Data Privacy | FinHand

Data Privacy Policy of FinHand GmbH

1. General

During the operation of this Website finhand.com ("Website") and the use of the FinHand services offered via this Website, personal data is processed. This privacy policy is intended to inform you as a visitor to the Website and user of the FinHand services about the nature, scope and purpose of the processing of personal data.

The terms used in this privacy statement (e.g. "personal data", "data processing", "pseudonym" or "anonymous") correspond to the definitions of the General Data Protection Regulation ("GDPR"), in particular those of Article 4 GDPR.

The responsible party for data processing is the Website operator ("We"):

FinHand GmbH
Sarrazinstr. 11-15
12159 Berlin
Deutschland

Our data protection officer is Dr. Max Danzmann. He can be reached via the e-mail address privacy@finhand.com.

2. Data processing

The type, scope and purpose of the processing of personal data depends on which FinHand services are used. In particular, if you use our digital escrow services, specific personal data required for the relevant services will be processed by us.

2.1. Provision of the Website

The group of data subjects in relation to the operation of the Website are all Website visitors.

The legal basis for the processing is Art. 6 para. 1 lit. b GDPR (contractual performance). In order to make the Website available at all and to enable basic functions and proper operation, it is technically necessary to process personal data. Although this is basically device data, it may be possible to establish a link to the Website visitor with this data. For example, the IP addresses of the end devices used, identifiers of the end devices used, the operating systems and the browsers must be processed in order to establish a connection between the end device and the server on which the Website is hosted and to display the content in the intended layout.

We use so-called web fonts for the uniform display of fonts and use Google Web Fonts for this purpose. This service is provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, "Google").

When a page is called up, the Website visitor's browser loads the required web fonts into the browser cache in order to display texts and fonts correctly. For this purpose, the browser used by Website visitors must connect to Google servers. This enables Google to know that our Website has been accessed via the IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. If your browser does not support web fonts, a standard font is used by your computer.

The legal basis for the processing is Article 6 para. 1 lit. f GDPR (legitimate interest). Further information on Google Web Fonts can be found on the Google Web Fonts Website and in Google's privacy policy.

2.2. Website security

The affected group in relation to the security of the Website is all Website visitors. In order to ensure the security of the Website, data about accesses to the Website are processed as server log files. Although this is basically device data, it may be possible to establish a link to the Website visitor with this data. This data is compared with existing attack vectors and evaluated if attacks are detected.

Data of the server log files are: the Website visited, the time at the time of access, the amount of data sent in bytes, the link from which the Website is accessed, the browser used and the operating system used.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For server log files, the storage period is a maximum of 7 days. If data must be retained for evidentiary reasons, it is exempt from deletion until the incident has been finally clarified.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR (legitimate interest). In addition to this, we ask you for consent so that we can also rely on Art. 6 para. 1 lit. a GDPR (consent) as the legal basis for processing. You can revoke your consent to the processing of your personal data at any time. You will find a corresponding link in all mailings. In addition, the revocation can be made via the specified contact options. The declaration of revocation does not affect the lawfulness of the processing carried out to date.

2.3. Reach measurement and optimization of the offer

The affected group in relation to the measurement of reach and offer optimization are all Website visitors. This Website uses cookies to measure the reach and optimise our offer. The cookies are transmitted either by us or by third parties sub-contracted by us to the browser of the Website visitor and stored there. This makes it potentially possible to recognise the device used. The data collected in this way is pseudonymised. Therefore, it is not possible for us or the commissioned third parties to assign the data to the Website visitor. The data is also not stored together with other personal data of the Website visitor. In some cases, the data is anonymized before use so that it is impossible to draw conclusions about the Website visitor as a whole.

These cookies are only set once you have given us your consent. To give your consent, we provide you with a communication field at the beginning of the Website visit.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR (consent). Consent given can be revoked at any time with effect for the future in the cookie settings on our Website. The cookie settings can be found in the OneTrust Preference Center on this Website. The cookies set will be deleted. In part, the use of cookies also serves to protect our legitimate interest in an optimised presentation of our offer, which outweighs our interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Cookies are small text files that are transferred from a Website server to your hard drive. This automatically provides us with certain data such as IP address, browser used, operating system and your connection to the internet. Cookies cannot be used to run programs or deliver viruses to a computer. The information contained in cookies enables us to facilitate your navigation and to display our web pages correctly. Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent. Of course, you can also view our Website without cookies. Browsers are regularly set to accept cookies.

