Taxfix Privacy Policy

Last updated: March 2022

Taxfix Spain, S.L (“Taxfix”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data. As part of our mission to simplify the tax filing system for our users (“you” or “your”), it’s important to us that you feel comfortable and trust us with your personal data when you use our services (collectively, the “Services”). Please take a few minutes to read this privacy policy (this “Privacy Policy”) and our Cookie Policy, which provides information about how we process your personal data in relation to your use of the website www.taxfix.es and the Services accessible through our website and our mobile based apps (collectively, “Apps” and each, an “App“), which are owned by Taxfix GmbH, so that you understand what kind of information we collect about you, how we use that information and why. This Privacy Policy also explains what kind of rights you have regarding our processing of your data.

Both Taxfix and Taxfix GmbH (our parent company based in Germany) process your personal data as joint-controllers, as defined in the EU General Data Protection Regulation (“GDPR”). Taxfix and Taxfix GmbH have executed a joint-controllership agreement that lays down their respective responsibilities of each joint-controller and, in particular, in relation to the exercising of your rights as a data subject. This Privacy Policy provides transparency on the essence of the joint controllership agreement mentioned herein.

Overview

Identity of the Joint Controllers

  • Taxfix GmbH with registered office in Köpenicker Str. 122, 10179 Berlin. Can be contacted via phone +49 30 92106949 or by e-mail at: [email protected]
  • Taxfix Spain, S.L., with registered office at calle Goya 15, piso 6, 28001 Madrid. Can be contacted by email at: [email protected] or [email protected]

Purpose of the Processing

We process your personal data for the following purposes:
  1. Performance of Contractual or Pre-Contractual Measures. The data processing is needed for the performance of a contract to which you are a party or in order to take the steps requested by you prior to entering into a contract.
  2. For marketing, market and opinion analysis, ensuring IT security, assessment and optimization of processes, analyzing and improving our products and services, enhancing your user experience, enforcement of claims or defences in legal proceedings and developing our Services and App.
  3. Legal Compliance. The data processing is necessary for compliance with a legal obligation to which we are subject. We are subject to several legal obligations that necessitate certain data processing activities. This includes verification of your identity, prevention of fraud and upholding our control and reporting obligations.
  4. Processing on behalf of Taxfix. In several instances, we engage service providers and processors to process personal data on our behalf.

Legal Basis for Processing

  1. Performance of Contractual or Pre-Contractual Measures: Art. 6 (1) lit. b GDPR
  2. Consent. Where you have agreed to the processing of your personal data for one or more specific purposes, such data processing by us is permitted on the legal basis of your consent (Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR). Your consent is revocable at any time. Where you revoke your consent, we will not process your personal data on the basis of your consent following your revocation.
  3. Legitimate Interests. The data processing is needed for the purposes of the legitimate interests pursued by us or Taxfix Germany, the joint-controllers, or a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6 (1) lit. f GDPR). Data processing that falls under this category can include marketing or market and opinion analysis, ensuring IT security, assessment and optimization of processes, analyzing and improving our products and services, enhancing your user experience, enforcement of claims or defences in legal proceedings and developing our Services and App.
  4. Legal Compliance. The data processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 (1) lit. c GDPR).
  5. Processing on behalf of Taxfix. In several instances, we engage service providers and processors to process personal data on our behalf under Art. 28 GDPR.

Third Parties

  1. Transfers to Third Parties. We transfer your personal data to the tax authorities upon your request and in certain cases, to our third-party service providers, including our hosting providers, payment providers, IT service and development providers. Your personal data will only be passed on or transmitted to third parties insofar as is necessary for our contract with you, if we have a legitimate interest (fraud prevention or payment management), if you have given your consent, or insofar as we are legally required to do so. Our service providers receive personal data solely for the performance of their services for us and are contractually obliged not to use personal data for other purposes.
  2. Transfers to Third Countries. Should any processing of your data take place outside of the EU, this will be done in compliance with the GDPR – namely, on the basis of an appropriate transfer mechanism (e.g. standard contractual clauses in the respective data processing agreement with the relevant third party).

