Data Protection and Privacy Policy

I. Name and address of the person responsible

Fintiba GmbH
Wilhelm-Leuschner-Straße 29,
60329 Frankfurt am Main, Germany
Phone: +49 69 2043 426 20
E-Mail: privacy@www.fintiba.com
Website: http://www.fintiba.com

Is the responsible person in terms of the EU General Data Protection Regulation (GDPR) (German: EU-Datenschutz-Grundverordnung (DSGVO)) and other national data protection laws.

II. Name and address of the data protection officer

The data protection officer is:

AGOR AG
Hanauer Landstr. 151-153
60314 Frankfurt am Main, Germany
Phone: +49 (0) 69 – 9043 79 65
E-Mail: info@agor-ag.com
Website: http://www.agor-ag.com

III. General information on data processing

1. Scope of the processing of personal data

We only collect and use personal data of users of our homepage to the extent necessary to provide a functional website, our content and services.

In principle, our users’ personal data is only collected and used with their consent. An exception to this principle applies in cases where processing of data is permitted by law or where prior consent cannot be obtained for real reasons.

2. Legal basis for the processing of personal data

The legal basis for the processing of personal data basically results from:

• Art. 6 para. 1 lit. a GDPR if the data subject obtains consent.
• Art. 6 para. 1 lit. b GDPR in the case of processing for the performance of a contract to which the data subject is a party. This includes processing procedures that are required to carry out pre-contractual tasks.
• Art. 6 para. 1 lit. c GDPR in the case of processing required to fulfil a legal obligation.
• Art. 6 para. 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.
• Art. 6 para. 1 lit. f GDPR, if the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest.

3. Data deletion and storage time

Users’ personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Further storage may take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Use of our website, general information

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the user’s computer system. The following information is collected:

• Information about the browser type and version used
• The user’s operating system
• The IP address of the user
• Date and time of access
• Websites from which the user’s system reaches our website

The described data is stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Purpose and legal basis for data processing

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object.

3. Duration of storage

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.

If your data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, in which case the IP addresses of the users are deleted or alienated. This means that it is no longer possible to assign the calling client.

V. General information on the use of cookies

We use cookies on our website. Cookies are text files that are stored on the Internet browser or by the Internet browser on the user’s computer system. When you visit a website, a cookie may be stored on your operating system. This contains a characteristic character string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our homepage more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user’s devices and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDPA).

Please note that the legal basis for the processing of personal data collected in this context then results from the GDPR (Art. 6 para. 1 p.1 GDPR). The relevant legal basis for the processing of personal data in each specific case can be found below the respective cookie or the respective processing itself.

The primary legal basis for the storage of information in the end user’s device – consequently in particular for the storage of cookies – is your consent, Section 25 para. 1 p.1 TTDPA. Consent is given when you visit our website – although this does not have to be given, of course – and can be revoked at any time in the cookie settings.

Pursuant to Section 25 (2) No. 2 TTDPA, consent is not required if the storage of information in the end user’s device or access to information already stored in the end user’s device is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exemption of Section 25 (2) TTDPA and thus do not require consent.

The following data is stored and transmitted:

• Language settings
• Log-in information
• Session authentication data

The legal basis for the processing of personal data using cookies results from Art. 6 para. 1 lit. f GDPR. The purpose of using the technically necessary cookies is to simplify the usage of our website.

Please note that some functions of our website can only be offered using cookies. These are the following applications:

• Accepting language settings
• Session authentication data

We do not use user data collected by technically necessary cookies to create user profiles.

Cookies are stored on the user’s computer and transmitted to our site. As a user, you, therefore, have control over the usage of cookies. You can restrict or deactivate the transmission of cookies by making changes to the settings of your Internet browser. Stored cookies can also be deleted there. Please note that if you deactivate cookies, you may no longer be able to use all the functions of our website.

VI. Your rights/rights of the person concerned

Under the EU General Data Protection Regulation, you have the following rights.

1. Right of information

You have the right to receive information from us as the person responsible as to whether we process personal data that concerns you.

In addition, you may request the following information:

(1)          Purpose of data processing;

(2)          the categories of personal data processed;

(3)          the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;

(4)          the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5)          the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;

(6)          the existence of a right of appeal to a supervisory authority;

(7)          any available information on the origin of the data if the personal data are not collected from the data subject;

(8)          the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

Finally, you also have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. In this case, you can request information on the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

This right to information may be limited to the extent that it is likely to make it impossible or seriously impair the realisation of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

You can assert your right to information at: privacy@www.fintiba.com.

2. Right of correction

If the personal data we process is incorrect or incomplete, you have the right to correct and/or complete it. The correction shall be made immediately.

