Privacy statement for the Taxfix Services

Privacy statement for the Taxfix Services

Last update: November 2018

This privacy statement informs you of the purposes for which we collect, process and use personal data when you use the services provided by Taxfix GmbH (hereinafter the‚ Taxfix services).

1. Point of contact

The provider of the Taxfix services is Taxfix GmbH, Schwedter Straße 36A, 10435 Berlin (hereinafter: “Taxfix” or “we”). Taxfix is also responsible for the collection, processing and use of personal data of users of the Taxfix Services (hereinafter “you”) within the meaning of the EU Data Protection Ordinance (DSGVO).

You can reach us by phone at +49 30 92106949

or by e-mail: privacy@taxfix.de

For all questions regarding data protection in connection with the use of our Taxfix Services, you can also contact our data protection officer at any time. He can be reached at the above postal address as well as at the previously given e-mail address.

2. Taxfix data protection principles

  1. The protection and safe processing of your data is of utmost importance to us. We are fully aware of the highly sensitive nature of your tax related data and therefore comply strictly with any and all provisions of the European and German data protection law.

  2. The data you supply remains your data. Without your consent we will not use your data for other purposes than the ones stated in this privacy statement nor pass it on to third parties.

    The tax information you provide remains your data. We will only process your data for the purposes described in this data protection declaration.
    If you provide us with tax information in the context of the app or the website, we will only process and use it to provide you with the services described in the General Terms and Conditions in more detail, such as the preparation and, if desired, submission of the tax return (hereinafter collectively referred to as “Taxfix Services”), to invoice these services in the case of chargeable services and to make the use of the Taxfix Services more convenient and secure or to fulfil our statutory obligations if applicable.

  3. We strive to implement processing of your data in a way that is both data-minimizing and safe. Therefore, we strictly utilize current methods of encryption and limit the amount of data collected and transmitted to a minimum. Where technically possible your data is processed directly on your mobile device. Only the information required for the submission of your tax return is transmitted to us using encryption. Thus, your sign-up information is transmitted to us while your tax related data is processed directly on your device. Transmission of the latter occurs only in case you opt to submit your tax return. Your tax related data is then encrypted using sophisticated encryption methods and only then saved by us. The submission of your tax return to the tax office is done using encrypted connections as well.

3. Data processing when using our services

  1. Registration via the Taxfix app.You can download the Taxfix app from an app store and perform all steps in the app from the registration, to the entry of the tax information, to the submission of the tax return. As part of the introduction at the first start of the app, we ask you about your relationship status, your life situation, your sources of income, whether you have lived abroad, whether alimony payments have been made and whether you have earned foreign income. We will also ask you about any tax-relevant disability. We need this information in order to determine whether Taxfix services are suitable for preparing your tax return. We also ask for your e-mail address, which we use to create your Taxfix user account and contact you if necessary. This information is also called “registration data” in the following.
    We create a Taxfix user account on the basis of the registration data. We would like to point out that we use technical services (e.g. servers) provided by Google Inc. We pay careful attention to the highest technical security standards and all data is stored in Europe (see details number 7). For technical reasons, however, it may happen that the infrastructure is maintained from the USA or partly provided from there. As we process sensitive data, we also strive to ensure maximum transparency in this respect.
    At the end of the introduction, we ask you to take note of the General Terms and Conditions and this Privacy Policy. By clicking on the “Confirm” button, you also agree to the following consent:

    I agree that Taxfix will also collect and process any sensitive tax-relevant information on denomination, health and, for example, membership of a trade union, as above, in order to be able to offer Taxfix services. I can revoke this consent at any time for the future, but the Taxfix services can then no longer be used in full.

    In order to verify your email account, we will send you a confirmation email with a confirmation link. Once you have verified the email address, registration is complete.
    The registration data is used to set up the Taxfix user account and to prepare the contractual relationship. The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO.
    The registration data is stored as long as the Taxfix user account exists and is kept for a further twelve months following the closure of the account. If information on payments made has to be retained for accounting reasons, it is retained in connection with the registration data for a period of six years. The legal basis for this storage is Art. 6 para. 1 lit. c DSGVO in conjunction with § 257 HGB and § 147 AO.

