We hereby inform you about the processing of your personal data and the claims and rights to which you are entitled in accordance with the data protection regulations.
Who is responsible for data processing and who can I contact?
Represented by the Executive Board
Hans-Peter Weber, Katja Hartmann
01896 Pulsnitz, Germany
Phone +49 (0) 35955 7550-0
Fax +49 (0) 35955 7550-99
Contact to our data protection officer:
MR. Axel Hirsch
01896 Pulsnitz, Germany
For which purposes and on what legal basis do we process your data?
We process personal data that we receive from you in the course of a business initiation or business relationship in order to carry out our services, the execution of your orders, as well as all activities necessary for the operation and administration of a financial transfer service provider. We process personal data in accordance with the provisions of the European Data Protection Ordinance (GDPR) and the German Federal Data Protection Act (BDSG-neu).
Insofar as it is necessary for the provision of our services, we process data received from other companies or other third parties (e. g. infoscore GmbH) in a permissible manner. In addition, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e. g. debtor directories, land registers, commercial and association registers, the press and other media).
Relevant personal data may in particular be relevant:
- Personal data (name, date of birth, place of birth, nationality and similar data)
- Contact details (address, e-mail address, telephone number and similar data)
- Legitimation data (identification, reporting and comparable data)
- Current accounts and credit card data • Information about your financial situation (creditworthiness data including scoring, i. e. data for assessing credit risk)
- Data on the use of telemedia offered by us (e. g. time of access to our websites, apps or newsletters, clicked pages of us or entries and comparable data)
Who else gets your data (receiver)?
If necessary for the provision of our services, your data will be passed on to the following companies:
- Creditreform Boniversum GmbH
- Concardis GmbH
- infoscore Consumer Data GmbH, Baden-Baden, Germany
- SIX Group AG
- Transact electronic payment systems GmbH
- Bluro GbR ("Serverspot")
- professional bearer of secrets such as Financial Auditors, tax consultants and lawyers
Within secupay AG, those departments receive your data which need to fulfil our contractual and legal obligations.
As far as we commission service providers, your data is subject to the same security standards as with us.
In the event that the purchase price claim has been assigned to secupay AG, the data may be passed on to the following companies for the purpose of enforcing the purchase price claim:
- Creditreform Dresden Aumüller KG
- Creditreform Munich Ganzmüller, Groher & Kollegen KG
Is data transferred to a third country or to an international organisation?
In connection with the provision of our services, data is transferred to companies in the United States of America on the basis of EU standard contractual clauses (it is possible to consult this document) or within the framework of the EU - US Privacy Shield.
How long will my data be stored?
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB), the Tax Code (AO), the German Banking Act (KWG) and the Money Laundering Act (GwG). The periods for storage and documentation specified there are two to ten years.
Which data protection rights do I have?
- the right to obtain information about your personal data in accordance with Art. 15 General Data Protection Regulation, as well as under certain conditions
- the right of correction in accordance with Art.16 General Data Protection Regulation if your personal data should be incorrect or
- the right for deletion in accordance with Art. 17 General Data Protection Regulation, if the deletion does not conflict with any statutory storage obligations or other things or
- the right to restrict processing in accordance with Art. 18 General Data Protection Regulation or
- the right to object to the processing of your personal data in accordance with Art. 21 General Data Protection Regulation or
- the right to transfer data in accordance with Art. 20 General Data Protection Regulation. i.e. the right to receive your data in a structured, common and machine-readable format and to transmit it to a third party.
In addition, you have a right of appeal to the data protection supervisory authority (Art. 77 General Data Protection Regulation). You can address these to the data protection supervisory authority responsible for us, whose contact details can be found at https://www.saechsdsb.de/impressum-datenschutzerklaerung.
Is there automated decision-making in individual cases (including profiling)?
We transmit your data (name, address and, if applicable, date of birth) to infoscore Consumer Data GmbH, Rheinstr. 99,76532 Baden-Baden, Germany, for the purpose of checking your creditworthiness, obtaining information for assessing the risk of non-payment on the basis of mathematical and statistical methods using address data and verifying your address (check for deliverability).
Furthermore, we transmit your data (name, address and date of birth) for credit check and address verification to the associations Creditreform e. V., Hellersbergstraße 12,41460 Neuss, Creditreform Boniversum GmbH, Hellersbergstraße 11,41460 Neuss, Creditreform München Ganzmüller, Groher & Kollegen KG, Machtlfinger Str. 13,81379 Munich and Creditreform Dresden Aumüller KG, Augsburger Str. 4,01309 Dresden.