Your right to correction may be limited to the extent that it is likely to render impossible or seriously prejudicial the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

3. Right of restriction

The right to restrict the processing of personal data concerning you may be exercised in the following cases:

(1)          the accuracy of the personal data is disputed for a period of time which enables the person responsible to check the accuracy of the personal data;

(2)          the processing is unlawful, and the deletion of personal data will be refused and instead the restriction of the usage of personal data will be demanded;

(3)          the data controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the assertion, exercise or defence of legal claims, or

(4)          the data subject has filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh the reasons of the data subject.

If the processing of personal data concerning you has been restricted, apart from its storage, such data may only be processed with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

In case of a restriction of the processing according to the described principles, you will be informed by us before the restriction is lifted.

Your right to limitation of processing may be limited to the extent that it is likely to render impossible or seriously prejudicial the results of research or statistical purposes and the restriction is necessary for the fulfilment of research or statistical purposes.

4. Right of deletion

If the following reasons are given, you can request that the personal data concerning you be deleted immediately. The person responsible is obliged to delete this data immediately. The reasons are:

(1)          The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2)          The processing is protected by a consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and you revoke the consent. Another condition is that there is no other legal basis for processing.

(3)          You file an objection to the processing (Art. 21 para. 1 GDPR) and there are no overriding legitimate reasons for the processing. Another possibility is that you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.

(4)          The processing of personal data concerning you is unlawful.

(5)          The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.

(6)          The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

If we have made the personal data concerning you public and we are obliged to delete it pursuant to Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

We point out that the right of deletion does not exist if the processing is necessary

• to exercise freedom of expression and information;
• for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
• for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
• to assert, exercise or defend legal claims.

5. Right to be informed

If you have exercised your right to correct, delete or limit the processing, we will be obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed of these recipients.

6. Right to data transferability

According to the GDPR, you also have the right to receive the personal data provided to us concerning you in a structured, current and machine-readable format. Furthermore, you have the right to transmit this data to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

• the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
• processing is carried out using automated methods.

Finally, in exercising the right of data transferability, you have the right to have the personal data concerning you transferred directly from one data controller to another data controller, provided that this is technically feasible and does not impair the freedoms and rights of other persons.

The right of transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

7. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. We would like to point out that the revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until revocation.

8. Right of objection

Furthermore, for reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR. The right of objection also applies to profiling based on these provisions.

The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of this, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. In the event of an objection to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You may also exercise your right of opposition in connection with the usage of Information Society services (notwithstanding Directive 2002/58/EC) by means of automated procedures using technical specifications.

You also have the right to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR for reasons arising from your particular situation.

Your right of objection may be limited to the extent that it is likely to make it impossible or seriously impair the realisation of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

9. Automated decision in individual cases including profiling

Under the GDPR, you still have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect on you or significantly affects you in a similar manner. However, there is an exception to this principle if the decision

(1)          is necessary for the conclusion or performance of a contract between you and the person responsible,

(2)          is admissible by law of the Union or of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or

(3)          with your express consent.

If the data are processed in the cases referred to in (1) and (3), the data controller shall take appropriate measures to safeguard your rights, freedoms and legitimate interests. This includes at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.

The decision under (1) – (3) may not be based on special categories of personal data under Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies, and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

10. Right of appeal to a supervisory authority

Finally, if you consider that the processing of personal data concerning you infringes the GDPR, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of having infringed it.

VII. Data Transmission outside the EU

The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we, therefore, rely on European partners wherever possible when your personal data is being processed. Within some exceptions, we may process personal data outside the EU through third-party services. This may only be the case where the special requirements in accordance with Art. 44 et. seq. GDPR are fully met. This means that the processing of your data may then only take place when the third country has been declared to ensure an adequate level of protection by the European Commission or if the European Standard Contractual Clauses have been signed.

VIII. Newsletter

1. General Information

You can subscribe to a free newsletter on our homepage, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. The data that you enter in the input mask during registration will be transmitted to us.

We collect the following data on the basis of the consent obtained from you during the registration process: E-mail address, last name, first name, IP address of the calling computer, date and time of registration, browser user agent.

A passing on of your data in connection with the data processing for the dispatch of newsletters does not take place. The data will be used exclusively for sending the newsletter.

2. Double-Opt-In and logging

The registration for our newsletter takes place in a so-called double opt-in procedure. After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses.

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address.

3. Legal basis

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. The collection of the user’s e-mail address serves to send the newsletter.

4. Deletion, revocation and objection

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Your e-mail address, last name and first name will therefore be stored for as long as the subscription to the newsletter is active. You can cancel your subscription to the newsletter at any time by withdrawing your consent. For this purpose, there is a corresponding link in every newsletter.

We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the statutory provisions of Art. 21 GDPR. The objection may be lodged in particular against processing for direct marketing purposes.

5. Newsletter distribution platform

The newsletter is sent via “MailJet”, a newsletter mailing platform of Mailjet GmbH, registered office: Rankestr. 21, 10789 Berlin, Germany, office and postal address Berlin: c/o Mindspace, Friedrichstraße 68, 10117 Berlin, Germany.

