Skip to content

Data Privacy Policy Finmatics Software

Privacy Policy of Finmatics GmbH

The protection of your personal data [1]  is in particular interest to 

Finmatics GmbH
Lindengasse 41/10, 1070 Wien
Phone: +43 1 997 4163
("we", "us")

In this Privacy Policy, we inform you in accordance with Articles 13 and 14 of the General Data Protection Regulation ("GDPR") about how we, as the Data Controller within the meaning of Article 4 No 7 GDPR, process personal data in connection with the Finmatics web application and the Finmatics mobile app (hereinafter referred to as "Finmatics-Software").

Further information on data processing in the context of your visit to our website (, our business relationship with you, your contact requests or your newsletter subscriptions can be found here.

  1. General

    We offer the Finmatics-Software to our customers (in particular tax consultants, accountants, companies with their own accounting department, hereinafter referred to as "Customers") in order to help digitize and automate their accounting processes. This involves the processing of data required  for accounting (invoice data of invoice addressees and issuers, "Business Partners") from documents provided by the Customers.

    Our Customers allow their employees or clients to access the Finmatics Software using a user name and password to further process such documents ("Software User").

    In the context of providing the Finmatics Software to Customers, we act primarily as a Processor of our Customers in accordance with Article 28 GDPR and conclude corresponding agreements with our Customers. For more detailed information on data processing of Software Users and Business Partners’ personal data, we therefore refer to the respective information provided by our Customers to those parties in accordance with Articles 13 and 14 GDPR.

    Our controllership under data protection law in the context of the Finmatics Software is therefore limited to the following processing activities:


  2. Chat Assistant

    In order to be able to answer questions from Software Users about the functionalities of the Finmatics Software even more efficiently, Finmatics provides a chatbot, currently based in particular on the information provided at, free of charge as a support aid for Software Users ("Chat Assistant"). When using the Chat Assistant, no personal data is in principle requested or processed by it.
    However, the Chat Assistant is linked to the user ID of the respective Software User in order to remember previous questions from a Software User for the future and to be able to provide them with information on queries regarding the Finmatics-Software more quickly.
    Data processing in the context of the Chat Assistant is carried out on the basis of Article 6 (1) lit b GDPR (contract fulfillment). The personal data processed in the context of the Chat Assistant is stored for the duration of the active Software User account.


  3.  Report illegal and abusive content in the Finmatics-Software

    Software Users can report illegal or abusive content in the Finmatics-Software at Reports can be made anonymously or by providing the Software Users’ contact details.

    Data processing (in particular the Software Users’ contact details) in the context of processing reports is carried out on the basis of Article 6 (1) lit c GDPR (in conjunction with the provisions of the Digital Services Act, Regulation (EU) 2022/2065).

    We process the personal data for as long as is necessary in accordance with statutory documentation and retention obligations. If the data processing is no longer necessary, we will delete the personal data.

  4. Recommendation of Finmatics Software by Software Users

    Software Users can voluntarily recommend the Finmatics Software to their colleagues and interested parties via a corresponding button in the Finmatics Software. A recommendation link is generated, which the Software User can send to its colleagues and other interested parties by e-mail, for example. The recommendation link is linked to the Software User who makes the recommendation. If the referral link is used by a colleague to conclude a contract with Finmatics, the Software User receives corresponding benefits. The following personal data of Software Users is processed as part of the recommendation: Name, e-mail address, IP address, browser data.

    Data processing in the context of referrals is based on our legitimate interest in accordance with Article 6 (1) lit f GDPR.

    We process the personal data for as long as is necessary in accordance with statutory documentation and retention obligations. If the data processing is no longer necessary, we will delete the personal data.

  5. Machine learning (ML) models as part of the Finmatics-Software

    Document (in particular invoices, "Documents") processing within our Finmatics Software is based on ML models ("Models"). The Finmatics-Software can, among other things:

    • read/extract relevant data from Documents,

    • Automatically separate and classify Documents,

    • generate / predict booking lines from the Documents and

    • check accounting records for tax criteria and accuracy.

    The Finmatics-Software can do this with a very high probability of accuracy because it has been trained accordingly with training data (historical booking data of the Customer or Software User feedback). If individual booking lines were incorrectly predicted in the Finmatics Software, these can be corrected manually by Software Users. By correcting these booking lines, the Finmatics-Software learns the correct (or corrected) booking line and can take them into account in future document processing.

    The Models running in the background of the Finmatics Software do not generally require any personal data for their training. In individual cases, however, it cannot be ruled out that limited personal data of Business Partners (in particular company, contact data and other invoice data, provided they are natural persons) may be extracted from the provided Documents.

    This personal data is processed on the basis of our legitimate interest in accordance with Articles 6 (1) lit f GDPR to be able to provide the Finmatics-Software to our Customers in an appropriately functional manner.

    The Finmatics-Software, including the Models, is operated in the data centers of Hetzner Germany and Microsoft Azure in Europe. We have concluded corresponding confidentiality and data protection agreements with these processors. It is ensured that no personal data or data subject to confidentiality obligations is disclosed to other Customers or processed for other purposes.

    At the end of the contractual relationship or at the instruction of a Customer, the Documents of the respective Customer can be removed from the Finmatics-Software. With the exception of backups and backup copies, personal data is therefore stored for no longer than the duration of the contractual relationship with the respective Customer.

  6. To whom is personal data passed on?

    Personal data is transmitted by us to the following recipients in the course of processing for the above-mentioned purposes and, if necessary, due to legal or official obligations:


    • To our affiliated companies

    • Service providers (especially IT service providers)

    • In case of cause to legal representatives, notaries, courts and administrative authorities

    • To banks and insurance companies if necessary

    Insofar as personal data is processed by our service providers (processors), we ensure that they only process this data within the scope of our contract and for the respective purposes mentioned above.

  7. Transfer to third countries

    If the above-mentioned recipients of personal data are located outside the EEA and the EU Commission has not determined that the country in question has an adequate level of data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses or otherwise in accordance with Articles 46, 47 or 49 GDPR.

  8. What rights do data subjects have in relation to data processing?

    Right to information

    If we process your personal data, you have the right to information about the processing purposes, the categories of data processed, the recipients of this data, the storage period, the rights to which you are entitled, the origin of the data and the existence of automated decision-making.

    Rectification and erasure

    You are entitled to request the rectification of incorrect or incomplete personal data concerning you. You are entitled to request the erasure of personal data concerning you, provided that the processing of the personal data is not lawful and there are no legal obligations on our part to prevent erasure.

    Restriction of processing

    You are entitled to request the restriction of the processing of your personal data in certain cases.

    Data portability

    You are entitled to request the transfer of the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to have the personal data transmitted directly from us to a controller, insofar as this is technically feasible.

    Right to object

    You have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation. If you object, we will no longer process personal data concerning you unless we can prove that our reasons for processing outweigh your interests. You can object to the use of your data for advertising purposes at any time; in this case, we will stop processing your data for advertising purposes.

    Withdrawal of consent

    You have the right to withdraw the consent to processing of your personal data at any time. This does not affect the legality of the data processing carried out up to this point in time.


    If you believe that the processing of your personal data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna (


[1] "According to Article 4(1) GDPR, "personal data" means any information relating to an identified or identifiable natural person.

(Last updated February 13, 2024)