Data Subject Rights

As the data subject, you have the following rights:
  1. the right of access (Art. 15 GDPR),the right to rectification (Art. 16 GDPR),
  2. the right to erasure of your personal data (Art. 17 GDPR),
  3. the right to restriction of processing of your personal data (Art. 18 GDPR),
  4. right to revoke a given consent at any time pursuant to Art. 7 (3) GDPR and the Joint Controllers will no longer continue any such processing that is based on your consent moving forward,
  5. right to object to the processing of your personal data insofar as we base such processing on legitimate interests under Art. 6 (1) lit. f GDPR. In case you wish to object, please send a message to [email protected] or [email protected]; and
  6. the right to data portability (Art. 20 GDPR).

You also have the option to file a complaint against the processing of your personal data with the competent supervisory authority, which in this case is the Agencia Española de Protección de Datos, c/ Jorge Juan, 6, 28001, Madrid. You can at each time either contact us or Taxfix Germany directly via the above indicated addresses to exercise your rights.

You can find detailed information on how we process your personal data, the legal basis and your rights below.

A. Contact and Joint Controllers

Taxfix GmbH with registered office in Köpenicker Str. 122, 10179 Berlin (hereinafter “Taxfix Germany”) acts as a joint controller with regard to the processing of personal data collected, processed and stored through the App and through the communication platforms related to the App.

Taxfix Germany can always be contacted by phone on +49 30 92106949 or by e-mail at: [email protected]

For any questions regarding the processing of data carried out in the context of using the App, the users of the App (the “Users” or “Interested”, or even individually the “User” or “Interested Users”) can contact at any time also to the data protection officer (“DPO”) designated by Taxfix for the Taxfix group, by writing to the contacts indicated above.

In order to offer Users a complete support service in the compilation and revision of tax returns, Taxfix makes use of the help of Taxfix Spain, S.L, with registered office at calle Goya 15, piso 6, 28001 Madrid (“Taxfix”, “we”, “us” or “our”). Taxfix provides tax consultancy services through the App as defined in the general terms and conditions (accessible in the App / Webapp or on the taxfix.es website).

It is always possible to contact Taxfix by e-mail via [email protected] or [email protected] Germany does not provide any tax advice, but manages the software and the platform with which personal data is collected (including tax data) and through which Taxfix can access any useful information for preparing the tax return.

You can reach Taxfix Germany’s data protection team at the e-mail address above In addition, Taxfix Germany has appointed a Data Protection Officer (“DPO”) for the Taxfix group of companies who acts on behalf of all companies related to that group in supporting our compliance efforts in relation to the processing of personal data. The DPO can be reached at the above postal address of Taxfix Germany (Attn: DPO).

Taxfix Germany and Taxfix jointly determine the purposes and methods of the processing of personal data in the context of the provision of the services through the App, and are therefore – with reference to this context – joint controllers, (the “Joint Controllers“). Pursuant to Art. 26 GDPR, the Joint Controllers have stipulated – in a transparent manner, through a joint data controller agreement (the “Agreement“) – their respective responsibilities regarding compliance with the obligations deriving from the GDPR, with particular regard to the exercise of rights of the interested party and the respective functions of communication of information referred to in articles 13 and 14 of the GDPR. The essential content of the Agreement is available here.

B. Third Party Links

Our website may, from time to time, contain links to or from partner websites or other third-party sites. These sites and any services that may be accessible through them have their own privacy policies. As we are not responsible for the privacy practices of these sites, we recommend that you review their privacy policies before submitting personal data to them.