The e-mail addresses of our newsletter recipients, as well as other data described in this notice, are stored in Mailjet’s secure data centers (Google Cloud Platform) located exclusively in the European Union (London, Frankfurt and Saint-Ghislain (Belgium) and also at OVH in Roubaix (France). Mailjet uses this information to send and evaluate the newsletter on our behalf. Furthermore, Mailjet may, according to its own information, use this data to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of newsletters or for economic purposes, in order to determine which countries the recipients come from. However, Mailjet does not use the data of our newsletter recipients to write them down or pass them on to third parties. All data is hosted on secure servers. The data is backed up daily and immediately written to several data carriers. In the event of an unforeseen event and system-wide emergencies, Mailjet can perform a full backup recovery. Mailjet also ensures that all e-mails with problems with their servers are sent via the queuing. In addition, their hardware is completely redundant, so that no data is lost even if a data carrier or server fails.

We trust in the reliability and IT and data security of Mailjet. Mailjet is GDPR compatible and thus commits itself to comply with EU data protection regulations. Mailjet offers the highest level of data protection and security (ISO 27001 certification). This ISO 27001 certification requires companies to implement not only company-wide processes related to security policies, data processing and access but also infrastructure changes.

We have also concluded a data processing agreement with Mailjet. This is a contract in which Mailjet undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection regulations and in particular not to pass them on to third parties. You can view Mailjet’s privacy policy here.

6. Statistical survey

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. For the evaluations, we link the data mentioned under point 1 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID.

With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests. We link this data to actions taken by you on our website.

You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of another contact method. The information is stored for as long as you have subscribed to the newsletter. After a cancellation, we store the data purely statistically and anonymously.

IX. Electronic contact

If you contact us, a contact form is available on our homepage, which you can use for electronic contact. The data entered in the input mask will be transmitted to us and stored. This data is:

• Email address
• First name
• Surname

At the time the message is sent, the following data is also stored:

• The IP address of the user
• Date and time of registration
• User agent of the browser

Furthermore, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored.

Your data will not be passed on to third parties in this context; the data will be used exclusively for processing the communication recording.

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b GDPR.

In this context, the processing of personal data serves solely to process the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

Should further personal data be processed during the sending process, these serve only to prevent misuse of the contact form and to ensure the security of our information technology systems.

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

You have the possibility to revoke your consent to the processing of personal data at any time. You can also object to the storage of your personal data at any time by contacting us by e-mail. However, we would like to point out that in such a case the conversation cannot be continued.

You have the right to request the deletion of your no longer required data at any time. Simply send a request by email to privacy@www.fintiba.com or by post to our address: Wilhelm-Leuschner-Straße 29, 60329 Frankfurt am Main.

All personal data stored in the course of contacting us will be deleted in this case.

X. Product Purchase

You have the possibility to register on our homepage by entering your personal data. The data is entered into an input mask, transmitted to us and saved. The following data is collected during the registration process and stored in connection with the user data in the event of a transaction and – depending on the completed product – transmitted to our partners Sutor Bank GmbH, Mawista GmbH (Mawista), DAK-Gesundheit and ias Internationale Assekuranz-Service GmbH:

Personal Information

• Salutation
• First name(s) as stated in passport
• Surname as stated in passport
• Maiden name
• Date of birth
• Place of birth
• Nationality
• Second nationality (if applicable)
• Country of birth
• Marital status
• Planned date of arrival in Germany
• How you heard about Fintiba
• Reason for stay
• Mobile number

Address

• Street
• House number / house number addition
• Postcode
• City
• Country

Tax questionnaire

• Possession of a US immigrant visa (Green Card)
• Extended stay in the USA during the current year, or plan to live in the USA while meeting the other requirements of the presence test
• Joint taxation with American spouse in the USA
• Tax liability in the USA

Questions about studies

• Planned start of studies
• University
• Preparation course yes/no
• End date of preparation course

Passport Data

• Passport upload
• Passport number
• Date of issue
• Expiry date
• Issuing country/region
• Do you currently have your passport?

Mandatory additional data

• Visa
• Startdatum des Visums
• Current account information (IBAN)
• TIN

Process Related Data 

• Fiktionsbescheinigung
• Residence Permit
• Visa rejection letter
• Passport selfie
• Source of funds
• Information about sender of funds

Data for Health Insurance Products (Type Dependant)

• Admission letter of the university
• Enrolment certificate
• Start date of semester
• Passport photo
• Employer (Company name)
• Employer address
• Contact email address of the employer
• Start date of working contract
• Income above or below 450€

DAK Health Insurance for Professionals

During the registration process you have the possibility to purchase the DAK health insurance for professionals. The difference to the DAK health insurance mentioned earlier is that different data points are requested from the customer and that a part of this data is sent to the employer to inform them about the successful application for health insurance.

