Help
General information on the implementation of the data protection provisions of Articles 12 to 14 of the General Data Protection Regulation in the tax administration
Foreword
Almost all citizens and companies come into contact with the tax administration - especially the tax offices - sooner or later because they have to submit tax returns and pay taxes and can claim refunds or child benefit. This involves processing personal data.
The following information concerns the processing of personal data for tax purposes, insofar as the German Fiscal Code is directly or indirectly applicable. This does not include the processing of personal data by customs authorities (e.g. customs duties, import VAT and motor vehicle tax).
In the taxation procedure, data is personal if it can be attributed to a natural person, a corporate body (e.g. association, corporation), an association of persons or an estate. Anonymized data is not personal data.
When tax authorities process personal data, this means that they collect, store, use, transmit, make available for retrieval or delete this data, for example.
In the following, we will inform you about what personal data we collect, from whom we collect it and what we do with this data. We also inform you about your rights in data protection matters and who you can contact in this regard.
I. Who are we?
"We" are the financial authorities of the federal government (with the exception of the customs administration) and the federal states and are responsible for processing personal data for tax purposes.
II. Who are your contacts?
Questions relating to data protection issues can be directed to the responsible tax authority, represented by the head of the authority.
As a rule, the tax offices are responsible for processing personal data, in the case of child benefit the family benefit offices. The other tax authorities (e.g. Ministry of Finance, Federal Central Tax Office, Regional Tax Office) are only responsible for processing personal data if they process this data to fulfill their statutory duties.
You can also contact the data protection officer of the responsible tax authority.
The relevant contact details for the state tax authorities can be found at www.finanzamt.de in the respective country-specific overviews, for the Federal Ministry of Finance at www.bundesfinanzministerium.de and for the Federal Central Tax Office and the family benefits offices at www.bzst.de.
III. for what purpose do we process your personal data?
In order to fulfill our task of uniformly assessing and collecting taxes in accordance with the provisions of the German Fiscal Code and tax laws, we require personal data (Section 85 of the German Fiscal Code).
Your personal data will be processed in the tax procedure for which it was collected (Section 29b of the German Fiscal Code). Only in the cases expressly permitted by law may we also process the personal data collected to carry out a tax procedure for other tax or non-tax purposes (further processing in accordance with Section 29c (1) of the German Fiscal Code).
Example of processing:
The data collected by the tax authorities with the income tax return is processed in the income tax assessment.
Example of further processing:
In certain cases, individual tax bases are determined separately (e.g. income from an investment in a partnership). For this purpose, the information from the assessment declaration is processed in an independent procedure, the assessment procedure. The tax bases determined in this way and other necessary data are communicated to the tax authorities responsible for the taxation of the parties involved. These authorities process the data provided further by taking this data into account in the tax assessment procedure, e.g. for income tax.
The tax offices administer the following taxes in particular:
- Income tax (including wage tax and capital gains tax),
- Corporate income tax,
- Solidarity surcharge,
- Church tax (exception: Free State of Bavaria),
- Trade tax (insofar as the federal states have not transferred administration to the municipalities),
- Inheritance and gift tax,
- Property tax (insofar as the federal states have not transferred administration to the municipalities)
- Sales tax (excluding import sales tax),
- Real estate transfer tax,
- Racing betting and lottery tax.
The Federal Central Tax Office has the following tasks in particular in accordance with Section 5 of the Tax Administration Act:
- Assignment of the tax identification number (IdNr.),
- Creation of the electronic wage tax deduction features (ELStAM),
- Participation in external audits,
- Refund and exemption of German withholding taxes,
- Central collection and evaluation of foreign tax relationships,
- Reimbursement of input tax amounts to companies,
- Assignment of the sales tax identification number (USt-ID),
- Child benefit processing, for which the Federal Central Tax Office uses the family benefit offices.
IV. What personal data do we process?
We process the following personal data in particular:
Personal identification and contact details, e.g.
- First and last name, address, date and place of birth, tax number, identification number, e-mail address, telephone number.