The legal basis for these transfers is Art. 6 paragraph 1 Letter b of the General Data Protection Regulation.
Information on particularly sensitive data in accordance with Art. 9 General Data Protection Regulation is not processed.
Fraud Prevention with Device Fingerprinting
For the purposes of fraud prevention and investigation, the data provided may be used to verify the existence of an atypical payment transaction. In principle, we have a legitimate interest in carrying out such a check. The legal basis for processing is Art. 6 Para. 1 lit. f GDPR.
Therefore we make use of the services of Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg ("Risk.Ident") when operating our services. Risk.Ident collects and processes data using cookies and other tracking technologies to determine the terminal used by the user and other data on the use of our services. The data is not assigned to a specific user. If IP addresses are collected by Risk.Ident, they are immediately encrypted.
The data is stored by Risk.Ident in a database for fraud prevention. Data transmitted by us to Risk.Ident on end devices, which have already been used to (attempted) commit fraud, are also stored in the database. In this respect, too, there is no allocation to specific users. When using our services, we retrieve a risk assessment from the Risk.Ident database to the user's terminal device. This risk assessment of the probability of an attempted fraud takes into account, among other things, whether the terminal device has dialed in via various service providers, whether the terminal device has a frequently changing geo-reference, how many transactions were made via the terminal device and whether a proxy connection is used. The legal basis for processing is Art. 6 Para. 1 lit. f GDPR.
Which data is collected when you visit the website?
For technical reasons, exemplary the following data, which your Internet browser transmits to us or to our web space provider, is collected (so-called server logfiles):
- Browser type and version
- Operating system used
- Website from which you visit us (referrer URL)
- Website you visit
- Date and time of your access
- Your Internet Protocol (IP) address.
This anonymous data are stored separately from any personal data you may have provided and thus do not allow any conclusions about a specific person. These data is stored for seven days. They are evaluated for statistical purposes in order to optimize our website and our offers. The legal basis for the processing of this data is Art. 6 Para. 1 S. 1 lit. f GDPR (legitimate interests of us as responsible party).
If you submit us enquiries using the contact form, your details from the contact form, including the contact data you have provided there, will be transmitted to us in encrypted form.
Legal basis for the processing of these data, which are transmitted in the course of the transmission of an inquiry, is Art. 6 para. 1 lit. f GDPR (justified interests of us as responsible persons). If the purpose of the request is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR (fulfilment of a contract).
The data entered by you in the contact form will remain with us until you request us to delete, your consent for storage revoked or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
If users leave comments, their IP addresses may be used on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f GDPR for 7 days. This is done for our safety if someone leaves illegal contents (insults, forbidden political propaganda, etc.) in comments and contributions. In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.
Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR, to process user data for the purpose of spam detection.
The personal information provided in the comments, any contact and website information as well as the content information will be stored permanently by us until the user objects.
We use so-called cookies on our site to recognize multiple use of our offer by the same user/internet connection owner.Cookies are small text files that your Internet browser stores and archives on your computer. They serve to optimize our website and our offers. These are usually so-called "session cookies", which are deleted after the end of your visit.
In some cases, however, these cookies provide information in order to recognize you automatically. This recognition is based on the IP address stored in the cookies. The information thus obtained is used to optimise our offers and to facilitate your access to our site.
On this website we use functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
We have enabled the IP-Anonymization feature on this website. This will cause Google to shorten your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Data Processing Agreement
We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Usage of Google Adwords and Google Conversion-Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google LCC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google")
As part of Google AdWords, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser places on the user's computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not expired, Google and we may recognize that the user clicked on the ad and was directed to that page.
Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through AdWords customer websites. The information collected from the Conversion cookie is used to generate conversion statistics for AdWords customers who have opted for Conversion Tracking. Customers will know the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, they will not receive information that personally identifies users. If you do not wish to participate in tracking, you can opt out of this use by easily turning off the Google Conversion Tracking cookie in your Internet browser under User Preferences. You will then not be included in the conversion tracking statistics.
Coversion cookies" are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for specific cases or generally exclude them and activate automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
Use of Google reCaptcha
To protect your enquiries via contact form, we use the reCAPTCHA service of Google LLC (Google). The query is used to determine whether the input is made by a human being or misused by automated, automatic processing. The query includes sending the IP address and possibly other data required by Google for the service reCAPTCHA to Google. For this purpose, your submission will be sent to Google and used there.