The following data is requested throughout the registration process:

• Salutation
• First name(s)
• Surname
• Data of birth
• Place of birth
• Nationality
• Reason for stay in Germany
• Email address
• German address
• Passport Picture
• Employer address
• Employer email address
• Employer company name
• Start of employment contract
• Monthly income above or below 450€?

Ias Rent Deposit Guarantee

• Title of the landlord
• Name of the landlord
• Surname of the landlord
• Street of the landlord
• House number of the landlord
• City of residence of the landlord
• Post code of the landlord
• Email address of the landlord
• Contact number of the landlord
• Landlord firm (optional)
• Amount of the rent deposit
• Date when rental contract was signed
• Start date of rental contract
• Wished start date of rent deposit guarantee

Ias Liability insurance

• Wished start date of liability insurance

Blocked account for customers migrating from BAM! Bundesweites Anlagenmanagement UG

• BAM! Blocked account IBAN
• Status of blocking confirmation
• BAM! blocking confirmation (depending on the situation)
• Payout status
• Month of the first received payout (depending on the situation)
• Month at which the, at that time, last payment was received (depending on the situation)

Optional Data

• Interest on magazine subscription

Blocked account for Minors

On our website, you have the possibility to purchase a blocked account for minors, by entering your personal data, as well as the personal data of the minor for whom you are the legal guardian. The data is entered into an input mask, transmitted to us and saved. The following data is collected during the registration and product process and stored in connection with the user data in the event of a transaction and transmitted to our partner Sutor Bank GmbH.

Aside from the data requested during the registration, the following data is collected:

• Salutation
• First name(s)
• Surname
• Data of birth
• Place of birth
• Nationality
• Passport number
• Passport expiry date
• Reason for stay in Germany
• Planned date of arrival
• Visa start date
• Visa upload
• Optional: German IBAN

At the time of registration, the following data is also stored:

• Used app version
• The user’s operating system
• The IP address of the user
• Date and time of access
• Websites from which the user’s system reaches our website

During the registration process, we obtain your consent to the processing of these data, whereby the legal basis for the processing of your data is Art. 6 I 1 lit. b GDPR.

A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case for the data collected during the registration process if the registration on our website is cancelled or changed.

This is the case for those during the registration process to fulfil a contract or to carry out pre-contractual measures when the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Perpetual obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and the storage of data for tax purposes. Which storage periods are to be observed cannot be determined across-the-board, but must be determined on a case-by-case basis for the respective contracts and contractual parties concluded.

Our partners and we process and store your personal data as long as it is necessary for the fulfilment of contractual and legal obligations. It should be noted that the business relationship with the customer is generally a long-term debt relationship that is planned to run for several years. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their – limited – further processing is necessary for the following purposes:

Fulfilment of commercial and tax storage obligations: the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KwG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG), among others. The periods for storage and documentation specified there range from two to ten years.

According to §§ 195ff. of the German Civil Code (BGB), these periods of limitation can be up to 30 years, whereby the regular period of limitation is three years.

You have the possibility to adapt the registration on our homepage at any time.

You have the right at any time to request the deletion of your no longer required data or to close your account in accordance with the legal requirements. Simply send a request by email to privacy@www.fintiba.com or by post to our address: Wilhelm-Leuschner-Straße 29, 60329 Frankfurt am Main.

If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

XI. Usage of Onfido

1. We are using the services of Onfido Limited (Finsbury Avenue 3, EC2M 2PA London, United Kingdom) to verify your identity. For that purpose, you have to upload a picture of your passport, or travel document, or visa and of your face via the mobile integration of Onfido in our app. Your data and the uploaded facial picture will then be matched with the uploaded document and checked if they align. Additionally, Onfido checks whether the uploaded document has been registered as stolen, counterfeited, lost or compromised in any other way.This processing is done for the purpose of verifying your identity. The legal basis for the processing of your data are pre-contractual measures in accordance with Art. 6 I 1 lit. b GDPR because an unequivocal identification of your person is necessary to provide the services agreed upon in the contract.Additional information about how the data processing through Onfido works can be found here:https://onfido.com/privacy/.

XII. Usage of WebID

We are using the services of WebID Solutions GmbH (Friedrichstraße 88, 10117 Berlin), to legitimate you for your stay in Germany.

The Video-Ident method of this service provider allows you to identify yourself with your identity documents through a video-chat.

This processing is done for the purpose of your legitimation. The legal basis for are pre-contractual measures in accordance with Art. 6 I 1 lit. b GDPR because an unequivocal identification of your person and legitimation are necessary to provide the services agreed upon in the contract.

Additional information about the processing of your data through WebID can be found here: https://webid-solutions.de/privacy-policy/?lang=en.