Information required for the assessment and collection of taxes , e.g.
- Income (e.g. wages, operating income, rental and leasing income, investment income, pensions),
- expenses (e.g. income-related expenses, operating expenses, special expenses and extraordinary expenses),
- Taxes withheld by third parties (e.g. wage tax, capital gains tax, solidarity surcharge, church tax),
- Marital status and children,
- Income tax class,
- Profession,
- Bank details,
- Information on taxes paid or refunded,
- Information on submitted tax returns and applications as well as legal remedies.
We also only collect special categories of personal data, so-called"sensitive data", if this is necessary for the tax procedure. For example, we need information about religious affiliation in order to be able to take church tax payments into account as special expenses, or information about illnesses/disabilities in order to deduct corresponding expenses as extraordinary burdens. We primarily collect your personal data from you yourself, e.g. through your tax returns, notifications and applications.
In addition, we collect your personal data from third parties insofar as they are legally obliged to notify us.
Examples:
- Employers transmit data on wages, taxes withheld and social security contributions paid, for example, in the wage tax statement,
- Pension insurance providers transmit data on pension payments and withheld health and long-term care insurance contributions, for example, in the pension payment notification,
- Private health insurance companies, for example, transmit data on health and long-term care insurance contributions paid and, if applicable, reimbursed,
- Social authorities transmit data on wage replacement benefits,
- Credit institutions transmit data on investment income exempt from capital gains tax deduction,
- Municipalities transmit data on business registrations and registration data,
- Notaries transmit data on property sales, partnership agreements, inheritance contracts and gift agreements,
- Authorities transmit data on payments and administrative acts,
- Public broadcasters transmit data on fees.
We also receive tax-relevant information from other tax authorities or through the intergovernmental exchange of information.
If we are unable to clarify a tax-relevant matter with your help, we may also collect personal data relating to you by asking third parties (e.g. requesting information from your employer). In enforcement proceedings, we may collect data from third-party debtors (e.g. credit institution or employer).
We may also process publicly accessible information (e.g. from newspapers, public registers or public announcements).
V. How do we process this data?
In the largely automated taxation procedure, your personal data is stored and then used as the basis for the assessment and collection of tax in mostly automated procedures. We use technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure or access. Our security standards are always in line with the latest technological developments.
We only make legally binding decisions on the basis of "fully automated" processing of personal data if this is permitted by law (e.g. "fully automated" tax assessment in accordance with Section 155 (4) of the German Fiscal Code).
VI Under what circumstances may we pass on your data to third parties?
We may only pass on all personal data that has become known to us in tax proceedings to other persons or bodies (e.g. tax courts, health insurance funds, pension insurance providers or other authorities) if you have consented to this or if the disclosure is permitted by law .
Examples:
- Notification of the property tax and trade tax assessment amounts to the municipalities responsible for setting and collecting property tax and trade tax ,
- Notifications to corporations under public law (e.g. chambers and guilds) for the determination of such levies that are linked to tax bases, tax assessment amounts or tax amounts ,
- Notifications to the statutory social insurance, the Federal Employment Agency and the Artists' Social Security Fund, insofar as knowledge of personal data is necessary for the determination of the insurance obligation or the determination of contributions, including the artists' social security contribution ,
- Notifications to social authorities to combat illegal employment and benefit abuse,
- Notifications from the family benefits offices to public sector pay offices regarding the determination of salary components linked to child benefit .
VII. How long do we store your data?
We must store personal data for as long as it is required for the taxation procedure. This is based on the tax limitation periods (Sections 169 to 171 of the German Fiscal Code and Sections 228 to 232 of the German Fiscal Code).
We may also store personal data concerning you in order to process it for future tax procedures (Section 88a of the German Fiscal Code).
VIII. What rights (right to information, right to object, etc.) do you have?
You have various rights under the General Data Protection Regulation. Details can be found in particular in Articles 15 to 18 and 21 of the General Data Protection Regulation.
