Privacy policy

I. Name and contact details of the person responsibleName und Kontaktdaten des Verantwortlichen

The person as defined by General Data Protection Regulation (GDPR), other national data protection laws of the EU member states and other data protection regulations is:

Finatycs GmbH
Friedrichstrasse 171
10117 Berlin
Germany

E-mail: info@finatycs.de

Upon request, we will provide you with information about the data stored about you free of charge and immediately. To request this information, please write to the postal or e-mail address specified above with the subject: “Data protection request”.

Our website can usually be used without providing any personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission on the Internet (for example when communicating via e-mail) can involve security vulnerabilities. Complete protection of the data against being accessed by third parties is not possible.

The use of contact details published as part of our obligation to provide a legal notice by third parties to send unsolicited advertising and information material is hereby expressly prohibited. The site operators expressly reserve the right to take legal action in the event of receiving unsolicited advertising such as spam e-mails.

Below you will find information on the type, scope and purpose of the collection, processing and use of personal data.

II. General information on data processing

1.

Scope of processing of personal data

In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the user's consent. An exception applies in cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

2.

Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) GDPR serves as the legal basis for the processing of personal data.

Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first interest, Article 6 (1) (f) GDPR serves as the legal basis for the processing.

3.

Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been stipulated by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or erased if a storage period stipulated in the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4.

Security

We take all reasonable precautions to keep your personal information secure and require any third party that handles or processes your personal information on our behalf to do the same. Access to your personal information is restricted to prevent unauthorized access, alteration or misuse. Our employees and people working for our company may only access this information to the extent necessary to carry out their tasks.

5.

Links

We cannot be held responsible for the content of other websites that you can access via a link from our website.

III. Rights of the data subject

1.

Rights of the data subject

If your personal data is processed, you are the "data subject" as defined by the GDPR and you have the following rights vis-à-vis us as the person responsible. You can exercise your rights by contacting us and stating your request.

2.

Right of access

You have the right to obtain information about your personal data stored by us in accordance with Article 15 GDPR.

3.

Right to rectification

You have the right to have incorrect data corrected or correct data completed in accordance with Article 16 GDPR.

4.

Right to restriction of processing

Every person affected by the processing of personal data has the right to demand that the person responsible restrict the processing if one of the conditions specified by the legislator in Article 18 (1) GDPR is met.

5.

Right to erasure

If the legal requirements are met, you can request the erasure or restriction of processing and object to the processing of your personal data (Articles 17, 18 and 21 GDPR).

6.

Right to data portability

If you have consented to the data processing and the data processing is carried out using automated procedures, you may have a right to data portability (Article 20 GDPR).

7.

Right to notification

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the person responsible, the latter is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be notified about these recipients by the person responsible.

8.

Right to object

Every person affected by the processing of personal data has the right to object to the processing of personal data relating to them, which is based on Article 6 (1) (e) or (f) GDPR, on grounds relating to their particular situation at any time. This also applies to profiling based on these provisions.

In the event of objection, our company will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

9.

Right to revoke the declaration of consent under data protection law

Any person affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time. You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

10.

Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

IV. SSL encryption

For security reasons and to protect the transmission of confidential content, for example the inquiries that you send to us as the site operator, this website uses SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and a lock symbol is displayed in your browser line. If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.

V. Provision of the website and creation of log files

1.

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the computer accessing the website.

This data is also stored in the log files of our system. It is not, however, stored together with other personal data of the user.

You can request a list of the data designations from us if required.

2.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. We additionally use the data to optimize the website and to ensure the security of our information technology systems.

3.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6 (1) (f) GDPR.

4.

Duration of storage

The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible.

5.

Possibility of objection and removal

The collection of the data for the provision of the website and the storage of the data in log files are absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

VI. Use of cookies

1.

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The user data collected by technically necessary cookies is not used to create user profiles.

You can request a list of the data designations of the data stored in these cookies from us if required. In addition, your browser usually offers you the option of directly viewing the data stored in the cookies.

2.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.

3.

Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our site. As a user, you therefore also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

4.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. These functions require the browser to be recognized even after a page change. You can request a list of the applications for which we require cookies directly from us. The user data collected by technically necessary cookies is not used to create user profiles. Our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR also lies in these purposes.

VII. Contact via e-mail / mail

1.

Description and scope of contact

If contact is made via the e-mail address provided on our website or via mail, your details will be processed for the purpose of processing the contact request.In this context, it does not involve any transfer of data to third parties.

2.

Purpose of data processing

If you contact us via e-mail, the required legitimate interest in processing the data applies.

3.

Legal basis for data processing

The legal basis for the processing of data transmitted in the course of a contact request or e-mail, letter or fax is Article 6 (1) (1) (f) GDPR. The person responsible has a legitimate interest in the processing and storage of the data to be able to answer user inquiries, to preserve evidence for liability reasons and, if necessary, to be able to comply with its legal storage obligations for business correspondence. If the aim of the contact is to conclude a contract, the additional legal basis for processing is Article 6 (1) (1) (b) GDPR.

4.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent via e-mail, this is the case when the respective conversation with the user has ended. This is to be assumed if it can be inferred from the circumstances that the facts in question have been finally clarified.

5.