C. General Purposes and Legal Bases

When we use the term “personal data”, we are referring to any information that can be used, directly or indirectly, to identify you personally. We process your personal data in accordance with the GDPR, the Spanish Data Protection Act (SDPA), as well as in accordance with the guidelines, resolutions, decisions, or reports of the SDPA if at least one of the following applies:
  1. Performance of Contractual or Pre-Contractual Measures. The data processing is needed for the performance of a contract to which you are a party or in order to take the steps requested by you prior to entering into a contract (Art. 6 (1) lit. b GDPR). Data processing that falls under this category is done when requested by you and can include performing transactions, customer support, requirement analysis and processing your tax-related data needed for your tax declaration in order to fulfill our Service Agreement with you.
  2. Consent. Where you have agreed to the processing of your personal data for one or more specific purposes, such data processing by us is permitted on the legal basis of your consent (Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR). Your consent is revocable at any time. Where you revoke your consent, we will not process your personal data on the basis of your consent following your revocation.
  3. Legitimate Interests. The data processing is needed for the purposes of the legitimate interests pursued by us or Taxfix Germany, the joint-controllers, or a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6 (1) lit. f GDPR). Data processing that falls under this category can include marketing or market and opinion analysis, ensuring IT security, assessment and optimization of processes, analyzing and improving our products and services, enhancing your user experience, enforcement of claims or defences in legal proceedings and developing our Services and App.
  4. Legal Compliance. The data processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 (1) lit. c GDPR). We are subject to several legal obligations that necessitate certain data processing activities. This includes verification of your identity, prevention of fraud and upholding our control and reporting obligations.
  5. Processing on behalf of Taxfix. In several instances, we engage service providers and processors to process personal data on our behalf under Art. 28 GDPR. The data processing that falls under this category is carried out pursuant to a separate agreement with the respective processor. We ensure that this agreement contains sufficient protection and guarantees for the protection of your personal data and your rights with respect to that data, in each case in compliance with the GDPR.

D. Requested Authorizations When Using the App

For some functions, the App requires access to certain services and data on your mobile device, which you will be asked to authorize. This section explains which access authorizations are required to use the App on iOS and Android devices and why.
  1. iOS.
    • Notifications / Push Messages. Certain technical data is automatically collected and transmitted to us by your browser when you access our website. Such information includes data about your internet browser, operating system, IP address, time of the page request, referrer URL, device information, session information, size of the requested file and any status or error codes. The information is logged in server log files, which we process in order to ensure the functionality of our website, gather statistical information about the use and development of our website, and for general data security and error analysis purposes. With respect to ensuring the functionality of our website, the basis for our data processing is Art. 6 (1) lit. b GDPR (i.e. contractual or pre-contractual measure). With respect to monitoring for data security and error analysis, the basis for our processing is Art. 6 (1) lit. f GDPR (i.e. legitimate interests).
    • Registration Data. By choosing “Allow” when asked whether the App can send push notifications to your advice, you are authorizing the App to notify you of certain events such as deadlines for filing your tax return or other tax-relevant topics by means of push notification even when you are not using the App. The App may push notifications with a tone, message (e.g. in the form of a screen banner) or symbol identifier (a picture or number on the App icon). You’ll be asked to authorize push notification the first time you call up the App and register or log in. You can adjust or customize your permission settings for push messages under “Settings” > “Messages” and selecting the Taxfix App on your device.
    • Camera and Photo Access. By choosing “Allow” when asked whether the App can access your photos, you are allowing the App to access your mobile device’s photo library in order to upload a photo of your identification document or income. In order to take a photo of your identification document or payslip directly in the App via your mobile device camera, you’ll need to grant additional access to your camera, which you can do so under “Settings” > “Privacy” > “Camera” on your device. Your grant of access rights to your camera and photos are exclusively for purposes of verifying your identification card. As such, only the photo(s) you select or take with your camera will be processed and there will be no authorized use of the photo and the camera function. You can revoke your access permissions at any time by adjusting your mobile device settings.
  2. Android.
    • Push Messages. When installing the App, you will be asked to grant permission to receive push messages from the App when you are not using it. You can prevent the App from displaying push messages by navigating to “Settings” > “Apps” (or “Application Manager”) on your device. There you will find an overview of all applications installed on your device. Select the Taxfix App and under “Permissions” you can switch on or off the push notification function.
    • Access to all Networks. During installation, access to all networks is requested in order to enable the App to transfer data via Internet connection of your end mobile device (WiFi or data connection). This authorization is needed to transfer your entries to our servers, for example, as part of the registration process.
    • Camera Access. This authorization is requested in order for you to photograph your income tax statement and identification in the App and in this way record your tax-relevant information quickly and seamlessly. The App will only have access to your camera if you select this function in the App.
    • Save Records to Memory or SD Cards. This authorization is required to enable the App to store or retrieve the data for its tax return in the memory or, if necessary, in an additional memory used by your terminal device. The app only reads the data that was stored in connection with the use of the Taxfix services.

