Privacy policy

We operate our websites in accordance with the principles set out below:

We undertake to comply with the statutory provisions on data protection and endeavour to observe the principles of data avoidance and data minimisation at all times.

1. Name and address of the controller and the data protection officer

a) The controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

finway GmbH
Landesbergerstraße 115/Haus 1
80687 Munich
Phone: +49 (0) 157 57112363
E-Mail: datenschutz@finway.de

b) The data protection officer

You can contact the controller’s data protection officer as follows:

SiDIT GmbH, www.sidit.de, E-Mail: info@sidit.de

2. Explanation of terms

We have designed our privacy policy in accordance with the principles of clarity and transparency. However, if there are any ambiguities regarding the use of various terms, the relevant definitions can be viewed here.

3. Legal basis for the processing of data

a) Processing of personal data in accordance with the GDPR

We only process your personal data, such as your surname and first name, your email address and IP address, etc., if there is a legal basis for doing so. According to the General Data Protection Regulation, the following regulations in particular come into consideration:

  • Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given their consent to the processing of personal data concerning them for one or more specific purposes.
  • Art. 6 para. 1 sentence 1 lit. b GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Art. 6 para. 1 sentence 1 lit. c GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject
  • Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person
  • Art. 6 para. 1 sentence 1 lit. e GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Art. 6 para. 1 sentence 1 lit. f GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a childt

However, we will always state again at the relevant points in this privacy policy the legal basis on which your personal data is processed.

b) Consent of the legal guardian pursuant to Art. 8 para. 1 sentence 2 alt. 2 GDPR

A legal guardian must consent to all data processing within the scope of this website for which the consent of a minor who has not yet reached the age of 16 is required.

Information on the individual data processing operations, their purposes and the categories of data concerned for which the consent of the data subject is required can be found in the privacy polic..

You can revoke your consent at any time by sending a declaration of revocation in text form to the contact details of the controller. The processing remains lawful until revocation.

c) Processing of information in accordance with Section 25 (1) TDDDG

We also process information in accordance with Section 25 (1) TDDDG by storing information on your terminal equipment or accessing information that is already stored on your terminal equipment. This may involve both personal information and non-personal data, e.g. cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment is any equipment connected directly or indirectly to the interface of a public telecommunications network for sending, processing or receiving messages, Section 2 (2) No. 6 TDDDG.

As a rule, we process this information on the basis of your consent, Section 25 (1) TDDDG.

Insofar as an exception pursuant to Section 25 (2) No. 1 and No. 2 TDDDG applies, we do not require your consent. Such an exception is given if we only access or store the information in order to transmit a message via a public telecommunications network or if this is absolutely necessary so that we can provide a telemedia service expressly requested by you. You can revoke your consent at any time.

We inform you that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4. Forwarding of personal data

The disclosure of personal data also constitutes processing within the meaning of section 3 above. However, we would like to take this opportunity to inform you separately about the issue of disclosure to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

Data is therefore only passed on to third parties if there is a legal basis for the processing. For example, we pass on personal data to persons or companies who work for us as processors in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf – i.e. in particular in a relationship of instruction and control with us.

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors in order to oblige them to comply with data protection regulations and thus ensure comprehensive protection of your data.

5. Storage period and deletion

Your personal data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, if the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

6. SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Use of AI systems (artificial intelligence)

In order to optimise our processes and improve your personalised visitor experience on our website, your personal data may be processed using artificial intelligence (AI) technologies. AI is used in particular to:

  • Perform data analyses,
  • Create forecasts,
  • Close security gaps,
  • make routine processes more efficient.

The AI used works in accordance with the principles of the GDPR. Any decisions that have legal or similar effects on you are not made by the AI alone, but are supplemented by human intervention.

8. Cookies

We use cookies on our website. Cookies are small data packets that your browser automatically creates and that are stored on your end device when you visit our website. These cookies are used to store information in connection with the end device used.

When cookies are used, a distinction is made between technically necessary cookies and ‘other’ cookies. Technically necessary cookies are those that are absolutely necessary in order to provide an information society service that you have expressly requested.

a) Technically necessary cookies

In order to make the use of our website more pleasant for you, we use technically necessary cookies, which may be so-called session cookies (e.g. language and font selection, shopping basket, etc.), consent cookies, cookies to ensure server stability and security, etc. The legal basis for the cookies results from Art. 6 para. 1 sentence 1 lit. f) GDPR, our legitimate interest in the error-free operation of the website and the interest in providing you with our services in an optimised manner.

b) Other cookies

Other cookies include cookies for statistical, analytical, marketing and retargeting purposes.

