This privacy notice explains how we use the information we collect about you, when you visit our website www.finreach.com, how you can instruct us if you prefer to limit the use of that information and procedures that we have in place to safeguard your privacy.
1. The information we collect and how we use it
Every time our website is used, we collect the access data which your browser automatically transmits to make your visit to the website possible. These access data comprise in particular:
• IP address of enquiring device
• Date and time of enquiry
• Address of the website called up and of the website enquiring
• Information on the browser and operating system used
• Online identifiers (e.g. device identifiers, session IDs)
The processing of these access data is necessary in order to make the visit to the website possible and to ensure the permanent functionality and security of our systems. The access data are in addition saved for the foregoing purposes in internal logfiles, in order to develop our website further with regard to the usage patterns of our visitors (e.g. if the proportion of mobile devices on which the pages are called up rises) and in order to administer our website in a general way. The legal basis is Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR.
The information saved in the logfiles allows no direct conclusion to be drawn about you as a person – in particular, we save the IP addresses only in abbreviated, anonymised form. The logfiles are saved for 30 days and archived following subsequent anonymisation.
You have various possible ways of making contact with us. These include the Contact Form, live chat, registration for events, or the call-back function. In this context we process data solely for the purpose of communication with yourself. The legal basis is Art. 6, Paragraph 1, Point (b) of the GDPR. The data which we collect when using the Contact Form are automatically erased after full processing, unless we still need to keep your enquiry for the fulfilment of contractual or legal duties (Cf. Section: “Storage and retention”).
2. Disclosure of Data to Third Parties
Data which we have collected are passed on only if:
• You have given an express declaration of consent for this, pursuant to Art. 6, Paragraph 1, Clause 1, Point (a) of the GDPR,
• Further transmission is necessary, pursuant to Article 6, Paragraph 1, Clause 1, Point (a) of the GDPR, for bringing, exercising or defending legal claims, and no reason exists to suppose that you have a predominant and properly protected interest in preventing your data from being passed on,
• We have a legal duty to pass on your data pursuant to Art. 6, Paragraph 1, Clause 1, Point (c) of the GDPR, or
• This is legally permissible and requisite, pursuant to Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR, for the handling of contracts with yourself or for the execution of precontractual actions which are being carried out at your request.
A part of the data processing may be effected through via service providers. Along with the service providers stated in this Data Protection Notice, these may include in particular computer centres which store our website and databases, IT service providers which maintain our system, and consultancy firms. Should we pass data on to our service providers, these data may only be used for performance of their tasks. We select and commission these service providers carefully. They are bound contractually to follow our instructions, have suitable technical and organisational measures for the protection of the rights of data subjects, and are monitored by ourselves on a regular basis.
For a part of our service it is necessary for us to insert cookies. A cookie is a small text file which is saved by your browser on your device. Cookies are not inserted to execute programs or to load viruses into your computer. Instead the main purpose of cookies is to provide a product or service especially tailored to yourself and to make use of our services as time-saving as possible.
We use our own cookies in particular
• For log-in identification;
• For load distribution;
• To store your language settings;
• To note that information placed on our website has been displayed to you – so that on your next visit to the website it does not need to be displayed again.
In this way we wish to enable you to use our website in a convenient and individual way. These services are based on our foregoing legitimate interest, and the legal basis is Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR
Analytics and Marketing
The legal basis for the data processes described in the following section is Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR, grounded on our legitimate interest in providing you with personalised advertising.
In the following section we would like to explain these technologies, and the providers employed for the purpose, in more detail.
The data so collected include in particular
• The IP address of your device,
• The date and time of the access,
• The identification number of a cookie,
• The device identification of mobile devices
• Technical information on the browser and the operating system
The data so collected are saved only in pseudonymous form, however, so that no direct conclusions can be drawn about you personally.
In the following descriptions of the technology which we employ you will find instructions on how to object to our analysis procedures and advertising campaigns by means of a so-called opt-out cookie. Please note that after the deletion of all cookies in your browser or the later use of another browser and/or profile, another opt-out cookies must be placed.
In the following paragraphs we describe the ways in which you can object to our analysis processes and advertising campaigns. Alternatively you can exercise your objection through settings to that effect on two websites: Truste or Your Online Choices, which provide objection facilities by many advertisers in bundled form. Both sites make it possible to disable all advertisements at once for the providers listed, using opt-out cookies, or alternatively to make the settings for each provider individually.
4. Google Analytics
Google will process the information so gained to evaluate your use of the website, to assemble reports on the website activities for the website operators, and to supply further services connected with website use and internet use.
You can so configure your browser that it rejects cookies, or you can prevent the capture of the data generated by cookies and relating to your use of our websites in the cookie settings of Google’s Privacy Statement. Alternatively you can also prevent Google from processing these data by downloading and installing the browser add-on provided by Google (the latter does function on mobile devices).
You will find more detailed information on this matter in the Privacy Statement of Google Analytics.
5. Google Double Click
You can prevent the storage of cookies by adjusting your browser to that effect; we must point out, however, that in this case you may not be able to all the functions of this website in full. You can further prevent the capture of the data generated by the cookies and relating to your use of the website, and prevent Google from processing these data, by downloading and installing the browser plug-in for DoubleClick disablement. As an alternative to the browser plug-in or within browsers on mobile devices you can deactivate the button “Personalised advertising” in Google‘s Advertising settings. In this case Google will only display general advertising, which has not been selected on the basis of information captured about you.
