fino

Privacy policy

Inhalt
    Add a header to begin generating the table of contents

    § 1 Preamble

    This privacy policy of fino run GmbH, Universitätsplatz 12, 34127 Kassel, would like to inform you as a user about which of your personal data is collected and processed by us as the controller within the meaning of the General Data Protection Regulation when you use our websites, social networks and online platforms.

    § 2 Responsible officer and contact data protection officer

    fino run GmbH
    Universitätsplatz 12
    D
    -34127 Kassel

    Represented by: Aleksandar Jeremic, Dr. Christian Reichmayr
    Telephone: +49 561 82790 40 

    If you have any questions about the processing of your personal data or about data protection in general, please contact the data protection officer, who is also available to you in the event of complaints. You can contact the data protection officer by e-mail at datenschutz@fino.run or at the address given in the legal notice.

    § 3 Collection and use of personal data for the technical provision of the website

    3.1. When you visit our website, all data is collected in accordance with the principle of data avoidance and data minimisation. Nevertheless, when you visit our website, the internet browser you use automatically sends data to our website server (so-called log files) and stores it for a maximum period of two weeks. This includes the name of the retrieved files, the date and time of the retrieval, the amount of data transferred, any error messages, the operating system and browser software of the end device, the website from which the website is visited and general information about the usage behaviour of the website. The legal basis for the collection and processing of this data is in accordance with Art. 6 Para. 1 S. 1 lit. f. GDPR our legitimate interest in:
    (a) the search for the cause of possible server problems
    (b) the analysis of technical errors
    (c) the maintenance of the website
    (d) ensuring system security
    (e) protection against misuse (e.g. detection and defence against hacker attacks)
    (f) the pseudonymised statistical analysis of the collected data
    (g) the optimisation of the website.

    We use the following services and service providers to operate our website: WP Engine (web hosting, data centre location: Belgium), Irongate House, 22-30 Duke’s Place, London, EC3A 7LP United Kingdom

    § 4 Use of cookies

    4.1. Cookies are used on our website. Cookies are small text files that are stored on your computer and saved by your browser. As a rule, we use session cookies, which are automatically deleted at the end of your visit or use of our application. Cookies cannot cause any damage to the end devices used and, in particular, do not contain any viruses or other malware.

    4.2. You can prevent the setting of cookies with the help of your browser settings, or be automatically informed before a cookie is set in order to reject this in individual cases. In this case, however, parts of our services may not function or may not function optimally. The cookies used serve to optimise the use of our website so that, for example, session cookies can be used to track whether you have already visited individual subpages of the website. These are only stored on your end device for a temporary period in order to improve the user-friendliness of the website. If you visit our website again, it will automatically recognise that you have already visited it at an earlier time and which language settings and entries you have made. In this way, repeated input can be avoided.

    4.3. Various types of cookies are used on our website. On the one hand, technically necessary cookies for displaying the website and, on the other hand, cookies that serve statistical and marketing purposes. You can find more detailed information in the list in the cookie manager (notification window that appears at the start of the website visit) and in the cookie policy.

    4.4. The legal basis for the setting of technically necessary cookies on our website is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f. GDPR. GDPR. For cookies that are not technically necessary, we obtain your voluntary consent, which can be revoked at any time, in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR via the Cookie Manager. By adjusting the setting in the Cookie Manager, you can revoke or adjust your consent to data processing based on cookies set at any time.

    4.5. Unless otherwise stated, it can be assumed that no cookies are stored.

    § 5 Analysis and improvement of the website

    5.1. With the help of reach measurement and web analysis, visitor flows to our website as well as the behaviour, interests and demographic data of our website visitors can be evaluated as pseudonymised data. This enables us to find out which segments require optimisation. In addition to measuring reach, test procedures can also be used. This allows various website versions to be tested and optimised. For this purpose, user profiles can be created and stored in a file (so-called cookies) or similar procedures can be used for the same purpose.

