Privacy Policy

We welcome you to the FIDES website and appreciate your interest in our company. To give you confidence regarding the handling of your personal data, we provide transparency about what happens to the data collected and which security measures we take. Personal data includes all information relating to you individually, such as your name, email address, or user behaviour.

Furthermore, this Privacy Policy informs you about your statutory rights in connection with the processing of your data.

1. Controller and Data Protection Officer

The 'controller' responsible for data processing within the meaning of Article 13 of the GDPR is:

FIDES Treuhand GmbH & Co. KG
(represented by FIDES Verwaltungs-GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft)
Birkenstraße 37
28195 Bremen
Phone: +49 (421) 3013-0
E-Mail: info@fides-online.de

You can contact our data protection officer, FIDES IT Consultants GmbH, at the email adress datenschutz@fides-online.de

2. Information about the collection of personal data  

Visiting the website

When using the website for purely informational purposes, i.e. if you only visit our website and do not provide us with any information, we only collect the data that your browser transmits to the web server (e.g. IP address, date and time of the request, and language and version of your browser).

The legal basis for processing the data is Art. 6(1) (f) GDPR (legitimate interest). We have a legitimate interest in ensuring the sustainable operation of the website. Without processing this data, it is not possible to use the website.

The technical use of the data on the web server is limited to the duration of use of the website.

Contact Form / Contact via Email, Telephone or Fax

When you contact us via the contact form or by direct email, telephone or fax, the data/information you provide (first name, surname, email address and content of the message) will be transmitted to us in encrypted form as far as possible and stored by us. Contact is made expressly on a voluntary basis. Failure to provide the information has no negative consequences for you. The data is processed solely for the specific purpose of answering your questions or processing your request. The legal basis for the processing of personal data is Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in the purpose‑related processing and handling of the concerns arising from your contact.

To ensure efficient processing of requests, data transmitted via the website may, based on Art. 28 GDPR (processor agreements) or Art. 6 (1) (f) GDPR in conjunction with Recital 48 (legitimate interest), be forwarded to the relevant departments and units within the FIDES Group.

We will only store your personal data for as long as is necessary for the intended purpose of processing your enquiry or as required to comply with statutory retention periods.

Applicant data

You have the opportunity to apply for a position with us or another company within the FIDES Group via our website.

The processing of applicant data is based on Art. 6 (1) (b) GDPR (performance of a contract or implementation of pre-contractual measures in the employment relationship), as specified by Art. 88 GDPR in conjunction with § 26 BDSG.

This includes, in particular, your title, first name, surname, telephone number and email address, as well as documents and information relevant to the selection decision (earliest possible start date, salary expectations, cover letter including photo, CV, references, certificates, etc.). This data is processed exclusively for the purpose of processing your application (application management).

Applicants also have the option to simplify data entry by indirectly accessing the platforms LinkedIn and XING via the website. If desired, following authorisation on the respective platform, the data stored there will be transferred into the application form on our website. The linking to these platforms is solely for the purpose of facilitating data entry in the application process. The use of these platforms is voluntary and under the responsibility of the applicant. We have no influence over the data processing carried out by these providers. Further information on the purpose and scope of data processing by these platforms can be found in their respective privacy policies:

LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
XING: https://privacy.xing.com/de/datenschutzerklaerung

Additional information on the processing of personal data in the context of the application process can be found in the privacy notice for applicants pursuant to Art. 13 GDPR, which is available on the FIDES website within the application form. 

Seminars / Events

If you register for seminars offered by us, we process personal data of you as a participant. This includes, in particular: first name, last name, company, telephone number, email address and optionally your position in the company. If a fee is payable for participation, additional data will be processed for order management and contract fulfilment (e.g. order details, invoicing address, bank details). Registration for seminars is voluntary. It is not possible to register for a seminar without providing this data.

The processing of participants' personal data is based on Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in the efficient running of the seminars, the exchange of information and the targeted support of participants.

In the event of an existing obligation to pay for participation in the seminar, the processing of personal data as our private customer or sole trader/partnership is based on Art. 6 (1) (b) GDPR (performance of a contract or implementation of pre-contractual measures). For contact persons of a business customer or other business partner, processing is again carried out on the basis of Art. 6 (1) (f) GDPR (legitimate interest).

Client portal

Through the client portal integrated into the website, we enable customers/clients to directly access the data exchange platforms Cryptshare and 5F, as well as the services DATEV Unternehmen Online and DATEV Meine Steuern, within the framework of their business relationship with FIDES.

To use the services, you need the login details you received during the initial registration process or access to the applicable login procedure (e.g. DATEV SmartLogin). Use of the Cryptshare data exchange platform requires you to provide your contact details.

Additional information on the processing of personal data in connection with the use of the services can be found in the applicable privacy policies/data protection notices.