  2. Registration via Taxfix-WebApp. You can also register for the Taxfix services online on our Taxfix website at www.taxfix.de and then complete and submit the tax return via the Taxfix app. A new registration in the Taxfix app is then no longer necessary, it is sufficient to register with your e-mail address and PIN. As part of the web registration process, we ask for your registration data as described in section 3.1 and create a Taxfix user account. Please note the further information in section 3.1, in particular the consent to the processing of sensitive tax-relevant data.
    In the case of web registration, your IP address is also stored in connection with the registration data and the time of registration in order to be able to document your registration completely.
    The registration data will also be used during the web registration to set up the Taxfix user account and to prepare the contractual relationship. The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO. The information on the storage period of the registration data in section 3.1 applies accordingly.
  3. Download aus einem App-Store. In order to download and install our app from an app store (Google Play, Apple AppStore), you must first register a user account with the provider of the respective app store and conclude an appropriate user contract. We have no influence on its content, in particular we are not a party to such a contract of use. When downloading and installing the app, the necessary information is transferred to the respective provider of the app store (Google or Apple), in particular your user name, your e-mail address and the customer number of your account, the time of download and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data provided if this is necessary for downloading and installing the app on your mobile device (e.g. iPhone, iPad or Android device). Beyond that, this data is no longer stored.

  4. Access security in the app. You have the option of protecting access to the app on your device with a PIN code. You can change your PIN at any time in the account settings of the app. Alternatively, you can also use the system-side iOS function Touch ID on suitable Apple devices to enable access to the app using your fingerprint. Please note that the fingerprint is not transmitted to Taxfix. The Touch ID function is designed to store your fingerprint only on your device. For more information, please refer to Apple information on Touch ID. Newer Apple devices allow unlocking using the Face ID. The Face ID data will also always remain on your device and will not be transmitted to Taxfix. For further information please refer to the Apple’s Face ID.

  5. Using the app. When using the app we collect the following technical data in order to enable the various functions of the app. This data is automatically collected from your mobile device and transmitted to us when you use the app (said data is collectively referred to as ‚user data’ henceforth):

    • Your device name (for example ‚Apple iPhone 7‘)
    • Operating system and version
    • App version
    • System language configuration
    • General device data, such as language and regional settings
    • IP address of the mobile device
    • Date and time of use
    • Application ID to identify your App installation

    In order to improve the app we receive error messages following a crash (i.e. after the app was unexpectedly terminated following a program error or the app freezes). The error messages do not contain personal data. Instead they merely contain the aforementioned technical device information as well as informational to which part of the software code caused the error.
    The usage data are logged in internal log files for a period of three months after the end of the respective access and subsequently made anonymous.
    We use the usage data and, if applicable, the error messages to enable the app to function and to detect and eliminate any security risks or malfunctions and to ensure the stability of our systems. The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO, insofar as this concerns the provision of app functions and Art. 6 para. 1 lit. f DSGVO, according to which data processing is permissible for the protection of legitimate interests, insofar as this concerns the collection and further processing of data in internal log files. Our legitimate interests are to ensure app functionality, error detection and correction, and early detection and defense against cyber attacks.

    Sign-up. When first launching the app, an introduction asks for your marital status, living situation, sources of income, whether alimony payments were made and whether you lived or had any income from abroad . You are also asked about any disabilities that may be relevant for tax purposes. We require this data in order to determine whether the Taxfix Services are suitable for generating your tax return. We furthermore ask for your email address to set up your user account and possibly contact you. We require this to send you the documents and a copy of your tax return if you so wish. This data is collectively referred to as ‘Sign-Up data’ henceforth.

  6. Entering tax informationThe app collects tax relevant data (referred to as “tax information” henceforth) via the question catalogue. It includes information on title, name, first name, marital status, employment, address, religious affiliation, occupation, employer, information from the annual wage tax statement or the most recent payroll, second household, responsible tax office, Tax identification number, education and vocational training, expenses for work equipment, job applications and professional associations, income from capital assets (if a bank statement is available), other income including income from sale of commodities but excluding income from pension schemes, insurance schemes of the user for themselves, their children or third parties, health expenses, whether the user is a surviving dependant, disabilities, nursed persons, personal information on children living in the same household (including costs, information on disabilities and whether they are surviving dependants), parents or other persons, donations, church tax, household expenses, expenses from pension schemes, permanent expenses or alimony paid to third parties and loss carryforward. The tax information can include particularly sensitive personal data on health, possible nursing costs, information on religious affiliation with regard to the church tax paid or information on trade union membership if these are relevant in each case. We explicitly point out that we process this tax information for provision of the Taxfix service exclusively. In order to provide the service we are required to utilize service providers as mentioned above.
    The tax information is principally processed directly on the mobile device and is only transmitted to us to the extent that is necessary. If for example data is in some cases not relevant for income tax purposes because certain limits are not met or exceeded, this data is not processed any further. After entering all tax information the app works out the tax load or the expected tax refund.

