23 Min.

Privacy Notice – Convenience Translation

Thank you very much for your interest in our company. Data protection has a very high priority for wundertax GmbH (hereinafter referred to as „wundertax GmbH“ or “we”). The processing of personal data, such as name, address, e-mail address or telephone number, is always carried out in accordance with the basic data protection regulations and in compliance with the country-specific data protection regulations applicable to us.

With this privacy policy we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us and about your right as a data subject.

Important note: This privacy notice is a convenient translation of the privacy policy on the website in German language. In case of doubt, the German language privacy policy will always apply: https://wundertax.de/datenschutz/

1. Data controller and Contact Data

Responsible for the data processing on the website and its subsites is wundertax GmbH, Berliner Str. 80-82, 13189 Berlin, Deutschland, E-Mail: support@wundertax.com.

2. Usage Data

Our websites collect a number of usage data and information with every visit. This usage data and information are stored in the log files of our servers:

  • the browser types and versions used
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches our website (so-called referrer),
  • the sub-websites which are accessed via an accessing system on our website,
  • the date and time of access,
  • an Internet Protocol (IP) address,
  • the Internet service provider of the accessing system and
  • other similar data and information which serve to prevent danger in the event of attacks on our information technology systems.

This information is required to correctly provide the contents of our website, to ensure the permanent functioning of our information technology systems and the technology of our website, and to provide law enforcement agencies with the information necessary for prosecution in the event of a cyber-attack. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for the collection of the IP address is art. 6 para. 1 lit. f) GDPR. The legitimate interest is to detect attacks on the website and to be able to eliminate them effectively. After a period of 8 weeks the IP address will be deleted or anonymized.

3. Registration and Tax Return

If you wish to use the application offered on the website to prepare a tax return, prior registration is required. During the registration process, it is necessary to enter your e-mail address and a password of your choice. To ensure the security of this data, the chosen password is not stored anywhere in plain text - it is therefore not known to anyone (except the client himself).

Please note: By registering on our website, you can also use all our other services. You can find an overview of our other tax tools at wundertax.de/en.

In order to use our application for the preparation of a tax return after registration, it is necessary to provide personal data. This is necessary to be able to prepare the online tax return and fulfil the contract. This refers to the following personal data:

  • First name/last name
  • Age
  • e-mail address
  • Address
  • Phone number
  • Date of birth
  • Marital status
  • Bank details
  • Tax number
  • Tax identification number
  • other tax-relevant information that you provide in your tax return

The legal basis for the processing is art. 6 para. 1 sentence 1 lit. b) GDPR (processing is necessary for the performance of a contract with the data subject).

Your input data for your tax return will remain stored for the duration of your registration, so that you can conveniently interrupt the entry of your tax return and continue it later or create your tax return based on the data of the previous year without having to re-enter all the data again.

4. Transmission to Tax Authorities

The transmission of the data entered as part of the online tax return to the responsible tax authority will only take place with your explicit consent in accordance with art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future. Please note that once the tax return has been submitted to the tax authorities, the revocation can no longer have any effect.

Please also note the following additional data protection notice from the tax authorities:

“This software is used to collect personal data within the meaning of art. 4 lit. 1 of the General Data Protection Regulation (GDPR) and art. 9 para. 1 GDPR for the purpose of processing. In addition to the pure data required for tax assessment, the software collects data on the type of the user’s operating system and transmits this data to the tax authorities. This data is required to ensure the proper processing of the data and to prevent errors in the processing. The use of the data takes place within the framework of art. 6 para. 1 sentence 1 lit. e) in conjunction with para. 3 sentence 1 lit. b) GDPR in conjunction with federal or state tax laws by the tax authorities and only for the stated purpose.”