- Right to information
You can request information about your personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. The request should therefore include details of the specific administrative procedure (e.g. tax type and year) and the stage of the procedure (e.g. assessment, enforcement). - Right to rectification
If the information concerning you is not (or is no longer) accurate, you may request rectification. If your data is incomplete, you can request that it be completed. - Right to erasure
You can request the erasure of your personal data. Your right to erasure depends, among other things, on whether the data concerning you is still required by us to fulfill our legal obligations (see "How long do we store your data?"). - Right to restriction of processing
You have the right to obtain restriction of processing of data concerning you. The restriction does not prevent processing if there is an important public interest in the processing (e.g. lawful and uniform taxation). - Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. However, we cannot comply with this if there is an overriding public interest in the processing or if a legal provision obliges us to process the data (e.g. implementation of the taxation procedure). Right to lodge a complaint
If you are of the opinion that we have not complied with your request or have not complied with it in full, you can lodge a complaint with the competent data protection supervisory authority. As a rule, this is the Federal Commissioner for Data Protection and Freedom of Information (contact details at www.bfdi.bund.de).
The contact details of the data protection authorities of the federal states can be found at www.datenschutz.de/projektpartner/.
General information on these rights
In some cases, we cannot or may not comply with your request (Sections 32c to 32f of the German Fiscal Code). If this is permitted by law, we will always inform you of the reason for the refusal.
However, we will generally reply to you within one month of receiving your request. If we need longer than one month for a final clarification, you will receive an interim message.
IX. Where can you get further information?
Further information can be found in the
BMF letter on data protection in tax administration procedures dated January 13, 2020 (see Federal Tax Gazette 2020 Part I p. 143, and on the website of the Federal Ministry of Finance) www.bundesfinanzministerium.de under the heading Topics - Taxes - Tax administration & tax law - Tax code - BMF letters / general information) and
the brochure "Taxes from A to Z" (see www.bundesfinanzministerium.de under the heading Topics - Service - Publications - Brochures)
take.
Download this general information as a PDF document
The above-mentioned information on the implementation of the data protection requirements of Articles 12 to 14 of the General Data Protection Regulation in the tax administration can be found at here download.
In an English-language version, you can use the letter here download.
Data protection with Mein ELSTER
General information
Data protection and data security are a top priority for us. Therefore, the protection of your personal data while you use our websites and web services is very important to us. This privacy policy explains what information we collect on our servers during your visit to our websites and how this information is used. The operator of this website is the Bavarian State Tax Office.
This data protection declaration does not apply to other websites to which reference is made via a hyperlink and which are not operated by the Bavarian State Tax Office. We assume no responsibility for the confidential handling of your personal data on third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please refer directly to the websites of these companies for information on how they handle your personal data.
For better readability, gender-specific terms are only used in the masculine form in this document and are therefore to be understood as gender-independent.
Responsible person and data protection officer
The controller responsible for the processing of personal data on this website is
President of the Bavarian State Tax Office
Munich office
Sophienstrasse 6
80333 Munich
Postal address: 80284 Munich
Telephone: 089 9991-0
Fax: 089 9991-1005
E-Mail: poststelle@lfst.bayern.de
If you have specific questions about the protection of your data, please contact
Dataprotection officer
Bavarian State Office for Taxes
Phone: 0911 991-1004
Fax: 089 9991-1099
E-Mail: datenschutz@elster.de
Websites and web services
My ELSTER
The Bavarian State Tax Office (BayLfSt) operates ELSTER as a standardized federal IT procedure on the basis of Section 20 (3) of the Tax Administration Act exclusively on behalf of the federal and state governments.
My Unternehmenskonto
The Bavarian State Tax Office, together with the Bavarian State Ministry of Digital Affairs on behalf of the IT Planning Council, provides the central point for managing your company account with Mein Unternehmenskonto.