In general, you can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your browser to find out how to change these settings. Please note that individual functions of our Website may not work if you have deactivated the use of cookies. Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called transient cookies or session cookies). Other cookies remain on your terminal device and enable us to recognize your browser the next time you visit us (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your browser.

Basically, we divide cookies into the following categories:

Session Cookies

We use so-called session cookies (also called temporary or transient cookies) on our Website. These session cookies are only stored for the duration of your use of our Website. The session cookies we use are only used to identify you while you are logged in to our Website. After the end of each session, the session cookies are deleted. We do not use the session cookies for any other purpose.

These cookies are strictly necessary for the functioning of our Website and cannot be disabled in our systems. Generally, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block these cookies or to notify you of these cookies. However, some areas of the Website may not work if you do so.

The use of these session cookies is based on Art. 6 para. 1 lit. f GDPR. Without the use of these cookies, the Website offer as well as calling up and using the Website by you are technically not possible.

Performance Cookies

These cookies allow us to count visits and identify sources of access in order to determine and improve the performance of our Website. They help us answer the question of which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not be able to know when you have visited our Website. We use performance cookies on the basis of a legitimate interest within the meaning of Art. 6 para. 1) lit. f GDPR. There is a legitimate interest in analyzing the use of our Website as a whole by means of aggregated and anonymous data in order to improve our Website offering.

Ad Cookies

We may present you with advertisements on other Websites to promote relevant services, articles or events. This is made possible through the use of advertising cookies, which are used to make advertising messages more relevant to you and your interests. These cookies also have other functions, for example, they prevent the same ad from constantly reappearing. The advertisements are used solely to draw your attention to relevant advertising campaigns. We do not sell your data to third parties. We only use advertising cookies with your express consent.

Personalized Cookies

These cookies help us track how effective our marketing campaigns are and improve your online experience with us by personalising it to you. We only use personalised cookies with your explicit consent.

Third Party Cookies

Some of the cookies used on our Website are so-called third-party cookies. These are cookies from third party providers/service providers whose tools we use on our Website and who use cookies for the performance of the relevant function.

These may include, for example, cookies used by the providers of the tracking and analysis tools We use. You can find more information on third-party cookies in the information on data processing for the corresponding tracking and analysis tools and other functionalities in the context of which third-party cookies are used. In addition, you can view a list of all cookies used on this Website, their function and their respective storage periods in our cookie information. We only use third-party cookies with your express consent.

2.3.1. OneTrust

To manage and implement your consent on our Website, We use the OneTrust consent management solution. This service is provided by OneTrust Technology Limited (Cannon Green, 27 Bush Lane, London EC4R 0AA, UK; "OneTrust").

OneTrust enables us to collect, manage and document our visitors' consent to data processing and to the use of individual third-party services and various web technologies on the Website.

The legal basis for the processing is Art. 6 para. 1 lit. c GDPR (fulfilment of a legal obligation). The following third-party providers are used; this information is only relevant for you if you have given the corresponding consent within the meaning of Art. 6 para. 1 lit. a GDPR:

2.3.2. Google services

We use the Google services Google Analytics, Google Analytics Remarketing, Google Ads, Google Search Ads 360 and Google Tag Manager. These services are provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, "Google"). Google is based in the so-called third country USA, which means that there is no level of data protection equivalent to that of the EU. Standard data protection clauses have been agreed with Google as a suitable guarantee in accordance with Art. 46 GDPR.

You can find more information about Google in Google's privacy policy.

2.3.2.1. Google Analytics

Google Analytics uses cookies. The information collected by these cookies is usually sent to a Google server in the USA and stored there. IP anonymization is used on this Website. The IP address of Website visitors is shortened. Only in individual cases is the IP address initially transmitted unabbreviated to a Google server in the USA and abbreviated there. This shortening eliminates the personal reference of the IP address. The IP address transmitted by the browser is not combined with other data stored by Google.

Under the terms of the data commissioning agreement which the Website operator has concluded with Google Inc., the latter uses the information collected to evaluate Website usage and Website activity and provides associated services.

The data collected by Google on behalf of the Website operator is used to evaluate the use of the online offer by individual users, e.g. to create reports on Website activity and to improve our online offer.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR (consent). You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. The declaration of revocation does not affect the lawfulness of the processing carried out to date.

Any cookie stored in your browser in the event of your consent will be completely deleted after 90 days at the latest.

