Privacy Policy
Data Protection Notice in accordance with the EU General Data Protection Regulation (GDPR)
The following information provides you with an overview of the processing of your personal data by Finoa GmbH and your rights under data protection law.
Which data is processed in detail and how it is used depends largely on the services requested or agreed upon in each case.
1. Who is responsible for data processing and whom can I contact?
Responsible entity is:
Finoa GmbH
Voltastraße 1
14482 Potsdam, Germany
E-Mail: contact@finoa.io
You can reach our Data Protection Officer (DPO) at:
Finoa GmbH
Datenschutzbeauftragter
Voltastraße 1
14482 Potsdam, Germany
E-Mail: datenschutz@finoa.io
2. What sources and data do we use?
We, Finoa GmbH, process personal data that we receive from you in the course of the business initiation and our business relationship. In addition, to the extent necessary for the provision of our services, we process personal data that we have received from other companies, as part of the onboarding process or from other third parties in a permissible manner (e.g. for the execution of orders, for the fulfillment of contracts or on the basis of consent given by you). On the other hand, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. debtor directories, commercial and association registers, press, media, internet) and are allowed to process. The above also applies to your personal data of you in your function as a representative / authorized representative of a legal entity.
a) Relevant personal data in the context of business initiation, in the course of authorization, or the joint obligation can be
- name,
- address/other contact details (e.g., telephone number, e-mail address),
- date/place of birth,
- gender,
- nationality,
- marital status,
- legal capacity,
- profession,
- occupational group code (e.g. dependent/self-employed)
- advertising, and sales data,
- legitimation data,
- authentication data (e.g. signature specimen), and
- tax ID.
When concluding and using products/services from the product categories listed below, further personal data may be collected, processed, and stored in addition to the aforementioned data.
b) Relevant personal data in the context of a business relationship and the use of products/services may be:
For the identification and verification:
- Identification document including the type of identification document, issue date, document number, and issuing authority.
- Your image in photo or video form
Account and transactions:
- Information about the stored assets (e.g. currency, public keys, balance, transaction history, purpose of the transaction)
- Order data (e.g. payment order, turnover data in payment transactions, recipient, IBAN, the purpose of payment).
- Information about other people connected to the account (e.g. legal representatives, beneficial owners, authorized persons)
In addition, during the business relationship, in particular through personal, written, or telephone contacts, initiated by you or by Finoa GmbH, other personal data, e.g. information on the contact channel, date of contact, reason, and the result of the contact, as well as (electronic) copies of correspondence, are processed.
3. What do we process your data for (purpose of processing) and on what legal basis?
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG(new)):
3.1. Based on your consent (Article 6 para. 1 a GDPR)
If you have given us consent to process personal data for certain purposes (e.g. transfer of data within the company/network), this processing is lawful on the basis of your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the EU General Data Protection Regulation came into force, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. You can request a status overview of the consents you have granted from us at any time.
3.2. For the fulfillment of contractual obligations (Article 6 para. 1 b GDPR)
The processing of personal data is carried out for the provision of financial services in the context of the implementation of our contracts with our customers or for the implementation of pre-contractual measures, which are carried out at your request.
The purposes of data processing depend primarily on the specific product and may include, among other things, needs analyses, advice, asset management and support, and the execution of transactions as well as all activities required with Finoa GmbH. The purposes of data processing are primarily based on the provision of specific products or services.
3.3. On the basis of legal requirements (Article 6 para. 1 c GDPR) or in the public interest (Article 6 para. 1 e GDPR).
In addition, as a supervised financial services provider, we are subject to various legal obligations, i.e. legal requirements (e.g. German Banking Act, German Money Laundering Act, German Securities Trading Act, tax laws) and financial supervisory requirements (e.g. of the European Central Bank, the European Banking Authority, the German Federal Bank and the German Federal Financial Supervisory Authority). The purposes of the processing include, among others, identity and age verifications, fraud and money laundering prevention, the fulfillment of control and reporting obligations under tax law, and the assessment and management of risks at Finoa GmbH.
3.4. Within the scope of the balancing of interests (Article 6 para. 1 f GDPR)
If necessary, Finoa GmbH will process your data beyond the actual fulfillment of the contract in order to protect the legitimate interests of Finoa GmbH or third parties.
Examples:
- Consultation of and data exchange with information files (e.g., Crif Bürgel) for anti-money laundering purposes.