    We use the tax information to provide the Taxfix services and to execute the relevant contract. The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO.

    With regard to the above consent to the processing of sensitive tax-relevant data including information on religion, health or trade union membership, the legal basis is your consent pursuant to Art. 6 para. 1 lit. b DSGVO in connection with. Art. 9 para. 2 lit. a DSGVO.

    We store the tax data transferred to us completely encrypted for a period of 60 months after submission of the tax return, taking into account the deadlines for submitting tax returns in accordance with § 46 II No. 8 EStG in conjunction with § 169 II No. 2 AO. The data will then be made anonymous.

  7. Submission of the tax return.

    In order to submit the completed income tax return documents to the tax office a service contract with Taxfix needs to be concluded. Details concerning this can be found in the Terms of Service.

    The corresponding fee is paid by direct debit. Payment is processed by the external payment service provider GoCardless Ltd (Sutton Yard, 65 Goswell Road, London, EC1V 7EN, UK; “GoCardless”). GoCardless also handles repayment, invoicing and security aspects of payment transactions and abuse prevention. You have the rights described in paragraph 9 below directly towards GoCardless. Further information on data processing by GoCardless and in particular on your right to object to data processing can be found in the GoCardless data protection declaration. GoCardless receives from us the data required for payment processing (name and bank details) and informs us of the receipt of payment.
    Taxfix only saves the incoming payment in connection with the Taxfix user account in order to be able to assign incoming payments. Information on payments made will be kept for six years for accounting purposes in connection with the registration data. The legal basis for this storage is Art. 6 para. 1 lit. c DSGVO in conjunction with § 257 HGB and § 147 AO.

    Tax returns received by the tax office (Elster PDF) are displayed to the user in the app and stored for this purpose by us in connection with your Taxfix user account for as long as the Taxfix user account exists or you separately request the deletion of the PDF. In this case, however, the relevant PDFs can no longer made available. The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO.

  8. For legal reasons, submission of the tax return requires clear identification of the taxpayer. This is achieved by means of a document containing the taxpayer’s address, as well as reviewing the integrity of this information. The following documents are suited for identification: electronic annual wage tax slip, current utility bill. To use the camera in the app you need to grant the required access (see point 5.2). You then get the opportunity to review all data as well as the completed tax return. You will be asked to confirm the correctness of your entries and to authorize the submission to the tax office. You can view the submitted data at any time. As far as further documents and proof is required for your tax return you need to send these directly to the responsible tax office.
    The legal basis for data processing in the context of identification is Art. 6 para. 1 lit. c DSGVO in conjunction with § 87d para. 2 Abgabenordnung.

    Taxfix is legally obliged to provide information about who has commissioned a transmission of tax documents to the tax office. The identification data are therefore stored for the legally stipulated period of five years after the end of the year in which the documents were submitted. The legal basis for this storage is Art. 6 para. 1 lit. c DSGVO in conjunction with § 87d para. 2 Abgabenordnung.

    The tax return is submitted via the software provided for this purpose by the tax authorities (“ELSTER”). Since the receipt of the data is also connected with data protection obligations of the tax authorities, we are obliged to inform you as follows on data processing at ELSTER:

    “With this software, personal data within the meaning of Art. 4 No. 1 of the Datenschutzgrundverordnung (DSGVO) and Art. 9 para. 1 DSGVO are collected for processing purposes. In addition to the pure data required for tax assessment, the software collects data about the type of operating system of the user and transmits it to the tax authorities. These data are required to ensure the proper processing of the data and to prevent errors in the processing process. The data will be used within the scope of Art. 6 para. 1 subpara. 1 letter e in conjunction with. Para. 3 para. 1 letter b DSGVO in connection with federal or state tax laws by the tax authorities and only for the aforementioned purpose”.

    The tax authorities provide another information sheet informing you about data processing at ELSTER. The letter “Allgemeine Informationen zur Umsetzung der datenschutzrechtliche Vorgaben der Artikeln 12 bis 14 der Datenschutz-Grunddverordnung in der Steuerverwaltung” can be viewed here.

