Switch to Spain

Privacy Policy

With this privacy policy, we inform you, as the person responsible for data processing, according to the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), about the type, scope, and purpose of processing personal data in connection with our online services.

I. Definitions

‘Personal Data’ means all information relating to an identified or identifiable natural person; a natural person is considered identifiable if they can be identified directly or indirectly, particularly through an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

‘Processing’ means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

‘Controller’ is the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

‘Recipient’ is a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data within the framework of a specific investigation task in accordance with Union or Member State law shall not be regarded as recipients; the processing of this data by these authorities shall be carried out in accordance with the applicable data protection regulations for the purposes of processing.

II. General Information

1. Data Controller

Klaiber GmbH Steuerberatungsgesellschaft
Gartenstrasse 5
72458 Albstadt
Germany
Phone: +49 7431 9379-0
Fax: +49 7431 9379-50
Email: mail@kl-klaiber.de

2. Contact details of the Data Protection Officer

OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Phone: 0711 / 4605025-40
Fax: 0711 / 4605025-49
Email: datenschutz@obsecom.de
Website: https://www.obsecom.eu

3. Legal Bases

We process personal data based on at least one of the following legal grounds:

Consent of the data subject to process their personal data for one or more specific purposes (Art. 6(1) Sentence 1 (a) GDPR);
Fulfillment of a contract with the data subject or for the performance of pre-contractual measures taken at the data subject’s request (Art. 6(1) Sentence 1 (b) GDPR);
Compliance with a legal obligation to which we are subject (Art. 6(1) Sentence 1 (c) GDPR);
Protection of vital interests of the data subject or another natural person (Art. 6(1) Sentence 1 (d) GDPR);
Preservation of our legitimate interests or those of a third party (Art. 6(1) Sentence 1 (f) GDPR)

In this privacy policy, we will indicate the relevant legal basis for each individual processing operation.
4. Disclosure of Data to Recipients

We only disclose personal data to recipients (processors or other third parties) to the extent necessary and under one of the following conditions:

The data subject has given consent to the disclosure;
The disclosure serves the fulfillment of contractual obligations or pre-contractual measures at the request of the data subject;
We are legally required to disclose the data;
The disclosure is made based on our legitimate interests or those of a third party.

5. Third Countries

The transfer of personal data to a country or international organization outside the European Union (EU) or the European Economic Area (EEA) is carried out only in accordance with Art. 44 ff. GDPR and provided it is permitted by law or contract. This means that the relevant country must have an adequacy decision by the EU Commission according to Art. 45 GDPR, or suitable data protection guarantees under Art. 46 GDPR, or binding corporate rules according to Art. 47 GDPR. In specific cases, data transfers may be permitted under an exception under Art. 49 GDPR.

On our website, we may incorporate external services from providers based in the USA. When these services are active, personal data may be collected and transmitted to servers in the USA in connection with providing the service and may be stored there. The European Court of Justice considers the USA to be a country with an insufficient level of data protection. When data is transferred to the USA, there is a risk that US authorities may access and use this data for monitoring and surveillance purposes without notice and without legal recourse.

6. Rights of Data Subjects

As a data subject, you have the following rights:

According to Art. 15 GDPR, you can request information about your personal data processed by us; you can also request information regarding the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria used to determine that period, the source of your data if it was not collected from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about its details such as logic, scope, and effects, the existence of a right to rectification or erasure of your data, the right to restrict processing, or to object to such processing, and the existence of a right to lodge a complaint with a supervisory authority. Finally, you are entitled to information about whether your personal data is transferred to a third country or an international organization, and if so, regarding the appropriate safeguards in connection with the transfer;
According to Art. 16 GDPR, you can request the immediate rectification of incorrect personal data or the completion of your personal data stored by us;
According to Art. 17 GDPR, you can request the deletion of your personal data stored by us, as long as the processing is not necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
According to Art. 18 GDPR, you can request the restriction of processing of your personal data if you contest the accuracy of the data, the processing is unlawful, but you oppose the erasure of the data, we no longer need the data, but you need it to establish, exercise, or defend legal claims, or you have objected to processing pursuant to Art. 21 GDPR, pending verification of whether our legitimate grounds override your interests;
According to Art. 20 GDPR, you can request to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format or to have it transmitted to another controller;
According to Art. 21 GDPR, you can object to the processing of your personal data, where there are reasons arising from your particular situation or where the objection is directed against direct marketing, and the legal basis for the processing of the personal data is legitimate interests in accordance with Art. 6(1) Sentence 1 (f) GDPR;
According to Art. 7(3) GDPR, you can withdraw your consent at any time with effect for the future. This means we will no longer continue the data processing that was based on this consent;
According to Art. 77 GDPR, you can lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement. A list of data protection officers in the federal states and their contact details can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

If you would like to exercise any of the above rights, you can contact us or our Data Protection Officer at the contact details provided above at any time.