XIII. Usage of Zendesk

We use the service Zendesk to process customer service requests. Zendesk is a software company from the USA (Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102) with a branch in Ireland. Contact: Zendesk, 1 Grand Parade, Dublin, Ireland. The German branch of the company can be reached at Zendesk Inc. at Rheinsberger Str. 73, 10115 Berlin. Zendesk is subject to the TRUSTe’s Privacy Seal.

For inquiries addressed to us, e.g. by e-mail, by calling our customer care, or by opening a chat, a ticket to the customer inquiry is created in Zendesk to simplify processing by our customer service. In order to be able to use the full extent of the functions, data such as e-mail address and name are queried. These data, as well as the IP address, are stored on servers of our software partner Zendesk. They can be used by us to contact visitors to our website to provide assistance and answers. All information we collect is subject to this privacy policy. We use all collected information exclusively for the purpose of customer support. Zendesk’s privacy policy can be found here. Further information can be found here.

XIV. Usage of Certainly

We use the services of the Danish provider Certainly (Certainly ApS, Trelleborggade 5, 2150 Copenhagen, Denmark) to answer common customer requests.

The integration will be shown to you as a chat window immediately when you visit our website. You are guided through a decision tree by answering standardised questions, to receive tailor-made solutions for your problem. You, furthermore, have the option to forward your request to us in written form. To do that, you have to provide your email address as well as a description of the problem which will then both be transmitted to us. In addition to that will the previously selected answer options be saved and transmitted to us. When choosing different decision paths, you moreover have the possibility to change selected personal data via a security query. The requested data differ based on your individual case. The following may potentially be requested and transmitted to us: Insurance data, date of arrival in Germany, passport data, email address and telephone number. All data is stored on the servers of Certainly in Europe.

The data is processed for the purpose of improving of response times to customers, answering customer requests and allowing customers to change data by themselves.

The processing of the data is done for the purpose of improving the usage, improving answer times of requests, and changing customer data. The legal basis for the processing of your data is Art. 6 I 1 lit. b GDPR, judged individually for the different application cases of Certainly.

Additional information about the processing of your data through Certainly can be found here: https://www.certainly.io/privacy.

XV. Transfer Providers

1. TransferMate

You have the possibility to carry out your payments through the service provider TransferMate (TransferMate, part of The Taxback Group, 14 St Stephens Green, Dublin 2, Ireland).

Your data will be transmitted to the service provider once you choose to transfer your payment via TransferMate. The data transmitted usually includes amount to transfer, title of customer, first name, last name, date of birth, email address, country of residence, current city, home address and customer ID number. For the processing of your payment, it is necessary that all this data is transmitted and is intended to confirm your identity for administering your payment instruction.

Legal basis for the processing of your data in connection with the fulfilment of a contract or pre-contractual measures is Art. 6 para 1 p. 1 lit. b GDPR.

Additional information about the processing of your data through TransferMate can be found here: https://www.transfermate.com/privacy-policy/

2. xCurrency

For Chinese customers, there is also the option to transfer the money through xCurrency of the service provider Travel Tao Ltd. (Room 311, Art Experience Center, Building 1 No. 100 Renashan Road, Hengqin New District, 519000, Zhuhai, China).

Your data will be transmitted to the service provider once you choose to transfer your payment via xCurrency. The data transmitted usually includes first name, last name, nationality, date of birth, place of birth, IBAN of blocked account, BIC, Amount to transfer, currency, fees, (potentially information that rent deposit guarantee was purchased), passport data: issue date, date of expiry, passport number and issuing authority, title of customer, first name, last name, date of birth, email address, country of residence, current city, home address and customer ID number. For the processing of your payment, it is necessary that all this data is transmitted and is intended to confirm your identity for administering your payment instruction.

Legal basis for the processing of your data in connection with the fulfilment of a contract or pre-contractual measures is Art. 6 para 1 p. 1 lit. b GDPR.

Additional information about the processing of your data through Travel Tao Ltd. can be found here: https://explorer.tratao.com/page/5b1dedd776d2441e9f422c65860aba45

XVI. Web Analytics

1. Usage of Google Analytics

This website uses Google Analytics, web analysis services of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your usage of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your usage of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.

The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

You may refuse the usage of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your usage of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personal, it will be excluded immediately, and the personal data will be deleted immediately.

We use Google Analytics to analyse and regularly improve the usage of our website. We can improve our offer and make it more interesting for you as a user. The legal basis for the usage of Google is Art. 6 para. 1 p. 1 lit. a GDPR.

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of Service:

https://policies.google.com/terms

Overview of Privacy Policy:

https://policies.google.com/

and Privacy Policy:

https://policies.google.com/privacy

2.  Usage of Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that allows advertisers to administer Website tags via a user interface. The Tag Manager tool in itself (which implements the tags) is a cookie-free domain, which collects no personal data. The tools triggers other Tags, which, under certain circumstances, collect data. Google Tag Manager does not access this data. If a deactivation has been done on domain or cookie level, it also applies for all tracking tags that have been implemented via the Google Tag Manager.

