Data protection
Warm welcome to the website of the tax office Hacker & Partner. Through our website, which can be accessed at https://www.hacker-steuerberatung.de/ (hereinafter referred to as the "website"), we provide you with information about our tax consultancy and our services. Data protection is particularly important to us, and we want you to feel secure while using our website.
Below, we inform you about the collection of personal data when using our website, as well as the type, scope, and purpose of the information we collect, use, and process. We reserve the right to change the privacy policy at any time with effect for the future. The current version of the privacy policy can be retrieved at any time on our website.
1. Name and address of the responsible party Right to access, deletion, blocking
The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:
Hacker & Partner Steuerberatungsgesellschaft PartG mbB
Oberländer Ufer 154a
50968 Cologne
Contact information:
E-mail: info@hacker-steuerberatung.de
2. Rights of the data subject
You have the following rights concerning your personal data:
a. Right to access
You also have the right to request free information about the personal data stored concerning you at any time and a copy of this information. You also have the right to access information regarding the following:
it is done with your explicit consent,
the categories of personal data being processed,
the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, particularly in the case of recipients in third countries or international organizations,
if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration,
the existence of a right to rectification or deletion of your personal data or to restriction of processing by the responsible party or a right to object against this processing,
the existence of a right to complain to a supervisory authority,
if the personal data are not collected from the data subject: all available information about the source of the data as well as,
the existence of automated decision-making including profiling pursuant to Article 22(1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved as well as the significance and the intended effects of such processing for the data subject.
Furthermore, you have the right to be informed as to whether personal data have been transferred to a third country or an international organization. If that is the case, you also have the right to request information about the appropriate safeguards related to the transfer.
b. Right to rectification
You have the right to request the immediate rectification and/or completion of incorrect or incomplete personal data concerning you. We must make the rectification without delay.
c. Right to restrict processing
You have the right to request the restriction of processing from us if one of the following conditions is met:
The accuracy of the personal data is contested by the data subject for a duration that enables the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject opposes the deletion of the personal data, and instead requests the restriction of the use of the personal data.
The controller no longer needs the personal data for processing purposes, but the data subject needs it for the establishment, exercise, or defense of legal claims.
The data subject has objected to the processing according to Article 21(1) GDPR, and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.
If processing of your personal data has been restricted, such data - apart from storage - may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a member state.
If the restriction of processing is lifted after the above conditions are met, you will be informed by us before the restriction is lifted.
d. Right to deletion
You have the right to request that we erase your personal data without delay if one of the following reasons applies and as long as processing is not necessary:
The personal data have been collected for such purposes or processed in another way that are no longer necessary.
The data subject revokes their consent on which the processing was based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for processing or the data subject objects pursuant to Article 21(2) GDPR.
The personal data have been processed unlawfully.
The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
The personal data were collected in relation to services offered by the information society according to Article 8(1) GDPR.
If the personal data have been made public by us and we, as controller, are obliged to delete the personal data according to Article 17(1) GDPR, we will take reasonable measures, taking into account the available technology and the implementation costs, including technical measures, to inform other controllers of the data processing who process the published personal data that the data subject has requested the deletion of all links to such personal data or of copies or replications of such personal data, as far as processing is not necessary.
The right to deletion does not exist to the extent that processing is necessary:
for the exercise of the right to freedom of expression and information;
to fulfill a legal obligation which requires processing under the law of the Union or of the member states to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health according to Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89(1) GDPR, to the extent that the right mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of such processing, or
for the establishment, exercise, or defense of legal claims.
e. Right to notification
If you have exercised the right to rectification, deletion, or restriction of processing against us, we are obliged to inform all recipients to whom your personal data have been disclosed about this rectification or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed by us about these recipients.
f. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract according to Article 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on us.
Furthermore, you have the right when exercising your right to data portability according to Article 20(1) GDPR to require that the personal data be transmitted directly from us to another controller, where technically feasible and provided that this does not affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on the controller.
g. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
We shall no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.
