Tel. (09181) 23223-0
Spitz Consulting
You are here:

Privacy Notice

Declaration on data protection

Thank you for visiting our website and for your interest in us and our services. We take the protection of personal data very seriously and want you to feel safe when visiting our website. We process personal data collected during your visit on our website in accordance with the statutory provisions.

1. Name and contact details of the person responsible

This data protection declaration provides information on the processing of personal data on the office's website by:


Georg Spitz
Spitz Wirtschafts- & Steuerberatung
Sachsenstrasse 2
092318 Neumarkt
Tel .: 09181 / 23223-0
Fax: 09181 / 23223-9

Contact details of the data protection officer:

The firm's data protection officer, Christine Frauenknecht, can be reached at the above address and via

2. Scope and purpose of the processing of personal data

2.1 Accessing the website

When visiting this website, the Internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file for a limited period of time. Until the automatic deletion, the following data will be saved without further input by the visitor:

  • IP address of the visitor's device,
  • Date and time of access by the visitor,
  • Name and URL of the page called up by the visitor,
  • Website from which the visitor came to the firm's website (so-called referrer URL),
  • Browser and operating system of the visitor's device as well as the name of the access provider used by the visitor.

The processing of this personal data is justified in accordance with Article 6, Paragraph 1, Clause 1, Letter f) GDPR. The office has a legitimate interest in data processing for the following purposes:

  • quickly establishing the connection to the website of the office,
  • enabling a user-friendly application of the website,
  • recognizing and guaranteeing the security and stability of the systems and
  • facilitateting and improveing the administration of the website.

The processing is expressly not carried out for the purpose of gaining knowledge about the person visiting the website.

2.2 contact form

Visitors can send messages to the office using an online contact form on the website. In order to be able to receive an answer, at least the title, surname, first name and a valid e-mail address are required. The person making the request can provide all further information voluntarily. By sending the message via the contact form, the visitor consents to the processing of the transmitted personal data. The data processing takes place exclusively for the purpose of handling and answering inquiries via the contact form. This is done on the basis of the voluntarily given consent in accordance with Article 6, Paragraph 1, Clause 1, Letter a) GDPR. The personal data collected for the use of the contact form is automatically deleted as soon as the request has been dealt with and there are no reasons for further storage (e.g. subsequent commissioning of our office).

2.3 "spitzfindig" print newsletter

By registering for the newsletter, the visitor expressly agrees to the processing of the transmitted personal data. To register to receive the newsletter, we need the title, surname, first name, company affiliation and address of the visitor. The legal basis for the processing of the visitor's personal data for the purpose of sending newsletters is consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a) GDPR.

The visitor can unsubscribe from receiving future newsletters at any time. This can be done by sending an email to After you unsubscribe from the newsletter, we will delete your personal data.

3. Transfer of data

Personal data will be transmitted to third parties if

  • the person concerned has expressly consented to this in accordance with Art. 6 Para. 1 Clause 1 Letter a) GDPR,
  • the transfer according to Art. 6 para. 1 sentence 1 letter f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that the data subject has an overriding legitimate interest in not disclosing their data,
  • there is a legal obligation for the data transfer according to Art. 6 Para. 1 Clause 1 Letter c) GDPR, and / or
  • this is necessary according to Art. 6 Para. 1 Clause 1 Letter b) GDPR for the fulfillment of a contractual relationship with the data subject.

In other cases personal data will not be passed on to third parties.

4. Cookies

So-called cookies are used on the website. These are data packets that are exchanged between the server on the office's website and the visitor's browser. 

These are saved by the devices used (PC, notebook, tablet, smartphone, etc.) when you visit the website. In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain any viruses or other malware. Information is stored in the cookies that results in connection with the specific device used. Under no circumstances can the office gain direct knowledge of the identity of the visitor to the website.

Most of the cookies are accepted according to the basic browser settings. The browser settings can be set up in such a way that cookies are either not accepted on the devices used or that a special message is given before a new cookie is created. It should be noted, however, that deactivating cookies may mean that not all functions of the website can be used in the best possible way.

The use of cookies serves to make the use of the office's website more convenient. For example, session cookies can be used to determine whether the visitor has already visited individual pages on the website. After leaving the website, these session cookies are automatically deleted.

Temporary cookies are used to improve user-friendliness. They are stored on the visitor's device for a temporary period. When you visit the website again, it is automatically recognized that the visitor has already visited the page at an earlier point in time and which entries and settings have been made so that they will not have to be repeated.

Cookies are also used to analyze visits to the website for statistical purposes and to improve the offer. These cookies make it possible to automatically recognize that the website has already been accessed by the visitor during a later visit. The cookies are automatically deleted after a specified period of time.