7. Erasure and Restriction of Personal Data

Unless otherwise stated in this privacy policy, personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed and no statutory retention obligations prevent erasure. We also delete the personal data we process upon request according to Art. 17 GDPR, provided the conditions specified there are met. If personal data is required for other and legally permissible purposes, it will not be deleted but its processing will be restricted according to Art. 18 GDPR. In cases of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. Documents are retained for 6 years in accordance with § 257(1)(2) and (3) of the German Commercial Code (HGB) and § 147(1)(2), (3), (5) of the German Tax Code (AO), and for 10 years in accordance with § 257(1)(1) and (4) HGB as well as § 147(1)(1), (4), (4a) AO.

8. Cookies

As part of our online services, cookies are used. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our site. Cookies do not harm your device, contain no viruses, or other malicious software. Information is stored in the cookie, which results in connection to the specific device used. However, this does not mean that we gain immediate knowledge of your identity. The primary purpose of cookies is to make our online offerings more user-friendly, efficient, and secure.

The following types of cookies are used on our website:

1. Necessary Cookies

The data processed through necessary cookies is required to maintain our legitimate interests as well as those of third parties in providing and operating our website in accordance with Art. 6(1) Sentence 1 (f) GDPR.

Name:	PHPSESSID
Purpose:	Created at the start of a user session and stores the name of the session. This session cookie is used to recognize the user session.
Duration:	End of session
Example Content:	3cm12d11d14fg0ssklulk1k274
More Information:	www.php-faq.de/q/q-sessions-id.html

Name:	resolution
Purpose:	Stores the screen resolution
Duration:	End of session
Example Content:	1240

Most browsers accept cookies automatically. If you do not wish this to happen, you can configure your browser to prevent cookies from being stored on your device or to display a warning each time a new cookie is created. Information on deleting cookies in Internet Explorer / Edge can be found at: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies. Information on deleting cookies in Firefox can be found at: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectlocale=en-US&redirectslug=delete-cookies-remove-info-websites-stored. Here’s how to delete cookies in Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac.

A general objection to the use of cookies for online marketing purposes can be declared for a number of services, for example, on http://www.youronlinechoices.com/ or through the Network Advertising Initiative’s opt-out page at http://optout.networkadvertising.org. Disabling cookies may limit your ability to use all the features of our online services.

III. Individual Processing Operations

1. Hosting

To provide our online services, we utilize the services of hosting providers, including the provision of web servers, storage space, database services, security services, and maintenance. In this process, we or our hosting provider process personal data of users of our online services based on our legitimate interest in an efficient and secure provision of this online offering in accordance with Art. 6(1) Sentence 1 (f) GDPR.

2. Access Data and Log Files

When accessing our online services or individual pages, your browser automatically sends information to the server of our online services on your device. This information is stored in so-called log files by us or our hosting provider and is deleted after a maximum of 7 days.

The following information is stored:

IP address of the requesting computer in anonymized form;
Date and time of access;
Name and URL of the accessed file;
Website from which the access occurred (referrer URL);
Browser used and, if applicable, the operating system of your computer;
Status codes and data volume transmitted;
Name of your access provider.

This data is processed for the following purposes:

Provision of the online services, including all functions and content;
Ensuring a smooth connection to the website;
Ensuring a comfortable use of our website;
Ensuring system security and stability;
Anonymous statistical analysis of access data;
Optimization of the website;
Transfer to law enforcement authorities if there is an unlawful intrusion/attack on our systems;
Further administrative purposes.

The legal basis for data processing is Art. 6(1) Sentence 1 (f) GDPR. Our legitimate interest follows from the purposes outlined above for data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about individuals.
3. General Contact

If you contact us using the contact details published on our online services (e.g., via email) and provide us with personal data in the process, we use this data to process your request on the basis of Art. 6(1) Sentence 1 (b) GDPR, provided that your inquiry is related to the performance of a contract or required for pre-contractual measures. In all other cases, the processing is based on your consent under Art. 6(1) Sentence 1 (a) GDPR and/or our legitimate interest in effectively processing the inquiries directed to us under Art. 6(1) Sentence 1 (f) GDPR. The data remains with us until you request deletion, withdraw your consent, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions—particularly retention periods—remain unaffected.

4. Contact Form

If you use the contact form, we require your email address, name, address, and, if applicable, other contact information to establish personal contact with you. Additional information can be provided voluntarily. Data processing for the purpose of contacting us and responding to your request is carried out in accordance with Art. 6(1) Sentence 1 (a) GDPR based on the consent you voluntarily provide. All personal data collected in connection with the contact form will be deleted after your request has been fulfilled, unless retention is necessary for documenting other processes (e.g., a subsequent contract conclusion).