2.3.2.2. Google Analytics Remarketing

Google Analytics Remarketing makes it possible to link the created advertising target groups with the cross-device functions of Google Ads and the Google Campaign Manager. In this way, interest-based, personalized advertising messages that have been adapted depending on the previous usage and surfing behavior of the Website visitor on one end device can also be displayed on another end device of the Website visitor. This requires that the Website visitor has given Google the corresponding consent. If this consent has been given, Google will link the web and app browsing history with the personal Google account for this purpose.

To support this feature, Google Analytics collects Google-authenticated IDs of Website visitors, which are temporarily linked to Google Analytics data to define and create target groups for cross-device ad advertising.

Website visitors who use a Google account can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in the Google account (https://www.google.com/settings/ads/onweb/).

2.3.2.3. Google Ads (formerly AdWords) and conversion tracking

Within the framework of Google Ads, this Website uses so-called conversion tracking. When Website visitors click on an ad placed by Google, a cookie is set for conversion tracking. These cookies lose their validity after 30 days and are not used to personally identify Website visitors. If the user visits certain pages of this Website and the cookie has not yet expired, We can recognise that the user clicked on the ad and was redirected to this page. The information obtained with the help of the conversion cookie is used to create conversion statistics for us as AdWords customers. We thereby learn the total number of Website visitors who clicked on an ad we placed and were redirected to a page tagged with a conversion tracking tag. However, We do not receive any information with which Website visitors can be personally identified.

Any cookie stored in your browser in the event of your consent will be completely deleted after 90 days at the latest.

2.3.2.4. Google Search Ads 360 (formerly DoubleClick Search)

Analogous to the previous section; the use of Search Ads 360 enables Google and its partner sites to display advertisements based on previous visits to our or other sites on the Internet. The data collected in this context may be transferred by Google to a server in the USA for evaluation and stored there. In contrast to Google Ads, which is limited to the Google Search Network, Google Search Ads 360 enables the exchange of ads and keywords with several supported search engines.

2.3.2.5. Google Tag Manager

We use the Google Tag Manager service to manage Google Analytics tracking (see above). The Google Tag Manager itself does not collect any personal data.

2.3.3. Facebook Pixel & Use of Facebook Remarketing

We use the Custom Audiences remarketing function from Facebook. This service is provided by Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland; "Facebook"). Facebook is based in the so-called third country USA, which means that there is no level of data protection that corresponds to the EU.

This function serves the purpose of targeting Website visitors with a Facebook account with interest-based advertising on the Facebook social network.

For this purpose, the remarketing tag from Facebook has been implemented on the Website. This tag establishes a direct connection to the Facebook servers when the Website is visited. This transmits to the Facebook servers which of our pages were visited by the Website visitor. If a Facebook account exists, Facebook assigns this information to the personal Facebook user account. Within Facebook, personalized, interest-related Facebook ads are then displayed to the Website visitor and Facebook member.

As a Website visitor and Facebook member, you can deactivate the Custom Audiences remarketing function via the following link: https://www.facebook.com/ads/preferences/?entryproduct=adsettings_screen

You can find more information about the collection and use of data by Facebook, about related rights and options for protecting your privacy with Facebook in Facebook's privacy policy.

The cookie stored in your browser in the event of your consent will be completely deleted after 90 days at the latest.

2.3.4. LinkedIn Ads

We use the LinkedIn ad function of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland, "LinkedIn"). LinkedIn is based in the third country USA, which in principle does not have an EU level of protection.

This function is used to target visitors with a LinkedIn user account with interest-based advertising on the LinkedIn social network.

For this purpose, a remarketing tag has been implemented on this Website. With the help of this tag, a direct link to the LinkedIn servers is established when the Website is visited and which pages of our Website were accessed by the visitors are transmitted to the LinkedIn servers. LinkedIn associates this data with your LinkedIn user account, if one exists. Within LinkedIn, visitors to our Website who are also LinkedIn members are then shown personalized, interest-related LinkedIn advertisements and sponsored posts/messages.

The cookie stored in your browser in the event of your consent will be completely deleted after 90 days at the latest.

2.3.5. Hotjar

This Website uses the web analytics service Hotjar provided by Hotjar Ltd is a Maltese company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel: +1 (855) 464-6788).

With this tool, movements on the Websites on which Hotjar is used can be tracked (so-called heat maps). For example, it is possible to see how far users scroll and how often they click on which buttons. Furthermore, with the help of the tool it is also possible to obtain feedback directly from the users of the Website. In this way, we obtain valuable information to make our Websites even faster and more customer-friendly. When using this tool, we pay particular attention to the protection of your personal data. For example, we can only track which buttons you click and how far you scroll. Areas of the Websites in which personal data of you or third parties are displayed are automatically hidden by Hotjar and are therefore not traceable at any time.

