Privacy Policy

Information under Articles 13, 14, and 21 of the European Data Protection Regulation - DPA

Finoa GmbH hereby informs you about the processing of your personal data (Art. 4 No. 2 DSGVO) by Finoa GmbH and the claims and rights you are entitled to according to the data protection regulations.

Which data is processed and how it is used depends on the services you have requested or agreed with you.

1. Who is responsible for data processing and whom can I contact?

Finoa GmbH
Heinrich-Mann-Allee 3b
14473 Potsdam

2. Which sources and data does Finoa GmbH use?

Finoa GmbH processes personal data that it receives from you in the course of the business initiation and business relationship. In addition, Finoa GmbH processes - as far as necessary for the provision of services - personal data which it has received from third parties (e.g. SCHUFA, agents, affiliated companies) in a permissible manner (e.g. to execute orders, to fulfill contracts, or on the basis of your consent). In addition, Finoa GmbH processes personal data which it has obtained from publicly accessible sources (e.g. debtor lists, land registers, commercial and association registers, press, media) and which it is permitted to process. The above also applies to personal data of you in your function as a representative/authorized representative of a legal entity.

a) Relevant personal data in the context of business initiation, in the course of authorization, or the joint obligation can be

Personal data, e.g. name, address, telephone number, e-mail address, date and place of birth, nationality, legal capacity, profession, occupational group code (e.g. dependent/self-employed), advertising, and sales data, tax ID.

b) Relevant personal data in the context of a business relationship and the use of products/services may be:

Account and payment transactions: order data (e.g. payment order, turnover data in payment transactions, recipient, IBAN, the purpose of payment).

In addition, during the business relationship, in particular through personal, written, or telephone contacts, initiated by you or by Finoa GmbH, other personal data, e.g. information on the contact channel, date of contact, reason, and the result of the contact, as well as (electronic) copies of correspondence, are processed.

3. What does Finoa DmbH process your data for (purpose and processing) and on what legal basis?

Finoa GmbH processes personal data in accordance with the provisions of the DSGVO and the Federal Data Protection Act (BDSG new).

3.1 To fulfill contractual obligations (Art. 6 para. 1 letter b DSGVO)

Personal data is processed for the purpose of providing and procuring products and services, in particular, to carry out pre-contractual measures and the fulfillment of contracts with you and the execution of your orders as well as all activities required with Finoa GmbH.

The purposes of data processing are primarily based on the specific product or service.

3.2 Within the scope of the balancing of interests (Art. 6 para. 1 letter f DSGVO)

If necessary, Finoa GmbH will process your data beyond the actual fulfillment of the contract in order to protect the legitimate interests of Finoa GmbH or third parties.


  • Consultation and exchange of data with information files (e.g. SCHUFA) to determine credit risks,
  • Data exchange with intermediaries on the conclusion of contracts or any missing documents and for invoicing purposes,
  • Direct advertising or market and opinion research, as far as permissible and as long as you have not objected to the use of your data in this respect,
  • The assertion of legal claims and defense in legal disputes,
  • Ensuring the IT security and IT operation of Finoa GmbH,
  • Prevention and investigation of criminal offenses,
  • Video surveillance for the collection of evidence in criminal cases, for the protection of customers and employees as well as for the exercise of domestic authority,
  • Measures for building and plant security (e.g. access controls),
  • Measures to secure the right to the house,
  • Measures for business management and further development of services and products

3.3 Based on your consent (Art. 6 para. 1 letter a DSGVO)

If you have given Finoa GmbH permission to process personal data for specific purposes (e.g. passing on data to cooperation partners, for marketing purposes, or information about new services), the legality of this processing is based on your consent.

A given consent is voluntary and can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to Finoa GmbH before the DSGVO became effective, i.e. before 25 May 2018.

Please note that revocation is only effective for the future. Processing that took place before the revocation is therefore not affected. 

3.4 Due to legal requirements (Art. 6 para.1 c DSGVO) or public interest (Art. 6 para.1 e DSGVO)

Finoa GmbH is subject to various legal requirements as well as banking supervisory regulations which must be observed. Therefore, data processing, e.g. due to money laundering, banking, or tax laws, is justified. The requirements of the European Central Bank, the European Banking Supervisory Authority, the German Federal Bank, and the Federal Financial Supervisory Authority also entitle us to process data in order to comply with regulatory requirements.