The data processed by cookies is necessary for the above mentioned purposes. Purposes of safeguarding the office's legitimate interests are justified in accordance with Art. 6 Paragraph 1 Clause 1 Letter f) GDPR.

5. Analysis services for websites, tracking

We use the website analysis service for websites from Matomo (formerly Piwik) on our website.

This website uses the web analysis service software Matomo (, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Mataomo”) on the basis of our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 Para. 1 lit. f GDPR, data is collected and stored. From this data, pseudonymised usage profiles can be created and evaluated for the same purpose. Cookies may be used. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Among other things, the cookies enable the Internet browser to be recognized. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our servers.

The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. (Source:, May 24, 2018)

6. Your rights as a data subject

Insofar as your personal data is processed on the occasion of your visit to our website, you are entitled to the following rights as a "data subject" within the meaning of the GDPR:

6.1 Information

You can request information from us as to whether personal data of yours is being processed by us. There is no right to information if the provision of the requested information would violate the duty of confidentiality pursuant to Section 83 StBerG or if the information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. Notwithstanding this, there may be an obligation to provide the information if your interests outweigh the interest in secrecy, in particular taking into account imminent damage. The right to information is also excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or exclusively serves the purposes of data security or data protection control, provided that the provision of information would require a disproportionately high effort and processing for other purposes is excluded by appropriate technical and organizational measures. If the right to information is not excluded in your case and your personal data is processed by us, you can request information from us about the following:



  • Purposes of processing,
  • Categories of the personal data processed by you,
  • Recipients or categories of recipients to whom your personal data will be disclosed, in particular to recipients in third countries,
  • if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the storage duration,
  • the existence of a right to correction or deletion or restriction of the processing of your personal data or a right to object to this processing,
  • the right to lodge a complaint with a data protection supervisory authority,
  • if the personal data has not been collected from you as the data subject, the available information about the origin of the data,
  • if necessary, the existence of automated decision-making including profiling and meaningful information about the logic involved as well as the scope and intended effects of automated decision-making,
  • If necessary, in the case of transmission to recipients in third countries, unless the EU Commission has decided on the appropriateness of the level of protection according to Art. 45 Para. 3 GDPR, information on which suitable guarantees under Art. 46 Para. 2 GDPR for protection the personal data are provided.

6.2 Correction and completion

If you discover that we have incorrect personal data about you, you can request us to correct this incorrect data immediately. If your personal data is incomplete, you can request completion.

6.3 Deletion

You have a right to erasure ("right to be forgotten"), unless the processing is necessary to exercise the right to freedom of expression, the right to information or to fulfill a legal obligation or to perform a task that is in the public interest and one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were processed.
  • The justification for the processing was solely your consent, which you revoked.
  • You have objected to the processing of your personal data that we have made public.
  • You have objected to the processing of personal data not made public by us and there are no overriding legitimate reasons for the processing.
  • Your personal data has been processed unlawfully.
  • The deletion of personal data is necessary to fulfill a legal obligation to which we are subject.
  • There is no entitlement to deletion if, in the case of lawful, non-automated data processing, deletion is not possible or only possible with disproportionately high effort due to the special type of storage and your interest in deletion is low. In this case, instead of deletion, processing is restricted.

6.4 Restriction of processing

You can request that we restrict processing if one of the following reasons applies:

  • You dispute the accuracy of the personal data. In this case, the restriction can be requested for the duration that enables us to check the accuracy of the data.
  • The processing is unlawful and instead of deletion you request that the use of your personal data be restricted.
  • We no longer need your personal data for processing purposes, but you need them to assert, exercise or defend legal claims.
  • You have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR. The restriction of processing can be requested as long as it is not yet certain whether our legitimate reasons outweigh your reasons.
  • Restriction of processing means that the personal data are only processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have a duty to notify you about it.

6.5 Data portability

You have a right to data portability, provided that the processing is based on your consent (Article 6 (1) sentence 1 a) or Article 9 (2) a) DSGVO) or on a contract to which you are a party and the processing is carried out with the help of automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of other persons: You may request us to provide you with the personal data you have provided to us in a structured, common and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. To the extent technically feasible, you may request that we transfer your personal data directly to another controller.

6.6 contradiction

If the processing is based on Art. 6 Paragraph 1 Sentence 1 Letter e) GDPR (performance of a task in the public interest or in the exercise of official authority) or Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR (legitimate interest of the person responsible or a third party), you have the right to object at any time to the processing of your personal data for reasons that arise from your particular situation. This also applies to profiling based on Art. 6 Paragraph 1 Clause 1 Letter e) or Letter f) GDPR. After exercising the right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can object to the processing of your personal data for direct marketing purposes at any time. This also applies to profiling that is associated with such direct advertising. After exercising this right of objection, we will no longer use the relevant personal data for direct marketing purposes.

