Privacy Policy

At Spitzlei, we understand that your financial information deserves the highest level of protection. This policy explains exactly how we collect, use, and safeguard your personal data when you work with our tax optimization services.

We operate under German data protection laws (DSGVO/GDPR) and maintain strict standards that often exceed legal requirements. Your trust is fundamental to our business relationship, and we've designed our data practices to earn and maintain that trust.

This policy applies to all interactions with Spitzlei, whether through our website, direct consultations, or ongoing client relationships. We believe in transparency – if something isn't clear, please ask us directly.

The information we collect falls into several categories, each serving specific purposes in delivering our tax optimization services:

We collect this information directly from you during consultations, through secure document uploads, or via our website contact forms. We never purchase personal information from third parties or collect data without your knowledge.

Your information serves specific, legitimate business purposes related to providing tax optimization services:

• Service Delivery: Analyzing your financial situation and developing personalized tax strategies
• Legal Compliance: Meeting our obligations as a regulated financial service provider under BaFin oversight
• Communication: Keeping you informed about your case, regulatory changes, and relevant tax developments
• Quality Assurance: Maintaining service standards and improving our advisory processes
• Security: Protecting your information and preventing unauthorized access to your financial data

We process your data based on legitimate business interests, contractual necessity, and legal obligations. For sensitive financial information, we rely on your explicit consent, which you can withdraw at any time.

We do not use your personal information for marketing to third parties, selling contact lists, or any purposes unrelated to our tax optimization services.

We maintain strict limits on data sharing. Your information may be shared only in these specific circumstances:

• Regulatory Authorities: When required by German tax authorities or BaFin for compliance purposes
• Professional Partners: With specialized tax advisors or legal counsel when necessary for your case, under strict confidentiality agreements
• Service Providers: With vetted technology providers for secure document storage and communication, who cannot access or use your data independently
• Legal Obligations: When compelled by court orders or legal proceedings, with advance notice to you when legally permitted

We never sell your personal information. Any data sharing requires either your explicit consent or a clear legal obligation. All third parties who handle your information sign comprehensive confidentiality agreements.

For international clients, we ensure any data transfers outside Germany meet GDPR adequacy standards or include appropriate safeguards.

German data protection law grants you comprehensive rights regarding your personal information. Here's what you can request and how to exercise these rights:

To exercise any of these rights, contact us directly at info@spitzlei.digital or call our office. We respond to requests within 30 days and never charge fees for legitimate requests.

We protect your information using multiple layers of security appropriate for sensitive financial data:

• Encryption: All data transmissions use TLS encryption, and stored files are encrypted using AES-256 standards
• Access Controls: Only authorized personnel can access client information, with individual user authentication and activity logging
• Physical Security: Our offices maintain restricted access, secure document storage, and professional-grade IT infrastructure
• Regular Audits: We conduct annual security assessments and maintain cyber insurance coverage
• Staff Training: All team members complete data protection training and sign confidentiality agreements

Your information is stored on German servers operated by certified data centers. We maintain backup systems to prevent data loss while ensuring backups receive the same security protections as active files.

We retain client information for seven years after our service relationship ends, as required by German tax law. Active client files are reviewed annually to ensure we hold only necessary information.

Our website collects minimal information needed for functionality and security:

• Essential Cookies: Required for website operation, secure login, and maintaining your session
• Contact Forms: Information submitted through our website receives the same protection as direct client communications
• Server Logs: We maintain basic access logs for security purposes, automatically deleted after 90 days
• No Tracking: We don't use analytics cookies, social media pixels, or advertising trackers

Our website prioritizes functionality over data collection. We don't use third-party marketing tools or share browsing information with external companies.

If you contact us through the website, your inquiry is handled with the same confidentiality standards as direct client communications.