Privacy policy

1. Controller

The controller for data processing on this website is:

2. Data protection officer

You can reach our data protection officer at:

Email: info@baskan.de

3. Overview of processing activities

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of data processed

• Master data (e.g. names, addresses)
• Contact data (e.g. email, phone numbers)
• Content data (e.g. entries in forms)
• Usage data (e.g. pages visited, access times)
• Meta/communication data (e.g. device information, IP addresses)
• Contract data (e.g. contract subject, duration)
• Payment data (e.g. bank details, payment history)
• Tax data (e.g. income information, receipts)

Categories of data subjects

• Prospects
• Clients / customers
• Users of the website and web app
• Business and contract partners

Purposes of processing

• Provision of tax advisory services
• Contract performance and customer care
• Communication and contact requests
• Security measures
• Reach measurement and marketing
• Administration and answering of inquiries

4. Legal bases

Below you will find an overview of the legal bases under the GDPR on which we process personal data:

• Consent (Art. 6(1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data relating to them for one or more specific purposes.
• Contract performance (Art. 6(1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or to carry out pre-contractual measures.
• Legal obligation (Art. 6(1) sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. statutory retention obligations).
• Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party.

5. Security measures

In accordance with statutory requirements and taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing, as well as the varying likelihoods and severity of the risks to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

The measures include in particular:

• SSL/TLS encryption of data transmission
• Encrypted storage of sensitive data
• Regular security updates and backups
• Access control and authorisation management
• Training of staff on data protection
• Pseudonymisation and anonymisation where possible

6. Data processing when using our services

a) Tax advisory services

To provide our tax advisory services, we process the data provided by you, in particular:

• Personal master data (name, address, date of birth, tax ID)
• Income data and receipts
• Bank details for tax refunds
• Communication data

Legal basis: Performance of a contract (Art. 6(1) lit. b GDPR) and legal obligations (Art. 6(1) lit. c GDPR).

Retention period: The data is stored in accordance with the statutory retention periods for tax advisors (generally 10 years after the end of the mandate).

b) Registration and user account

When registering in our web app, we collect:

• Email address
• Password (stored encrypted)
• Name and, if applicable, further profile information

Legal basis: Performance of a contract (Art. 6(1) lit. b GDPR).

c) Contact

When you contact us (e.g. by email or contact form), the user's details are processed to handle the inquiry.

Legal basis: Legitimate interests (Art. 6(1) lit. f GDPR) or performance of a contract (Art. 6(1) lit. b GDPR).

7. Hosting and servers

Our website and web app are hosted on servers within the European Union. When accessing our services, the following data is automatically recorded in server log files:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the file accessed
• Volume of data transferred
• Notification of successful retrieval
• Browser type and version
• User's operating system
• Referrer URL

Legal basis: Legitimate interests (Art. 6(1) lit. f GDPR) to ensure the security and stability of our services.

8. Cookies and tracking

We use cookies to make our website user-friendly. Cookies are small text files that are stored on your device.

Necessary cookies

These cookies are required for the operation of the website (e.g. session cookies, authentication).

Legal basis: Legitimate interests (Art. 6(1) lit. f GDPR).

Analytics cookies

With your consent, we use analytics cookies to understand and improve the use of our website.

Legal basis: Consent (Art. 6(1) lit. a GDPR).

9. Payment service providers

We use external payment service providers for the processing of payments. The payment data is transmitted directly to the respective provider and processed by them.

Legal basis: Performance of a contract (Art. 6(1) lit. b GDPR).

10. Your rights as a data subject

As a data subject, you have the following rights:

• Right to information (Art. 15 GDPR): You have the right to obtain information about your personal data stored by us.
• Right to rectification (Art. 16 GDPR): You have the right to have inaccurate data rectified.
• Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your data, provided no statutory retention obligations stand in the way.
• Restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your data.
• Data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used format.
• Right to object (Art. 21 GDPR): You have the right to object to the processing of your data where it is based on legitimate interests.
• Withdrawal of consent (Art. 7(3) GDPR): You have the right to withdraw consent given at any time with effect for the future.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.

11. Competent supervisory authority

The data protection supervisory authority responsible for us is:

12. Changes to this privacy policy

We reserve the right to adapt this privacy policy to keep it in line with current legal requirements or to implement changes to our services. The new privacy policy will then apply for your next visit.