When using the platform of oneHive Software UG (limited liability) & Co. KG (hereinafter "oneHive"), personal data of the users (hereinafter "User") of the platform processed. The users must therefore be informed about the processing of their personal data (transparency of data processing, Art. 5 Para. 1 lit. a DSGVO). There are comprehensive information obligations towards the various users of the platform (Articles 12-14 GDPR).

The obligation to provide information applies to the respective person responsible for data processing. The person responsible for data processing is the body that decides on the purposes (the "why") and the means (the "how") of a data processing operation. In the present case, oneHive acts as the operator of the platform partly as the person responsible for some data processing operations (e.g. log files, cookies), but partly as a processor on behalf of another person responsible (e.g. customers, tax consultants). With regard to those data processing operations for which oneHive acts as a processor, an order processing contract corresponding to the requirements of Art. 28 Para. 3 DSGVO would have to be concluded with the respective person responsible (e.g. customer, tax consultant), in which the essential rights and obligations of oneHive as a processor are regulated.

The following data protection declaration refers to the various data processing procedures in connection with the use of the platform and differentiated between the various persons responsible.

Status: 07/07/2021

When using our platform, personal data may be processed by users within the meaning of the General Data Protection Regulation (GDPR). In this respect, users are all persons who use our platform.

The present data protection information relates to the use of our platform by private individuals, companies and tax consultants and, if applicable, their employees. As the operator of this platform, we are only partially responsible for data processing within the meaning of the General Data Protection Regulation. In some cases, the responsibility lies with the companies or tax consultants.

In the following we provide information about the various data processing methods and the rights of the users concerned:

I. Data processing by oneHive

The following information in this section relates to such data processing operations on our platform that are directly subject to our area of ​​responsibility in terms of data protection law. In particular, these are technical data processing operations that are directly related to the use of our platform via a web browser.

I. Responsible for data processing

oneHive Software UG (limited liability) & Co. KG (hereinafter: "oneHive" or "we")

An der Schmeilt 2

40885 Ratingen

Telefon: 015678 387064

E-Mail: contact@onehive.app

2. Data Protection Officer

Martin Wagner

c/o EKP Engel, Kronenberg & Partner Steuerberater/ Rechtsanwälte mbB

At the planks 57

40885 Ratingen

Telefon +49 2102 3027 0

Telefax +49 2102 3027 500

https://www.e-k-p.de/

3. Purpose and scope of data processing

a. server log file

When using the platform, the web server on which the platform is operated ("hosted") is accessed at the same time. So-called server log files, which record the individual server accesses, are automatically created on the web server. In this respect, the following personal data are processed:

1. IP-Address

2. Date and time of the request

3. Requested web content (web page, URL)

4. Status code of the request

5. Size of the requested data

6. Starting point/Referrer of the request

7. Browser, operating system and interface of the requesting user

The data is processed for the purpose of providing the web content of the platform and for the purpose of proving the proper functionality of the platform in the event of legal claims being asserted by third parties (Art. 6 Para. 1 lit. b, lit. f GDPR). Our legitimate interest in accordance with Article 6 Paragraph 1 Letter f GDPR lies in being able to make the content of our platform accessible to our customers and marketing agencies, to identify potential technical problems and to remedy them as quickly as possible and to prevent misuse of the offer (e.g. fraud prevention in the case of SlowAttacks, i.e. long-lasting, abusive attacks on our platform; in the case of abuse of hacked accounts). In addition, we have a legitimate interest in storing the collected data for some time in order to be able to prove the proper functionality of the platform. Insofar as this data processing is carried out to protect these legitimate interests, users have the right to object to the data processing if the respective requirements are met (Article 21 GDPR).

The provision of the data is necessary so that we can provide our customers and marketing agencies with the content of our platform. It is not possible to use our platform without data processing. The data will be deleted as soon as they are no longer required to achieve the respective purpose of their processing, but no later than 6 months from the collection of the data. The data collected will be passed on to the operator of the web server, Google Commerce Limited, for storage purposes.

b. Cookies and Similar Technologies

Various cookies and similar technologies (hereinafter: ’Cookies’) are used on our platform. Cookies are small text files with which information can be stored on the user’s end device using the web browser or information that has already been stored can be called up. The following cookies are used on our platform:

aa. Technically Necessary Cookies

The following cookies are used on our platform for necessary technical reasons:

bb. Statistics

Third Party

c. Registration by private individuals

When private individuals register on our platform, we process the following personal data:

1. First name, Last name

2. Address (street, house number, postal code, city)

3. Telephone number

4. E-Mail Address

5. Username

6. Password

Insofar as it is necessary to provide the data, the data is processed for the purpose of fulfilling the contract (Art. 6 Para. 1 lit. b GDPR), otherwise with regard to the voluntary information on the basis of consent (Art. 6 Para. 1 lit. a GDPR). The data provided voluntarily can be deleted at any time. The data is stored until individual voluntary information or a user account as a whole is deleted by a user. In addition, we store this data for a period of 10 years (due to statutory retention requirements). The data will then be deleted.