We use these cookies for you on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

You can revoke your consent to the use of cookies at any time.
We inform you that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To do this, you can either edit your cookie settings on our website, deactivate the use of cookies in your browser settings (whereby this may also restrict the functionality of the online offer) or set an opt-out for the corresponding service in individual cases.

We will inform you of the legal basis on which this data is processed for the respective services within the privacy policy.

9. Cookie banner / consent management

To obtain consent for the cookies we use, we use the cookie banner of the service provider Usercentrics GmbH Sendlinger Straße 7 80331 Munich Germany. This sets a so-called consent cookie in order to query and process the respective consent status. This consent cookie is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, § 25 para. 1 TDDDG.

For the use of some services of the Google/Alphabet Group, we use the so-called Google Consent Mode V2 in Basic Mode. Details on this consent mode can be found on the Google website at https://developers.google.com/tag-platform/security/guides/consent?consentmode=advanced.

The use of Consent Mode is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

10. Collection and storage of personal data and the nature and purpose of its use

a) External hosting

Our website is hosted by Kinsta Inc, 8605 Santa Monica Blvd #92581, West Hollywood, CA 90069, USA. For this reason, all personal data collected on our website is stored on the servers of our hoster, unless an external service of a third party is integrated. This may be the IP address, your email address, communication data or similar. You can find out which specific personal data this involves below in the individual functions and services explained by us. If we use an external service from a third party, this will be made clear in the description of the respective service or tool.

The hoster only processes your data on our instructions and insofar as this is necessary to fulfil the services on the website. The hoster does not process the data for its own purposes. We have concluded an order processing contract with the hoster.

b) When you visit the website

When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access was made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer and the name of your access provider

We process the above data for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring a comfortable use of our website
  • Analysing system security and stability
  • Error analysis
  • For further administrative purposes

Data that allows conclusions to be drawn about your person, such as the IP address, will be deleted after 7 days at the latest. If we store the data beyond this period, this data is pseudonymised so that it can no longer be assigned to you.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

c) CMS of Hubspot Inc.

Our website runs on the HubSpot CMS platform of Hubspot Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. This is a content management software for hosting, marketing, sales, CRM and customer service. We have agreed the standard contractual clauses with HubSpot Inc. and HubSpot is not permitted to process your data for its own purposes.

Details and information on HubSpot’s data protection provisions can be found at https://legal.hubspot.com/privacy-policy.

d) Cloudflare

On our website, we use a so-called Content Delivery Network (‘CDN’) and the web firewall for defence against DDoS attacks from the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA (‘Cloudflare’).

For this purpose, Cloudflare may process IP addresses, information regarding the routing of data traffic and system configuration and other information on traffic destined for or originating from websites.

For the CDN, the information transfer between the browser and our server is technically routed via the Cloudflare network so that we can optimise the loading speeds of our website. The web firewall is intended to prevent fraudulent transactions, unauthorised access to the services and other illegal activities.

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the secure and efficient provision and improvement of the stability and functionality of our website.

We have concluded the standard contractual clauses (Data Processing Addendum) with Cloudflare.

Further information can be found in Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy/

e) Newsletter

Content of the newsletter and registration data

We will only send you our newsletter and carry out statistical surveys and analyses and log the registration process if you order it from us and have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 para. 1 TTDSG.

The contents of the newsletter are described in detail when you register for the newsletter. To subscribe to the newsletter, it is sufficient to provide your email address. If you provide further voluntary information, such as your name and/or gender, this will only be used to personalise the newsletter addressed to you.

Double opt-in and logging

For security reasons, we use the so-called double opt-in procedure to register for our newsletter so that nobody can register with other people’s email addresses. After registering for our newsletter, you will therefore first receive an e-mail asking you to confirm your registration. Your registration only becomes effective once it has been confirmed.

Furthermore, your registration for the newsletter will be logged. The logging includes the storage of the time of registration and confirmation, the data you provide and your IP address. If you make changes to your data, these changes will also be logged.

