Privacy policy
Introduction
With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services via our platform app.taxy.io and on our website www.taxy.io . The service provider used for the website or platform is explicitly stated in the respective section on the service provider.
The terms used are not gender-specific.
Responsibility for data collection and data protection officer
Data processing on this website and the integrated platform is carried out by the following company. You can also find our contact details in the legal notice of this website.
Taxy.io GmbH
Jülicher Straße 72a
D-52070 Aachen
E-mail: info@taxy.io
Local Court Aachen | HRB 22812 | Ust-ID. DE321008516
Managing directors: Daniel Kirch, Sven Peper
We have appointed a data protection officer for our company. You can reach him at the e-mail address dataprivacy@taxy.io.
Note on data transfer to the USA
Among other things, analysis tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be passed on to the US servers of the respective companies. We would like to point out that the European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework (successor to the "Privacy Shield"). The decision states that the United States will ensure an adequate level of protection - comparable to that of the European Union - for personal data transferred from the EU to US companies under the new framework. On the basis of this sectoral adequacy decision, personal data can be transferred securely from the EU to US companies participating in the framework ("Data Privacy Framework") without the need to implement additional data protection safeguards. To participate, companies must be certified by the U.S. Department of Commerce. If you have not done so, the adequacy decision does not serve as a basis for secure data transfer. In these cases, we conclude standard contractual clauses (SCC) with the service providers. By concluding the standard contractual clauses within the meaning of Art. 46 para. 2 lit. c GDPR, we provide guarantees for the protection of your data.
We also encrypt or pseudonymise personal data before transferring it to a service provider in a third country, where this is technically possible and appropriate.
SSL or TLS encryption
Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Transmission of personal data
As part of our processing of personal data, data may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and in particular conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.
Deletion of data
Unless a specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.
Data collection on website and platform
Cookies
Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified.
We have a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of our services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately as part of this data protection information and, if necessary, request your consent.
Consent with ConsentManager
Our website and platform uses the ConsentManager consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de .
When you enter our website, a connection is established to the ConsentManager servers in order to obtain your consent and other declarations regarding the use of cookies. ConsentManager then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the ConsentManager provider cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. ConsentManager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
We have concluded an order processing contract with ConsentManager. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Hubspot CRM
We use Hubspot on this website and for our platform. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter "Hubspot").
Hubspot enables us, among other things, to identify existing and potential customers and
customer contacts and we also process user and prospective customer enquiries via Hubspot. With the help of Hubspot, we are able to record, sort and analyse customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be analysed and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). Hubspot also enables us to record and analyse the user behaviour of our contacts on our website.
The general use of Hubspot is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most efficient customer management and customer communication possible.
We also send out our newsletter via Hubspot. This is a newsletter that contains all products, services and innovations of Taxy.io GmbH, for example also information about http://smartgrundsteuer.de . Analyses and evaluations within HubSpot and the sending of the newsletter are based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in connection with § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time, e.g. by clicking the unsubscribe link in every email. For organisational reasons, your data will be deleted within 30 days after you stop receiving the newsletter, provided the deletion does not conflict with any statutory retention obligations.
Furthermore, Hubspot processes the data you provide when you use the following services:
- Demo request: We process the data collected from you at https://www.taxy.io/demoanfrage on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. If there is no interest in further cooperation following the demo, your data will be deleted within 30 days for organisational reasons, provided that there are no legal obligations to retain the data.
- Contact form: We process the data collected from you at https://www.taxy.io/get-in-touch on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. If there is no further legal basis for processing your data after final processing of your enquiry, e.g. as part of a contractual basis, and if there are no statutory retention obligations to prevent deletion, your data will be deleted within 30 days for organisational reasons.
- KI Beta Club: We process the data collected from you at https://www.taxy.io/ki-beta-club on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR for registration as a member of the KI Beta Club. Further information on the KI Beta Club can be found at the end of this data protection information under KI Beta Club. For organisational reasons, your data will be deleted within 30 days after the end of your membership, provided that there are no legal obligations to retain the data.
Data storage at HubSpot takes place on European servers, but the integration of third-party providers means that data transfer to the USA cannot be completely ruled out. For details, please refer to Hubspot's privacy policy at https://legal.hubspot.com/de/privacy-policy and the general terms and conditions at https://legal.hubspot.com/terms-of-service .
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.hubspot.de/data-privacy/privacy-shield .
We have concluded an order processing contract with Hubspot.
