Data protection policy

1. Principles

Data protection and data security for our contractual partners as well as for consumers have always been a high priority for our company. The protection of your personal data during our entire business processes is very important to us and a special concern. Respecting this personal right is a matter of course for us. In general, it is not necessary for you to provide personal data in order to use our website. However, we may need your personal data in order for us to be able to provide certain services. In doing so, we collect, process and use personal data insofar as this is legally permissible, is necessary, and you have consented for us to do so.

2. Name and contact details of the controller and the company data protection officer

As the responsible body, we, finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich, take all legally required measures to protect your personal data. Our company data protection officer can be reached at the data protection department at the above address, or by e-mail at dataprotection@finapi.io.

3. Purposes of data processing, legal basis and legitimate interests pursued by finAPI GmbH as well as categories of personal data and categories of data recipients

3.1 Calling up our website

When you access our website, the browser used on your device automatically sends information to the server of our website where it is temporarily stored in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion:

The IP address of your device and the other data listed above are used by us for the following purposes:

The data is stored for a period of 28 days and then automatically deleted. Furthermore, we use so-called cookies and tracking tools for our website. The exact procedures involved and how your data is used for this purpose are explained in more detail below (see 7).

3.2 Data processing when using the contact forms for interested companies & contact forms in the context of marketing campaigns

Personal data is collected, processed and used by us to the extent necessary to process your request and to transfer it to our CRM systems.

 

The data processing serves the purpose of establishing contact and initiating a contract. The processing is based on Art. 6 (1) (b) of the EU General Data Protection Regulation (GDPR).

3.3 Data processing of media contacts

Personal data is collected, processed and used by us insofar as this is necessary to provide the information published by our company or to contact you as requested. We also use your data to inform you about company news by mail or telephone, for example, to send press releases. When we contact you, we are guided by the relevance of our message and the thematic focus of your journalistic work.

3.4 Data processing of applicant data (e.g. when using our applicant form or at career fairs, etc.)

Personal data is collected, processed and used by us to the extent necessary to process your application and to contact you as requested. We pass on your personal data within our company only to persons who require this data to fulfill contractual and legal obligations or to implement our legitimate interests. To optimize our applicant management, we work with the software solution of Coveto ATS GmbH, to which we transfer data that is necessary and legally permissible for the applicant process in accordance with Art. 28 GPDR. You can find more information about Coveto’s data protection at www.coveto.de/datenschutz.

3.5 Data processing for advertising purposes and market and opinion research

3.5.1 Advertising purposes of finAPI

Insofar as you have concluded a contract with us, or we manage you as an interested party, we process your address data and criteria of advertising selection on the basis of Art. 6 (1) (a) and (f) of the GDPR in order to send you such information and offers from us and other companies. The newsletter may be sent by means of a shipping service provider. If you do not want this, you can object to the use of your data for advertising purposes at any time.

3.5.2 Data use for market and opinion research

We also process your data for market and opinion research. We use this exclusively in anonymized form for statistical purposes and only for finAPI. Your answers in surveys are not passed on to third parties or published. We do not store the answers from our surveys together with your e-mail address or other personal data. You can object to the use of data for market and opinion research at any time, either in full or for specific measures, without incurring any costs other than the transmission costs of your message to us. A notification in text form (e.g. e-mail, letter) to finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich or to dataprotection@finapi.io is sufficient for this purpose. Of course, you will also find an unsubscribe link in every survey e-mail.

3.5.3 Right of objection

You may object to the use of your personal data for advertising purposes at any time, either in whole or in part, without incurring any costs other than the transmission costs of your message to us. A notification in text form to finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich or to dataprotection@finapi.io is sufficient for this purpose.

If you object, the contact address concerned will be blocked from further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is due to the lead time necessary for advertising campaigns, especially via post, and does not mean that we will not implement your objection. Thank you for your understanding.

