Data protection

We are pleased that you are visiting our website https://www.weissflogheinrich.de (“Website“) and that you are interested in our company and our services. When you visit our website, we also process your personal data within the meaning of Art. 4 No. 1 GDPR (“data”). We are aware of the importance of the data entrusted to us. The protection of your privacy when processing your data is important to us, which we also take into account in our business processes. Your data is handled in accordance with the legal requirements for data protection.

1) Responsible body and data protection officer

Responsible body according to 4 No. 7 GDPR for the processing of your data in connection with our website is:

Weissflog Heinrich GmbH
Wirtschaftsprüfungsgesellschaft
Steuerberatungsgesellschaft („us“),

Heinrich-Fuchs-Straße 94-96
69126 Heidelberg
Phone: 06221/89418-0
Mail: info@weissflogheinrich.de
Fax: 06221/89418 05.

You can contact our data protection officer as follows:

Dr. Dennis Voigt
UBG mbH
Im Breitspiel 21
69126 Heidelberg
Phone: 069/653000-23
Mail: info@ubg-datenschutz.de
Fax: 069/6530006-40

2) Purpose of data processing, legal basis and storage period

Your data is processed on our website for various purposes. Depending on the processing purpose, the legal basis on which we base the processing may vary. When operating our website, we are partly supported by processors within the meaning of Art. 28 GDPR, who process your data on our behalf and on our instructions and are therefore recipients of your data (“service providers“). Your data may also be disclosed to other companies that are not service providers (“third-party companies”).

In the following, we name the different purposes for which your data is processed on our website, stating the relevant legal basis and possible recipients as well as naming the storage period of your data. We will also inform you whether your data may be transferred to a third country outside the European Economic Area (“EEA“) during processing and we will state the requirements for this data transfer.

a) Calling up our website and server log file

In order to display our website on your device, it is technically necessary for our web server, on which our website is hosted, to process your data. For this purpose, we process your IP address together with the date and time of the call, the referrer URL (website from which the access is made) and the name and URL of the file called up and save this in a so-called server log file.

The legal basis for this processing of your data is Art. 6 Para. 1 lit. f) GDPR. The processing of your data is necessary to safeguard our legitimate interests in the accessibility and correct presentation of our website. The additional storage of your data in a log file serves to safeguard our legitimate interests in operating our website securely and error-free and in order to identify, limit and eliminate malfunctions and errors.

Your data in our server log file will be automatically deleted 30 days after visiting our site. We use a service provider to host our website. This is based in the EEA.

b) Contact

On our website we give you the opportunity to get in touch with us on various topics.

You can contact us by mail, email, telephone and fax. The data that we process about you in this context may vary depending on the communication channel, but regularly includes your first and last name, your address, your telephone number, your e-mail address and your fax number.

If your establishment of contact is in connection with a contract, such as the initiation of a contract, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. If your request is of a general nature, we will process your data in accordance with Article 6 (1) (f) GDPR due to our legitimate interests in answering your request about our company and / or our services individually and in the best possible way.

We delete your data if they are in connection with a contractual relationship, possibly only after the expiry of commercial or tax retention obligations, which can be up to six years from the end of the year in which you contacted us. We delete all other data when your request has been finally clarified and we are not subject to any legal obligation to store the relevant data.

c) Applications

You can find out about current vacancies and apply for them on our website.

When you apply, we regularly collect your first and last name, your address, your telephone number, your e-mail address and information about your education and professional experience. We process your data to carry out the application process.

This processing is based on Art. 88 Para. 1 GDPR i. V. m. § 26 Abs. 1, 3 BDSG.

If an employment relationship is not concluded with you, we will delete your data six months after you have received the rejection.

d) Technically necessary cookies

Cookies are small files that are sent by us to the browser of your end device and stored there when you visit our website. We use technically necessary cookies on our website to ensure the basic functions of our website.

The cookies contain a so-called session ID, which can be used to assign various inquiries from your device during your visit to our website.

The legal basis for the associated processing of your data is Art. 6 Para. 1 lit.f) GDPR. The use of technically necessary cookies is necessary to safeguard our legitimate interests in accessibility, correct presentation and ensuring the full functionality of our website.

Technically necessary cookies are regularly deleted after you close the browser you are using.

If you do not want cookies to be set on your device, you can control this centrally via the web browser you are using. Blocking or deleting, however, can result in the usability of our website being noticeably restricted for you. You can also delete cookies that have already been set using your browser.

e) Google Maps

An iframe from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) is integrated into our website to enable you to use Google Maps.

With Google Maps we can provide you with an interactive map and geographical information. By integrating Google Maps on our website, data about your use of the map service is passed on to Google. This includes in particular your IP address and location data.

The use of Google Maps and the transfer of your data is based on the consent you have given us in accordance with Art. 6 Paragraph 1 lit. a) GDPR.

With regard to the transfer of your data to Google, the “Google Maps Controller-Controller Data Protection Terms” existing between us and Google apply, which you can access under the following link: https://privacy.google.com/intl/de/businesses/ mapscontrollerterms/. In terms of data protection law, we are responsible for collecting your data on our website and forwarding it to Google, but not for the further processing of your data by Google. Google is solely responsible for such processing under data protection law.

You can see the joint responsibility contract between Google and us here. Google receives your data as a third party.

3) Third country transfer

We do not transfer your data to a third country and therefore outside the EEA.

4) Recipients of the data

The recipients of your data are initially the aforementioned service providers and third-party companies. In addition, service providers engaged by us support us in the maintenance, upkeep and further development of our website, who process your data only on our instructions and on our behalf. Your data will only be passed on on the basis of a legal obligation, for example to authorities, or to defend, assert, exercise or defend legal claims.

5) Your rights

In accordance with the provisions of the GDPR, you can assert the following rights against us:

  • Right to information (Art. 15 GDPR),
  • Right to correction (Art. 16 GDPR),
  • Right to deletion (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR).


You have the right to revoke your consent at any time with effect for the future. In addition, you can object to the processing of your data described here for the purpose of safeguarding legitimate interests at any time with effect for the future in accordance with Art. 21 GDPR.
If the processing is not carried out for the purposes of direct advertising, the right of objection only exists for reasons that arise from your particular situation. You can also complain to a supervisory authority at any time. The supervisory authority responsible for us is.

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Königstrasse 10 a, 70173 Stuttgart.

We always want to hear from our customers. If you have any questions, we look forward to hearing from you. This is the quickest way to answer questions.

Call us, we are happy to assist you!
Phone: 06221 89 418 0