fino data services GmbH
Telephone: +49 4550 996 9000
Telefax: +49 4550 996 9001
Authorized representatives: Florian Christ, Björn Kahle
Contact data protection officer
We have assigned a data protection officer for our company (fino data services GmbH). Our data protection officer Mr. Stephan Blazy, LL.M. as well as his deputy Dr. Kevin Marschall, LL.M. (www.gdpc.de) can be reached at the address mentioned in the imprint with the addition – data protection officer – or by e-mail: firstname.lastname@example.org.
§ 1 Accessing and visiting the website (incl. web hosting)
When accessing this website, the Internet browser used by the visitor automatically sends data to the server of this website and stores it for a limited time in a log file at our host and service provider for a maximum of two weeks. For this purpose, we also use so-called Content Delivery Networks (CDN), which enable us to significantly reduce the loading times for our website for you. Until automatic deletion, the following data is stored without further input from the visitor:
- IP address of the visitor’s terminal device,
- Date and time of access by the visitor,
- Name and URL of the page accessed by the visitor,
- Website from which the visitor accessed the website (so-called referrer URL),
- Browser and operating system of the visitor’s terminal device as well as the name of the access provider used by the visitor.
The processing of this personal data is based on our legitimate interests according to Art. 6 paras. 1 p. 1 lit. f) GDPR. We, therefore, have a legitimate interest in processing data for the purpose,
- to establish the connection to the website quickly,
- to enable a user-friendly application of the website,
- to recognize and guarantee the security and stability of the systems and
- to facilitate and improve the administration of the website.
Services used and service providers:
2.1. The website uses so-called cookies. Cookies are data packets that are exchanged between the server of our website and the visitor’s browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this regard, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. Information is stored in the cookies that are related to the specific end device used.
2.4. For cookies that are not technically mandatory, we obtain your voluntary consent, which can be revoked at any time, via the Cookie Manager by Art. 6 (1) lit. a GDPR. The processing associated with the setting of technically mandatory cookies is based on our legitimate interests according to Art. 6 paras. 1 lit. f GDPR.
2.5. Cookie settings/opposition:
(b) More detailed information about the type of data processed by the individual cookies is also provided in the context of the respective third-party providers (see below). See listing consent management by Cookie-First.
§ 3 Contacting, e.g. by e-mail, contact form or via social media
3.1. Visitors can send messages to us, in particular by contact form and e-mail, voluntarily providing personal data. To be able to receive a response from you, at least the specification of a valid e-mail address and name is required. All other information can be given voluntarily by the inquiring person and is not obligated to do so. By sending the e-mail, the visitor consents to the processing of the transmitted personal data. The data is processed exclusively for the purpose of handling, managing, and responding to requests, including pre-contractual measures. This is done based on the voluntarily given consent according to Art. 6 paras. 1 lit. a) and – depending on the nature of your contact/inquiry – for the establishment, implementation, and processing of contractual relationships with our company according to Art. 6 paras. 1 lit. b GDPR. The data received from you via this communication channel and processed by us will be automatically deleted as soon as the inquiry is completed and there are no reasons for further storage (e.g. subsequent commissioning, cooperation, etc.).
§ 4 Newsletter data
4.1. We will send newsletters, e-mails, and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or legal permission. Insofar as the contents of the Newsletter are specifically described in the course of registration, they shall be decisive for the consent of the users. In addition, our newsletters contain information about the digital economy and all its branches (this may include, in particular, references to articles, advertisements, whitepapers, or online presences).
4.2. For subscribing to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide your first and last name. This information is only used to personalize the newsletter. We need the e-mail address to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored by ActiveCampaign are also logged.
4.3. You may withdraw your consent to the storage of the data, the e-mail address, and their use for sending the newsletter at any time and thus cancel the newsletter, for example via the “unsubscribe” link in the newsletter. At the same time, your consent to the sending of the newsletter via ActiveCampaign and the statistical analyses will expire. A separate revocation of the dispatch via ActiveCampaign or the statistical analysis is unfortunately not possible.
4.4. With the following information, we would like to inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation procedure and your rights to objection/revocation. By subscribing to our newsletter, you agree to receive it and to the procedures described.
4.5. Use of the “ActiveCampaign” CRM and dispatch service provider
4.6. Statistical survey and analyses
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the ActiveCampaign server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times.
Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavor nor that of ActiveCampaign to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
4.7. Online call and data management
§ 5 Promotional communication via e-mail, mail, fax or telephone
5.1. We process personal data for promotional communication, which may take place via various channels, such as e-mail, telephone, mail, or fax, under legal requirements.
5.2. Recipients have the right to revoke the consent given or to object to promotional communication at any time.
5.3. After revocation or objection, we may store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data will be limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.
- Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).