4. Legal basis

finAPI processes personal data on the basis of the provisions of the GPDR (also with the help of service providers). The processing is carried out on the basis of consents pursuant to Art. 6 (1) (a) GPDR as well as on the basis of Art. 6 (1) (b) as well as (f) GPDR, insofar as the processing is necessary for the completion of a contract to which the data subject is a party; or for the implementation of pre-contractual measures; or insofar as the processing is necessary for the protection of our legitimate interests or those of a third party or the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, are not overridden. Data processing operations carried out by finAPI in the context of a legal obligation are carried out on the basis of Art. 6 (1) (c) GPDR. On the basis of Art. 6 (1) (f) GPDR, we process your address data and advertising selection criteria in order to send you information and offers from us and other companies. If you do not wish this, you can object to the use of your data for advertising purposes with us at any time. Consents can be revoked at any time vis-à-vis finAPI. This also applies to consents that were already given before the GPDR came into force. The revocation of consent does not affect the lawfulness of the personal data processed until the revocation.

5. Categories of personal data

Personal data, for example surname, first name, date of birth, place of birth, address as well as communication data and identification data.

Personendaten, zum Beispiel Name, Vorname, Geburtsdatum, Geburtsort, Anschrift sowie Kommunikationsdaten und Ausweisdaten.

5.2 Within the scope of data processing when using the contact forms for interested companies and contact forms within the scope of marketing campaigns, we process the data required for this purpose. This includes the following categories:

5.3 Within the scope of applicant management, we process the following data:

5.4 In the context of media contacts, we process the following data:

6. Categories of recipients of the personal data

Any information you provide to us by entering it on these web pages will be stored on a server located in a country in the European Union and forwarded only to the appropriate parties within the company to process your inquiries and requests.

Service providers we use may also receive data from us in order to fulfill the prescribed purposes. These may, for example, be companies in the categories of IT services, printing services, marketing, sales or telecommunications.

7. Online presence and website optimization

7.1 Tracking Tools and Cookies - General Information

Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your device, do not contain viruses, Trojans or other malware. In the cookie, information is stored in connection with the specific end device used.

 

The use of cookies can be consent-free and consent-requiring. Cookies that do not require consent are those that are necessary to make use of our online offer or that serve IT security (necessary cookies). The legal basis for data processing is Article 6(1)(f) GPDR.

Cookies requiring consent help to make the use of our offer smoother for you (preference cookies). For example, we use cookies to recognize that you have already visited individual pages of our website or that you are already logged into your customer account. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again. We also use cookies to statistically record how our website is used and to evaluate it for the purpose of optimizing our offer for you, as well as to display information tailored specifically to you (marketing and statistics cookies).

 

The legal basis of data processing for cookies requiring consent is Article 6(1)(a) GPDR. This data includes, but is not limited to, page views, length of stay, country, etc. We analyze these statistical data to improve our offer and to check the acceptance of individual web pages. Invisible GIFs are only used to position elements on the website. No other functions are associated with the invisible GIFs used. These cookies are stored by your browser and are usually deleted when you close the browser. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. The storage period of cookies depends on their purpose and differs.

 

We recommend that for shared computers that are set to accept cookies, you always log out completely when finished.

 

Which cookies are currently used by us is explained in more detail in the following section. You can manage the cookies independently – HERE – quickly and easily and change your settings at any time.

7.2 Cookie consent with Consent Manager provider

Our website uses the cookie consent technology of a Consent Manager Provider to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, website: https://www.cookiebot.com/ (hereinafter “the Consent Manager Provider”).

 

When you visit our website a connection is established to the servers of the Consent Manager Provider in order to obtain your consents and other declarations regarding cookie use. Subsequently, the Consent Manager Provider stores a cookie in your browser in order to be able record your consent or non-consent for non-essential cookies. The data collected in this way are stored until you request us to delete them, you delete the Consent Manager Provider cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

 

The Consent Manager Provider is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GPDR.

7.3 Google Services

In order to improve the user experience on our website, this website uses various Google services, whose parent company Google LLC (“Google”) is based in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). For users in the European Economic Area, data responsibility lies with Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

 

In the event of the transfer of personal data of our contractual partner to the parent company, Google LLC has committed to the EU standard contractual clauses, which ensures compliance with the level of data protection applicable in the EU. For more information, please click here: https://business.safety.google/gdpr/.