Legal basis for the usage of technical relevant cookies is the legitimate interest of the website operator according to Art. 6 para. 1 p. 1 lit. f GDPR.

Additional information can be found in the terms of use of the provider:

https://www.google.com/intl/de/tagmanager/use-policy.html.

3. Usage of Yandex

We are using Yandex.Metrica and YandexDirect on our website in form of web analysis services of Yandex LLC, 16 Lva Tolstogo str., Moscow, 119021, Russian Federation (www.yandex.com), to get insights into the usage of our website and to optimise it for the user.

Based on your consent to the statistical analysis of user behaviour for optimisation and marketing purposes, we are collecting, evaluating and saving pseudonymised visitor data with the help of Yandex.Metrica according to Art. 6 para. 1 p. 1 lit. a GDPR.

For the same purpose, pseudonymised user profiles can be generated based on this data. Yandex.Metrica is using so-called Cookies. These are small text files that are locally saved on the internet browser of the website visitor. These cookies serve the purpose to recognise the browser and so allow the more exact determination of statistical data. Furthermore, the data of the visitor’s IP-address is also collected. After collection it is immediately pseudonymised before being saved, to eliminate the possibility of personal references of that data.

The data that is generated through this cookie (including the pseudonymised IP-addresses) is transferred to the servers of Yandex in the Russian Federation and are saved there to ensure the above-mentioned interests.

The data that is collected via the Yandex-technology is, without the explicit consent of the affected party, at no point in time used to personally identify visitors of this website and is also not used to unite the personal data with the carrier of the pseudonym.

The collected data is kept for 1 year.

Additional information about the processing of your data can be retrieved from the data protection notice of Yandex

https://yandex.com/legal/confidential/?lang=en.

You can object to the processing of your data through Yandex by putting an Opt-Out Addon, which can be downloaded from the following website:

https://yandex.com/support/metrica/general/opt-out.xml.

4. Usage of HubSpot

We use HubSpot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.

These include, among other things:

• Email Marketing
• Contact management (e.g. user segmentation & CRM)

All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing.

HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500.

For more information on HubSpot’s privacy policy and other information from HubSpot regarding the EU privacy policy, please click here. More information about the cookies used by HubSpot can be found here and here.

5. Usage of Google Optimize (not in use)

We are using the analysis and optimization service “Google Optimize”, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (in the following referred to as “Google Optimize”).

We are using Google Optimize to increase attractiveness, content and functionality of our website, by showing new functions and contents to a percentage of our user base to statistically evaluate the change of use.

Google Optimize is a sub-service of Google Analytics.

Google Optimize used cookies that allow for optimization and analysis of the usage of our website. Usually, the data about the users of our website that is collected through these cookies is transferred to a google server in the USA and saved there. We are using Google Optimize with active IP anonymisation so that your IP-address is shortened. Google will use this information to evaluate the usage of our website, to compile reports about the optimisation tests and the website activity related to that, and to provide additional services related to the usage of our website and the internet for us. The legal basis for the processing of your data is a consent given, according to Art 6 para. 1 p. 1 lit. a GDPR, which you give upon entering our website.

You can prevent that cookies are saved by appropriately setting up your internet browser.

Furthermore, you can prevent the that the data about the usage of our website, which was generated through the cookie, is collected by google, as well as the processing of the data through google, by downloading and installing the following browser-plugin: https://tools.google.com/dlpage/gaoptout?hl=de.

Additional information about data collection and processing through Google can be retrieved from the data protection notice of google, which can be found here: http://www.google.com/policies/privacy.

6. Usage of Bing Ads

In our website we use technologies from Bing Ads (bingads.microsoft.com), which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft will set a cookie on your device if you have accessed our website via a Microsoft Bing ad. Microsoft Bing and we can see in this way that someone has clicked on an ad has been redirected to our website and has reached a previously defined target page (conversion page). We only see the total number of users who clicked on a Bing ad and were then redirected to the conversion page. Microsoft collects, processes and uses information about the cookie from which usage profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and are used to play advertisements. No personal information concerning the identity of the user is processed.

Legal basis for this processing of data is your consent according to Art. 6 para. 1 p. 1 lit. a GDPR.

If you do not want information about your behaviour to be used by Microsoft as described above, you can refuse the setting of a cookie required for this purpose – for example, using a browser setting that generally deactivates the automatic setting of cookies. You may also opt-out of the collection of data generated by the cookie and relating to your usage of the Site and the processing of such data by Microsoft by clicking on the following link: http://choice.microsoft.com/de–DE/opt–out. Further information on data protection and the cookies used at Microsoft and Bing Ads can be found on the Microsoft website https://privacy.microsoft.com/dede/privacystatement.