3. External service providers/recipients of the data 

Based on Art. 28 GDPR (processing under a data processing agreement), we use external service providers for the administration and maintenance of IT systems, for supporting the operation of the website, and for handling applicant management processes.

The service providers have been carefully selected by us, are bound to maintain confidentiality and may only use your personal data for the specific purposes of fulfilling the contract concluded between them and Fides Treuhand GmbH & Co. KG. 

4. Cookies/Technical Tools

Our website occasionally uses cookies. Cookies are small text files that are stored on your computer and saved by your browser, provided that your browser is set to accept cookies.

Cookies cannot be directly attributed to specific individuals and do not contain any personal data. Cookies do not cause any damage to your computer and do not contain viruses.

You may configure your browser settings according to your preferences, e.g. by refusing the acceptance of cookies in whole or in part if you do not wish cookies to be stored on your device. Cookies already stored can also be deleted in your browser's system settings. Please note that disabling or deleting cookies may result in certain functionalities of this website no longer being available to you.

Cookies/technical tools necessary for the operation of the website

Use of Borlabs (consent management)

To obtain valid consent from website visitors, we use the consent management tool Borlabs. Further information on the use and purpose of the consent tool, as well as details on the cookies deployed within this context, can be accessed directly through the consent tool, which is presented to you upon your initial visit and can subsequently be accessed at any time via the icon permanently displayed at the bottom right of the website.

The legal basis for the processing of data associated with the consent tool is Art. 6 (1) (f) GDPR (legitimate interest). The processing is necessary to ensure a legally compliant presentation of our services and is therefore required for the operation of the website.

Other cookies/technical tools

If you have selected 'Accept all' in the cookie selection when visiting the website or have individually consented to services, we will also use further cookies and comparable technical tools based on your consent in accordance with Art. 6 (1) (a) GDPR, which are described below.

You may withdraw your consent at any time with effect for the future via the Borlabs consent tool.

Google Analytics

If you have given your consent, we use the web analytics service Google Analytics 4 in order to optimally tailor the content of our website to the needs of our visitors. The legal basis for processing personal data is Art. 6 (1) (a) GDPR (consent).

Google Analytics is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses in accordance with Art. 46 (2) (c) GDPR.

Google Analytics uses cookies that are stored on your device and enable an analysis of your use of the website. The information generated by these cookies about your use of this website is transmitted to Google. According to the information provided by Google at https://support.google.com/analytics/answer/2763052?hl=de, no logging or storage of IP addresses takes place in this context.

As part of the evaluation, Google Analytics uses procedures based on individually defined rules and criteria as well as artificial intelligence to automatically analyze and enrich data. For example, Google Analytics estimates conversions using modeling techniques where insufficient data is available, in order to optimize reporting and analysis.

Further information can be found in the documentation published by Google, accessible via the following links:
https://support.google.com/analytics/answer/10710245
https://support.google.com/analytics/answer/9443595

Data processing is largely carried out by Google. The transmitted information is used by Google to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to us. Google also uses the collected data for profiling and links it with other user data, such as search history, personal accounts, usage data from other devices, and any other data Google holds about the user.

We cannot rule out the possibility of data being passed on to Google's contractual partners or transferred to Google servers in the United States.

When processing takes place in the USA, there is a risk that an adequate level of protection for the processing of personal data in accordance with European law under the GDPR cannot be consistently guaranteed. Furthermore, it cannot be ruled out that, due to laws applicable in the USA, US government agencies may also access personal data processed by the service provider.

Data transmitted to Google is automatically deleted after 14 months.

The cookies and similar technical tools used by Google Analytics can be viewed directly via the consent tool.

Information from the third-party provider:

Google Analytics Terms of Service: https://marketingplatform.google.com/about/analytics/terms/de/
Google Analytics Help/Privacy: https://support.google.com/analytics/answer/6004245?hl=de
Google Privacy Policy: https://policies.google.com/privacy

Meta Pixel

If you have given your consent, we use Meta Pixel to optimise our advertisements on the Meta social network, to display only advertisements that are relevant to the user and to measure the success of our advertisements. The legal basis for the processing of personal data in this context is Art. 6 (1) (a) GDPR (consent).

The Meta network and the web analysis service are operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data processing is largely carried out by Meta. Meta Pixel enables Meta to identify visitors to our and other websites as a target group for the display of advertisements on the Meta social network. When you visit our website, Meta Pixel, which is implemented on our website, establishes a direct connection to the Meta servers. This transmits to the Meta server that the visitor has visited our website and which content/pages the visitor has viewed. In addition, individual information and parameters required for optimising our advertisements, increasing their relevance and measuring their success are also transmitted.