Use of script libraries (Google Fonts):

In order to display our content correctly and attractively across browsers, we use script libraries and font libraries such as Google Fonts (https://www.google.com/webfonts/) on our website. Google Fonts are transferred to the cache of your browser to avoid multiple loading. If the browser does not support Google Fonts or prevents access, content is displayed in a standard font.

Calling up script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – although it is currently unclear whether and for what purposes – that the operators of such libraries collect data.

 

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/.

 

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq?hl=de-DE HYPERLINK

Google Tag Manager

Google Tag Manager makes it easy for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to set up remarketing or retargeting and targeting, and to test and optimize websites. For more information about Google Tag Manager, see https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

Google Analytics uses cookies to help the website analyze how users use the site. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html, or https://support.google.com/optimize/answer/6230273 or https://policies.google.com/?hl=de.

Google Ads Remarketing

We use Google Ads as a marketing tool to draw customers’ attention to our services. When an ad is clicked, a cookie is set on the user’s computer by Google. Further information on Google Ads can also be found in Google’s notes on website statistics at: https://services.google.com/sitestats/de.html and in the privacy policy at https://www.google.de/policies/privacy/.

8. Duration of data storage

We generally only store your data for as long as is necessary for the respective purpose of the data processing (e.g. processing your request or legal retention periods).

 

We store the data collected for the processing of the contract until the expiry of the statutory or possible contractual warranty and guarantee rights. After the expiry of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (generally ten years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.

 

The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether storage is necessary for the advertising approach. In addition, we follow the principle of deleting data for advertising use 4 years after the end of the contract or 4 years after the end of any marketing contacts. Advertising objections are not deleted.

 

We store the data we process as part of the recruitment process for up to 6 months after the application process has been completed.

 

In particular justified cases we also store data for longer periods, such as if a public authority requires this or if the data is needed for legal reasons, e.g., to provide evidence in a court case.

9. Recipients outside the EU

If we use service providers outside the EU or the European Economic Area (EEA), we take appropriate and suitable safeguards in accordance with Art. 44 ff. GDPR (conclusion of EU standard contracts, additional technical and organizational measures such as encryption or anonymization etc.) to ensure an adequate level of data protection for the transfer of personal data. Please note that despite careful selection of a service provider, the service provider may process data outside the EU or EEA or may be subject to a different jurisdiction due to its registered office and thus may not provide an adequate level of data protection.

 

For an efficient and reliable newsletter and ordering process, we commission an external service provider with processing based in the USA (Mailchimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA). By subscribing to our newsletter, you agree that we may transfer your data to this service provider pursuant to Art. 28 GPDR. The transmitted data is limited to your name, first name and email address. When an order is placed, the following data is transmitted to the external service provider: Name and first name, address, telephone number, email address, if applicable for payment option direct debit: IBAN. This service provider is committed to compliance with the GPDR, more information can be found at: https://mailchimp.com/gdpr/.

10. Your rights

10.1 Overview

In addition to the right to revoke the consent you have given to us you have the following additional rights if the respective legal requirements are met:

You can address your respective concerns in writing to finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich, Germany, or by e-mail to dataprotection@finapi.io. In addition, you have the option of contacting the supervisory authority responsible for finAPI, the Bavarian State Office for Data Protection (BayLDA).

10.2 Right of objection

Under the conditions of Art. 21 (1) GPDR, all processing of your data may be objected to for reasons arising from the particular situation of the data subject. This objection should be addressed to finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich.

The above general right to object applies to all processing purposes described in this data protection policy that are processed on the basis of Article 6(1)(f) GDPR. Unlike the specific right of objection to data processing for advertising purposes, we are only obliged under the GDPR to implement such a general right of objection if you provide us with reasons of overriding importance for doing so (e.g. a possible risk to life or health). In addition, you have the option of contacting the supervisory authority responsible for finAPI, the Bavarian State Office for Data Protection Supervision (BayLDA).

11. Data security

All data transmitted by you personally will be transferred with the generally used and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure SSL connection, among other things, by the appended s at the http (i.e. https://…) in the address bar of your browser or by the lock symbol in the lower area of your browser.

Last updated: June 2021