7. Usage of Baidu

On our website, we are using the web analysis services of Baidu Inc., Baidu Campus, No. 10 Shangdi, 10^th Street, Haidian District, 100085 Beijing, People’s Republic of China (www.baidu.com), to get insights into the usage of our website and to optimise it for the user.

Based on your consent to the statistical analysis of user behaviour for optimisation and marketing purposes, we are collecting, evaluating and saving pseudonymised visitor data with the help of Baidu according to Art. 6 para. 1 p. 1 lit. a GDPR.

For the same purpose, pseudonymised user profiles can be generated based on this data. Baidu is using so-called Cookies. These are small text files that are locally saved on the internet browser of the website visitor. These cookies serve the purpose to recognise the browser and so allow the more exact determination of statistical data. Furthermore, the data of the visitor’s IP-address is also collected. After collection it is immediately pseudonymised before being saved, to eliminate the possibility of personal references of that data.

The data that is generated through this cookie (including the pseudonymised IP-addresses) are transferred to the servers of Yandex in the Russian Federation and are saved there to ensure the above-mentioned interests.

The data that is collected via the Baidu-technology is, without the explicit consent of the affected party, at no point in time used to personally identify visitors of this website and is also not used to unite the personal data with the carrier of the pseudonym.

The collected data is kept for 18 years.

Additional information about the processing of your data can be retrieved from the data protection notice of Baidu

http://ir.baidu.com/baidu-statement-privacy-protection/.

 

XVII. Social Media

1. Integration of YouTube videos

We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in the following paragraphs be transmitted. We have no influence on this data transmission.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. You can also find out more about your rights and privacy settings there: https://policies.google.com/privacy?hl=en&gl=en

2. Integration of Google Maps

On this website, we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.

By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned under item IV of this declaration will be transmitted to Google. This is regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

For more information about the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. You will also find more information about your rights and privacy settings at https://policies.google.com/privacy?hl=en&gl=en.

3. Use of Google Adwords Conversion

We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

These advertising media are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on their computer has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies can therefore not be traced via the websites of Adwords customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the usage of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and the further usage of the data which are raised by the usage of this tool by Google and inform you therefore according to our knowledge: By the integration of AdWords conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

You can prevent participation in this tracking procedure in various ways:

a) by adjusting your browser software accordingly, in particular, the suppression of third-party cookies means that you will not receive any ads from third-party providers;

b) by disabling cookies for conversion tracking, by setting your browser to block cookies from the “www.googleadservices.com” domain,

https://www.google.de/settings/ads, which will be deleted when you delete your cookies;

c) by deactivating the interest-based ads of providers that are part of the “About Ads” self-regulation campaign via the link

http://www.aboutads.info/choices, this setting being deleted if you delete your cookies;

d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers under the link http://www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to use all functions of this offer in full.

Legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a GDPR.

Further information on data protection at Google can be found here:

http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org

4. Remarketing

Besides Adwords Conversion we use the application Google Remarketing. This is a process we would like to use to contact you again. This application allows you to see our advertisements after visiting our website when you continue to use the Internet. This is done by means of cookies stored in your browser, which are used to record and evaluate your usage behaviour when you visit various websites. This is how Google can determine your previous visit to our website. According to Google’s own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. According to Google, pseudonymisation is used for remarketing in particular.

5. DoubleClick by Google

This website continues to use the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, DoubleClick may use cookie IDs to collect conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and the further usage of the data collected by Google through the usage of this tool and therefore inform you according to our level of knowledge: By integrating DoubleClick, Google receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

You can prevent participation in this tracking procedure in various ways:

a) by adjusting your browser software accordingly, in particular the suppression of third-party cookies means that you will not receive any ads from third party providers;

b) by disabling cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain, https://www.google.de/settings/ads, which will be deleted if you delete your cookies;

c) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, this setting being deleted if you delete your cookies;

d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of this offer in full.

Legal basis for this processing of your data is Art. 6 para. 1 p. 1 lit. a GDPR.

Further information on DoubleClick by Google can be found at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as on data protection at Google in general: https://www.google.de/intl/en/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org

6. Facebook Custom Audiences/ Facebook-Pixel

The website also uses the remarketing function “Custom Audiences” of Facebook Inc. (“Facebook”). This allows users of the website to see interest-based advertisements (“Facebook ads”) when visiting the social network Facebook or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website more interesting for you.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the extent and further usage of the data collected by Facebook through the usage of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence, or that you have clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying information.

The process that is used here is Facebook Conversion. IP addresses are collected and transmitted. The data is processed for the purpose of improving targeted advertising control. Please note that tracking procedures enable the identification of the user via numerous websites.

