bankconnect

Privacy Policy

Introduction

The following data protection declaration is intended to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent. The privacy policy applies to data processing on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

Controller

fino data services GmbH
Universitätsplatz 12
34127 Kassel

Telephone: +49 4550 996 9000
Telefax: +49 4550 996 9001
E-Mail: service@getmyinvoices.com

Authorized representatives: Florian Christ, Björn Kahle

Contact data protection officer

We have assigned a data protection officer for our company (fino data services GmbH). Our data protection officer can be reached at the address mentioned in the imprint with the addition – data protection officer – or by e-mail: privacy@getmyinvoices.com

§ 1  Accessing and visiting the website (incl. web hosting)

When accessing this website, the Internet browser used by the visitor automatically sends data to the server of this website and stores it for a limited time in a log file at our host and service provider for a maximum of two weeks. For this purpose, we also use so-called Content Delivery Networks (CDN), which enable us to significantly reduce the loading times for our website for you. Until automatic deletion, the following data is stored without further input from the visitor:

  • IP address of the visitor’s terminal device,
  • Date and time of access by the visitor,
  • Name and URL of the page accessed by the visitor,
  • Website from which the visitor accessed the website (so-called referrer URL),
  • Browser and operating system of the visitor’s terminal device as well as the name of the access provider used by the visitor.

The processing of this personal data is based on our legitimate interests according to Art. 6 paras. 1 p. 1 lit. f) GDPR. We, therefore, have a legitimate interest in processing data for the purpose,

  • to establish the connection to the website quickly,
  • to enable a user-friendly application of the website,
  • to recognize and guarantee the security and stability of the systems and
  • to facilitate and improve the administration of the website.

Services used and service providers:

§ 2  Use of cookies

2.1. The website uses so-called cookies. Cookies are data packets that are exchanged between the server of our website and the visitor’s browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this regard, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. Information is stored in the cookies that are related to the specific end device used.

2.2. Cookies are mostly accepted according to the basic settings of the browsers. The browser settings can be configured in such a way that cookies are either not accepted on the devices used or that special notice is given in each case before a new cookie is created. However, it should be noted that the deactivation of cookies may mean that not all functions of the website can be used in the best possible way. The use of cookies serves to make the use of our website more comfortable. For example, session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted. Temporary cookies are used to improve user-friendliness. They are stored on the visitor’s device for a temporary period. When the website is visited again, it is automatically recognized that the visitor has already called up the page at an earlier time and which entries and language settings were made in the process, so that these do not have to be repeated.

2.3. The different types of cookies (e.g. cookies that are technically necessary for displaying the website or cookies that serve statistical and marketing purposes) that are set on your terminal device when you visit our website, as well as further information on these cookies (e.g. provider, purpose, storage period, etc.) can be found in the list in the Cookie Manager which you can access via the information window that opens at the beginning of your visit to our website or via the link above this privacy policy.

2.4. For cookies that are not technically mandatory, we obtain your voluntary consent, which can be revoked at any time, via the Cookie Manager by Art. 6 (1) lit. a GDPR. The processing associated with the setting of technically mandatory cookies is based on our legitimate interests according to Art. 6 paras. 1 lit. f GDPR.

2.5. Cookie settings/opposition:

(a) You may revoke or adjust your (granted) consent to the data processing associated with the setting of cookies simply by changing your setting (via the link above this privacy policy) in the Cookie Manager.

(b) More detailed information about the type of data processed by the individual cookies is also provided in the context of the respective third-party providers (see below). See listing consent management by Cookie-First.