    5.2. For this purpose, information such as website content viewed, websites accessed, browser and operating system used as well as activity and usage times may be stored. Depending on the user’s consent, location data may also be affected by this. We use an IP masking procedure to store the IP addresses of website users, whereby the IP address is pseudonymised by shortening it. In principle, no clear data (e.g. name, e-mail address) of the visitors is stored, but pseudonyms, so that we do not know the actual identity of the users.

    5.3. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR, provided that we ask for your consent to the use of the respective third-party providers. Otherwise, our legitimate interest in efficient, user-friendly and economical services constitutes the legal basis for data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

    (a) Processed data types: Meta and communication data (e.g. IP address, device information), usage data (e.g. access time, websites visited, content accessed)
    (b) Data subjects: Users (e.g. users of the online services, visitors to the websites)
    (c) Purpose of processing: reach measurement, tracking, evaluation of visitor actions, target group-orientated marketing, profiling
    (d) Legal basis for processing: Art. 6 para. 1 sentence 1 lit. f GDPR (our legitimate interest) and Art. 6 para. 1 sentence 1 lit. a GDPR (consent)

    5.4. The external service or service provider Google Analytics is used to analyse and optimise the website. By using Google Analytics data, we can improve our online offering and carry out targeted marketing measures based on the interests of our users.

    Google Analytics: We use Google Analytics as universal analytics for online marketing and web analysis. Universal Analytics is a process for analysing users based on a pseudonymous user ID, so that a pseudonymous user profile is created that consists of information from the use of different end devices (so-called cross-device tracking).

    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

    Website: https://support.google.com/analytics/answer/2790010?hl=de&ref_topic=6010376) https://marketingplatform.google.com/intl/de/about/analytics/
    Privacy policy: https://policies.google.com/privacy
    Option to object / Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=de 

    § 6 Online marketing

    6.1. We process your personal data as part of online marketing. The online marketing measures include in particular the marketing of advertising space, the display of advertising content according to user interests and the determination of its effectiveness. For this purpose, user profiles are created and stored in a file (so-called cookies) or similar procedures are used for the same purpose.

    6.2. The content of the user profiles may include information such as websites accessed, website content viewed, social networks used, browser and operating system used or usage times. Depending on the user’s consent, location data may also be affected by this. We use an IP masking procedure to store the IP addresses of website users, whereby the IP address is pseudonymised by shortening it. In principle, no clear data (e.g. name, e-mail address) of the visitors is stored, but pseudonyms, so that we do not know the actual identity of the users.

    6.3. The aforementioned user profile information is stored in the cookies or by comparable processes. In principle, the cookies can also be used, read, analysed or stored at a later date on other websites using the same procedure for online marketing.

    6.4. If you, as a user of our website, are also a member of a social network that uses the same procedures for online marketing and links your profile with the above-mentioned information, your clear data can be assigned to the user profile. Any deviating regulations can be agreed by the user directly with the provider of the social network, e.g. by giving consent during the registration process.

    6.5. In general, only summarised information is made available to us in order to be able to assess the success of our advertisements. By measuring conversion, we can analyse which marketing measure has led to a conversion, i.e. the conclusion of a contract. No conversion measurement takes place for other purposes.

    6.6. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR, provided that we ask for your consent to the use of the respective third-party providers. Otherwise, our legitimate interest in efficient, user-friendly and economical services constitutes the legal basis for data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

    (a) Processed data types: Meta and communication data (e.g. IP address, device information), usage data (e.g. access time, websites visited, content accessed), location data
    (b) Data subjects: Users (e.g. users of the online services, visitors to the websites), customers, employees, interested parties, communication partners)
    (c) Purpose of processing: evaluation of visitor actions, tracking, target group-oriented marketing, profiling, remarketing, measurement of conversion and reach, cross-device tracking, target group formation, click tracking
    (d) Legal basis for processing: Art. 6 para. 1 sentence 1 lit. f GDPR (our legitimate interest) and Art. 6 para. 1 sentence 1 lit. a GDPR (consent)
    (e) Security measures: IP masking
    (f) Opt-Out / Option to object: You can find more detailed information in the data protection notices of the respective providers. In principle, you can deactivate cookies in your browser settings. However, we would like to point out that this may restrict the functionality of our website, which is why we recommend the following opt-out options:

