Contact us
finAPI GmbH
Adams-Lehmann-Str. 44
80797 München
BaFin
Officially licensed and supervised by the German Federal Financial Supervisory Authority (BaFin).
Social Media
Data protection policy
1. Principles
Data protection and data security have always been a high priority for our contractual partners as well as for consumers for our company. That is why the protection of your personal data throughout our business processes is very important to us and is of particular concern to us. Respecting this personal right is a matter of course for us. In general, it is not necessary for you to provide personal data in order to use our website. In order for us to be able to provide our services, however, we may need: Your Personal Information. In doing so, we collect, process and use personal data insofar as this is legally permissible and necessary for the processing, or you have given your consent.
2. Name and contact details of the controller and the company data protection officer
As the responsible entity, we, finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich, take all legally required measures to protect your personal data. You can reach our company data protection officer at the above address, for the attention of the Data Protection Department, or by e-mail at datenschutz@finapi.io.
Purposes of data processing, legal bases and legitimate interests pursued by finAPI GmbH as well as categories of personal data and categories of recipients
3.1 Accessing our website
When you access our website, the browser used on your device automatically sends information to the server of our website and temporarily stores it in a so-called log file. We have no influence on this. The following information is also collected without your intervention and stored until it is automatically deleted:
- The IP address of the requesting internet-enabled device
- The date and time of access
- The name and URL of the retrieved file
- The website/application from which the access was made (referrer URL)
- The browser you are using and, if applicable, the operating system of your internet-enabled computer as well as the name of your access provider.
The IP address of your device and the other data listed above are used by us for the following purposes:
- Ensuring a smooth connection setup,
- To ensure a comfortable use of our website,
- Evaluation of system security and stability.
The data is stored for a period of 28 days and then automatically deleted. Furthermore, we use so-called cookies and tracking tools for our website. The exact methods involved and how your data is used for this purpose are explained in more detail in Chapter 7.
3.2 Data processing when using the contact forms for interested companies and contact forms in the context of marketing campaigns
We collect, process and use personal data insofar as this is necessary to process your request and to transfer it to our CRM systems.
The data processing serves the purpose of establishing contact and initiating a contract. The processing is carried out on the basis of Art. 6 (1) lit. b GDPR.
3.3 Data processing of media contacts
Personal data is collected, processed and used by us insofar as this is necessary to provide the information published by our company or the contact you have requested. We also use your data to inform you about company news by e-mail or telephone, for example to send press releases. When contacting us, we are guided by the relevance of our news and the thematic focus of your journalistic work.
3.4 Data processing of applicant data (e.g. when using our applicant form or at career fairs, etc.)
We collect, process and use personal data insofar as this is necessary to process your application and to contact you. In particular, the following categories of personal data are processed:
- Master and contact data (name, address, telephone, e-mail)
- Application documents (cover letter, CV, certificates, proof of qualifications)
- If applicable, other information you voluntarily provide
The processing of your personal data is carried out exclusively for the purpose of deciding on the establishment of an employment relationship.
In order to carry out the application process, it is necessary that the application documents are submitted within our company and, if applicable, for approval at group level in the final decision-making process at our parent company, Fabrick S.p.A.(Piazza Gaudenzio Sella 1, 13900 Biella, Italy) and possibly parent company of the Sella Group (Piazza Gaudenzio Sella 1, 13900 Biella, Italy). We only pass on personal data to those departments and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interest.
To optimize our applicant management, we work with the software solution from Personio SE & Co. KG, Seidlstraße 3, 80335 Munich to whom we transmit data necessary and legally permissible for the application process in accordance with Art. 28 GDPR. More information on the data protection of Personio can be found at www.personio.com/privacy-policy/.
3.5 Data processing for advertising purposes and market and opinion research
3.5.1 Advertising purposes of the finAPI
If you have concluded a contract with us or if we list you as an interested party, we process your address data and advertising selection criteria on the basis of Art. 6 (1) (a) or (f) of the GDPR in order to send you such information and offers from us and other companies. The newsletter may be sent by a shipping service provider. If you do not wish this, you can object to the use of your data for advertising purposes at any time.
3.5.2 Use of data for market and opinion research
We also process your data for market and opinion research. We use these exclusively anonymously for statistical purposes and only for finAPI. Your answers to surveys will not be shared or published with third parties. We do not store the responses from our surveys together with your email address or other personal data. You can object to the use of data for market and opinion research at any time in whole or for certain measures, without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the following contact details (e.g. e-mail, letter) is sufficient for this purpose. Of course, you will also find an unsubscribe link in every survey email.
3.5.3 Right of objection
You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich or to datenschutz@finapi.io is sufficient for this purpose.
