We treat your data responsibly

Privacy policy for internet presence and e-mail communication

Version 6.0 from 02.11.2020

of Tomik + Partner mbB Wirtschaftsprüfungsgesellschaft | Steuerberatungsgesellschaft

1. Preface:

We are pleased that you are visiting our website and thank you for your interest in Tomik + Partner mbB and our Internet presence. The protection of your privacy when using our website is important to us. Therefore, please take note of the following privacy policy.

2. Privacy policy for the internet presence and e-mail communication

The following data protection declaration applies to the use of our Internet presence www.tomik-partner.de (hereinafter referred to as “website”) and all sub-pages as well as the use of e-mail for communication with our law firm.

When visiting our website, various personal data are collected. Personal data is data with which you can be personally identified. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done

This privacy policy is updated or amended from time to time, please note the date and version number. If there is an attorney-client or contractual relationship between you and our firm, different or supplementary regulations may apply.

We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG new).

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

3. Person responsible and data protection officer

Responsible for the collection, processing and use of your personal data in the sense of Art. 4 No. 7 DSGVO are the partners of

Tomik + Partner mbB
Auditing company
Tax consulting company
Kättkenstrasse 8
33790 Halle in Westphalia

Register AG Essen, PR 2386

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or in respect of individual measures, you may address your objection to the data protection officer.

You can reach the data protection officer at:

Tomik + Partner mbB WPG StBG
– Data Protection Officer –
Kättkenstrasse 8
33790 Halle in Westphalia


The use of contact data published within the framework of the data protection declaration by third parties for the purpose of sending advertising and information material is hereby expressly prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam mails.

4. General purposes of processing

As a matter of principle, we do not collect personal data for the purpose of operating this website. Exceptions are listed exhaustively in this statement.

5. How we collect your data

On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically or with your consent when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

6. For this purpose we collect the data

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

7. Storage period

Unless a more specific storage period has been mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

8. Data security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is transmitted encrypted with us. We use the SSL (Secure Socket Layer) coding system for our website, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Within the scope of a mandate or contractual relationship, we offer you the establishment of common procedures for encrypted e-mail communication as well as other solutions for the encrypted transmission of data. Please contact your contact person for this purpose.

To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 DSGVO, which we continually adapt to the state of the art.

We also do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully secured on a regular basis.

9. Passing on data to third parties

In principle, we use your personal data only within our company.

If and to the extent that we involve third parties in the performance of contracts (such as IT service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.

In the event that we outsource certain parts of data processing (“commissioned processing”), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

Data transfer to entities or persons outside the EU does not take place and is not planned.

10. What data may be affected

10.1 Hosting

The hosting services we use serve to make this website available and, if necessary, to maintain it. In this context, our hosting provider processes usage data, meta data and communication data of visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our website pursuant to Art. 6 para. 1 p. 1 f) DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO.

We use the following hoster:

Hetzner Online GmbH
Industrial road 25
91710 Gunzhausen

In order to ensure data protection-compliant processing, we have concluded an order data processing contract with our hoster.

10.2 Cookies

Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used to evaluate user behavior.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a DSGVO); consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

Web analysis

11.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA (“Google”). Google Analytics uses so-called cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

You have given your consent to the use of Google Analytics via our opt-in cookie banner (legal basis is Art. 6 (1) 1 a) EU-DSGVO). The storage of cookies only takes place due to a corresponding setting of your internet access software. You may therefore refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in provided by Google at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Information of the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: https://www.google.de/intl/de/policies/terms/regional.html, Overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: https://www.google.de/intl/de/policies/privacy/.

Plugins and tools

12.1 Google Maps

On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, our location can be displayed to you, for example, and a possible journey can be made easier. Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out of your Google user account.

Google stores your data as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 (1) 1 f) EU-DSGVO on the basis of Google’s legitimate interests in the insertion of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Google LLC, based in the USA, is certified for the US-EU data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used. You can view Google’s terms of use at https://www.google.de/intl/de/policies/terms/regional.html, and the additional terms of use for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html. Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/.

12.2 Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to verify whether data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

For more information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

12.3 Font Awesome (local hosting)

This site uses Font Awesome for the consistent display of fonts. Font Awesome is installed locally. A connection to servers of Fonticons, Inc. does not take place.

For more information about Font Awesome, please see the Font Awesome privacy policy at: https://fontawesome.com/privacy.

13. e-mail contact

If you contact us (e.g. by e-mail), we process your information to process the request and in the event that follow-up questions arise. Your e-mail will be transmitted SSL-encrypted.

We process further personal data if you consent to this (Art. 6 para. 1 p. 1 a) DSGVO) or we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 f) DSGVO). A legitimate interest is, for example, to respond to your email.

13.1 Newsletter dispatch by e-mail

We send e-mails to clients within the scope of the client relationship. Other recipients receive e-mails only after explicit consent.

In order to send our newsletters, we use the online tool of rapidmail GmbH, with whom we have concluded a contract for commissioned data processing. Rapidmail is a German newsletter software provider, which was carefully selected according to the requirements of the DSGVO and the BDSG. Your data (last name, first name, email address) is transmitted to rapidmail GmbH for sending the newsletter. Openings and clicks of our newsletters are collected on a personal basis. In doing so, rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. The rapidmail GmbH is not permitted to pass on or sell your data.

You can revoke your consent to the storage of your data and its use for sending the newsletter at any time by clicking on the unsubscribe link in the newsletter or by sending an email to datenschutz@tomik-partner.de.

Your rights

According to the applicable laws, you have various rights regarding your personal data.

If you would like to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address given in point 1.

Below you will find an overview of your rights.

14.1 Right to confirmation and information

You have the right to receive clear information about the processing of your personal data.

You have the right to receive confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you, together with a copy of this data.

14.2 Right to rectification

You have the right to demand that we correct and, if necessary, complete personal data relating to you.

14.3 Right to deletion

In a number of cases, we are obliged to delete personal data concerning you. Pursuant to Art. 17 (1) DSGVO, you have the right to demand that we delete personal data concerning you without undue delay.

14.4 Right to restriction of processing

In a number of cases, you are entitled to demand that we restrict the processing of your personal data.

14.5 Right to data portability

You have the right to receive personal data relating to you in machine-readable form, to transmit it, or to have it transmitted by us.

When exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from us to another responsible party, insofar as this is technically feasible.

14.6 Right to object

You have the right to object to lawful processing of your personal data by us if this is based on your particular situation and our interests in the processing are not overriding.

14.7 Automated decisions / profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.

Automated decision-making based on the personal data collected on this website does not take place.

14.8 Right to withdraw consent

You have the right to revoke consent to the processing of personal data at any time.

14.9 Right to complain to the supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.

Version 5.0 from 08.09.2020

Privacy Policy_Tomik+Partner_Version 6.0_status 02.11.2020