Last updated: July 2023
Taxfix SE (“Taxfix”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data. As part of our mission to simplify the tax filing system for our users (“you” or “your”), it’s important to us that you feel comfortable and trust us with your personal data when you use our services (collectively, the “Services”). Please take a few minutes to read this privacy policy (this “Privacy Policy”) and our Cookie Policy, which applies to your use of our website www.taxfix.de and the Services accessible through our website and our mobile based apps (collectively, “Apps” and each, an “App“), so that you understand what kind of information we collect about you, how we use that information and why. This Privacy Policy also explains what kind of rights you have regarding our processing of your data.
A. Contact
As the provider of the Taxfix Services, we are responsible for the processing of your personal data, as defined in the EU General Data Protection Regulation (“GDPR”). Our contact details are as follows:
Taxfix SE
Köpenicker Str. 122
10179 Berlin
[email protected]
(T) +49 30 92106949
You can reach our data protection team at the e-mail address above. In addition, we have appointed a Data Protection Officer (“DPO”) who acts on behalf of Taxfix in supporting our compliance efforts in relation to the processing of personal data. Our DPO can be reached at the above postal address (Attn: DPO).
B. Third Party Links
Our website may, from time to time, contain links to or from partner websites or other third-party sites. These sites and any services that may be accessible through them have their own privacy policies. As we are not responsible for the privacy practices of these sites, we recommend that you review their privacy policies before submitting personal data to them.
C. General Purposes and Legal Bases
When we use the term “personal data”, we are referring to any information that can be used, directly or indirectly, to identify you personally. We process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) if at least one of the following applies:
- Performance of Contractual or Pre-Contractual Measures. The data processing is needed for the performance of a contract to which you are party or in order to take the steps requested by you prior to entering into a contract (Art. 6 (1) lit. b GDPR). Data processing that falls under this category is done when requested by you and can include performing transactions, customer support, requirement analysis and processing your tax-related data needed for your tax declaration in order to fulfill our Service Agreement with you.
- Consent. Where you have agreed to the processing of your personal data for one or more specific purposes, such data processing by us is permitted on the legal basis of your consent (Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR). Your consent is revocable at any time. Where you revoke your consent, we will not process your personal data on the basis of your consent following your revocation.
- Legitimate Interests. The data processing is needed for the purposes of the legitimate interests pursued by us Taxfix, the controller, or a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6 (1) lit. f GDPR). Data processing that falls under this category can include marketing or market and opinion analysis, ensuring IT security, assessment and optimization of processes, analyzing and improving our products and services, enhancing your user experience, enforcement of claims or defenses in legal proceedings and developing our Services and App.
- Legal Compliance. The data processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 (1) lit. c GDPR). We are subject to several legal obligations that necessitate certain data processing activities. This includes verification of your identity, prevention of fraud and upholding our control and reporting obligations.
- Processing on Behalf of Taxfix. In several instances, we engage service providers and processors to process personal data on our behalf under Art. 28 GDPR. The data processing that falls under this category is carried out pursuant to a separate agreement with the respective processor. We ensure that this agreement contains sufficient protection and guarantees for the protection of your personal data and your rights with respect to that data, in each case in compliance with the GDPR.
D. Requested Authorizations When Using the App
For some functions, the App requires access to certain services and data on your mobile device, which you will be asked to authorize. This section explains which access authorizations are required to use the App on iOS and Android devices and why.
- iOS.
- Notifications / Push Messages. Certain technical data is automatically collected and transmitted to us by your browser when you access our website. Such information includes data about your internet browser, operating system, IP address, time of the page request, referrer URL, device information, session information, size of the requested file and any status or error codes. The information is logged in server log files, which we process in order to ensure the functionality of our website, gather statistical information about the use and development of our website, and for general data security and error analysis purposes. With respect to ensuring the functionality of our website, the basis for our data processing is Art. 6 (1) lit. b GDPR (i.e. contractual or pre-contractual measure). With respect to monitoring for data security and error analysis, the basis for our processing is Art. 6 (1) lit. f GDPR (i.e. legitimate interests).
- Registration Data. By choosing “Allow” when asked whether the App can send push notifications to your advice, you are authorizing the App to notify you of certain events such as deadlines for filing your tax return or other tax-relevant topics by means of push notification even when you are not using the App. The App may push notifications with a tone, message (e.g. in the form of a screen banner) or symbol identifier (a picture or number on the App icon). You’ll be asked to authorize push notification the first time you call up the App and register or log in. You can adjust or customize your permission settings for push messages under “Settings” > “Messages” and selecting the Taxfix App on your device.
- Camera and Photo Access. By choosing “Allow” when asked whether the App can access your photos, you are allowing the App to access your mobile device’s photo library in order to upload a photo of your identification document or income. In order to take a photo of your identification document or payslip directly in the App via your mobile device camera, you’ll need to grant additional access to your camera, which you can do so under “Settings” > “Privacy” > “Camera” on your device. Your grant of access rights to your camera and photos are exclusively for purposes of verifying your identification card. As such, only the photo(s) you select or take with your camera will be processed and there will be no authorized use of the photo and the camera function. You can revoke your access permissions at any time by adjusting your mobile device settings.
- Android.
