Privacy Policy
1. GENERAL INFORMATION
The following information provides an overview of how your personal data is processed on our website.
2. DATA CONTROLLER
Enzinger Steuerberatung GmbH
Jakominiplatz 16, Top 2-2 (BE 13)
8010 Graz
info@crypto-tax.at
www.crypto-tax.at
3. CATEGORIES OF PERSONAL DATA
Depending on the contractual relationship and the purpose of processing, the following categories of personal data may be processed:
a) Master Data
Name/company/other business designation, adress, telephone number, email adress
b) Log-Files
IP adress, operating system, referrer URL, entry and exit pages, browser type, browser version, country, date and time of the server requestr, email data (IP address of sender/recipient, date and time of email, mail server, etc.)
4. DATA TRANSFER TO OUR IT SERVICE PROVIDER
a) Processing of Personal Data
Our IT service provider receives access to log files and master data in the course of maintaining our website.
b) Purpose of Data Processing
This is necessary to ensure regular maintenance of our IT infrastructure, to identify and resolve errors, and to guarantee a secure IT environment.
c) Legal Basis
The processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR to ensure the proper and secure operation of our IT infrastructure.
d) Recipient
TRONIC Innovation GmbH
Mariahilferstraße 24/7
8020 Graz
Processor
If you do not wish your data to be transferred to our IT service provider, we are unable to offer our services.
5. WEBSITE VISITORS
When visiting our website, we process personal data.
a) Processed Data
Log-Files
b) Purpose
We process your personal data to ensure stable website operation, to identify, analyse, and resolve issues, and to prevent attacks on our website. This enables us to operate our website properly, reliably, and securely, as well as to improve and further develop our online presence. In addition, we provide visitors to our website with professional information (client information).
c) Legal Basis
The processing of personal data is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring that our website is operated properly and securely. On the one hand, this serves to protect our website visitors; on the other hand, it enables us to deliver our website content effectively to users. The processing of personal data is therefore necessary in order to make our website available to you (§ 165(3) TKG 2021).
We analyse information relating to your visit to our website in order to improve our online presence. This processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR.
In order to achieve these purposes, we engage external service providers.
d) Recipient
Hetzner Online GmbH
Industriestraße 25
91710 Gunzenhausen Deutschland
Processor
Intuition Machines, Inc.
350 Alabama St,
San Francisco CA 94110
InnoCraft
7 Waterloo Quay PO625
6140 Wellington, New Zealand
Processor
Fastly, Inc.
475 Brannan St, Suite 300
San Francisco, CA 94107, USA
Processor
Cloudflare, Inc.
101 Townsend St.,
San Francisco, CA 94107
Processor
Please do not visit our website if you do not wish your personal data to be processed.
6. WEBSHOP CUSTOMERS
When you visit our webshop, we process your personal data.
a) Processing of Personal Data
Log files, payment data (credit or debit card information), master data, appointment data (date and time of the booked appointment, subject)
b) Purpose of Data Processing
We process your personal data in order to provide the requested consulting services.
c) Legal Basis for Data Processing
The lawfulness of the processing is based on Art. 6(1)(b) GDPR, meaning that the processing of personal data is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract. In addition, we necessarily process your personal data to make the requested service (webshop) available to you pursuant to § 165(3) TKG 2021. In order to achieve these purposes, we engage external service providers.
d) Recipient
Stripe Inc.
354 Oyster Point Boulevard,
South San Francisco, California 94080 (USA)
Processor
Please do not use our webshop if you do not wish your personal data to be processed.
7. NEWSLETTER
You have the option to subscribe to our newsletter. Your consent is required for this purpose. If you do not provide your consent to receive the newsletter, we are unable to send you information as part of the newsletter. We process the personal data of our newsletter subscribers as follows:
a) Processing of Personal Data
Email address, name and log files
b) Purpose of Data Processing
We process your personal data in order to send you our newsletter and to inform you, within the scope of the newsletter, about news, products or services, events, and our company.
In order to achieve these purposes, we engage external service providers.
c) Legal Basis for Data Processing
The processing of personal data is carried out on the basis of your consent. You may withdraw your consent at any time without stating reasons, for example by clicking the unsubscribe link included in each newsletter or by contacting us using the contact details provided above.
The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.
d) Recipient
We do not use external service providers for sending the newsletter. Your data is not disclosed to third parties for this purpose.
There is no obligation to provide consent for receiving the newsletter. However, refusal or withdrawal of consent will result in us no longer being able to inform you about current developments.
8. CONTACT AND COMMUNICATION
If you contact us or communicate with us via email, contact form, messenger services, or any other means, we process your personal data as follows:
a) Processing of Personal Data
Master data, log files, and any other personal data provided by you
b) Purpose of Data Processing
When you contact or communicate with us, the personal data you provide is processed for the purpose of handling your inquiry and for responding to any follow-up questions.
c) Legal Basis for Data Processing
The lawfulness of the processing is based on Art. 6(1)(b) GDPR, meaning that the processing of personal data is necessary for the performance of pre-contractual measures or for the performance of a contract based on your request.