    Europe: https://www.youronlinechoices.eu

    USA: https://www.aboutads.info/choices

    Canada: https://www.youradchoices.ca/choices 

    Cross-territory: https://optout.aboutads.info

    6.7. The following services and service providers are used:

    (a) Google Analytics: We use Google Analytics as Universal Analytics for online marketing and web analytics. Universal Analytics is a procedure for analysing users based on a pseudonymous user ID, so that a pseudonymous user profile is created that consists of information from the use of different end devices (so-called cross-device tracking).

    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland,
    Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

    Website: https://support.google.com/analytics/answer/2790010?hl=de&ref_topic=6010376) https://marketingplatform.google.com/intl/de/about/analytics/
    Privacy Policy: https://policies.google.com/privacy
    Opt-Out / Option to object: https://tools.google.com/dlpage/gaoptout?hl=de 

    § 7 Contacting us

    7.1. If you wish to contact us (e.g. via email, contact form, telephone, social media, chat), your details and personal data will be transmitted to us and processed by us in order to answer the enquiry or carry out the requested measures. To contact us by email, you must provide a valid email address and your name. To use the contact form, we require your name, e-mail address and telephone number. All additional information is provided voluntarily and is not mandatory. Your data will be processed on the basis of your consent or for the establishment, execution and processing of contractual relationships with us in accordance with Art. 6 para. 1 sentence 1 lit. a, b GDPR and exclusively in order to process, manage and answer your enquiry including pre-contractual measures. The data will be deleted automatically as soon as your enquiry has been dealt with and there are no further reasons for storage (e.g. subsequent cooperation).

    7.2. We use the following Elementor plug-in for WordPress for the contact form:
    a) Elementor Ltd, Mesada st. 7, Tel Aviv, Israel. Elementor is a locally installed plug-in. There is no data transfer to third parties. The applicable data protection provisions of Elementor may be retrieved under https://elementor.com/terms/privacy-policy/.

    § 8 Communication via e-mail, post or telephone for advertising purposes

    8.1. If necessary, we process personal data for advertising purposes. Advertising communication takes place via various channels (e.g. email, post or telephone). Processed data types: Contact data (e.g. email address, telephone number), inventory data (e.g. name, address)

    • Affected persons: Communication partner
    • Purpose of processing: Direct marketing
    • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

    8.2. The recipient can revoke consent given at any time or object to advertising communication.

    8.3. Data required as proof of consent may be stored by us for up to three years after revocation or objection on the basis of our legitimate interest before we delete it. This data is only processed for the purpose of a possible defence against claims. If consent has been confirmed, an individual request for erasure is possible at any time.

    § 9 Newsletter  

    9.1. We offer you a free newsletter in which we inform you about current events. If you would like to subscribe to the newsletter, you must provide a valid e-mail address. Optionally, you can give us your first name and surname to receive a personalised newsletter. No further data is collected. The newsletter will only be sent with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or on the basis of a legal authorisation.

    9.2. Your consent to receive the newsletter is given via a double opt-in procedure, i.e. after submitting the registration form you will receive an e-mail to confirm your registration. Registration for our newsletter becomes effective once you have clicked on the link in the confirmation email. If you do not confirm your registration, your registration data will be automatically deleted within 30 days. To fulfil legal requirements, ActiveCampaign logs the newsletter registration and changes to your personal data. This includes saving the IP address and the time of registration and confirmation.

    9.3. You can revoke your consent at any time with effect for the future and thus cancel your newsletter subscription. After your cancellation, your personal data will be deleted and your consent to receive the newsletter will be revoked. To do this, please use the “Unsubscribe” link provided at the end of each newsletter.

