Privacy Policy

Information under Articles 13, 14 and 21 of the European Data Protection Regulation - DPA


Finoa GmbH hereby informs you about the processing of your personal data (Art. 4 No. 2 DSGVO) by Finoa GmbH and the claims and rights you are entitled to according to the data protection regulations.

Which data is processed and how it is used depends on the services you have requested or agreed with you.

1 Who is responsible for data processing and whom can I contact?

Finoa GmbH
Heinrich-Mann-Allee 3b
14473 Potsdam
Email: datenschutz@finoa.io

2 Which sources and data does Finoa GmbH use?

Finoa GmbH processes personal data that it receives from you in the course of the business initiation and business relationship. In addition, Finoa GmbH processes - as far as necessary for the provision of services - personal data which it has received from third parties (e.g. SCHUFA, agents, affiliated companies) in a permissible manner (e.g. to execute orders, to fulfill contracts or on the basis of your consent). In addition, Finoa GmbH processes personal data which it has obtained from publicly accessible sources (e.g. debtor lists, land registers, commercial and association registers, press, media) and which it is permitted to process. The above also applies to personal data of you in your function as a representative/authorized representative of a legal entity.

a) Relevant personal data in the context of business initiation, in the course of authorization or the joint obligation can be

Personal data, e.g. name, address, telephone number, e-mail address, date and place of birth, nationality, legal capacity, profession, occupational group code (e.g. dependent/self-employed), advertising, and sales data, tax ID.

b) Relevant personal data in the context of a business relationship and the use of products/services may be:

Account and payment transactions: order data (e.g. payment order, turnover data in payment transactions, recipient, IBAN, the purpose of payment)
In addition, during the business relationship, in particular through personal, written or telephone contacts, initiated by you or by Finoa GmbH, other personal data, e.g. information on the contact channel, date of contact, reason, and result of the contact, as well as (electronic) copies of correspondence, are processed.

3 What does Finoa GmbH process your data for (purpose of processing) and on what legal basis?

Finoa GmbH processes personal data in accordance with the provisions of the DSGVO and the Federal Data Protection Act (BDSG new).

3.1 To fulfill contractual obligations (Art. 6 para. 1 letter b DSGVO)

Personal data is processed for the purpose of providing and procuring products and services, in particular, to carry out pre-contractual measures and the fulfilment of contracts with you and the execution of your orders as well as all activities required with Finoa GmbH.

The purposes of data processing are primarily based on the specific product or service.

3.2 Within the scope of the balancing of interests (Art. 6 para. 1 letter f DSGVO)

If necessary, Finoa GmbH will process your data beyond the actual fulfillment of the contract in order to protect the legitimate interests of Finoa GmbH or third parties.

Examples:
  • Consultation and exchange of data with information files (e.g. SCHUFA) to determine credit risks,
  • Data exchange with intermediaries on the conclusion of contracts or any missing documents and for invoicing purposes,
  • Direct advertising or market and opinion research, as far as permissible and as long as you have not objected to the use of your data in this respect,
  • The assertion of legal claims and defense in legal disputes,
  • Ensuring the IT security and IT operation of Finoa GmbH,
  • Prevention and investigation of criminal offences,
  • Video surveillance for the collection of evidence in criminal cases, for the protection of customers and employees as well as for the exercise of domestic authority,
  • Measures for building and plant security (e.g. access controls),
  • Measures to secure the right to the house,
  • Measures for business management and further development of services and products

3.3 Based on your consent (Art. 6 para. 1 letter a DSGVO)

If you have given Finoa GmbH permission to process personal data for specific purposes (e.g. passing on data to cooperation partners, for marketing purposes or information about new services), the legality of this processing is based on your consent.

A given consent is voluntary and can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to Finoa GmbH before the DSGVO became effective, i.e. before 25 May 2018.

Please note that revocation is only effective for the future. Processing that took place before the revocation is therefore not affected.

3.4 Due to legal requirements (Art. 6 para.1 c DSGVO) or public interest (Art. 6 para.1 e DSGVO)

Finoa GmbH is subject to various legal requirements as well as banking supervisory regulations which must be observed. Therefore, data processing, e.g. due to money laundering, banking, or tax laws, is justified. The requirements of the European Central Bank, the European Banking Supervisory Authority, the German Federal Bank, and the Federal Financial Supervisory Authority also entitle us to process data in order to comply with regulatory requirements.

The purposes of the processing are among others Identity and age verification, fraud and money laundering prevention, credit assessment, tax control, and reporting obligations as well as risk assessment of Finoa GmbH.

4 Who gets my data?

Within Finoa GmbH, your data will be passed on to those departments that need it to fulfill our contractual and legal obligations. Processors employed by Finoa GmbH (Art. 28 DSGVO) may also receive data for the same purposes. These are companies to which Finoa GmbH outsources services, for example. These can be assigned to the categories of financial services, IT services, logistics, printing services, and debt collection, among others.

5 How long will my data be stored?

If necessary, Finoa GmbH will process and store your personal data for the duration of the business relationship, which includes, for example, the initiation and execution of a contract. The processing and storage of data of legal entities are carried out for as long as you are authorised to represent the legal entity to Finoa GmbH.

In addition, Finoa GmbH is subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention and documentation stipulated there are between two and ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§195 ff. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to 30 years.

6 Is data transferred to a third country or to an international organization?

Personal data will only be transferred to third countries (countries outside the European Economic Area (EEA)) if the EU Commission has confirmed that the third country has an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard data protection clauses) have been agreed upon or if you have given your consent to Finoa GmbH.

Finoa GmbH will inform you separately about the details if required by law.

7 What data protection rights do I have?

Every person concerned has the right to information in accordance with Art. 15 DSGVO, the right to correction in accordance with Art. 16 DSGVO, the right to deletion in accordance with Art. 17 DSGVO, the right to restriction of processing in accordance with Art. 18 DSGVO and the right to data transferability in accordance with Art. 20 DSGVO.

In the case of the right of information and the right of deletion, the restrictions under §34 and §35 BDSG now apply.

8 Do I have an obligation to provide data?

Within the scope of the business relationship, you only have to provide personal data that are required for the establishment, execution, and termination of a business relationship with you or the legal entity you represent in relation to Finoa GmbH or that Finoa GmbH is legally obliged to collect.

Without this data Finoa GmbH will normally have to refuse to conclude the contract or execute the order or will not be able to execute an existing contract and may have to terminate it or reject you as an authorized representative/agent.

9 To what extent will my data be used for a profile formation (scoring)?

Finoa GmbH does not process data with the aim of evaluating personal aspects (profiling).

10 E-mail newsletter

10.1 Mailchimp

We use the services of Mailchimp for sending newsletters. The provider of mail- chimp is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
 
Mailchimp is a service which helps to organize the sending of newsletters. If you enter your personal data into the input mask to receive the newsletter, this data is stored on the servers of Mailchimp in the USA.
 
Mailchimp is certified according to the "EU-US-Privacy-Shield". The "Privacy-Shield" is an agreement between the European Union (EU) and the USA, which is intended to guarantee compliance with European data protection standards in the USA.
 
We can also use Mailchimp to analyse our newsletter campaigns. When opening the mail sent via Mailchimp, a cookie contained in the mail connects to Mailchimp servers in the USA. So we are able to determine how often our mail was opened. Furthermore, the time of retrieval, IP address, browser type, and operating system of the recipient are recorded. This information is anonymous and cannot be assigned to the newsletter recipient. The analysis possibility of the newsletter serves the evaluation possibility of our newsletter campaigns exclusively.
 
If you do not wish to enable analysis via the Mailchimp service, you have the option of cancelling the newsletter. To unsubscribe from the newsletter, simply click on the corresponding link in your newsletter mail. You can also unsubscribe directly on the website.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
 
The data which you provide to Mailchimp for the purpose of subscribing to the newsletter will be stored by Mailchimp until you unsubscribe from the newsletter and will be deleted from the servers of Mailchimp after you unsubscribe from the newsletter. Data that has been saved for other purposes (e.g. e-mail addresses for the customer area) remains unaffected.
 
Further information about the current privacy policy of Mailchimp can be found at: https://mailchimp.com/legal/terms/.

 

11 Contact form


 
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.
 
This data is processed on the basis of Art. 6 para. 1 lit. b DSGVO, insofar as your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested.
 
The data entered by you in the contact form will remain with us until you request us to solve the problem, revoke your consent for storage or the purpose for which the data is stored no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
 

12 Inquiry by e-mail, telephone or fax

 
If you contact us by e-mail, telephone, or fax, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
 
The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, if your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested.
 
The data sent to us by you via contact inquiries will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for storing it no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.
 

