DATA PROTECTION POLICY

RESPONSIBLE

entrafin GmbH
Kölner Str. 30
50859 Cologne-Lövenich
Phone: +49 (0)2234 250870
E-mail: info@entrafin.de

Authorized
representative managing directors: Christoph Bauer & Dr. Stefan Fenner
See also: Imprint

The company data protection officer of entrafin GmbH can be contacted at the above address, currently Mr. Christoph Bauer, or at datenschutz@entrafin.de.

Content

1. COLLECTION AND STORAGE OF PERSONAL DATA AND THE NATURE, PURPOSE AND USE THEREOF

We process the data of our customers, trade partners, interested parties and other contractual partners (hereinafter referred to as "contractual partners") in accordance with Art. 6 Para. 1 lit. b. DSGVO in order to provide them with our pre-contractual or contractual services and to carry out our commercial transactions with our contractual partners. The data processed in this context, their nature and scope as well as the purpose and necessity of their processing, shall be determined by the underlying contractual relationship. 

The data processed include

  • Salutation, first name, surname 

  • a valid business e-mail address
  • the business address
  • Telephone number (fixed and/or mobile)
  • The IP address used for registration and the last IP address used
  • The position within the company
  • Information necessary for the conclusion and management of our commercial contracts and for the provision of our contractual services 


This data is collected in particular to be able to identify you as our customer 


  • for corresponding with you 

  • for invoicing

  • in order to be able to initiate and conclude commercial transactions with you or with companies named by you on the basis of our commercial contracts.

In addition, we process and store personal data as part of our administrative tasks, the organisation of our company, our financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process within the scope of providing our pre-contractual and contractual services and within our commercial transactions. The basis for processing is Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO.

Furthermore, we process and store personal data in order to run our business economically, to identify market trends and conduct market research, to carry out marketing measures and to be able to assess the wishes of our contractual partners and users. For this purpose, we analyse the data available to us on commercial transactions, contracts, inquiries, other business transactions, etc. In doing so, we process contract data, usage data, inventory data, communication data, as well as meta data on the basis of Art. 6 Para. 1 lit. f. DSGVO, whereby the persons concerned include our contractual partners, interested parties, customers as well as users and visitors of our online offer or our trading portal. 

The analyses serve us to increase user-friendliness, to optimize our offer and business efficiency. The analyses serve only us and are not disclosed externally, unless they are anonymous analyses with summarized values. If such analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the overall business analyses and general tendency determinations will be prepared anonymously if possible.

When using our online services and our trading portal, we store the IP addresses used and the time of use. The storage takes place on the basis of our legitimate interests to avoid misuse as well as unauthorized use of our online services or our trading portal. As a matter of principle, this data is not passed on to third parties, unless it is necessary to pursue and enforce our claims in accordance with Art. 6 Para. 1 lit. f. DSGVO or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c. DSGVO.

Beyond that, we do not process any special categories of personal data, unless these are components of a processing commissioned by our contractual partners or resulting from our commercial transactions. 

We would like to point out the necessity of providing personal data, if this is not evident to the contractual partners. Disclosure to external persons or companies is only made if it is necessary in the context of the initiation and conclusion of commercial contracts. When processing the data provided to us, we act in accordance with the instructions of the client and the legal requirements.

The data will be deleted when the data is no longer required to fulfil contractual or statutory duties of care and for dealing with any warranty or comparable obligations, whereby the necessity of keeping the data will be reviewed every three years; otherwise the statutory retention obligations apply.

2. TRANSFER OF PERSONAL DATA TO THIRD PARTIES

According to Art. 6(1)(b) DSGVO, Art. 6 para. 1 lit. c. DSGVO and Art. 6 para. 1 lit. f. DSGVO, we transmit company data, which may also include personal data, to the third parties named below for the purposes listed below:

  • to insurers, in particular trade credit insurers, to obtain insurance cover, which are the basis of our commercial transactions;
  • to banks, financial institutions, financial service providers as well as financing companies of all kinds, provided that there is a legitimate interest
  • to credit agencies to obtain credit information on the respective company
  • to intermediaries, brokerage platforms as well as financial portals, insofar as this is necessary to obtain corresponding offers, to submit offers, for correspondence or due to other contractual relationships with them. 
  • to other cooperation partners not mentioned here, if this is necessary for the fulfilment of the contract
  • to tax authorities, consultants (such as tax advisors), auditors and other fee-payers and payment service providers.
  • to services that serve the operation of this website and the entire Internet presence, its optimization and analysis (see also sections 8 to 11 of this data protection policy)
    . We have no influence on the data and data processing procedures collected here. With regard to the purpose, scope of data collection and processing, we refer to the respective data protection declarations of the services mentioned under items 8 to 11.