Mailjet
We use Mailjet to create and manage user accounts and set passwords. The provider is Mailjet SAS,13-13 bis, rue de l'Aubrac, 75012 Paris, France.
The use of Mailjet and the regular dispatch of messages on the current legal situation for selected products is based on Art. 6 para. 1 lit. b GDPR. As part of our contractual obligations, we guarantee comprehensive information in the event of changes to the legal requirements, for example to meet deadlines.
Further information on data processing at Mailjet can be found at https://www.mailjet.com/de/rechtliches/datenschutzerklaerung/ .
We have concluded an order processing contract with Mailjet.
Payment procedure
We integrate a third-party payment service on our platform. When you make a purchase from us, your payment data (e.g. name, address, contact details, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the provider apply to these transactions. The payment service provider is used on the basis of Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract) and in the interest of a payment process that is as smooth, convenient and secure as possible (Art. 6 para. 1 lit. f GDPR).
We use the following payment service providers as part of our platform and for membership of the KI Beta Club:
Stripe
The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as "Stripe").
Under certain circumstances, the payment service provider may transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to Stripe's terms and conditions and privacy policy at https://stripe.com/de/privacy .
As exclusive data storage within the EU cannot currently be guaranteed by the provider, data transfer and storage in the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation . We have concluded these together with an order processing contract with Stripe.
In addition, Stripe.Inc is certified according to the Data Privacy Framework, which certifies a level of data protection similar to that of the EU/EEA.
Provision of the online offer and hosting
In order to provide our online offering securely and efficiently, we utilise the services of various hosting providers from whose servers (or servers managed by them) the online offering can be accessed.
External hosting of the website
We host our website at Wix.com Ltd, 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter "WIX").
WIX is a tool for creating and hosting websites. When you visit our website, WIX is used to analyse user behaviour, visitor sources, the region of website visitors and visitor numbers. WIX stores cookies on your browser that are required to display the website and to ensure security (necessary cookies).
The data collected via WIX can be stored on various servers worldwide, including in the USA.
Details can be found in the WIX privacy policy: https://de.wix.com/about/privacy .
According to WIX, data transfer to the USA and other third countries is based on the standard contractual clauses of the EU Commission or comparable guarantees in accordance with Art. 46 GDPR. You can find details here: https://de.wix.com/about/privacy-dpa-users .
The use of WIX is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible.
We have concluded an order processing contract with WIX.
Visit the website
When you visit our website, the browser used on your device automatically sends information to the server of our website or our platform. This information is temporarily stored in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:
IP address of the requesting computer,
● Date and time of access,
Name and URL of the retrieved file,
● Website or end device from which access is made (referrer URL),
● Browser used and, if applicable, the operating system of your computer/device and the name of your access provider.
We process the aforementioned data for the following purposes:
● Ensuring a smooth connection to the website and app,
● Ensuring convenient use of our website and app,
● Evaluation of system security and stability and
● for further administrative purposes.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
Cloud services
Microsoft Azure
We use Microsoft Azure to develop and maintain our app.taxy.io platform. The provider for this is Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland (hereinafter "MS Azure").
We have selected Europe as the server location for the storage of data when using MS Azure. Microsoft confirms that when using Azure and in the absence of certain integrations, no data is transferred to the USA. Details can be found here: https://azure.microsoft.com/de-de/global-infrastructure/data-residency/#overview .
The use of MS Azure is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the secure, fast and efficient provision of our services by a professional provider.
We have concluded an order processing contract with Microsoft, which is available at https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.
Further information on data protection and information security at Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement and https://www.microsoft.com/de-de/trustcenter .
Google Workspace
We use Google Workspace, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for document storage and management, calendar management, sending e-mails, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing websites, forms or other content and information as well as chats and participation in audio and video conferences.
In this context, personal data may be processed and stored on the provider's servers. This includes master data and contact data of users, data on transactions, contracts, other processes and their content. Google also processes usage data and metadata used by you for security purposes and service optimisation.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in efficient and secure administration and collaboration processes. Insofar as it concerns contract fulfilment and pre-contractual enquiries, the basis for processing is Art. 6 para. 1 lit. b GDPR.
We have concluded an order processing contract with Google. Details can be found here: https://workspace.google.com/terms/dpa_terms.html .
Further information on data protection and security procedures at Google can be found at https://cloud.google.com/terms/cloud-privacy-notice and https://cloud.google.com/security/privacy .
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://cloud.google.com/terms/eu-model-contract-clause .