Hotjar offers every user the option of using a "Do Not Track header" to prevent the use of the Hotjar tool so that no data is recorded about the visit to the respective Website. This is a setting that supports all common browsers in the respective current version. To do this, your browser sends a request to Hotjar with the information to deactivate the tracking of the respective user. If you use our Website with different browsers/computers, you must set up the "Do Not Track Header" separately for each of these browsers/computers.

Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the option described above for making an objection.

You can find detailed instructions with information about your browser at: https://www.hotjar.com/opt-out

For more information about Hotjar Ltd. and about the Hotjar tool, please visit: https://www.hotjar.com

The privacy policy of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy

2.4. Communication and social media

2.4.1. Newsletter

The group of data subjects in relation to the newsletter order are all subscribers to the newsletter ("Subscribers").

You can subscribe to the FinHand newsletter via our Website. This is a separate, free information service that can be used independently of an existing customer relationship with FinHand GmbH.

As a result, subscribers regularly receive information about current promotions or events from us by e-mail in the form of the newsletter. For the newsletter service, we need the e-mail address in order to send the newsletter as well as the first and last name in order to be able to address the subscriber personally and to avoid misuse. After registering for the newsletter, the subscriber receives an e-mail. This contains a link with which the registration must be confirmed. We only send the newsletter after the confirmation link has been activated (double opt-in procedure).

Subscribers can unsubscribe from the newsletter at any time. Each newsletter contains information on how to unsubscribe from the newsletter with effect for the future. Alternatively, unsubscribing can also be done at any time by e-mail.

We use the service provider Mailchimp for newsletter management (sending, administration, statistics, performance measurement).

2.4.1.1. MailChimp

We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to contact subscribers directly. In addition, we analyze your usage behavior in order to optimize our offer.

For this purpose, we pass on the following personal data to Mailchimp:

E-Mail-Address
[First Name]
[Surname]

Mailchimp is the recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data provided in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.

In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (according to Art. 6 para. 1 lit. b GDPR). Mailchimp also evaluates performance data, such as email delivery statistics and other communication data. This information is used to create usage and performance statistics for the services.

Mailchimp additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process.

You can find further information on objection and removal options vis-à-vis Mailchimp at: https://mailchimp.com/legal/privacy/#3.Privacyfor_Contacts

Your data will be processed as long as a corresponding consent exists. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.

Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/data-processing-addendum/

2.4.2. Notifications by e-mail

The data subjects in relation to the notifications are customers and interested parties.

As part of our contractual relationship, we contact our customers to provide information required by law, to inform them about innovations in the services and products we offer, to introduce them and to give them the opportunity to provide feedback to improve our services.

In the case of prospects who have shown interest in our products and services, we contact the parties to assist them with registration and account creation and to remind them of outstanding steps in the registration and identification processes. The status of the prospect is maintained for 3 months, after which the prospect has either completed account creation or the incomplete registration is deleted.

The legal basis for the processing is Article 6 para.1 lit. b GDPR (contractual relationship).

For more information about our customers and our customer service, please see below (see section 2.5).

For the distribution, execution, management and statistics of the notifications, we use Salesforce (see also under the following point). This service allows us to internally manage a database of contact details for communication with our customers and prospects. The services also manage data about when an email was read by a recipient and when a recipient interacted with the incoming email, e.g. by clicking on the links contained in the email. This is done with the help of so-called web beacons, also called tracking pixels. Tracking pixels are small image files that allow us to assess user behavior.

In the event that you deactivate the display of images in your e-mail program by default, the evaluation by the services described above is not possible. In this case, the e-mails will not be displayed completely and you will not be able to use all the functions of the program.

2.4.2.1. Salesforce

We use Salesforce, a service of salesforce.com Germany GmbH (Erika-Mann-Str. 31, 80636 Munich, Germany; "Salesforce"). Salesforce is based in the so-called third country USA, which means that there is no level of data protection that corresponds to that of the EU.

We use Salesforce to deliver, manage and distribute our email messages and for our customer relationship management. In addition, Salesforce enables customers and interested parties to make appointments for product presentations and consultations with FinHand GmbH. Standard data protection clauses have been agreed with Salesforce as an appropriate guarantee in accordance with Art. 46 GDPR.

Salesforce transfers personal data to external service providers in order to provide its services. Salesforce processes personal data in accordance with European data protection standards.