In the current version of Mein Unternehmenskonto, you can log in with your ELSTER account, manage your account and view your mailbox. In addition, the ELSTER Unternehmenskonto is made available to other portals and specialist procedures.Other eGovernment services
ELSTER certificates are used by other eGovernment services as an alternative access option (for example, in addition to the ID card) within the framework of the legal regulations. To determine your identity, data from the Federal Central Tax Office and corresponding data stored by the tax offices for the taxation procedure are retrieved in an automated procedure with your consent and transmitted to the eGovernment service with your consent.
ElsterSecure
ElsterSecure offers you the option of using your mobile device (e.g. smartphone, Tablet) to log in to ELSTER and services that use the ELSTER Login. A certificate is no longer required for this type of Login. You can use your mobile device to complete the registration for Mein ELSTER and securely store an access key on your mobile device in ElsterSecure. This allows you to access Mein ELSTER wherever you are. ElsterSecure can be installed via the Google Play and Apple App Store app stores.
Description and scope of data processing
For the processing operations carried out by us, we indicate below how long your data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will only be stored on our servers in Germany.
However, data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings or if longer storage is provided for by statutory provisions to which we as the controller are subject. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or erased unless further storage by us is necessary and there is a legal basis for this.
1. technically necessary data collected by us in the course of use
1.1 Type and scope of data processing
When you use our websites, we collect technically necessary data via server log files, which are automatically transmitted to our server, among other things:
Host name or IP address of the requesting computer as well as the access date, the Client's file request (file name and URL), the date and time of access, the number of bytes transferred during the connection, the HTTP response code, the referrer URL, the browser type and version of the browser software and the operating system.
The data is temporarily processed in a log file. A direct assignment of the IP address to you is not possible.
We may also process publicly accessible information (e.g. from newspapers, public registers or public announcements).
Active components such as JavaScript are used in our information offering. This is a dynamic scripting language that serves the function of our websites and web services. These functions can be deactivated in the settings of your Internet browser. However, this can lead to restrictions in use.
1.2 Purpose and legal basis for recording the data
The processing is technically necessary in order to display our website to you and make our web services usable. We also use the data to ensure the security and stability of our website and web services. The legal basis for this processing is point (f) of the first subparagraph of Article 6(1) GDPR.
The temporarily stored data is not evaluated for usage profiles. Data logged during access will only be transmitted to third parties if we are legally obliged to do so or if disclosure is necessary for legal or criminal prosecution in the event of attacks on our communication technology. Data will not be passed on in other cases, even in excerpts.
We have taken extensive technical security precautions to protect personal data from unauthorized access and misuse by third parties. Our security procedures are regularly reviewed and are state of the art.
1.3 Storage duration of the technically required personal data
The personal data described in section 1.1. will be deleted after seven days at the latest.
2. cookies
Cookies are small files that are sent by us to the Browser of your end device during your visit to our websites and stored there. So-called temporary cookies or session cookies are used on our websites, which are automatically deleted as soon as you close your Browsers. This type of cookie makes it possible to record your Session ID. As a result, various requests from your Browsers can be assigned to a common session and it is possible to recognize your device on subsequent website visits. This is essential for the convenience of using the website. Session cookies do not contain any personal data; consent for these technically necessary cookies is not required by law.
3. processing of personal data on the individual websites and web services
3.1 My ELSTER
General data processing
Data processing is carried out in particular on the basis of Article 6 (1) subparagraph 1 letter a, c, e, (2), (3) letter b, (4), Article 9 (2) letter a, g of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation") in conjunction with Sections 29b, 29c, 150 (6) of the German Fiscal Code in conjunction with the Tax Data Transmission Regulation.
Please refer to the General information on the implementation of the data protection provisions of Articles 12 to 14 of the General Data Protection Regulation in the tax administration..
The information required to use these services is transmitted by ELSTER to the tax authorities of the federal states exclusively in encrypted form.
Data processing for tax account queries
If you use the Elster account query, the necessary personal data of the user and, if applicable, the taxpayer will be collected, processed and stored by the registration application in compliance with the Fiscal Code, the Federal Data Protection Act and the respective data protection laws of the federal states exclusively for the provision of the services offered.
