The protection and security of your personal data is of the highest priority to us. This privacy policy provides an overview of what happens to your personal data when you visit our website “steuerexperten.at” or get in touch with us. Personal data is any data that can be used to personally identify you.
We process your data exclusively on the basis of applicable legal provisions, in particular the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Telecommunications Act 2021 (TKG 2021). As a tax consulting firm, we are also subject to strict professional confidentiality obligations pursuant to Section 80 of the Austrian Act on Tax Advisors and Public Accountants (WTBG 2017).
The entity responsible for data processing on this website is named in the following section “Controller and Contact”.
When visiting the website: Our web server automatically stores technical data (so-called server log files), such as your IP address, browser type and the time of access. This data is necessary to provide the website securely and functionally.
When contacting us: If you contact us by email, via our contact form or via WhatsApp, we process the data you provide (e.g. name, email address, enquiry) in order to handle your request.
In the online shop: If you book consulting services via our shop, we process your order and payment data for the purpose of contract fulfilment.
For website optimisation (only with your consent): If you give us your consent, we use cookies and the analytics tool Matomo to understand how our website is used. Without your consent, no analysis takes place.
You have the right at any time to access, rectify, delete and restrict the processing of your data. You may also object to processing or revoke a given consent. Detailed information about your rights can be found in the section “Your Rights as a Data Subject”.
The controller responsible for processing your personal data within the meaning of the GDPR is:
steuerexperten.at Steuerberatung GmbH
Rosenbursenstraße 2/21
1010 Vienna, Austria
Phone: +43 1 512 5009
Email: office@steuerexperten.at
Website: www.steuerexperten.at
Our company is currently not legally required to appoint a data protection officer. If you have any questions about data protection, you can contact us at any time using the contact details above.
As a person affected by data processing, you have comprehensive rights. To exercise these rights, please contact the controller named above.
Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed. If so, you have the right to access this data and to receive further information about the purpose of processing, the categories of data, the recipients and the planned retention period.
Right to rectification (Art. 16 GDPR): You have the right to request the immediate rectification of inaccurate personal data concerning you.
Right to erasure (Art. 17 GDPR): You may request the deletion of your data, provided there is no legitimate reason for continued storage (e.g. statutory retention obligations or the assertion of legal claims).
Right to restriction of processing (Art. 18 GDPR): Under certain conditions, you may request that the processing of your data be restricted.
Right to data portability (Art. 20 GDPR): You have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller.
Right to object (Art. 21 GDPR): If we process your data on the basis of our legitimate interests (Art. 6(1)(f) GDPR), you may object to this processing at any time for reasons arising from your particular situation.
Right to withdraw consent (Art. 7(3) GDPR): If you have given us consent for processing, you may withdraw it at any time with effect for the future. The lawfulness of the processing carried out prior to the withdrawal remains unaffected. You can most easily withdraw your consent regarding cookies via our cookie settings (link in the footer).
Right to lodge a complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us in Austria is:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at
Our website is hosted by World4You Internet Services GmbH, an Austrian hosting provider with data centres in Vienna, Linz and Vösendorf (Austria). All data therefore remains exclusively within Austria and the EU.
We have concluded a data processing agreement (DPA) with World4You in accordance with Art. 28 GDPR. The legal basis for the use of the hosting service is our legitimate interest in the secure and efficient operation of our website (Art. 6(1)(f) GDPR).
Each time our website is accessed, our system automatically collects data and information from the accessing computer. The following data is collected:
The storage of this data in log files is technically necessary to ensure the functionality, stability and security of our website. The legal basis is our legitimate interest in the secure and proper operation of our online services pursuant to Art. 6(1)(f) GDPR. The log files are deleted after no more than three months, unless longer retention is required for the investigation or prosecution of security incidents.
If you contact us via the contact form, the appointment request form on our website or by email, we process the personal data you submit (e.g. salutation/gender, name, email address, phone number, preferred language, your message).
