Privacy Policy

We, Crowe Kleeberg IT Audit GmbH, would like to inform you by means of the following data protection declaration which personal data, to what extent and for what purpose are collected, processed and used when you visit our website.

We take data protection seriously

General Information

Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person. This includes information such as name, address, telephone number or e-mail address. Information that is not directly associated with your real identity (e.g. number of users of a page) is not personal data.

Please refer to our imprint for those responsible pursuant to Art. 4 Para. 7 of the EU Basic Data Protection Regulation (DS-GVO). Our data protection officer is Mr. Michael Benz. You can reach him by e-mail at or by telephone at +49 (0)89-55983-0.

Collection of data when contacting us

When you contact us by e-mail or via one of the contact forms, the data you provide (in particular your name and e-mail address) will be stored by us in order to process your request and answer your questions. The legal basis for the processing is based on Art. 6 para. 1 lit. f DS-GVO, the legitimate interest to answer your request.

There is no recipient other than the person contacted by you in our company or the person resulting from the subject of the contact form. A transfer to a third country does not take place. Likewise, there is no automated evaluation or decision-making on the basis of your data. We delete the data arising in this connection after storage is no longer necessary or restrict processing if there are legal retention periods.

Collection of personal data when you visit our website

You can visit our website without providing any personal information.

When you visit our website, you transmit data to our web server via your Internet browser for technical reasons. This data includes:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested.
  • Web browser and operating system used
  • IP address of the requesting computer
  • Transferred data volume

This data will only be used to provide the internet offer

This website uses the web analysis service Matomo (formerly Piwik) to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 lit. f DS-GVO (justified interest in the statistical analysis of user behaviour for optimisation and marketing purposes).

Cookies are stored on your computer for this evaluation. The information collected in this way is stored exclusively on the responsible person’s server in Germany; it is not transferred to a third country or any other recipient.

You can adjust the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. The prevention of the storage of cookies is possible by the setting in your browser. It is possible to prevent the use of Matomo by removing the following check mark and thus activating the opt-out plug-in:

Here you can decide whether a unique web analysis cookie may be stored in your browser in order to enable the operator of the website to collect and analyse various statistical data. If you wish to opt out, click the following link to place the Matomo deactivation cookie in your browser.

Your visit to this website is currently recorded by Matomo Web Analytics. Click on the following checkbox so that your visit is no longer recorded.

This website uses Matomo with the extension “AnonymizeIP”. This means that IP addresses are shortened for further processing and direct personal references can be excluded. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

The program Matomo is an open source project. Information from the third party provider on data protection can be found at

Use of Google Adwords

We use the services of Google Adwords to draw attention to our attractive offers with the help of advertising media (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In doing so, we pursue the interest of showing you advertising that is of interest to you, of making our website more interesting for you and of achieving a fair calculation of advertising costs.

These advertising media are delivered by Google via so-called “Ad Servers”. We use ad server cookies for this purpose, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords stores a cookie in your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an AdWords customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may recognize that the user clicked on the ad and was directed to that page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating AdWords, Google receives the information that you have accessed the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with. If you are registered with Google or have not logged in, it is possible for the provider to find out your IP address and save it.

You can prevent participation in this tracking procedure in various ways, but in this case you may not be able to make full use of all the functions of this offer:

  • by setting your browser software accordingly, in particular by suppressing third party cookies, you will not receive any advertisements from third parties;
  • by deactivating the cookies for conversion tracking by setting your browser to block cookies from the domain “”,, whereby this setting is deleted if you delete your cookies;
  • by disabling the interest-based ads of the providers that are part of the “About Ads” self-regulatory campaign through the link, this setting being deleted when you delete your cookies;
  • by permanently disabling it in your Firefox, Internet Explorer or Google Chrome browsers at the link

The legal basis for the processing of your data is Art. 6 Para. 1 S. 1 lit. f DS-GVO. Further information on data protection at Google can be found here: and Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at . Google has submitted to the EU-US Privacy Shield,

E-Mail / Cloudbased Services

For the handling of e-mail communication with clients and other business partners, we use cloud-based Microsoft 365 online services, in particular Exchange online, as well as, within the Crowe-Kleeberg Group and for communication with selected clients and business partners, the services Teams and SharePoint online, to enable up-to-date and secure information and data exchange.

When implementing and operating the cloud-based services, we attach great importance to the fact that the data is stored in data centers in Germany and that support is provided by German service providers wherever possible. In this way, we ensure that the data protection regulations applicable in Germany, in particular the DS-GVO, are observed in electronic data processing and guarantee operation in accordance with the professional secrecy obligations for tax consultants and lawyers.

The implementation was preceded by a comprehensive risk assessment together with our data protection officer. Within the framework of our data protection obligations, we also monitor these processing activities in regular internal data protection audits.

E-Mail / further notes

If you wish to send us an e-mail, please note that unencrypted e-mails sent via the Internet are not sufficiently protected from unauthorized access by third parties.

If you send us applications by e-mail, we will use this data exclusively for processing your application. As part of the application process, we will forward your data to the employee responsible for the application. Your data will not be used for any other purposes not related to the application process, and in particular will not be transferred to third parties.

After completion of the application procedure and the associated legal deadlines, we delete your application data.

Your rights

You have the following rights against us with regard to your personal data:

  • Right of information
  • Right of rectification or deletion
  • Right to limitation of processing
  • Right to object to the processing
  • Right to data transferability

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.


In the case of links on our website to external companies or other third parties, Kleeberg is not responsible for the data protection requirements or the content of these websites.

We reserve the right to make additions or changes to this privacy statement. The current status of this declaration is dated 06 March 2019.

Email Encryption

We have also decided to introduce an encryption system in our law firm for e-mail communication, insofar as this involves the exchange of sensitive data.

The Procedure

When we encrypt and send a message for you, you will receive an email notification with an attachment in HTML format. The notification only contains a general indication that a secure email has been sent to you. Double-click on the attachment to open your Internet browser and access our portal. After selecting your language and confirming with ‘ok’, the registration window opens. Enter your password and click on ‘Login’.

The very first time, you will receive a password from us, which will be sent to you separately – by telephone, SMS or fax. Also only the first time a registration form opens at this point where you can save a password of your choice for all future registrations. You can also enter a security question and its answer, which you can use to create a new password if you have forgotten the old one.

By entering your password you open the encrypted mail and its attachments. With the menu item ‘Save as’ you can download the decrypted mail – as Outlook mail, other e-mail or as pdf – to your computer (where it is usually stored in the folder ‘Downoad’); an Outlook mail file (msg) can then be dragged and dropped from the Download folder directly into your inbox or a subfolder of your inbox. You can also use the reply button to send us an encrypted reply.

The alternative: your own certificate

Encrypted mail exchange is much easier if you purchase your own certificate – or already use one – and use it to deposit your public key with us. Then you can read incoming encrypted mails directly and send encrypted mails directly from your mail program to us without having to take the detour via our portal. This is an advantage primarily if you or your organisation operates its own e-mail server.

The two common standards here are S/MIME (predominantly in the commercial sector) and PGP (in the private sector). Our system can process both variants.

If you already have an S/MIME certificate, it is sufficient to send us a signed e-mail. If you already have a PGP key, your public key can be uploaded via our portal. Please contact us so that we can support you in this process.