5. Processing of Special Categories of Personal Data

As part of the preparation of the online tax return, it is also necessary to collect and process so-called special categories of personal data (according to art. 9 GDPR). These are data on religious beliefs (e.g. regarding church tax liability), trade union membership and health. To obtain your consent to the processing of special categories of personal data, we use the following wording:

„I agree to the requesting and handling of my personal data by wundertax GmbH regarding Religion, Trade Union Membership, and health to the purpose of generating my income tax declaration as well as forwarding that prepared declaration to the responsible tax authority.“

The legal basis for the processing described above is art. 9 para. 2 lit. a) GDPR (the data subject has given his consent to the processing for one or more specific purposes). You can revoke your consent at any time with effect for the future. Please note that in these cases, the tax return may not be completed sufficiently and no transmission to the tax authorities can take place. After transmission to the tax authorities, the revocation of your consent to data transmission can also no longer have any effect.

6. E-mail-Newsletter, Tax Tips and Advertising

If you registered yourself on our website to receive our newsletter, we will use your e-mail address to send you the newsletter and our tax tips. Our newsletter informs you regularly about new offers from wundertax GmbH and its partners as well as changes or new functions in our tax software. The tax tips provide you with information on the topics of taxes, tax returns and finances. Newsletters and tax tips can contain links to our website, our blog or to interesting third-party sites. The legal basis is art. 6 para. 1 sentence 1 lit. a) GDPR (The data subject has given his or her consent to processing for one or more specific purposes).

Within the scope of the newsletter registration we also store further data, as far as these are necessary to prove the newsletter registration (e.g. your IP address as well as a copy of the confirmation mail sent by us). The data processing is based on art. 6 para. 1 lit. f) GDPR in the interest of being able to give an account of the legality of the newsletter mailing.

If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we also reserve the right, within the framework of the legal provisions, to send you advertising by e-mail for our own similar goods and services, as well as those already purchased, from our range of products. We will inform you of this during the ordering process. The legal basis is then art. 6 para. lit. f) GDPR (processing is necessary to protect the legitimate interests of the person responsible). Our legitimate interest is in direct advertising. You can object to this use of your e-mail address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.

Of course, you can always click on the unsubscribe link included in every newsletter, tax tip or e-mail advertisement and thus unsubscribe from the newsletter, tax tips or e-mail advertisement. We regard the unsubscription as a revocation of your consent or objection to the data processing. In this case we will immediately delete all data related to the sending of the newsletter and the tax tips. An exception to this is data that we require to prove your newsletter registration (e.g. your IP address and a copy of the confirmation e-mail we sent). Due to the statutory limitation periods, a deletion period of three years is provided for this data. The data processing is based on art. 6 para. 1 lit. f) GDPR in the interest of being able to account for the legality of the newsletter dispatch.

7. Cookies and Tracking-Tools

Our websites use cookies and similar technologies. Cookies are text files which are filed and stored on a computer system via your browser. Numerous internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign Internet pages and servers to the specific browser in which the cookie was stored. This enables the Internet pages and servers visited to distinguish the individual browser of the person concerned from other browsers that contain other cookies. A specific browser can be recognized and identified by the unique cookie ID.

7.1. Necessary Cookies

Certain cookies are required to enable user guidance, security, and implementation of the website. wundertax GmbH uses these cookies based on art. 6 para. 1 lit. f) GDPR and in the interest of optimizing or enabling user guidance and adapting the presentation of the website.

We use the following cookies for this purpose:

Name Purpose Expiration Date
complianceCookie Currently saving the cookie accepts data 1 year
__cfduid Used for routing and attack protection 1 month
_studyclever_session Contains the current user session 2 years
current_step Step in the tax return process 1 year
auth_token Contains the current token with the authentication. Only works together with the user session 2 years

If Google Maps is used to calculate the distance, the request leads to the reloading of content from Google LLC, Mountain View, CA, USA (“Google”). Google thereby receives the information that you have surfed on our site as well as the usage data technically required in this context. We do not have any influence on the processed data by Google. The embedding takes place based on art. 6 para. 1 lit. f) GDPR and in the interest of being able to provide you with the distance calculation for your tax return.

We also use a tool from Cloudfare, Inc. to optimize network resources and a tool from Bugsnag, Inc. for error monitoring and reporting.