This processing serves exclusively to handle your enquiry and the associated communication. The collection of salutation/gender serves the purpose of correct personal address; the preferred language enables us to respond in your desired language (German, English, Russian).
If your enquiry constitutes a measure to initiate a client relationship, the legal basis is Art. 6(1)(b) GDPR (pre-contractual measures). For general enquiries, we base the processing on our legitimate interest in efficient and professional communication (Art. 6(1)(f) GDPR).
All enquiries are of course treated in compliance with our professional confidentiality obligations. Your data will be deleted once your enquiry has been fully processed and no statutory retention obligations (in particular under the Austrian Commercial Code (UGB) and the Austrian Federal Fiscal Code (BAO)) or contractual requirements necessitate longer storage. As a rule, deletion takes place six months after the conclusion of the communication.
You have the option of contacting us via the messenger service WhatsApp. WhatsApp is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platforms, Inc., USA.
When you contact us via WhatsApp, your message, phone number and, where applicable, your profile name are transmitted to WhatsApp. Meta Platforms may transfer data to the USA. This transfer is safeguarded on the basis of the EU-US Data Privacy Framework (adequacy decision of the European Commission pursuant to Art. 45 GDPR). Further information on data processing by WhatsApp can be found in WhatsApp’s privacy policy at https://www.whatsapp.com/legal/privacy-policy-eea.
The legal basis for processing is your consent (Art. 6(1)(a) GDPR), which you grant by actively initiating contact via WhatsApp. We recommend not transmitting sensitive personal data (e.g. tax IDs, income documents) via WhatsApp.
You can book consulting services via our online shop. For this purpose, we process the data required for contract fulfilment, such as name, email address, billing address and payment information.
The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Where tax or commercial law retention obligations apply, storage is carried out pursuant to Art. 6(1)(c) GDPR (legal obligation) for the legally prescribed period (at least 7 years under the UGB and BAO; in the event of legal disputes, up to 30 years under the Austrian Civil Code (ABGB)).
Stripe: For the processing of card payments, we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. When paying by card, your payment data is transmitted directly to Stripe. Stripe is PCI-DSS certified. A transfer to the USA may take place on the basis of the EU-US Data Privacy Framework. Further information: https://stripe.com/at/privacy.
PayPal: Alternatively, we offer payment via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. When selecting this payment method, you will be redirected to the PayPal website and your payment data will be processed directly by PayPal. A transfer to the USA may take place on the basis of the EU-US Data Privacy Framework. Further information: https://www.paypal.com/at/legalhub/privacy-full.
The legal basis for sharing data with payment service providers is Art. 6(1)(b) GDPR (performance of a contract).
If you apply for a position with us, we process your application data (e.g. CV, certificates, contact details) for the purpose of conducting the application process. The legal basis is Art. 6(1)(b) GDPR (initiation of an employment contract). Your data will be treated in strict confidence. If no employment relationship is established, your documents will be deleted six months after completion of the application process in order to defend against any claims under the Equal Treatment Act (GlBG).
For digital communication with our clients, we use the steuerexperten.PRO platform, which is based on BMD COM technology. Via this platform, clients can exchange documents and communicate with our firm.
The processing of data transmitted within the scope of the client relationship is based on the engagement agreement (Art. 6(1)(b) GDPR) and for the fulfilment of legal obligations (Art. 6(1)(c) GDPR). The platform is operated on servers in Austria and the EU. The professional confidentiality obligations pursuant to Section 80 WTBG 2017 apply.
Our website uses cookies and similar technologies. Cookies are small text files stored on your device. They serve to make our website more user-friendly, effective and secure.
We use the WordPress plugin Complianz as our consent management tool. On your first visit to our website, a cookie banner is displayed through which you can choose which cookie categories you wish to allow. Both options (“Accept” and “Deny”) are presented to you equally and without any design preference. Your decision is stored for 12 months.
You may withdraw your consent at any time with effect for the future or adjust your settings. Please use the “Adjust cookie settings” link in the footer of our website. You may also delete cookies at any time in your browser settings.