- Affected persons: Communication partners.
- Purposes of processing: Direct marketing (e.g. by e-mail or post).
- Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
§ 6 Web analysis and optimization
6.1. Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas require optimization.
6.2. In addition to web analytics, we may also use testing procedures, e.g. to test and optimize different versions of our online offer or its components.
6.3. For these purposes, so-called user profiles may be created and stored in a file (so-called “cookie”) or similar procedures may be used for the same purpose. This information may include, for example, content viewed, websites visited and elements used there, and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.
6.4. The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, in the context of web analysis, A/B testing, and optimization, no clear data of the users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the respective procedures.
6.5. Notes on legal bases:
- Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Data subjects: Users (e.g., website visitors, users of online services).
- Security measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
6.6. Services used and service providers:
§ 7 Online marketing
7.1. We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, “Content”) based on users’ potential interests and measuring its effectiveness.
7.2. For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, through which the information about the user relevant for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed.
7.3. The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. This means that we, as well as the providers of the online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles. This applies as long as the user has not filled out a contact form on our site and thus consented to the storage and processing of personal data.
7.4. The data in the profiles are usually stored in the cookies or through similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analyzed to display content as well as supplemented with further data and stored on the server of the online marketing procedure provider.
7.5. Exceptionally, clear data can also be assigned to profiles on our website without submitting a contact form. This is the case if, for example, the users are members of a social network whose online marketing procedures we use and the network links the users’ profiles with the aforementioned data. We ask that you note that users can make additional agreements with the providers, e.g., by giving their consent as part of the registration process.
7.6. In principle, we only receive access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a contract being concluded with us. The conversion measurement is used solely to analyze the success of our marketing measures.
7.7. Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.
7.8. Notes on legal bases:
The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a GDPR, insofar as we ask for your consent to use the respective third-party providers. Otherwise, in accordance with Art. 6 para. 1 p. 1 lit. f GDPR, our legitimate interest in providing efficient, user-friendly and economical services constitutes the legal basis for data processing.
- Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user’s device).
- Data subjects: Users (e.g. website visitors, users of online services), prospects, customers, employees (e.g. employees, applicants, former employees), communication partners.
- Security measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
- Possibility of objection (opt-out): We refer you to the data protection notices of the respective providers and the options for objection (so-called “opt-out”) given to the providers. If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict the functions of our online offer. We therefore additionally recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://youronlinechoices.eu/, b) Canada: https://youradchoices.ca/en/tools, c) USA: https://optout.aboutads.info/choices, d) Cross-territorial: https://optout.aboutads.info.
7.9. Targeting with Google Analytics: We use Google Analytics to display the ads placed through within advertising services of Google and its partners, only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined based on the websites visited), which we transmit to Google (so-called “Remarketing Audiences”, or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to ensure that our ads correspond to the potential interest of users
7.10. Google Universal Analytics: We use Google Analytics in the form of Universal Analytics (https://support.google.com/analytics/answer/2790010?hl=de&ref_topic=6010376). “Universal Analytics” refers to a method of Google Analytics in which the user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (so-called “cross-device tracking”).
7.11. Facebook-Pixel: With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called “Audience Network” https://www.facebook.com/audiencenetwork/) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that are evident from the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. Furthermore, with the help of the Facebook pixel, we can track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion measurement”).
7.12. Advanced matching for the Facebook pixel: When using the Facebook pixel, the additional function “extended matching” is used. In this context, data such as email addresses or Facebook IDs of the users are transmitted (encrypted) to Facebook for the formation of target groups.
7.13. Facebook – Target group formation via data upload: Uploading data, such as phone numbers, email addresses, or Facebook IDs to the Facebook platform. The data is encrypted in the process. The upload process is only used to display ads to the owners of the data or persons whose user profiles correspond to any user profiles of the owners of the data on Facebook. In this way, we want to ensure that the ads are only displayed to users who have an interest in our information and services.
7.14. HubSpot Pixel: HubSpot stores and processes information about your user behavior on our website. We use the service for analysis and optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. As part of the optimization of our marketing measures, the following data may be collected and processed via HubSpot: Geographic location, browser type, navigation information, referral URL or visitor source, performance data, information about how often the app is used, mobile apps data, domain names, pages viewed, aggregate usage, operating system version, internet service provider, IP address, device identifier, length of visit, operating system, events that occur within the app, access times, clickstream data, device model and version. In addition, we also use HubSpot to collect data from contact forms.
7.15. Services used and service providers:
§ 8 Appearances and offers in social networks and on online platforms
8.1. To be able to make our offer and related information accessible to a large number of people, we are active on social networks.
8.2. We would like to point out that the social media we use operate on a global scale and therefore it cannot be ruled out that your data may also be processed outside the EU. To ensure that your data protection rights are also protected in the event of a transfer to third countries, a transfer will only take place by the provisions of Art. 44 et seq. GDPR.