You have the right to object, on grounds relating to your particular situation, to the processing of your personal data that is carried out for scientific or historical research purposes or statistical purposes according to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, you can contact us at any time. You also have the right to exercise your right to object in connection with the use of services of the information society, irrespective of Directive 2002/58/EC, by automated means involving the use of technical specifications.
h. Right to withdraw consent to data processing
You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on the consent before the withdrawal.
i. Right not to be subject to automated decisions in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you, unless the decision
is necessary for the conclusion or performance of a contract between you and us or
is permissible under Union or member state legislation to which we are subject and such legislation provides for appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
is based on your explicit consent.
Is the decision
necessary for the conclusion or performance of a contract between you and us or
is based on your explicit consent,
we will take reasonable measures to safeguard your rights and freedoms as well as your legitimate interests, which at a minimum include the right to obtain intervention by a person on our part in the presentation of your own viewpoint and to contest the decision.
j. Existence of automated decision-making
We do not conduct any automated decision-making or profiling.
k. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your workplace, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant about the status and outcomes of the complaint, including the possibility of judicial remedy according to Article 78 GDPR. The competent supervisory authority for us is the State Commissioner for Data Protection North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Düsseldorf.
3. Access data in server log files and databases
When proactively using the website, registering, logging in, and requesting a new password, we store the access data generated during this in so-called server log files and partly in databases. This includes the date and time of the retrieval, the amount of data transmitted, location, and IP address.
The legal basis for the temporary storage of your data and the log files is Article 6(1)(b) GDPR.
This data is evaluated solely for ensuring lasting and uninterrupted operation of the website and for ensuring the proper functionality of the website, as well as for forwarding to law enforcement authorities in the event of a cyber attack and ensuring the security of our information technology systems. An evaluation of your data for marketing purposes does not take place in this context.
The collection of the data to provide the website and the storage of the data in log files is absolutely necessary for the operation of our website. There is consequently no right to object.
4. Data processing for operating the website
If you create a user account through the website, we process the data required for this and for the operation of the website, such as the chosen username, email address, soul picture, gender, date of birth, location, IP address, login data, chat contents, as well as any data and files stored in the user profile.
The legal basis for processing personal data is Article 6(1)(b) GDPR. The data will be deleted as soon as they are no longer necessary for achieving the purpose of their collection. This is the case for the data collected during the registration process when the user account is deleted.
5. E-mail and contact form
On our website, we provide information as required by law that enables a quick electronic contact as well as direct communication with us. This includes both our email address and our contact form. If you contact us by email or via our contact form, the personal data you provide will be automatically stored. The other personal data processed during the contact process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for processing the data transmitted in the context of sending an email is Article 6(1)(b) GDPR. We will use the personal data you provide exclusively for processing your specific request. The data provided will always be treated confidentially.
Your information may be stored in our Customer Relationship Management System (see above) or another organizational tool for customer data.
The data will be deleted as soon as they are no longer necessary for achieving the purpose of their collection. This is the case for the personal data from the input mask of the contact form and those sent by email when the respective conversation with you is finished. The conversation is considered finished when it can be inferred from the circumstances that the affected issue has been resolved definitively.
If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.
6. Google Maps integration
On our website, we use the Google Maps API of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google") based on Article 6(1)(f) GDPR. This allows us to display interactive maps directly on the website and enables you to comfortably use the map function. In this context, a cookie may be used. The information generated by the cookie about your usage of our website such as
the visit of the respective subpage, browser type/version, operating system used, referrer URL (the previously visited page), hostname of the accessing computer (IP address), and time of the server request.
We have entered into a data processing agreement with Google in accordance with Article 28 GDPR. In this agreement, Google commits to protect our users' data, to process it on our behalf in accordance with their data protection regulations, and particularly not to disclose it to third parties.
This processing for improving our site and user experience is recognized as our legitimate interest. Further information on data protection in connection with Google Maps can be found in the data protection provisions. You may object to this data processing by changing the respective settings in or provided by Google.