Your will find more detailed information on this matter on Google’s Privacy Statement.
6. Twitter widget
This website uses a widget provided by the social network twitter.com (“Twitter”), operated by Twitter, Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA (“Twitter”). The widget displays tweets from our Twitter account directly on this website.
When you visit a page that contains a Twitter widget, your browser establishes a direct connection to Twitter servers. Twitter directly transfers the widget content to your browser which embeds the latter into the website, enabling Twitter to receive information about you having accessed the respective page of our website. We have no influence on the data gathered by the plugin.
The embedded widgets provide Twitter with the information that you have accessed the corresponding page of our website. If you are logged into Twitter, your visit can be assigned to your Twitter account. Even if you are not logged into Twitter, the widget may transmit your IP address to Twitter.
7. Google Maps
We use Google Maps on this website to display geographical information. Google Maps is a map service by Google, Inc. (“Google”). In order for Google Maps to be integrated and displayed in your internet browser, your browser must establish a connection to a Google server, which might be located in the United States of America. Google obtains the information that the contact page of our website has been accessed by your IP address.
8. Job applications through Recruitee
You can use us to apply for vacant jobs via our job-application management system Recruitee. The purpose of the data collection is that of applicant selection for providing possible employment. For receiving and processing your application we collect the following data: first name and surname, e-mail address, application documents (e.g. references, CV), earliest date for taking up the job, and desired salary. The legal basis for the processing of your application documents is Art. 6, Paragraph 1, Clause 1, Point (b) and Art. 88, Paragraph 1 of the GDPR in combination with Section 26, Paragraph 1, Clause 1 of the German Data Protection Act (GDPR).
Under „Careers“ you can find information about our current job postings. When you click on a particular job posting, you will be forwarded to our job portal, a service provided by Recruitee at Johan Huizingalaan 763A, 1066 VH Amsterdam, the Netherlands („Recruitee“). Recruitee complies with the EU Privacy Shield Framework (GDPR) to provide an adequate level of privacy protection with respect to applicant data.
Personal data that you share with us by using the job portal (e.g. name and surname, contact data, citizenship, information about your education or your cover letter) we will naturally treat confidentially and use it solely for the job application process. Your encrypted data may be transferred to servers in the USA, where it will be kept in ISO 27001 certified data centers. Your data will be used for internal applicant selection only (applicant evaluation, interviews and selection process) and shall not be transferred to third parties without your explicit consent.
9. Security of processing
The internet is not a secure medium. However, we have put in place various security procedures to protect your personal data from unauthorized access, abuse, loss and external disruption (e.g. data encryption, careful selection of vendors, processing data in secured data centers in Germany/the EEA whenever possible). These security measures are being periodically reviewed in accordance with the state of the art.
10. Storage and Retention
We store personal data only for as long as is necessary to fulfil contractual or statutory duties for which the data were collected. We then erase the data immediately, unless we still need these data until expiry of the statutory period of limitation for purposes of evidence in civil claims or due to statutory duties of storage.
For purposes of evidence we must still store contact data for three years from the end of the year in which business relations with you end. Any claims will expire, under the normal statutory period of limitation, no earlier than at this time.
Thereafter we must also store some of your data for purposes of book-keeping. We have an obligation to do so under statutory duties of documentation which may arise under the German Commercial Code, the German Tax Code, the German Credit and Loans Act, the German Money Laundering Act, and the German Securities Act. The periods stipulated there for storage of documents are two to ten years.
11. Your rights
You have the right at any time to require us to provide information about the processing of your personal data. When providing you with this information we shall explain the data processing and supply an overview of the data relating to your person which are stored.
Should data stored with us be erroneous or no longer up-to-date, you enjoy the right to have these data corrected.
You can also require the erasure of your data. Should the erasure exceptionally not be possible due to other legal regulations, the data will be blocked, so that in future they are only available for this statutory purpose.
You can also have the processing of your data restricted, i.e. if you believe that the data which we have saved are not correct. You also have the right of data transferability, i.e. that we send you on request a digital copy of the personal data which you have provided.
To exercise your rights as set out here, you can communicate with the foregoing contact details at any time. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.
You also have the right to object to the data processing based on Art. 6, Paragraph 1, Points (e) or (f) of the GDPR. Finally you have the right to complain to the regulatory authority to which we are subject. You can exercise this right at a regulatory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Berlin the competent regulatory authority is: Data Protection and Freedom of Information Officer, Friedrichstrasse 219, 10969 Berlin.
12. Right of revocation and objection
Under Article 7, Paragraph 2 of the GDPR you have the right at any time to revoke to us any declaration of consent which has once been given. This will have as a consequence that in future we no longer continue the data processing based on this consent. Through this revocation of consent the legality of the processing carried out until the said revocation will not be affected.
Insofar as we process your data on the basis of legitimate interests under Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR, you have the right under Article 21 of the GDPR to submit an objection to the processing of your data insofar as grounds exist arising from your particular situation or the objection is directed towards direct advertising. In the latter case you have a general right of objection which will also be implemented by us without your stating reasons.
If you wish to make use of your right to revoke or object, a notification without set form to the contact details above will be sufficient.
10623 Berlin, German
Finreach Data Protection Officer is:
Rechtsanwalt Philipp Müller-Peltzer
Am Hamburger Bahnhof 4
T: 030 213 002 85 0
For any questions, concerns or requests, feel free to contact us.