In the following we inform you about what personal data according to the General Data Protection Regulation (GDPR) concerning you we collect and process in connection with the use of our service finpair and the associated website www.finpair.de and https://platform.finpair.de and about the purposes of this processing.
Personal data are any data that identify you or make you identifiable, such as your email address, your name or other individual identifiers. For further details, please refer to the definitions in Art. 4 GDPR.
1. Controller within the meaning of the GDPR
Name: finpair GmbH
Address: Friedrichswall 10, 30159 Hanover, Germany
Email address: email@example.com
2. Data protection officer
3. Processing operations and purposes
We only collect personal data that are required for the purposes below and only process them for those purposes. Personal data will only be processed in accordance with legal regulations. There is no automated decision-making (Art. 22 GDPR) on our website and in finpair.
3.1 Processing of personal data during the use of the website www.finpair.de
When you use the website www.finpair.de we will process personal data transferred by your browser to our servers. We process that data on the basis of our legitimate interest to display the website to you and ensure stability and security of the website (Art. 6 para. 1 lit. f GDPR).
When you access our website we process the following categories of data:
(a) IP address
(b) Date and time of the visit
(c) Time zone difference to GMT
(d) Specific site of the visit
(e) Access status or http status code
(f) Transmitted data volume
(g) Website that made the request
(h) Browser type
(i) Operating system and its interface
(j) Language and version of the browser
3.2 Processing of personal data when you contact us
If you contact us we will process the data you provided to us (e.g. your email address or phone number) to respond to your request, for example if you have specific questions or require general information about our services (Art. 6 para. 1 lit. f, or if this is done in relation to the conclusion of a contract, Art. 6 para. 1 lit. b GDPR).
3.3 Processing of personal data during the use of the platform finpair
If you open a personal account on our website in order to use the service, we process your personal data to carry out pre-contractual measures or to be able to fulfill our contractual obligations towards you, or to be able to render the desired services (Art. 6 para. 1 lit. b GDPR). The legal basis for the collection and processing of personal data on the basis of obligations according to Secs. 4, 8, 11 of the Money Laundering Act (GwG) is Art. 6 para. 1 lit. c GDPR.
In this context, we process the following categories of data:
(b) Represented company
(c) Email address, phone and fax number, business address
(d) Capacity of Issuer or Investor and associated authorization to act, subscribe, read and write
(e) Data for legitimization and identification test
(f) Information related to contracts, documents and financial resources
If you visit our website we store cookies on your computer. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using. This will transfer the information contained in the cookie to the person who set the cookie. However, we will not receive any direct information about your identity.
Most browsers accept cookies automatically. Session ID cookies will be automatically deleted if you close your browser. Other cookies are stored for a longer period on your device and deleted automatically after a specified time. You can, however, configure your browser so that no cookies are stored on your computer and delete cookies that have already been stored in your browser settings. Please note that after completely deactivating cookies it may not be possible to use all of the functionality of our website.
The processing of technical necessary cookies is required to protect the legitimate interests according to Art. 6 para. 1 lit. f GDPR.
We use the following cookies on our website:
This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode. (Expires: 7 days)
Used by content-network Cloudflare, to identify trusted web-traffic. (Expires: 29 Days)
Part of Cloudflares services - including loadbalancing, content delivery and domain-name-services for website owners. (Expires: Session)
finpair uses this cookie to cache explicitly selected language. Usually the preferred languange is determined from browser settings. (Expires: 1 Hour)
Consent banner cookies
The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). (Expires: 13 months)
This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. It contains an opaque GUID to represent the current visitor. (Expires: 13 months)
This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. (Expires: 30 minutes)
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. (Expires: End of session)
You can delete any cookies from this website at any time: delete.
5. Forwarding the data to third parties/recipient of personal data
We will not forward the above data to third parties, except for the cases described below. Otherwise we will inform you in time about data transfers in accordance with legal requirements.
5.1 Cloud provider
We use Google Cloud Platform (GCP) and Amazon Web Services (AWS) as processor for data hosting. The data will be stored solely in a data center with location in the European Union.
We use the provider Google LLP, 1600 Amphitheatre Parkway, Mountain View, California, U.S.. We carry out every transmission of personal data in compliance with the conditions laid down in Art. 44–50 GDPR as well as with all other provisions of the GDPR, in order to ensure that the level of protection for natural persons guaranteed by the GDPR is maintained.
