Auditors ✓ Lawyers ✓ Tax advisors ✓ and business consultants ✓ : Four perspectives. One solution. Worldwide. Learn …
Auditing and audit-related advice for companies ✓ Experienced auditors ✓ Excellent advice ✓ Tailor-made solutions » …
Our clients entrust us with their most important legal matters. Learn more about our legal services!
Tax laws are complex and dynamic. We face the challenge of tax law together with you - find out more.
Business consulting for companies ✓ Experienced consultants ✓ Excellent advice ✓ Tailor-made solutions » more
Emergency planning in the family business: Regulating responsibility in good time
BFH: No Clarity on Statutory Requirement under § 57 (3) AO
BFH doubts gift tax in the case of disproportionate contribution
New Partner in Real Estate Valuation: Baker Tilly Expands Advisory Services
EU “Omnibus” Package: Less effort for sustainability reporting?
Baker Tilly starts the year 2025 with 23 new Directors
Draft bills on Germany’s infrastructure fund: what matters after this strong signal
How far can the rights of a criminal defense insurer extend?
“Best Lawyers”: 22 Baker Tilly experts honored
Survey: Two thirds of German automotive suppliers anticipate a market shakeout
NIS-2 and no end in sight: implementation in Germany delayed further
Public procurement: Legally compliant procurement of cyber insurance
Cross-industry expertise for individual solutions ✓ Our interdisciplinary teams combine expertise & market …
Baker Tilly advises biotech startup Real Collagen GmbH investment by US investor
Energy study: Uncertainty slows down investments by industry and utilities in Germany
Risk management ✓ Compliance and controls ✓ Increase and ensure security & conformity ✓ more»
Baker Tilly offers a wide range of individual and innovative consulting services. Find out more!
(As of 9 September 2024)
Thank you for your interest in our Baker Tilly website and our services. As a consulting and auditing firm, the protection of your personal data is particularly important to us. In addition to complying with current data protection laws, we strive to continuously improve the protection of personal data within the Baker Tilly Group.
With this Privacy Policy, we aim to inform you about the possible collection and processing of your personal data when using our website and your corresponding rights as a data subject.
Supplementary Provisions to This Privacy Policy
► For the processing of your personal data on the Baker Tilly websites in the context of application procedures, supplementary data protection provisions apply, which are available at the following LINK.
► General information on the processing of personal data in the course of our business activities and for the provision of auditing, tax advisory, legal, and management consulting services for our clients can be found in the respective General Terms and Conditions of Engagement.
The controllers within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws for processing related to the use of our website www.bakertilly.de, its subpages, and linked social media presences are:
Baker Tilly Holding GmbH Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft Cecilienallee 6-7, 40474 Düsseldorf, Germany Tel.: +49 211 6901 01 Email: info@bakertilly.de
Baker Tilly Steuerberatungsgesellschaft mbH Im Gewerbepark D75, 93059 Regensburg, Germany Tel.: +49 211 6901 01 Email: info@bakertilly.de
Baker Tilly Rechtsanwaltsgesellschaft mbH Nymphenburger Straße 3b, 80335 Munich, Germany Tel.: +49 89 55066 0 Email: info@bakertilly.de
If you have any questions regarding the handling of your personal data by Baker Tilly, please contact our Data Protection Officer (in accordance with Art. 37 GDPR), Attorney Maximilian Pörtner. He can be reached via email at: dsb@bakertilly.de .
Baker Tilly collects and uses personal data to provide the websites and our content and services based on the legal bases listed in Art. 6(1)(a)–(f) GDPR, i.e., to the extent the GDPR or other legal provisions permit such processing or where the user has consented to it.
The following categories of recipients may receive personal data to fulfill the purposes outlined below:
Affiliates or associated companies of Baker Tilly;
Public authorities, courts, or other governmental bodies in Germany and abroad, where necessary;
IT service providers and other processors under strict contractual purposes.
All service providers engaged as data processors under Art. 28 GDPR are bound by data processing agreements. They are also subject to pre-engagement assessments related to data protection and IT security.
When using service providers outside the European Economic Area (EEA), an adequate level of data protection is ensured by complying with the requirements of Art. 45 et seq. GDPR—typically through the use of current EU standard contractual pursuant to Art. 46 (2) lit. c) GDPR.
In detail, Baker Tilly processes your personal data when you visit this website as follows:
Scope of Processing Each time our website is accessed, our system automatically collects data and information from the accessing device (computer, tablet, etc.). This includes:
Purpose of Processing Data is stored in log files to ensure the functionality of our website. In addition, the data is used to optimize our website and to ensure the security of our information technology systems.
Legal Basis Our legitimate interest in data processing pursuant to Art. 6 (1) lit. (f) GDPR, to the extent required in order to ensure the security of our information technology systems.
