Privacy Policy

Above all, data protection also means protecting your privacy. We, viafintech GmbH (hereinafter referred to as “the person responsible”), respect your privacy, which is why we have committed ourselves to protect and safeguard it. To achieve this goal, we strictly observe the legal regulations when processing your personal data. This principle forms the framework for our handling of personal data.

Please read the following notes carefully and take note of them to learn more about our approach to handling your personal data. The person responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states and other data protection regulations is the:

                    viafintech GmbH 
                    Budapester Straße 50
                    10787 Berlin
                    Germany
                    Tel.: 030 - 346 46 16 - 06
                    E-mail : privacy@viafintech.com (PGP-Key)
                    Website: www.viafintech.com

The data protection officer of the person responsible is:

                    Thomas Cezary Lewicki, LL.M. 
                    viafintech GmbH
                    Budapester Straße 50
                    10787 Berlin 
                    Germany
                    E-Mail: privacy@viafintech.com

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services/offers. The processing of personal data of our users regularly only takes place with the user’s consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations. So far as we obtain the consent of the data subject for processing of personal data, Art. 6 paras. 1 lit. EU Data Protection Basic Regulation (“GDPR”) serves as the legal basis. So far as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided by the European or national legislator in Union regulations, laws or other regulations to which the person responsible is subject. Every time you use our website, we collect access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:

• IP address of the requesting machine,
• Date and time of the request,
• Address of the website called up and the requesting website,
• Information about the browser and operating system used,
• Online identifiers (e.g. device identifiers, session IDs).

The data processing of these access data is necessary to enable you to visit the website and to ensure the permanent functionality and security of our systems. For the purposes described above, the access data is also temporarily stored in internal log files to generate statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices used to access the pages increases) and for general administrative maintenance of our website. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

The information stored in the log files is retained for 14 days and archived after subsequent anonymisation. For some of our services, we must use so-called cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to execute programs or load viruses onto your computer. The main purpose of our cookies is rather to provide you with a specially tailored offer and to make the use of our services as time-saving as possible. Most browsers are set by default to accept cookies. However, you can adjust your browser settings to refuse cookies or to only store them after prior consent. If you reject cookies, not all of our offers will work for you without interruption. We use Cookies especially for:

• to save your language settings,
• to indicate that you have been shown information placed on our website – so that it will not be displayed again the next time you visit the website.

We want to make it easier for you to use our website more comfortably and individually. These services are based on our aforementioned legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. We also use cookies and comparable technologies (e.g. web beacons) from partners for analysis purposes. You have several possibilities to get in contact with us. These include the general contact form on our website, which offers contact opportunities for (potential) business customers to i.) receive information about our products and services or ii) request a callback or feedback. In this context we process data exclusively for the purpose of communicating with you. The legal basis is Art. 6 para. 1 lit. b GDPR. The data processed by us when using the contact forms will initially be stored for 30 days after complete processing of your enquiry, for reasons of allocation, in case you have any queries regarding our reply/processing, and will be automatically deleted after 30 days unless we need your enquiry to contact you at a later date as part of a pre-contractual business relationship. Description and scope of data processing When contacting us via our website, you actively enter your personal data via an input mask. The data is transmitted to us and stored by us. The data will not be passed on to third parties. The following data is collected during the input process:

• First name
• Last name
• e-mail adress
• Phonenumber
• Company
• Department

The following data is also saved at the time of entry:

• IP-adresse of the user
• Date and time of entry

Before we process the data entered, we will obtain your consent, which you give us by actively checking the appropriate box at the end of the input mask. The legal basis for the processing of the data is Art. 6 para. 1 letter a GDPR if the user has given his consent. If you have decided to apply for one of our job advertisements or to send us a speculative application for a position, you can use our contact form for applicants on our homepage in the « Careers » section. This is a so-called input mask that you must use to provide us with information about yourself and to upload documents required for the selection process.

The mandatory details are:

• your name (first and last name)
• e-mail address
• the position you wish to apply for
• your curriculum vitae

Optionally, you can also voluntarily attach further documents that you would like to send us as part of your application to viafintech. These are regularly cover letters, certificates and similar documents which also contain further personal data, such as

• address
• place of birth
• date of birth

and other personal details/characteristics.

As soon as you have filled in the mandatory fields, attached the corresponding files and then pressed « Send », this information and data is forwarded fully automatically to our project management tool ASANA. Viafintech uses ASANA to organise and process incoming applications. For more information on ASANA, please see section VI Nr. 4. The purpose of data processing is the selection of applicants for employment. The legal basis for processing your application documents is Art. 6 (1) (1) (b) and Art. 88 (1) GDPR in conjunction with Section 26 (1) (1) of the German Federal Data Protection Act (BDSG).

We would like to emphasise at this point that only expressly authorised employees of our HR department and employees (necessarily) involved in the application process are granted access to your data (need to know principle), i.e. our HR department has access to your data in the first instance, but also the specialist department of the job for which you have applied. All personal data that you provide to us as part of the application process is processed (including storage) solely for the purpose of evaluating and classifying your knowledge, skills and experience for the respective vacancy for which you have applied, unless otherwise agreed with you. Any agreement to the contrary always requires your consent.