    9.4. The newsletter is sent and your contact data stored by the newsletter dispatch platform “ActiveCampaign” of the US provider ActiveCampaign, LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602, USA. The email address of newsletter recipients and other data described above are stored on the ActiveCampaign server in the USA. ActiveCampaign uses this data on our behalf to send and analyse the newsletter. In addition, ActiveCampaign may use the data to improve and optimise its own service. To protect your data, we have concluded a data processing agreement with ActiveCampaig. ActiveCampaign thereby undertakes to protect your data, to process the data on our behalf in accordance with the data protection regulations and not to pass it on to third parties. You can find information about ActiveCampaign’s data protection provisions at https://www.activecampaign.com/legal/terms-of-service. In addition, the newsletter contains a pixel-sized file (so-called “web beacon”). This is retrieved from the ActiveCampaign server when the newsletter is opened, whereby technical information (e.g. internet browser, operating system, IP address, time stamp) is collected. This data is used to improve the technology of the service. It can also be used to analyse whether and when a newsletter was opened by the recipient and which links contained therein were clicked. Although this information can be used to draw conclusions about individual recipients, this is not in our or ActiveCampaign’s interest and is only used to analyse reading habits and to adapt the newsletter content.

    9.5. It is possible that you will be redirected to the ActiveCampaign website when you receive the newsletter, e.g. if you click on the link in our newsletter to retrieve the newsletter online. You can also correct your data (e.g. e-mail address). In these cases, we would like to point out that ActiveCampaign uses cookies on its websites and that your personal data may therefore be processed by ActiveCampaign itself and its partners and service providers. We have no influence over this.

    § 10 Encrypted transmission of personal data 

    All data traffic between your browser or end device and the server used by this service is encrypted. A modern transmission method, TLS protocol (Transport Layer Security protocol), is used for this purpose. This ensures that all data is transmitted in encrypted form and is protected against manipulation and unauthorised access by third parties during transmission.

    § 11 Rights of data subjects 

    We guarantee your right to informational self-determination and the protection of your personal rights when using our services. You can request information about the data stored about you free of charge at any time in accordance with Art. 15 GDPR. In addition, under certain conditions, you can assert the rights under Art. 16 to 18 and 21 GDPR against us: Correction or deletion of your stored data, restriction of the processing of your stored data, objection to the processing of your stored data, right to revoke consent once given for the collection, processing and use of your personal data with effect for the future and your right to data portability. To do so, please use the contact details provided in the legal notice. You have the right to lodge a complaint with a supervisory authority at any time if you believe that your personal data has been processed unlawfully.

    § 12 Social networks and online platforms

    12.1. We are represented on various social networks and online platforms in order to be able to present our services and information to a large number of interested parties.

    12.2. The networks and online platforms we use are globally active social media, so it cannot be ruled out that your personal data will only be processed within the EU. To protect your data, it will only be transferred to third countries in accordance with Art. 44 et seq. GDPR.

    12.3. We would like to draw your attention to the fact that the operators of the respective platform may process your personal data and merge it into user profiles. This can happen regardless of whether you are registered with the respective platform or not. If you have a user account with the social network concerned, the data provided by us will be analysed and assigned to your person. This is done for the purpose of target group-orientated marketing. For more information in this regard, please refer to the privacy policy of the respective social media and the following information. If you wish to make use of your rights as a data subject, please contact the respective operator of the online platform. We generally do not have access to your personal data processed by the operators. This does not include data such as name, user ID, profile picture, age (group), gender, language, country, list of friends or followers, your list of followers. This data is only provided to the extent that you have given your consent or the social network settings you have made allow it. The purpose of processing the personal data provided is to share your opinion in the linked social media and to optimise our presence and reach on the online platforms. The processing is carried out on the basis of our legitimate interest in possible reporting on our products and public relations work.

    (a) Processed data types (depending on setting and online platform): Master data (e.g. name, user ID), contact data (e.g. email address, telephone number), metadata (e.g. cookie data, device ID, network, connection), content data (e.g. comments), usage data (e.g. usage activity, usage time)
    (b) Data subject: User of the online platform or social network or the owner of the device used to run the service
    (c) Purpose of processing: measurement of reach, tracking, reporting, public relations / public relations work
    (d) Legal basis of the processing: Art. 6 para. 1 sentence 1 lit. f. GDPR (our legitimate interest or that of third parties (e.g. provider of the online platform) and Art. 6 para. 1 lit. a GDPR (if you have a user account with a social network and have consented to the transfer of data to third parties).