§ 3  Contacting, e.g. by e-mail, contact form or via social media

3.1. Visitors can send messages to us, in particular by contact form and e-mail, voluntarily providing personal data. To be able to receive a response from you, at least the specification of a valid e-mail address and name is required. All other information can be given voluntarily by the inquiring person and is not obligated to do so. By sending the e-mail, the visitor consents to the processing of the transmitted personal data. The data is processed exclusively for the purpose of handling, managing, and responding to requests, including pre-contractual measures. This is done based on the voluntarily given consent according to Art. 6 paras. 1 lit. a) and – depending on the nature of your contact/inquiry – for the establishment, implementation, and processing of contractual relationships with our company according to Art. 6 paras. 1 lit. b GDPR. The data received from you via this communication channel and processed by us will be automatically deleted as soon as the inquiry is completed and there are no reasons for further storage (e.g. subsequent commissioning, cooperation, etc.).

3.2. As part of our service and support, including the management of contact requests and communication with you, we use the programs “ActiveCampaign” of the provider ActiveCampaign, LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602, USA and “Zoho Desk” of the service provider Zoho Corporation Pvt. Ltd., Chengalpattu, Tamil Nadu, India, back.B.V., Hoogoorddreef 15, 1101 BA, Amsterdam, The Netherlands based on our legitimate interests for easier control and better management of your contact requests and messages. Website: https://www.zoho.com; Privacy Policy: https://www.zoho.com/privacy.html.

§ 4  Newsletter data

4.1. We will send newsletters, e-mails, and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or legal permission. Insofar as the contents of the Newsletter are specifically described in the course of registration, they shall be decisive for the consent of the users. In addition, our newsletters contain information about the digital economy and all its branches (this may include, in particular, references to articles, advertisements, whitepapers, or online presences).

4.2. For subscribing to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide your first and last name. This information is only used to personalize the newsletter. We need the e-mail address to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored by ActiveCampaign are also logged.

4.3. You may withdraw your consent to the storage of the data, the e-mail address, and their use for sending the newsletter at any time and thus cancel the newsletter, for example via the “unsubscribe” link in the newsletter. At the same time, your consent to the sending of the newsletter via ActiveCampaign and the statistical analyses will expire. A separate revocation of the dispatch via ActiveCampaign or the statistical analysis is unfortunately not possible.

4.4. With the following information, we would like to inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation procedure and your rights to objection/revocation. By subscribing to our newsletter, you agree to receive it and to the procedures described.

4.5. Use of the “ActiveCampaign” CRM and dispatch service provider.
The administration of our contacts and the newsletter is sent using “ActiveCampaign”, a customer relationship management and newsletter sending platform of the US provider ActiveCampaign, LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602, USA. The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on ActiveCampaign’s servers in the USA. ActiveCampaign uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, ActiveCampaign may use this data to optimize or improve its own services, e.g., to technically optimize the dispatch and display of the newsletters or for economic purposes to determine from which countries the recipients come. We have concluded a “Data Processing Agreement” with ActiveCampaign. This is a contract in which ActiveCampaign undertakes to protect the data of our users, to process it on our behalf under its data protection provisions, and, in particular, not to pass it on to third parties. You can view ActiveCampaign’s privacy policy here (https://www.activecampaign.com/legal/privacy-policy).

4.6. Statistical survey and analyses
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the ActiveCampaign server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times.

Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavor nor that of ActiveCampaign to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

4.7. Online call and data management
There are cases where we direct newsletter recipients to ActiveCampaign’s websites. For example, our newsletters contain a link that newsletter recipients can use to access the newsletters online (e.g. in the event of display problems in the e-mail program). Furthermore, newsletter recipients can subsequently correct their data, such as the e-mail address. Likewise, ActiveCampaign’s privacy policy can only be accessed on their site. In this context, we would like to point out that cookies are used on the websites of ActiveCampaign and thus personal data is processed by ActiveCampaign, its partners, and service providers used (e.g. Google Analytics). We do not influence this data collection. For more information, please refer to ActiveCampaign’s privacy policy. We would also like to draw your attention to the options for objecting to the collection of data for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European region).

§ 5 Promotional communication via e-mail, mail, fax or telephone

5.1. We process personal data for promotional communication, which may take place via various channels, such as e-mail, telephone, mail, or fax, under legal requirements.