When using the electronic tax account query, the data retrievals and retrieval attempts are automatically processed and stored on the basis of Section 9 of the Tax Data Retrieval Ordinance of 13.10.2005 (Federal Law Gazette 2005 Part I No. 66 of 26.10.2005). The signature data, date, time and input data of the data retrievals are stored for a period of two years.
3.2 My Unternehmenskonto
3.2.1 Type and scope of data processing
In order to establish the identity of the user of a user account, the following data, for example, may be processed(data processing) in accordance with Section 8 (1) of the Online Access Act when registering and using the company account based on ELSTER:
for a natural person: surname, maiden name, first names, academic degree, date of birth, place of birth, country of birth, address, nationality, the P.O. box reference of the user account
in the case of a legal entity or association of persons: Company name, name or designation, legal form or type of organization, register court, register type, register number, register location, if available, address of the registered office or branches, the P.O. Box reference of the user account and names of the members of the representative body or legal representatives.
In addition, the legislator also allows ELSTER certificates to be used as an alternative access option (in addition to the ID card, for example) for other user accounts (such as the federal administration portal).
In order to establish the identity of a user, the tax authority may, in accordance with Section 8 (2) of the Online Access Act, retrieve data from the Federal Central Tax Office and corresponding data stored by the tax offices for the taxation procedure from these tax authorities in an automated procedure with the consent of the user and transmit the retrieved data to the user's user account with the consent of the user(data transmission). This involves the following data:
for a natural person: surname, former surnames, first names, doctorate, date and place of birth, current or last known address;
in the case of a legal entity or association of persons: Company name, legal form, registered office, in particular place of management, register entry (register court, date and number of entry).
3.2.2 Purpose and legal basis for recording this data
The Online Access Act obliges the federal and state governments to also offer their administrative services electronically via administrative portals. In order to comply with this legal obligation, the federal and state governments provide user accounts in the portal network, among other things, through which users can identify themselves uniformly for the electronic administrative services of the federal and state governments available in the portal network. A "user account" is a central identification and authentication component that a public authority provides to other authorities for the one-time or permanent identification and authentication of users for the ZÜ of administrative services of the public administration. A user account can be offered as a citizen or organization account.
A "citizen account" is a user account that is available to natural persons.
An "organization account" is a user account that is available to legal entities, associations that may be entitled to a right, natural persons who are commercially or professionally active, or public authorities. The use of user accounts is voluntary for users.
The Unternehmenskonto based on ELSTER technology is a user account in this sense. Via the ELSTER Unternehmenskonto, users can identify and authenticate themselves for the electronic administrative services of the federal and state governments available in the portal network using a secure procedure used in the tax administration in accordance with Section 87a (6) of the German Fiscal Code.
The legal basis for the data processing described above is Article 6(1)(1)(e), (2), (3)(b) of the General Data Protection Regulation in conjunction with Section 8 of the Online Access Act.
Accordingly, we are permitted to process the personal data required to fulfill a task incumbent upon us.
The legal basis for the aforementioned data transfer is Article 6(1)(1)(a) and Article 7 of the General Data Protection Regulation in conjunction with Section 8 of the Online Access Act. You are not obliged to disclose this personal data. Without your personal data, however, it is not possible for you to use the services offered here.
3.2.3 Storage period of personal data
Insofar as we process personal data to ensure the operation and technical security of the website, this data is anonymized after seven days at the latest by shortening the IP address at domain level and thus removing its personal reference. Insofar as we process personal data in the context of the services offered here, the following applies: The personal data is only stored for the duration of the respective use of the service provided for this purpose.
3.3 Other eGovernment services
3.3.1 Type and scope of data processing
In addition, the legislator also allows ELSTER certificates to be used as an alternative access option (for example, in addition to the ID card) for other web services of the tax authorities.
The following data is involved:
for a natural person: surname, former surnames, first names, doctorate, date and place of birth, current or last known address;
in the case of a legal entity or association of persons: Company name, legal form, registered office, in particular place of management, register entry (register court, date and number of entry).
