Privacy Notice

Privacy Notice

1. General Information and Mandatory Disclosures

The operators of this site take the protection of your personal data very seriously. We treat your personal information confidentially and in accordance with applicable data protection laws and this privacy notice.

When you use this website, various personal data are collected. Personal data are data that can be used to personally identify you. This privacy notice explains which data we collect, how we use it, and for what purpose.

Please be aware that data transmission over the internet (e.g., via email) can have security vulnerabilities. Complete protection of data from third-party access is not possible.

1.1 Controller

DOMUS Steuerberatungs-AG – Wirtschaftsprüfungsgesellschaft
Lentzeallee 107
14195 Berlin
Phone: +49 30 897 81‑0
Email: info@domus-ag.net

The “controller” is the natural or legal person who decides, alone or jointly with others, the purposes and means of processing personal data (e.g., names, email addresses, etc.).

1.2 Data Retention Period

Unless a specific retention period is stated in this privacy notice, your personal data will be retained until the purpose for which it was processed no longer applies. If you submit a valid deletion request or revoke your consent for data processing, your data will be deleted – unless there are other legally permissible reasons for retaining it (e.g., tax or commercial law retention periods), in which case deletion will occur once those reasons no longer apply.

Legal Basis for Data Processing

If you have consented to data processing, we rely on Art. 6 (1)(a) GDPR (and where applicable, Art. 9 (2)(a) GDPR for special categories of personal data). If you expressly consent to the transfer of personal data to third countries, processing is also conducted under Art. 49 (1)(a) GDPR.

1.3 Recipients of Personal Data

As part of our business operations, we work with various external parties. In certain cases, this involves the transfer of personal data to such external recipients. We only disclose personal data to external parties if:

• it is necessary for the performance of a contract,

• we are legally required to do so (e.g., disclosure to tax authorities),

• we have a legitimate interest under Article 6(1)(f) of the GDPR in the disclosure, or

• another legal basis permits such data sharing.

When engaging data processors, we only transfer personal data of our clients based on a valid data processing agreement. In the case of joint processing, a joint controller agreement is concluded in accordance with GDPR requirements.

1.4 Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have previously given at any time. The legality of data processing carried out prior to the withdrawal remains unaffected.

Right to Object to Data Processing in Special Cases and to Direct Marketing (Article 21 GDPR)

If your personal data is processed based on Article 6(1)(e) or (f) of the GDPR, you have the right to object, at any time and on grounds relating to your particular situation, to the processing of your personal data. This also applies to profiling based on these provisions. The legal basis for processing is indicated in this privacy notice.

If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms – or the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Article 21(1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to such processing, including profiling insofar as it is related to direct marketing. Upon your objection, your personal data will no longer be used for these purposes (objection pursuant to Article 21(2) GDPR).

1.5 Right to Lodge a Complaint with the Supervisory Authority

If you believe that your rights under the GDPR have been violated, you have the right to file a complaint with a supervisory authority – particularly in the EU Member State of your habitual residence, your place of work, or the location of the alleged violation. This right exists without prejudice to any other administrative or judicial remedies.

Supervisory Authority for DOMUS AG:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin
Visitor Entrance: Puttkamerstraße 16–18 (5th Floor)
Phone: +49 30 138 89‑0
Fax: +49 30 215 50 50
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

1.6 Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a commonly used, machine-readable format. You also have the right to request that this data be transmitted directly to another controller, where technically feasible.

1.7 Right of Access, Rectification, and Erasure

Within the scope of applicable legal provisions, you have the right – at any time and free of charge – to request information about your stored personal data, its origin and recipients, and the purpose of the data processing. Where applicable, you also have the right to request the rectification or erasure of this data. For these purposes and for any further questions about personal data, you may contact us at any time.

1.8 Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. You may contact us at any time to exercise this right. The right to restriction applies in the following situations:

• If you contest the accuracy of the personal data we hold about you, we usually need time to verify this. While the accuracy is being reviewed, you have the right to request the restriction of the processing of your personal data.

• If the processing of your data was or is unlawful, you may request restriction of processing instead of deletion.

• If we no longer need your personal data, but you require it to exercise, defend, or establish legal claims, you may request restriction instead of deletion.

• If you have filed an objection pursuant to Article 21(1) GDPR, a balancing of interests must be conducted. Until it has been determined whose interests prevail, you have the right to restrict the processing of your personal data.