We distinguish between the following categories of cookies:
Strictly necessary cookies (Functional): These are essential for the basic operation of the website and its core functions (e.g. page navigation, storage of cookie consent). Without these cookies, the website cannot function properly. Their use is based on our legitimate interest (Art. 6(1)(f) GDPR) and in accordance with Section 165(3) TKG 2021 (technically necessary storage).
Preference cookies (Preferences): These cookies store your settings, such as your preferred language (German, English, Russian). They enable a personalised user experience. Their use is based on your consent (Art. 6(1)(a) GDPR).
Statistics cookies (Statistics): These cookies help us understand how visitors interact with our website by collecting and analysing information in pseudonymised form (see Section 7 – Matomo). Their use is based on your consent (Art. 6(1)(a) GDPR).
Marketing cookies (Marketing): These cookies are used to make advertising more relevant to you and to measure the effectiveness of advertising campaigns (see Section 8 – Google Ads / Google Analytics). Their use is exclusively based on your consent (Art. 6(1)(a) GDPR).
In accordance with Section 165(3) TKG 2021 and the GDPR, preference, statistics and marketing cookies as well as other non-essential technologies are only used on the basis of your active and informed consent.
Only after you have given your consent (Art. 6(1)(a) GDPR) do we use the open-source tool Matomo for statistical analysis of website usage. Matomo is operated on our own servers at World4You in Austria, meaning no data is shared with third parties.
When you give your consent, a Matomo cookie is stored on your device. We use it to collect pseudonymised usage data such as pages visited, time spent on site, devices and browsers used, and your IP address. To protect your privacy, your IP address is immediately anonymised before storage (by truncating the last two bytes), so that it is no longer possible to directly identify you.
The data collected in this way helps us analyse the use of our website and continuously improve our services. Processing only takes place for as long as your consent is in effect.
Only after you have given your consent (Art. 6(1)(a) GDPR) do we use services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Analytics is a web analytics service that uses cookies to evaluate the use of our website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the EU. However, a transfer to the USA may occur. Google is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection (adequacy decision of the European Commission pursuant to Art. 45 GDPR).
We use Google Analytics with the IP anonymisation feature enabled. This means your IP address is truncated by Google within the EU and only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
We use Google Ads to draw attention to our services through advertising on external websites. When you reach our website via a Google ad, a conversion tracking cookie is stored on your device. This cookie expires after 30 days and is not used for personal identification. It enables us and Google to track whether certain actions (e.g. clicking on an ad) led to a conversion (e.g. making contact).
Further information on data protection at Google: https://policies.google.com/privacy. You may withdraw your consent at any time via our cookie settings in the footer of the website.
This website uses the fonts “Open Sans” and “Montserrat” from the Google Fonts service for a uniform display of typefaces, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you access a page, your browser loads the required fonts directly from a Google server. In doing so, your IP address is transmitted to Google. Google may forward this data to servers in the USA. The transfer is safeguarded on the basis of the EU-US Data Privacy Framework (adequacy decision of the European Commission pursuant to Art. 45 GDPR).
The use of Google Fonts is based on our legitimate interest in a uniform and appealing presentation of our online services (Art. 6(1)(f) GDPR).
Note: We are currently working on switching to local hosting of the fonts (Open Sans and Montserrat) in order to avoid the transmission of your IP address to Google in the future. This privacy policy will be updated accordingly once the switch has been completed.
We use the mapping service Google Maps on our website, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When the map is loaded, data (in particular your IP address and location data) is transmitted to Google servers. A transfer to the USA may occur. The transfer is safeguarded on the basis of the EU-US Data Privacy Framework (adequacy decision pursuant to Art. 45 GDPR).
The integration is based on your consent (Art. 6(1)(a) GDPR), which you give via our cookie banner. Further information: https://policies.google.com/privacy.