ELSTER certificates can also be used as an identification and authentication option for eGovernment services that serve the taxation procedure (e.g. when applying for the research allowance at the BSFZ).
The following data is involved:
for a natural person: surname, former surnames, first names, doctorate, date and place of birth, current or last known address, identification number, account details if applicable;
in the case of a legal entity or association of persons: Company name, legal form, registered office, in particular place of management, register entry (register court, date and number of entry), tax number, account details if applicable.
3.3.2 Purpose and legal basis for recording this data
In order to establish the identity of a user, the tax authority may, in accordance with Section 8(2) of the Online Access Act and Sections 29c and 30(4)(1) of the Fiscal Code, retrieve data from the Federal Central Tax Office and corresponding data stored by the tax offices for the taxation procedure from these tax authorities in an automated procedure with the user's consent and transmit the retrieved data to the user's user account or eGovernment service with the user's consent.
The legal basis for the processing of your personal data described above is Article 6(1)(1)(e), (2), (3)(b) and (4) of the General Data Protection Regulation in conjunction with Section 8 of the Online Access Act and Sections 29c and 30 of the Fiscal Code.
Accordingly, we are permitted to process the personal data required for the fulfillment of a task incumbent upon us. You are not obliged to disclose this personal data. However, it is not possible for you to use the services offered here without your personal data.
3.3.3 Storage period of personal data
Insofar as we process personal data to ensure the operation and technical security of the websites provided, these are anonymized after seven days at the latest by shortening the IP address at domain level and thus removing their personal reference. Insofar as we process personal data in the context of the services offered here, the following applies: The personal data is only stored for the duration of the respective use of the service provided for this purpose.
3.4 ElsterSecure
3.4.1 Type and scope of data processing
Login and completion of registration
When using our app, the information provided and saved during registration is transferred from Mein ELSTER to the app and processed there. It is also possible to complete the registration started with Mein ELSTER in the app. In this case, the necessary data is also transmitted from Mein ELSTER to the app. This data is displayed in the app and processed where necessary.
The following data is involved:
- for a natural person: surname, first names, title, identification number, e-mail address, user name
- in the case of a legal entity or association of persons: Company name, legal form, registered office, in particular place of management, tax number, e-mail address, user name
Sharing log files with technical support:
In the application, a user can initiate the transfer of log files to the technical support of Mein ELSTER if required. These show all activities when using the application. This data is used exclusively for technical support.
3.4.2 Purpose and legal basis for recording this data
Login and completion of registration
In order to establish the identity of a user, the tax authority may, in accordance with Section 8(2) of the Online Access Act and Sections 29c and 30(4)(1) of the Fiscal Code, retrieve data from the Federal Central Tax Office and corresponding data stored by the tax offices for the taxation procedure from these tax authorities in an automated procedure with the user's consent and transmit the retrieved data to the user's user account or eGovernment service with the user's consent.
The legal basis for the processing of your personal data described above is Article 6(1)(1)(e), (2), (3)(b) and (4) of the General Data Protection Regulation in conjunction with Section 8 of the Online Access Act and Sections 29c and 30 of the Fiscal Code.
Accordingly, we are permitted to process the personal data required for the fulfillment of a task incumbent upon us. You are not obliged to disclose this personal data. However, it is not possible for you to use the services offered here without your personal data.
Sharing log files with technical support:
The legal basis for the processing is Art. 6 Abs. 1 S. 1 lit. a) General Data Protection Regulation. There is also a legitimate interest in processing to optimize system security and stability in accordance with Art. 6 Abs. 1 S.1 lit f) General Data Protection Regulation.
3.4.3 Storage duration of personal data
Insofar as we process personal data in the context of the services offered here, the following applies: The personal data is only stored for the duration of the respective use of the service provided for this purpose.
