Data Protection

If the Advisor is in the position of a processor, it is deemed that, in accordance with Art. 28(3) of the GDPR, the Client entrusts the Advisor with the processing of personal data of data subjects, to the extent of the instructions given by the Client and for the duration of the provision of tax advisory services.

The Advisor is obliged to process personal data for the Client to the extent necessary to provide the services and only based on the Client's instructions under the contract. Without the Client's instructions, the Advisor is specifically not authorized to transfer personal data further, unless such processing is imposed on the Advisor by legal regulations applicable to them.

The Advisor has adopted and maintains appropriate technical and organizational measures to prevent unauthorized or accidental access to personal data, its alteration, destruction or loss, unauthorized transfers, other unauthorized processing, as well as other misuse of personal data.

In the event that the Advisor becomes aware of a personal data breach processed by the Advisor during the term of this contract, the Advisor is obliged to report the personal data breach to the Client without undue delay after becoming aware of it.

The Advisor shall ensure that persons authorized to process personal data have committed themselves to confidentiality.

The Advisor may engage another processor in the processing of personal data (e.g., within IT outsourcing, cloud solutions, web email, etc.). If they do so, this further processor must contractually commit to complying with the same data protection obligations as those agreed between the Client and the Advisor, in particular the implementation of appropriate technical and organizational measures.