If you object, the contact address in question will be blocked for further advertising data processing. We would like to point out that in exceptional cases advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time for advertisements and does not mean that we will not implement your objection. Thank you for your understanding.
4. Legal basis
finAPI processes personal data on the basis of the provisions of the General Data Protection Regulation (also with the help of service providers). The processing is carried out on the basis of consent pursuant to Art. 6 (1) (a) GDPR and on the basis of Art. 6 (1) (b) and (f) GDPR, insofar as the processing is necessary for the performance of a contract to which the data subject is a party, for the implementation of pre-contractual measures or for the initiation of an employment relationship or where the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party and is not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Processing operations that finAPI carries out within the framework of a legal obligation concerning it are carried out on the basis of Art. 6 para. 1 c) GDPR. On the basis of Art. 6 (1) (f) GDPR, we process your address data and advertising selection criteria in order to send you such information and offers from us and other companies. If you do not wish this, you can object to the use of your data for advertising purposes at any time. Consent can be revoked at any time to finAPI. This also applies to consents that were already given before the GDPR came into force. The withdrawal of consent does not affect the lawfulness of the personal data processed up to the time of withdrawal.
5. Categories of personal data
In the context of online enquiries from data subjects, we process the data required for this purpose. These include the following categories:
Personal data, such as surname, first name, date of birth, place of birth, address, as well as communication data and ID data.
5.2 In the context of data processing when using the contact forms for interested companies and contact forms in the context of marketing campaigns, we process the data required for this purpose. These include the following categories:
- Personal master data (title, first name, last name, address, functionary status in the company, company master data)
- Communication data
- Usage data
- Marketing data (e.g. consents)
5.3 In the context of applicant management, we process the following data:
- Personal master data (surname, first name, address)
- Communication data
- Other data from the application documents (e.g. enrolment certificates, certificates, information on marital status, etc.)
5.4 In the context of media contacts, we process the following data:
- Personal master data (surname, first name)
- Company data (medium, address)
- Communication data (e-mail address, telephone, department, position)
6. Categories of recipients of the personal data
Any information you provide to us by entering it on these websites will be stored on a server located in a country in the European Union (“EU”) and will be forwarded to the relevant bodies within the company to process your requests and requests. Service providers used by us may also receive data from us to fulfil the prescribed purposes. These can be, for example, companies in the categories of IT services, printing services, marketing, sales or telecommunications.
7. Online presence and website optimization
7.1 Tracking Tools and Cookies - General Information
Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. The cookie stores information that arises in connection with the specific end device used.
The use of cookies can be done without consent and requires consent. Consent-free cookies are those that are necessary to make use of our online offer or that serve IT security (necessary cookies). The legal basis for data processing is Article 6 (1) (f) GDPR. Cookies that require consent, on the other hand, serve on the one hand to make the use of our offer more pleasant for you (preference cookies). For example, we use cookies to recognize that you have already visited individual pages of our website or that you have already logged into your customer account. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your device for a certain fixed period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising optimizing our offer for you as well as to display information that is specifically tailored to you (marketing and statistical cookies). The legal basis for data processing for cookies requiring consent is Article 6 (1) (a) GDPR. This data includes, among other things, page views, length of stay, origin, country, etc. We analyse this statistical information in order to improve our offer and to check the acceptance of individual websites. Invisible GIFs are only used to position elements on the website. Other functions are not associated with the Invisible GIFs used. These cookies are stored by your browser and are usually deleted when you close the browser. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a notice always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website. The storage period of cookies depends on their purpose and is not the same for everyone.
We recommend that you always log out completely after completion of shared computers that are set to accept cookies.
The cookies we currently use are explained in more detail in the following section. You can manage the cookies yourself – HERE – quickly and easily and change your settings at any time.
7.2 Cookie consent with Consent Manager provider
Our website uses the cookie consent technology of Consent Manager Provider to obtain your consent to the storage of certain cookies on your device and to document them in compliance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, Website: www.cookiebot.com (hereinafter referred to as the “Consent Manager Provider”).
When you enter our website, a connection is established to the servers of Consent Manager Provider in order to obtain your consents and other declarations regarding the use of cookies. Consent Manager Provider then stores a cookie in your browser in order to be able to assign the consents granted or their revocation to you. The data collected in this way will be stored until you ask us to delete it, delete the consent manager provider cookie yourself, or the purpose for which the data is stored no longer applies. Mandatory statutory retention obligations remain unaffected.
The Consent Manager Provider is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c DSG Regulation.
7.3 Tracking for web analysis
With your consent, we use the web analysis tool Matomo for the analysis and statistical evaluation of the use of the website. Cookies are used for this purpose. The information obtained in this way about the use of the website is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the use of the website. The collected data will not be passed on to third parties.