We have concluded agreements with the parties involved for order processing in accordance with Art. 28 DSGVO.

Data transfer to third countries: If the processing is carried out by services of third parties outside the European Union or the European Economic Area, they must comply with the specific conditions of Art. 44 et seq. DSGVO or, in the case of US companies, the so-called "privacy shield".

3. COLLECTION OF ACCESS DATA AND LOG FILES

We, or our hosting provider, on the basis of our legitimate interests as defined in Art. 6 Par. 1 lit. f. DSGVO collect data about every access to the server on which this service is located (so-called server log files). The access data includes

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access takes place (referrer URL)
  • browser used, browser version, operating system of your computer, and the name of your access provider
  • Access status/HTTP status code;

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website or serves the purpose of user-friendly, functional and secure delivery of our website to you with functions and contents as well as their optimization and statistical evaluation. For security reasons, we store this data in server log files for a storage period of 30 days. After this period has elapsed, they are automatically deleted, unless we require their storage for evidence purposes in the event of attacks on the server infrastructure or other legal violations. In individual cases, further storage may be carried out if this is required by law.

4. REGISTRATION FUNCTION

Users can create a user account with us. Within the scope of registration, the required mandatory data will be communicated to the users and processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of providing the user account. The processed data includes in particular the login information (name, password and an e-mail address). The data entered during registration is used for the purposes of using the user account. 

Users can be informed about information relevant to their user account - such as technical changes - by e-mail. If users have cancelled their user account, their data with regard to the user account will be deleted - subject to a legal obligation to keep records. It is the users' responsibility to save their data before the end of the contract if they have terminated it. We are entitled to irretrievably delete all user data stored during the contract period.

Within the scope of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's need for protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.

5. CONTACT

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) DSGVO. The user's details may be stored in a customer relationship management system ("CRM system") or comparable enquiry organisation.

We will delete the requests if they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

6. RIGHTS CONCERNED

You have the right, 

  • in accordance with Art. 7 Para. 3 DSGVO to revoke your once given consent to us at any time. As a result, we may no longer continue to process the data based on this consent in the future; 

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of the data; 

  • in accordance with Art. 15 DSGVO, to demand without delay the correction of incorrect or the completion of your personal data stored by us; 

  • in accordance with Art. 17 DSGVO to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; 
  • pursuant to Art. 18 DSGVO, to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful, if you refuse to delete it and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims, or if you have lodged an objection to the processing pursuant to Art. 21 DSGVO
  • in accordance with Art. 20 DSGVO, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it will be transferred to another responsible party and  
  • complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace or our registered office.

7. DATA PROTECTION IN APPLICATIONS AND IN THE APPLICATION PROCESS

Applications sent by electronic means or by post to the competent body within the company are processed electronically or manually for the purpose of the application procedure.

We expressly point out that application documents containing "special categories of personal data" in accordance with Art. 9 DSGVO (e.g. a photograph which allows conclusions to be drawn about your ethnic origin, religion or marital status) are undesirable, with the exception of any severe disability which you may wish to disclose of your own free will. You should submit your application without these data. This has no effect on your chances of applying.

The legal basis for the processing is Art. 6 Para. 1 S.1 lit. b) DSGVO and Art. 26 BDSG as amended.

If an employment relationship is entered into with the applicant after completion of the application procedure, the applicant's data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after the conclusion of the application procedure, your submitted letter of application including documents will be deleted 6 months after the rejection has been sent, in order to be able to satisfy any claims and obligations to provide proof according to AGG.

8. HOSTING, E-MAIL & NEWSLETTER DISTRIBUTION

The hosting services provided by ionos (by 1&1) to us are for the following purposes: the provision of infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services. 

In doing so, we or our hosting providers process inventory data, contact data, content data, contract data, usage data, meta and communication data of contractual partners, users, customers, interested parties and visitors of our online offers on the basis of our legitimate interests in an efficient and secure provision of our online offers in accordance with Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of contract processing contract).

b. We use the following dispatch service providers for e-mail and newsletter dispatch:

  • Mailchimp (The Rocket Science Group, LLC - 675 Ponce de Leon Ave NE - Atlanta, GA 30308 USA),
  • Postmark (Wildbit,LLC - 225 Chestnut St - Philadelphia, PA 19106 USA)

c. You can subscribe to our newsletter with your voluntary consent by entering your e-mail address and confirming the "double opt-in" procedure. After your registration you will receive an e-mail from us with a confirmation link to confirm your subscription. Only after you click on this link will your e-mail be added to the newsletter distribution list and saved for the purpose of sending e-mails.

In order to meet legal requirements, we log your IP address used during registration and the date and time of the double opt-in (registration and confirmation).
For statistical evaluation and optimization of our newsletter we evaluate your user behaviour (opening the newsletter, link click) with the help of so-called "web beacons" or "tracking pixels".

You can object to the tracking and consent to the sending of the newsletter at any time by clicking on the unsubscribe link at the end of the newsletter. In this case the receipt of the newsletter will also be terminated. If you deactivate the display of images in your e-mail software, tracking is also not possible. However, this may have restrictions on the functions of the newsletter and contained images will not be displayed. We save your data as long as you have subscribed to the newsletter. After unsubscribing, your data will only be stored anonymously for statistical purposes.

9. ONLINE PRESENCE IN SOCIAL MEDIA

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. The US providers are certified according to the so-called Privacy-Shield and are therefore obliged to comply with European data protection regulations. When you use and access our profile in the respective network, the respective data protection notices and terms of use of the respective network apply. Unless otherwise stated in our data processing information, we process the data of users, provided that they communicate with us within the social networks and platforms, e.g. send us messages.

10. COOKIES

Our website uses so-called cookies, the content and purpose of which are described below. When you call up our website, we will inform you about the use of cookies for the above-mentioned purposes by referring to our data protection policy. Our website uses session cookies, persistent cookies and third-party cookies:

  • Session cookies:We use so-called cookies to recognize multiple use of an offer by the same user (e.g. to determine your login status when you have logged in). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimise our offers and make it easier for you to access our site. When you close the browser or log out, the session cookies are deleted.
  • Persistent cookies: These are automatically deleted after a specified period of time, which can vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
  • Third-party cookies (third-party cookies):
  1. Google Analytics (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA, EU branch: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) with activated IP anonymisation ("anonymizeIP"), whereby the IP addresses are only processed in a shortened form. Furthermore, the cross-device analysis of website visitors with so-called User-ID. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google. The use of Google Analytics serves the purpose of analyzing, optimizing and improving our website.

    Data sent by us and linked to cookies, user IDs (e.g. User ID) or advertising IDs are automatically deleted after 26 months. Data whose retention period has been reached is automatically deleted once a month.

  2. Google Adwords with conversion tracking (Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA) This conversion tracking serves the purpose of analysing, optimising and economically operating our advertising and website by drawing attention to our website on third-party websites by means of advertisements.

    The full extent of data processing is not known to us. With a logged in Google account the data can be assigned to your account by AdWords. If you do not wish this, you must log out of Google before visiting our website.

  3. Google & Google Adwords Remarketing (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA) Remarketing serves the purpose of addressing former visitors of our website specifically to third-party websites, thus the economic operation of our advertising and website, as well as their analysis and optimization.

    The full extent of data processing is not known to us. According to Google, the data collected by remarketing is not merged with your personal data, which may be stored by Google, but is processed using a pseudonym.

     

  4. Embedded Youtube Videos (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA, EU office: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland) Videos are embedded using "enhanced privacy mode" and do not affect your personal video recommendations.

    The data obtained is transferred to the USA and stored there. This is also done without a user account at Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish this, you must log out of your Google account. Google creates user profiles from such data and uses these data for the purpose of advertising, market research or optimization of its websites.

