eBilanz FabrikDEEN← back

Privacy Policy

Last updated: 16 July 2026

1. Controller

David Wirfs (sole proprietorship — eBilanz Fabrik), Naumannstraße 1, 50735 Köln, email: hello@ebilanzfabrik.de. See the Imprint.

2. Principle — data minimization within statutory duties

eBilanz Fabrik processes as little data as possible — and as much as the engagement and the law require. The website uses no tracking cookies and relies solely on cookieless, privacy-friendly reach measurement (Pirsch, Emvi Software GmbH, Germany) — no cookies, no cross-device tracking, no personal profiles (see sections 3 and 4). Your financial data is processed solely to carry out your engagement — never profiled, never used for advertising, never sold. To perform the engagement and to meet statutory retention duties (§ 147 AO, GoBD) we store the complete engagement record (your details and confirmations) and the filing artifacts (XBRL e-Bilanz, Transferticket, invoice) — see sections 3 and 5. Your ELSTER certificate is never stored.

3. Data processed, purposes, legal bases

4. Recipients / processors

For internal record-keeping and backup, the controller additionally keeps an access-protected archive copy of engagement data on its own systems. You can request a copy of the Standard Contractual Clauses (SCCs) for the relevant third-country recipient (Stripe as independent controller) via hello@ebilanzfabrik.de.

5. Retention period

Filing artifacts and invoice data plus the complete engagement record (invoice, XBRL e-Bilanz, Transferticket, your details and confirmations incl. payment references): 10 years (§ 147 AO, § 257 HGB / GoBD). Contact data: until handled, then per statutory periods. Reach measurement (section 3): the pseudonymous analytics data is deleted after 6 months (the analytics provider's retention period on the plan in use); the IP address itself is never stored at any point. Server logs: a short, operationally usual period. Your ELSTER certificate: never stored (used exclusively in memory for the one transmission).

6. Your rights

You have the right to access (Art. 15), rectification (16), erasure (17), restriction (18), data portability (20) and objection (21), plus a right to lodge a complaint with a supervisory authority (Art. 77). The right to erasure does not apply where processing is required to meet statutory retention duties (Art. 17(3)(b) GDPR); such data is restricted instead of erased for the duration of the retention period. Competent supervisory authority: the Data Protection Commissioner of North Rhine-Westphalia (LDI NRW), Düsseldorf. Contact: hello@ebilanzfabrik.de.

eBilanz Fabrik · Start · Imprint · Terms
The German version (Datenschutz) is legally binding; this is a courtesy translation.