3.4.4 Access authorizations required for the function of the app on mobile devices
- Storage:
For saving and accessing security keys and configuration settings. Access to data selected by the user for transfer to the service. - Network, connections and Internet data:
For communication with the online service used. - Camera:
For scanning QR codes to open the app in a specific context. Also for taking photos that the user wants to send to a service. - Biometric Hardware:
Enables the use of fingerprint or facial recognition as a second factor in user authentication. Processing is carried out by the end device. Only the result of the verification is transmitted to the app.
Rights of data subjects
If you use our website, you have various rights under the General Data Protection Regulation, which arise in particular from Articles 15 to 18, 20 and 21 of the General Data Protection Regulation:
- Right to information
You can request information about your personal data processed by us in accordance with Article 15 of the General Data Protection Regulation. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that your right to information may be restricted under certain circumstances in accordance with the statutory provisions.
- Right to rectification
If the information concerning you is not (or is no longer) accurate, you may request rectification in accordance with Article 16 of the General Data Protection Regulation. If your data is incomplete, you can request that it be completed.
- Right to erasure
You may request the erasure of your personal data under the conditions set out in Article 17 of the General Data Protection Regulation. Your right to erasure depends, among other things, on whether the data concerning you is still required by us to fulfill our legal obligations. - Right to restriction of processing
You have the right to request the restriction of the processing of data concerning you within the framework of the provisions of Article 18 of the General Data Protection Regulation. - Right to data portability
The right to data portability under Article 20 GDPR includes the possibility for the data subject to receive the personal data concerning him or her in a commonly used, machine-readable format from the controller in order to have it transmitted to another controller if necessary.
- Right to object
Under Article 21 of the General Data Protection Regulation, you have the right to object to the processing of data concerning you at any time on grounds relating to your particular situation. However, we cannot always comply with this, for example if we are obliged to process data by law.
- Right to withdraw consent
Insofar as the processing of personal data is based on your consent (Article 6(1)(1)(a), Article 7 General Data Protection Regulation), you can withdraw this consent at any time by writing to the controller for the relevant purpose or by sending an e-mail to datenschutz@elster.de revoke your consent. The lawfulness of the processing based on your consent remains unaffected until receipt of your revocation.
- Right to lodge a complaint
If you are of the opinion that we have not or not fully complied with your request, you can lodge a complaint with the competent data protection supervisory authority.
:- My Unternehmenskonto or your ELSTER certificate for authentication and identification for user accounts connected to it:
Then you have the option, in accordance with Article 77 of the General Data Protection Regulation, to lodge a complaint against the data processing of the Bavarian State Tax Office with the Bavarian State Commissioner for Data Protection, who is responsible for supervising the Bavarian state authorities under data protection law. He can be contacted as follows:
The Bavarian State Commissioner for Data Protection
Wagmüllerstrasse 18
80538 Munich
E-Mail: poststelle@datenschutz-bayern.de
- My ELSTER or other eGovernment services that serve the taxation process:
Then you have the option of contacting the Federal Commissioner for Data Protection and Freedom of Information in accordance with Article 77 of the General Data Protection Regulation with a complaint against the data processing of the Bavarian State Tax Office. He can be contacted as follows:
The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 BonnPhone: +49(0)228 997799-0
E-Mail: poststelle@bfdi.bund.de
De-Mail: poststelle@bfdi.de-mail.de
- My Unternehmenskonto or your ELSTER certificate for authentication and identification for user accounts connected to it:
Download the information on Mein ELSTER as a PDF document
The above-mentioned information on the implementation of data protection at ELSTER can be found at here download.
Privacy Chat
General information
This privacy policy relates exclusively to data processing when using the chatbot.
Communication with the chatbot serves as a non-binding and general exchange of information and does not replace the user independently obtaining information from the responsible offices or authorities in individual cases. The information exchanged is not legally binding. Legally effective declarations can neither be made nor received via the chat.