The “Facebook Custom Audiences” function can be deactivated for logged in users at https://www.facebook.com/settings/?tab=ads#_ .

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR.

For more information about Facebook’s data processing, please visit

https://www.facebook.com/about/privacy.

You can dissent to the processing of your data at any time using this opt-out link: Opt-Out

(https://www.facebook.com/settings?tab=ads)

7. Usage of Referral Rock 

We use the services of Referral Rock Inc., 950 N Washington, Suite 404, Alexandria, VA 22314, USA, to give you the possibility to receive discounts on our products and services through referrals.

For this purpose, we process the first name, surname, customer number and email address of the Member. Aside from that, we are not processing any additional personal data. The clicks that are generated via the link of the Member or by usage of the code are anonymised and cannot be assigned to a natural person.

The data processing through cookies is done anonymised.

The legal basis for the processing of your data is a consent given, according to Art 6 para. 1 p. 1 lit. a GDPR, which you give before generation of the referral link as well as Art. 6 para. 1 p. 1. lit. b GDPR for the contract we conclude with the Referral.

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

Additional information can be retrieved from the data protection notice of Referral Rock, which can be found here: https://referralrock.com/privacy/.

8. Partner Programme

In the context of our online presence, we offer a partner programme to our Agents. After successful application and approval of the application, the Agent receives a link which they can place on their websites, platforms or online services to create a direct reference to our products and services.

A cookie that assigns an ID to the clicking person is created once a visitor clicks the agent’s link in their online presence. The ID pseudonymised.

Purpose of this data processing is to create additional value for the Agent when they refer customers via their personalised link and to increase the reach of our products and services.

The legal basis for the processing of personal data is Art. 6 para. 1 p. 1 lit. b GDPR.

9. Usage of Trustpilot

We use the Truspilot rating portal, which is operated by Trustpilot A/S, Pilestraede 58, 5th Floor, 1112 Kopenhagen, Denmark. The portal gives customers the opportunity to rate the services they used of us via an independent provider. This enables us to continuously improve our services and, in individual cases, to resolve customer concerns directly.

After using our service, you will receive an email generated by us with an invitation link. This link will take you to the evaluation form. To generate this individual link, your surname, first name and your email address are transmitted to Trustpilot. The rating will then be deposited with Trustpilot, independently from our services.

In order to use the rating portal, it is necessary to create a user profile at Trustpilot. With this profile, you can rate not only our company but also all other companies that use the service. When you click on the link in the email and submit a rating via it, after accepting the terms of service of Trustpilot, a user profile is automatically created for you by entering your personal data (name and email address for verification). In the context of this, the data protection provisions and the general terms and conditions of Trustpilot apply: https://uk.legal.trustpilot.com/forreviewers/end-user-privacy-terms

The submission of a rating is voluntary.

By placing an order via our website / by using our services, you consent to the transmission of your data to Trustpilot for the aforementioned purposes in accordance with Art. 6 Para. 1 lit. a GDPR.

XVIII. Social Media Presence

We maintain fan pages within various social networks and platforms with the aim of communicating with active customers, interested parties and users and informing them about our services there.

We point out that your personal data may be processed outside the European Union, so that risks may arise for you (for example in the enforcement of your rights under European / German law).

User data is usually processed for market research and advertising purposes. Thus, for example, user profiles can be created from the user behaviour and the resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users.

For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to these).

The processing of users’ personal data is carried out on the basis of our legitimate interests in effective user information and communication with users pursuant to Art. 6 para. 1 lit. f. GDPR. If the users are asked by the respective providers for consent to data processing (i.e. to give their consent e.g. by ticking a checkbox or confirming a button), the legal basis of processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

Further information on the processing of your personal data as well as on your possibilities of objection can be obtained from the links of the respective provider listed below. The assertion of information and further rights of the persons concerned can also take place vis-à-vis the providers, then only have direct access to the data of the users and have the corresponding information at their disposal. Of course, we are available for further inquiries and support you, if you need help. Providers:

Facebook 

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy:

https://www.facebook.com/about/privacy/

Opt-Out:

https://www.facebook.com/settings?tab=ads

and

http://www.youronlinechoices.com.

Instagram 

Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA Privacy Policy/ Opt-Out:

http://instagram.com/about/legal/privacy/.

Twitter 

Twitter Inc, 1355 Market Street, Suite 900, San

Francisco, CA 94103, USA

Privacy Policy:

https://twitter.com/de/privacy

Opt-Out:

https://twitter.com/personalization.

Google/ YouTube 

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

Privacy Policy:

https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated.

LinkedIn 

LinkedIn Ireland Unlimited Company Wilton Place,

Dublin 2, Ireland

Privacy Policy:

https://www.linkedin.com/legal/privacy–policy

Opt-Out:  www.linkedin.com/psettings/guestcontrols/retargeting–opt–out.