The information generated by cookies and similar technical tools enables Meta to match your user data (mainly customer data such as IP address, user ID) with the data in your Meta account. The data collected about you is anonymous to us, meaning we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Meta, enabling it to be linked to the respective user profile and evaluated/used by Meta.

We cannot rule out the possibility of data being passed on to Meta's contractual partners or transferred to Meta's servers in the United States.

When processing takes place in the USA, there is a risk that an adequate level of protection for the processing of personal data in accordance with European law under the GDPR cannot be consistently guaranteed. Furthermore, it cannot be ruled out that, due to laws applicable in the USA, US government agencies may also access personal data processed by the service provider.

The cookies and similar technical tools used by Meta can be viewed directly via the consent tool.

You may withdraw your consent at any time with effect for the future.

Information from the third-party provider:

Information about Meta Pixel https://www.facebook.com/business/help/651294705016616
Meta's privacy policy: https://www.facebook.com/about/privacy/

Youtube

If you have given your consent, you may view videos on our website that are provided through the YouTube service operated by Google. The legal basis for this processing of personal data is Art. 6 (1) (a) GDPR (consent).

The service is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

YouTube videos are embedded in 'extended privacy mode', which means that no data about you as a user is transferred to YouTube if you do not play the videos. The data is only transferred once you have given us your consent to do so.

When you visit our website, you have the option of consenting to data processing via YouTube using the consent tool. If you do not give your consent there and would like to watch the videos, you can also give your consent directly via the video display area ('Unlock content once'). In addition, you have the option of displaying further information about the processing of your data when you view a video. Only after giving consent can you start the video. You may withdraw your consent at any time with effect for the future via the consent tool, which is accessible at any time through the icon at the bottom right of the website.

When you start the video, your IP address is transmitted to YouTube. If you are logged in to YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before opening the video). YouTube stores your data as usage profiles and uses it for advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing needs-based advertising.

We cannot rule out the possibility of data being passed on to Google or YouTube contractual partners or transferred to Google or YouTube servers in the USA.

When data is processed in the USA, there is a risk that an adequate level of protection for the processing of personal data in accordance with European law under the GDPR cannot be guaranteed throughout. Furthermore, it cannot be ruled out that, due to laws applicable in the USA, US government agencies may also have access to personal data processed by the service provider.

The cookies and similar technical tools used by YouTube can be viewed directly via the consent tool.

Information from the third-party provider:

Further information on the handling of user data can be found in the Google/YouTube privacy policy at: https://www.google.de/intl/de/policies/privacy

Vimeo

If you have given your consent, you have the option of viewing videos via the Vimeo service on our website. The legal basis for the processing of personal data in this context is Art. 6 (1) (a) GDPR (consent).

The operator of the service is Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.

When you visit our website, you have the option of consenting to data processing via Vimeo using the consent tool. If you do not give your consent there and would like to watch the videos, you can also give your consent directly via the video display area ('Unlock content once'). In addition, you have the option of displaying further information about the processing of your data when you view a video. Only once you have consented to data processing can you start the video. You can revoke your consent at any time with future effect using the consent tool we use. You can access the consent tool at any time via the icon at the bottom right of the website.

Data processing is primarily carried out by Vimeo. When an embedded video is accessed, your browser connects to Vimeo's servers and data is transferred, such as your IP address and technical information regarding the browser type and operating system of your device. Vimeo also stores information about which website the service is used from and which actions (web activities) are performed on the website (e.g. session duration, bounce rate). These data are collected, stored and processed on Vimeo servers regardless of whether you have a Vimeo account.

We cannot rule out the possibility of data being passed on to Vimeo's contractual partners or transferred to Vimeo's servers in the USA.

When data is processed in the USA, there is a risk that an adequate level of protection for the processing of personal data in accordance with European law under the GDPR cannot be guaranteed throughout. Furthermore, it cannot be ruled out that, due to laws applicable in the USA, US government agencies may also access personal data processed by the service provider.

The cookies and similar technical tools used by Vimeo can be viewed directly via the consent tool.

Informationen des Drittanbieters:

Further information on the handling of user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy

5. Information on external Links

Our website contains external links to services provided by the following providers:

XING – New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
LinkedIn – LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Facebook and Instagram – Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

These links are static hyperlinks that take you directly from our website to the respective provider's website. You can easily verify this by checking your browser's address bar, which will display the new address in a new window or tab. When opening the links on a device with an installed app for the respective service, you may also be redirected directly to the app.

The operators of the linked services are solely responsible for their operation. Except for the information provided by us through these services, we have no influence on the current or future design or content of the linked services. At the time the links were set, no unlawful content was identifiable to us. Should we become aware of content-related legal violations in the future, we will remove the respective link from our website.