Please note that embedding the map service and using these services means that your data will be processed outside the EU/EEA. In some countries there is a risk that authorities may access the data for security and monitoring purposes without informing you or giving you the right to appeal.

You can prevent the Internet browser from setting cookies at any time by selecting the corresponding setting and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the cookies’ settings in the Internet browser used, it is possible that not all functions of the website can be used to their full extent.

7.2. Performance-Cookies

In addition, wundertax GmbH uses third-party cookies for analysis and advertising purposes in order to statistically evaluate user behavior on the website and to display targeted advertising to users based on their preferences and interests. The data processing described above will only take place if you have given your consent to our cookie banner setting in accordance with art. 6 para. 1 lit. a) GDPR.

If in this context data is processed outside the EU/EEA, note that there is a risk that foreign authorities may access the data for security and monitoring purposes without informing you or giving you the right to appeal. If we use providers in insecure third countries and you agree to the storage of cookies in the cookie banner, the transfer to a third country is always based on art. 49 para. 1 lit. a) GDPR.

The consent can be revoked at any time with effect for the future. In this case, your data will be deleted immediately. Furthermore, you can prevent the storage of cookies by adjusting your browser software accordingly.

To exercise your right of revocation, you can change your settings here:

The following tracking tools are used:

7.2.1. Google Analytics and Google Remarketing

This website uses, via the Google Tag Manager, the analysis tool Google Analytics, a web analysis service of Google LLC, Mountain View, CA, USA (“Google”). The information generated by the usage cookie of this website is usually transferred to a Google server in the USA and stored there. Since IP anonymization is set on the website, your IP address is shortened beforehand. Only in exceptional cases the full IP address is transferred to a Google server in the USA and shortened there. On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity, and Internet usage. In addition, Google may also use the data for its own purposes and may link it to other data records, e.g. your search history. We have no influence on this as the data processing is done by Google.

Provided that data is transferred to Google LLC in the United States as a third country with a lower level of data protection than in the EU, we have concluded standard contractual clauses with Google to ensure an appropriate level of data protection.

The cookies expire after 90 days at the latest.

In addition to the revocation option explained above, you can prevent the processing of your data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

The website also uses the advanced Google Analytics remarketing and advertising functions. The remarketing and advertising functions enable the analysis and placement of optimized, interest-based advertising on other websites within the Google display network (on Google itself, so-called “Google ads” or on other websites) based on previous visits of a user to the website. Google Analytics uses a third-party cookie from DoubleClick to analyze data on the surfing behavior of users on various websites. This data can be used, among other things, to make statements about demographic data and areas of interest of website users.

The associated cookies expire after one year at the latest.

In addition to the revocation option explained above, you can deactivate interest-based ads on Google as well as interest-based Google ads on the web (within the Google display network) in your browser by activating the “Off” button at http://www.aboutads.info/choices/ or http://www.google.com/settings/ads/onweb/?hl=de or by deactivating it at www.google.de/settings/ads. For more information about your options and Google’s privacy policy, please visit https://www.google.de/intl/de/policies/privacy/?fg=1.

7.2.2. Facebook Events

The website also uses Facebook tracking technologies for analysis and marketing purposes. These technologies enable and target advertisements on Facebook and the companies associated with Facebook, if you have previously visited our websites or acted on our websites. In addition, we can record and statistically evaluate the effectiveness of our advertisements on Facebook, e.g. if you clicked on an advertisement from us.

The use of Facebook Events involves the transmission of various data (Facebook user ID, usage data, pixel ID, referrer URL, interactions with advertisements, services, products, and content viewed, IP address, device and browser information and geographic location) to Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland, and its parent company Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. Data is thus transferred to third countries where the level of data protection is lower than in the EU. Facebook can assign your user actions to your Facebook account and evaluate them statistically. Please note that we have no influence on data processing by Facebook, in particular on data transfers from Facebook to other data recipients. You can find Facebook’s privacy policy at: https://de-de.facebook.com/policy.php and the cookie policy at: https://facebook.com/policies/cookies/?locale=de_DE.