Integrated tools within the platform
As part of the registration process on our platform, we use various authentication tools to ensure a high level of security. The processed data includes in particular the login information (user name, password and an e-mail address). We also store the IP address and the time of the respective user action. The storage takes place on the basis of Art. 6 para. 1 lit. b GDPR. We require secure registration processes to fulfil our contractual obligations.
We offer various registration options for secure data exchange and simple registration between you and our platform.
We currently use the following authentication tools.
ADDISON OneClick
To integrate and exchange data with ADDISON OneClick in our platform, you can log in via ADDISON OneClick. This is a service provided by Wolters Kluwer Software und Service GmbH, Stuttgarter Straße 35, 71638 Ludwigsburg, Germany.
The use of ADDISON OneClick within our platform is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Further information on data protection at ADDISON OneClick can be found here: https://www.wolterskluwer.com/de-de/privacy-cookies .
Auth0
For registration and login on our platform, we use the cloud-based identity management platform Auth0, a tool from the provider Auth0 Inc, 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA.
The integration of Auth0 is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to ensure that only authorised and identified persons have access to our platform.
We have selected Europe as the server location for storing the data. However, as data transfer to the USA cannot be completely ruled out, we base this on the standard contractual clauses of the EU, which we have concluded together with a contract for order processing. Details can be found here: https://cdn.auth0.com/website/legal/Aug-2021-Data-Processing-Addendum.pdf
Auth0 provides the following contact for data protection matters in the EU: Lionheart Squared (Europe) Ltd, 2 Pembroke House, Upper Pembroke St 28 -32, Dublin, D02 EK84, Irelandauth0@lionheartsquared.eu;
Further information on data processing at Auth0 can be found at https://auth0.com/privacy/ .
Datev SmartLogin
To integrate and exchange data with DATEV on our platform, you can log in via DATEV online applications. For this we use Datev SmartLogin, a tool from the provider DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg.
Details on data processing at DATEV can be found at https://www.datev.de/web/de/m/ueber-datev/datenschutz/ .
The use of Datev Smart Login within our platform is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Otto Schmidt
When answering your tax law questions, you can also access texts from Otto Schmidt's specialised publishing house. For more convenient access to our portal and the publisher databases, we offer a single sign-on with Otto Schmidt. This requires a one-off registration with the publisher and the deposit of the publisher's access data via the Single Sign On function.
The provider is Verlag Dr Otto Schmidt KG, Gustav-Heinemann-Ufer 58, 50968 Cologne. Information on data protection at Otto Schmidt can be found here: https://www.otto-schmidt.de/datenschutz
Analysis tools
Amplitude
On our website, we use the cloud-based optimisation services of Amplitude, a web analysis service of Amplitude Inc, Headquarters, 201 3rd Street, Suite 200, San Francisco, CA 94103, United States (hereinafter: "Amplitude").
The purpose of this data processing is the ongoing optimisation and needs-based design of our website. The tool helps us to better understand the usage behaviour of visitors to our website and to gain insights for further optimisation needs. The processed data may include device information (type, brand, operating system), the IP address of the device used, the name of the provider (e.g. Vodafone), interactions with the website, name and email address.
The legal basis for the processing of personal data is based on your consent, i.e. Art. 6 para. 1 lit. a GDPR.
To store the information generated about your visit to this website, we have ensured that Amplitude provides servers within the EU/EEA and have selected them for this purpose.
We have concluded an order processing contract with Amplitude with reference to the EU standard contractual clauses in order to guarantee the protection of this data processing. In addition, Amplitude has certified itself for the Data Privacy Framework, which certifies a level of data protection similar to that of the EU/EEA.
Additional information on data processing by Amplitude can be found in the provider's privacy policy at https://amplitude.com/privacy.
Google Tag Manager
We use Google Tag Manager on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the USA.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the fast and uncomplicated integration and management of various tools on our website.
Stape.io
We use Stape.io as a cloud tagging server for the Google Tag Manager. The provider is Stape Europe OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia.
This is a server-side tracking tool that is used to improve our website performance and optimise our marketing activities by setting first-party cookies on our own website. In contrast to third-party cookies, these are not made accessible by browsers across domains, i.e. they are not automatically passed on to third parties.
The setting of cookies only takes place after obtaining your consent as a legal basis in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Tagging generates a user ID, which falls under personal data as a pseudonym. However, this type of tagging gives us more control over your data, so that it is forwarded to the Google Tag Manager in anonymised form.
Stape's physical infrastructure is hosted in a Google Cloud data centre with proven security measures. We have taken care to choose a European zone.