You have the option of informing us of your objection by telephone, email, fax or to the postal address of our office listed at the beginning of this data protection declaration.

6.7 Revocation of Consent

You have the right to revoke your consent at any time with effect for the future. The revocation of consent can be communicated informally by telephone, email, fax or to our postal address. The revocation does not affect the legality of the data processing, which took place on the basis of the consent until receipt of the revocation. After receipt of the revocation, the data processing, which was based solely on your consent, will be discontinued.

6.8 Complaint

If you are of the opinion that the processing of your personal data is unlawful, you can lodge a complaint with a data protection supervisory authority that is responsible for the place of your residence or place of work or for the place of the alleged violation.

7. Data protection information for online seminars, online meetings and webinars via "Zoom" from Spitz Wirtschafts- & Steuerberatung

In the following we will inform you about the processing of personal data in connection with the use of "Zoom".

7.1 Purpose of processing

We use tool "Zoom" to hold telephone conferences, online meetings, video conferences and / or webinars (hereinafter: "online meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc., which is based in the United States (

7.2 Responsible

Spitz Wirtschafts- & Steuerberatung, Georg Spitz, Sachsenstrasse 2, 92318 Neumarkt, is responsible for data processing that is directly related to the implementation of "online meetings".

Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for the data processing. Calling up the website is only required to use "Zoom" in order to download the software for using "Zoom".

You can also use "Zoom" if you enter the respective meeting ID and any other access data for the meeting directly in the "Zoom" app.

If you do not want to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.

7.3 Which data is being processed?

When using "Zoom", different types of data are processed. The scope of the data also depends on the details of the data you provide before or when participating in an "online meeting".

The following personal data are processed:

  • User information: first name, last name, telephone (optional), email address, password (if "single sign-on" is not used), profile picture (optional),
  • Department (optional)
  • Meeting metadata: topic, description (optional), participant IP addresses, device / hardware information
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
  • When dialing in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
  • Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Zoom" applications.

To participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.


7.4 Scope of processing

We use “Zoom” to conduct “online meetings”. If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording is also displayed in the "Zoom" app.

If necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we can also process the questions asked by webinar participants for the purpose of recording and following up webinars.

If you are registered as a user with "Zoom", reports on "Online Meetings" (meeting metadata, data on telephone dial-in, questions and answers in webinars, survey function in webinars) can be saved in "Zoom" for up to one month.

Automated decision-making i. S. d. Art. 22 GDPR is not used.

7.5 Legal basis for data processing

As far as personal data are processed by employees of the Spitz- Wirtschafts- & Steuerberatung , § 26 BDSG is the legal basis of the data processing. If, in connection with the use of "Zoom", personal data are not required for the establishment, implementation or termination of the employment relationship, but are nevertheless an elementary part of the use of "Zoom", Article 6 (1) lit. f) GDPR is applicable the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings".

In addition, the legal basis for data processing when conducting "online meetings" is Article 6 (1) (b) GDPR, insofar as the meetings are carried out within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 Paragraph 1 lit. f) GDPR. Here, too, we are interested in the effective implementation of “online meetings”.

7.6 Recipient / transfer of data

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties unless they are intended to be passed on. Please note that content from "online meetings", as well as from personal meetings, is often used to communicate information with clients, interested parties or third parties and is therefore intended to be passed on.

7.7 Data processing outside the European Union

"Zoom" is a service that is provided by a provider from the USA. Processing of personal data also takes place in a third country. We have concluded an order processing agreement with the provider of "Zoom" that complies with the requirements of Art. 28 DSGVO.

An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses and on the other hand by the “Privacy Shield” certification of Zoom Video Communications, Inc.

7.8 Contact details of the data protection officer

Spitz Wirtschafts- & Steuerberatung

Christine Frauenknecht

Sachsenstrasse 2

92318 Neumarkt


7.9 your rights as a data subject

You have the right to information about your personal data. You can contact us at any time for information.

In the event of an request for information that is not made in writing, we ask for your understanding that we may require evidence from you that proves that you are the person you claim to be.

Furthermore, you have the right to correction or deletion or to restriction of processing, insofar as you are legally entitled to do so. Finally, you have the right to object to processing within the framework of the legal requirements.

A right to data portability also exists within the framework of data protection regulations.

7.10 Deletion of data 

As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

7.11 Complaint

You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.

8 Status and updating of this data protection declaration

This Privacy Policy is as of March 30, 2021. We reserve the right to update the Privacy Policy in due course in order to improve data protection and/or to adapt it to changes in official practice or case law.