    12.4. We use third-party services and external service providers and online platforms to distribute our offers and content and as part of our online presence. In this regard, you will find detailed information on the processing of your personal data below. The specific processing of your personal data varies depending on the respective provider and various factors (e.g. your privacy settings, activity).

    (a) Facebook
    Website: https://www.facebook.com/
    Privacy policy of the provider: https://www.facebook.com/help/568137493302217
    Responsible body: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

    Together with Meta Platforms Ireland Limited, we are responsible for the processing of your personal data that is collected, stored and used in connection with the use of the service and your visit to the website. At https://www.facebook.com/legal/terms/page_controller_addend you can view the agreement on the joint processing of your personal data in accordance with Art. 26 GDPR. You can also find the privacy policy for the Facebook pages at https://www.facebook.com/legal/terms/information_about_page_insights_data

    (b) Xing
    Website: https://www.xing.com/
    Privacy policy of the provider: https://privacy.xing.com/de/datenschutzerklaerung
    Responsible body: New Work SE, Am Strandkai 1, 20457 Hamburg

    (c) Twitter
    Website: https://twitter.com/
    Privacy policy of the provider: https://twitter.com/de/privacy
    Responsible body: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

    (d) LinkedIn
    Website: https://de.linkedin.com/
    Privacy policy of the provider: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
    Responsible body: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland

    § 13 Other links to external providers

    Insofar as there are links to websites of other providers, this data protection declaration does not apply to their content. What data the operators of these sites may collect is beyond our knowledge and sphere of influence.

    § 14 Webinars via „Microsoft Teams“

    14.1. The “Microsoft Teams” tool is used to organise webinars. “Microsoft Teams” is a service of the Microsoft Corporation.

    14.2. We are responsible for data processing that is directly related to the organisation of webinars. Note: If you access the “Microsoft Teams” website, the provider of “Microsoft Teams” is responsible for data processing. However, accessing the website is only necessary for the use of “Microsoft Teams” in order to download the software for the use of “Microsoft Teams”. If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service is then also provided via the “Microsoft Teams” website.

    14.3. Various types of data are processed when using “Microsoft Teams”. The scope of the data also depends on the data you provide before or when participating in a webinar. The following personal data is processed:

    a) User details: e.g. display name, if applicable email address, profile picture (optional), preferred language
    b) Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
    c) When dialling in with the telephone: information on the incoming and outgoing call number, country, start and end time. If necessary, further connection data such as the IP address of the device can be saved
    d) Text, audio and video data: You may have the option of using the chat function in a webinar. In this respect, the text entries you make will be processed in order to display them in the webinar. To enable the display of video and playback of audio, the data from the microphone of your end device and any video camera on the end device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.

    14.4. The webinars are not recorded or saved. Depending on how the webinar is organised, chats and the opportunity for discussion may also be used. It is your decision to participate in these ways. Storage/recording is not intended. Automated decision-making within the meaning of Art. 22 GDPR is not used.

    14.5. Insofar as the webinars are conducted within the framework of contractual relationships, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. Otherwise, your consent is the legal basis for processing in accordance with Art. 6 para. 1 lit. a) GDPR.

    14.6. Personal data that is processed in connection with participation in webinars is not passed on to third parties unless it is intended to be passed on. Please note that content from webinars and personal meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. Other recipients: The provider of “Microsoft Teams” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with “Microsoft Teams”.

    14.7. Data processing outside the European Union (EU) does not generally take place, as we have limited our storage location to data centres in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. This may be the case in particular if webinar participants are located in a third country. However, the data is encrypted during transport via the Internet and thus protected against unauthorised access by third parties.

    Kassel, 29.11.2022