Kauftax Privacy Policy

Introduction

Welcome to Kauftax! This Privacy Policy explains how RespondMate (doing business as "Kauftax") collects, uses, and protects personal data when you use our B2B SaaS platform. We are committed to handling personal information in compliance with the EU General Data Protection Regulation (GDPR) and applicable Dutch laws. Kauftax is a service that automates invoicing and tax data handling for sellers on the Kaufland Global Marketplace, and this policy describes how we process data both about our users (sellers) and, in some cases, their customers, in a lawful and transparent manner.

By using Kauftax, you acknowledge that you have read and understood this Privacy Policy. This Policy is incorporated into our Terms of Service and Data Processing Agreement (DPA). Please note: Kauftax is a business service intended for use by companies and not for personal consumer use or individuals under 16 years of age. You must create an account to access our services; providing certain personal data is necessary for account registration and service provision. If you do not agree with this Policy or do not provide the required data, you may not use Kauftax.

Who We Are (Data Controller)

RespondMate, operating under the name "Kauftax," is the organization responsible for the personal data we collect and process in connection with the Kauftax platform. RespondMate is a company registered in the Netherlands (KVK 73598070) with a registered address at Midsbuorren 32, 9003 LB Warten, Netherlands. In this Privacy Policy, "Kauftax," "we," "us," or "our" refers to RespondMate.

For most personal data described in this Policy (such as your account information and usage data), RespondMate is the data controller. However, when you use our platform to process your own customers' invoice data, RespondMate acts as a data processor on your behalf for that customer-related data. (See Customer Invoice Data below for details.) You, as the seller, remain the data controller for your customers' data, and our DPA outlines our obligations as your processor.

If you have any questions or requests regarding your personal data or this Privacy Policy, you can contact us by email at support@kauftax.com (or legal@kauftax.com for legal/privacy inquiries) or by mail at the address above. We take privacy inquiries seriously and will respond in accordance with GDPR. We do not have a designated Data Protection Officer, but our team is prepared to address your concerns. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) as described in the Your Rights section of this Policy.

Personal Data We Collect

We collect and process different categories of personal data in order to provide and improve our services. Below is an overview of the types of data we collect and how we obtain them:

Account and Registration Information

When you sign up for Kauftax, we collect information necessary to create your account. This includes your company name, a chosen username, business email address, first name, last name, country, and account password. We require this information to set up your account and verify your business identity. Account creation is necessary to access the Kauftax service – if you do not provide this data, we cannot provide you with an account or our services. We may also collect your contact details (like email or phone number) when you communicate with us for support.

Billing and Payment Information

If you subscribe to our paid plan, we (through our payment processor) collect payment details. This may include your credit/debit card information (cardholder name, card number, expiry date, CVC) or bank account IBAN for SEPA direct debit, as well as billing address if needed. Importantly, Kauftax does not store your full payment card details on our servers – your card or bank information is securely processed by our payment provider Mollie and not retained by us. We keep records of your subscription status and transactions (e.g. payment amounts and dates) for invoicing and accounting purposes.

Kaufland Order and Invoice Data (Customer Personal Data)

In order to automate your invoices, Kauftax connects with the Kaufland marketplace on your behalf. When you integrate your Kaufland seller account with Kauftax, our system retrieves order and transaction data from Kaufland's API. This data includes personal information about your customers (the buyers on Kaufland) that appears on invoices. Specifically, we may collect customer names, billing and/or shipping addresses, purchase details (such as items purchased, quantity, price, tax amount, order date, order ID), and other information needed to generate a compliant invoice.

This customer invoice data is provided to us via your Kaufland account and not directly by the individuals; we obtain it only to perform the service you have requested. We use this data to automatically generate PDF invoices and upload them back to the Kaufland platform for each order. We do not use your customers' personal data for any purpose other than creating and handling invoices on your behalf, in accordance with our contract and DPA. Important: You are responsible for ensuring you have the legal right to share your customers' data with us for processing; by using Kauftax, you confirm that you have obtained any necessary customer consent or provided any required privacy notices to your customers for this data transfer.

Usage Data and Technical Information

Like most online services, we automatically collect certain technical data when you interact with our website or application. This includes information such as your device's IP address, browser type, operating system, unique device identifiers, dates/times of access, and website usage logs (e.g. pages you visited, actions taken within the app). We collect this data to monitor system performance, administer the service, and secure the platform. For example, our servers may log your IP address when you log in or perform actions, both for security and to derive aggregate usage insights. Some of this data is collected via cookies and similar technologies – see Cookies and Analytics below for more detail.

Cookies and Analytics Data

When you visit our website or use the Kauftax web application, we use cookies and tracking technologies to improve your experience and analyze usage. Cookies are small text files stored on your browser. We use essential cookies for things like maintaining your login session (so you remain logged in as you navigate the site) – these are necessary for the website to function. With your consent, we also use analytics cookies (from third parties like Google Analytics) to collect information about how our site is used.