- Examination and optimization of procedures for demand analysis and direct customer contact, including customer segmentation.
- Advertising or market and opinion research, insofar as you have not objected to the use of your data.
- Assertion of legal claims and defense in legal disputes.
- Ensuring the IT security and the IT operation of Finoa GmbH.
- Video surveillance for the collection of evidence in criminal cases, for the protection of customers and employees as well as for the exercise of domestic authority,
- Measures to ensure building and facility security (e.g. access controls).
- Measures to ensure the right of access to the premises.
- Measures for business management and further development of services and products.
- Risk management in the company.
4. Who gets my data?
Within Finoa GmbH, access to your data is granted to those departments that need it in order to fulfill our contractual and legal obligations (Art. 28 GDPR). Service providers and vicarious agents employed by us may also receive data for these purposes if they comply with the legal requirements of the EU General Data Protection Regulation/Federal Data Protection Act and our written data protection instructions. These are mainly companies from the categories listed below.
With regard to the transfer of data to recipients outside Finoa GmbH, it should first be noted that as a supervised financial services provider, we are generally obliged to maintain confidentiality about all customer-related facts and evaluations of which we become aware. We may only pass on information about you if this is required by law if you have consented to this if we are authorized to provide information, and/or if the processors commissioned by us guarantee compliance with the requirements of the EU General Data Protection Regulation/Federal Data Protection Act in the same way.
Under these conditions, recipients of personal data may be, for example:
- Public bodies and institutions (e.g. German Federal Bank, Federal Financial Supervisory Authority, European Banking Authority, European Central Bank, tax authorities, Federal Central Tax Office) in the event of a statutory or regulatory obligation.
- Suppliers, other credit and financial services institutions, comparable institutions, and processors to whom we transfer personal data in order to carry out the business relationship with you. In detail: Processing of banking information, support/maintenance of IT applications, archiving, document processing, controlling, data screening for anti-money laundering purposes, customer support and communication, marketing, media technology, reporting, research, risk controlling, telephone/video calls, video legitimation, website management, auditing services, payment transactions.
- Other data recipients may be those entities for which you have given your consent to the transfer of data or for which you have released us from confidentiality pursuant to an agreement or consent.
4.1 Amazon Web Services (AWS)
We process your personal data on the servers of AWS Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg. The personal data we process are:
- customer number,
- first name,
- last name,
- email address,
- address,
- your banking information (IBAN, BIC),
- billing information,
- tax identification number,
- IP address
- transaction orders, history, and information,
- customer’s authorized persons’ and representative’s information (first and last name, email address).
The processing of the above data is based on Art. 6 (1) lit. f of the GDPR for the purpose of operation, security, and optimization of our offer.
The servers of AWS that we use are located within the European Economic Area. For certain technical services, however, data may be processed outside the EEA, especially in the USA. AWS is bound to our instructions by a data processing agreement, implementing Standard Contractual Clauses of the European Commission. Additionally, it added a new supplementary addendum to comply with the Schrems II C-311/18 case of the Court of Justice of the European Union to its data processing agreement. For more information on data processing by AWS, please refer to the AWS privacy policy at: https://aws.amazon.com/privacy/.
There is no possibility to object to this data processing, as the processing of the data is mandatory for the provision of the services.
We delete your personal data when they are no longer necessary to achieve the purpose of their processing.
5. If data is transferred to a third country or to an international organization?
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the purpose stated in the processing activity and/or is required by law (e.g. reporting obligations under tax law), you have given us your consent or within the scope of data processing in accordance with the Art. 46 et seq. of GDPR. Your personal data is generally transferred in accordance with the Art. 46 para 1 GDPR adequacy decision of the European Commission and with the Art. 46 para 2 lit. c of the GDPR, based on Standard Contractual Clauses (“SCC”) accompanied by a conducted data transfer impact assessment in case of lack of adequacy decision. The appropriate safeguards are agreed upon under SCCs as an annex and can be demanded by making a request to us to datenschutz@finoa.io.
6. How long will my data be stored?
When you no longer wish to benefit from our services and send us a deletion request, we are removing all personal data except some categories for the fulfillment of our legal storage obligations. This data will be deleted immediately without you having to request the deletion anew, upon the expiry of the period.