E. Personal Data We Collect and How We Process It

We and Taxfix Germany process your personal data in order to provide you with our best Services. We collect your personal data either through your voluntary input or automatically when you use our App or visit our website (including through the use of tracking technologies, as discussed in our Cookie Policy). This section discusses the specific categories of personal data that we process.
  1. Device and Technical Data. Certain technical data is automatically collected and transmitted to Taxfix Germany by your browser when you access our website. Such information includes data about your internet browser, operating system, IP address, time of the page request, referrer URL, device information, session information, size of the requested file and any status or error codes. The information is logged in server log files, which is processed by Taxfix Germany in order to ensure the functionality of our website, gather statistical information about the use and development of our website, for general data security and error analysis purposes and for marketing purposes and general product improvement. With respect to ensuring the functionality of our website, the basis for this data processing is Art. 6 (1) lit. b GDPR (i.e. contractual or pre-contractual measure). With respect to monitoring for data security and error analysis, the basis for this processing is Art. 6 (1) lit. f GDPR (our and Taxfix Germany legitimate interests to ensure the stability and security of the website and app). With regard to marketing purposes is Art. 6 para. 1 lit. a GDPR (i.e. your consent). And with regard to general product improvement, the basis of our processing is Art. 6 para. 1 lit. f GDPR (Taxfix Germany legitimate interest to attract more customers and improve sales and products).
  2. App Store Installation Data. You can download and install the App on your mobile device from either Google Play or the App Store. In order to do this, you must first register for a user account with the provider of the app store and conclude a user agreement with that provider. In the process of downloading and installing the App, certain information about you and your access device gets transmitted to the app store provider – username, e-mail address, customer number, time of download and device ID. We do not have any control over this data collection and we do not store it, but we do process it insofar as is necessary to install the App on your device. Our legal basis for processing this data is Art. 6 (1) lit. b GDPR (i.e. contractual or pre-contractual measures).
  3. Registration Data. When you register to use our App, we collect certain personal information from you in order to determine whether our Services support your tax case. We collect this information by asking you about your civil status, living situation, sources of income, alimony payments, foreign income and tax-relevant disability payments. During the registration process, we also ask you for your e-mail address (which we verify with you), your name, assign you a Taxfix user ID, process the time of your registration and your IP address, and ask you to take note of this Policy and accept our Terms and Conditions. The basis for our processing of your registration data as described in this section is Art. 6 (1) lit. b GDPR. (i.e. contractual or pre-contractual measures). Your registration data will be stored by Taxfix Germany as long as your user account is still active and will be retained by us for an additional twelve months thereafter. Legal retention periods apply and remain unaffected. Please note that we use technical services (e.g. servers) provided by Google. We pay careful attention to the highest technical security standards and all data is stored in Europe. For technical reasons, however, it may happen that the infrastructure is maintained or partly provided from the USA. As we process sensitive data, we strive for maximum transparency in this respect as well. For more information about how we and Taxfix Germany protect your personal data in these international data transfers, please see section G of this Privacy Policy (External Transfers).
  4. Pre-fill Data. Once registered, you are required to enter any of the means of authentication for the Tax Agency such as your ID number, the reference number of the Tax Agency, the corresponding box relating to the previous income tax return, or the [email protected] Pin. Once completed, we populate your tax return with certain pre-fill information that is electronically reported to tax authorities (namely by your employer and the relevant social security office) and stored with them. Depending on your preference in the App, using your ID, your personal [email protected] PIN, your fiscal reference number or additional information provided in previous tax returns, we first connect to the Tax Agency’s website and log in with an automated browser using your credentials. You can find more information