8.3. We would also like to draw your attention to the fact that the respective platform operators may in some cases independently process your data and merge it into user profiles. This may also occur in part if you do not maintain a user account with the respective social network. If you are registered as a user with one of the networks, the use of the content provided by us is evaluated and assigned to your profile. This happens regardless of the end devices with which you use the media. The tracking and profiling are done to provide you with an optimal user experience as well as advertising tailored to you – inside and outside the network. You can find out which techniques the respective operator uses to process your data and which opt-out options you have in this regard in the corresponding data protection declarations of the social network as well as in the further information (see below).
8.4. If you wish to make use of your data subject rights, we recommend that you contact the respective operator of the social network directly. As a rule, fino data services GmbH has no access to the personal data processed by the respective operators.
8.5. fino data services GmbH receives personal data from the operators of social networks to the extent that you allow this by your made settings at the network. The operator of the social network may provide us with information such as your name, your user ID, your profile picture, your network, your gender, your user name, your age or age group, your language, your country, your friends’ list, your followers’ list and any other information that you have consented to provide or that the social network provides to us (e.g. reports on the interaction with our presences on the respective platforms).
8.6. fino data services GmbH processes your provided personal data to share your opinions with your friends, followers, or contacts in the connected social network and to optimize our presence and its reach in the social media. The processing is thus based on our legitimate interests in the reporting of our offers and services and the execution of public relations / PR in general.
8.7. Types of data processed by you when visiting social networks (depending on the setting and network):
Master data (e.g. user name, name), contact data (e.g. e-mail address), usage data (e.g. usage times, activities), content data (e.g. data provided by you, such as comments), metadata (device ID, network, and connection, cookie data.
8.8. Data subjects:
The respective user of the social network or the device owner with whose devices the service is used.
Reporting, public relations / PR in general, tracking (e.g. provision of measurements, analyses of browsing and user behavior), reach measurement (e.g. access figures, calls).
8.10. Legal basis (depending on how you relate to the respective social network operator):
Our legitimate interests or the legitimate interests of third parties (e.g., the platform providers) (see above) (Art. 6 paras. 1 p. 1 lit. f. GDPR). If you have a user account with a social network and have consented to the transfer of your data to third parties as part of your data protection settings, the legal basis for this is the consent to the tracking (Art. 6 para. 1 lit. a GDPR).
8.11. Services and service providers used:
Within the framework of our online presence and for the dissemination of our offer and our content, we consequently also make use of external services and service providers, including online platforms. Below you will find important information on the processing of your data within the scope of these services and service providers.
The specific processing of personal data within the scope of the respective services below depends on several factors (e.g. provider, own privacy settings, and activities). Therefore, if you have any questions about the processing in a specific individual case, you are welcome to contact us or our company data protection officer.
- Instagram (social network)
- Facebook (social network)
- YouTube (social network, media portal)
- Our website uses plugins from the YouTube site operated by Google. YouTube sets cookies on the terminal device you use, which can also be used to analyze user behavior for market research and marketing purposes. In the process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your profile. You can prevent this by logging out of your YouTube account. The basis for the use of the YouTube plugins is your consent under Art. 6 para. 1 lit. a GDPR. Please note that without your consent, it is not possible to play the embedded YouTube videos. If you have not given your consent in our cookie banner, you have the option to do so directly via a lock screen in the embedded video. In addition, you can manage your consents at any time via the “Cookie Settings” link at the very bottom of this page. If you wish to revoke the consent you have given, you can also do so via the same route.
- Twitter (social network)
- LinkedIn (social network):
- Xing (social network)
8.12. Services used and service providers:
(a) On our website, we also link to the online offerings of the social networks Facebook, Instagram, Twitter, YouTube, LinkedIn and Xing on which fino data services GmbH maintains its online presence (see also presences and offerings in social networks and on online platforms).
§ 9 Rights of the data subjects
We guarantee your right to informational self-determination and the protection of your personal rights during the use of our offers. You can request information about your stored data free of charge at any time in accordance with Art. 15 GDPR. In addition, you can, under certain conditions, make use of the rights from Art. 16 to 18 and 21 GDPR towards us: Correction or deletion of your stored data, restriction of the processing of your stored data, objection to the processing of your stored data, right of revocation of a once granted consent to the collection, processing and use of your personal data with effect for the future as well as your right to data portability. To do so, please use the contact options provided in the imprint. You have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data has been carried out unlawfully.
§ 10 Other links to external providers
As far as there are links to websites of other providers, this data protection declaration does not apply to their contents. What data the operators of these sites may collect is beyond our knowledge and sphere of influence.
Kassel, 14. March 2023