To protect our online forms from misuse by automated bots and spam, we use the service hCaptcha. The provider is Intuition Machines, Inc., a US-based company. We use hCaptcha in a privacy-friendly configuration in which data processing can take place on servers within the European Union.
The use of hCaptcha is exclusively based on your consent (Art. 6(1)(a) GDPR), which you give via our cookie banner. If you consent, hCaptcha analyses your behaviour on the website using various characteristics (e.g. mouse movements, IP address) to determine whether the input is made by a human or a bot. Without your consent, the protection of our forms cannot be guaranteed, which may restrict their use.
We maintain publicly accessible profiles on the following social networks:
When you visit one of our social media profiles, the respective platform operator and we may jointly process your personal data. The respective operator of the social media platform is the primary controller for data processing within the platform.
With regard to Facebook fan pages, there is a joint controllership with Meta Platforms Ireland for data collected during a page visit, in accordance with the case law of the CJEU (judgment of 5 June 2018, C-210/16). Meta provides so-called “Page Insights”, which we use to optimise our services.
The legal basis for processing is our legitimate interest in effective public relations and communication (Art. 6(1)(f) GDPR). A transfer to the USA may take place on the basis of the EU-US Data Privacy Framework.
(Note: This section will be activated once the newsletter service has been set up.)
We plan to offer you the opportunity to subscribe to our newsletter in the future. Registration will take place via a double opt-in procedure: after entering your email address, you will receive a confirmation email. You will only be added to the mailing list after clicking the confirmation link.
The newsletter is sent via our own server infrastructure at our hosting provider World4You in Austria. No data is shared with third-party newsletter services. We store your email address, the time of registration and confirmation, and, if provided, your name.
The legal basis is your consent (Art. 6(1)(a) GDPR). You may unsubscribe from the newsletter at any time via the unsubscribe link in each issue or by email to office@steuerexperten.at. Consent to receive the newsletter is logged for verification purposes.
Your personal data will only be disclosed to third parties if this is necessary for the fulfilment of a purpose, required by law, or covered by your consent. Possible recipients include:
Data is generally not transferred to countries outside the EU or EEA (third countries). Where services of US-based providers are used (Google, Meta/WhatsApp, Stripe, hCaptcha), the transfer is based on the EU-US Data Privacy Framework (adequacy decision of the European Commission pursuant to Art. 45 GDPR) or, where applicable, on Standard Contractual Clauses (Art. 46(2)(c) GDPR).
We only store your personal data for as long as is necessary for the respective purposes or as prescribed by statutory retention periods. The following table provides an overview of the main retention periods:
| Data Category | Purpose(s) | Legal Basis | Retention Period |
| Server log files | IT security, stability, error analysis | Art. 6(1)(f) (legitimate interest) | Max. 3 months |
| Contact enquiries | Handling your enquiry | Art. 6(1)(b) / (f) | 6 months after completion |
| Order/payment data (shop) | Contract fulfilment, invoicing | Art. 6(1)(b) / (c) | Min. 7 years (UGB/BAO), up to 30 years (ABGB) |
| Client & business data | Engagement agreement, statutory retention | Art. 6(1)(b) / (c) | Min. 7 years (UGB/BAO), up to 30 years (ABGB) |
| Analytics data (Matomo) | Website optimisation | Art. 6(1)(a) (consent) | Max. 12 months |
| Marketing data (Google) | Ad measurement, conversion tracking | Art. 6(1)(a) (consent) | Per Google policies, max. 14 months |
| Application data | Application process | Art. 6(1)(b) | 6 months after completion |
| Consent status (cookie banner) | Proof of consent obligation | Art. 6(1)(c) | 12 months |
We implement comprehensive technical and organisational security measures (TOMs) to protect your data against loss, destruction, unauthorised access and manipulation. Our security measures are continuously improved in line with technological developments. These include, among others, the use of encryption technologies (SSL/TLS), access controls and regular security reviews.
We reserve the right to amend this privacy policy as necessary in order to adapt it to changed legal situations or changes to our services. The version currently published on our website shall apply.