact us directly at widerspruch@datev.de. In this case, we will forward your inquiry to LinkedIn.
In accordance with the LinkedIn Privacy Policy, LinkedIn also processes personal data in the United States or other third countries. According to LinkedIn, personal data is transferred only to countries for which an adequacy decision of the European Commission pursuant to Article 45 of the GDPR or suitable safeguards pursuant to Article 46 of the GDPR exist. You can find more information on this here.
In addition, we have agreed that the Irish Data Protection Commission has priority for monitoring the processing for page insights. You have the right to lodge a complaint with the Irish Data Protection Commission or any other supervisory authority.
Furthermore, we use the social network XING, owned by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (hereinafter referred to as “XING”), to present ourselves as an employer by means of an employer branding profile, to advertise vacancies in our company, to contact you, and to add you to our network. For more information on the application process at DATEV when using a XING profile, please refer to section 8 of our privacy policy.
In addition, we display our own ads and posts on XING. In this process, XING collects data about your interaction with the ad. This includes data such as reach, clicks, and frequency. In doing so, XING gives us access to statistical analyses of our advertisements as well as activities on our profile, but we do not receive any information from XING about your personal interaction with the advertisement or personal evaluations or analyses. It is not possible for us to make inferences about individual user profiles.
When you visit us on our company profile, XING processes personal data on its own responsibility, e.g., to create detailed evaluations and statistics. We have no influence on this data processing nor do we receive personal evaluations from XING. Here you can view the Privacy Policy and you can assert your rights as a data subject against XING here.
With our YouTube channels (“DATEV” and “DATEV Help Videos”), we want to use videos to present our products and services, report on the latest news at DATEV, and present DATEV as an employer.
If you visit the video platform YouTube from the European Economic Area or Switzerland, your personal data will be processed by the platform’s service provider, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
When you visit YouTube, Google collects and processes personal data for its own purposes, such as providing, maintaining, or improving the desired Google service. The data that Google collects and how it is used depends on how you use these services and how you manage your privacy settings. DATEV has no influence over this processing.
Google provides us with a statistical and anonymized analysis of user behavior with regard to the videos we post on the YouTube platform. No further processing of (personal) data takes place.
Google’s Privacy Policy can be found here. You can make changes to your Google account here. You can make changes to personalized advertising for Google services here.
We use Friendly Captcha, a service provided by Friendly Captcha GmbH, located at Am Anger 3-5, 82237 Wörthsee, Germany (referred to as "Friendly Captcha").
Friendly Captcha is used to protect our websites and/or online-forms from attacks by automated programs/scripts (so-called "bots"). For this purpose, a JavaScript element is integrated into the source code. As part of this process, your IP address is captured by Friendly Captcha in order to send a cryptographic task to your device. This task is solved in the background by your device. The purpose of this is to be able to determine whether the visitor is a human being or whether the use is abusive through automated, machine processing (e.g. bots).
Friendly Captcha does not set or read any cookies on the visitor's device. The IP addresses are only stored in hashed form (one-way encryption) and are not used to personally identify the visitor of the website. No data is transferred to a third country.
Friendly Captcha processes and stores the following data as described above:
The legal basis for this processing is the legitimate interest of DATEV eG (Article 6 (1) (f) GDPR), namely to protect our website from abusive access by bots.
Further information on data processing can be found in the privacy policy for end users of Friendly Captcha.
YouTube videos are incorporated into a number of our websites. These are incorporated using what is known as a two-click solution – only when you click on the video will the standard data be transmitted to Google. In individual cases, the data transmitted may be the IP address, the specific address of the page viewed on our website, if applicable the page from which you were redirected to us (link source), the browser’s transmitted identifier, and the system date and time of the page view. Google may receive additional data regarding cookies already stored. Google is responsible for this data. No data is transmitted to You Tube/Google if no pages with integrated videos are viewed.
If you access an external website from our site (external link), the external provider may obtain information from your browser regarding which site you accessed theirs from. The external provider is responsible for this data. Like any other provider, we are unable to influence this process.
Version dated: May 2024