1. Identity and Contact Details of the Controller and the Data Protection Officer
The controller responsible for the collection, use and processing of your personal data within the meaning of Art. 4 no. 7 GDPR is:
10623 Berlin, Germany
Telephone: +49 (0) 30 609865295
You will find more detailed information regarding FinLeap GmbH (hereinafter “FinLeap” or “we” or “us”) in our Imprint.
FinLeap’s data protection officer is:
2. Automated Collection of Data – Server-Log-Files
When accessing our Website your browser is transmitting the following data for technical reasons:
Date and time of your access,
Browser type and version,
Used operating system,
URL of the previously visited website,
Quantity of transmitted data.
This data is stored by FinLeap only for technical reasons and will, at no time, be assigned to an individual person. This data processing is carried out on the basis of our legitimate interest in the secure and error-free operation of our IT infrastructure, the prevention of misuse, the prosecution of criminal offences and the securing, assertion and enforcement of claims, Art. 6 Para. 1 f) GDPR.
We offer you a free newsletter service. We use the newsletter to inform you about current news, events and to send you other information that may be of interest to you. To receive the newsletter via e-mail, you can sign up on our Website. For the newsletter service we need your e-mail address and, in order to address you personally, your first and last name. After registration you will receive an e-mail. This contains a link with which you can confirm your registration. You will not receive the newsletter until you have confirmed it.
You can unsubscribe from the newsletter at any time. Each newsletter contains information on how you can cancel the newsletter with effect for the future.
The collection and processing of your personal data for the newsletter as well as the transmission to MailChimp described below is based on your consent, which can be withdrawn at any time in the future, and is necessary for the provision of the newsletter, Art. 6 Para. 1 a) GDPR.
We use the service Mandrill of The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA, 30308, United States (hereinafter: “MailChimp”) to send the newsletter. This service allows us to internally manage a database of e-mail contacts to communicate with you via e-mail. The service manages information about when an e-mail was read by you and when you interacted with incoming e-mail messages, for example by clicking on links included in the e-mail. This is done by so-called web beacons, also called tracking pixels. These are small image files that allow us to evaluate user behaviour. Through the use of MailChimp personal data are transmitted to the United States. MailChimp is certified under the EU-US-Privacy Shield, so that an adequate level of data protection according to Art. 45 GDPR is ensured.
MailChimp in turn transmits this data to external service providers in order to be able to offer their services. MailChimp processes all data in accordance with European data protection standards.
You can object to this tracking at any time by unsubscribing from the newsletter as described above. The evaluation by MailChimp described above is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions.
Our Website uses “cookies” in accordance with Art. 6 Para. 1 f) GDPR in order to make the use of our Website more convenient and tailored to your needs, for example by saving certain entries and settings. Cookies are small text files that are stored on your computer using your Internet browser.
You can prevent cookies from being stored by making the appropriate settings in your web browser. However, we would like to point out that in this case you may not be able to use all functions of the Website in full.
5. Google Analytics
Our Website uses Google Analytics, a web analytics service provided by Google Inc., 1600
Amphitheatre Parkway, Mountain View, CA 94043, United States (hereinafter “Google”). Google Analytics uses “cookies” to help analyzing how users use the Website. The information generated by the cookie about your use of the Website (including your truncated IP-adress as described below) will be transmitted to and stored by Google on servers in the United States. Google is certified under the EU-US-Privacy Shield, so that an adequate level of data protection according to Art. 45 GDPR is ensured.
As IP-anonymisation is activated on our Website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the United States and truncated there.
As an alternative to the browser Addon or within browsers on mobile devices, you can click in order to opt-out from being tracked by Google Analytics within our Website in the future (the opt- out applies only for the browser in which you set it and within this domain). An opt-out cookie will be stored on your device, which means that you will have to click the link again, if you delete your cookies. If cookies are disabled, it may result in not all services of our Website being available to you.
6. Social Media
We are active on Social Media for marketing reasons and to inform you about current news, events and to send you other information that may be of interest to you. For easily accessing our Social Media pages we have implemented direct links on our Website. Only if and when you press the corresponding link yourself your data such as your (possibly truncated) IP address, entire cookies or other information will be transmitted to the Social Media and thus possibly also to servers in the United States. It is possible that a Social Media provider can associate your visit to our Website with your user account if you are logged into your Social Media account.