Storage Duration This data is stored in the log files of our systems for a period of 14 days. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or anonymized so that they can no longer be assigned.
Right to Object The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
Scope of Processing Baker Tilly uses so-called cookies for the purposes listed below. A cookie is a text file that is sent from the web server to the browser and processes information about the website visitor (e.g., IP address), their settings and the devices used.
Legal Basis The legal basis for data processing by cookies can be either a legitimate interest of Baker Tilly or the consent of the user.
Categories of recipients The user's IP address is transmitted by our cookie banner to the content management provider Akamai Technologies, Inc, 145 Broadway, Cambridge, MA 02142, USA. This allows Akamai to see from which IP address our website was accessed.
Objection and removal options With the exception of necessary cookies, you can object to the processing of data by cookies at any time in our cookie settings. You can access the cookie settings at any time by clicking on the icon at the bottom left of our website, where you will also find further detailed information and other options for customizing your consent.
Note: If you consent to a category, the cookies are activated immediately or when the website is reloaded. If you revoke your consent to a category, the cookies that have been set will remain active until the end of their term. To ensure that these cookies are blocked immediately, you must delete them manually via your browser settings after revoking your consent.
Scope of processing In fulfilment of legal requirements (e.g. Whistleblower Protection Act, “HinSchG”, and Supply Chain Due Diligence Act, ‘LkSG’), Baker Tilly maintains an internal reporting centre for whistleblowers. This is operated by the specialized service provider LegalTegrity GmbH, Platz der Einheit 2, 60327 Frankfurt, Germany, on behalf of Baker Tilly and also fulfils the function of a complaints office pursuant to Art. 8 LkSG. The internal reporting office can be used by all employees pursuant to Art. 3 (8) HinSchG, but also by clients, subcontractors, suppliers and other third parties, also as a complaints office pursuant to Art. 8 LkSG.
Purpose of processing The purpose of processing is the independent and confidential processing of any potential non-cpmpliance.
Legal basis The legal basis for the processing of your data is the fulfilment of a legal obligation pursuant to Art. 6 (1) lit. c) GDPR by Baker Tilly. The obligation arises directly from Art. 10 HinSchG, Art. 8 LkSG.
Storage period The duration of storage is based on statutory retention periods.
Possible recipients of the data Unless otherwise required by law, the personal data processed in the reporting portal can only be read and used by persons who need access to the data in order to fulfil their tasks in connection with the investigation of the reported facts.
Objection and removal options In principle, it is not possible to object to the processing.
Scope of processing To request further information, we provide you with contact forms at various points on our websites, which you can use to contact us directly. In addition to the mandatory fields for your name and e-mail address, you can optionally provide further information, for example about your function and your company.
Purpose of processing Baker Tilly will use this data to contact you and may also send you unsolicited further information on related topics or services provided by Baker Tilly.
Legal basis The legal basis for the storage is your consent and pre-contractual measures pursuant to Art. 6 para. 1 lit. a) - b) GDPR, as well as our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to answer your enquiry or to send you further information about Baker Tilly and our services (Art. 7 (3) UWG (German Act against Unfair Competition)).
Storage period We store your data for a period of 2 years; longer storage is possible if statutory retention periods are affected.
Objection and removal options You can object to the storage of your personal data in accordance with Art. 21 GDPR at any time by sending a corresponding message to data-check@bakertilly.de .
Scope of processing We occasionally inform our clients and other interested parties about current topics and events at Baker Tilly by e-mail as part of our mailings. In addition, our website offers the option of subscribing to newsletters focussing on various topics. We process your contact details (name, e-mail address, business contact details if applicable). We use the so-called double opt-in procedure to verify the e-mail address provided: After registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as your IP address. Sending with CleverReach also allows us to measure the success of mailings and newsletters. This measurement enables us to analyse how many recipients have opened the corresponding mail and how often links were clicked.
Purpose of processing Baker Tilly will use this data to contact you and keep you informed about current topics and services as well as events organised by Baker Tilly. The purpose of measuring success by sending mailings and newsletters is to assess and continuously optimize the effectiveness and accuracy of our campaigns.
Legal basisThe legal basis for processing your data and sending the mailings is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in conjunction with Art. 7 (3) no. 2 UWG. The legal basis for processing the data and sending the newsletter is the existence of your consent in accordance with Art. 6 (1) lit. a) GDPR in conjunction with Art. 7 (3) no. 4 UWG. The legal basis for measuring the success of mailings is our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR.
Storage period We store your data for a period of one year; if required by statutory retention periods, it may be stored for longer.
Categories of recipients To send mailings and newsletters, we use the CleverReach service provided by CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. The data you enter to receive mailings or the newsletter is stored on the CleverReach servers. The servers are located in Germany and Ireland. We have concluded an order processing contract with CleverReach to ensure full compliance with the statutory data protection requirements. Details of CleverReach's data protection provisions are available here.