The analytics data collected may include information about your device, what pages or features you use, how long you stay, and how you arrived at our site. Google Analytics provides us reports on website traffic and interactions, which we use to understand user engagement and improve our service. We have configured Google Analytics 4 in a privacy-friendly manner – IP anonymization is enabled by default (meaning Google truncates or does not store your full IP address), and we limit data retention to 14 months (the shortest option). No personally identifying information (like names or emails) is included in analytics data. You can control or disable analytics cookies via our cookie consent banner or your browser settings (see Cookies and Consent below).

Communications

If you contact us (for example, via support email or contact form), we will collect the information you provide in your inquiry, such as your name, email address, and the content of your request. We will use this information to respond to you and resolve any issues. Additionally, if you subscribe to our newsletter or marketing updates (optional), we will collect your email and record that you consented to such communications.

We do not collect any special categories of personal data (such as racial or ethnic origin, political opinions, health data, etc.) in the ordinary course of providing Kauftax, nor do we intend to process any personal data of minors. Kauftax is a business service and is not directed to children; we do not knowingly collect information from anyone under 16 years old. If we learn that we have inadvertently received personal data from a child under the applicable age of consent without proper authorization, we will delete it.

How We Use Personal Data (Purposes and Legal Bases)

Kauftax uses the personal data we collect only for legitimate business purposes and in accordance with GDPR requirements. We ensure that we have a valid legal basis under Article 6 GDPR for each processing purpose, as detailed below. We do not use your data for any purposes that are incompatible with those described here, and we never sell personal data to third parties.

We will only use your personal data for the purposes above. If we need to process your data for a new purpose that is unrelated to the ones listed, we will notify you and, if required, obtain your consent or provide you with a legal justification as per GDPR. We do not engage in any automated decision-making or profiling that produces legal or similarly significant effects on you.

Cookies and Tracking Technologies

Cookies and similar technologies are used on the Kauftax website to ensure it works smoothly and to help us understand usage. When you first visit our site, you will see a cookie consent banner (or similar notice) that allows you to accept or manage your cookie preferences. We use a Consent Management Tool to record your choices in a compliant way. Below we describe the types of cookies we use and how you can control them:

Essential Cookies

These cookies are necessary for our website and service to function properly. They enable core functionalities such as security, authentication, and network management. For example, when you log in to your Kauftax account, we set a session cookie to keep you logged in as you navigate, and to prevent unauthorized access. These cookies do not require consent because they are needed to provide the service you explicitly request.

Analytics Cookies

These cookies are used only with your consent to collect information about how visitors use our website. We use Google Analytics 4 (GA4) as our analytics tool. Google Analytics sets first-party cookies (such as _ga, _gid, etc.) that allow us to recognize and count visitors and see how they navigate the site. We have configured Google Analytics to enhance your privacy: IP anonymization is enabled by default (GA4 does not store users' full IP addresses), and we have set Google Analytics to retain data for no more than 14 months.

Cookie Consent & Management

On your first visit, no non-essential cookies (like analytics) will be set unless you explicitly allow them via the cookie banner. You can choose to Accept all cookies, Reject non-essential cookies, or pick specific preferences if our tool offers that granularity. If you accept analytics cookies and later change your mind, you can always update your preferences. This can be done by clicking the "Cookie Settings" link on our website (typically found in the footer or the banner) to reopen the consent manager and modify your choice.

How We Share Personal Data

We understand that your personal data is important, and we do not sell or rent your personal information to third parties for their own marketing purposes. However, we do share certain data with third parties in the following contexts, strictly as needed to run our service or as required by law. Whenever we share data, we ensure appropriate safeguards (such as contractual agreements) are in place to protect your information.

Service Providers (Processors)

We use trusted third-party companies to perform services on our behalf, and these providers may process personal data in the course of providing their services. Key service providers for Kauftax include:

• Cloud Hosting Provider: Kauftax is hosted on the Google Cloud Platform (GCP). Google Cloud acts as our cloud infrastructure provider, which means that all of the data you input into Kauftax is stored and processed on Google's secure servers.
• Payment Processor: We partner with Mollie B.V. for payment processing. When you enter payment details, that information is sent directly to Mollie. Mollie will process your payment transactions (charging your card or bank) and then tell us if a payment was successful or not.
• Analytics Services: As described, we use Google Analytics for website analytics. Google acts as a processor for us in this context.

Kaufland Platform Integration

Because our service involves connecting to the Kaufland Global Marketplace, there is an exchange of data between Kauftax and Kaufland's systems as part of the integration that you authorize. This means:

• We receive data from Kaufland: When you connect your Kaufland seller account to Kauftax, we fetch your orders which contain personal data of your customers.
• We send data to Kaufland: After generating an invoice, we automatically upload the invoice back to the Kaufland marketplace via their API.