Revocation

If you no longer wish to receive our newsletter, you can revoke your consent at any time for the future. To do so, you can click on the unsubscribe link at the end of each newsletter or send us an email to the following email address: datenschutz@finway.de

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Use of ‘HubSpot’

Registration takes place using the newsletter service ‘HubSpot’, which is offered by HubSpot Inc. (25 First Street, Cambridge, MA 02141 USA).
The email addresses of our interested parties and their other data described in this notice are stored on HubSpot’s servers in the USA. HubSpot uses this information to send and analyse the participation links on our behalf. Furthermore, HubSpot may, according to its own HubSpot may use this data to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the invitation or for economic purposes in order to determine which countries the recipients come from. However, HubSpot does not use the data of our interested parties to write to them itself or pass it on to third parties.
We have concluded the standard contractual clauses with HubSpot. HubSpot does not obtain the right to pass on your data.
Wir haben mit HubSpot die Standardvertragsklauseln abgeschlossen. HubSpot erlangt kein Recht zur Weitergabe Ihrer Daten.
You can find HubSpot’s privacy policy here.

f) Book a demo

On our website, we offer you the opportunity to book an appointment online for a free demo of our software. To do this, we collect your first and last name, company name, e-mail address and details of how you know finway. Our software will be presented to you as part of the personalised product demo. Your personal data is therefore processed for the implementation of pre-contractual measures that are carried out at your request, Art. 6 para. 1 sentence 1 lit. b GDPR.

We use the provider HubSpot Inc (25 First Street, Cambridge, MA 02141 USA) for this function, with whom we have concluded the standard contractual clauses.
You can find HubSpot’s privacy policy here.

g) Free trial

We offer you the opportunity to create a free trial account on our website. For this purpose, we collect your first and last name, your e-mail address, your telephone number and information about how you know finway. The processing of your personal data is therefore carried out for the implementation of pre-contractual measures that are carried out at your request, Art. 6 para. 1 sentence 1 lit. b GDPR.

We use the provider HubSpot Inc (25 First Street, Cambridge, MA 02141 USA) for this function, with whom we have concluded the standard contractual clauses.
You can find HubSpot’s privacy policy here.

h) Webinar

We offer you the opportunity to register for our live webinars. To register, you need to enter your first name, surname and email address. We process this data on the one hand for participation in the live webinar and on the other hand to add your e-mail address to our newsletter mailing list. Giving your consent to receive our newsletter is a consideration for participating in the webinar. However, you can unsubscribe from the newsletter at any time.

The processing of your personal data is therefore carried out for the implementation of pre-contractual measures that are carried out at your request, Art. 6 para. 1 sentence 1 lit. b GDPR.

We use the provider HubSpot Inc (25 First Street, Cambridge, MA 02141 USA) for this function, with whom we have concluded the standard contractual clauses.
You can find HubSpot’s privacy policy here.

i) Application form

We provide you with a form on our website that you can use to apply for a job with us. Your personal data from the application will be processed in accordance with our data protection information for applicants.

The use of this form is based on our legitimate interest in a simple and secure transmission of your application documents, Art. 6 para. 1 sentence 1 lit. f) GDPR.

For this purpose, we use the provider Personio SE &amp Co. KG, Rundfunkplatz 4, 80335 Munich. We have concluded an order processing contract with this provider.

You can view the data protection information for the processing of personal data by us as part of the application process and by Personio itself through the provision of the application tool at https://finway.jobs.personio.de/privacy-policy?language=de (only german).

j) Chat

We use the chatbot service of HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) on our website to process your enquiries faster and more efficiently. The chat histories are processed by us and assigned to your customer data in our CRM.

Hubspot’s chat widget uses cookies and the IP address to provide the service and collect information about you as a user of our website.

All the data you provide in the chat is processed by us, in particular the chat history.

Before using the chat, your consent is required in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke this consent at any time. The processing of your data remains lawful until we receive your cancellation.

