Trinity Tax – Steuerberater in München

Data Security

This privacy policy provides information about the processing of personal data on the law firm’s website.

1.1 Person responsible and data protection officer

Name of the responsible person: Trinity Tax Kaifel Wiedemann Wagner Steuerberater PartG mbB

Names of authorized representatives: Jürgen Wiedemann, Michael Kaifel, Benjamin Wagner

Name of the data protection officer: Jürgen Wiedemann

Address: Landwehrstraße 25, 80336 Munich

Email: info@trinity-tax.de

Telephone: +49 (0) 89 200 68 700 0

2. Scope and purpose of the processing of personal data

2.1 Accessing the website

When you access this website, trinity-tax.de, your browser automatically sends data to the website’s server and stores it in a log file for up to eight weeks. Until it is automatically deleted, the following data is stored without further input from the visitor:

  • IP address of the visitor’s device,
  • Date and time of access by the visitor,
  • Name and URL of the page accessed by the visitor, 
  • Website from which the visitor accesses the law firm’s website (so-called referrer URL), 
  • Browser and operating system of the visitor’s device as well as the name of the access provider used by the visitor.

The processing of this personal data is justified in accordance with Art. 6 (1) (f) GDPR.

The law firm has a legitimate interest in data processing for the purpose of Data Security (EN)

  • to quickly establish a connection to the law firm’s website, –
  • to enable a user-friendly use of the website, 
  • to identify and ensure the security and stability of the systems and 
  • to facilitate and improve the administration of the website.

The processing is expressly not carried out for the purpose of gaining information about the person visiting the website.

2.2 Get to know

Visitors can book initial first meetings via an online contact form on the website and attach additional documents. In order to be able to book a meeting, your name, address, a valid email address and other information must be provided. By booking a meeting, the visitor consents to the processing of the transmitted personal data. Data is processed exclusively for the purpose of processing and organizing the meetings. This occurs on the basis of the voluntarily granted consent in accordance with Art. 6 (1) (a) GDPR. The personal data collected for use of the contact form is automatically deleted as soon as the inquiry has been processed and there are no reasons for further retention (e.g. subsequent commissioning of our firm).

3. Sharing of data

3.1 Personal data will be transferred to third parties if

  • according to Art. 6 (1) (a) GDPR, the data subject has expressly consented to this,
  • the transfer is necessary according to Art. 6 (1) (f) GDPR to assert, exercise or defend legal claims and there is no reason to assume that the data subject has an overriding legitimate interest in not having their data transferred,
  • there is a legal obligation to transmit data in accordance with Art. 6 (1) (c) GDPR, and/or
  • this is necessary for the fulfilment of a contractual relationship with the data subject according to Art. 6 (1) (b) GDPR.

In other cases, personal data will not be passed on to third parties.

3.2. Data protection information when using third-party providers, transfer to third countries

We also use ASP (Application Service Provider) solutions to process the data we receive. These are applications from external service providers that exchange information over a public network (e.g., the internet) or a private data network. These can include web-based tools for communicating with users (information exchange, data provision), web-based tools for capturing transmitted data, hosting services for the website, and web-based solutions for increasing the firm’s productivity (Dropbox, Google Calendar, Office 365, etc.). This type of processing gives the respective contracting companies the opportunity to gain knowledge of data subject to professional secrecy and the Federal Data Protection Act. The confidentiality of user data is ensured by the fact that, in accordance with the Act on the New Regulation of the Protection of Secrets in the Participation of Third Parties in the Professional Practice of Persons Subject to Confidentiality of June 29, 2017, there is no disclosure of data within the meaning of Section 203 of the German Criminal Code (StGB).

We use the following programs and tools to process data transmitted to us through the use of this website:

We use “Outlook,” “OneDrive,” “Teams,” and “Office 365” from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Further information on data processing by the provider of these software systems we use, Microsoft, can be found at https://privacy.microsoft.com/de-de/privacystatement.

“Unternehmen Online” is provided by DATEV eG, Nuremberg, Paumgartnerstr. 6-14, 90429 Nuremberg. Further information on data processing by the provider of this software system we use, DATEV, can be found at https://www.datev.de/web/de/mydatev/datev-cloud-anwendungen/datev-unternehmen-online/?stat_Mparam=int_footer_azg_duo.

Homepage hosting by IONOS SE, Elgendorferstr. 57, 56410 Montabaur .  Further information on data processing by the provider of the homepage hosting services, IONOS SE, can be found at https://www.ionos.de/terms-gtc/datenschutzerklaerung.

4. Cookies

The website uses cookies. These are data packets exchanged between the law firm’s website server and the visitor’s browser. These are stored by the device used (PC, notebook, tablet, smartphone, etc.) when visiting the website. Cookies cannot cause any damage to the devices used.

In particular, they do not contain viruses or other malware. Cookies store information that is specific to the device used. The law firm cannot therefore directly obtain information about the identity of the website visitor.

Cookies are generally accepted based on the default browser settings. Browser settings can be configured to either deny cookies on the devices used, or to display a specific warning before a new cookie is created. However, please note that disabling cookies may prevent you from using all of the website’s features to their full potential.

Cookies are used to make using the firm’s website more convenient. For example, session cookies can be used to track whether visitors have already visited individual pages of the website. These session cookies are automatically deleted after leaving the website.

