Privacy Policy

The following privacy policy informs you about the nature, scope, and purposes of the collection and use of personal data when using this website, as well as your rights.

I. Responsible for Data Processing (hereinafter: "we")

KudTax UG (limited liability)

Mertensstr. 26

13587 Berlin, Germany

Further details and contact options can be found in our provider identification (in the so-called imprint).

II. Personal Data, Purposes of Their Processing, and Legal Bases

Personal data are all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is considered to be one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific features that express the identity of that natural person.

Personal data is processed on our website when this is necessary for the following purposes:

⦁ based on your request and given consent (Legal basis: Article 6(1)(a) of the General Data Protection Regulation – hereinafter: GDPR),

⦁ for the use of the website (Legal basis: Article 6(1)(b) GDPR),

⦁ to safeguard our interest in improving user experience, promoting our services, and/or maintaining the security of use (Legal basis: Article 6(1)(f) GDPR),

⦁ for the use of the services offered on the website as well as for pre-contractual measures, particularly for your inquiries (Legal basis: Article 6(1)(a) and/or Article 6(1)(b) GDPR),

⦁ for concluding and executing a contract (Legal basis: Article 6(1)(b) GDPR) and/or

⦁ to fulfill a legal obligation to which we are subject (e.g., tax or data protection regulations and retention obligations, Legal basis: Article 6(1)(c) GDPR).

Further details on data processing can be found below under the corresponding headings:

1. Access Data / Server Logfiles

When you visit our website, the servers of our website host automatically store the information that your browser sends, so-called server logfiles. Further information from our hoster on this can be found here: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/

The information includes the following: ⦁ Referrer (previously visited website) ⦁ Requested website or file ⦁ Browser type and browser version ⦁ Operating system used ⦁ Amount of data transferred ⦁ Type of device used ⦁ Time of access ⦁ IP address in anonymized form (e.g., by truncating the last digits so that no conclusions about individuals can be drawn)

The temporary processing of this data by the system is necessary to enable the delivery of the website to your device. For this, the IP address must be processed in particular. A combination of this data with other data sources does not take place. The information is used exclusively to monitor our own website traffic and to maintain the technical operation of the servers and network of our host, as well as to prevent abuse. The data will be automatically deleted after 7 days. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter f GDPR.

2. Cookies

Our website uses only technically necessary cookies to provide the basic functions of the website. Other technologies such as local storage or similar storage techniques are not used unless explicitly mentioned below. Furthermore, we only use those such as functional cookies to provide you with the retrieved website along with its functions, § 25 Abs. 2 Nr. 2 TDDDG, Article 6(1)(f) GDPR.

Name

Provider Domain

Purpose

Legal basis

Duration

Info

Insofar as you give consent for optional services, non-essential cookies, the legal basis is § 25 Abs. 1 TDDDG, Article 6(1)(a) GDPR (consent). For this and for the cookies or services used, you can obtain further information at any time from our consent management tool and revoke your consent freely and without disadvantage with effect for the future. Please note, however, that our website does not always function as intended without the cookies used.

Most browsers also have an option that restricts or completely prevents the saving of cookies. However, it is pointed out that the use and particularly the user experience will be limited without cookies.

Instructions for the most common browsers:

Mozilla Firefox: https://support.mozilla.org/en/kb/Blocking%20cookies

Google Chrome: https://support.google.com/accounts/answer/61416?hl=en

Apple Safari: https://support.apple.com/de-at/HT201265

Microsoft Edge: https://support.microsoft.com/de-de/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy

3. Contact via email or other means as well as registration

If you send us inquiries via email or other means, your information, including the data you provide (such as name, email address, message content), will be processed for the purpose of handling the inquiry and, if necessary, for follow-up questions.

If you register on our website, we additionally process the data you provide, such as username, password (in encrypted form), and possibly other voluntary information (e.g., phone number, address) for the creation and management of your user account. This data is required for the provision of the service and for the execution of the contract. The legal basis is Article 6(1)(b) GDPR. Optionally provided data is processed based on your consent, Article 6(1)(a) GDPR. The legal basis is Article 6(1)(b) GDPR and/or in the case of consent Article 6(1)(a) GDPR.

