Privacy Policy

1. Data Controller

The controller responsible for processing your personal data is:

Meridian Tax Advisors GmbH is registered with the Amtsgericht Berlin-Charlottenburg and is a member of the Steuerberaterkammer Berlin. Our advisors are subject to professional secrecy obligations under § 57 StBerG.

2. Data We Collect

2.1 Data you provide directly

• Identity data: full name, title, academic degrees, job title, employer name
• Contact data: email address, telephone number, postal address
• Engagement data: information about your tax situation, financial and corporate structure details shared during advisory mandates
• Financial data: bank and payment information for invoicing purposes
• Special categories (if applicable): information about health, nationality or residency status where directly relevant to your tax matter — processed only on the basis of your explicit consent or to establish/defend legal claims

2.2 Data collected automatically

• Technical data: IP address, browser type and version, device type, operating system, time zone
• Usage data: pages visited, referral sources, session duration, clicks
• Cookie data: see our Cookie Policy

3. Purposes of Processing

• Responding to enquiries and providing tax advisory services
• Managing client relationships and engagement files
• Fulfilling professional obligations (conflict checks, anti-money laundering compliance under GwG)
• Billing and financial administration
• Sending service-related updates and correspondence concerning your matter
• Improving and securing our website
• Complying with German and EU legal and regulatory requirements
• With consent: sending newsletters on German and international tax developments

4. Legal Basis (GDPR Article 6)

• Art. 6(1)(a) — Consent: For marketing communications and newsletter subscriptions.
• Art. 6(1)(b) — Contract performance: For providing the advisory services you have requested and administering our engagement.
• Art. 6(1)(c) — Legal obligation: Compliance with the German Money Laundering Act (GwG), tax law, and professional conduct rules applicable to Steuerberater.
• Art. 6(1)(f) — Legitimate interests: Website analytics, fraud prevention, maintaining business records, and responding to unsolicited enquiries.

For special category data, we rely on Art. 9(2)(f) (legal claims) or Art. 9(2)(a) (explicit consent).

5. Data Retention

• Client engagement files: 10 years after end of engagement (§ 66 StBerG professional retention requirement; § 195 BGB general limitation period).
• Financial and accounting records: 10 years (§ 147 AO — German Fiscal Code).
• Anti-money laundering records: 5 years after end of business relationship (§ 8 GwG).
• Marketing consents and contact enquiries: 3 years from last interaction, unless consent is withdrawn earlier.
• Website analytics data: 26 months (anonymised after 14 months).

6. Third Party Sharing

We may share your personal data with:

• Tax authorities and courts: when representing you before the Finanzamt, Finanzgericht, or BFH
• Correspondent advisors: tax professionals in other jurisdictions who assist with cross-border matters (under confidentiality agreements)
• IT service providers: case management, document storage, and email hosting providers (under data processing agreements pursuant to Art. 28 GDPR)
• Auditors and professional bodies: including the Steuerberaterkammer Berlin as required

We do not sell, license, or otherwise disclose personal data to third parties for commercial or advertising purposes.

7. International Transfers

We store and process your personal data primarily on servers located within the EU/EEA. Where we use service providers who may transfer data to third countries, we ensure adequate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or adequacy decisions under Art. 45 GDPR.

Details of applicable safeguards for any specific international transfer are available on request.

8. Data Security

We maintain comprehensive technical and organisational security measures, including:

• TLS/SSL encryption for all data in transit
• Encryption at rest for client files and sensitive documents
• Role-based access controls and multi-factor authentication
• Regular staff training on information security and professional secrecy
• Physical document security and secure disposal procedures
• Annual security assessments

In the event of a personal data breach likely to result in a risk to your rights, we will notify the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) within 72 hours and inform affected individuals where required under Art. 34 GDPR.

9. Your Rights

Under the GDPR and BDSG, you have the following rights:

• Right of access (Art. 15 GDPR): Obtain a copy of your personal data and information about how it is processed.
• Right to rectification (Art. 16 GDPR): Correct inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR): Request deletion where data is no longer necessary or processing was unlawful (subject to overriding retention obligations).
• Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR): Object to processing based on legitimate interests or direct marketing.
• Right to restriction (Art. 18 GDPR): Restrict processing in specified circumstances.
• Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time without affecting lawfulness of prior processing.

To exercise your rights, please contact team@meridiantax.com. We will respond within one calendar month. We may ask you to verify your identity.

10. Cookies

We use cookies and similar technologies on our website. For full details, please see our Cookie Policy.

11. Minors

Our website and professional services are directed at business users and adults. We do not knowingly collect personal data from persons under 16 years of age. If you believe we have inadvertently received data from a minor, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law or our practices. Material changes will be announced by updating the "last updated" date above. We encourage you to review this policy regularly.

13. Complaints

We take data protection seriously and encourage you to raise any concerns with us first at team@meridiantax.com.

If you remain unsatisfied, you have the right to lodge a complaint with the German supervisory authority:

You may also lodge a complaint with the supervisory authority competent for Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit (datenschutz-berlin.de).

14. Contact

For privacy-related questions, please contact us: