Privacy Policy finpair GmbH

In the following we inform you about what personal data according to the General Data Protection Regulation (GDPR) concerning you we collect and process in connection with the use of our service finpair and the associated website www.finpair.de and https://platform.finpair.de and about the purposes of this processing.

Personal data are any data that identify you or make you identifiable, such as your email address, your name or other individual identifiers. For further details, please refer to the definitions in Art. 4 GDPR.

1. Controller within the meaning of the GDPR

Name: finpair GmbH
Address: Friedrichswall 10, 30159 Hanover, Germany
Email address: kontakt@finpair.de

2. Data protection officer

E-Mail-Adresse: finpair.datenschutz@nordlb.de

3. Processing operations and purposes

We only collect personal data that are required for the purposes below and only process them for those purposes. Personal data will only be processed in accordance with legal regulations. There is no automated decision-making (Art. 22 GDPR) on our website and in finpair.

3.1 Processing of personal data during the use of the website www.finpair.de

When you use the website www.finpair.de we will process personal data transferred by your browser to our servers. We process that data on the basis of our legitimate interest to display the website to you and ensure stability and security of the website (Art. 6 para. 1 f GDPR).

When you access our website we process the following categories of data:

(a) IP address

(b) Date and time of the visit

(c) Time zone difference to GMT

(d) Specific site of the visit

(e) Access status or http status code

(f) Transmitted data volume

(g) Website that made the request

(h) Browser type

(i) Operating system and its interface

(j) Language and version of the browser

3.2 Processing of personal data when you contact us

If you contact us we will process the data you provided to us (e.g. your email address or phone number) to respond to your request, for example if you have specific questions or require general information about our services (Art. 6 para. 1 b GDPR).

3.3 Processing of personal data during the use of the platform finpair

If you open a personal account on our website in order to use the service, we process your personal data to carry out pre-contractual measures or to be able to fulfill our contractual obligations towards you, or to be able to render the desired services (Art. 6 para. 1 lit. b GDPR). The legal basis for the collection and processing of personal data on the basis of obligations according to Secs. 4, 8, 11 of the Money Laundering Act (GwG) is Art. 6 para. 1 lit. c GDPR.

In this context, we process the following categories of data:

(a) Name

(b) Represented company

(c) Email address, phone and fax number, business address

(d) Capacity of Issuer or Investor and associated authorization to act, subscribe, read and write

(e) Data for legitimization and identification test

(f) Information related to contracts, documents and financial resources

4. Cookies

If you visit our website we store cookies on your computer. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using. This will transfer the information contained in the cookie to the person who set the cookie. However, we will not receive any direct information about your identity.

Most browsers accept cookies automatically. Session ID cookies will be automatically deleted if you close your browser. Other cookies are stored for a longer period on your device and deleted automatically after a specified time. You can, however, configure your browser so that no cookies are stored on your computer and delete cookies that have already been stored in your browser settings. Please note that after completely deactivating cookies it may not be possible to use all of the functionality of our website.

The processing of this information serves to make our services more user-friendly and effective for you and is therefore required to protect the legitimate interests according to Art. 6 para. 1 lit. f GDPR.

We use the following cookies on our platform:

5. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA („Google“). The information from the cookie about your usage of this website (including your IP address) will in general be transferred to a server of Google within the USA and will be stored there. In the case that an IP-anonymization is activated for this website your IP address will be shortened within the area of member states of the European Union or other states of the European Economic Area. In exceptional cases the shortening of the IP address will happen after the transfer of the data on a Google server within the USA. Google is commissioned by the operator of this website to use the information in order to analyze the usage of the website, to generate reports on the activities on the website, and to provide additional services connected to the usage of the website and of the internet to the operator. Google will also transfer the data to third parties, as far as regulation requires them to do so or as far as the third parties are commissioned by Google to process that data.

The IP address transferred by your browser within the context of services of Google Analytics will not be combined with other existing data by Google.

The storing of cookie data is controlled by the settings of the software that gives you access to this website. Hence you can prevent the storing of cookies via the corresponding settings of your browser. However, it is possible that you will then not be able to consume the services of this website in full.

Moreover, you can prevent the capturing and processing of the data that is provided by the cookie and that refers to your usage of the website (including your IP address) by Google if you download the browser plugin provided by Google via this link: https://tools.google.com/dlpage/gaoptout?hl=en.

This website uses Google Analytics with the extension “_anonymizeIp()”. With this extension IP addresses are processed after having been shortened, which makes it impossible to identify an individual person. In so far as there could be a risk of personal identifiability stemming from the captured data, that risk is thereby excluded and all data related to individual persons are deleted immediately.

We make use of Google Analytics to analyze and continually improve our website. The statistical data gained from this service help us to refine our product and render it more interesting for you as a customer. To cover the exceptional cases of transfer of person-related data to the USA Google is committed to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. Google Analytics is regulated by Art. 6 (1) 1 f) GDPR.

Information by the service providing company: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of service: https://www.google.com/intl/en/policies/terms/regional.html, data protection declaration: https://www.google.com/intl/en/policies/privacy/.

6. Forwarding the data to third parties/recipient of personal data

We will not forward the above data to third parties, except for the cases described below. Otherwise we will inform you in time about data transfers in accordance with legal requirements.

6.1 Cloud provider

We use Google Cloud Platform (GCP) and Amazon Web Services (AWS) as processor for data hosting. The data will be stored solely in a data center with location in the European Union.

The provider Google Cloud Platform, 1600 Amphitheatre Parkway, Mountain View, California, U.S. and its U.S. parent company Google Inc. are certified under the EU-US-Privacy Shield so that the legal requirements for the adequacy of the level of data protection according to Art. 45 GDPR are met.

The provider Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, U.S. and its U.S. parent company Amazon.com, Inc. are certified under the EU-US-Privacy Shield so that the legal requirements for the adequacy of the level of data protection according to Art. 45 GDPR are met.

6.2 HubSpot

We use HubSpot for our online marketing activities and customer service as processor. This is an integrated software solution to contact the users of our services and improve the services of our company. For this purpose, we store, process and assess information (e.g. IP address, browser type, duration of the visit, accessed site) on servers of our software partner HubSpot. For this purpose we use web beacons and store cookies on your computer. Specifically, we use HubSpot for the following purposes:

(a) Email marketing (newsletter and automated mailings)

(b) Social Media Publishing & Reporting

(c) Analytics (e.g. traffic sources, accesses)

(d) Contact management (e.g. user segmentation & CRM), user support

(e) Registration and contact forms

The provider HubSpot is a software company from the U.S. with a branch in Ireland (contact: HubSpot, Inc., European Headquarters, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500). HubSpot is certified under the provisions of the EU-U.S. Privacy Shield Framework so that the legal requirements for the adequacy of the level of data protection according to Art. 45 GDPR are met.

If you wish to prevent HubSpot from collecting your data you can disable the storage of cookies anytime in your browser settings.

For further information about the functioning of HubSpot, see the privacy policy of HubSpot, Inc., available at:  http://legal.hubspot.com/de/privacy-policy.

7. Public Bodies

In some cases, we might be ordered to transmit data to a competent authority, if and to the extent that a particular statute obligates us to do so (Art. 6, para. 1 lit. c GDPR).

8. Security Measures

Taking into account the state of the art, the costs of implementation, and the type, scope, circumstances, and purposes of processing as well as the varying likelihood of materialization and severity of the risk to your rights and freedoms, in accordance with Art. 32 GDPR we implement appropriate technical and organizational measures in order to ensure a level of protection appropriate to the risk.

9. Duration of the storage of your data

We store your data only for as long as they are required to achieve the respective processing purpose, and we erase them subsequently. Otherwise, we restrict processing if we are obliged to do so, e.g. by statutory regulations, and if we are prohibited from erasing the data. The data will be stored for a longer period if further statutory, legal or contractual retention periods exist. This includes the commercial (Sec. 257 HGB (German Commercial Code)) and tax law (Sec. 147 AO (German Fiscal Code) retention periods for the data categories stipulated there. Data for the fulfillment of a contract, for the implementation of pre-contractual measures or for handling your requests will be stored for as long as they are needed to implement the respective purpose or to meet contractual or legal obligations. Data might be stored for longer periods if this is required to assert, exercise or defend legal claims.

10. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which we process on the basis of our legitimate interests according to Art. 6 para. 1 lit. f GDPR, including profiling that is based on those provisions. In this case, we shall no longer process your personal data unless there are compelling legitimate grounds, which override your interests, rights and freedoms, or the processing serves the establishment exercise or defense of our legal claims.

You can object to the processing of personal data concerning you for purposes of direct marketing, including any associated profiling at any time.

10. Your rights

You also have the following rights toward us regarding personal data concerning you:

(a) the right to access to your data processed by us including the purposes of processing,

(b) the right to have incorrect personal data rectified,

(c) the right to have your personal data erased ("right to be forgotten"),

(d) the right to have the processing of your personal data restricted,

(e) the right to receive a copy of your personal data in a structured, commonly used and machine-readable format if their processing is based on your consent or these data are processed with regard to a contractual relation with you ("right to data portability").

(f) the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

You can assert those rights via email to kontakt@finpair.de or by mail to finpair GmbH, Friedrichswall 10, 30159 Hanover.