Regarding data processing with Facebook, we act as joint controllers in accordance with art. 26 GDPR. The agreement on this can be found at https://www.facebook.com/legal/controller_addendum. To exercise your rights, you can contact us as well as Facebook directly.

The Facebook cookies expire after one year at the latest.

In addition to the revocation option explained above, you can prevent data processing as a logged in Facebook user by setting an opt-out cookie at https://www.facebook.com/ads/preferences/.

7.2.3. Bing Tracking

The website also features Bing technologies from Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. (“Microsoft”). These technologies allow us to analyze user behavior based on pseudonymous user profiles, including identifying who has clicked on an advertisement from us at Bing, and to display targeted advertisements to users.

With the use of Bing, various data is transferred to Microsoft in the USA. As a result, data is transferred to third countries with a lower level of data protection than in the EU. If necessary, Microsoft will evaluate your data, use it for its own purposes and link it to other data records, e.g. your search history. Please note that we have no influence on this. You can find Microsoft’s privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.

The associated cookies expire after 1 year at the latest.

We enable you to use social plugins. However, for reasons of data protection, we only integrate the social plugins we use in a deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services. However, you have the possibility to activate and use the social plugins integrated on our websites. Only when you decide to activate the respective social plugin and click on the corresponding thumbnail or icon, the social media service will receive your IP address in particular and, among other things, information about your visit to our websites based on your consent in accordance with art. 6 para. 1 sentence 1 lit. a) GDPR. This occurs regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile. Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create user profiles from your data and use them for the purpose of personalized advertising. Furthermore, your data will be used to inform other users of the social media service about your activities on our websites.

Please note that the embedding of many social plugins means that your data is processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without informing you or giving you a right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is based on art. 49 para. 1 lit. a) GDPR.

If you no longer wish that your personal data is processed by the activated Social Plugins, you can prevent future processing by no longer clicking on the preview image or icon of the respective Social Plugin.

The icons of LinkedIn, Xing, and Twitter, on the other hand, are simply links, which do not transmit any personal data to the website operators.

9. Applications and Job Portal

Under the tab “Open positions” you have the possibility to apply directly online for a position with GmbH.

In order to carry out the application procedure and possible establishment of an employment relationship, the personal data that you provide in connection with an application (cover letter, CV, certificates, qualifications) is processed. Name, e-mail address and telephone number are also processed as mandatory data. The legal basis for data processing is § 26 para. 1 sentence 1 BDSG. The provision of the data is necessary to establish the employment relationship and thus to conclude a possible employment contract. If you do not provide the data, we may not be able to consider you in the application process.

If you voluntarily provide us with additional information beyond the mandatory data, the data processing is based on your consent in accordance with art. 6 para. 1 lit. a), 7 GDPR, § 26 Para. 2 BDSG. There is no obligation to provide this information. If you do not provide it, you do not have to fear any negative effects on your chances in the application process.

All transferred data concerning an application will be deleted six months after the application decision. Documents of successful applications that lead to an employment relationship are transferred to the personnel files instead. In the case of refusal, individual data may be stored for a longer period of time in individual cases in accordance with art. 6 para. 1 lit. f) GDPR, provided that this is necessary for the exercise, assertion or defence of legal claims. The legitimate interest in longer storage results from effective legal prosecution.

In the case that wundertax GmbH would like to keep your application documents for a possible later vacancy, longer storage (usually for a maximum of two years) will only take place on the basis of a consent given separately by you in accordance with art. 6 para. 1 lit. a), art. 7 GDPR, § 26 para. 2 BDSG. You can revoke this consent at any time with effect for the future.

Of course, we will treat your data and documents strictly confidentially!

10. Customer Service

You have the possibility to contact us via the support address support@wundertax.com. We process your e-mail address, your request and correspondence on the basis of art. 6 para. 1 sentence 1 lit. f) GDPR in order to answer your request. The provision of this data is necessary to process your request. Furthermore, you can decide for yourself whether you wish to provide further information. This information is provided voluntarily and is not mandatory for contacting us. Your voluntary details will be processed based on your consent in accordance with art. 6 para. 1 lit. a) GDPR.