 

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out at this point that you may then not be able to use all functions of our website. Please read more about this under item 13 (RIGHT OF RESPONSE) of this privacy policy.

11. SOCIAL MEDIA PLUG-INS

We use social media plug-ins on our website in the context of the so-called "two-click solution" shariff from the following social networks:

  • Facebook (Registered office in the EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Twitter (Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA)
  • Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

No personal data is transmitted to the providers of the plug-ins when our website is accessed. Next to the logo or the brand of the social network you will find a slider with which you can activate the plug-in with a click. After activation, the respective provider of the social network receives the information (including your IP address) that you are visiting our website. In addition, your personal data is transmitted to the provider of the plug-in and stored there. When using the functions of the plug-in, e.g. clicking the "Like" button, this information is also transferred from your browser to the Facebook servers in the USA, stored there, and displayed in your Facebook profile and, if applicable, with your Facebook friends.

The plug-in provider stores the data collected about the user as user profiles. These are used for the purposes of advertising, market research and/or demand-oriented design of his website. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about the user's activities on our website. The user has a right of objection to the creation of these user profiles, whereby one must contact the respective plug-in provider in order to exercise this right.

12. LEGAL BASIS

The legal basis for the processing of personal data, if not separately listed below, is our legitimate interest in communication with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 sentence 1 letter f) DSGVO.

The legal basis for the newsletter dispatch, the measurement of success and the storage of the e-mail mentioned in point 8 is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a) DSGVO in conjunction with § 7 Para. 2 No. 3 UWG and for the recording of the consent in accordance with Art. 6 Para. 1 S. 1 lit. f) DSGVO, as this serves our legitimate interest of legal provability.

Insofar as you have given your consent to the persons responsible for social networks (see points 9. to 11. of this privacy policy) to process your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a) and Art. 7 DSGVO.

The legal basis for the use of cookies mentioned in paragraph 10. is Art. 6 para. 1 sentence b) DSGVO, if the cookies are used to initiate a contract. Otherwise there is a legitimate interest in the effective functionality of our website, so that in this case Art. 6 para. 1 sentence 1 lit. f) DSGVO is the legal basis.

The legal basis for the use of the plug-ins mentioned in section 11. is our legitimate interest in improving and optimizing our website by increasing our awareness via social networks and the possibility of interaction with you and the users among themselves via social networks in accordance with Art. 6 para. 1 sentence 1 lit. f) DSGVO.

13. RIGHT OF OBJECTION

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21
DSGVO, if there are reasons for doing so arising from your particular situation. If you wish to exercise your right of objection, simply send an e-mail to datenschutz@entrafin.de

You can generally prevent the storage of cookies (see also item 10 of this data protection policy) on your hard drive by selecting "do not accept cookies" in your browser settings. However, this may result in a functional restriction of our offers. You can object to the use of cookies from third parties for advertising purposes by means of a so-called "opt-out" via the American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

You can prevent the collection of the data generated by the cookie and related to your use of the website to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the above browser plugin, you can prevent Google Analytics from collecting your data by setting the following "opt-out" cookie, which will prevent the collection of your data when you visit this website in the future https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable. This cookie is only valid for our website and your current browser and will only last until you delete your cookies. In this case you would have to set the cookie again. You can deactivate the cross-device user analysis in your Google account under "My data > personal data".

The deactivation of the function "Facebook Custom Audiences" is possible for logged-in users under this link: https://www.facebook.com/settings/?tab=ads#.

Furthermore, we refer to the respective data protection policy of the services mentioned in sections 8 to 11 of this data protection guideline with regard to the individual possibilities of objection (opt-outs) of the services mentioned in sections 8 to 11 of this data protection guideline. In addition, you will also find information on your rights and setting options for the protection of your personal data.

Please note that we cannot guarantee or warrant that the third-party links or services listed in this data protection policy are up-to-date. However, we make every effort to check such links at regular and appropriate intervals to ensure that they are up-to-date. If a third-party link listed in this data protection policy no longer provides the functionality that we desire, please notify us at datenschutz@entrafin.de.

Cookie Consent with Real Cookie Banner