We have concluded the standard contractual clauses with HubSpot. HubSpot does not obtain the right to pass on your data.
You can find HubSpot’s privacy policy here.

k) Google Fonts

We use Google Fonts on our website. This enables the display of fonts. Google Fonts is a service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). These web fonts are integrated by a server call, usually a Google server in the USA. This may result in the following being transmitted to the server and stored by Google:

  • Name and version of the browser used
  • Website from which the request was initiated (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • IP address of the requesting computer
  • Language settings of the browser or operating system used by the user

Further information on data protection at Google and in relation to Google Fonts can be found at:

https://developers.google.com/fonts/faq/privacy
www.google.com/policies/privacy/

The use of Google Fonts serves to make it easier for you to read our website and to make it more graphically appealing and is therefore based on our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

l) Google Tag Manager

We use Google Tag Manager from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. Google Tag Manager is an administration and management tool in which other tracking and/or statistics tools can be centrally managed and played out.

When you visit our website, Google Tag Manager collects and processes your IP address, which may also be transmitted to the USA. However, Google Tag Manager itself does not create any user profiles or analyses.

The Google Tag Manager is used on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence f GDPR.
We have concluded an order processing contract with Google.
The Google privacy policy can be found here.

m) Google Photos

We have integrated ‘Google Photos’ on our website. Google Photos is a service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Google Photos is integrated via a server call, usually a Google server in the USA. As a result, your IP address is transmitted to Google and stored.

We have concluded an order processing contract with Google.

You can find more information in Google’s privacy policy, which you can access here:

https://policies.google.com/privacy
https://safety.google/intl/de_de/photos/

The use of Google Photos is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time.

n) jQuery

We use the JavScript library jQuery from the OpenJS Foundation (The OpenJS Foundation, 548 Market St. PMB 57274, San Francisco, CA 94104, USA) on our website. This is a collection of JavaScript programmes and routines that offer versatile solutions to problems.
The JavaScript routines are provided via a connection to servers in the USA and downloaded from there.
Accordingly, it cannot be ruled out that the IP address of our website visitors will be processed by jQuery.
The use of jQuery is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, namely to ensure the functionality of the website and to be able to restore it as quickly and easily as possible in the event of a problem.
We have concluded a contract with jQuery for order processing or the SCC.
Further information on jQuery’s data protection can be found at:
https://images.prismic.io/openjsf/ba00b254-685f-4e54-b1ca-17984b0f3e55_OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf

o) Kununu Widget

The Kununu widget (from New Work SE, Am Strandkai 1, 20457 Hamburg) is integrated as an image file on our website. This means that when you visit our website, your IP address including the browser ID is sent to the Kununu server so that the image is then displayed. No cookies are set and no other analyses are carried out.

Further information can be found at https://privacy.xing.com/en/privacy-policy.

The integration of the Kununu widget is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

11. Analyse and tracking tools

We use the analysis and tracking tools listed below on our website. These serve to ensure the continuous optimisation of our website and to design it in line with requirements.

We use these tools on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time by changing the cookie settings. Processing remains lawful until you withdraw your consent.

The respective data processing purposes and data categories can be found in the corresponding tools. We would like to point out that we have no influence on whether and to what extent the service providers carry out further data processing.

a) Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as ‘Google’).

Google Analytics uses cookies in this context (see section 7). The information generated by the cookie about your use of this website, such as

  • Name and version of the browser used
  • Operating system of your computer
  • Website from which the access is made (referrer URL)
  • IP address of the requesting computer
  • Time of the server request

is usually transmitted to a Google server in the USA and stored there.
Your IP address is automatically anonymised by Google before it is recorded via EU domains and servers. There is therefore no logging or storage of your IP address.

Google will use this information on our behalf to analyse your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

We have concluded an order processing contract with Google.

Please click here for an overview of data protection at Google.

b) Google Remarketing

We use the remarketing function of Google Analytics to target advertising campaigns – including Google AdWords campaigns – to visitors to our website.

Based on your previous visits to our website, you will be presented with relevant adverts when you visit other websites in the Google Display Network.

The DoubleClick cookie enables Google to show us and other third-party providers targeted adverts that match the interests determined on the basis of your previous visits to our website and/or other websites. These adverts may be displayed on Google websites and/or other operators of the Google advertising network. We also use the Google Analytics advertising functions to analyse the effectiveness of our own advertising campaigns.
If you have agreed in your Google account that your web and app browsing history will be linked by Google to your Google account and information from your Google account will be used to personalise ads, Google will use data from you together with Google Analytics data to create target group lists for cross-device remarketing. For this purpose, Google Analytics first collects Google-authenticated IDs for you as a user on our website, which are linked to your Google account. Google Analytics then temporarily links these IDs with Google Analytics data in order to optimise our target groups.