- Push Messages. When installing the App, you will be asked to grant permission to receive push messages from the App when you are not using it. You can prevent the App from displaying push messages by navigating to “Settings” > “Apps” (or “Application Manager”) on your device. There you will find an overview of all applications installed on your device. Select the Taxfix App and under “Permissions” you can switch on or off the push notification function.
- Access to all Networks. During installation, access to all networks is requested in order to enable the App to transfer data via Internet connection of your end mobile device (WiFi or data connection). This authorization is needed to transfer your entries to our servers, for example, as part of the registration process.
- Camera Access. This authorization is requested in order for you to photograph your income tax statement and identification in the App and in this way record your tax-relevant information quickly and seamlessly. The App will only have access to your camera if you select this function in the App.
- Save Records to Memory or SD Cards. This authorization is required to enable the App to store or retrieve the data for its tax return in the memory or, if necessary, in an additional memory used by your terminal device. The app only reads the data that was stored in connection with the use of the Taxfix services.
F. How We Protect Your Data
- Security Measures. We maintain state-of-the-art technical measures to secure your personal data from accidental loss and from unauthorized access, use, alteration and disclosure. All transactions, regardless of their nature, are encrypted using SSL technology. The information you provide to us is generally stored in a computer center located in Europe in accordance with high security standards and is encrypted (AES-256-CTR). Our data center is equipped with state-of-the-art technical security measures and is certified in accordance with ISO 27018 standards and guidelines. We carefully select and regularly monitor our service providers, who are instructed by us and required to ensure that any data processing including transfers to third countries is subject to stringent technical security measures compliant with European standards. Furthermore , our Information Security Management System is ISO/IEC 27001 certified.
- PIN Protection. You can protect access to the App on your device with a PIN code. You can change your PIN at any time in the account settings in the App. Where you have chosen a PIN code for access to the App, you are responsible for keeping this confidential and we ask you not to share it with anyone. Please note that your PIN is unique to your browser session and/or mobile device. If you wish to access your account from a new mobile device or in a new browser session, you will be asked to verify your email address and you will be sent an additional security access code in order to do so. Alternatively, you can also use the system-side Touch ID function on suitable Apple devices to enable access to the Taxfix App or the Taxfix WebApp using your fingerprint. Please note that neither your fingerprint nor biometric information is transmitted to Taxfix. Please consult Apple’s Touch ID information or Apple’s Face ID information for more details.
G. External Transfers
- Transfers to Third Parties. As mentioned elsewhere in this Privacy Policy, in order to provide the Services, we transfer your data to the tax authorities upon your request and in certain cases, to our third-party service providers, including our hosting providers, payment providers, IT service and development providers. Your personal data will only be passed on or transmitted to third parties insofar as is necessary for our contract with you, if we have a legitimate interest, if you have given your consent, or insofar as we are legally required to do so. Our service providers receive personal data solely for the performance of their services for us and are contractually obliged not to use personal data for other purposes.
- Transfers to Third Countries. Should any processing of your data take place outside of the EU, this will be done in compliance with Art. 44 GDPR – namely, on the basis of an appropriate transfer mechanism (e.g. standard contractual clauses in the respective data processing agreement with the relevant third party).
H. Your Rights Under the GDPR
- Data Subject Rights. As the data subject, you have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure of your personal data (Art. 17 GDPR), the right to restriction of processing of your personal data (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). Please note, that the restrictions of Sections 34 and 35 BDSG apply to your right of access and erasure. You also have the option to file a complaint against the processing of your personal data with a supervisory authority, in particular in the member state of your residual residence, place of work or place of the alleged infringement.
- Right of Revocation. If you have given your consent to the processing of your data, you can revoke your given consent at any time pursuant to Art. 7 (3) GDPR and we will no longer continue any such processing that is based on your consent moving forward. Note that such revocation will not affect the legality of any processing carried out on the basis of your consent up to the point of revocation.
- Right to Object. You can object to the processing of your personal data insofar as we base such processing on the balance of legitimate interests under Art. 6 (1) lit. f GDPR. This is the case in particular if the processing is not necessary for the fulfillment of a contractual obligation or for compliance with our legal obligations. In case you wish to object, we kindly ask you to provide an explanation of the reasons for the objection against the processing of your personal data, so that we may examine and assess the situation, and either discontinue or adapt the data processing, or point out to you our compelling legitimate reasons based on which we continue the processing of your data. You may, of course, object to data processing for the purposes of advertising or direct marketing at any time. In this case, please send a message to [email protected].
I. Amendments
We keep this Privacy Policy under regular review and reserve the right to make changes to this Privacy Policy. If we do amend this Privacy Policy, these changes will be posted on this page and, where appropriate, notified to you by e-mail or when you start the App to use our Services. You may be required to read and acknowledge the changes in order to continue your use of the App or our Services. You can view the current version of this Privacy Policy at any time in your account settings in the App.
It is very important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our contractual relationship with you.
Version: 5.2 / Last Update: July 2023
Disclaimer
(1) Taxfix and this app does not represent any government or political entity and does not provide or facilitate government services.
(2) Taxfix takes privacy of its users with utmost importance. More information on: https://taxfix.de/en/privacy-policy/
(3) Information on this app comes from https://taxfix.de/en
(4) None of the Services of Taxfix include or constitute, nor does Taxfix claim to offer, tax advisory or consulting services.