 

13 Use and linking to social media

13.1 Use of Twitter

 
Functions of the Twitter service are integrated into our services. These functions are offered by the:
 
Twitter International Company,
One Cumberland Place,
Fenian Street,
Dublin 2,
D02 AX07, Ireland.
 
By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. This also involves the transfer of data to Twitter. We expressly point out that we, as the provider of the services, have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in the Twitter privacy policy at https://twitter.com/de/privacy.You can change your data protection settings on Twitter at http://twitter.com/account/settings.
 

13.2 Use of LinkedIn

 
Our services use functions of the LinkedIn network. Provider is the:
 
LinkedIn Ireland Unlimited Company,
Wilton Place,
Dublin 2, Ireland.
 
When you visit our services and click the LinkedIn plugin ("Recommend button"), a connection to LinkedIn servers is established. LinkedIn will be notified that you have visited our services using your IP address. If you click on the LinkedIn "Recommend Button" and are logged into your LinkedIn account, LinkedIn may associate your visit to our services with your account. We expressly point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or of the use of such data by LinkedIn. You can find further information on LinkedIn’s data protection provisions at: https://www.linkedin.com/legal/%20privacy-policy.
 
 

13.3 Use of Medium

 
Functions of the Medium service are integrated in our services. These services are offered by:
VeraSafe Ireland Ltd,
Unit 3D North Point House,
North Point Business Park,
New Mallow RoadCork T23AT2P, Ireland.
 
If you are logged in to your Medium account, you can link the content of our pages to your Medium profile by clicking the Medium button. This allows Medium to associate your visit to our services with your user account. We expressly point out that we, as the provider of the services, have no knowledge of the content of the transmitted data or its use by Medium. Further information on this can be found in the data protection declaration of Medium https://policy.medium.com/medium-privacy-policy-f03bf92035c9.
 

13.4 Use of Google Analytics 


We have integrated the component Google Analytics (with anonymisation function) on this website.Google Analytics is a web analytics service. Web analysis is the gathering, collection, and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on which website a data subject has come to a website from (so-called referrers), which subpages of the website were accessed or how often and for which period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there. Google might transfer the personal information collected via this technical procedure to third parties.
 
 During your visit to the website the following data, among others, is recorded:
  • Orders including turnover and products ordered
  • The achievement of "website objectives" (e.g. contact requests and newsletter subscriptions)
  • Your behaviour on the pages (for example clicks, scrolling behaviour and dwell time)
  • Your approximate location (country and city)
  • Your IP address (in abbreviated form, so that no clear assignment is possible)
  • Technical information such as browser, Internet provider, terminal device, and screen resolution
  • Source of your visit (i.e. which website or advertising medium brought you to us)
  • This data is transferred to a Google server in the USA. 
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised during future visits to the website.The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 26 months. Other data remain stored in aggregated form for an unlimited period.

If you do not agree with the collection, you can prevent this by installing the browser add-on once to deactivate Google Analytics.

14 Information on your right of objection under Art. 21 of the Basic Data Protection Regulation (DSGVO)

 
Right of objection in individual cases:
 
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1 f of the DSGVO (data processing based on a balancing of interests).
 
If you object, Finoa GmbH will no longer process your personal data, unless Finoa GmbH can prove that there are compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights, and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
 
The objection can be made without formality and should be addressed to:
 
Finoa GmbH
Data protection officer
Heinrich-Mann-Allee 3b
14473 Potsdam
Email: datenschutz@finoa.io
 
 

15 Retention and deletion periods

As a matter of principle, Finoa GmbH processes and stores personal data only as long as it is necessary for the fulfilment of contractual and legal obligations. In other words, if the data is no longer necessary for the fulfilment of contractual or legal obligations, it is regularly deleted, unless further processing is necessary for the following purposes, for example:
 
a)     Fulfilment of the retention periods under commercial and tax law, as defined by the following laws: Commercial Code (HGB), Fiscal Code (AO), Banking Act (KWG), Money Laundering Act (GWG) and Securities Trading Act (WpHG). The periods of retention or documentation stipulated there are two to ten years.
 
b)    Preservation of evidence within the scope of the statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years. The legal basis for this arises from Art. 17 para. 3 e DSGVO and Art. 6 para. 1 f DSGVO.

Cookie Declaration

Receive Finoa Updates

Qualified Custodian

We are granted a preliminary crypto-asset custody license approval as qualified custodian (§64y Para. 1 KWG) and will be supervised by the German Federal Financial Supervisory Authority (BaFin)