4. Integration of Services and Content from Third Parties

It may occur that within our online offering, content and services from third parties are integrated or loaded from other websites. This always requires that the providers of these contents perceive the users' IP addresses. Because without the IP address, they could not send the content to the user's browser. The IP address is therefore required for the display of this content. We strive to use only those contents whose respective providers use the IP address solely for the delivery of the content. Third-party providers may store the IP address, for example, for statistical purposes.

We partially integrate the following services and content from third parties, for which you can also view additional service providers and information at any time in our consent tool (icon/footer) and revoke consents:

Consentmanager

To manage your possible consents, we use the tool consentmanager AB, Haltegelvägen 1b, 72348 Västeras, Sweden (https://www.consentmanager.net/).

consentmanager AB is hosted on our own servers, so no data is directly transferred to the servers of consentmanager AB. The processing of the data collected by the tool (e.g., your consent decisions) is carried out exclusively on our systems. No connection is established with the servers of consentmanager AB.

Legal basis is our legitimate interest in the consent management option, Article 6(1)(f) GDPR; furthermore, in the case of your consent, Article 6(1)(a) GDPR. Furthermore, we may be legally obligated to obtain consent and ensure traceability, cf. Article 6(1)(a) GDPR as well as GDPR and/or TDDDG, cf. above.

Content Delivery Network (CDN)

We use the Content Delivery Network (CDN) from Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (https://www.cloudflare.com). A content delivery network is a network of regionally distributed servers connected via the internet, used to deliver content – particularly media files, scripts, and stylesheets. This allows us to display our content on our website faster and more reliably, optimizing the user experience. The following categories of data are processed: IP address, timestamp, time and date, user agent, visited website, amount of data transferred. Legal basis is Article 6(1)(f) GDPR (legitimate interest in optimizing website performance and security). If you give your consent, the legal basis is Article 6(1)(a) GDPR. You can revoke your consent at any time through our consent management tool with effect for the future. The data transfer to the USA is based on the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov). For more information, please refer to Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/.

JavaScript Libraries

We use the following JavaScript libraries to enhance the functionality and user-friendliness of our website:

Framer Motion

The legal basis is Article 6(1)(f) GDPR (legitimate interest in providing a functional and user-friendly website).

Statistics and Evaluation

We use the following tools to analyze and evaluate user behavior in order to optimize our website:

We use Google Analytics (version: Google Analytics 4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to analyze user behavior and optimize our website. The following data is processed:

IP address (anonymized by truncation before storage), visited pages, duration of stay, click paths, device information (e.g., browser type, operating system), approximate location (at city level)

The data is stored for a maximum of 14 months and then automatically deleted. IP anonymization is activated, so your IP address is shortened within the EU/EEA before it is further processed. A transfer to the USA only takes place based on the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov).

Legal basis: Your consent in accordance with Article 6(1)(a) GDPR and § 25(1) TDDG. You can revoke your consent at any time through our consent management tool or prevent data collection by Google Analytics by installing the browser add-on to disable Google Analytics (https://tools.google.com/dlpage/gaoptout).

For more information, please refer to Google's Privacy Policy: https://policies.google.com/privacy.

Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to manage tracking and analysis tools (e.g., Google Analytics) as well as other services on our website. The Google Tag Manager loads the corresponding scripts, which are only activated after your consent. Your IP address is transmitted to Google to deliver the scripts. A transfer to the USA only takes place based on the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov).

Legal basis: Your consent in accordance with Article 6(1)(a) of the GDPR and § 25(1) of the TDDDG. You can withdraw your consent at any time through our consent management tool.

For more information, please refer to Google's Privacy Policy: https://policies.google.com/privacy.