  9. Retrieval of the electronic tax return. For controlling and statistical purposes we retrieve your electronic tax return via the ELSTER Portal. This data is treated as strictly confidential and not disclosed to third parties. Storage and archiving of your electronic tax assessments are governed by Sections 3.9 and 3.2. This data retrieval is exclusively to determine any statistical differences between our forecast and the final amount of refunds in order for us to continually improve our services make them more efficient. The legal basis for this data processing is Art. 6 para. 1 lit. f DSGVO based on our legitimate interests to further optimize our product.

  10. Storage of documents. We store the tax information and the tax return in order to make next year’s tax return easier for you. The tax information and documents are encrypted and stored in Europe. We store the tax data transferred to us completely encrypted for a period of 60 months after submission of the tax return. The data will then be made anonymous. We use the tax information accordingly to provide the Taxfix services and to execute the relevant contract. The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO.

  11. Support. Should you have questions regarding the Taxfix services feel free to contact our customer support anytime. You can reach customer support via the button ‚Contact our support team’ in your account settings. The support can help you with questions concerning use of the app, web registration, general understanding, identification or how circumstances are captured in the app. You may also point us to to errors or bugs in the app. We do, however, point out that we do not provide individual tax advice and cannot answer support inquiries in that regard. Please turn to your tax advisor for tax related questions that cannot be solved by the app.

    In the Taxfix app you also have the possibility to send us a complete error log after the app has crashed. This log contains all recorded data including any sensitive tax information entered as well as technical information about the device used and the version of the app, as this is the only way to effectively troubleshoot the problem. By using the function for transmitting the error log, you agree to the transmission for the respective individual case. The error log is saved to your Taxfix user account and your support request stored there and you have the option of deleting saved error logs. An error log will be deleted or completely anonymized at the latest 12 months after transmission. The legal basis for the processing of error logs is Art. 6 para. 1 lit. a DSGVO.

    We also bring to your attention the fact that we our support ticket system is run by the external service provider Intercom, Inc. which means that for technical reasons the content of inquiries can be temporarily stored in the USA. We have entered into agreements with the provider that correspond to the European level of data protection. The service provider is also certified under the US-EU Privacy Shield. From a technical point of view, the support inquiries are transmitted using encryption. In order to prevent your tax information or sensitive facts from being processed in this way, they should not be communicated via support at all since we cannot provide tax advice as stated above. The legal basis for processing your support requests is Art. 6 para. 1 lit. b DSGVO. We store the support requests addressed to us as well as our answers for the duration of 18 months after the end of the support case for purposes of proof. The data is then automatically made anonymous.

4. Usage data analysis

In the following we explain the data processing for the purpose of the usage data analysis in the Taxfix app and during the web registration. You will find relevant explanations of data processing on our website in the Privacy Statement for the Taxfix website.

We use usage data analysis technologies to continuously improve and optimize the app and the Taxfix services, to statistically record and analyze general usage behavior and to offer you the best possible user experience. The data about the use of our app is stored exclusively pseudonymously, i.e. under a separate identifier and not using your name or other directly identifying information. The data will be kept in pseudonymised form for a period of 12 months and subsequently completely deleted or made anonymous. The legal basis for the analysis of usage data in the form of the data processing described below is Art. 6 Para. 1 S. 1 lit. f DSGVO, based on our legitimate interest in the demand-oriented design and continuous optimisation of our app and service. You can object to data collection for the purpose of usage data analysis (opt-out) by activating the slider at the end of this file

Adjust. We use a software solution from Adjust GmbH for usage analysis. The events and functions triggered in the app as well as the navigation in the app are collected and evaluated anonymously. The collected IP and Mac addresses and their unique device identification (so-called identifiers, e.g. in the form of the Apple AdvertisingID) are immediately anonymized by Adjust, so that no conclusion about your person is possible. The information is used to compile evaluations of the general, non-personal usage behavior in relation to the Taxfix Services for us and thus to enable our own market research and the demand-oriented design and further development of our app. This statistical usage analysis is not used for advertising purposes and no advertising is controlled by this. You can object to the data processing described above by using the above opt-out option.

For more information about Adjust, see the following link: https://www.adjust.com/privacy-compliance/

Segment.io. We also use Segment.io, a service of Segment.io, Inc, (101 15th St, San Francisco, CA 94103, USA), (‚Segment’) for usage analysis. The service helps us to collect, analyze and interpret by way of the technologies described in this section any technical usage data arising during the use of our app. We then use this to improve the user experience of our app. The collected usage data is processed in a pseudonymized way. IP addresses and IDFA or Google AdvertisingID respectively are shortened upon collection and are not used to connect user profiles to personal data. Any pseudonymized usage data concerning usage of our app are usually transmitted and stored to a Segment server in the USA. Segment explicitly contractually assures us of compliance with European data protection laws. You can object to the data processing described above by using the above opt-out option.