Possibility of objection and removal

You can object to the storage of your personal data at any time. If you do so, however, the conversation cannot be continued. All personal data that was saved in the course of making contact will be deleted in the case of objection.

VIII. Applicant data

1.

Purpose of data processing

If you send us your application, we will process the data sent to us to fulfill our (pre-)contractual obligations as part of the application process. If your application is successful, we will process the data for the purpose of carrying out the employment relationship.

2.

Legal basis for data processing

The legal basis is Article 6 (1) (b) GDPR and Section 26 of the German Federal Data Protection Act (BDSG). If you voluntarily transmit special categories of personal data to us, for example data concerning your health or religious affiliation, the legal basis is also Article 9 (2) (b) GDPR.

3.

Duration of storage

If your application is unsuccessful, we will delete your data after six months at the latest. The storage until then takes place to answer any questions about the application process and to fulfill our obligation to provide evidence as stipulated in the German General Equal Treatment Act (AGG). If you withdraw your application, we will delete your data immediately.

IX. Presence in social media

1.

Description and scope of presence

We maintain profiles and fan pages on social media in order to communicate with connected and registered users and inform them about our products, offers and services. The US-based providers are certified in accordance with the so-called Privacy Shield. They are therefore required to comply with European data protection laws. When you use and access our profile on a social network, the privacy policy and the terms and conditions of use of the respective network apply.

Our website contains links to the social networks Instagram, XING and LinkedIn. The link is marked by the corresponding logo. If you click on one of these logos, your browser will establish a direct connection with the servers of the corresponding social network.

Please note that as the provider of this website, we acquire no knowledge of the content of the data transmitted or the use of this data by Instagram, XING and LinkedIn.

2.

Purpose of data processing

We process the data you send us via these networks to communicate with you and answer messages you send us on these networks.

3.

Legal basis for data processing

The legal basis for the processing of personal data is our legitimate interest in communicating with the users and our public image for the purpose of advertising pursuant to Article 6 (1) (1) (f) GDPR. If you have granted the controller of the social network your consent to process your personal data, the legal basis is Article 6 (1) (1) (a) and Article 7 GDPR.

4.

Possibility of objection and receiving information

You can find the privacy policies and the information and objection (opt-out) options of the corresponding networks at:

• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy / Opt-Out: http://instagram.com/about/legal/privacy/

• XING (XING AG, Dammtorstrasse 29–32, 20354 Hamburg, Germany) - Privacy Policy / Opt-Out: https://privacy.xing.com/en/privacy-policy

• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-Out: https://www.linkedin.com/legal/cookie-policy, Privacy Shield of the US-based company LinkedIn Inc.: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

X. Internet presence

1.

Webflow

We host our website at Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as “Webflow”). When you visit our website, Webflow collects various log files including your IP address. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are required to display the site in order to provide certain website functions and to ensure security (necessary cookies). Details can be found in Webflow's EU & Swiss Privacy Policy (https://webflow.com/legal/eu-privacy-policy). Webflow is used on the basis of Article 6 (1) (f) GDPR. We have a legitimate interest in our website being displayed as reliably as possible. If corresponding consent was requested, the processing takes place exclusively on the basis of Article 6 (1) (a) GDPR and Section 25 (B) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) with regard to device fingerprinting. The consent can be revoked at any time. The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found in the Webflow EU & Swiss Privacy Policy.

We have concluded an commissioned data processing contract with the above-mentioned provider. This is a contract that is required by data protection law and ensures that the personal data of visitors to our website is only processed according to our instructions and in compliance with the GDPR.

Commissioned data processing:The application of CDN – a CDN distributes your files throughout data centers worldwide, then delivers them to visitors via the data center that is closest to them. This means snappy page loads for all your visitors, worldwide. Of course, we wanted to make sure your website loads as fast as possible for people across the globe, so we took it a step further by using not one, but three CDNs:

• Fastly
• Amazon Web Services (AWS)
• Cloudflare

2.

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA(hereafter Hubspot CRM).

Hubspot CRM enables us, among other things, to manage existing and potential customers and customercontacts, to communicate with you and to plan and execute marketing activities in line with your interests.
Hubspot CRM enables us to capture, sort and analyze customer interactions via email, social media, or phoneacross multiple channels. The personal data collected in this way can be evaluated and used forcommunication with the potential customer or marketing measures (e.g., newsletter mailings). HubspotCRM also enables us to collect and analyze the user behavior of our contacts on our website.
The use of Hubspot CRM is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication. If appropriate consent has beenobtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG,insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g.,device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

For details, please refer to Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.
Data transmission to the US is based on the standard contractual clauses of the EU Commission. Details canbe found here: https://www.hubspot.de/data-privacy/privacy-shield.

3.

Commissioned data processing

The application of CDN – a CDN distributes your files throughout data centers worldwide, then delivers them to visitors via the data center that is closest to them. This means snappy page loads for all your visitors, worldwide. Of course, we wanted to make sure your website loads as fast as possible for people across the globe, so we took it a step further by using not one, but two CDNs:

• Fastly
• Amazon Web Services (AWS)
• Cloudflare

XI. Changes to our Privacy Policy

We reserve the right to adapt this Privacy Policy so that it always corresponds to the current legal requirements or to implement changes to our services in the Privacy Policy, for example when introducing new services. The new Privacy Policy will then apply next time you visit our website.