5. Payment Service Provider

For processing payments, we use the service Stripe, provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland ("Stripe"). Stripe processes the following data that you provide during the payment: name, email address, billing address, payment data (e.g., credit card or bank account information), order number, transaction amount, date and time of the transaction.

Stripe acts as an independent controller for payment processing, and we have concluded a data processing agreement (DPA) with Stripe for processing related to our platform. Data transfer to the USA (Stripe Inc.) is carried out based on the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov).

Legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 6 paragraph 1 subparagraph letter c GDPR (legal obligations).

For more information, please refer to Stripe's privacy policy: https://stripe.com/de/privacy

The following payment options can be enabled through the service provider Stripe:

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (https://www.paypal.com/de/webapps/mpp/ua/privacy-full),

Giropay, paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main (https://www.giropay.de/agb/);

Apple Pay, Apple Inc., Infinite Loop, Cupertino, CA 95014, USA, (https://www.apple.com/de/legal/privacy/data/de/apple-pay/ / https://www.apple.com/legal/privacy/de-ww/)

Google Pay by Google. Google refers to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and its affiliated companies. (https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de / https://policies.google.com/privacy)

VISA from Visa Inc.; for the EU/EEA area, Visa Europe Services Inc., 1 Sheldon Square, London W2 6TT, GB, is responsible (https://www.visa.de/legal/privacy-policy.html / https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html)

Mastercard, Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo (https://www.mastercard.de/de-de/datenschutz.html) In this regard, we refer to the privacy notices and the terms and conditions provided there. The chosen payment service receives the information you provide during the payment process. This generally includes your name, your payment details (e.g., credit card or account information), the order number, and the transaction amount, as well as any additional information such as transaction IDs or device data, depending on the provider. For data processing in the context of payment processing, the payment service provider is the responsible entity.

Legal basis is Article 6(1)(b) GDPR (pre-contractual measures, contract fulfillment) as well as 6 paragraph 1 subparagraph 1 letter f and c GDPR (legitimate interest and legal proof obligations). We fulfill a contract with you and have a legitimate interest in the payment functionalities, to be able to offer you effective, widespread, and secure payment options and a modern online shop functionality, Article 6(1)(f) GDPR.

We only receive the minimum necessary data for confirmation and processing (e.g., last four digits of card numbers).

III. Recipients of Personal Data and Transfers to Third Countries

Personal data is shared with the following categories of recipients: Our employees and our processors to the necessary extent, in particular the website and hosting provider of our website, Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany, (https://docs.hetzner.com/de), and, if applicable, its respective sub-processors, depending on the service you use, as well as, if applicable, individual named service providers when using the website, see above under II. 4 and 5. Furthermore, your personal data will not be disclosed to third parties without your explicit consent, unless we are legally obligated to do so or the data transfer is absolutely necessary for the performance of a contractual relationship.

A transfer to third countries is not intended.

A transfer to a third country may be considered when using the following services: Google (Google Analytics, Google Tag Manager), Stripe, Cloudflare (CDN, Browser Insights), Apple (Apple Pay), PayPal, Visa, Mastercard, see above under II.4 and 5 or as indicated. The data transfer is based on the EU-US Data Privacy Framework or Standard Contractual Clauses, as described for the respective services and below:

We process personal data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) when it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. The same applies to processing by third parties on our behalf, the disclosure of personal data to third parties, as well as their transfer to third parties. Service providers who process personal data on our behalf in a third country will only be engaged if there is an "adequacy decision" by the European Commission for that third country (Article 45 GDPR), "appropriate safeguards" (Article 46 GDPR), "standard contractual clauses" (Article 46 paragraph 2 letter c GDPR) are agreed upon and/or "binding corporate rules" (Article 47 GDPR) are in place at the recipient. General information on adequacy decisions can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en, regarding US tools: www.dataprivacyframework.gov, on suitable guarantees as internal regulations at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en, and on standard contractual clauses at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de.

For further information, you can contact us.