5.2. Recipients have the right to revoke the consent given or to object to promotional communication at any time.

5.3. After revocation or objection, we may store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data will be limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).
  • Affected persons: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by e-mail or post).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

§ 6 Web analysis and optimization

6.1. Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas require optimization.

6.2. In addition to web analytics, we may also use testing procedures, e.g. to test and optimize different versions of our online offer or its components.

6.3. For these purposes, so-called user profiles may be created and stored in a file (so-called “cookie”) or similar procedures may be used for the same purpose. This information may include, for example, content viewed, websites visited and elements used there, and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.

6.4. The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, in the context of web analysis, A/B testing, and optimization, no clear data of the users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the respective procedures.

6.5. Notes on legal bases:

If we ask users for their consent to use the third-party providers, the legal basis for processing data is consent. Otherwise, the users’ data is processed based on our legitimate interests (i.e. interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors), tracking (e.g. interest/behavior-based profiling, use of cookies), visit action evaluation, profiling (creation of user profiles), interest-based and behavior-based marketing.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

6.6. Services used and service providers:

  • Google Optimize: Use of Google Analytics data for purposes of improving areas of our online offering and better aligning our marketing efforts with potential user interests; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://optimize.google.com; privacy policy: https://policies.google.com/privacy; Possibility of objection (Opt-Out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en , settings for displaying ads: https://adssettings.google.com/authenticated.

§ 7 Online marketing

7.1. We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, “Content”) based on users’ potential interests and measuring its effectiveness.

7.2. For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, through which the information about the user relevant for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed.

7.3. The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. This means that we, as well as the providers of the online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles. This applies as long as the user has not filled out a contact form on our site and thus consented to the storage and processing of personal data.

7.4. The data in the profiles are usually stored in the cookies or through similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analyzed to display content as well as supplemented with further data and stored on the server of the online marketing procedure provider.

7.5. Exceptionally, clear data can also be assigned to profiles on our website without submitting a contact form. This is the case if, for example, the users are members of a social network whose online marketing procedures we use and the network links the users’ profiles with the aforementioned data. We ask that you note that users can make additional agreements with the providers, e.g., by giving their consent as part of the registration process.

7.6. In principle, we only receive access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a contract being concluded with us. The conversion measurement is used solely to analyze the success of our marketing measures.

7.7. Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.

7.8. Notes on legal bases:

The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a GDPR, insofar as we ask for your consent to use the respective third-party providers. Otherwise, in accordance with Art. 6 para. 1 p. 1 lit. f GDPR, our legitimate interest in providing efficient, user-friendly and economical services constitutes the legal basis for data processing.

  • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user’s device).
  • Data subjects: Users (e.g. website visitors, users of online services), prospects, customers, employees (e.g. employees, applicants, former employees), communication partners.
  • Purposes of processing: tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavioral marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors). e.g. access statistics, recognition of returning visitors), cross-device tracking (processing of user data across devices for marketing purposes), targeting (determination of target groups relevant for marketing purposes or other output of content), click tracking.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
  • Possibility of objection (opt-out): We refer you to the data protection notices of the respective providers and the options for objection (so-called “opt-out”) given to the providers. If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict the functions of our online offer. We therefore additionally recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://youronlinechoices.eu/, b) Canada: https://youradchoices.ca/en/tools, c) USA: https://optout.aboutads.info/choices, d) Cross-territorial: https://optout.aboutads.info.

7.9. Google Analytics

If you have given your consent, this website uses Google Analytics 4.0, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

a) Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.

b) For Google Analytics 4, the anonymization of IP addresses is activated by default. We host Google Analytics 4 on our own servers and carry out IP anonymization here by shortening your IP address. Only in exceptional cases will the (full) IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

During your website visit, your user behavior is recorded in the form of “events”. Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links
  • internal search queries.
  • Interaction with videos
  • file downloads
  • viewed / clicked ads
  • language settings
  • Also recorded:
  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/ via which advertising medium you came to this website)

c) Purposes of the processing

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and to further develop our online offering.

d) Recipients

Recipients of the data are/could be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • It cannot be ruled out that US authorities will access the data stored by Google.

e) Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

f) Storage period

The data sent by us and linked to cookies are automatically deleted after 2 months. The deletion of data whose retention period has been reached occurs automatically once a month.

g) Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR and appropriate guarantees pursuant to Art. 44 et seq. GDPR for the transfer of data to unsafe third countries.

h) Revocation

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

i) You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, functionalities on this and other websites may be restricted. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

  • not giving your consent to the setting of the cookie or
  • downloading and installing the browser add-on to disable Google Analytics HERE.

j) For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

7.10. Google Universal Analytics: We use Google Analytics in the form of Universal Analytics (https://support.google.com/analytics/answer/2790010?hl=de&ref_topic=6010376). “Universal Analytics” refers to a method of Google Analytics in which the user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (so-called “cross-device tracking”).

7.11. Facebook-Pixel: With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called “Audience Network” https://www.facebook.com/audiencenetwork/) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that are evident from the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. Furthermore, with the help of the Facebook pixel, we can track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion measurement”).

7.12. Advanced matching for the Facebook pixel: When using the Facebook pixel, the additional function “extended matching” is used. In this context, data such as email addresses or Facebook IDs of the users are transmitted (encrypted) to Facebook for the formation of target groups.

7.13. Facebook – Target group formation via data upload: Uploading data, such as phone numbers, email addresses, or Facebook IDs to the Facebook platform. The data is encrypted in the process. The upload process is only used to display ads to the owners of the data or persons whose user profiles correspond to any user profiles of the owners of the data on Facebook. In this way, we want to ensure that the ads are only displayed to users who have an interest in our information and services.

7.14. HubSpot Pixel: HubSpot stores and processes information about your user behavior on our website. We use the service for analysis and optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. As part of the optimization of our marketing measures, the following data may be collected and processed via HubSpot: Geographic location, browser type, navigation information, referral URL or visitor source, performance data, information about how often the app is used, mobile apps data, domain names, pages viewed, aggregate usage, operating system version, internet service provider, IP address, device identifier, length of visit, operating system, events that occur within the app, access times, clickstream data, device model and version. In addition, we also use HubSpot to collect data from contact forms.

7.15. Mixpanel: Mixpanel stores and processes information about your user behavior on our website using cookies to analyze usage and improve the user experience. We use Mixpanel for marketing and optimization purposes to make our offer more interesting. We use Mixpanel to collect randomly selected visits (anonymized IP address) and derive improvements for our website. You can prevent the installation of cookies by deleting existing cookies and disabling the storage of cookies in the browser settings. Please note that this may limit the use of some features. To prevent Mixpanel from collecting information, you can set an opt-out cookie at the following link: https://mixpanel.com/optout/. Mixpanel collects non-personally identifiable information on our website, including geographic location, browser type, navigation information, referral URL or visitor source, performance data, information about how often the application is used, mobile apps data, domain names, pages viewed, aggregate usage, operating system version, Internet service provider, IP address, device identifier, length of visit, operating system, events that occur within the application, access times, clickstream data, device model and version.

7.16. OptinMonster: By using OptinMonster on our website, we can provide our visitors with additional offers via pop-up layers. This enables, for example, the registration of the email address for our newsletter or the highlighting of promotions. OptinMonster uses cookies for this purpose. Personal data is only collected when the customer acts actively (e.g. by signing up for the newsletter via a popup). OptinMonster does not store this data on its own servers, but forwards it directly to us. We have concluded an data processing agreement with OptinMonster, which obliges them to protect your data in accordance with the applicable provisions of the GDPR. You can restrict or disable the use of cookies at any time in your browser settings.

7.17. Services used and service providers:

  • Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process any personal data of the users. Concerning the processing of users’ data, please refer to the following information on Google services. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy;
  • Google Analytics: online marketing and web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/en/about/analytics/; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, ad display settings: https://adssettings.google.com/authenticated.
  • Google Universal Analytics: service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; security measures: IP masking (pseudonymization of IP address); privacy policy: https://policies.google.com/privacy;
  • Google Ads and conversion measurement: we use the online marketing method “Google Ads” to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. Furthermore, we measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a so-called “conversion tracking tag”. However, we do not receive any information that can be used to identify users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy;
  • Facebook-Pixel: Service provider: https://www.facebook.com, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out: https://www.facebook.com/settings?tab=ads.
  • LinkedIn: Insights Tag / Conversion Measurement; Service Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; website: https://www.linkedin.com; security measures: IP masking (pseudonymization of the IP address); Privacy policy: https://www.linkedin.com/legal/privacy-policy, Cookie policy: https://www.linkedin.com/legal/cookie_policy; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • HubSpot Pixel: Service provider: HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1 Dublin, Ireland; Website: https://www.hubspot.com/; Privacy Policy: http://legal.hubspot.com/de/privacy-policy.
  • Mixpanel: Marketing and optimization purposes; Service Provider: Mixpanel, Inc., 405 Howard St., Floor 2, San Francisco, CA 94105, USA; Webseite: https://mixpanel.com/analysis; Privacy Policy: https://mixpanel.com/legal/privacy-policy
  • OptinMonster: Service Provider: Retyp LLC, 7732 Maywood Crest Dr., West Palm Beach, FL 33412, USA; Webseite: https://optinmonster.com/; Privacy Policy: https://optinmonster.com/privacy/

§ 8 Appearances and offers in social networks and on online platforms

8.1. To be able to make our offer and related information accessible to a large number of people, we are active on social networks.

8.2. We would like to point out that the social media we use operate on a global scale and therefore it cannot be ruled out that your data may also be processed outside the EU. To ensure that your data protection rights are also protected in the event of a transfer to third countries, a transfer will only take place by the provisions of Art. 44 et seq. GDPR.

8.3. We would also like to draw your attention to the fact that the respective platform operators may in some cases independently process your data and merge it into user profiles. This may also occur in part if you do not maintain a user account with the respective social network. If you are registered as a user with one of the networks, the use of the content provided by us is evaluated and assigned to your profile. This happens regardless of the end devices with which you use the media. The tracking and profiling are done to provide you with an optimal user experience as well as advertising tailored to you – inside and outside the network. You can find out which techniques the respective operator uses to process your data and which opt-out options you have in this regard in the corresponding data protection declarations of the social network as well as in the further information (see below).

8.4. If you wish to make use of your data subject rights, we recommend that you contact the respective operator of the social network directly. As a rule, fino data services GmbH has no access to the personal data processed by the respective operators.

8.5. fino data services GmbH receives personal data from the operators of social networks to the extent that you allow this by your made settings at the network. The operator of the social network may provide us with information such as your name, your user ID, your profile picture, your network, your gender, your user name, your age or age group, your language, your country, your friends’ list, your followers’ list and any other information that you have consented to provide or that the social network provides to us (e.g. reports on the interaction with our presences on the respective platforms).

8.6. fino data services GmbH processes your provided personal data to share your opinions with your friends, followers, or contacts in the connected social network and to optimize our presence and its reach in the social media. The processing is thus based on our legitimate interests in the reporting of our offers and services and the execution of public relations / PR in general.

8.7. Types of data processed by you when visiting social networks (depending on the setting and network):
Master data (e.g. user name, name), contact data (e.g. e-mail address), usage data (e.g. usage times, activities), content data (e.g. data provided by you, such as comments), metadata (device ID, network, and connection, cookie data.

8.8. Data subjects:
The respective user of the social network or the device owner with whose devices the service is used.

8.9. Purposes:
Reporting, public relations / PR in general, tracking (e.g. provision of measurements, analyses of browsing and user behavior), reach measurement (e.g. access figures, calls).

8.10. Legal basis (depending on how you relate to the respective social network operator):
Our legitimate interests or the legitimate interests of third parties (e.g., the platform providers) (see above) (Art. 6 paras. 1 p. 1 lit. f. GDPR). If you have a user account with a social network and have consented to the transfer of your data to third parties as part of your data protection settings, the legal basis for this is the consent to the tracking (Art. 6 para. 1 lit. a GDPR).

8.11. Services and service providers used:
Within the framework of our online presence and for the dissemination of our offer and our content, we consequently also make use of external services and service providers, including online platforms. Below you will find important information on the processing of your data within the scope of these services and service providers.

The specific processing of personal data within the scope of the respective services below depends on several factors (e.g. provider, own privacy settings, and activities). Therefore, if you have any questions about the processing in a specific individual case, you are welcome to contact us or our company data protection officer.

  • Instagram (social network)
    Responsible entity: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; Website: https://www.instagram.com; The provider’s privacy policy can be found at: https://help.instagram.com/519522125107875.

  • Facebook (social network)
    Responsible entity: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; The provider’s privacy policy can be found at: https://www.facebook.com/about/privacy.; An opt-out option and settings for advertisements can be found at: https://www.facebook.com/settings?tab=ads.

    • We are jointly responsible with Facebook Ireland Ltd. for the processing of your data that is generated or collected and used while visiting and using the corresponding services. The essential contents of the agreement on the joint processing of personal data under Art. 26 GDPR on Facebook pages or services offered by Facebook are available at: https://www.facebook.com/legal/terms/page_controller_addendum. The privacy policy of the provider for the Facebook pages can be found at: https://www.facebook.com/legal/terms/page_controller_addendum. The privacy policy of the provider for the Facebook pages can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data
  • YouTube (social network, media portal)
    Responsible entity: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; The privacy policy of the provider can be found at: https://policies.google.com/privacy. An objection option (opt-out) regarding the data processing carried out by Google – in individual cases – can be found at: https://adssettings.google.com/authenticated.

  • Our website uses plugins from the YouTube site operated by Google. YouTube sets cookies on the terminal device you use, which can also be used to analyze user behavior for market research and marketing purposes. In the process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your profile. You can prevent this by logging out of your YouTube account. The basis for the use of the YouTube plugins is your consent under Art. 6 para. 1 lit. a GDPR. Please note that without your consent, it is not possible to play the embedded YouTube videos. If you have not given your consent in our cookie banner, you have the option to do so directly via a lock screen in the embedded video. In addition, you can manage your consents at any time via the “Cookie Settings” link at the very bottom of this page. If you wish to revoke the consent you have given, you can also do so via the same route.
  • Twitter (social network)
    Responsible entity: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; privacy policy: https://twitter.com/en/privacy, (settings) https://twitter.com/personalization.

  • LinkedIn (social network):
    Responsible entity: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy

  • Xing (social network)
    Responsible entity: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; website: https://www.xing.com; privacy policy: https://privacy.xing.com/.

8.12. Services used and service providers:

(a) On our website, we also link to the online offerings of the social networks Facebook, Instagram, Twitter, YouTube, LinkedIn and Xing on which fino data services GmbH maintains its online presence (see also presences and offerings in social networks and on online platforms).

§ 9 Rights of the data subjects

We guarantee your right to informational self-determination and the protection of your personal rights during the use of our offers. You can request information about your stored data free of charge at any time in accordance with Art. 15 GDPR. In addition, you can, under certain conditions, make use of the rights from Art. 16 to 18 and 21 GDPR towards us: Correction or deletion of your stored data, restriction of the processing of your stored data, objection to the processing of your stored data, right of revocation of a once granted consent to the collection, processing and use of your personal data with effect for the future as well as your right to data portability. To do so, please use the contact options provided in the imprint. You have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data has been carried out unlawfully.

§ 10 Other links to external providers

As far as there are links to websites of other providers, this data protection declaration does not apply to their contents. What data the operators of these sites may collect is beyond our knowledge and sphere of influence.

Kassel, 06 February 2024