In other cases, we process your personal data pursuant to Art. 6(1)(f) GDPR, meaning that the processing is based on our legitimate interest in handling your inquiry. It is important to us to address requests submitted to us and to ensure fast and secure communication.
Furthermore, we necessarily process your personal data in order to provide the requested service (contact) pursuant to § 165(3) TKG 2021.
d) Recipient
Hetzner Online GmbH
Industriestraße 25,
91710 Gunzenhausen Deutschland
Processor
If you do not wish your personal data to be processed, we will be unable to handle your inquiry.
9. USERS OF OUR CHATBOT
We offer interested parties the opportunity to contact our staff easily. For this purpose, we provide a chatbot via Telegram. When you use our chatbot, we process your personal data as follows:
a) Processing of Personal Data
Telegram user ID, Telegram username, group ID (if applicable), and message content
b) Purpose of Data Processing
When you contact us via our chatbot, your personal data is processed for the purpose of handling your inquiry and for responding to any follow-up questions.
c) Legal Basis for Data Processing
The lawfulness of the processing is based on Art. 6(1)(b) GDPR, meaning that the processing of personal data is necessary for the performance of pre-contractual measures or for the performance of a contract based on your request.
In other cases, we process your personal data pursuant to Art. 6(1)(f) GDPR, meaning that the processing is based on our legitimate interest in handling your inquiry. It is important to us to address requests submitted to us and to ensure fast and secure communication.
Furthermore, we necessarily process your personal data in order to provide the requested service (contact) pursuant to § 165(3) TKG 2021.
d) Recipient
Telegram Messenger Inc
Commerce House, Wickhams Cay 1, PO Box 3140
Road Town, Tortola, VG1110, British Virgin Islands
If you do not wish your personal data to be processed, we will be unable to handle your inquiry.
10. FANPAGES – GENERAL
We operate so-called “fan pages” on various social media platforms. By clicking on the respective link, you will be redirected to our fan page on the relevant social media platform.
a) Processing of Personal Data
We process all messages, likes, photos, content, and other interactions that you submit, share, upload, or otherwise provide on our social media pages, as well as your log files.
b) Purpose of Data Processing
The purpose of this processing is to increase our online presence across various social media channels and to provide you with information about our company, as well as our products and services.
Where personal data is processed in the course of communication between you and us, such processing serves to evaluate customer feedback on our products and services and to improve our offerings.
Furthermore, we aim to better understand the opinions of our customers and their interactions with our products and services in order to respond more effectively to customer needs, provide optimal customer support, and enable you to exchange views with other users regarding our company. In this context, we may process personal data that you have published on social media in connection with us.
c) Legal Basis for Data Processing
The lawfulness of the processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in increasing our online presence, communicating information to potential customers, and achieving the purposes described above, as well as for the performance of pre-contractual measures pursuant to Art. 6(1)(b) GDPR.
In addition, personal data is processed on the basis of your consent.
Furthermore, we necessarily process your personal data in order to provide the requested service (interaction with our fan page) pursuant to § 165(3) TKG 2021.
d) Joint Controllership with Facebook and Instagram
e) Name and Contact Details
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
f) Privacy Policy
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
g) Information on Joint Controllership
Meta and we act as joint controllers with regard to the processing of your personal data in connection with our fan pages. The relevant agreement can be found at:
https://de-de.facebook.com/legal/terms/page_controller_addendum
https://de-de.facebook.com/legal/terms/page_controller_addendum
h) Recipient
Meta is also a recipient of your personal data.
i) Joint Controllership with LinkedIn
j) Name and Contact Details
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
k) Privacy Policy
https://de.linkedin.com/legal/privacy-policy
l) Information on Joint Controllership
LinkedIn and we act as joint controllers with regard to the processing of your personal data in connection with our LinkedIn fan page. The relevant agreement can be found at:
https://www.linkedin.com/legal/l/page-joint-controller-addendum
https://legal.linkedin.com/pages-joint-controller-addendum
m) Recipient
LinkedIn is also a recipient of your personal data.
11. DISPLAY OF PHOTOS AND VIDEOS
We display photos and videos on our website.
a) Processing of Personal Data
Log-Files
b) Purpose of Data Processing
The purpose of the processing is to ensure a consistent presentation of the website’s content. For this purpose, fonts from third-party providers are used to provide an individual and uniform design.
c) Legal Basis for Data Processing
The lawfulness of the processing is based on your consent provided via the consent manager.
d) Empfänger
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4 (Ireland)
Processor
Please do not visit our website if you do not wish your personal data to be processed.
12. FONTS
We use fonts from third-party providers on our website.
a) Processing of Personal Data
Log-Files
b) Purpose of Data Processing
The purpose of the processing is to ensure a consistent presentation of the website’s content. For this purpose, fonts from third-party providers are used to provide an individual and uniform design.
c) Legal Basis for Data Processing
The lawfulness of the processing is based on your consent provided via the consent manager.
d) Recipient
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4 (Ireland)
Processor
Please do not visit our website if you do not wish your personal data to be processed.
13. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
No special categories of personal data are processed.