If processing has been restricted, such data – apart from storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

1.9 SSL and TLS Encryption

For security reasons and to protect the transmission of confidential content (such as orders or inquiries you send to us as the site operator), this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in your browser’s address bar from “http://” to “https://” and by the padlock icon in your browser.

When SSL or TLS encryption is enabled, any data you transmit to us cannot be read by third parties.

1.10 Objection to Promotional Emails

We hereby object to the use of contact information published in accordance with legal notice requirements for the purpose of sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited promotional material being sent, for example in the form of spam emails.

2. Data Protection Officer

We have appointed a Data Protection Officer for our organization:

DOMUS Consult Wirtschaftsberatungsgesellschaft mbH
Andreas Höbbel
Schornsteinfegergasse 13
14482 Potsdam
Phone: +49 331 743 30‑0
Email: datenschutz@domusconsult.de

3. Data Collection on This Website

3.1 Cookies

Our websites use so-called “cookies.” Cookies are small data packets that do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them or your web browser deletes them automatically.

Cookies may originate from us (first-party cookies) or from third-party providers (third-party cookies). Third-party cookies allow the integration of certain services from external providers – for example, cookies used for processing payment services.

Cookies serve a variety of purposes. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies are used for analyzing user behavior or for advertising purposes.

Cookies that are necessary for the execution of electronic communications, for providing specific functionalities you request (such as shopping cart features), or for optimizing the website (e.g., audience measurement cookies), are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimized provision of its services. Where consent for the storage of cookies and similar recognition technologies has been requested, processing is carried out solely based on that consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be withdrawn at any time.

You can configure your browser to notify you before cookies are set, to allow cookies only on a case-by-case basis, to exclude cookies either generally or in specific cases, and to automatically delete cookies when closing the browser. Disabling cookies may impair the functionality of this website.

For details on which cookies and services are used on this website, please refer to this privacy notice.

Name	Description	Duration
WordPress_test_cookie	Checks whether cookies are enabled to select the appropriate user guidance.	Session
phpSessID	The randomly generated session ID helps us improve the user-friendliness of our website. This cookie is used to recognize the user during a session and to store certain information in the cache (e.g., for forms), for example for logging in.	Session
Borlabs_cookie	Stores the selected cookie preferences.	1 year
omCookieConsent	Checks cookie usage.	1 year
_pk_ses	Temporarily stores session visit data.	13 months
_pk_id	Stores some details about the user (e.g., unique visitor ID).	13 months
prevent_browser_caching_time	Cache cookie for storing rendering/display preferences.	Session

 

3.2 Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

• Browser type and version

• Operating system used

• Referrer URL

• Hostname of the accessing computer

• Time of the server request

• IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimization of the website – server log files are required for this purpose.

4. Contact Form

If you submit inquiries to us via a contact form, the information you provide – including your contact details – will be stored by us for the purpose of processing your request and for any follow-up questions. This data will not be shared without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, provided your request relates to the performance of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively responding to inquiries (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if it has been obtained. Consent can be withdrawn at any time.

Data submitted via the contact form will be retained by us until you request its deletion, revoke your consent for storage, or the purpose for storing the data no longer applies (e.g., once your inquiry has been fully addressed). Mandatory statutory provisions – especially retention periods – remain unaffected.

Inquiries via Email, Telephone, or Fax

If you contact us via email, telephone, or fax, your inquiry – including any personal data resulting from it (e.g., name, nature of the inquiry) – will be stored and processed for the purpose of handling your request. This data will not be disclosed without your consent.

The legal basis for this processing is Article 6(1)(b) GDPR, provided your inquiry relates to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling your inquiry (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), where applicable. Consent can be withdrawn at any time.

Data you send to us through contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose of data retention no longer applies. Mandatory legal requirements – especially statutory retention periods – remain unaffected.

---

5. Hosting

We host the content of our website with the following provider:

Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4–6
32339 Espelkamp (hereinafter “Mittwald”)

For more details, please refer to Mittwald’s privacy notice:
https://www.mittwald.de/datenschutz

The use of Mittwald is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable possible presentation of our website. Where appropriate consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TDDDG, to the extent that consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Data Processing Agreement

We have entered into a data processing agreement (DPA) with the above-mentioned provider. This legally required contract ensures that this service provider processes the personal data of our website visitors strictly in accordance with our instructions and in compliance with the GDPR.