If the retention is necessary for your personal data, it is necessary for the following purposes and laws:
- Performing commercial and tax retention periods, which relate to the following laws: Commercial Code (Handelsgesetzbuch), Fiscal Code (Abgabenordnung), VAT Act (UStG), Banking Act (Kreditwesengesetz), and Money-laundering Act (Geldwäschegesetz). The statutory retention periods and documentation obligations are between two to ten years.
- Ensure a proper disaster recovery, and conduct IT audits: GDPR and German Civil Code (BGB). The statutory periods and documentation obligations are three years.
- Claim and evidence management: GDPR and German Civil Code (BGB). The statutory periods and documentation obligations are three years.
7. What data protection rights do I have?
You have the right of access to your information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right to data portability according to Art. 20 GDPR and the right to object pursuant to Art. 21 GDPR wherever we process your data on the basis of legitimate interests under Art. 6 para. 1 lit. f of GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data is not lawful. In principle, you can contact the supervisory authority of your place of residence, your place of work, or our office. The supervisory authority responsible for us is (the data protection authority in Brandenburg/Germany):
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Dagmar Hartge
Stahnsdorfer Damm 77
14532 Kleinmachnow, Germany
Phone: +49 (0) 33203 / 356-0
E-Mail: Poststelle@LDA.Brandenburg.de
Insofar as the processing of data is based on your consent, pursuant to Art. 7 GDPR you are entitled to revoke your consent to the use of your personal data at any time. Please note that the revocation is only effective for the future. Processing operations that took place before the revocation are not affected by this. Please also note that we may have to retain certain data for a certain period of time in order to comply with legal requirements (see section 15 of this policy).
8. Is there an obligation for me to provide data?
Within the scope of our business relationship, you must provide the personal data that is required for the establishment and performance of a business relationship and the fulfillment of the associated contractual obligations, which we are required to collect by law. Without this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it.
In particular, we are obliged under money laundering regulations to identify you prior to the establishment of the business relationship, for example, on the basis of your identity card or passport, and to collect and record your name, place of birth, date of birth, nationality and residential address. In order for us to be able to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with Section 4 (6) of the German Money Laundering Act (Geldwäschegesetz(GWG)) and notify us immediately of any changes that occur in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.
8.1 Crif Bürgel GmbH
To comply with our obligations under applicable counter-terrorist financing and anti-money laundering laws as mentioned in the paragraph above, we are using the services of Crif Bürgel GmbH, Kaiserstraße 217 76133 Karlsruhe (“Crif Bürgel”) to verify identity and carry out checks for the prevention and detection of crime including fraud and/or money laundering. Crif Bürgel is subject to our instructions by a data processing agreement.
We process company information (name, address, trade registry number), your name, address, date of birth, communication details (phone number, email address).
The legal basis for data processing is Art. 6 para. 1. lit. c of GDPR, based on our compliance with the legal obligation arising from anti-money laundering laws.
We delete your personal data when they are no longer necessary to achieve the purpose of their processing. Due to the statutory retention periods and documentation obligations, this is between two to ten years as mentioned in section 6 of this policy.
8.2. IDnow GmbH
We are using the services of IDnow GmbH, Auenstr. 100, 80469 Munich (“IDnow”) to conduct video identifications for the identification documents verification in order to start providing you our services.
The data that is processed is your last name, first name, place of birth, date of birth, nationality, full address mobile phone number, email address, photo/screenshot of the person and the front and back of the ID document, ID data (such as date and place of issue, issuing authority, etc.), user name for the video conference program used, video and sound recording of the video call.
The legal basis for the processing of your personal data is Art. 6 Para. 1 lit. b GDPR for the initiation or implementation of a contractual relationship of which you are a part. The purpose of data processing is to fulfill the service contract.
Furthermore, the legal basis for data processing is Art. 6 para. 1. lit. c of GDPR, based on our compliance with the legal obligation arising from anti-money laundering laws.
We delete your personal data when they are no longer necessary to achieve the purpose of their processing.
Due to the statutory retention periods and documentation obligations, this is between two to ten years as mentioned in section 6 of this policy.
Further information on data protection at IDnow can be found here:
https://go.idnow.de/privacy/de
8.3 Notabene ID GmbH
We use the services of Notabene ID GmbH, Dammstrasse 16, CH-6300 Zug, Switzerland, CHE-148.625.400 ("Notabene") to fulfill our legal obligations under the German Ordinance on Enhanced Due Diligence Obligations for the Transfer of Crypto Assets (Kryptowertetransferverordnung - KryptoWTransferV).