5. Direct Email Marketing to Customers

If you are a customer of ours and we have received your email address in connection with the sale of goods or services, we may use your email address for direct marketing of our own similar goods or services. This applies only if you have not objected to such use, and we clearly inform you of the right to object both at the time of collecting your email address and each time it is used. The legal basis for processing is our legitimate interest in direct marketing according to Art. 6(1) (f) GDPR. We retain the personal data until you object to this data processing.

6. Newsletter

If you would like to receive our newsletter, we need your email address and your name. The data processing for the purpose of sending the newsletter is carried out in accordance with Art. 6(1) Sentence 1 (a) GDPR based on your voluntarily provided consent using the double opt-in procedure. The email address is used for this purpose and stored until you withdraw your consent or unsubscribe from receiving the newsletter. You may unsubscribe at any time, for example, via a link at the end of each newsletter. Alternatively, you may send your request to unsubscribe at any time to the email address specified in section II.

Our newsletters contain a tracking pixel. A tracking pixel is a miniature graphic embedded in the HTML format of the sent newsletter to enable an analysis of reader behavior. In this context, we store whether and when a newsletter was opened by you and which links within the newsletter were accessed by you. We use this data to create statistical evaluations of the success or failure of a marketing campaign, optimize newsletter delivery, and tailor future newsletter content to your interests. The collected data will not be shared with third parties and will be deleted after statistical evaluation.

7. News Publisher, Newsletter, and Klaiber App

For sending our newsletter and publishing industry news on our website and the Klaiber App, we use WiaDok. The provider is WIADOK KG, Am Speicher 2, 49090 Osnabrück (hereinafter “WiaDok”). WiaDok is used for content processing, publishing information across various media channels, as well as sending and measuring the reach of our newsletters. For this purpose, your email address and other data necessary for providing the newsletter are processed on our behalf. The legal basis for processing by WiaDok is Art. 6(1) (f) GDPR and our legitimate interest in information management and using a user-friendly and secure newsletter system. Further information on how WiaDok handles your personal data can be found in their privacy policy: https://www.wiadok.de/datenschutz/.

8. Application Form

If you use our application form, you will be asked to provide your name, contact details, and submit application documents so that we can review your application and contact you personally. Data processing for the purpose of handling your application is carried out according to Art. 6(1) Sentence 1 (a) GDPR based on your voluntarily provided consent. All personal data collected in connection with the application form will be retained for 6 months after the completion of the application process, considering the objection periods of the General Equal Treatment Act (AGG), and then deleted unless retention is required for documenting other processes (e.g., subsequent employment).

9. Links to Social Media Profiles

Our online services contain hyperlinks to social media profiles on various social networks. When you click on a link to such a profile, your browser establishes a direct connection to the servers of the respective provider, which allows the provider to know that you visited our website. If you are simultaneously logged into the respective social network, the provider can assign the visit to your user account. In this process, personal data may be processed in the USA. For more information on the processing of personal data, please refer to the respective social network’s privacy policy. The purpose of linking to our social media profiles is to increase the visibility of our online presence. Visiting these social media profiles is based on your voluntary choice according to Art. 6(1) Sentence 1 (a) GDPR. The legal basis for the associated data transfer to the USA is also your voluntarily given consent under Art. 49(1) (a) GDPR.

Our Facebook privacy policy can be found here.

Privacy Policy

How can I ensure that my tax matters comply with current legal regulations and provisions?

What needs to be considered when recording companies based abroad for VAT purposes?

Can I deduct the costs incurred during the founding process?

Do I have to prepare a balance sheet?

Does a tax advisor have to prepare and audit my balance sheet?

A GmbH has limited liability with its share capital, i.e., 25,000 euros, correct?

Isn’t a GmbH & Co. KG better?

Can I start with a sole proprietorship and later “convert” it into a GmbH?

I don’t have 25,000 euros in capital. Is there another way to start directly with a GmbH?

How can I get overpaid withholding tax refunded?

How does creditable withholding tax affect me?

What should I consider when claiming a withholding tax refund?

What is withholding tax?

What is a Double Taxation Agreement (DTA)?

What is a Sociedad Limitada (SL)?

What are the advantages of an SL?

What are the disadvantages of an SL?

What is the minimum capital required to establish an SL?

What steps are required to establish an SL?

How long does it take to establish an SL?

What documents are needed for the formation?

Can a foreign person establish an SL in Spain?

What taxes does an SL in Spain need to pay?

What accounting obligations does an SL have?

Does an SL need to have a director?

Can an SL be founded by a single person?

Can the SL have its registered office abroad?

What are the ongoing costs associated with running an SL?