We have concluded an order processing contract with Google.

Please click here for an overview of data protection at Google.

c) Google Ads Conversion Tracking

We use Google Ads, an online advertising programme from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. Conversion tracking is also used. With this tool, Google Ads places a cookie on your end device when you access our website via a Google advert.
The cookie is not used for personal traceability. If you visit our website as a user and the cookie is still working, we and Google will recognise that you clicked on the relevant ad and were redirected to our site. A different cookie is assigned to each Google Ads customer. This means that cookies cannot be tracked via the websites of Ads customers.

The data collected by conversion cookies is used to create conversion statistics for Ads customers. As Google Ads customers, we can find out the total number of users who responded to our advert and were then redirected to a website that was provided with a conversion tracking tag. This allows us to recognise the success of individual advertising measures. We do not receive any information during this process that would allow us to personally identify you as a user.

When using Google Ads, your browser automatically establishes a direct connection with the Google server and, if you have a Google account and are logged into it, can assign the visit to your account. If you do not have a Google account, Google will assign you a unique identifier. We have no influence on what other data Google collects and stores.

We have implemented Google’s ‘extended conversions’ function on our website. This means that data collected by us, such as email address, name, address or telephone number, is recorded in conversion tracking tags. These are then sent to Google in hashed form, where they are used to match our existing customers with Google accounts. You can find more information about this function at https://business.google.com/uk/privacy/products/enhanced-conversions/.

We have concluded an order processing contract with Google.

You can find out more about Google’s privacy policy at http://www.google.de/policies/privacy/.

d) Google Website Call Conversations

We use Google Ads, an online advertising programme from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. Website call conversion tracking is also used. With the help of this tool, we can record calls that are triggered by interactions with our Google Ads adverts. If a user visits our website after clicking on an advert and calls the telephone number displayed there, this call is recorded as a conversion. For this purpose, the displayed telephone number is replaced by a Google forwarding number in order to assign the call to the corresponding advert.

The following personal data is processed:

  • Telephone number of the caller
  • ATime and duration of the call
  • Information on the end device and browser used
  • IP address of the user
  • Referrer URL (the previously visited page)
  • Location data (if authorised by the user)

This data is usually transferred to a Google server in the USA and stored there.

We have concluded an order processing contract with Google.

You can find out more about Google’s privacy policy at https://policies.google.com/privacy?gl=de

e) Google Double Click

We have integrated components of DoubleClick by Google on our website. DoubleClick is a Google brand under which special online marketing solutions are primarily marketed to advertising agencies and publishers. DoubleClick by Google transmits data to the DoubleClick server with every impression as well as with clicks or other activities.

Each of these data transfers triggers a cookie request to the data subject’s browser. If the browser accepts this request, DoubleClick places a cookie in your browser.

DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is required, for example, to display an advert in a browser. DoubleClick can also use the cookie ID to record which adverts have already been displayed in a browser in order to avoid duplication. The cookie ID also enables DoubleClick to record conversions. Conversions are recorded, for example, if a user has previously been shown a DoubleClick advert and subsequently makes a purchase on the advertiser’s website using the same Internet browser.

The cookie is used, among other things, to place and display user-relevant adverts and to create reports on advertising campaigns or to improve them. The cookie is also used to avoid multiple displays of the same advert. Each time you access one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions.

A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to create commission statements. Among other things, Google can recognise that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy abgerufen werden.

We process your data with the help of the DoubleClick cookie for the purpose of optimising and displaying advertising.

f) Hubspot

We work with the Hubspot CRM software from HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA), which we use to manage our customer data and conduct online marketing. Among other things, landing pages are analysed and reports created for this purpose. Web beacons and cookies are used for this purpose. The following personal data may be processed in this context:

  • IP address,
  • geographical location,
  • type of browser,
  • duration of the visit,
  • pages accessed,
  • visitor sources using Utm parameters.

As a rule, the IP address is processed on Hubspot’s European servers and only stored in a truncated version. Only in exceptional cases is the IP address transferred to a HubSpot server in the USA and truncated there.