If you have a user account with one of the above services and are logged in to the service at the time the link is created, information about your use of the service may be assigned to your respective user account. If you do not want the service providers to collect data about you in this way, you must log out of the respective service before visiting our website.

Further information on the services can be found in the respective privacy policies of the providers.:
XING – https://privacy.xing.com/de/datenschutzerklaerung
LinkedIn – https://www.linkedin.com/legal/privacy-policy
Facebook – https://www.facebook.com/about/privacy/
Instagram – https://de-de.facebook.com/help/instagram/155833707900388

In accordance with Article 21 GDPR, you have the right to object to the processing of your personal data. 

If you are of the opinion that the processing of your personal data violates the provisions of the GDPR, you may lodge a complaint with a supervisory authority, e.g. with the State Commissioner for Data Protection and Freedom of Information in Bremerhaven (Article 77 GDPR).

6. Safety

We have taken appropriate technical and organisational measures to protect the personal data stored by us from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The adequacy of the protective measures is continuously reviewed and adapted to new security standards

Our website uses TLS (Transport Layer Security) encryption for data transmission. You can recognize this by the fact that an "s" is appended to the "http://" address component ("https://"), or by the closed padlock icon displayed in your browser. By clicking on the icon, you can view information regarding the certificate used. The exact display may vary depending on your browser. The TLS encryption used ensures a level of data transmission security appropriate to the current state of the art.

7. Captcha-Service 

Our website uses a captcha service in its forms to prevent automated entries by so‑called bots and to prevent the misuse of forms, for example in the context of seminar registrations. Processing is carried out on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. The purpose of the processing is to protect our IT systems and to ensure the secure, functional and uninterrupted operation of our website.

The captcha service we use is a server-side integrated WordPress plugin that is operated locally on the web server. It is operated by an IT service provider commissioned by us to support the operation of the website, with whom a contract for order processing has been concluded in accordance with Art. 28 GDPR. The service provider may only use the data for the specific purpose of fulfilling the contract concluded with Fides Treuhand GmbH & Co. KG.

The use of the Captcha service may require the processing of certain technical data. This includes, for example, the IP address, timestamp, browser type or meta information transmitted when using the form. This data is stored exclusively for the purposes stated and deleted once the respective processing purpose no longer applies.

8. Your Rights

You have the right to obtain information about the processing of personal data concerning you and the information specified in detail in Art. 15 GDPR. If the personal data concerned is inaccurate or incomplete, you may request that it be corrected or completed (Art. 16 GDPR). If one of the reasons listed in Art. 17 GDPR applies, you have the right to request the immediate erasure of your personal data.

Under the conditions set out in Art. 18 GDPR, you may request the restriction of processing, and pursuant to Art. 20 GDPR, you may request data portability.

Under the conditions of Art. 21 GDPR, you have the right to object to the processing of your personal data. If you believe that the processing of your personal data violates the GDPR, you may contact our internal data protection office at any time (datenschutz@fides-online.de) or our appointed Data Protection Officer named above. We and our Data Protection Officer will handle your request confidentially and, upon request, anonymously. Furthermore, you have the right to lodge a complaint with a supervisory authority, for example the competent supervisory authority for us (Art. 77 GDPR):

The State Commissioner for Data Protection and Freedom of Information Bremen
(Die Landesbeauftragte für Datenschutz und Informationsfreiheit Bremen)
Arndtstraße 1
27570 Bremerhaven
Phone: +49 421 3612010 or +49 471 5962010

9. Video surveillance

Within the scope of video surveillance, video recordings of the entrance areas at selected FIDES locations are processed on the basis of Art. 6 (1) (f) GDPR (legitimate interest). The processing of video recordings is carried out exclusively for the purpose of safeguarding property rights and, where applicable, investigating incidents such as burglary, theft, or property damage.

The provision of your personal data is neither required by law nor contractually stipulated and is not necessary for the conclusion of a contract. Failure to provide your data will have no consequences for you. The video recordings are not evaluated automatically.

Where necessary, video recordings may be forwarded within the FIDES Group to the departments responsible for handling the matter.

Based on Art. 28 GDPR (data processing under contract), external service providers may be engaged at specific locations to maintain the video surveillance system. In this context, access to the video recordings cannot be ruled out.

Any further use or disclosure of the video recordings is based on the legal basis of Art. 6 (4) GDPR, Art. 23 (1) (d) GDPR in conjunction with § 24 (1) (1) BDSG (prosecution of criminal offences), insofar as this is necessary in the context of possible criminal prosecution. In this case, the recipients are the competent law enforcement authorities or associated authorities.

The stored video recordings will be deleted after a maximum of 7 days, unless the above considerations (in particular criminal prosecution) prevent this.

Information on the responsible body and the existing rights of data subjects can be found in the above explanations in the privacy policy.