📜Privacy Policy

How we collect, use, and protect your personal information when using our services.

Governing Law: Dutch law, jurisdiction in the Netherlands

Last updated: October 2025

Back to Legal

🏢Controller

Important information

• Taxsoar, Rotterdam, The Netherlands

• Contact: legal@taxsoar.com

• We are the controller for the personal data described in this policy

📋Information We Collect

Types of personal and service data we collect from users

Personal Information

We may collect the following categories of data (as applicable and when required):

• Name, email address, phone number, BSN, RSIN, KVK, VAT and business details

• Information you voluntarily provide when contacting us or using our services

Service Data

• Documents and information necessary to perform bookkeeping services

• Tax compliance and advisory service materials

Usage Data

• Basic technical information automatically transmitted when you visit our site

• IP address, browser type, device type, pages visited

Cookies

• We use essential cookies for security, session management, and preferences (e.g., theme and navigation).

• We use Zoho Analytics to collect statistical usage data to improve our website and services
• We use Zoho SalesIQ to provide website chat and support
• For details, see our Cookie Policy (including how to manage cookies and consent where required)

Electronic signing data

• Signer identity (name, email)

• Document content and signing status

• Audit-trail data: timestamps, IP address, device/browser info

• Cryptographic proofs/hashes generated by the e-signature provider

⚙️How We Use Your Information

Ways we utilize collected information for service delivery

Service Provision

• To provide and improve our professional services

• To communicate with you regarding inquiries, contracts, or support

Legal Compliance

• To comply with legal and regulatory obligations

• Tax law, AML/KYC requirements

• BSN/RSIN/VAT processing relies on legal obligation (Art. 6(1)(c) GDPR) and is restricted by Dutch law (UAVG Article 46 — only where a law permits use of the BSN)

• To improve website functionality and security

Legal bases (GDPR)

• Contract (Art. 6(1)(b)) — to provide services and execute documents

• Legal obligation (Art. 6(1)(c)) — statutory retention, AML/KYC

• Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, evidencing transactions (incl. e-signature audit trail)

🔒Data Sharing

How and when we might share your information with third parties

Our Policy

• We do not sell or trade your personal data

• Information shared only where necessary to deliver services

• BSN/RSIN/VAT disclosure is limited to authorities and processors strictly necessary to meet legal obligations (e.g., tax authorities/accounting platforms). We do not use BSN as a general identifier or share it for marketing

Service Providers

• Carefully selected service providers or professional partners

• External tax specialists, IT/cloud service providers

• Such parties are bound by confidentiality and data protection safeguards

Legal Requirements

• We may disclose information if legally required to regulators or authorities when mandated by law

Processors

• Hosting/CDN; EU database & storage

• Accounting platforms

• E-signature provider(s)

• Email/SMS delivery; authentication/security

• We sign Data Processing Agreements (DPAs) with all processors and use EU data residency where available

🌍International transfers

How we deal with international Transfers

Our storage

• We primarily store personal data in the EU

• If limited transfers occur (e.g., support/telemetry), we use Standard Contractual Clauses (SCCs) or equivalent safeguards

📅Data Retention

How long we keep your data and deletion policies

Retention Period

• We retain client documents and service-related data only as long as necessary

• To meet legal obligations (e.g., statutory retention requirements), signed PDFs, e-signature audit certificates, all legal documents and agreements are stored in our EU storage for the engagement term + 7 years after termination of said engagement

• Where supported, we configure our e-signature provider to purge its copy shortly after completion.

• BSN within statutory records is retained for the legal retention period (~ 7 years for business records). Outside those records we delete or mask the BSN

Data Minimization

• Non-essential personal identifiers are minimized where possible

• BSN, private addresses, phone numbers reduced when feasible

Secure Deletion

• When retention is no longer required, data is securely deleted

• Or anonymized according to data protection standards

🛡️Data Security

Technical and organizational measures to protect your data

Protection Measures

• Technical and organizational measures to protect your data

• Against loss, unauthorized access, misuse, or disclosure

• Webhooks: we verify signed webhook requests (e.g., HMAC) and process them securely

• No PII in URLs: we do not include personal data in query strings or webhook URLs; we use opaque IDs

• Minimisation & masking: BSN is also not shown in logs, URLs, or email subjects; UI shows redacted where possible

• Access control: BSN is restricted to authorised roles; transmission only over TLS; never placed in webhook/query strings

• Access is restricted to authorized personnel only

⚖️Your Rights

Your rights under GDPR and data protection laws

GDPR Rights

Contact legal@taxsoar.com

• Access the personal data we hold about you

• Correct inaccuracies in your data

• Request deletion where legally permitted

• Restrict or object to certain types of processing

• Request portability of your data to another provider

• We respond to requests within 1 month (may be extended by up to 2 months for complex requests; we will notify you)

• To protect your data, we may ask you to verify your identity (email/account verification; only what’s necessary

)

• You can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we are not complying