We have concluded an order processing contract with stape.io. This serves to ensure that the data is only processed on the basis of our instructions and may not be transmitted to third parties without authorisation. You can view the current version at https://stape.io/eu-dpa. The provider's privacy policy is available at https://stape.io/eu-privacy-notice.
Stape.io
We use Stape.io as a cloud tagging server for the Google Tag Manager. The provider is Stape Europe OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia.
This is a server-side tracking tool that is used to improve our website performance and optimise our marketing activities by setting first-party cookies on our own website. In contrast to third-party cookies, these are not made accessible by browsers across domains, i.e. they are not automatically passed on to third parties.
The setting of cookies only takes place after obtaining your consent as a legal basis in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Tagging generates a user ID, which falls under personal data as a pseudonym. However, this type of tagging gives us more control over your data so that it is forwarded to the Google Tag Manager in anonymised form.
Stape's physical infrastructure is hosted in a Google Cloud data centre with proven security measures. We have taken care to choose a European zone.
We have concluded an order processing contract with stape.io. This serves to ensure that the data is only processed on the basis of our instructions and may not be transmitted to third parties without authorisation. You can view the current version at https://stape.io/eu-dpa. The provider's privacy policy is available at https://stape.io/eu-privacy-notice.
Google Analytics
Our website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors.
The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
We have activated the IP anonymisation function on our website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to analyse your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de . You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .
We have concluded an order processing contract with Google.
Google Ads
We use Google Ads on our website. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display adverts in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the operator of the website, we can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Conversion Tracking
This website also uses Google Conversion Tracking when using Google Ads. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can analyse which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our adverts and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
You can find more information on Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de .
Social media
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE .
When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation .
The use of Facebook is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG. Consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing that takes place after forwarding by
Facebook is not part of the joint responsibility. The obligations incumbent on us jointly were set out in an agreement on joint processing. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum , https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php .
Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram then receives information about your visit to this website. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to recognise your visit to this
website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
The use of Instagram is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG. Consent can be revoked at any time.
Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility.
The obligations incumbent on us jointly were set out in an agreement on joint processing. You can find the wording of the agreement at
https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of the Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum , https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381 .
Further information on this can be found in Instagram's privacy policy:
https://instagram.com/about/legal/privacy/ .
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time you access a page on this website that contains elements from LinkedIn, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.
The use of LinkedIn is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de.
Further information on this can be found in LinkedIn's privacy policy at:
https://www.linkedin.com/legal/privacy-policy.
We have integrated the functions of the Twitter service on this website. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
When the social media element is active, a direct connection is established between your device and the Twitter server. Twitter thereby receives information about your visit to this website.
By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. We would like to point out that, as the provider of the site, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter's privacy policy at: https://twitter.com/de/privacy .
The integration of Twitter is based on our legitimate interest in the widest possible visibility in social media in accordance with Art. 6 para. 1 lit. f GDPR.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html .
You can change your data protection settings on Twitter in the account settings under
https://twitter.com/account/settings change.
Plugins and tools
Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form, a demo request) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analysed on the basis of Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in protecting our website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). This is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards.
YouTube with extended data protection
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.
YouTube is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de .
Slack
We use the "Slack" platform of Slack Technologies Limited, One Park Place, Upper Hatch Street, Dublin 2 Ireland (hereinafter "Slack Technologies"), for internal communication with our employees. Your e-mail address may be exchanged if, for example, it concerns enquiries about platform use or troubleshooting within the platform or other concerns about which you have contacted us.
The data collected may also be stored on servers in the USA or other third countries via the parent company Slack Technologies LLC.
The processing of this data is necessary to fulfil our contractual obligation to efficiently process your use of our platform and is therefore carried out on the basis of Art. 6 para. 1 lit. b GDPR.
We have concluded an order processing contract with Slack Technologies. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://slack.com/intl/de-de/terms-of-service/data-processing .
Further information on the use of data by Slack Technologies can be found in the company's privacy policy at: https://slack.com/intl/de-de/trust/privacy/privacy-policy .
Sleekplan
We use Sleekplan as a solution for user feedback. Our customers can contribute their own ideas, comment on those of other users and be informed about development progress. Of course, this all happens on a voluntary basis.
The provider of the tool is Sleekplan GmbH, Georgenstrasse 66, 80799 Munich, Germany.
When using Sleekplan, the following personal data may be collected from you: Customer attributes, website views, click data, social media information, contact details (email, telephone), IP address, name and nationality.