on [email protected] here. This allows us to obtain your tax reference number. Once we have the tax reference number, we securely retrieve via the Tax Agency’s API your pre-fill information which is encrypted via in-transit encryption (SSL). Once we have received your pre-fill information from the Tax Agency’s API, this information is stored by Taxfix Germany in your Taxfix account on our servers in order to integrate this data directly in your tax return. Our legal basis for processing your pre-fill data as described in this section is thus Art. 6 (1) lit. b GDPR (i.e. performance of a contract), and our legal basis for processing of sensitive personal data contained in your pre-fill information (such as on religious belief) is Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR (i.e. consent) in conjunction with Art. 6 (1) lit. b GDPR (i.e. performance of a contract by preparing your tax return). Taking into consideration the statutory deadlines the tax authorities have to investigate tax debts , Taxfix Germany stores your pre-fill data fully encrypted in our database located in Europe for a period of ten years following transmission to the tax authority.
  5. Tax Data. Following registration, you will be asked a series of questions through our App designed to capture the tax-relevant information needed to fill out your tax declaration digitally. These questions ask you for information about your name, employment status, address, religious affiliation, occupation, employer, income statements, secondary residence, competent tax office, tax identification number, training and education, business expenses, professional associations, income from capital asset and other income, insurance, medical expenses, survivorship, disability, donations, church tax, household expenses, alimony and tax loss carryforwards. As already mentioned, such tax-relevant information may include “sensitive personal data” such as data related to your health, religious affiliation or trade union membership, for which we might need your consent to process in order to provide the Services, as this information is required to calculate your tax return amount. We will obtain your consent separately. You can revoke your consent at any given time with effect for the future, but in the event of such revocation you will no longer be able to use all services. Your tax data is also stored by Taxfix Germany in order to further streamline and simplify your declaration for next year. Our legal basis for processing your tax data as described in this section is thus Art. 6 (1) lit. b GDPR (i.e. performance of a contract), and our legal basis for processing any sensitive personal data is Art. 6 (1) lit. b GDPR (i.e. performance of a contract) and Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR (i.e. consent). Taking into consideration the statutory deadlines the tax authorities have to investigate tax debts, your tax data is stored by Taxfix Germany fully encrypted in our database located in Europe for a period of ten years following transmission to the tax authority. After that the data is anonymized completely.
  6. Tax Data on Third Parties. Please note that, in order to support your tax case in the most accurate manner, Tax Data can include information about third parties such as, without limitation, your relatives or your lessor. To the extent that we are required to inform these third parties about the processing activities we carry out with their personal data under the GDPR, we also ask you to provide contact details about these third parties. The basis for our processing of the tax data on third parties as described in this section is Art. 6 (1) lit. f GDPR. (i.e. your legitimate interest to submit your tax returns in the most accurate manner).
  7. Transaction Data. In order to submit the income tax return generated through the App to the tax office, you must enter into a Service Agreement with Taxfix in accordance with our Terms and Conditions. Pursuant to this Service Agreement, you may be required to pay a one-time submission fee with respect to each tax declaration submitted, depending on the amount of your calculated tax return. For users, the submission fee (if applicable) is payable by credit card and is processed via our external payment service provider Stripe Payments Europe, Ltd. (Stripe), C/O A&L Goodbody, Ifsc, North Wall Quay Dublin 1., Dublin 1, Dublin, Ireland; Stripe” in conjunction with Taxfix Germany. Stripe will receive your name and bank details in order to process payment and will notify us upon receipt of payment. We won’t store your payment information but we do process your transaction information (i.e. when you paid, when payment was processed and the amount of your payment) for reporting purposes for ten years in combination with your registration data. Our legal basis for processing your transaction data is Art. 6 (1) lit. b GDPR (i.e. performance of a contract) and our legal basis for its retention is Art. 6 (1) lit. c GDPR (i.e. compliance with our legal obligations as we are required under applicable law to store relevant financial and accounting documents. Please note that we also use Stripe for repayment invoicing, and to handle relevant security and fraud prevention measures. Identification. For legal reasons, we are required to confirm your identity as the filing taxpayer prior to final submission of your tax declaration. We verify your identity by having you submit your income tax certificate, wage/salary statement, registration of address confirmation, an identity card or other identification document with your address listed on it. After we have confirmed your identity, you will have the opportunity to review your prepared tax return, confirm the accuracy of your provided details and authorize us to submit the tax declaration to the tax office. For other legal reasons, we may be required to provide information on our users to tax authorities and other competent authorities. Thus, we are processing your identification data and Taxfix Germany stores it for the legally stipulated period of ten years after the end of the year in which the documents were transmitted in order to verify your identity and your authorization of us is Art. 6 (1) lit. c GDPR (i.e. compliance with our legal obligations)[email protected] PIN Data Processing. We submit your tax declaration using your personal [email protected] PIN, which is the authentication system to facilitate electronic relationships between natural persons and the public administrations of Spain. Retrieval of Electronic Tax Assessment. We retrieve your electronic tax assessment via the Tax Agency’s API in order to provide you this information within the App, as well for statistical and control purposes – namely, to assess any discrepancies between the amount of your refund as calculated using the App and as finally determined by the tax office in order to improve the Services and further refine the App. Our legal basis for processing this data is Art. 6 (1) lit. f GDPR (i.e. legitimate interests), Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR (i.e. consent).
  8. Support. If you have any questions about our Services, reach out to our customer support team! You can reach support by clicking “Contact our Support Team” in your account settings. We can’t provide you with any tax advice (so please contact a tax advisor with any tax-related questions), but we’re here to answer any questions you have about how to use the App, registration, errors or bugs in the App, etc. If your App crashes, you can elect to send us a complete error log, containing both technical information and any sensitive tax data that may have been entered, in which case you consent to the transmission of such information in order for us to most effectively trouble any problems. The error log and support requests are saved to your user account. Of course you have the possibility to delete saved error logs. An error log will be deleted or completely anonymized at the latest 12 months after transmission. Our legal basis for processing error logs is Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR (i.e. consent) and our legal basis for processing your other support requests is Art. 6 (1) lit. b GDPR (i.e. performance of a contract). To handle customer inquiries, we use a ticket system and customer service platform provided by Intercom, Inc. (55 2nd Street, 4th Floor, San Francisco, CA 94105 USA; “Intercom”). For more information about Intercom’s data processing, please refer to their privacy notice at https://www.intercom.com/terms-and-policies#privacy. We have in place a Data Processing Addendum with Intercom to ensure that the processing of your data is conducted in accordance with applicable law.
  9. Marketing and Communications Data. If you have used the Services previously or if you have subscribed to receive marketing materials from us, we, Taxfix Germany or our service providers acting on our behalf may send you certain marketing e-mails including for example newsletters, customer satisfaction or review surveys, information about updates to our Services or special offers from us. The legal basis for processing this data is Art. 6 (1) lit. a GDPR (i.e. consent) if you have subscribed to receive marketing emails, or Art. 6 (1) lit. f GDPR (i.e. legitimate interests) if you have used the Services previously. If you do not wish to receive any marketing e-mails from Taxfix Germany, you can opt-out anytime by using the “unsubscribe” link in any e-mail we send you or by sending us an e-mail at [email protected]
  10. Improvement of User Experience. To improve the user experience, we will test new or modified functions and features limited to certain user groups. Under certain circumstances, this may lead to different presentations for different users. The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR (i.e. our legitimate interest in continuously improving the user experience and our products).