14. COOKIES
a) General Information
When using our website www.crypto-tax.at, so-called cookies and similar technologies (e.g. pixel tags) are used. A cookie is a small text file that is downloaded to and stored on your device’s hard drive via your browser. Cookies are used to ensure the proper functioning of our website, to extend its functionality, to optimise its features, and to make our services more user-friendly. In addition, cookies may also be used for statistical analysis and marketing purposes.
Cookies—except for essential cookies and certain functional cookies (see also section 6.2.) — can be activated and deactivated via our website’s consent manager. Disabling cookies may limit the functionality of our website.
Further information is available in the consent manager.
b) Types of Cookies
The least privacy-intrusive type of cookies are essential cookies (also referred to as necessary cookies). Essential cookies are technically required for the operation and use of our website. We use these cookies without user consent pursuant to § 165(3) TKG 2021. Essential cookies cannot be disabled.
There are also functional cookies (sometimes referred to as convenience cookies). These cookies allow a website to remember choices made by a user (including stored user IDs, granted consents, or selected languages), as well as other personalisation settings chosen while browsing. Functional cookies that are necessary for services requested by you are set without your consent pursuant to § 165(3) TKG 2021. Necessary functional cookies cannot be disabled. This primarily includes cookies related to digital shopping carts.
In addition, analytics and performance cookies are used to monitor and improve the functionality and services of a website. These cookies can detect issues in website usage, facilitate online surveys, track visitor numbers, and provide analytical metrics.
So-called session cookies are stored only for the duration of the respective session. Persistent cookies remain stored permanently or for a defined storage period.
First-party cookies are set by us, while third-party cookies are set by external providers.
Detailed information is available in the consent manager on our website.
c) Legal Basis
Cookies—except for essential cookies and necessary functional cookies (see section 6.2.) — are set on the basis of the user’s consent. Consent may be withdrawn at any time without stating reasons. Withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent prior to its withdrawal.
You may withdraw your consent to the processing of personal data in connection with cookies, in particular by deleting cookies via your browser settings or by withdrawing consent through our consent manager.
15. TRANSFER OF DATA TO THIRD COUNTRIES
Under the GDPR, transfers of personal data to third countries are permitted provided that the third country ensures an adequate level of data protection (“safe third country”).
The European Commission has adopted adequacy decisions for certain third countries, confirming that an adequate level of data protection is in place. An overview of these decisions is available at:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-
protection/adequacy-decisions_en
We transfer your personal data only to third countries for which an adequacy decision has been issued.
16. DATA RETENTION
Unless a different retention period has been specified, we process and, in particular, store your personal data only for as long as necessary to achieve the respective purpose (e.g. contract performance, processing your inquiry, etc.).
However, we will not delete your personal data if we are legally obliged to retain such data, for example under corporate or tax law provisions. In addition, we retain your personal data for as long as you may assert claims against us. In this context, we will continue to retain only those personal data necessary to defend against such claims.
Under Austrian civil law (ABGB), statutory limitation periods generally range from three to thirty years.
17. CONFIDENTIALITY
All of our employees are bound by confidentiality obligations with respect to any information entrusted to them or made known to them in the course of their activities. This obligation continues to apply even after the termination of the employment relationship.
18. DATA SECURITY
Data security is of paramount importance to us. We have implemented all necessary technical and organisational measures in accordance with Art. 32 GDPR to ensure the security of data processing and to protect personal data against loss, destruction, unauthorised access, alteration, or disclosure by unauthorised persons. Our IT infrastructure complies with generally accepted security standards and is regularly reviewed.
Our website uses the industry-standard SSL (Secure Sockets Layer) encryption. This ensures the confidentiality of your personal data transmitted over the internet. You can recognise an encrypted connection by the closed key or lock symbol displayed in your browser.
Databases or data sets containing personal data may be breached accidentally or through unlawful intrusion. As soon as we become aware of a personal data breach, we will notify all affected individuals whose personal data may have been compromised. Such notification will include a description of the measures taken to mitigate any potential damage resulting from the data breach and will be provided as quickly as possible after the breach is discovered.
19. INFORMATION FOR CHILDREN
Our website and services are not directed at children under the age of 16. If we become aware that we have collected personal data from a child under the age of 16, we will take appropriate steps to delete such data from our records as soon as possible, unless we are legally required to retain it. Please contact us if you believe that we may have collected information from or about a child under the age of 16.
20. DATA SUBJECT RIGHTS / CONTACT
You are generally entitled to the following rights:
Right of access pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to object pursuant to Art. 21 GDPR
Where the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time with immediate effect. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.
Withdrawal of consent relating to the processing of your personal data in connection with the storage of cookies may, in particular, be effected by deleting cookies in your browser settings or by withdrawing consent via our website.
If you have any questions regarding the processing of your personal data, wish to object to the processing of your personal data, withdraw a previously granted consent, believe that your data protection rights have been infringed, or wish to exercise any of your rights, please contact us.
In addition, you have the right to lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Wien,
Mail: dsb@dsb.gv.at
Effective as of May 2025