Objection and removal options You have the option to object to mailings at any time. All you need to do is send an informal email to data-check@bakertilly.de . To unsubscribe from the newsletter, simply send an informal email to data-check@bakertilly.de. It is also possible to unsubscribe at any time via the ‘Unsubscribe’ link in the newsletter. The data you provide in this context will be deleted from our servers and the CleverReach servers after you unsubscribe from the newsletter. If you do not wish the success of mailings and newsletters to be measured, you can object to the mailing at any time and unsubscribe from the newsletter. The legality of the data processing operations that have already made remains unaffected by the objection or cancellation of the newsletter.
Scope of processing We use the Bryter product from Bryter GmbH, Uhlandstr. 175, 10719 Berlin, Germany, on our website to statistically analyse visitor access. Bryter enables an anonymised analysis of your use of our website. Two cookies are set by Bryter for this purpose. It is not possible to draw conclusions about a specific person, as the IP address is anonymised immediately after processing and before storage. The information about the use of this website collected as part of the analysis is not passed on to third parties.
Purpose of processing The purpose of processing is the continuous improvement of our websites based on the statistical analysis of anonymous user data.
Legal basis The data collected by Bryter is stored on the basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the anonymised analysis of usage and the associated optimization of our website.
Storage period Only anonymised data is stored in the log files of our systems for a period of 90 days. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to assign them.
Objection option You have the option of objecting to the corresponding cookies in our cookie banner.
Baker Tilly uses statistics and analysis tools from third-party providers on these websites. These use so-called cookies, the use of which can be customized via the setting options of the respective third-party providers explained below or in our cookie settings.
Scope of processing If you have consented to its use, we use Google Analytics on our websites, a web analytics service provided by Google Ireland Ltd (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called ‘cookies’, text files that are stored in the browser and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to and stored on a Google server in the USA. We only use Google Analytics with activated IP pseudonymisation. This means that the user's IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. This truncation eliminates the direct personal reference to your IP address. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. As part of Google Analytics, we also use the Google Signals extension, which enables tracking across multiple end devices. For this purpose, Google uses the data of users who are logged into a Google service when visiting the website and who have activated the “personalized advertising” option in their Google account settings (https://adssettings.google.com/authenticated). Google Signals is also only used with IP anonymisation activated. Further information on the use of data by Google, setting and objection options, are available in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Purpose of processing On behalf of Baker Tilly, Google will use this information to analyze the use of these websites, to compile reports on website activity and to provide other services relating to website activity and internet usage to Baker Tilly. Google will use this information on our behalf to analyze the use of our website by site visitors, to compile reports on the activities within our online offering and to provide us with further services associated with the use of this online offering and the use of the Internet. Pseudonymized user profiles can be created from the processed data.
Legal basis The processing is processed in accordance with Art. 6 para. 1 lit. a) on the basis of your consent in our cookie banner.
Duration of storage The data stored by Google is automatically deleted after 2 years.
Objection option You can deactivate the use of Google Analytics and other associated Google services in the cookie banner. You can also object to the use of your data by Google Analytics by installing a so-called add-on in your browser. To do this, you can follow the following link, which will take you to the Google page: https://tools.google.com/dlpage/gaoptout?hl=en
Further information on Google's terms of use and data protection are available https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en&gl=us .
Scope of processing Our website uses the ‘LinkedIn Insight Tag’ conversion tool from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser, which enables the collection of the following data, among others: IP address, device and browser properties and page events (e.g. page views). LinkedIn does not share any personal data with Baker Tilly, but offers anonymised reports on the website target group and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag.
Purpose of processing The purpose of processing is to display targeted advertising from Baker Tilly outside its website without identifying website visitors.
Legal basis The processing is carried out in accordance with Art. 6 (1) lit. a) on the basis of your consent in our cookie banner.
Storage period The data collected is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days.
Objection option You can deactivate the use of the LinkedIn Insight Tag at any time in our cookie banner. Alternatively, you can permanently deactivate the Insight Tag at the link https://www.linkedin.com/mypreferences/d/categories/ads?lang=en . LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
Further information on LinkedIn's terms of use and data protection are available at https://www.linkedin.com/legal/privacy-policy? and https://de.linkedin.com/legal/user-agreement? .
We use the Custom Audiences service of Meta Platforms, Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA) within the scope of usage-based online advertising. For this purpose, we use the Facebook Ads Manager to define target groups of users based on certain characteristics, who are subsequently shown adverts within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through the use of Facebook. If a user clicks on an advert and subsequently reaches our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated on our website. In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. Such cookie collects information about your activities on our website (e.g., surfing behaviour, subpages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising. We do not use Facebook Custom Audiences via the customer list or the “advanced matching’”-function. The data is deleted after 720 days at the latest. Facebook's privacy policy is available here.