F. How We Protect Your Data

  1. Security Measures. We maintain state-of-the-art technical measures to secure your personal data from accidental loss and from unauthorized access, use, alteration and disclosure. All transactions, regardless of their nature, are encrypted using SSL technology. The information you provide to us is generally stored in a computer center located in Europe in accordance with high security standards and is encrypted (AES-256-CTR). Our data center is equipped with state-of-the-art technical security measures and is certified in accordance with ISO 27018 standards and guidelines. We carefully select and regularly monitor our service providers, who are instructed by us and required to ensure that any data processing including transfers to third countries is subject to stringent technical security measures compliant with European standards. Furthermore, Taxfix Germany’s Information Security Management System is ISO/IEC 27001 certified.
  2. PIN Protection. You can protect access to the App on your device with a PIN code. You can change your PIN at any time in the account settings in the App. Where you have chosen a PIN code for access to the App, you are responsible for keeping this confidential and we ask you not to share it with anyone. Please note that your PIN is unique to your browser session and/or mobile device. If you wish to access your account from a new mobile device or in a new browser session, you will be asked to verify your email address and you will be sent an additional security access code in order to do so. Alternatively, you can also use the system-side Touch ID function on suitable Apple devices to enable access to the Taxfix App or the Taxfix WebApp using your fingerprint. Please note that neither your fingerprint nor biometric information is transmitted to Taxfix. Please consult Apple’s Touch ID information or Apple’s Face ID information for more details.

G. External Transfers

  1. Transfers to Third Parties. As mentioned elsewhere in this Privacy Policy, in order to provide the Services, we transfer your data to the tax authorities upon your request and in certain cases, to our third-party service providers, including our hosting providers, payment providers, IT service and development providers. Your personal data will only be passed on or transmitted to third parties insofar as is necessary for our contract with you, if we have a legitimate interest (fraud prevention or payment management), if you have given your consent, or insofar as we are legally required to do so. Our service providers receive personal data solely for the performance of their services for us and are contractually obliged not to use personal data for other purposes.
  2. Transfers to Third Countries. Should any processing of your data take place outside of the EU, this will be done in compliance with Art. 44 GDPR – namely, on the basis of an appropriate transfer mechanism (e.g. standard contractual clauses in the respective data processing agreement with the relevant third party).

H. Your Rights Under the GDPR

  1. Data Subject Rights. As the data subject, you have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure of your personal data (Art. 17 GDPR), the right to restriction of processing of your personal data (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). You also have the option to file a complaint against the processing of your personal data with the competent supervisory authority, which in this case is the Agencia Española de Protección de Datos, c/ Jorge Juan, 6, 28001, Madrid. You can at each time either contact us or Taxfix Germany directly via the above indicated addresses to exercise your rights.
  2. Right of Revocation. If you have given your consent to the processing of your data, you can revoke your given consent at any time pursuant to Art. 7 (3) GDPR and the Joint Controllers e will no longer continue any such processing that is based on your consent moving forward. Note that such revocation will not affect the legality of any processing carried out on the basis of your consent up to the point of revocation.
  3. Right to Object. You can object to the processing of your personal data insofar as we base such processing on the balance of legitimate interests under Art. 6 (1) lit. f GDPR. This is the case in particular if the processing is not necessary for the fulfillment of a contractual obligation or for compliance with our legal obligations. In case you wish to object, we kindly ask you to provide an explanation of the reasons for the objection against the processing of your personal data, so that we may examine and assess the situation, and either discontinue or adapt the data processing, or point out to you our compelling legitimate reasons based on which we continue the processing of your data. Please note that providing an explanation is not required. You may, of course, object to data processing for the purposes of advertising or direct marketing at any time without providing an explanation. In this case, please send a message to [email protected] or [email protected]

I. Amendments

We keep this Privacy Policy under regular review and reserve the right to make changes to this Privacy Policy. If we do amend this Privacy Policy, these changes will be posted on this page and, where appropriate, notified to you by e-mail or when you start the App to use our Services. You may be required to read and acknowledge the changes in order to continue your use of the App or our Services. You can view the current version of this Privacy Policy at any time in your account settings in the App. It is very important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our contractual relationship with you.

Version: 1.0 / Last Update: March 2022