Chat with a chatbot
Users can exchange text messages with a chatbot via the ELSTER chat platform. The chatbot is a text-based dialog system that allows users to chat with a computer program. Questions on the topic of "ELSTER" and general tax law questions on the topic of "property tax in Bavaria" can be easily asked online. The answer is provided fully automatically on the basis of text analysis and machine learning. The chatbot learns to answer more accurately by evaluating user suggestions for answers when there are several possible outcomes. In addition, the database is continuously improved through the editorial maintenance of the underlying data.
Responsible person and data protection officer
The controller within the meaning of the General Data Protection Regulation (DSGVO) and other national data protection laws of the member states as well as other data protection regulations is
Bavarian State Office for Taxes
Sophienstrasse 6
80333 Munich
089/9991-0
E-Mail: poststelle@lfst.bayern.de
Contact details of the Data Protection Officer:
Data Protection Officer of the Bavarian State Office for Taxes
Krelingstrasse 50
90408 Nuremberg
0911/991-1004
E-Mail: datenschutz@lfst.bayern.de
Description and scope of data processing
The chatbot provides the user with non-binding answers to general tax-related questions about property tax in Bavaria and questions about "ELSTER". It cannot and may not provide the user with tax advice. It is not necessary to enter personal data (e.g. first name and surname, age, tax number or tax identification number, etc.) to use the chatbot. The chatbot does not require this data. If personal data is nevertheless communicated when using the chatbot (so-called imposed personal data), this will also be processed to the extent specified above.
Legal basis for data processing
The processing described is carried out on the legal basis of Article 6(1)(1)(e), (2), (3)(b), (4), Article 9(2)(g) GDPR in conjunction with the Fiscal Code.
Purpose of data processing
The data entered is processed in order to provide general information on the property tax reform in Bavaria and information on the topic of "ELSTER". The processing takes place in dialog, similar to a conversation, and is fully automated on the part of the chatbot. The data collected is used exclusively for the continuous improvement of the chatbot and the quality assurance of the information provided by the employees
Duration of storage
The chat messages are stored in the data center of the Bavarian State Tax Office. The data entered by users (chat messages) are deleted here after one year. Furthermore, the IP addresses of users are stored in the data center of the Bavarian State Tax Office for a period of 7 days.
Security measures
The Bavarian State Tax Office takes organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures include, in particular, the encrypted transmission of data between the user's Browser or end device and our Server. SSL or TLS encryption is used in the chat to protect the transmission of confidential content, such as requests that are sent to us as the site operator.
Rights of data subjects
Users have the right vis-à-vis the responsible body:
- to information about the processing of their personal data (including information about the purpose, recipients and duration of storage) in accordance with Article 15 DSGVO,
- to rectification of inaccurate personal data (Article 16 DSGVO),
- to erasure in accordance with Article 17 DSGVO,
- to restriction of processing and data portability (Articles 18 and 20 DSGVO) and
- to object to the processing of their data at any time (Article 21 DSGVO). After a successful objection, the personal data will no longer be processed. An exception applies if there are compelling legitimate grounds that outweigh the interests of the user.
Any data subject may contact the data protection officer or the controller in order to exercise any of the rights mentioned in this section.
If users are of the opinion that we have not or not fully complied with their request, they can lodge a complaint with the competent data protection supervisory authority.
As a rule, this is the Federal Commissioner for Data Protection and Freedom of Information (contact details at www.bfdi.bund.de ). The contact details of the data protection authorities of the federal states can be found at www.datenschutz.de/projektpartner/.
General information on these rights:
In some cases, we cannot or may not comply with users' requests (Sections 32c to 32f of the German Fiscal Code). If this is permitted by law, we will always state the reason for the refusal.
Transmission of the collected data to third parties
If you select a language other than "German", the automated translation service of DeepL GmbH will be used for the translation. Your entries and their translations will not be stored by DeepL GmbH and will only be used to the extent necessary to produce the translation. The data processing is carried out in the context of a task carried out in the public interest (Article 6(1)(1)(e) DSGVO).
Download the information on Chat as a PDF document
You can download the above information on the implementation of data protection in the chat here download.