Notabene's so-called SafeTransact platform enables us to automate decisions in real time, assign the affiliation of addresses and ensure the implementation of the KryptoWTransferV.
The processing of the personal data required for this purpose is carried out in accordance with the KryptoWTransferV and the associated anti-money laundering regulations.
The legal basis for data processing is Art. 6 (1) lit. c GDPR due to our legal obligations mentioned above.
If the purpose no longer applies and there is no statutory retention period, the corresponding personal data will be deleted. In principle, the data will only be stored for the duration of the purposes stated above.
8.4 Merkle Science (StackseerTechnologies Pte. Ltd.)
We use the “Compass” service from Merkle Science (Stackseer Technologies Pte. Ltd), a limited liability company registered in Singapore ("Merkle Science”), to fulfill our legal due diligence obligations under the Regulation on Enhanced Due Diligence Obligations for the Transfer of Crypto Assets (Kryptowertetransferverordnung - KryptoWTransferV) and the anti-money laundering regulations.
Merkle Science provides blockchain transaction monitoring solutions that help detect, investigate and prevent money laundering, terrorist financing and other criminal activities.
This includes collecting, processing and storing data on blockchain transactions and addresses from public sources and reconciling these informations.
The legal basis for data processing is Art. 6 Para. 1 lit. c GDPR based on our fulfillment of the legal obligation under the KryptoWTransferV and the anti-money laundering regulations.
If the purpose no longer applies and there is no statutory retention period, the corresponding personal data will be deleted. In principle, the data is only stored for the duration of the purposes mentioned above.
9. Is there any automated decision-making (including profiling)
For the establishment and implementation of the business relationship, we do not use automated decision-making pursuant to Article 22 of GDPR. Should we use these procedures in individual cases, we will inform you separately, provided this is required by law.
10. Email newsletter
10. 1 Brevo (SENDINBLUE)
We use the services of Sendinblue for sending newsletters. The provider of Sendinblue is Sendinblue SAS – Politique de confidentialité 7 rue de Madrid, 75008 Paris, France.
Sendinblue is a service that helps to manage the sending of newsletters and operates in full compliance with GDPR legislation.
When you enter your personal data into the input mask to signup for the Finoa newsletter, this data is stored by Sendingblue on the servers of Sendinblue in France, Belgium, and Ireland.
We also use Sendinblue to analyze the performance of our newsletter campaigns. When opening the mail sent via Sendinblue, a cookie contained in the mail connects to Sendinblue servers in France, Belgium, and Ireland. This allows us to determine how often our mail was opened as well as the time of retrieval, IP address, browser type, and operating system of the recipient are recorded. This information is anonymous and cannot be assigned to the newsletter recipient. The analysis of the newsletter only serves the purpose of evaluating the performance of our newsletter campaigns.
If you do not wish to enable analysis via the Sendinblue service, you have the option of unsubscribing from the newsletter. To do so, simply click on the corresponding link in your newsletter mail. You can also unsubscribe directly on the website.
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data which you provide to Sendinblue for the purpose of subscribing to the newsletter will be stored by Sendinblue until you unsubscribe from the newsletter and will be deleted from the servers of Sendinblue after you unsubscribe from the newsletter. Data that has been saved for other purposes (e.g. e-mail addresses for the customer area) remains unaffected.
Further information about the current privacy policy of Sendinblue can be found here.
11. Communication for Business Initiation and Customer Service
11. 1 Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.
The legal basis for the processing of your data, which is transmitted in the course of sending the message, is Art. 6 para. 1 p. 1 lit. b of the GDPR, insofar as your contact is aimed at the conclusion of a contract with us or the communication concerns an already existing contractual relationship.
If the contact is neither related to a contract nor aimed at the conclusion of a contract, the legal basis for the data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a of the GDPR.
The data entered by you in the contact form will remain with us until you request us to solve the problem, revoke your consent for storage, or the purpose for which the data is stored no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
11.2 Inquiry by email, telephone, or fax
If you contact us by email, telephone, or fax, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request.
The legal basis for the processing of your data, which is transmitted in the course of sending the message, is Art. 6 para. 1 lit. b of the GDPR, insofar as your contact is aimed at the conclusion of a contract with us or the communication concerns an already existing contractual relationship.
