Privacy policy

Privacy policy  for the website

Below you will find all of our privacy policies which apply when you visit our website and for our business relations in accordance with Articles 13 EU-General-Data Protection Regulation (GDPR).

1. Responsibility

Lohnsteuerhilfeverein LH Bavaria e.V.

Garmischer Str. 4 / V

80339 München

Chairperson of the Board: Beate Wunsch

Phone: +49 (0)89 - 550 29 136

Fax: +49 (0)89 - 54 05 23 23


2. Data processing in connection to visits to this website

Whenever a user accesses our website and whenever a file is accessed, data relating to this is temporarily processed in a log file.

More specifically, the following data is stored for every single access/download:

• Date and time (time stamp), IP address of the device or server used

• Details of the request and target address (log version, HTTP method, referrer, user-agent string),

• Name of the file accessed, volume of data transferred (URL including query string, file size in byte) and

• confirmation as to whether the request was successful (HTTP status code).

We will collect the preceding personal data transmitted by your browser to our server to access our website, we will collect the following data that is technically required in order to display our website and ensure stability and security (legal basis is Article 6(1) (f) GDPR.

The data subject’s personal data are deleted or blocked as soon as the purpose of the storage is fulfilled. The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. Consequently, there is no possibility of objection for the user. Further storage may take place in individual cases, if this is legally required.

3. Contact form, e-mail contact, document upload

There is a contact form on our website which can be used to contact us electronically or for document upload. If a user chooses this option, the data entered in the input screen and provided documents are transmitted to us and stored.

Alternatively, you can contact us via the e-mail address(es) provided. In this case, the user's personal data transmitted in the e-mail will be saved.

The legal basis for processing the data which is transmitted by using the contact form and/or when sending an e-mail or providing documents is Article 6(1) (f) GDPR.

If the contact form is used, an e-mail is sent or documents are provided for the purpose of fulfilling a contract whereby the contractual party is the user, or for the purpose of carrying out pre-contractual measures, the legal basis for the processing of data is Article 6(1) (b) GDPR.

We will only process personal data from the input screen and/or in the event that contact is made via e-mail or that is provided in documents in order to establish this contact.

For this purpose, we also have a legitimate interest in processing personal data in accordance with Article 6(1) (f) EU GDPR insofar as the intention is not already to fulfil a contract whereby the contracting party is the user or to carry out pre-contractual measures.

This data will be erased as soon as it is no longer required to achieve the purpose of its collection. For personal data taken from the input screen of the contact form and the data transmitted via e-mail, this is the case if the relevant conversation with the user is terminated. The conversation is terminated if it can be derived from the circumstances that the facts concerned are finally clarified. Where legal retention periods apply to the content of the communication, e.g. derived from specifications relating to legal commercial and/or tax specifications, the corresponding data will be erased at the end of these periods.

Unless other legal retention obligations apply, the user can refuse the storage of its personal data at any time. In such cases, the conversation cannot be continued.

In this case, all personal data which has been saved as part of establishing contact will be erased.

4. No use of cookies

On our website we do not use any own „cookies“ (so-called "first-party-cookies"). We do not use so-called „third-party-cookies“, that means cookies supplied by a third  party, on our website as well.

5. No use of tracking- and analysis- devices or Social Media PlugIns

We do not use any tracking- or analysis- devices on our website. Moreover we waive the use of Social Media PlugIns.

We decided to insert only so-called „Hyperlinks“ to social networks instead. So no personal data will be submitted to a social media service provider by using our website.

6. Processing of personal data as part of social media use

Our association is active on Facebook, Twitter and LinkedIn.

This requires data to be stored temporarily by a service provider. The data is stored on a server located in the European Union and extends to the following: name of profile and account, content of the query, number of followers and profiles following the profile, latest tweets. This data is stored for the duration of six months.

We would like to inform you that data is processed in line with Article 6(1) (f) GDPR. We need to process the personal data for the purposes of our legitimate interests of self-promotion.