By using reCaptcha, you agree that the recognition you have made will be incorporated into the digitization of old works. However, if you opt-in to the IP anonymization on this website, your Google IP address will be truncated from time to time by Member States of the European Union or other signatory states to the EEA Agreement. Only in exceptional cases the full IP address is transferred to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser within the scope of reCaptcha will not be merged with other Google data. These data are subject to Google's different data protection regulations.
Use of OpenStreetMap
This page uses the free open source map service OpenStreetMap via an API. Provider is the Openstreetmap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. To use the features of OpenStreetMap it is necessary to store your IP address. This information is usually transferred to an OpenStreetMap server within Europe and stored there. The provider of this site has no influence on this data transfer. The use of OpenStreetMap is made in the interest of an appealing presentation of our online offers and in the interest of easy locating of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. More information on the handling of user data can be found in the OpenStreetMap Foundation's data protection declaration: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
Use of facebook components
We use components of the provider facebook.com on our site. Facebook is a service of facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
Each time you access our website with such a component, this component will cause the browser you are using to download a corresponding representation of the facebook component. Through this process, facebook will be informed about which specific page of our website you are currently visiting.
If you access our site and are logged in to facebook while you are on it, facebook will recognize which specific page you are visiting by the information collected by the component and will assign this information to your personal account on facebook. For example, if you click on the "Like" button or make comments, this information will be transferred to your personal user account on facebook and stored there. In addition, the information that you have visited our site will be passed on to facebook. This happens regardless of whether you click on the component or not.
If you wish to prevent this transmission and storage of data about you and your behaviour on our website by facebook, you must log out of facebook before you visit our site. The data protection notices of facebook provide further information on this, in particular on the collection and use of data by facebook, on your rights in this regard and on the setting options for protecting your privacy: https://de-de.facebook.com/about/privacy/
In addition, external tools are available on the market that can be used to block Facebook social plug-ins with add-ons for all common browsers.
An overview of the Facebook plugins can be found at https://developers.facebook.com/docs/plugins/
Use of Twitter Recommendation Components
We use components from the provider Twitter on our site. Twitter is a service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
Each time you access our website with such a component, this component will cause the browser you are using to download a corresponding representation of the Twitter component. Through this process Twitter will be informed about which specific page of our website is currently being visited.
You can change your privacy settings in your account settings at http://twitter.com/account/settings
Use of Vimeo
We use Vimeo as the provider for the integration of videos etc. Vimeo is operated by vimeo, LLC, with headquarters at 555 West 18th Streeet, New York, New York 10011.
On some of our Internet pages we use plugins of the provider Vimeo. When you access the Internet pages on our website that are provided with such a plugin a connection to the Vimeo servers is established and the video is displayed. This transmits information to the Vimeo server about which of our Internet pages you have visited. If you are logged in to Vimeo as a member, Vimeo assigned this information to your personal user account. When the plugin is used, e.g.g by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo account and deleting the corresponding Vimeo cookies before using our website.
Use of unbounce
We use the unbounce service for promotions and advertising campaigns (landing pages) on certain pages.
unbounce Marketing Solutions Inc.
400-401 West Georgia Street
Our online presence on Social Networks and platforms
Our presence on social networks and platforms serves as a better and active communication with our customers and prospective customers. We inform them about our services and ongoing special promotions.
When you visit our online presence in social media, your data may be automatically collected and stored for market research and advertising purposes. From this data, so-called usage profiles are created using pseudonyms. These can be used, for example, to place advertisements inside and outside the platform that presumably correspond to your interests. Cookies are generally used on your device for this purpose. The visitor behaviour and the interests of the users are stored in these cookies. In accordance with Art. 6 Para. 1 lit. f GDPR, this serves to safeguard our predominantly legitimate interests in an optimised presentation of our offer and effective communication with customers and interested parties within the framework of a weighing of interests. If you are asked by the respective social media platform operators for their consent to data processing, e.g. with the help of a checkbox, the legal basis for data processing is Art. 6 Para. 1 lit. a GDPR.
Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: The European Commission has issued an adequacy decision for the USA. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed at https://www.privacyshield.gov/welcome .
The detailed information on the processing and use of the data by the providers on their pages as well as a contact option and your rights and setting options to protect your privacy, in particular opt-out options, can be found in the data protection information of the providers linked below. Should you nevertheless require help in this regard, you can contact us.