Sleekplan uses "cookies", which are text files placed on your computer, to help the solution remember information you have already filled in and to manage your session.
It also stores information about your IP address, geographical location, operating system, browser version, (browser) screen size, the URL visited, your e-mail and your name (if you have provided it or it has been provided by the web application or website).
Sleekplan uses this information to provide manually submitted feedback from users with contextual information, to analyse feedback elements and to create reports.
To protect your data, we have concluded an order processing contract with the provider. This serves to ensure that the data is only processed on the basis of our instructions and may not be transmitted to third parties without authorisation.
In addition, we have ensured that the data is stored within the EU/EEA. Sleekplan uses Amazon Web Services (AWS) as a hosting service. You can find more information about AWS data protection at https://aws.amazon.com/de/compliance/data-privacy/.
You have the option to withdraw your consent to processing at any time by informing us using the contact details above or by withdrawing your consent in the consent banner.
Video conferencing
We use external online conferencing tools to communicate with our customers. If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool. The conferencing tools collect all the data that you provide/enter to use the tools (e-mail address, name, telephone number if applicable). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other "context information" in connection with the communication process (metadata). Furthermore, the provider of the tool processes all technical data required for the processing of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or provided in any other way within the tool, it is also stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected. We have no influence on the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
We use the following conference tools:
Google Meet
We use Google Meet from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It is used in accordance with Art. 6 para. 1 lit. b GDPR to communicate with prospective or existing contractual partners or to offer you certain services. Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company, which corresponds to a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
Details on data processing can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de .
We have concluded an order processing contract with Google.
Zoom
We use Zoom for webinars for our newsletter subscribers and interested parties. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom's privacy policy: https://zoom.us/de-de/privacy.html .
Registration for the webinars takes place via the respective landing page. Participation in these webinars is voluntary and independent of registration for the newsletter. The processing of your personal data within Zoom is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://zoom.us/de-de/privacy.html .
We have concluded an order processing contract for the use of Zoom.
We use the following remote maintenance software:
Pcvisit
We use pcvisit, a remote maintenance software from pcvisit Software AG, Manfred-von-Ardenne-Ring 20, 01099 Dresden, Germany, to diagnose and rectify errors for clients and end users of our platform. Names, user IDs and designations are stored. The use takes place within the framework of the fulfilment of our contractual obligations in accordance with Art. 6 para. 1 lit. b GDPR.
Details on data processing can be found in pcvisit's privacy policy at https://pcvisit-documents.s3.eu-central-1.amazonaws.com/Datenschutzerklaerung+pcvisit+Software+AG+(pcvisit.de).pdf
We have concluded an order processing contract with pcvisit.
The following services are also integrated when answering tax law questions within the framework of `Taxy.io Answers BETA':
Microsoft Azure OpenAI Services
We use Azure OpenAI as the basis for `Taxy.io Answers BETA'. The provider is Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
This is a service from Microsoft that embeds the generative AI language models GPT from the provider OpenAI on the high-performance infrastructure of the Azure cloud. This gives customers access to the language models while guaranteeing the security functions (such as encryption techniques) of Microsoft Azure.
Microsoft guarantees that the customer data collected will not be forwarded to OpenAI or used to train the language models.
The EU Data Boundary means that customer data is stored and processed exclusively in the EU.
You can find more information at https://learn.microsoft.com/de-de/azure/ai-services/openai/overview#comparing-azure-openai-and-openai and https://learn.microsoft.com/de-de/legal/cognitive-services/openai/data-privacy.
Before using Taxy.io Answers BETA, you agree that your personal data may be processed to the extent that your prompts receive such data. You can revoke your consent at any time via the contact options mentioned above. However, this will mean that it will no longer be possible to use the Taxy.io Answers BETA service. We therefore recommend that you do not import any personal data and limit your request to technical questions.
Rights of data subjects
You have the right,
● to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
● in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
● to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
● in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
● in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
● in accordance with Art. 7 (3) GDPR, you can withdraw your consent to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future; and
● to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace, or alternatively the supervisory authority of our company headquarters.
Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right to object, you can send an e-mail to dataprivacy@taxy.io.
Amendment and updating of the privacy policy
This data protection information is currently valid and was last updated in July 2024.
Due to the further development of our website and platform or due to changes in legal or regulatory requirements, it may become necessary to amend this data protection information. The current data protection information can be accessed at any time on our website at https://www.taxy.io/datenschutz-taxyio or via our platform.