We use the information collected to constantly optimise and improve our website and to make it more user-friendly for you. In addition, we use this information to analyse which of our company’s services are of interest to customers, users and newsletter subscribers in order to contact them for advertising purposes.

We have concluded the standard contractual clauses with HubSpot. HubSpot does not obtain the right to pass on your data.

You can find HubSpot’s privacy policy here.

g) Hubspot Forms

We have integrated HubSpot Forms on our website. HubSpot Forms is a service of HubSpot, Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) and offers marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing and web analytics.HubSpot Forms is used to store data entered in forms, e.g. when contacting us via a contact form. The data entered can be stored in our customer relationship management system (CRM system).

In this case, your data will be passed on to the operator of HubSpot Forms, HubSpot, Inc, Cambridge, Massachusetts, US.

HubSpot Forms and the integrated services are used to optimise our marketing measures and improve our service quality on the website.

Further information can be found in the privacy policy for HubSpot Forms: https://legal.hubspot.com/privacy-policy.

h) Microsoft Clarity

We use the ‘Microsoft Claritiy’ analysis service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA on our website.

Usage and user-related information, such as IP address, location, time or frequency of visits to our website, is transferred to a Microsoft server in the USA and stored there. We have activated the anonymisation function at Microsoft so that your IP address is only processed in abbreviated form.

This data is used to evaluate your visit to our website and your usage behaviour so that we can improve and optimise our services.

We have agreed the standard contractual clauses with Microsoft. You can find further information on data protection at Microsoft at https://privacy.microsoft.com/de-de/privacystatement

i) Microsoft Advertising Conversion Tracking

Wir setzen auf unserer Webseite das Werbeprogramm Microsoft Advertising ein, welches von der Microsoft Ireland Operations Limited, One Microsoft Place, South Country Business Park, Leopardstown, Dublin, Ireland 18, D18 P521 („Microsoft“) bereitgestellt und betrieben wird.

With the help of the Microsoft Advertising programme, we can place advertisements in various search engines and networks. We have implemented Universal Event Tracking (UET) on our website in order to recognise which ad or keyword brought you to our website. This is a conversion tracking tag that allows us to learn more about your user behaviour on our website. We use this information to optimise our web ads and offers and adapt them better to your needs.
Microsoft collects, processes and uses information via the cookie, from which user profiles are created using pseudonyms. These user profiles are used to analyse visitor behaviour and are used to display advertisements. No personal information about the identity of the user is processed.

Microsoft Advertising may collect the following information, among other things:

  • Information about the browser you are using and the device you are using
  • Identifiers assigned by Microsoft,
  • Website or display from which access is made (referrer URL)
  • IP address of the requesting computer,
  • Access duration and time.

We have concluded an order processing contract with Microsoft, which ensures that your data will be processed in accordance with European data protection standards.

It cannot be ruled out that personal data will also be processed by the service provider in the USA, as the parent company Microsoft Corporation has its headquarters in the USA.
Further information on data protection and the cookies used by Microsoft can be found on the Microsoft website https://privacy.microsoft.com/de-de/privacystatement.

j) LinkedIn Insight Tag

We use LinkedIn Insight Tag from LinkedIn Corporation, Sunnyvale, California, US, to create target groups, segment visitor groups of our online offer, determine conversion rates and subsequently optimise them. This happens in particular when you interact with adverts that we have placed with LinkedIn Corporation. For this purpose, LinkedIn Corporation offers retargeting for website visitors in order to display targeted advertising outside our website.

LinkedIn Insight Tag collects data about visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent) and timestamp. This data is used to provide anonymised reports on website audience and ad performance.

We process your data with the help of LinkedIn Insight Tag for the purpose of optimising our website and for marketing purposes.

Further information can be found in the privacy policy for LinkedIn Insight Tag: https://www.linkedin.com/legal/privacy-policy?

k) LinkedIn Analytics

We use LinkedIn Analytics on our website, a web analytics service provided by LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, hereinafter referred to as ‘LinkedIn’).

LinkedIn Analytics uses cookies in this context (see section 7). The information generated by the cookie about your use of this website, such as

  • login data
  • device information
  • IP addresses

is logged and may be transferred to a LinkedIn server in the USA and stored there.
LinkedIn will use this information on our behalf to analyse your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of LinkedIn Analytics is not merged with other LinkedIn data.