7. Meta Pixel
To effectively target our Meta campaigns, optimize them further, and measure their conversion, we use an individual so-called visitor action pixel from Meta Platforms Ltd., 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: “Meta”). This pixel is integrated into the code of our websites. When deployed, the following information is processed: timestamp, URL, campaign-specific information (especially specifications of the impression, form field, activated button). The data collected in this way is anonymous to us, meaning we have no references to the identity of the respective user. If you log into your Meta or Facebook account after the pixel has been placed or visit our website while logged in, it is possible that this data will be stored and processed by Meta, which we hereby inform you about. We have concluded a data processing agreement with Meta according to Article 28 GDPR, in which Meta commits to process the data received only according to our instructions and to comply with the EU data protection standards.
The legal basis for processing the personal data of users is Article 6(1)(a) GDPR in conjunction with § 25(1) sentence 1 TTDSG.
With the pixel, on the one hand, we can ensure that the Meta or Facebook ads we initiate are only displayed to those Meta users who have also shown interest in our offer. This ensures that our Meta ads correspond to the potential interest of the respective user and do not annoy them. On the other hand, we can track the actions of Meta or Facebook users after they have seen or clicked one of our Meta or Facebook ads. This helps us to measure the conversion of the respective campaign for statistical and market research purposes as well as for billing purposes.
The data generated by the pixel is stored according to our configuration for 180 days and then automatically deleted.
You can object to this specific data processing at any time by either changing your Meta or Facebook settings accordingly or simply informing us that you no longer wish for such processing in the future. Please use the contact options of our data protection officer for this. Please be aware that such an objection applies only to the device used. For further information, please refer to the privacy policies and information regarding the protection of your privacy.
8. Google Analytics
We use Google Analytics (GA4), a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google Analytics”) on our website. The legal basis for processing personal data is Article 6(1)(a) GDPR in conjunction with § 25(1) TTDSG.
Google Analytics uses methods that enable an analysis of the usage of the website by you, particularly from which website you came to our website (so-called referrer), which subpage you access, or how often and for what duration you view a subpage. Google Analytics uses cookies for this purpose. With each individual call to a page of our website on which Google Analytics has been integrated, your browser is automatically instructed on your device to transmit data for analysis to Google Analytics.
By activating IP anonymization on our website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states of the agreement on the European Economic Area. The anonymized IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.
We have entered into a data processing agreement with Google in accordance with Article 28 GDPR, in which Google commits to process the data received only in accordance with our instructions and to comply with the EU data protection standards.
Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on activities within this website, and to provide us with further services related to the use of this website and internet usage.
Google may also transfer this information to third parties if legally required to do so or if third parties process these data on behalf of Google. In this case, pseudonymous usage profiles of users may be created from the processed data.
The storage duration of this cookie is configured for 24 months.
You may prevent the collection of the data generated by the cookie and related to your use of our website (including your IP address) by Google as well as the processing of these data by Google by downloading and installing the browser add-on available at this link. The installation of the browser add-on is considered to be an objection by Google.
You can withdraw your consent to this data processing at any time with effect for the future object by configuring your cookie preferences accordingly. If you delete your cookies, you need to click the link again.
The terms of use and data privacy statement of Google and Google Analytics can be found here https://www.google.de/intl/de/policies/privacy/ and here http://www.google.com/analytics/terms/de.html.
9. Data security
We secure our website and other systems through numerous technical and organizational measures against loss, destruction, access, alteration, or dissemination of your data by unauthorized persons. To this end, we continuously update the firewalls we use, encryption methods, and our security systems. Despite regular checks, complete protection against all dangers is not possible and cannot be guaranteed by us.
10. Data deletion
Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply, or you revoke your consent. Storage may also occur if required by the European or national legislator in Union legal regulations, laws, or other provisions to which the controller is subject. If the purpose of storage ceases to apply, you revoke your consent or a storage period prescribed by the European directive and regulation legislator or another competent legislator expires, the personal data will routinely and in accordance with the statutory provisions be blocked or deleted unless there is a requirement for further storage of the data for the conclusion or fulfillment of a contract.
11. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; possible consequences of non-provision
We inform you that the provision of personal data is partially legally required (e.g., tax regulations) or may result from contractual arrangements (e.g., information about the contracting party). In some cases, it may be necessary to provide us with personal data for the conclusion of a contract, which must then be processed by us. You are obliged to provide us with your personal data if you conclude a contract with us. A failure to provide your personal data would mean that the contract with you could not be concluded.
STATUS: April 2025