The purposes of the processing are among others Identity and age verification, fraud and money laundering prevention, credit assessment, tax control, and reporting obligations as well as risk assessment of Finoa GmbH.

4. Who gets my data?

Within Finoa GmbH, your data will be passed on to those departments that need it to fulfill our contractual and legal obligations. Processors employed by Finoa GmbH (Art. 28 DSGVO) may also receive data for the same purposes. These are companies to which Finoa GmbH outsources services, for example. These can be assigned to the categories of financial services, IT services, logistics, printing services, and debt collection, among others.

5. How long will my data be stored?

If necessary, Finoa GmbH will process and store your personal data for the duration of the business relationship, which includes, for example, the initiation and execution of a contract. The processing and storage of data of legal entities are carried out for as long as you are authorized to represent the legal entity to Finoa GmbH.

In addition, Finoa GmbH is subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention and documentation stipulated there are between two and ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§195 ff. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to 30 years.

6. Is data transferred to a third country or to an international organization?

Personal data will only be transferred to third countries (countries outside the European Economic Area (EEA)) if the EU Commission has confirmed that the third country has an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard data protection clauses) have been agreed upon or if you have given your consent to Finoa GmbH.

Finoa GmbH will inform you separately about the details if required by law.

7. What data protection rights do I have?

Every person concerned has the right to information in accordance with Art. 15 DSGVO, the right to correction in accordance with Art. 16 DSGVO, the right to deletion in accordance with Art. 17 DSGVO, the right to restriction of processing in accordance with Art. 18 DSGVO, and the right to data transferability in accordance with Art. 20 DSGVO.

In the case of the right of information and the right of deletion, the restrictions under §34 and §35 BDSG now apply.

8. Do I have an obligation to provide data?

Within the scope of the business relationship, you only have to provide personal data that are required for the establishment, execution, and termination of a business relationship with you or the legal entity you represent in relation to Finoa GmbH or that Finoa GmbH is legally obliged to collect.

Without this data, Finoa GmbH will normally have to refuse to conclude the contract or execute the order or will not be able to execute an existing contract and may have to terminate it or reject you as an authorized representative/agent.

9. To what extent will my data be used for profile formation (scoring)?

Finoa GmbH does not process data with the aim of evaluating personal aspects (profiling).

10. E-mail newsletter

10.1 Sendinblue

We use the services of Sendinblue for sending newsletters. The provider of Sendinblue is Sendinblue SAS – Politique de confidentialité

7 rue de Madrid, 75008 Paris, France 

Sendinblue is a service that helps to manage the sending of newsletters and operates in full compliance with GDPR legislation. 

When you enter your personal data into the input mask to signup for the Finoa newsletter, this data is stored by Sendingblue on the servers of Sendinblue in France, Belgium, and Ireland. 

We also use Sendinblue to analyze the performance of our newsletter campaigns. When opening the mail sent via Sendinblue, a cookie contained in the mail connects to Sendinblue servers in France, Belgium, and Ireland. This allows us to determine how often our mail was opened as well as the time of retrieval, IP address, browser type, and operating system of the recipient are recorded. This information is anonymous and cannot be assigned to the newsletter recipient. The analysis of the newsletter only serves the purpose of evaluating the performance of our newsletter campaigns.

If you do not wish to enable analysis via the Sendinblue service, you have the option of unsubscribing from the newsletter. To do so, simply click on the corresponding link in your newsletter mail. You can also unsubscribe directly on the website.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data which you provide to Sendinblue for the purpose of subscribing to the newsletter will be stored by Sendinblue until you unsubscribe from the newsletter and will be deleted from the servers of Sendinblue after you unsubscribe from the newsletter. Data that has been saved for other purposes (e.g. e-mail addresses for the customer area) remains unaffected.

Further information about the current privacy policy of Sendinblue can be found here.

11. Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b DSGVO, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested.

The data entered by you in the contact form will remain with us until you request us to solve the problem, revoke your consent for storage, or the purpose for which the data is stored no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

12. Inquiry by e-mail, telephone, or fax

If you contact us by e-mail, telephone, or fax, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), provided that this has been requested.

The data sent to us by you via contact inquiries will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for storing it no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

13. Use and link to social media

13.1 Use of Twitter

Functions of the Twitter service are integrated into our services. These functions are offered by the:

Twitter International Company,
One Cumberland Place,
Fenian Street,
Dublin 2,
D02 AX07, Ireland.