If the contact is neither related to a contract nor aimed at the conclusion of a contract, the legal basis for the data processing is your consent pursuant to Art. 6 para. 1 lit. a of the GDPR.
The data sent to us by you via contact inquiries will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for storing it no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.
11.3 Zendesk
We use the ticket system Zendesk, a customer service platform of Zendesk Inc., 989 Market Street, San Francisco, CA 94102, USA to provide customer support. The purpose of the data processing is the handling of your request with which you have contacted us through the contact form (point 11.1) and/or via email (point 11.2). For this purpose, the types of data you give us depend on the content of the message you send us.
Typically, we receive the types of data below from you: surname, first name, postal address, telephone number, e-mail address, country, company information, and other personal data transmitted as part of the message.
The legal basis for the processing of your data, which is transmitted in the course of sending the message, is Art. 6 para. 1 lit. b of the GDPR, insofar as your contact is aimed at the conclusion of a contract with us or the communication concerns an already existing contractual relationship.
If the contact is neither related to a contract nor aimed at the conclusion of a contract, the legal basis for the data processing is your consent pursuant to Art. 6 para. 1 lit. a of the GDPR. You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR by sending an e-mail with the corresponding content to datenschutz@finoa.io. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and will be deleted, provided that there are no legal retention obligations to the contrary.
Zendesk is contractually bound to our instructions under a data processing agreement, incorporating Standard Contractual Clauses of the European Commission. It has also supplementary measures that are required by the Schrems II C-311/18 decision of the Court of Justice of the European Union.
The appropriate safeguards are agreed upon under SCCs as an annex and can be demanded by making a request to us to datenschutz@finoa.io or by making a request to review the data processing agreement as a non-signatory in this link https://www.zendesk.de/company/data-processing-form/ You can find further information about data protection in Zendesk’s privacy policy and about supplementary measures on their blog. The purpose of the data processing is the handling of your request with which you have contacted us.
We delete your personal data when they are no longer necessary to achieve the purpose of their processing.
11.4 Google Cloud EMEA Ltd
We use the services of Google Workspace (“GWS”) tools of Google Cloud EMEA Ltd. with offices at 70 Sir John Rogerson's Quay, D02 R296, Dublin 2, Ireland (“Google”). Google is our email service and call provider.
The purpose of the data processing is the handling of your request with which you have contacted us as a backup solution to Zendesk. For this purpose, the types of data you give us depend on the content of the message you send us. Typically, we receive the types of data below from you: surname, first name, postal address, telephone number, e-mail address, country, company information, and other personal data transmitted as part of the message.
The legal basis for the processing of your data, which is transmitted in the course of sending the message, is Art. 6 para. 1 p. 1 lit. f of the GDPR, our legitimate interest is in the prevention of loss of customer messages in the event that our customer service platform’s services become unavailable.
In case, our customer service platform’s services become unavailable, the legal basis for the processing of your data is based on Art. 6 para. 1 p. 1 lit. b of the GDPR, insofar as your contact is aimed at the conclusion of a contract with us or the communication concerns an already existing contractual relationship.
Finoa has chosen Europe as the location of the data center for the email service provider. For future cases, if there is a need to change the storage location outside of this region, your personal data will be transferred in accordance with the Art. 46 para 2 lit. c of the GDPR, based on Standard Contractual Clauses (“SCC”) accompanied by a conducted data transfer impact assessment. The appropriate safeguards are agreed upon under SCCs as an annex and can be demanded by making a request to us to datenschutz@finoa.io according to clause 8.3 of the SCCs, Transparency, under the Module 2 or directly to the processor data exporters, mentioned in title 5 as recipients, according to the clause 8.3 under the Module 3 of SCCs. Additionally, Google made available their appropriate safeguards on its webpage under its data protection-related terms, Google Cloud SCCs.
We delete your personal data when they are no longer necessary to achieve the purpose of their processing.
There is no possibility to object to this data processing per Art. 21 GDPR, as the processing of the data is mandatory for the provision of customer support.
11.5. Wire
We use the message service provider Wire, Wire Swiss GmbH, Untermuli 9 CH-6399 Zug, Switzerland (“Wire”), for conducting secure instant messaging and video calls for verification purposes requiring high security such as password resets, setup of 2FA, confidential data exchange as a part of the business process.
The legal basis for the processing of your data, which is transmitted in the course of sending the message is based on Art. 6 para. 1 p. 1 lit. b of the GDPR, the communication with you is a part of the customer onboarding process (KYC and KYB) and aims at providing you password resets and 2FA verification in order for you to start using our services based on an already existing contractual relationship.
Your personal data is transferred in accordance with the Art. 46 para 1 GDPR adequacy decision of the European Commission. The data flow between the European Economic Area and Swiss provider Wire continue and remain safe due to the decision of the EU Commission’s Decision 2000/518/EC on the adequate protection of personal data provided in Switzerland.
We delete your personal data when they are no longer necessary to achieve the purpose of their processing.
12. Use and link to social media
12.1 Use of Twitter
Functions of the Twitter service are integrated into our services. These functions are offered by the:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. This also involves the transfer of data to Twitter. We expressly point out that we, as the provider of the services, have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in the Twitter privacy policy. You can change your data protection settings on Twitter.
12.2 Use of LinkedIn
Our services use functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company,
Wilton Place, Dublin 2, Ireland.
When you visit our services and click the LinkedIn plugin ("Recommend button"), a connection to LinkedIn servers is established. LinkedIn will be notified that you have visited our services using your IP address. If you click on the LinkedIn "Recommend Button" and are logged into your LinkedIn account, LinkedIn may associate your visit to our services with your account. We expressly point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or of the use of such data by LinkedIn. You can find further information on LinkedIn’s data protection provisions.
The LinkedIn Insight Tag enables the collection of data regarding members’ visits to Finoa's website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or (when used for reaching members across devices) hashed, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.
12.3 Use of Medium
Functions of the Medium service are integrated with our services. These services are offered by VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow RoadCork T23AT2P, Ireland.
If you are logged in to your Medium account, you can link the content of our pages to your Medium profile by clicking the Medium button. This allows Medium to associate your visit to our services with your user account. We expressly point out that we, as the provider of the services, have no knowledge of the content of the transmitted data or its use by Medium. Further information on this can be found in the data protection declaration of Medium.
12.4 Use of Google Analytics
We have integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analysis is the gathering, collection, and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website a data subject has come to a website from (so-called referrers), which subpages of the website were accessed, or how often and for which period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there. Google might transfer the personal information collected via this technical procedure to third parties.
During your visit to the website the following data, among others, is recorded:
- Orders including turnover and products ordered
- The achievement of "website objectives" (e.g. contact requests and newsletter subscriptions)
- Your behavior on the pages (for example clicks, scrolling behavior, and dwell time)
- Your approximate location (country and city)
- Your IP address (in abbreviated form, so that no clear assignment is possible)
- Technical information such as browser, Internet provider, terminal device, and screen resolution
- Source of your visit (i.e. which website or advertising medium brought you to us)
- This data is transferred to a Google server in the USA.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized during future visits to the website. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 26 months. Other data remain stored in aggregated form for an unlimited period.
If you do not agree with the collection, you can prevent this by installing the browser add-on once to deactivate Google Analytics.
13. Information on your right of objection under Art. 21 of the Basic Data Protection Regulation (GDPR)
13.1 Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing on the basis of an assessment of interests). This also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
13.2 Right to object to the processing of data for advertising purposes
In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling, insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made form-free.
13.3 Recipient of an opposition
The objection can be made informally with the subject "Objection", stating your name, address, and date of birth, and should be addressed to:
Finoa GmbH
Voltastraße 1
14482 Potsdam, Germany
E-Mail: datenschutz@finoa.io
13.4 Additional Information
If you would like information that this data protection notice cannot provide or if you would like further information on a specific point, please contact the Finoa GmbH data protection officer at: datenschutz@finoa.io.
Cookies Declaration
This website uses cookies. We use cookies to personalize content and ads, provide social media features, and analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
This site uses different types of cookies. Some cookies are placed by third-party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your consent.
Your consent applies to the following domains: www.finoa.io.
Your current state: Allow selection (Necessary, Statistics).
Your consent ID: eWaKEGqEQdsXMZztJF1dNhuINJXYANZI8/t3xRfqb2GTGVD1iKoRWw==Consent date: Friday, July 2, 2021, 03:16:28 PM GMT+2
Cookie declaration last updated on 14/11/2021 by Cookiebot:
Necessary (2)
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.