6. Social Media

6.1 LinkedIn

Our website incorporates functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Every time you access a page on our website that contains LinkedIn features, a connection to LinkedIn servers is established. LinkedIn is informed that you visited our website using your IP address. If you click on the LinkedIn “Recommend” button while logged into your LinkedIn account, LinkedIn may associate your visit to our website with your user account. Please note that as the operator of this website, we have no knowledge of the content of the transmitted data or how it is used by LinkedIn.

For more information, please refer to LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy

6.2 YouTube

Our website incorporates plugins from YouTube, a service operated by Google. The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit one of our pages featuring a YouTube plugin, a connection to YouTube’s servers is established. This informs the YouTube server which of our pages you visited.

If you are logged into your YouTube account, YouTube may directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account prior to visiting our website.

The use of YouTube is based on our interest in presenting our online content in an engaging way. This constitutes a legitimate interest under Article 6(1)(f) GDPR.

Further information on how YouTube handles user data can be found in YouTube’s privacy policy:
https://www.google.de/intl/de/policies/privacy

Each time you visit a page on our site that includes a YouTube component (video), your browser automatically initiates a request to download the corresponding YouTube content. Through this process, YouTube and Google are informed which specific page you visited.

If you are logged into YouTube at the time of your visit, YouTube can associate the visit to the exact page and the video content with your personal user account. This happens whether or not you interact with the video.

If you wish to prevent this kind of data transfer to YouTube and Google, simply log out of your YouTube account before accessing our pages.

The data protection provisions published by YouTube (Google) provide details about how personal data is collected, processed, and used:
https://www.google.de/intl/de/policies/privacy/

7. Tracking

7.1 Matomo

To design our websites in line with user needs, we use the web analytics tool Matomo. Matomo generates pseudonymized user profiles. For this purpose, permanent cookies are stored on your device and read by us. This allows us to recognize and count repeat visitors.

We also use the Matomo modules Heatmap & Session Recording. The heatmap service shows us which areas of our site users interact with most (e.g., mouse movements, clicks). The session recording service logs individual user sessions, allowing us to replay visits and analyze website use. Form entries are never recorded and are at no time visible.

Data processing is based on your consent under § 25(1) TDDDG and Article 6(1)(a) GDPR, as indicated through our consent banner. You may withdraw your consent at any time using the banner settings.

Further information on Matomo’s terms of use and privacy policy is available at:
https://matomo.org/privacy/

8. ChatBot – Wonderchat.ai

We use the chatbot Wonderchat.ai on our website to provide users with a direct communication channel and quick access to information. The service is provided by:

Wonderchat Ltd.
20 Wenlock Road
London N1 7GU
United Kingdom

Hosting & GDPR Compliance

Wonderchat is hosted within the European Union. All data is stored on servers in Frankfurt am Main, Germany, and is encrypted at rest. Wonderchat complies with the EU General Data Protection Regulation (GDPR). Since no personal data is collected through our use, no data processing agreement under Article 28 GDPR is required.

Purpose & Responsibility

Use of the chatbot is voluntary. We advise users not to enter any personal information (such as names, addresses, phone numbers, or contract data). The chatbot is intended solely for general inquiries about our services.
The responsible party for the processing of chat content under the GDPR is: [Your Company Name].

Data Processed & Retention

The following data may be processed when using the chatbot:

• Chat content (questions and responses)

• Technical access data (e.g., IP address, browser type, timestamps)

• Any voluntarily entered personal data (e.g., during support inquiries)

The retention period is determined by the chatbot operator. Once data is deleted by DOMUS as the chatbot operator, it is also removed from Wonderchat’s backups within 14 days. No data is shared with unauthorized third parties.

No Use of Cookies

According to current standards, Wonderchat does not use cookies. Instead, usage-related data is stored locally in the user’s browser (via localStorage).

Legal Basis

Data is processed based on your consent via the cookie consent banner under Article 6(1)(a) GDPR. If no consent is provided, no active data processing via the chatbot widget takes place.

Further Information

For more details on how Wonderchat handles data, please refer to their privacy policy:
https://wonderchat.io/privacy-policy

Last updated: June 2025