By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. This also involves the transfer of data to Twitter. We expressly point out that we, as the provider of the services, have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in the Twitter privacy policy. You can change your data protection settings on Twitter.

13.2 Use of LinkedIn

Our services use functions of the LinkedIn network. The provider is:

LinkedIn Ireland Unlimited Company,
Wilton Place,
Dublin 2, Ireland.

When you visit our services and click the LinkedIn plugin ("Recommend button"), a connection to LinkedIn servers is established. LinkedIn will be notified that you have visited our services using your IP address. If you click on the LinkedIn "Recommend Button" and are logged into your LinkedIn account, LinkedIn may associate your visit to our services with your account. We expressly point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or of the use of such data by LinkedIn. You can find further information on LinkedIn’s data protection provisions .

The LinkedIn Insight Tag enables the collection of data regarding members’ visits to Finoa's website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or (when used for reaching members across devices) hashed, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.

13.3 Use of Medium

Functions of the Medium service are integrated with our services. These services are offered by:
VeraSafe Ireland Ltd,
Unit 3D North Point House,
North Point Business Park,
New Mallow RoadCork T23AT2P, Ireland.

If you are logged in to your Medium account, you can link the content of our pages to your Medium profile by clicking the Medium button. This allows Medium to associate your visit to our services with your user account. We expressly point out that we, as the provider of the services, have no knowledge of the content of the transmitted data or its use by Medium. Further information on this can be found in the data protection declaration of Medium.

13.4 Use of Google Analytics 

We have integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analysis is the gathering, collection, and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website a data subject has come to a website from (so-called referrers), which subpages of the website were accessed, or how often and for which period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there. Google might transfer the personal information collected via this technical procedure to third parties.

 During your visit to the website the following data, among others, is recorded:

  • Orders including turnover and products ordered
  • The achievement of "website objectives" (e.g. contact requests and newsletter subscriptions)
  • Your behavior on the pages (for example clicks, scrolling behavior, and dwell time)
  • Your approximate location (country and city)
  • Your IP address (in abbreviated form, so that no clear assignment is possible)
  • Technical information such as browser, Internet provider, terminal device, and screen resolution
  • Source of your visit (i.e. which website or advertising medium brought you to us)
  • This data is transferred to a Google server in the USA. 

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized during future visits to the website. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 26 months. Other data remain stored in aggregated form for an unlimited period.

If you do not agree with the collection, you can prevent this by installing the browser add-on once to deactivate Google Analytics.

14. Information on your right of objection under Art. 21 of the Basic Data Protection Regulation (DSGVO)

Right of objection in individual cases:

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1 f of the DSGVO (data processing based on a balancing of interests).

If you object, Finoa GmbH will no longer process your personal data, unless Finoa GmbH can prove that there are compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights, and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

The objection can be made without formality and should be addressed to:

Finoa GmbH
Data protection officer
Heinrich-Mann-Allee 3b
14473 Potsdam

15. Retention and deletion periods

As a matter of principle, Finoa GmbH processes and stores personal data only as long as it is necessary for the fulfillment of contractual and legal obligations. In other words, if the data is no longer necessary for the fulfillment of contractual or legal obligations, it is regularly deleted, unless further processing is necessary for the following purposes, for example:

a)     Fulfilment of the retention periods under commercial and tax law, as defined by the following laws: Commercial Code (HGB), Fiscal Code (AO), Banking Act (KWG), Money Laundering Act (GWG), and Securities Trading Act (WpHG). The periods of retention or documentation stipulated there are two to ten years.

b)    Preservation of evidence within the scope of the statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years. The legal basis for this arises from Art. 17 para. 3 e DSGVO and Art. 6 para. 1 f DSGVO.

Cookies Declaration

This website uses cookies. We use cookies to personalize content and ads, provide social media features, and analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.

This site uses different types of cookies. Some cookies are placed by third-party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.

Your consent applies to the following domains:  

Your current state: Allow selection (Necessary, Statistics). 

Your consent ID: eWaKEGqEQdsXMZztJF1dNhuINJXYANZI8/t3xRfqb2GTGVD1iKoRWw==Consent date: Friday, July 2, 2021, 03:16:28 PM GMT+2

Cookie declaration last updated on 14/11/2021 by Cookiebot: 

Necessary (2)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Screenshot 2021-12-27 at 17.02.47.png
Screenshot 2021-12-27 at 16.59.37.png
Screenshot 2021-12-27 at 17.02.57.png