Your personal data and documents will be stored for 180 days from receipt of your application, i.e. the moment you press « Send ».

On the one hand, this is based on legal requirements and specifications for the storage period, which we must comply with. On the other hand, we must be able to defend ourselves against any legal claims in our own interest (duty of proof). We are obliged to delete or anonymise your data at the latest when the 180-day period expires. In the case of anonymisation, the data is only available to us in the form of so-called metadata without direct personal reference for statistical analysis (e.g. time to hire etc.). We use the tool Asana for the collection, processing and use of personal and non-personal data. The provider is Asana, Inc, 1550 Bryant Street, 8th Floor, San Francisco, CA 94103, USA.

1) Basis for processing
The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which allows us to process data for the performance of a contract or pre-contractual measures.

2) Data processing contract
viafintech has concluded a commissioned data processing contract in accordance with Art. 28 DSGVO and the so-called EU standard contractual clauses with Asana. As a result, ASANA undertakes to protect the data (in particular personal data) of our applicants, i.e. also your data, in compliance with the Data Protection Regulation, i.e. in accordance with the EU standard, and not to pass it on to third parties. For this purpose, we use the standard contractual clauses stipulated and approved by the European Commission in accordance with Art. 46 Para. 2 lit. c DSGVO. From time to time, we may make certain content available to our visitors as part of certain time-limited promotions, e.g. providing so-called white papers. This is a document containing high-quality specialist information on a specific topic. This can be so-called case studies, research results or advice content. The whitepaper format usually comprises at least 2 pages, pursues a professional discourse on a subject and aims at providing solutions, strategies or technical explanations. In order to use or obtain the offered contents free of charge from viafintech GmbH, the entry of personal data is necessary. By ticking the appropriate box you confirm your agreement that your entered personal data may be collected by viafintech GmbH and processed and used for the following purposes: To submit the relevant content (e.g. whitepapers), as well as to provide further information on other whitepapers and to submit offers related to the subject of the whitepaper by e-mail, by post and/or by telephone. We use so-called lead generation tools on our Internet pages; these are third-party tools that are integrated into our Internet pages. In this context, a lead is a potentially interested party who, for example, is highly likely to be interested in either a company or a specific product because of his or her habits and who, on the other hand, voluntarily provides the advertiser with his or her personal data, in particular contact data (lead = data set) to further establish a dialogue, thus has great potential to become a future customer, which is why the processing of such data is in our legitimate interest. The purpose is to contact you within the framework of the initiation of a business relationship. This results in Art. 6 Para. 1 lit. f GDPR as the legal basis for the processing of data.Bei dem von uns eingesetzten Lead Generierungs Tool handelt es sich um das von der LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany zur Verfügung gestellte sog. “LinkedIn Lead Generation”. So-called lead generation forms from LinkedIn are used for this purpose; these may contain functions and content from the LinkedIn service. If you are registered with a member account of the LinkedIn platform, LinkedIn may assign access to the above-mentioned content and functions to your member account. If you wish to disable this function in relation to your member account, please follow the link below to opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. The LinkedIn privacy policy can be found at https://www.linkedin.com/legal/privacy-policybzw. https://business.linkedin.com/de-de/marketing-solutions/native-advertising/lead-gen-ads. We use the so-called Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland on our Internet pages. The Google Tag Manager itself does not collect any personal data but enables us to integrate and manage our own so-called tags. Tags are small code elements that are used in particular to measure traffic and visitor behaviour on our websites, to measure the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimise websites. We use the Tag Manager, especially for the Google Analytics service. If you have deactivated it, the Google Tag Manager will take this deactivation into account. For more information about the Google Tag Manager see: https://www.google.com/intl/de/tagmanager/use-policy.html. We use the so-called tracking code of Lead Forensics London 4, Old Park Lane, Mayfair, London W1K 1QW on our Internet pages. Lead Forensics follows the activities on the website and provides viafintech GmbH with information about:

• the IP address of the requesting computer,
• the date and duration of the user’s visit,
• the websites that the user visits