You can specify the collection and use of your data by the Facebook pixel here. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
We maintain online presences within social networks and platforms in order to communicate with the interested parties active there and to inform them about our activities.
Please note that user data may be processed outside the European Union for this purpose. This may entail risks for users because, for example, it could make it more difficult to enforce their rights.
Furthermore, the data of social media users is usually processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users, which can be used by the platform operators, for example, to place advertisements inside and outside the platforms that presumably correspond to the users’ interests. For these purposes, cookies are usually stored on users' end devices, which are used in order to determine their usage behaviour and interests.
"Furthermore, data can also be stored in the user profiles independently of the end devices used by the users. This applies in particular if the users are members of the respective platforms and are logged in there."
The processing of users' personal data is based on our legitimate interests in effective information and communication with users in accordance with Art. 6 (1) lit. f) GDPR. If the users are asked by the respective platform providers for consent to the data processing described above, the legal basis for the processing is Art. 6 (1) lit. a) in conjunction with Art. 7 GDPR.
For a presentation of the respective processing under the privacy policy and the possibilities for objection (opt-out), please refer to the following linked provider information.
In the case of requests for information and the assertion of user rights, please note that these can also be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, please feel free to contact us.
a) Facebook
Operator: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0&locale=en_US, especially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data?locale=en_US
Opt-out option: https://www.facebook.com/settings?tab=ads andhttps://www.youronlinechoices.com .
b) Google/YouTube
Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy: https://policies.google.com/privacy?hl=en
Opt-out option: https://myadcenter.google.com/home?hl=en&sasb=true&ref=ad-settings
c) Instagram
Privacy policy and opt-out option:https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect&locale=en_US
d) X (formerly ‘Twitter’)
Operator: X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Privacy policy: https://x.com/en/privacy
Opt-out option:https://x.com/settings/account/personalization?lang=en
e) XING
Operator: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/en/privacy-policy
Opt-out option: https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing
f) Use of Facebook social plugins
Content from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA is added to our website via interfaces.
When you access the respective page on our website, your device establishes a direct connection with the Facebook servers. If you are logged in as a member of Facebook, this will be assigned to your personal Facebook user account. When using the plug-in functions (e.g. clicking the ‘Like’ button) If you are not a member of Facebook, there is still the possibility that Facebook will find out your IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany.
The data is processed on the basis of your consent in our cookie banner in accordance with Art. 6 (1) lit. a) GDPR.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be seen from Facebook's data protection information: https://www.facebook.com/privacy/policy/?locale=en_US.
If you are a Facebook member and do not want Facebook to collect data about you via this online service and link it to your membership data stored on Facebook, you must log out of Facebook before using our online service and delete your cookies in your browser. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fsettings%3Ftab%3Dads&locale=en_USor via the page https://www.youronlinechoices.com/ . The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Unless expressly stated otherwise, Baker Tilly stores personal data for as long as is necessary to fulfil the purposes listed above. This is subject to statutory retention obligations. Baker Tilly employees are instructed to regularly review the storage period of personal data and to delete it if necessary.
Data subjects have the right to information pursuant to Art. 15 GDPR about the processing of their personal data by Baker Tilly (including the purpose of processing, any recipients and the expected duration of storage), the right to rectification of inaccurate data (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing and data portability of the data provided (Art. 18, 20 GDPR) as well as the right to object to use for marketing purposes and to processing on the basis of a legitimate interest of Baker Tilly (Art. 21 GDPR). Once consent has been given, it can be revoked at any time with effect for the future. In order to safeguard these rights, any data subject can contact Baker Tilly's Data Protection Officer (see Section 2). There is also a right to lodge a complaint with a data protection supervisory authority. Data subjects can address their complaint to the authority of their place of residence, but generally also to any other data protection supervisory authority.
We have integrated Jotform on our website. The provider is Jotform Inc, 4 Embarcadero Center, Suite 780, San Francisco CA 94111, USA (hereinafter referred to as Jotform). Jotform enables us to create online forms in order to record enquiries and other input from our website visitors. All entries you make are processed on Jotform's servers.
The use of Jotform is based on our legitimate interest in determining your request in the most user-friendly way possible (Art. 6 (1) lit. f GDPR). If a corresponding consent has been requested, the data is processed exclusively on the basis of Art. 6 (1) lit. a GDPR and Art. 25 (1) TTDSG, to the extent the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. Consent can be revoked at any time. We will retain the data you provide on the form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g., after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected. Data transfer to the USA is protected by EU standard contractual clauses we have concluded with Jotform. Details are available here.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information in this respect are available at this link.
Order processing We have concluded an order processing agreement with Jotform. This is a contract prescribed by data protection law that ensures that Jotform only processes the personal data of our website visitors in accordance with our instructions and in compliance with the General Data Protection Regulation.