We also explicitly draw your attention to the fact that the services used by our association store user data (e.g. personal information, IP address etc.) in line with their own guidelines on data usage and use it for commercial purposes. We have no influence on the collection and use of data by social networks. We are unable to ascertain the extent, the location and the duration of the data capture, the extent to which the networks meet obligations to delete data, what evaluations and links pertaining to the data are made, and to whom data is forwarded.

For information about the type of data processed by Twitter and for what purposes, consult their Privacy Policy (in German),

For information about the type of data processed by Facebook and for what purposes, consult their Privacy Policy (in German),

For information about the type of data processed by Instagram and for what purposes, consult their Privacy Policy (in German),

For information about the type of data processed by YouTube and for what purposes, consult their (Google) Privacy Policy (in German),

For information about the type of data processed by LinkedIn and for what purposes, consult their Privacy Policy (in German),

As some of these companies are based outside the European Union with only one European office in Ireland, their legal interpretation is that they are not bound by European or German data protection rules. This also affects your right of information, the right to have data blocked or deleted, or the possibility to object to your user data being used for advertising purposes.

7. Data-transfer fo a third party

We only share your personal information with third parties if:

• you have given your express consent pursuant to Art. 6 (1) sentence 1 (a) GDPR,

• it is permitted by law and necessary for the fulfilment of a contractual relationship with you pursuant to Art. 6 (1) sentence 1 (b) GDPR,

• there is a legal obligation to pass on the data in accordance with Art. 6 (1) sentence 1 © GDPR,

• the disclosure pursuant to Art. 6 (1) sentence 1 (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

8. Your Rights

You have the following rights with regard to the personal data concerning your person:

• Right of access, Art. 15 GDPR

The right of access confers on the data subject a comprehensive right of access to the data concerning his/her person and to certain important information-related criteria, such as the purposes for which it is processed or the duration for which it will be stored. The exceptions to this right regulated in Section 34 Federal Data Protection Act apply.

• Right to rectification, Art. 16 GDPR

The right of rectification includes the possibility for the data subject to have inaccurate personal data corrected.

• Right to erasure, Art. 17 GDPR

The right to erasure includes the possibility for the data subject to have data deleted by the party responsible. However, this is only possible if the personal data concerning his/her person are no longer needed, are processed unlawfully or if the relevant consent has been revoked. The exceptions to this right regulated in Section 35 Federal Data Protection Act apply.

• Right to restriction of processing, Art. 18 GDPR

The right to restrict the processing includes the possibility for the data subject to prevent further processing of personal data concerning his/her person for the time being. A restriction particularly occurs pending verification of the exercise of other rights of the data subject.

• Right to object to collection, processing and/or use, Art. 21 GDPR

The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data, insofar as this is justified by the exercise of public functions or of public or private interests. The exceptions to this right regulated in Section 36 Federal Data Protection Act apply.

• Right to data portability, Art. 20 GDPR

The right to data portability includes the possibility for the data subject to obtain the personal data concerning his/her person from the person responsible in a standard, machine-readable format, in order to be able to forward them to another person responsible if necessary. According to Art. 20 (3) sentence 2 GDPR, however, this right does not apply if the data processing serves the performance of public tasks.

• Right to revoke consent, Art. 13 and 14 GDPR

If personal data is processed on the basis of consent, the data subject may revoke such consent at any time for the purpose for which it was given. The lawfulness of the processing undertaken on the basis of this consent remains unaffected until receipt of the revocation.

• Pursuant to Art. 77 GDPR, you also have the right to appeal to the data protection supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht, Postfach 606, 91511 Ansbach.

9. Automated individual decision-making, including profiling

We do not use any automated individual decision-making or profiling.

10. Data-Security, Encryption

In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organisational security measures that are regularly reviewed and adapted to technological progress. This includes, the use of so called “SSL-method” (encryption method).

11. Hyperlinks

Our website contains hyperlinks to websites of third party providers. Please note that we cannot affect their use of personal data and their own privacy policies. Therefor we do not accept any responsibility or liability for these third party privacy policies.

(March 2020)