The “Lead Forensics” tool complies with the requirements of applicable data protection regulations, in particular the GDPR, as it only provides information that is already publicly accessible. Instead of cookies, the Lead Forensics tool uses so-called IP tracking to identify visitors. We use the tool to obtain information about which company visits our website in order to deduce which company is interested in our company, products and services. You can find further information at www.leadforensics.com. 4. The use of these tools mentioned under VII 1, 2 and 3 serves marketing purposes. These purposes also include our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR. We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). According to Google, the contact for all data protection issues is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyse and improve our website and our product based on your user behaviour. The data collected in this context may be transferred by Google to a server in the USA for evaluation and stored there. If personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. However, your IP address will be shortened before the evaluation of the usage statistics so that no conclusions can be drawn about your identity. For this purpose, Google Analytics has been extended by the code “anonymizeIP” to ensure anonymous recording of IP addresses. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Google will process the information obtained through the cookies in order to evaluate your use of the website and the products, to compile reports on website activities for the website operators and to provide further services associated with website and internet use. As shown above, you can configure your browser to reject cookies, or you can prevent the collection of data generated by cookies and related to your use (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on provided by Google. As an alternative to the browser add-on or if you access our website from a mobile device, please use this opt-out link: deactivate Google Analytics. This will prevent Google Analytics from collecting data within this website in future (the opt-out only works in the browser and only for this domain). If you delete your cookies in this browser, you have to click this link again. You can find more information on this in Google’s privacy policy. We operate a page (fan page) on the social network Facebook, which is offered for users outside the USA and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) and for all other users by Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”) in joint responsibility with Facebook, in order to communicate therewith followers (such as our customers and interested parties) and to provide information about our products and services. We may receive statistics from Facebook regarding the use of our fan page (e.g. information on the number, names, interactions such as likes and comments, and aggregated demographic and other information or statistics). For more information about the nature and scope of these statistics, please refer to the Facebook notes and related help pages. Details of the respective responsibilities can be found in the Page Insights information. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR based on our aforementioned legitimate interest. We have no influence on data that is processed by Facebook on its responsibility according to the Facebook terms of use. However, we would like to point out that when you visit the fan page, data on your usage behaviour is transferred from Facebook and the fan page to Facebook. Facebook itself processes the above-mentioned information to produce more detailed statistics and for its own market research and advertising purposes, over which we have no influence. You can find more detailed information on this in the Facebook data policy. In the event that personal data is transferred to the USA, Facebook has subjected itself to the EU-US Privacy Shield. As far as we receive your personal data when operating the fanpage, you are entitled to the rights mentioned in this privacy policy. If you wish to assert your rights against Facebook, the easiest way to do so is to contact Facebook directly. Facebook knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of data processing and can implement appropriate measures upon request if you exercise your rights. We will be happy to support you in asserting your rights as far as we are able and will forward your enquiries to Facebook. The data are deleted as soon as they are no longer necessary for the purpose for which they were collected. As the person concerned, you have the opportunity to have the data stored about you modified at any time. Please contact our data protection officer with your request (request for deletion or change) or write to us directly at datenschutz@viafintech.com. If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the person responsible: You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from the data controller on the following:

• the purposes for which the personal data are processed;
• the categories of personal data which are processed;
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
• the planned duration of storage of the personal data relating to you or, if it is not possible to specify this, criteria for determining the duration of storage;
• the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority; You have the right to obtain information as to whether personal data concerning you are being transferred to a third country or an international organisation. In this context, you may request to be informed of the appropriate safeguards according to Art. 46 GDPR in connection with the transfer.

You have the right to ask the data controller to correct and/or complete any personal data processed concerning you if it is incorrect or incomplete. The data controller must correct without delay. Under the following conditions, you may request that the processing of personal data concerning you be restricted:

• if you dispute the accuracy of the personal data concerning you for a period of time which enables the person responsible to verify the accuracy of the personal data;
• if the processing is unlawful and you object to the deletion of the personal data and request instead that the use of the personal data be restricted;
• the controller no longer needs the personal data for the purposes of the processing, but you need the personal data to exercise or defend legal claims; or
• if you have lodged an objection to the processing following Art. 21 Para. 1 GDPR and it has not yet been established whether the legitimate reasons for the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data, apart from being stored, may be processed only with your consent or to assert, exercise or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted. You may request the controller to delete the personal data concerning you immediately and the controller is obliged to delete such data immediately if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a FADP, and there is no other legal basis for the processing.
• You object to the processing according to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you lodge an objection to the processing according to Art. 21(2) GDPR.
• The personal data concerning you have been processed unlawfully.
• The deletion of personal data relating to you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data concerning you have been collected in relation to information society services offered, following Article 8(1) of the GDPR.

If the data controller has made public the personal data concerning you and is obliged to delete them according to Art. 17 para. 1 DPA, it shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or copies or replications of this personal data. The right of cancellation does not apply if the processing is necessary

• to exercise the right to freedom of expression and information;
• to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health according to Article 9 (2) lit. h and i and Article 9 (3) GDPR;
• for archival, scientific or historical research purposes in the public interest or statistical purposes according to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
• to assert, exercise or defend legal claims.

If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the data controller. You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without interference from the controller to whom the personal data has been communicated, provided that

• the processing is based on a consent according to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract according to Art. 6 para. 1 letter b GDPR and
• the processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data transferability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller. You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out according to Art. 6 paragraph 1 letter e or f FADP; this also applies to profiling based on these provisions. The person responsible will no longer process the personal data concerning you unless he/she can demonstrate compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing. If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for those purposes. You may exercise your right of objection concerning the use of information society services using automated procedures involving technical specifications, without prejudice to Directive 2002/58/EC. You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the lawfulness of the processing that has taken place based on your consent until revocation. Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the suspected infringement if you consider that the processing of personal data concerning you is in breach of the DPA. The supervisory authority to which the complaint has been submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR. From time to time we update this Privacy Policy, for example if we adapt our website or the legal or official requirements change.

Date: 20.07.2021