You can find further information under: https://cloud.google.com/security/privacy/.
We also use the provider Amazon Web Services, EMEA SARL., 38 avenue John F. Kennedy, L-1855, Luxemburg. We carry out every transmission of personal data in compliance with the conditions laid down in Art. 44–50 GDPR as well as with all other provisions of the GDPR, in order to ensure that the level of protection for natural persons guaranteed by the GDPR is maintained.
You can find further information under: https://aws.amazon.com/compliance/data-privacy/.
We use HubSpot for our online marketing activities and customer service as processor. This is an integrated software solution to contact the users of our services and improve the services of our company. For this purpose, we store, process and assess information (e.g. IP address, browser type, duration of the visit, accessed site) on servers of our software partner HubSpot. For this purpose we use web beacons and store cookies on your computer. Specifically, we use HubSpot for the following purposes:
(a) Email marketing (newsletter and automated mailings)
(b) Social Media Publishing & Reporting
(c) Analytics (e.g. traffic sources, accesses)
(d) Contact management (e.g. user segmentation & CRM), user support
(e) Registration and contact forms
The provider HubSpot, 25 First Street, 2nd Floor, Cambridge, MA 02141, is a software company from the U.S. with a branch in Ireland (contact: HubSpot, Inc., European Headquarters, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500). We carry out every transmission of personal data in compliance with the conditions laid down in Art. 44–50 GDPR as well as with all other provisions of the GDPR, in order to ensure that the level of protection for natural persons guaranteed by the GDPR is maintained.
We use Mailgun (Mailgun Technologies, Inc. 548 Market St. # 43099 San Francisco, CA 94104) as a processor for sending e-mails. This is a solution to get in touch with users of our services and to improve the performance of our company. For this purpose, we process information (i.e. name, email) through Mailgun. Specifically, we use Mailgun for the following purposes:
– process-related e-mails (marketing starts, information on incoming or answered questions, payment requirements)
We carry out every transmission of personal data in compliance with the conditions laid down in Art. 44–50 GDPR as well as with all other provisions of the GDPR, in order to ensure that the level of protection for natural persons guaranteed by the GDPR is maintained.
6. Public Bodies
In some cases, we might be ordered to transmit data to a competent authority, if and to the extent that a particular statute obligates us to do so (Art. 6, para. 1 lit. c GDPR).
7. Security Measures
Taking into account the state of the art, the costs of implementation, and the type, scope, circumstances, and purposes of processing as well as the varying likelihood of materialization and severity of the risk to your rights and freedoms, in accordance with Art. 32 GDPR we implement appropriate technical and organizational measures in order to ensure a level of protection appropriate to the risk.
8. Duration of the storage of your data
We store your data only for as long as they are required to achieve the respective processing purpose, and we erase them subsequently. Otherwise, we restrict processing if we are obliged to do so, e.g. by statutory regulations, and if we are prohibited from erasing the data. The data will be stored for a longer period if further statutory, legal or contractual retention periods exist. This includes the commercial (Sec. 257 HGB (German Commercial Code)) and tax law (Sec. 147 AO (German Fiscal Code) retention periods for the data categories stipulated there. Data for the fulfillment of a contract, for the implementation of pre-contractual measures or for handling your requests will be stored for as long as they are needed to implement the respective purpose or to meet contractual or legal obligations. Data might be stored for longer periods if this is required to assert, exercise or defend legal claims.
9. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which we process on the basis of our legitimate interests according to Art. 6 para. 1 lit. f GDPR, including profiling that is based on those provisions. In this case, we shall no longer process your personal data unless there are compelling legitimate grounds, which override your interests, rights and freedoms, or the processing serves the establishment exercise or defense of our legal claims.
You can object to the processing of personal data concerning you for purposes of direct marketing, including any associated profiling at any time.
10. Your rights
You also have the following rights toward us regarding personal data concerning you:
(a) the right to access to your data processed by us including the purposes of processing,
(b) the right to have incorrect personal data rectified,
(c) the right to have your personal data erased ("right to be forgotten"),
(d) the right to have the processing of your personal data restricted,
(e) the right to receive a copy of your personal data in a structured, commonly used and machine-readable format if their processing is based on your consent or these data are processed with regard to a contractual relation with you ("right to data portability").
(f) the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.
You can assert those rights via email to firstname.lastname@example.org or by mail to finpair GmbH, Friedrichswall 10, 30159 Hanover.