Relevant data categories here are name, email, address, phone number, tax ID, employment status, US tax resident, industry of work, title, ID card details, nationality and money laundering check.

For more information about privacy, please see Salesforce's privacy policy. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR (legitimate interest).

2.4.3. Social Media

The affected group in relation to social media are Website visitors who are, in particular, also members of an online social network.

We are active on social media for marketing reasons and provide information there about current news, events and other information that may be of interest to you. In addition, we inform you about news and products of our portfolio companies. If you contact the respective page or account of our company on a social network, we process the personal data that you provide to us in order to establish or maintain contact with you on this network on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).

We do not use scripted social media plugins to share information from our Website via social media. Instead, our share buttons only contain a link to the social media platforms (e.g. sharer.php for Facebook). Thus, we do not process any personal data from you in this context. In addition, it is ensured that your data such as your (possibly truncated) IP address, entire cookies or other information are only transmitted to the social media and thus possibly also to servers in the USA if you press the corresponding button yourself. The same applies to the links to our social media sites that we have implemented on our Website. It is possible that a social media provider can link your visit to our services with your user account if you are logged into your social media account.

We have no influence on the amount and scope of data processed by the social media provider when you click on a share button or click on the corresponding link and access the social media site, and therefore only inform you according to our knowledge. Once you access the social media Website, the terms and conditions and privacy policy of the respective social media provider apply.

We use the following social media for the above purposes (for more information, click on the links to go to the relevant privacy policy):

Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Irland),
Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland),
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland),
Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland).

2.5. Services for registered users

The data subjects in relation to the services we offer to registered users are our customers.

Between entry and completion of the registration process, data subjects are considered potential customers.

FinHand GmbH is a service company for companies and private individuals. Currently, the service portfolio focuses on the provision of registration and fiduciary services.

We process data that is required on the one hand for the provision of our services themselves and on the other hand data for which there are legal obligations, such as money laundering, commercial, tax and debt law obligations. This is general data such as transaction data for registration, but also personal data such as names and email addresses of beneficial owners, authorized representatives etc.

In addition, We may occasionally contact existing clients to provide information about new services and to obtain feedback to improve existing services. The legal basis for the services for registered users is Art. 6 para. 1 lit. f GDPR (legitimate interest), Art. 6 para. 1 lit. b GDPR (performance of contract) and Art. 6 para. 1 lit. c GDPR (compliance with legal obligation).

2.5.1. Account-Management

We manage your FinHand Account and provides you with a dashboard and all functions related to the FinHand Account. In order for FinHand GmbH to provide these functions, statistics and account management with transactions etc., FinHand processes your transaction data. As FinHand clients are generally legal entities, most data is not considered personal data. However, references and transaction data may include personal data and are treated as such.

For the FinHand Account, FinHand may further process personal data such as names and email addresses of beneficial owners or authorised representatives. In certain cases, We collect data as the client's contact person in accordance with legal obligations (GWG, BGB).

2.5.2. Customer service

Customers and interested parties can make use of our accompanying services. For this purpose, we process the personal data stored within the framework of the customer relationship as well as the personal data transmitted by the persons concerned to the customer services.

The legal basis is Article 6 para. 1 lit. b GDPR (performance of contract).

2.5.2.1. Freshdesk

In order to process your enquiries efficiently, we use the Freshdesk service of Freshworks GmbH (Alte Jakobstraße 85/86, Hof 1, Haus 5, 10179 Berlin; "Freshdesk"). Freshdesk is a customer service platform that facilitates the processing of customer enquiries and requests via various channels. Freshdesk processes the personal data of our customers exclusively to support customer service.

2.5.3. Termination of the business relationship

Upon termination of the business relationship between FinHand GmbH and the client, We are obliged to store your data in accordance with the statutory retention periods. When these retention obligations have been fulfilled, We will delete your data. Data that does not fall under the retention obligations will be deleted immediately.

2.6. Contact form

The data subjects in relation to the services we offer to registered users are our customers. The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide a valid e-mail address. This is used for the assignment of the enquiry and the subsequent response to it. The provision of further data is optional.

The processing of the data entered in the contact form is based on your consent (Art 6 para. 1 lit a GDPR). By providing the contact form, we would like to enable you to contact us easily. The information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions. If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Relevant data categories are first name, last name, e-mail, telephone number and address data. Data will be deleted at the latest 6 months after processing the request. If a contractual relationship is established, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and delete your data after these periods have expired.