Legal Requirements and Protection

We may disclose personal data to third parties (such as courts, law enforcement agencies, regulatory bodies, or other authorities) if we determine that such disclosure is legally necessary. For example, we may share data in response to a subpoena, court order, or other government demand that meets legal standards.

Business Transfers

If RespondMate (Kauftax) undergoes a business transaction such as a merger, acquisition, corporate reorganization, or sale of assets, your personal data may be transferred to the successor or new owner as part of that transaction.

International Data Transfers

We are based in the Netherlands, and as much as possible we store and process personal data within the European Economic Area (EEA). However, some of our service providers are located outside the EEA, or may route data outside the EEA. In particular:

Google Cloud Platform (Hosting)

While we primarily choose EU data centers (e.g., Belgium, Netherlands, Germany) for hosting, Google Cloud is operated by Google, a U.S.-headquartered company. This means that in some cases personal data could be accessed by Google personnel in non-EU countries (for maintenance or support). Google Cloud has committed to GDPR compliance and offers Standard Contractual Clauses (SCCs) as transfer mechanisms to cover any exports of personal data.

Google Analytics

Google Analytics involves data being sent to Google. Google may process analytics data on servers located in the United States or other countries outside the EU. This means your truncated IP address, cookie identifiers, and usage data might be transferred to the U.S. for analysis. We address this by: (a) enabling IP anonymization, (b) having a Data Processing Addendum with Google including the European Commission's Standard Contractual Clauses, and (c) relying on Google's participation in the EU-US Data Privacy Framework.

Whenever we transfer personal data out of the EEA to a country that the European Commission has not deemed to have an "adequate" level of data protection, we will implement one or more of these safeguards: Standard Contractual Clauses (SCCs), Additional Technical Measures (encryption), Data Privacy Framework Certification, or Explicit Consent.

Data Retention

We will not keep your personal data for longer than is necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Because we handle different types of data for different purposes, retention periods can vary. Here is an overview of how long we typically retain personal data:

• Account Information: We retain the personal information you provided at registration for as long as your account is active. If you choose to delete your account or if your account is terminated, we will initiate the deletion of your personal account data from our production systems, generally within 30 days of account closure.
• Customer Invoice Data: The data about your customers (orders, invoices) that we process on your behalf is retained in your account to provide you ongoing access to invoice history and for use in future transactions.
• Payment and Financial Data: Records of payments, invoices issued to you, and other financial info will be retained as long as needed for accounting and tax purposes. Generally, under Dutch law, we may need to keep company financial records for 7 years.
• Communication Data: If you contact support or email us, we may retain those communications for a period of time. Support tickets and emails are typically kept for up to 2 years after resolution.
• Analytics Data: Data collected via Google Analytics is retained by Google Analytics as per our configured retention (14 months for user-level data).

Data Security

We take the security of your personal data very seriously. RespondMate has implemented a variety of technical and organizational measures to protect the personal information processed through Kauftax from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption: All communication between your browser and our service is secured using SSL/TLS encryption (HTTPS). We also employ encryption at rest for stored data in our databases and backups.
• Access Controls: We restrict access to personal data strictly to personnel and service providers who need it to operate or support the service.
• Data Segmentation: Each customer's data is logically separated in our system to prevent accidental mix-ups.
• Testing and Audit: We regularly update our software and dependencies to address security vulnerabilities. We conduct periodic security assessments and code reviews.
• Backup and Recovery: We perform regular backups of our database and files to ensure data can be recovered in case of hardware failure or other incidents.
• Monitoring: Our systems are monitored for anomalies or potential intrusions. We use firewalls and network monitoring to guard against attacks.

Despite our best efforts, no system can be 100% secure. We therefore also have an incident response plan. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by GDPR (Article 33/34) without undue delay.

Your Rights as a Data Subject

As an individual whose personal data is processed by Kauftax, you have certain rights under the GDPR and related Dutch data protection laws. Kauftax is committed to honoring these rights. Below are the key rights you have:

To exercise any of your rights, you can contact us at privacy@kauftax.com or support@kauftax.com with your request. We will respond to your request without undue delay, generally within one month as required by GDPR.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make any significant changes, we will notify you by appropriate means. For example, we may post a notice on our website or within the app, and/or send you an email notification, prior to the changes becoming effective. The "Effective Date" at the top of this Policy will always indicate when the last changes were made.

Your continued use of Kauftax after any modifications to the Privacy Policy have become effective constitutes your acceptance of those changes. However, if changes require new consent (for example, if we were to start processing data for a new purpose that originally required consent), we will obtain your consent accordingly.