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States), and
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).
7. Change of Purpose
We will only process your personal data for a purpose other than that for which the personal data have been collected if permitted by law or if you have consented to the changed purpose of data processing. In this case we will inform you about these other purposes before further processing and provide you with all other relevant information.
8. Duration of storage and deletion of your data
If your personal data are no longer required for the aforementioned purposes or you revoke your consent on which the data processing is based, they will be deleted. If the data must be kept for legal reasons, they will be blocked in this respect. The data is then no longer available for further use.
9. Your rights
As a person affected by the processing of personal data, you have the rights granted in Articles 15 to 21 GDPR and listed below for information purposes. If you wish to exercise your rights or receive information on data protection, you can contact us or our Data protection officer by sending an e- mail to email@example.com or by using the other contact options listed in section 1 above.
9.1. Right to Withdraw your Consent
You have the right to withdraw your consent to the processing of your personal data at any
time. It is sufficient to send an e-mail to firstname.lastname@example.org. Further contact options can be found under section 1 above.
9.2. Right of Access
In accordance with Art. 15 GDPR, you have the right to request confirmation from FinLeap as to whether personal data relating to you is processed; if this is the case, you have the right to receive information free of charge, in particular on the personal data stored about you and a copy of this information.
In addition, pursuant to Art. 19 Sentence 2 GDPR, you have the right to request FinLeap to inform you of all recipients to whom personal data have been disclosed.
9.3. Right to Rectification
Pursuant to Art. 16 GDPR, you have the right to request FinLeap to correct and/or complete your personal data if they are incorrect or incomplete.
9.4. Right to Erasure
In accordance with Art. 17 GDPR, you have the right to request FinLeap to delete your personal data without delay. Deleting your data has the effect that FinLeap’s Services can no longer be used in full extend or used at all.
FinLeap is obliged to delete personal data immediately if processing is not necessary and if one of the following reasons applies:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
You have withdrawn your consent on which the processing was based and there is no other legal basis for the processing.
You have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for processing or you have lodged an objection to the processing pursuant to Art. 21 Para. 2 GDPR.
The personal data have been processed unlawfully.
Deleting your personal data is necessary to fulfil a legal obligation under German or European law.
If FinLeap has made your personal data public and is obliged to delete it, we will take appropriate measures, taking into account the available technology and implementation costs, to inform our data processors who are processing your personal data that you have requested to delete all links to your personal data or copies or replications of your personal data. The measures shall only be taken in so far as processing is not necessary.
9.5. Right to Restriction of Processing
In accordance with Art. 18 GDPR, you have the right to request FinLeap to restrict processing if one of the following conditions is fulfilled:
You have disputed the accuracy of your personal data for a period that enables FinLeap to check the accuracy of your personal data.
The processing is unlawful and you have refused to delete your personal data and have instead requested a restriction on the use of your personal data.
FinLeap no longer needs your personal data for processing purposes, but you do need them to assert, exercise or defend legal claims.
You have filed an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it is not clear yet whether our legitimate interests outweigh yours.
If the processing of personal data has been restricted in accordance with the conditions above, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If the processing is restricted, FinLeap will inform you before the restriction is lifted.
9.6. Right to Object
According to Art. 21 GDPR, you have the right to object to the processing of your personal data form-free and at any time, if your personal data is processed
a) on the basis of Art. 6 Para. 1 f) GDPR, or
b) for the purposes of direct advertising or profiling.
It is sufficient to send an e-mail to email@example.com. Further contact options can be found under section 1 above.
FinLeap will no longer process your personal data in the event of an objection. This does not apply in the case of data processing pursuant to Art. 6 Para. 1 f) GDPR if FinLeap can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or if the data is processed to assert, exercise or defend legal claims.
9.7. Right to Data Portability
According to Art. 20 GDPR, you have the right to receive your personal data which you have provided to FinLeap in a structured, common and machine-readable format.
In addition, you have the right to transmit your personal data yourself or through us directly to another controller, insofar as this is technically feasible and insofar as the rights and freedoms of others are not affected.
9.8. Right to Lodge a Complaint with a Supervisory Authority
Finally, under Art. 77 GDPR, you have the right to lodge a complaint to a supervisory authority responsible for FinLeap.
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Visitors‘ entrance: Puttkamerstr. 16 – 18
10969 Berlin, Germany
Phone: 030 13889-0