3. Rights of the user vis-à-vis the responsible person

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller pursuant to Articles 15 to 21 of the GDPR. To exercise your rights or to receive further information on data protection at FinHand GmbH, please contact our data protection officer. To do so, send an e-mail to privacy@finhand.com.

3.1. Right to information

In accordance with Article 15 of the GDPR, you have the right to request confirmation from the controller as to whether personal data relating to you is being processed. If this is the case, you have the right to be informed, free of charge, about all your personal data that FinHand processes and the right to receive a copy of this data.

Furthermore, in accordance with Art. 19 para. 2 GDPR, you have the right to request the controller to inform you of all recipients to whom your personal data have been disclosed.

3.2. Correction of your data

Unless your request conflicts with a legal obligation to retain data (e.g. data retention), you have a right to have your personal data deleted in accordance with Article 17 of the GDPR. Data stored by the controller will be deleted if it is no longer necessary for its intended purpose and does not fall under legal retention periods. If deletion cannot be carried out because the data is required for permissible legal purposes, data processing will be restricted. In this case, the data will be blocked and not processed for other purposes. The deletion of your data has the consequence that the services of FinHand GmbH can no longer be used to the full extent or at all. The controller is obliged to delete personal data without delay if processing is not necessary and one of the following reasons applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You have withdrawn your consent on which the processing is based and there is no other legal basis for the processing;
You have objected to the processing pursuant to Art. 21 para. 1 of the GDPR and there are no compelling legitimate grounds for processing or you have objected to the processing pursuant to Art. 21 para. 2 of the GDPR;
the personal data have been processed unlawfully; or
the deletion of your personal data is necessary to comply with a legal obligation under German or European law.

If we have published your personal data and are obliged to erase it, we will take appropriate measures, taking into account the available technology and implementation costs, to inform our data processors who process your personal data that you have requested to erase any links to your personal data or copies or replicas of your personal data. The measures will only be taken to the extent that processing is not necessary.

3.3. Restriction of processing

In accordance with Art. 18 GDPR, you have the right to request the controller to restrict processing if one of the following conditions is met:

You have contested the accuracy of your personal data. Processing is restricted for a period of time that allows the controller to verify the accuracy of your personal data;
the processing is unlawful and you have refused to erase your personal data and have instead requested that the use of your personal data be restricted;
the controller no longer needs your personal data for processing but for the enforcement, exercise or defence of legal claims; or
You have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate interests of the controller outweigh yours.

Where the processing of personal data has been restricted in accordance with the above conditions, the processing of such data, other than storage, may only be carried out with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

If processing is restricted, we will inform you before the restriction is lifted.

3.4. Data portability

In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to the controller in a structured, commonly used and machine-readable format.

In addition, you have the right to transfer your personal data yourself or through us directly to another person responsible, insofar as this is technically possible and the rights and freedoms of third parties are not affected.

3.5. Right of objection

Pursuant to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR.

If you wish to have your personal data corrected, blocked, deleted or disclosed, or if you have any questions regarding the collection, processing or use of your personal data, or if you wish to withdraw your consent, please contact us at the following e-mail address: privacy@finhand.com.

3.6. Revocation of your consent

Many data processing operations are only possible with your explicit consent. You have the right to revoke your consent to the processing of your personal data at any time. To do so, simply send an e-mail to privacy@finhand.com. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

4. Filing a complaint with a supervisory authority

Finally, you have the right to lodge a complaint with a supervisory authority responsible for the controller pursuant to Art. 13 para. 2 lit. d GDPR in conjunction with Art. 77 GDPR. Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority responsible for the data controller. The supervisory authority in our case is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstr. 219
Visitors: Puttkamerstr. 16 – 18 10969 Berlin, Deutschland Telephone: 030 13889-0 E-Mail: mailbox@datenschutz-berlin.de Internet: www.datenschutz-berlin.de

5. Data storage period

We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it. As a rule, we store your personal data for the duration of the usage or contractual relationship plus a period of 30 days, during which we keep backup copies after deletion, unless this data is required for longer for criminal prosecution or to secure, assert or enforce legal claims. Speciﬁc statements in this data protection declaration or legal requirements for the retention and deletion of personal data, in particular data that we must retain for reasons of commercial or tax law, remain unaffected by this.

6. Changes to our privacy policy

We reserve the right to change this data protection declaration at any time within the scope of legal possibilities. Due to the further development of our Website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. In these cases, we will adapt the data protection declaration and archive the old version. We will be happy to provide you with old versions of this data protection declaration on request.

Last update: 01 July 2022