UXCam. We also use UXCam, a UXCam Inc. service (6250 Cypress Avenue, El Cerrito, CA, 94530, USA), (“UXCam”) to analyze the user experience, which helps us understand how the Taxfix app’s user interface is used. For this purpose, technical usage data that is generated during the use of the app as well as user interactions are recorded and subsequently evaluated in order to further optimize the user interface. The recorded usage data is only processed pseudonymously. No contact data, recorded images (e.g. for wage tax certification) or other directly identifying data are collected when using the Taxfix app via this service. The pseudonymous information about the interaction with the app is usually transferred to a server in the USA and processed there. UXCam assures us the compliance with the European data protection regulations by contract, UXCam is also certified according to the EU-US-Privacy Shield. The above opt-out option allows you to object to the data processing described above.



Fullstory. We also use FullStory, a service of FullStory, Inc. (120 Ottley Dr., NE, Ste. 100, Atlanta, Georgia 30324, USA), (“FullStory”) to analyze the user experience, which helps us to understand how the user interface of the Taxfix services on our website is served. For this purpose, technical usage data that is generated when using the web registration and Taxfix services on the web as well as user interactions are collected and subsequently evaluated in order to further optimize the user interface. The recorded usage data is only processed pseudonymously. No contact data, uploaded pictures (e.g. for wage tax certification) or other directly identifying data are collected when using the Taxfix services via this service. The pseudonymous information about the interaction with the Taxfix services via the website is usually transferred to a server in the USA and processed there. FullStory expressly assures us by contract that it will comply with European data protection regulations; UXCam is also certified according to the EU-US-Privacy Shield. Using the above opt-out option, you can object to the data processing described above.

5. Requested permissions when using the Taxfix app

Certain functions of the app require access to services and data of your mobile device. In order to use all functions of the app you must grant the required access permissions. In the following, we explain which permissions the Taxfix Services requests and which functions they are required for.

  1. iOS
    1. Notifications / Push notifications. If you click ‘Enable’ after being asked ‘If you enable push-notifications, Taxfix will remind you about important tax deadlines.’ you are giving the app permission to alert you to certain events and topics (especially filing deadlines and other tax relevant matters) by sending you push notifications even if the app is currently not open on your device. Notifications can be delivered through sounds, messages (for example screen banners) and/or symbols (a picture or number on top of the app icon). You can find further information on push notifications and your configuration options under point 6.

    2. Camera and photo access. If you click ‘Enable’ after being asked ‘Give us permission to access your camera’ you are granting the app permission to your photo gallery for uploading an identification document. To take a photo of the document using your camera directly within the app we require permission to access your camera. You can grant this by going to your app settings (‘Settings’, then ‘Privacy’ and then ‘Camera’). The app may send you an appropriate notification in case access is needed: ‘Please give us permission to access your camera’. The permission to access your camera and photo gallery is used exclusively for the purpose of obtaining a picture for identification. Only the photo you supply or take pursuant to the Identification process described under point 3.4 is processed. The photo and camera function are not used further. Via your mobile devices’ settings (‘Settings’, then ‘Privacy’ and ‘Camera’) you may revoke this permission at any time.

  2. Android
    1. Access to all networks. During installation, this authorization is requested to enable the app to transfer data via the Internet connection of your end device (WLAN or data connection). This authorization is required in order to transfer your entries to our servers during registration, for example.

    2. Camera access. The authorization is queried to enable you to photograph your wage tax statements and thus quickly enter the tax-relevant data. The app will only access the camera if you select this function in the app.

    3. Save data sets to memory or SD cards. This authorization is required to enable the app to store or read the data for its tax return in the memory or, if necessary, in an auxiliary memory used on your mobile device. The app will only read out the data saved in connection with the use of the Taxfix Services.

6. Configuring push notifications of the Taxfix app

  1. iOS
  2. To be reminded of certain events and topics (such as filing deadlines for your tax return) via push notifications (also called ‘notifications’ by iOS) even when the app is closed on your device, you need to grant the necessary permission (see point 5.1). You will be asked for this permission when you open the app for the first time to sign up or log in. Without your consent, which you give by clicking the button ‘Enable’ we cannot send you push notifications. You can change the permission regarding push notifications in your iOS settings and turn the notifications on or off at a later time.

