Skip to main content

Privacy Policy

This privacy policy applies to florian-enders.de. The controller is established in Germany. EU/EEA-residents are protected by GDPR; non-EU residents see the rights summary below.

1. Controller

Florian Enders
Tax Advisor
tietze enders & Partner mbB
Höchster Str. 72
65835 Liederbach am Taunus, Germany

Email: donna@florian-enders.de

2. Overview of Processing Activities

This privacy policy informs you about the nature, scope and purpose of the processing of personal data within our online offer in accordance with Art. 13 GDPR.

3. Legal Bases

The processing of personal data is carried out on the following legal bases:

  • Art. 6 (1) a GDPR (consent)
  • Art. 6 (1) b GDPR (performance of a contract and pre-contractual enquiries)
  • Art. 6 (1) f GDPR (legitimate interest, e.g. providing the website)

4. Server Log Files

The hosting provider of this website automatically collects and stores information in server log files that your browser transmits automatically. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • IP address
  • Time of the server request

This data cannot be assigned to specific persons. No merging of this data with other data sources is carried out. Collection is based on Art. 6 (1) f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website.

Hosting: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. A data processing agreement pursuant to Art. 28 GDPR is in place.

5. Contact and Enquiries

a) Contact Form and Navigator

You can reach us via a contact form or our interactive navigator on our website. Depending on the form, we collect: name, email address, telephone number and your message or information about your concern (e.g. type of advice requested, estimated assets, time frame).

The processing of this data is carried out on the basis of Art. 6 (1) b GDPR (pre-contractual measures) and Art. 6 (1) f GDPR (legitimate interest in the efficient handling of enquiries).

b) Storage and Processing (CRM)

Your enquiry data is stored in our contact management system (CRM), which is operated on our own servers in Germany (self-hosting, Hetzner Online GmbH, Falkenstein data centre). There is no transfer to third parties or to third countries.

c) Enquiry Prioritisation (Lead-Scoring)

In order to process enquiries efficiently, we use an automated pre-assessment (scoring) based on the information you provide in the form. A score value is calculated from your voluntary information that estimates the urgency and suitability of your concern.

This serves exclusively for internal prioritisation and does not constitute automated decision-making within the meaning of Art. 22 GDPR — contact and consultation are always carried out by a human. The legal basis is Art. 6 (1) f GDPR (legitimate interest in efficient office organisation).

d) Contact by Email or Telephone

If you contact us by email or telephone, your enquiry, including all personal data arising from it (name, enquiry), will be stored and processed by us for the purpose of handling your concern. We do not pass on this data without your consent.

e) Retention Period

Enquiry data is deleted as soon as the purpose for storage ceases to apply and no statutory retention obligations preclude deletion. If no client relationship arises, your data will be deleted no later than six months after the last contact.

6. Newsletter

a) Content and Purpose

You can register for our newsletter on our website. The newsletter provides information on topics from tax law, inheritance law, succession advice and asset structuring. Dispatch only takes place after your express consent (Art. 6 (1) a GDPR).

b) Registration Procedure (Double-Opt-In)

Registration is carried out via a double-opt-in procedure: after entering your email address and confirming your consent, you will receive a confirmation email with an activation link. Only after clicking on this link will your address be added to our distribution list.

As part of registration we store: your email address, the time of registration, your IP address at registration and confirmation. This data serves exclusively as proof of your consent pursuant to Art. 7 (1) GDPR.

c) Email Service Provider

Dispatch takes place via Brevo (formerly Sendinblue), Brevo GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. A data processing agreement pursuant to Art. 28 GDPR is in place. Brevo processes your data exclusively within the EU.

d) Performance Measurement

Our newsletters contain so-called tracking pixels that record whether an email has been opened and which links have been clicked. This evaluation serves to optimise our content and is carried out on the basis of your consent (Art. 6 (1) a GDPR). You can object to the tracking by deactivating the display of images in your email program.

e) Withdrawal and Unsubscription

You can withdraw your consent at any time with effect for the future. Every newsletter email contains an unsubscribe link. Alternatively, you can contact us by email at donna@florian-enders.de. After withdrawal your email address will be deleted from the distribution list without delay.

f) Retention Period

Your email address is stored until your consent is withdrawn. The log data of registration (IP, timestamp) is stored for the duration of the newsletter subscription and up to three years after unsubscription (proof of consent, § 195 BGB — German Civil Code).

7. Cookies, Tracking and Analytics

a) Consent (Cookie Banner)

On your first visit to this website, you will be asked whether you consent to the use of analytics tools. Analytics cookies are only set and tracking is only activated after your express consent (Art. 6 (1) a GDPR). Your decision is stored in the local storage of your browser (localStorage) so that you are not asked again on each visit.

b) PostHog (Web Analytics)

If consent is granted, we use PostHog, an open-source analytics tool. PostHog records pseudonymised usage data such as pages visited, time spent on the site, device type and browser. The data is processed exclusively on EU servers (PostHog EU Cloud, hosting in Frankfurt am Main). There is no transfer to third countries outside the EU.

Provider: PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA. Data processing takes place on EU servers (aws-eu-central-1).

Data Collected:

  • Pages visited and time spent on site
  • Device type, operating system and browser
  • Approximate location (country/region, no exact position)
  • Referrer (where you came to the site from)

No personal profiles are created. Collection takes place in a pseudonymised manner (setting: "identified_only").

c) Withdrawal of Consent

You can withdraw or change your consent at any time via the link “Cookie Settings” in the footer of this website. Clicking reopens the cookie banner so that you can make a new decision. After withdrawal, no further analytics data is collected. Alternatively, you can delete the local browser storage (localStorage) for florian-enders.de in your browser settings.

d) localStorage

This website uses localStorage (local browser storage) to store your cookie setting. Only the value "accepted" or "declined" is stored locally in your browser. This data is not transmitted to our servers.

8. Transfer of Data

A transfer of your personal data to third parties for purposes other than those listed below does not take place. We pass on your personal data to third parties only if you have given your express consent (Art. 6 (1) a GDPR), this is legally permissible and required for the performance of contractual relationships (Art. 6 (1) b GDPR) or there is a legal obligation (Art. 6 (1) c GDPR).

9. SSL / TLS Encryption

This site uses SSL or TLS encryption for security reasons. You can recognise an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

10. Retention Period

Server log files are automatically deleted after 14 days. Personal data from contact enquiries is deleted as soon as the purpose for storage ceases to apply and no statutory retention obligations preclude deletion.

11. Your Rights

You have the right:

  • to request information about your processed personal data pursuant to Art. 15 GDPR
  • to request the rectification of inaccurate data pursuant to Art. 16 GDPR
  • to request the erasure of your data pursuant to Art. 17 GDPR
  • to request the restriction of processing pursuant to Art. 18 GDPR
  • to receive your data in a portable format pursuant to Art. 20 GDPR (data portability)
  • to object to processing pursuant to Art. 21 GDPR

12. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with the competent data protection supervisory authority:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
(The Hessian Commissioner for Data Protection and Freedom of Information)
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany
datenschutz.hessen.de

Last updated: May 2026