We have concluded an order processing contract with LinkedIn.

Please click here for an overview of data protection at LinkedIn:
https://www.linkedin.com/legal/privacy-policy

l) LinkedIn Ads

We have integrated LinkedIn Ads from LinkedIn Corporation, Sunnyvale, California, US on our website.

LinkedIn Ads is a service provided by LinkedIn Corporation that displays targeted advertising to users. LinkedIn Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users. LinkedIn Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. LinkedIn Ads also delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be passed on to the operator of LinkedIn Ads, LinkedIn Corporation, Sunnyvale, California, US.

Web tracking technologies are used to create pseudonymised user profiles. These profiles cannot be merged with you as a natural person, but are used, for example, for segmentation when displaying adverts.

We process data with the help of LinkedIn Ads for the purpose of optimising our advertising campaigns and for marketing purposes.

Further information can be found in the privacy policy for LinkedIn Ads: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

12.Image, sound and video integration

a) YouTube and YouTube Images

We embed videos from YouTube, which is operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), into our website as part of iFrame and/or via a plug-in. We use the tool to display videos and associated (preview) images on our website. When embedding the videos, we have activated YouTube’s extended data protection mode.

If you play a YouTube video during your visit, a connection to the YouTube servers is established and the YouTube server is informed which of our pages you have visited. This allows YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your member account before visiting our website. In addition, YouTube sets various cookies when the service is started in order to improve the services it offers and to prevent misuse.

Further information on the handling of user data and the cookies set can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en&gl=de.

By integrating YouTube, Google fonts are also dynamically reloaded by Google without the website operator or visitor actively determining this. These web fonts are integrated by a server call, usually a Google server in the USA. This may result in the following being transmitted to
the server and stored by Google:

  • Name and version of the browser used
  • Website from which the request was initiated (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer/li>
  • IP address of the requesting computer
  • Language settings of the browser or operating system used by the user

You can find more information in Google’s privacy policy, which you can access here:

www.google.com/policies/privacy/

The legal basis is the consent you have given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time by changing the cookie setting on our website.

13. Rights of the data subject

You have the following rights:

a) Information

In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right to information includes information about

  • the purposes of processing
  • the categories of personal data
  • the recipients or categories of recipients to whom your data has been or will be disclosed
  • the planned storage period or at least the criteria for determining the storage period
  • the existence of a right to rectification, erasure, restriction of processing or objection
  • the existence of a right of appeal to a supervisory authority
  • the origin of your personal data if it was not collected by us
  • the existence of automated decision-making including profiling and, if applicable, meaningful information on its details

b) Rectification

According to Art. 16 GDPR, you have the right to immediate correction of incorrect or incomplete personal data stored by us.

c) Erasure

In accordance with Art. 17 GDPR, you have the right to obtain from us the erasure of your personal data without undue delay, unless further processing is necessary for one of the following reasons:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • for exercising the right of freedom of expression and information
  • for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
  • for the establishment, exercise or defence of legal claims

d) Restriction of processing

You may request the restriction of the processing of your personal data for one of the following reasons in accordance with Art. 18 GDPR:

  • You dispute the accuracy of your personal data.
  • The processing is unlawful and you oppose the erasure of the personal data.
  • We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
  • You object to the processing in accordance with Art. 21 para. 1 GDPR.

e) Notification

If you have requested the rectification or erasure of your personal data or restriction of processing pursuant to Art. 16, Art. 17 or Art. 18 GDPR, we will inform all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You can request that we inform you of these recipients.

f) Transfer

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format.
You also have the right to request the transfer of this data to a third party, provided that the processing is carried out using automated procedures and is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

g) Revocation

In accordance with Art. 7 para. 3 GDPR, you have the right to revoke your consent to us at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In future, we may no longer continue the data processing that was based on your withdrawn consent.

h) Complaint

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

i) Objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying the particular situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to datenschutz@finway.de.

j) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

i. is necessary for entering into, or performance of, a contract between you and us
ii. is authorized by European Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
iii. is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in i) and iii), we shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

14. Changes to the privacy policy

If we change the privacy policy, this will be indicated on the website.

Status: 30.04.2025