Insofar as your data is processed on the basis of art. 6 para. 1 sentence 1 lit. f) GDPR, you can object to the processing at any time. In addition, you can revoke your consent to the processing of voluntary information at any time. Your data will be deleted if you object / revoke your consent or if they are no longer required and no legal obligations to retain them exist.

11. Data Transfer to Third Parties / Recipients

Your personal data will only be passed on or transmitted to third parties by us if this is necessary for the fulfilment of the contract with you, if we have a legitimate interest, if you have given your consent and/or if we are obliged to do so by law or by official or court orders. Your personal data will only be transmitted for the purposes described above (e.g. to tax authorities for the transmission of tax returns or banks for the collection of our fees).

Service providers that we use (in particular in the IT sector) only receive the necessary data from us, act in accordance with instructions and are contractually obliged to protect your personal data.

It may also occur that personal data must be transferred, in particular to service providers in third countries (outside the EU/EEA), where the level of data protection is lower than in the EU. This may result in access by security authorities or the restriction of rights of data subjects without you being specifically informed about this. If there is no EU adequacy decision for the country, we provide suitable guarantees to ensure an adequate level of data protection, in particular by concluding so-called standard contractual clauses. Further information on this and, if necessary, copies of these can be obtained on request from our data protection officer (see No. 15).

12. Deletion of Data

If not already explained in detail in the individual paragraphs, the following applies with regard to data deletion: Even without a special request, we comply with our obligations to delete personal data (e.g. in accordance with art. 17 GDPR) and therefore store data only for as long as is necessary to provide the requested service or for the respective purpose. Please note, however, that deletion is replaced by a blockage or restriction of processing, insofar as deletion is opposed to legal storage obligations which we must fulfil or limitation periods. For example, according to the legal regulations in § 257 HGB, we must store contract-related communications for a period of up to ten years.

13. Encryption and other Security Measures

wundertax GmbH has implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. All data that you enter and store during the online tax return is subject to the strictest security regulations. The data is transmitted exclusively via an encrypted connection. By double-clicking on the lock symbol in the status bar at the bottom of your browser, you can check at any time that your data is only transferred in encrypted form to a certified web server authorized by us.

14. Your Rights

You have the following rights regarding your personal data if the respective conditions are met:

Right of access (art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right of access to this personal data and to the information specified in art. 15 GDPR.

Right of rectification (art. 16 GDPR): You have the right to request without delay the rectification of incorrect personal data concerning you and, if necessary, the completion of incomplete data.

Right of erasure (art. 17 GDPR; “right to be forgotten”): You have the right to request that your personal data is erased immediately if one of the reasons listed in art. 17 GDPR applies.

Right to restriction of processing (art. 18 GDPR): You have the right to request that the processing be restricted if one of the conditions listed in art. 18 GDPR applies.

Right to data portability (art. 20 GDPR): In certain cases, which are listed in detail in art. 20 GDPR, you have the right to obtain your personal data in a structured, common, and machine-readable format or to request the transfer of such data to a third party.

Right to lodge a complaint with a data protection supervisory authority: You also have the right to complain to a data protection supervisory authority in the Member State in which you are resident, your place of work or the place of the alleged breach about the processing of your personal data by us if you consider that the processing of personal data concerning you is unlawful.

Right of revocation in case of consent (art. 7 para. 3 GDPR): If you have given your consent to wundertax GmbH to process your data, you may revoke it at any time with effect for the future. The lawfulness of the processing of your data until revocation remains unaffected.

Right of objection (art. 21 GDPR): If data are processed based on art. 6 para. 1 sentence 1 lit. e) or f) GDPR (especially in the case of direct advertising), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

To assert your rights as a data subject, please contact the wundertax GmbH. You can use the contact data mentioned above (No. 1).

15. Contact details of the data protection officer

You can contact our data protection officer directly at any time with all questions regarding data protection at: heyData GmbH, Schützenstraße 5, 10117 Berlin, hey@heydata.eu.