This data will only be passed on (e.g. to tax consultants) if users give us their consent.

d. Registration by company

When companies register on our platform, we may process the following personal data:

1. First name, Last name

2. Address (street, house number, postal code, city)

3. Telephone number

4. E-Mail Address

5. Assigned user role

6. Username

7. Password

Insofar as the provision of data is required, the data is processed for the purpose of fulfilling the contract (Art. 6 para. 1 lit. b DSGVO), otherwise in relation to the voluntary information on the basis of consent (Art. 6 para. 1 lit. a DSGVO). The voluntarily provided data can be deleted at any time. The data is stored until individual voluntary details or a user account as a whole is deleted. In addition, we store this data for a period of 10 years (due to legal retention obligations). Afterwards, the data will be deleted.

The data may be shared with the following recipients:

1. tax advisor designated by the company

2. other lots registered by the company such as a scanner service.

e. Accountant Registration

If tax consultants register on our platform, we may process the following personal data:

1. First name, Last name

2. Address (street, house number, postal code, city)

3. Telephone number

4. E-Mail Address

5. Assigned user role

6. Username

7. Password

Insofar as it is necessary to provide the data, the data is processed for the purpose of fulfilling the contract (Art. 6 Para. 1 lit. b GDPR), otherwise with regard to the voluntary information on the basis of consent (Art. 6 Para. 1 lit. a GDPR). The data provided voluntarily can be deleted at any time. The data is stored until individual voluntary information or a user account is deleted altogether. In addition, we store this data for a period of 10 years (due to statutory retention requirements). The data will then be deleted.

The data may be passed on to the following recipients:

II. Company data processing

If companies use our platform for the purpose of personnel administration or for communication and cooperation with tax consultants, personal data of data subjects, in particular the employees of the company, will be processed. In particular, the respective company is responsible for the various data processing operations (if necessary also the tax consultant commissioned in each case). As the operator of the platform, we only act on behalf of this (order processing, Art. 4 No. 8, Art. 28 GDPR) and are not responsible under data protection law. Without a corresponding instruction, we ourselves do not pass on any personal data to third parties.

Affected persons (e.g. employees) can obtain further information on individual data processing operations, in particular on the purposes and scope, from the respective companies (or, if applicable, tax consultants) who are responsible for specific data processing operations.

III. Data processing by tax consultants

1. Commissioning by private individuals

If private individuals commission a tax consultant via our platform, the commissioned tax consultant is responsible for data processing within the scope of the execution of the order. As the operator of the platform, we only act on behalf of the commissioned tax consultant (order processing, Art. 4 No. 8, Art. 28 GDPR) and are not responsible under data protection law.

If users commission a tax consultant via our platform, the latter may collect and process the user’s personal data for the purpose of carrying out the respective order. We do not pass on any personal data of users to tax consultants unless users give us their consent (Art. 6 Para. 1 lit. a DSGVO).

Users can obtain further information on the individual data processing operations, in particular on the purposes and scope, from the tax consultant commissioned in each case.

2. Commissioning by companies

If companies use our platform, some personal data (e.g. of the employees of the company) will be processed. Responsible for the various data processing operations is in particular the commissioned tax consultant (if necessary also the commissioned company). As the operator of the platform, we only act on behalf of this (order processing, Art. 4 No. 8, Art. 28 GDPR) and are not responsible under data protection law. Without a corresponding instruction, we ourselves do not pass on any personal data to third parties.

Further information on the individual data processing operations, in particular on the purposes and scope, can be obtained from the respective tax consultants who are responsible for specific data processing operations.

IV. Data Subject Rights

Users whose personal data is processed on this platform have the right to receive information from the person responsible (see above) at any time about their processed personal data (Article 15 GDPR), their correction (Article 16 GDPR), To request deletion (Article 17 GDPR) or restriction of processing (Article 18 GDPR). In addition, there is a right to data portability (Art. 20 GDPR).

Under certain circumstances, there is also the right to object to the processing of personal data (Art. 21 GDPR).

If personal data is processed on the basis of consent (Art. 6 Para. 1 lit. a, Art. 9 Para. 2 lit. a GDPR), users have the right to withdraw their consent at any time with effect for the future. The legality of the data processing carried out on the basis of a given consent until the revocation remains unaffected.

Users also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for oneHive is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, telephone: 0211/38424-0, e-mail: poststelle@ldi.nrw.de, website: www.ldi.nrw.de.

V. Automated Decision Making

We do not carry out any automated decision-making within the meaning of Art. 22 GDPR.