    Open the ‘settings’ app in iOS and select ‘notifications’ from the menu. In the following menu you will find an overview of all apps that are installed to your device and that have been granted permission to send you push notifications. Select the Taxfix Services. You can now turn push notifications on or off. You also have the opportunity to adjust how push notifications are displayed by the Taxfix Services.

  3. Android
  4. When installing the app, you will be asked to grant permission to receive push messages so that you can receive push messages even if the app is not currently open. To prevent the app from displaying push messages, please open the “Settings” app in the main menu of your device and select “Apps” (or “Application Manager”) in the following menu item. There, you will find an overview of all apps installed on your device. Select the Taxfix Services and then “Permissions”. You can then turn the push message function on or off using the switch.

7. Data security and place of processing

We employ state-of-the-art technical measures to ensure the security of your data. Our security measures are constantly adapted to technological progress. When the device that the Taxfix app is installed on is locked, all data stored on it are encrypted. Thus if you activated automatic locking on your device, it will be harder for unauthorized persons to access your data. Actual protection levels depend on the choice of your PIN of your device and its length (four or six digits). Further information on hardware encryption can be obtained via Apple’s iOS security guidance. The data in the app can be protected from unauthorized access by means of a PIN or Touch ID as stated in 3.2. Apple also provides further information about Touch ID advanced security technology. For information about the security of your Android device, please refer to your manufacturer’s support pages. Communication between your mobile device and our servers is conducted using SSL encryption. We strictly monitor the service providers we use and are shown proof of compliance for the assured security standards via current certification. Your data is principally stored encrypted (AES-256-CTR) in a European computer center and in accordance with high security standards. The computer center employs state-of-the-art technical security measures and is certified under the ISO 27018 standard. As far as third countries are involved in the exceptional cases described in this privacy statement (in case of of server maintenance or support inquiries), technical levels of data security nonetheless correspond to European standards to full extent. In any case, any data processing in third countries shall be carried out in compliance with the guarantees provided for this purpose by law.

8. Transmissions

The data collected by us will only be passed on if:

  • you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 f DSGVO is necessary to assert, exercise or defend legal claims and there is no reason to assume that there is an overriding interest worthy of protection in not disclosing the data,
  • we are legally obliged pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO to pass on or
  • this is legally permissible and is required under Art. 6 para. 1 sentence 1 lit. b DSGVO for the processing of the contractual relationship or for the implementation of pre-contractual measures that are taken at their request.

Part of the data processing described in this data protection declaration may be carried out by our service providers. In addition to the service providers mentioned in this data protection declaration, this may include data centers that store our databases, IT service providers that maintain our systems, and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of the persons concerned and are regularly monitored by us.

In addition, it may be disclosed in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

9. Your rights

You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing and provide you with an overview of the data stored about you as part of the provision of information.

If data stored with us is incorrect or no longer up-to-date, you have the right to have this data corrected.

You may also request that your data be deleted. If, in exceptional cases, deletion is not possible due to other legal regulations, the data will be blocked so that they are only available for this legal purpose.

You may also have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data transferability, i.e. we will send you a digital copy of the personal data you have provided on request.

In order to exercise your rights as described here, you may contact us at any time at the contact details mentioned in paragraph 1 above. This also applies if you wish to receive copies of guarantees to prove an adequate level of data protection.

In addition, you have the right to object to data processing based on Art. 6 para. 1 sentence 1 lit. e or f DSGVO. Finally, you have the right to complain to our data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working or suspected of infringing. The responsible supervisory authority in Berlin: Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Friedrichstr. 219, 10969 Berlin.

10. Right of revocation and objection

In accordance with Article 7 (2) DSGVO, you have the right to revoke your consent to us at any time. As a result, we will not continue processing data based on this consent in the future. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

If we process your data on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO, you have the right under Art. 21 DSGVO to object to the processing of your data and to give us reasons which arise from your particular situation and which in your opinion indicate that your interests worthy of protection predominate. If you object to data processing for direct marketing purposes, you have a general right of objection, which we will implement without giving reasons. You can also exercise your right to object to the processing of usage data via the opt-out switch as described in section 4.

If you would like to make use of your right of revocation or objection, an informal message to the above-mentioned contact data is also sufficient.

11. Changes

Taxfix reserves the right to alter this privacy statement. The Terms of Service apply accordingly. You can view the current versions of Taxfix’s privacy statement and terms of service at any time in the account settings of the app.

Version: 2.3 / As of November 2018