Transparency declaration for our customers (m/f/d)
Reason
Information
Affected
This privacy statement is addressed to all persons who conclude customer contracts with the responsible party (see below), regardless of whether these contracts are subject to a charge or not. All personal designations refer to all genders and the associated language forms, in particular diverse, female, male. Each person designation is to be understood with the addition “(m/f/d)”.
Responsible
The person responsible for the processing described here is: Fundsback GmbH, Schiffgraben 43, 30175 Hannover
Phone: +49-(0)511 898 444 20
E-mail: [email protected]
Rights
(1) The data subjects have the following rights with regard to the data stored about them: the right to information, the right to correct incorrect data, the right to delete data for which there is no longer a reason for storage, to restrict processing and to data portability. Furthermore, they have the right to complain to the supervisory authority responsible for the controller.(2) Insofar as the processing is based on the consent of the data subjects, the data subjects may revoke their consent at any time and with effect for the future; for example, by sending an informal message to one of the above-mentioned contact channels (controller).
(3) Insofar as the processing is based on the fulfillment of a legitimate interest, thus on Article 6 (1) sentence 1 lit. f DSGVO, the data subjects may object to the processing at any time; for example, by sending an informal message to one of the above-mentioned contact channels (responsible party). If the objection is justified, the processing will be terminated. If the legitimate interest lies in direct marketing; the objection is always justified.
Further notes
(1) Automated decision-making, including profiling, does not take place.
(2) A legal obligation to process exists only if reference is made below to Article 6 (1) sentence 1 lit. c DSGVO.
Data processing
(1) The initiation of the contract proceeds as follows: Either the data subjects make initial contact with the controller or vice versa. Here, the controller processes all data that the data subjects voluntarily provide. This is often the contact data (name, contact data such as e-mail address and address). The data controller stores this data. The purpose is the initiation or establishment of a contract. The legal basis is Article 6 (1) sentence 1 lit. b DSGVO.
(2) After the conclusion of the contract, the responsible party collects the further communication data (IP address, delivery of service, answering follow-up questions) in order to fulfill the contract. The purpose is the performance of a contract. The legal basis is Article 6(1) sentence 1 lit. b DSGVO, Article 6(1) sentence 1 lit. c DSGVO, according to which the processing is necessary for compliance with a legal obligation to which the controller is subject and Article 6(1) sentence 1 lit. f.
(3) After the end of the contract, the customer data will be kept as follows.
- Data that are relevant for the taxation of the Responsible Party are generally retained for six years. Deviating from this, data is retained for ten years. The respective period begins in the year in which the document was created. The purpose is to fulfill a legal retention obligation. The legal basis is Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO.
- If the processing of the data is based on consent, the data processed on the basis of the consent is retained until the consent is revoked or until the purpose associated with its processing expires. The purpose is stated in the respective declaration of consent. The legal basis is Article 88 DSGVO in conjunction with. § Section 26 (2) BDSG2018.
- Data proving the granting of consent is retained for three years, with this period beginning on December 31 of the calendar year in which either the consent is revoked or the data is deleted for other reasons. The purpose is to fulfill a legal obligation to retain data. The legal basis is Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. Article 7 (1) DSGVO.
(4) In addition to paragraph 2, the Controller may transfer accounting data to an external tax consultancy. The legal basis is Article 6 (1) sentence 1 lit. f DSGVO. The legitimate interest follows from the necessity of providing external tax advice/support. Insofar as data is processed at the tax consulting firm, this does not constitute commissioned processing (cf. DSK Brief Paper 13), but rather a data transfer, which in turn is justified by Article 6 (1) sentence 1 lit. f DSGVO. This is therefore a case of other outsourcing.
(5) In addition to paragraph 2, the Controller shall transfer accounting data to the provider of external accounting software. The legal basis is Article 6 (1) sentence 1 lit. f DSGVO. The legitimate interest follows from the necessity of providing external, tax law advice/support.
(6) In addition to paragraph 2, the data controller may contact the data subjects by e-mail for promotional purposes. For this purpose, the data controller uses the following data: Name and e-mail address. The purpose is to address the data subjects in an advertising manner who are in a contractual relationship with the data subject. The legal basis is Article 6 (1) sentence 1 lit. f DSGVO, whereby the legitimate interest follows from the aforementioned purpose in conjunction with. Recital 47. The data subjects are informed that they may object to this processing at any time and without justification, without incurring any costs other than the transmission costs according to the prime rates.
(7) In addition to paragraph 2, the data controller shall transmit the data to the credit agency selected by the data controller for the purpose of fulfilling the contract.
Processors and third parties that receive data
The following third party processors receive personal data:
Third-party Provider: The accounting data is transmitted to an external tax consultancy firm. Insofar as data is processed at the tax consultancy firm, this does not constitute commissioned processing (cf. DSK Brief Paper 13), but rather a data transfer, which in turn is justified by Article 6 (1) sentence 1 lit. f DSGVO. It is, therefore, a case of other outsourcing.
Third-party providers: This website uses Sendinblue to send emails and newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service with which, among other things, the sending of emails and newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on Sendinblue’s servers in Germany.