The IP addresses are anonymized (IP Masking), so that it is not possible to assign them to individual users.
The processing of the data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. We are thus pursuing our legitimate interest in optimizing our website for our external presentation.
You can withdraw your consent at any time by deleting the cookies in your browser or changing your privacy settings.
8. Newsletters and communication via e-mail automation (e-mail services)
On our website, we offer you the opportunity to subscribe to our newsletter or to subscribe to e-mail automation lists, e.g. for communication within the framework of test accounts or orders. To register for these e-mail services, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm your registration. The purpose of this procedure is to provide proof of your registration and, if necessary, to be able to clarify any possible misuse of your personal data.
You can revoke your consent to the transmission at any time and unsubscribe from the e-mail services. You can declare your revocation by clicking on the link provided in each e-mail, by e-mail to contact@finapi.io or by sending a message to the contact details given in the imprint. Your data for the e-mail service will be deleted within 3 months after unsubscribing, provided that the deletion does not conflict with statutory retention obligations.
To send the e-mail services, we use the service Brevo via Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (hereinafter: Sendinblue). Sendinblue processes your data on our behalf on the basis of an agreement pursuant to Art. 28 GDPR. The email addresses of the recipients of our messages, as well as other information provided to us by the recipient, are located on Sendinblue’s servers in data centers in Germany and are subject to the data protection laws applicable there. Sendinblue uses this information to send and evaluate the messages on our behalf. In addition, Sendinblue may use this data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of targeted messages. However, Sendinblue does not use the data of the recipients of our messages to write to them themselves or to pass them on to third parties. For more information about data processing within the Sendinblue service, as well as the privacy policy, please visit: www.brevo.com/de/legal/privacypolicy.
9. Duration of data storage
In general, we only store your data for as long as is necessary for the respective purpose of data processing (e.g. the processing of your request or statutory retention periods).
We store the data collected for the execution of the contract until the expiry of the statutory or possible contractual warranty and guarantee rights. After this period, we will retain the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period (usually ten years from the conclusion of the contract), the data will be processed again only in the event of a review by the tax authorities.
The duration of data storage for advertising purposes does not follow rigid principles and is based on the question of whether the storage is necessary for advertising purposes. In addition, we follow the principle of deleting data for advertising use after 4 years after the end of the contract or after 4 years after the end of the marketing efforts. Advertising objections will not be deleted.
We store the data that we process as part of the recruitment process for up to 6 months after completion of the application process.
In particularly justified cases, we also store data for longer periods of time, for example if an authority requires it or if the data is needed for legal reasons, e.g. for evidence in court proceedings.
10. Recipients outside the EU
If we use service providers outside the EU or the European Economic Area (EEA), we take appropriate and suitable safeguards in accordance with Art. 44 et seq. GDPR to ensure a sufficient level of data protection when transferring personal data (e.g. conclusion of EU standard contracts, additional technical and organizational measures such as encryption or anonymization). Please note that despite careful selection and commitment of a service provider, it may process data outside the EU or EEA or be subject to a different jurisdiction due to its registered office and may therefore not provide an adequate level of data protection.
11. Your rights
11.1 Overview
In addition to the right to revoke the consent you have given to us, you are entitled to the following further rights if the respective legal requirements are met:
- Right to information about your personal data stored by us in accordance with Art. 15 EU GDPR,
- Right to correction of incorrect data or to completion of correct data in accordance with Art. 16 EU GDPR,
- Right to deletion of your data stored by us in accordance with Art. 17 EU GDPR,
- Right to restriction of the processing of your data in accordance with Art. 18 EU GDPR,
- Right to data portability in accordance with Art. 20 EU GDPR.
You can contact finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich, or by e-mail to datenschutz@finapi.io with your respective request. In addition, it is possible to contact the supervisory authority responsible for finAPI, the Bavarian State Office for Data Protection Supervision (BayLDA).
11.2 Right of objection
Under the conditions of Art. 21 (1) GDPR, data processing may be objected to for reasons arising from the particular situation of the data subject. The objection can be made in any form and must be addressed to finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich.
The above general right to object applies to all processing purposes described in this Privacy Policy, which are processed on the basis of Article 6 (1) (f) GDPR. In contrast to the special right of objection aimed at data processing for advertising purposes, we are only obliged to implement such a general objection under the GDPR if you provide us with reasons of overriding importance (e.g. a possible danger to life or health). In addition, it is possible to contact the supervisory authority responsible for finAPI, the Bavarian State Office for Data Protection Supervision (BayLDA).
12. Data security
All data transmitted by you personally is transmitted using the commonly used and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard that is also used in online banking, for example. You can recognize a secure SSL connection by the s appended to the http (i.e. https://…) in the address bar of your browser or by the lock symbol at the bottom of your browser.