IV. Duration of Storage

We delete personal data after the purpose has been achieved and the legal basis has ceased to exist, as well as in the absence of a retention obligation. Stored server log files and IP addresses are automatically deleted by our host after 7 days.

Session cookies are also automatically deleted after the session ends. In addition, cookies with an expiration date are stored on your device, and you also have control over the use and deletion of cookies, as mentioned above. We process personal data from your inquiries via email or other means until your inquiry is fully processed and completed. Afterwards, the information will be deleted if there is no legal retention obligation, for example, also data protection documentation and retention obligations under Article 5 Paragraph 2 GDPR or Article 6(1)(c) GDPR. Please note that due to a legal transaction with you, certain data may be subject to commercial and tax retention obligations of at least six (§ 257 HGB) or ten (§ 147 AO) years, which can also apply to the content of contact inquiries and emails. For example, personal data collected by us is generally stored after the termination of a contractual relationship until the expiration of the statutory three-year regular limitation period (§ 195 BGB) (protection of legitimate interests: defense and enforcement of claims, Article 6(1)(f) GDPR).

In the case of registration data, we store your data as long as your user account is active. After the deletion of your account, the data will be deleted within 30 days, provided there are no legal retention obligations. A permanent deletion of customer data is possible. The users can send an e-mail to [email protected] herefor.

Furthermore – also with regard to all tools used and the aforementioned – an annual review will be conducted to determine whether data deletion is possible. This is the case when the purpose of processing and the conditions of the legal basis for processing have ceased to exist, and there is no longer a legal obligation to retain the data, there is no legitimate interest in defending and enforcing claims, Article 6(1)(f) GDPR applies, and you have not consented to any further storage under Article 6(1)(a) GDPR.

V. Provision of Personal Data and Rights of the Data Subjects

You are not legally obligated to provide personal data. However, providing the information may be necessary for concluding a contract or for the functions of the website. In the event of non-provision, a contract or a function on the website may therefore not be offered.

No automated decision-making or profiling takes place on our website.

The rights of affected persons arise in particular from Articles 15 to 23 and Article 77 GDPR as well as from Sections 32 to 37 of the Federal Data Protection Act (new).

You have the right, with regard to your personal data, to

∙ Access, Article 15 GDPR,

∙ Rectification, Article 16 GDPR,

∙ Erasure, Article 17 GDPR,

∙ Restriction of processing, Article 18 GDPR,

∙ Data portability, Article 20 GDPR, provided the legal requirements are met. If you have given consent for the processing of personal data, you have the right to withdraw it, Article 7 GDPR, with effect for the future. The legality of the processing carried out based on the consent until the withdrawal remains unaffected.

You also have the right to object to the processing of personal data

∙ Objection, Article 21 GDPR

see further information separately below under VI.

Please direct all inquiries, requests, and communications to us, see above under I.

If you believe that the processing of your personal data violates data protection law, you always have the

∙ right to lodge a complaint

with the competent supervisory authority, cf. Article 77 GDPR. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, your workplace, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The contact details of the data protection officers in the federal states, the supervisory authorities for the non-public sector, broadcasting, churches, in Europe and the rest of the world, as well as the Virtual Data Protection Office can be found here:

https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

VI. Information on the Right to Object under Article 21 GDPR

  1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(f) (data processing based on a balancing of interests). If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

  2. If personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your data for such advertising purposes. If you object to the processing for the purposes of direct advertising, we will no longer process your personal data for these purposes.

The objection can be made without formal requirements and should preferably be addressed to us (see section I).

Version: 1.0 Status: 13.05.2025

Stay Updated. Grow Smarter.
Be the first to know about our latest updates and features. Enter your email and never miss an improvement!
checkmark
Still have more questions?
Contact Us
Company
FeaturesPlatformPricingFAQBlog
Links
Terms&ConditionPrivacy PolicyCookiesImprint

Contact Us

+49 176 77483716
[email protected]
Mertensstr. 26
13587 Berlin, Germany
checkmark

Copyright © 2025 KudTax. All rights reserved.