Get in touch

Privacy Policy

Information on the processing of personal data when visiting this website, when contacting the practice and in connection with digital communication and practice processes.

This English version is provided for information purposes. The German version remains the authoritative version for the German website and German legal terminology.

1. Controller and general information

Controller

Controller for data processing

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

Marcel Bexten, Steuerberater
Grevenweg 28
52152 Simmerath
Germany
Phone: +49 157 53519172
Email: info@steuerberater-bexten.de

Data Protection Officer

No Data Protection Officer appointed

No Data Protection Officer has currently been appointed. If you have any questions regarding data protection, you may contact the practice directly using the contact details stated above.

Personal data is processed, where applicable, on the basis of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection provisions.

Contract / enquiry

Art. 6(1)(b) GDPR

Processing for the performance of pre-contractual measures, for handling mandate enquiries and for carrying out an existing mandate relationship.

Legal obligation

Art. 6(1)(c) GDPR

Processing for compliance with legal obligations, in particular tax, commercial, professional and statutory retention obligations.

Legitimate interest

Art. 6(1)(f) GDPR

Processing for the purposes of legitimate interests, in particular technical provision of the website, IT security, communication, organisation and defence against unauthorised claims.

Consent

Art. 6(1)(a) GDPR

Processing on the basis of consent where such consent is obtained, for example for certain external services or technologies requiring consent.

3. Website visit and server log files

When this website is accessed, technically necessary data is processed in order to deliver the website, ensure stability and security and detect misuse.

Technical data

Server log files

The data processed may include, in particular, IP address, date and time of access, page accessed, referrer URL, browser type, operating system and host name of the accessing device.

The legal basis is Art. 6(1)(f) GDPR. The legitimate interest lies in the secure, stable and error-free provision of this website.

4. Hosting, domain and technical service providers

Hosting

Hostinger

This website is technically provided via Hostinger. In connection with hosting, personal data generated when visiting the website may be processed, in particular technical access data.

Domain

IONOS

Domain administration may be carried out via IONOS. Technical and administrative data may be processed where this is necessary for providing and managing the domain.

5. Contact and mandate enquiries

If you contact the practice by contact form, email, telephone, WhatsApp or any other communication channel, the information you provide will be processed for the purpose of handling your enquiry.

Contact form / email

Handling your enquiry

The data processed includes, in particular, name, contact details, content of the enquiry, any deadlines, relevant tax years and other information voluntarily provided.

The legal basis is Art. 6(1)(b) GDPR where the enquiry is aimed at establishing a mandate. In other cases, Art. 6(1)(f) GDPR may apply.

WhatsApp

Communication via WhatsApp

If you contact the practice via WhatsApp, the data transmitted there will be processed for the purpose of handling your enquiry. Please do not send sensitive documents, tax assessments, German tax identification numbers, bank details or confidential mandate documents via WhatsApp.

Important note

No mandate by merely making contact

Contacting the practice via this website does not yet establish a tax advisory mandate. A mandate is only created after explicit acceptance, agreement on the scope of work and conclusion of a mandate agreement.

6. Microsoft 365, Teams, Bookings, OneDrive, Forms and SharePoint

Microsoft services may be used for practice organisation, communication, appointment booking, video calls and document management.

Communication

Microsoft Outlook and Teams

When communicating by email or video call, name, email address, communication content, technical connection data and further voluntarily provided information may be processed.

Appointment booking

Microsoft Bookings

When using the appointment booking function, information such as name, contact details, appointment request and voluntary information regarding the enquiry may be processed.

Documents

OneDrive and SharePoint

OneDrive and SharePoint may be used for internal storage and processing of documents. Mandate data, contact data and communication data may be processed in this context.

Contact form

Microsoft Forms

Microsoft Forms may be used for structured mandate enquiries. The information entered by you is processed, in particular your name, contact details, information on the enquiry, relevant tax years and voluntary information on the matter. Please do not initially submit tax assessments, German tax identification numbers, bank details, health data or other particularly confidential mandate documents via Microsoft Forms.

Legal basis

Mandate and practice organisation

The legal bases are, in particular, Art. 6(1)(b), (c) and (f) GDPR. Processing serves the handling of enquiries, the performance of mandates and secure practice organisation.

Microsoft

Processing by Microsoft

When accessing Microsoft Forms, Microsoft Bookings or other Microsoft services, data may be transmitted to Microsoft. Microsoft's privacy information also applies.

7. Lexware Office

Invoices / practice administration

Use of Lexware Office

Lexware Office may be used for invoicing, payment monitoring and internal practice administration processes. In particular, name, address, contact details, service data, invoice data and payment information may be processed.

The legal bases are, in particular, Art. 6(1)(b) and (c) GDPR as well as Art. 6(1)(f) GDPR.

8. Cookies, analytics and external services

Technically necessary

Necessary technologies

Where technically necessary cookies or comparable technologies are used, they serve in particular to provide the website and ensure security. The legal basis is Art. 6(1)(f) GDPR; access to end devices is subject to the requirements of Section 25 TDDDG.

Analytics

Hostinger analytics

Hostinger may provide technical analytics functions for a general evaluation of website use. Where no personal data is processed or no cookies are set in this context, separate consent is generally not required.

Google Analytics

Only with consent

Google Analytics is used only where valid prior consent has been obtained. The legal basis is then Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Google Maps

Map integration

Google Maps is loaded, where used, only after active consent has been given. Before that, no direct connection to Google Maps is established via the map integration.

9. Social media and external profiles

This website may link to external social media profiles, in particular LinkedIn, Instagram or Facebook. Merely visiting this website does not transmit any data to these providers, provided that no active content is embedded.

External links

Accessing external platforms

If you click on a link to an external platform, you leave this website. The respective platform provider is generally responsible for any subsequent processing of personal data.

10. Use of AI-supported tools

Internal practice support

No unrestricted input of confidential mandate data

AI-supported tools may be used internally to support drafting, structuring, research or work aids. Personal data, mandate data or confidential documents are processed in this context only where there is an appropriate legal basis and professional as well as data protection requirements are complied with.

Tax assessments, German tax identification numbers, bank details, health data, contractual documents, receipts or other confidential mandate information are not entered into freely accessible AI services without a separate prior assessment.

11. Retention period

Personal data is stored only for as long as this is necessary for the respective purposes or as long as statutory retention periods apply.

Deletion / retention

Mandate and business documents

Where commercial, tax, professional or other statutory retention obligations apply, data is stored for the duration of these periods. Otherwise, data is deleted as soon as the purpose of processing no longer applies and no retention obligations or legitimate interests prevent deletion.

12. Your rights

Data subjects have, subject to the statutory requirements, in particular the following rights:

Access

Art. 15 GDPR

Right of access to the personal data processed.

Rectification

Art. 16 GDPR

Right to rectification of inaccurate or incomplete data.

Erasure / restriction

Art. 17 and Art. 18 GDPR

Right to erasure or restriction of processing.

Objection

Art. 21 GDPR

Right to object to certain processing activities.

Portability

Art. 20 GDPR

Right to data portability where the requirements are met.

Consent

Withdrawal

Consent once given may be withdrawn at any time with effect for the future.

13. Right to lodge a complaint with the supervisory authority

Supervisory authority

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestraße 2–4
40213 Düsseldorf
Germany

Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

Legal notice

Provider identification and professional regulatory information of the practice.

Legal notice →

Contact

Contact options for tax enquiries and mandate enquiries.

Contact page →

Become a client

Information on the process of becoming a client.

Become a client →