Data protection

1. Name and contact details of the party responsible for content and the company data protection officer

We are jointly responsible for the processing of the data (hereinafter referred to as “CT Lloyd Group”):

  • CT Lloyd GmbH Tax consultancy firm, Roscherstrasse 7, 30161 Hanover
  • CT Lloyd GmbH Auditing company, Roscherstrasse 7, 30161 Hanover
  • CT Lloyd GmbH Law firm, Emilienstrasse 15, 04107 Leipzig, Germany

The data protection responsibilities of the “CT Lloyd Group” are regulated in an agreement, the essential content of which can be made available on request.

A data protection officer has been appointed for CT Lloyd GmbH Steuerberatungsgesellschaft. You can reach them as follows:

CT Lloyd GmbH
Tax consultancy firm
Data protection officer
Roscherstrasse 7
30161 Hanover
Phone: +49 (0)511 301 899 0
Email: datenschutz@ct-lloyd.de

2. Collection and storage of personal data and the nature and purpose of their use

a) When visiting the website

When you visit our website, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in what is known as a log file.

The following data is collected:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the requested file
  • Web page from which you are accessing us (referrer URL)
  • Browser used and, if applicable, your computer’s operating system and the name of your access provider

We process the above-mentioned data for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring the functionality of our website
  • Evaluation of system security and stability; the data is not analysed for marketing purposes in this context

The legal basis for data processing is Article 6 (1)(1)(f) GDPR. Our legitimate interest follows from the data collection purposes listed above.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. If there are additional statutory retention obligations, your data will be deleted at the end of these retention obligations.

b) Application form

You have the option of completing an application form on our website. You can either use the service provider Personio SE & Co. KG’s application service or our career contact form.

When using Personio SE & Co. KG’s application service, the following data is collected:

  • Personal information (first name, surname)
  • Contact details (e-mail address, telephone number, location)
  • Qualification data (e.g. curriculum vitae)
  • Other personal data that you provide voluntarily

Contact details for Personio SE & Co. KG:
Personio SE & Co. KG
Seidlstrasse 3
80335 Munich

Personio SE & Co. KG’s data protection policy is available on the following website: https://www.personio.de/datenschutzerklaerung/#datenschutzhinweise

If you wish to use our career contact form for your application, we will collect the following data:

  • Personal information (first name, surname)
  • Contact details (e-mail address, phone number)

Data processing is based on your consent in accordance with Article 6 (1)(1)(a) GDPR or Article 6 (1)(1)(b) GDPR and Article 6 (1)(1)(f) GDPR.

Your application data will be processed solely for the purpose of the application procedure.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. If there are additional statutory retention obligations, your data will be deleted at the end of these retention obligations.

3. Use of cookies

Cookies are used on our website. Cookies are small files that are stored on your end device through your internet browser.

We use technically necessary cookies so that our website and its applications can function smoothly. These are session cookies, which are required for the duration of your session cease to be valid as soon as you leave our website, and permanent cookies, so that the settings you have saved for selecting the language can be called up when you visit our website again. Permanent cookies for setting the language are set for a period of one year and then automatically deleted.

The legal basis for data processing when using cookies is Article 6 (1)(1)(f) GDPR. Our legitimate interest in this respect is to maintain the functions of the website.

4. Data transmission to third parties

We use external service providers for the operation of the website and the services offered on the website. These providers process your personal data on our behalf and are obliged by us to handle the data with care.

If service providers are used who process the data outside the EU/EEA, we ensure that an appropriate level of protection comparable to the standards within the EU is guaranteed before your personal data is transferred.

5. Rights of data subjects

You have the right:

  • in accordance with Article 15 GDPR to request information about your personal data processed by us. In particular, you may obtain information about the purposes for which your data are processed, the category of personal data concerned, the categories of recipients to whom your data are or have been disclosed, the planned duration of data storage, the existence of a right to rectification or erasure of your data, to restriction of their processing, or to object to their processing, the existence of a right to lodge a complaint, the origin of your data if they were not collected by us, and the existence of automated decision-making, including profiling, along with, as the case may be, meaningful information concerning the particulars thereof;
  • in accordance with Article 16 GDPR to obtain prompt rectification of inaccurate personal data concerning you that are stored by us and their completion when they are incomplete;
  • in accordance with Article 17 GDPR to obtain the erasure of personal data concerning you that are stored by us if their processing is not required for exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims;
  • in accordance with Article 18 GDPR to obtain restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you oppose erasure of the data, or we no longer need the data but you need them for the assertion, exercise, or defence of legal claims; or if, as per Article 21 GDPR, you have lodged an objection to their processing;
  • in accordance with Article 20 GDPR to receive, in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided us with, or to have those data transmitted to another data controller;
  • in accordance with Article 7(3) GDPR to withdraw at any time the consent you have given us. As a consequence of withdrawing your consent, we will not be permitted to continue into the future the data processing that was authorised by your consent; and
  • in accordance with Article 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can do so with the supervisory authority with jurisdiction of the place where your habitual residence, your place of work, or our registered office are located.

6. Right of revocation

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1)((1)(f) GDPR, you have the right, in accordance with Article 21 GDPR, to revoke your consent to the processing of your personal data if you have grounds for doing so that relate to your particular situation or if the objection is to direct marketing. In the latter case you have a general right of revocation that will be honoured with no reference to your particular situation.

If you wish to exercise your right of cancellation or revocation, simply send an e-mail to datenschutz@ct-lloyd.de.

7. Data security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this involves 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

8. Topicality and amendment of this data protection policy

This data protection policy is currently valid as of May 2024.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection policy. You can call up and print out the current data protection declaration at any time on the website under Data protection.