Temporary cookies are used to improve user experience. They are stored on the visitor’s device for a limited period of time. Upon revisiting the website, the website automatically recognizes that the visitor has already accessed the page previously and remembers the entries and settings made during that time, so they don’t have to repeat them.

Depending on your consent, cookies are also used to analyze website visits for statistical purposes and to improve our service. These cookies allow us to automatically recognize that the website has already been visited by the visitor upon a subsequent visit. In this case, cookies are automatically deleted after a specified period of time.

The data processed by technically necessary cookies are justified for the above-mentioned purposes in order to safeguard the legitimate interests of the law firm in accordance with Art. 6 (1) (f) GDPR.

5. Your rights as a data subject

To the extent that your personal data is processed when you visit our website, you as a “data subject” within the meaning of the GDPR have the following rights:

5.1 Information

You can request information from us about whether we process your personal data. There is no right to information if providing the requested information would violate the obligation of confidentiality pursuant to Section 57 (1) of the Tax Consultants Act (StBerG) or if the information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. Deviating from this, an obligation to provide information may exist if, particularly taking into account the threat of damage, your interests outweigh the interest in confidentiality. Furthermore, the right to information is excluded if the data is stored only because it may not be deleted due to statutory or statutory retention periods, or if it serves exclusively the purposes of data backup or data protection control, provided that providing the information would require a disproportionate amount of effort and processing for other purposes is excluded by appropriate technical and organizational measures. If the right to information is not excluded in your case and your personal data is processed by us, you can request information from us about the following:

  • purposes of processing, 
  • Categories of personal data you process, 
  • Recipients or categories of recipients to whom your personal data will be disclosed, in particular recipients in third countries,
  • where possible, the envisaged period for which your personal data will be stored or, if not possible, the criteria used to determine that period,
  • the existence of a right to rectification or erasure or restriction of processing of personal data concerning you or a right to object to such processing, 
  • the existence of a right of appeal to a supervisory authority for data protection, 
  • if the personal data were not collected from you as the data subject, the available information on the data origin, 
  • where applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the scope and intended effects of automated decision-making, 
  • if applicable, in the case of transmission to recipients in third countries, unless there is a decision by the EU Commission on the adequacy of the level of protection pursuant to Art. 45 (3) GDPR, information on which appropriate guarantees are provided for the protection of personal data pursuant to Art. 46 (2) GDPR.

5.2 Correction and completion

If you discover that we have inaccurate personal data about you, you can request that we correct this inaccurate data immediately. If your personal data is incomplete, you can request that it be completed.

5.3 Deletion

You have the right to erasure (“right to be forgotten”) unless processing is necessary to exercise the right to freedom of expression, the right to information, or to comply with a legal obligation or to perform a task carried out in the public interest and one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were processed.
  • The sole justification for the processing was your consent, which you have withdrawn.
  • You have objected to the processing of your personal data that we have made public.
  • You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing. 
  • Your personal data has been processed unlawfully.
  • The deletion of personal data is necessary to fulfill a legal obligation to which we are subject.

There is no right to deletion if, in the case of lawful, non-automated data processing, deletion is not possible or only possible with disproportionate effort due to the special nature of the storage, and your interest in deletion is limited. In this case, restriction of processing takes precedence over deletion.

5.4 Restriction of processing

You can request that we restrict processing if one of the following reasons applies:

  • You contest the accuracy of the personal data. In this case, you can request restriction of processing for a period enabling us to verify the accuracy of the data. 
  • The processing is unlawful and you request the restriction of the use of your personal data instead of deletion. 
  • We no longer need your personal data for the purposes of processing which you require to assert, exercise or defend legal claims.
  • You have lodged an objection pursuant to Art. 21 (1) GDPR. Restriction of processing can be requested as long as it has not yet been determined whether our legitimate reasons outweigh yours.

Restriction of processing means that personal data will only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person, or for reasons of important public interest. Before we lift the restriction, we are obliged to inform you.

5.5 Data portability

You have a right to data portability if the processing is based on your consent (Art. 6 (1) (a) or Art. 9 (2) (a) GDPR) or on a contract to which you are a party and the processing is carried out using automated procedures. In this case, the right to data portability includes the following rights, provided that this does not adversely affect the rights and freedoms of others: You can request that we receive the personal data you have provided to us in a structured, common and machine-readable format. You have the right to transmit this data to another controller without hindrance from us. Where technically feasible, you can request that we transmit your personal data directly to another controller.

5.6 Objection

If the processing is based on Art. 6 (1) (e) GDPR (performance of a task in the public interest or in the exercise of official authority) or on Art. 6 (1) (f) GDPR (legitimate interest of the controller or a third party), you have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. This also applies to profiling based on Art. 6 (1) (e) or (f) GDPR. After exercising your right of objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling associated with such direct marketing. After exercising this right of objection, we will no longer use the personal data in question for direct marketing purposes.

You have the option of informing our office of your objection by telephone, email or to the postal address listed at the beginning of this privacy policy.

5.8 Complaint

If you believe that the processing of personal data concerning you is unlawful, you can lodge a complaint with a data protection supervisory authority responsible for the place of your residence or work or for the place of the alleged infringement.

6. Status and updates of this privacy policy

This privacy policy is dated December 22nd, 2025. We reserve the right to update this privacy policy from time to time to improve data protection and/or to adapt it to changes in official practice or case law.