This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as "Data") within our online offer and the websites, functions and contents associated with it, as well as external online presences, such as our social media profile (collectively referred to as the "Online Offer"). With regard to the terms used, such as "processing" or "responsible", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). 


Jutta Funck

Funck Financial Consulting
Handelstrasse 13
63225 Langen/Hessen

Phone: +49 172 6265446
Fax: +49 6103 78372  E-mail: info(at)

Link zum Impressum: https://ffconsult/impressum

Types of data processed:

- Inventory data (e.g., names, addresses).
- Contact details (e.g., e-mail, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).

Categories of affected persons

Visitors and users of the online offer (hereinafter we refer to the data subjects collectively also as "users").

Purpose of processing

- Providing the online offer, its functions and content.
- Respond to contact requests and communicate with users.
- Security measures.
- Range measurement/marketing

Terms used

'Personal Data' means any information relating to an identified or identifiable natural person (hereinafter 'data subject'); identifiable is a natural person who is directly or indirectly, directly or indirectly, directly or indirectly, by means of an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics. which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
'Processing' means any operation carried out with or without the aid of automated procedures or any series of operations relating to personal data. The term goes far and includes virtually every handling of data.
'pseudonymisation' means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that the data are not additional information is kept separately and subject to technical and organisational measuresto ensure that the personal data is not assigned to an identified or identifiable natural person.
'profiling' means any type of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person; in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocationof this natural person.
"Responsible" means the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of the processing of personal data.
'processor' means a natural or legal person, authority, body or other body processing personal data on behalf of the controller.

Relevant legal bases

In accordance with Article 13 GDPR, we shall inform you of the legal bases of our data processing. Unless the legal basis is mentioned in the data protection declaration, the following applies: The legal basis for obtaining consents is Article 6(1) of the lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and the implementation of contractual measures as well as answering requests is Article 6(1) lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1) of the Lit. d GDPR as legal basis.


In accordance with Article 32 GDPR, we shall take account of the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, and ensuring availability. and their separation. In addition, we have established procedures to ensure the exercise of data subjects' rights, deletion of data and a response to data threats. Furthermore, we already take into account the protection of personal data in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technical design and by data protection-friendly presets (Art. 25 GDPR).

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission . e.g. if a transfer of the data to third parties, such as to payment service providers, in accordance with Art. b GDPR is required for the performance of the contract), you have agreed, have a legal obligation to do so or based on our legitimate interests (e.g. in the use of agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Article 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transmission of data to third parties, the this only if it is done in order to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we process or leave the data in a third country only if the special conditions of Art. 44 et seq. are met. GDPR. This means that the processing is carried out on the basis, for example, of special guarantees, such as the officially recognised determination of an EU-compliant level of data protection (e.g. for the USA by the "Privacy Shield") or observance of officially recognised special contractual obligations (so-called "standard contractual clauses").

Rights of data subjects

You have the right to request confirmation of whether the relevant data are being processed and for information about such data, as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
You have to do so. Article 16 GDPR has the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with Article 17 GDPR, you have the right to demand that data in question be deleted immediately, or alternatively to demand a restriction on the processing of the data in accordance with Article 18 GDPR.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Article 20 GDPR and to request their transmission to other controllers.
They also have the right, in accordance with Article 77 GDPR,to lodge a complaint with the competent supervisory authority.


You have the right to revoke consents given in accordance with Art. 7 sec. 3 GDPR with effect for the future

Right to object

You may object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. In particular, the opposition may be made against the processing for the purposes of direct marketing.

Cookies and right of objection in direct marketing

"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart can be stored in an online shop or a login status. "permanent" or "persistent" are cookies that remain stored even after the browser is closed. For example, the login status can be saved if the users visit it after several days. Likewise, such a cookie may store the interests of users used for range measurement or marketing purposes. "Third-party cookies" are cookies offered by providers other than those responsible for the online offer (otherwise, if they are only their cookies, they are called "first-party cookies").
We may use temporary and permanent cookies and clarify this as partof our privacy policy.
If users do not want cookies to
be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser's system settings. The exclusion of cookies may lead to functional limitations of this online offer.
A general objection to the use of cookies used for the purposes of online marketing may be
on the US site for a large number of services, especially in the case of tracking, or the EU side be explained. Furthermore, the storage of cookies can be achieved by means of their shutdown in the settings of the browser. Please note that not all functionsof this online offer can be used.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated in the context of this data protection declaration, the data stored by us will be deleted as soon as they are no longer necessary for their purpose and no legal retention obligations preclude deletion. Unless the data is deleted because it is necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
In accordance with
legal requirements in Germany, the storage takes place in particular for 10 years in accordance with Section 147 (1) AO, 257 (1) No. 1 and 4, paragraph 4 of the German Commercial Code (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with Section 257 (1) No. 2 and 3, paragraph 4 of the German Commercial Code (Trade Letters).
 In accordance with
legal requirements in Austria, the storage takes place in particular for 7 J in accordance with Section 132 (1) BAO (accounting documents, documents/invoices, accounts, documents, business documents, statement of income and expenses, etc.), for 22 years in the ( MOSS).

Business-related processing

In addition, we
process contract data(e.g., subject matter of contract, term, customer category).
 - Payment data (e.g., bank details, payment history)
of our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.


When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user's details for processing the contact request and processing it in accordance with Art. 6 sec. 1 lit. b) GDPR processed. Users' information can be stored in a customer relationship management system ("CRM system") or similar request organization.
We will delete the requests if they are no longer
 required. We check the necessity every two years; In addition, the statutory archiving obligations apply.

Created with by RA Dr. Thomas Schwenke





Go to top