Above all, data protection also means protecting your privacy. We, viafintech GmbH (hereinafter
referred to as “the person responsible”), respect your privacy, which is why we have committed
ourselves to protect and safeguard it. To achieve this goal, we strictly observe the legal
regulations when processing your personal data. This principle forms the framework for our
handling of personal data.
Please read the following notes carefully and take note of them to learn more about our approach
to handling your personal data.
I. Name and address of the person responsible
The person responsible within the meaning of the basic data protection regulation and other
national data protection laws of the member states and other data protection regulations is the:
Budapester Straße 50
Tel.: 030 - 346 46 16 - 06
II. Name and address of the Data Protection Officer
The data protection officer of the person responsible is:
Thomas Cezary Lewicki, LL.M.
Budapester Straße 50
III. General information on data processing
1. Scope of processing of personal data
As a matter of principle, we process personal data of our users only to the extent necessary to
provide a functional website and our contents and services/offers. The processing of personal
data of our users regularly only takes place with the user’s consent. An exception is made in
those cases where prior consent cannot be obtained for factual reasons and the processing of the
data is permitted by legal regulations.
2. Legal basis for the processing of personal data
So far as we obtain the consent of the data subject for processing of personal data, Art. 6
paras. 1 lit. EU Data Protection Basic Regulation (“GDPR”) serves as the legal basis.
So far as the processing of personal data is necessary to fulfil a legal obligation to which our
company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third
party and if the interests, fundamental rights and freedoms of the data subject do not outweigh
the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the
3. Data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of
the storage no longer applies. Furthermore, data may be stored if this has been provided by the
European or national legislator in Union regulations, laws or other regulations to which the
person responsible is subject.
IV. Data processing within the framework of the website
1. Calling up our website / access data
Every time you use our website, we collect access data that your browser automatically transmits
to enable you to visit the website. The access data includes in particular:
- IP address of the requesting machine,
- Date and time of the request,
- Address of the website called up and the requesting website,
- Information about the browser and operating system used,
- Online identifiers (e.g. device identifiers, session IDs).
The data processing of these access data is necessary to enable you to visit the website and to
ensure the permanent functionality and security of our systems. For the purposes described
above, the access data is also temporarily stored in internal log files to generate statistical
data on the use of our website, to further develop our website with regard to the usage habits
of our visitors (e.g. if the proportion of mobile devices used to access the pages increases)
and for general administrative maintenance of our website. The legal basis is Art. 6 para. 1
sentence 1 lit. b GDPR.
The information stored in the log files is retained for 14 days and archived after subsequent
2. Usage of own Cookies
For some of our services, we must use so-called cookies. A cookie is a small text file that is
stored by the browser on your device. Cookies are not used to execute programs or load viruses
onto your computer. The main purpose of our cookies is rather to provide you with a specially
tailored offer and to make the use of our services as time-saving as possible.
Most browsers are set by default to accept cookies. However, you can adjust your browser
all of our offers will work for you without interruption.
- to save your language settings,
- to indicate that you have been shown information placed on our website – so that it
will not be displayed again the next time you visit the website.
We want to make it easier for you to use our website more comfortably and individually.
These services are based on our aforementioned legitimate interests, the legal basis is Art. 6
para. 1 sentence 1 lit. f GDPR.
V. Data processing within the scope of contact
You have several possibilities to get in contact with us. These include the general contact form
on our website, which offers contact opportunities for (potential) business customers to i.)
receive information about our products and services or ii) request a callback or feedback.
In this context we process data exclusively for the purpose of communicating with you. The legal
basis is Art. 6 para. 1 lit. b GDPR.
The data processed by us when using the contact forms will initially be stored for 30 days after
complete processing of your enquiry, for reasons of allocation, in case you have any queries
regarding our reply/processing, and will be automatically deleted after 30 days unless we need
your enquiry to contact you at a later date as part of a pre-contractual business relationship.
1. Contact Form
Description and scope of data processing When contacting us via our website, you actively enter
your personal data via an input mask. The data is transmitted to us and stored by us. The data
will not be passed on to third parties. The following data is collected during the input
- First name
- Last name
- e-mail adress
The following data is also saved at the time of entry:
- IP-adresse of the user
- Date and time of entry
Before we process the data entered, we will obtain your consent, which you give us by actively
checking the appropriate box at the end of the input mask.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 letter a GDPR if the user has
given his consent.
VI. Your application to viafintech
1. Procedure of the application process at viafintech
If you have decided to apply for one of our job advertisements or to send us a speculative application for a position, you can use our contact form for applicants on our homepage in the “Careers” section. This is a so-called input mask that you must use to provide us with information about yourself and to upload documents required for the selection process.
The mandatory details are:
- your name (first and last name)
- e-mail address
- the position you wish to apply for
- your curriculum vitae
Optionally, you can also voluntarily attach further documents that you would like to send us as part of your application to viafintech. These are regularly cover letters, certificates and similar documents which also contain further personal data, such as
- place of birth
- date of birth
and other personal details/characteristics.
As soon as you have filled in the mandatory fields, attached the corresponding files and then pressed “Send”, this information and data is forwarded fully automatically to our project management tool ASANA. Viafintech uses ASANA to organise and process incoming applications. For more information on ASANA, please see section VI Nr. 4.
2. Purpose of the processing of your personal data
The purpose of data processing is the selection of applicants for employment. The legal basis for processing your application documents is Art. 6 (1) (1) (b) and Art. 88 (1) GDPR in conjunction with Section 26 (1) (1) of the German Federal Data Protection Act (BDSG).
We would like to emphasise at this point that only expressly authorised employees of our HR department and employees (necessarily) involved in the application process are granted access to your data (need to know principle), i.e. our HR department has access to your data in the first instance, but also the specialist department of the job for which you have applied.
3. Deletion periods for applicant data
All personal data that you provide to us as part of the application process is processed (including storage) solely for the purpose of evaluating and classifying your knowledge, skills and experience for the respective vacancy for which you have applied, unless otherwise agreed with you. Any agreement to the contrary always requires your consent.
Your personal data and documents will be stored for 180 days from receipt of your application, i.e. the moment you press “Send”.
On the one hand, this is based on legal requirements and specifications for the storage period, which we must comply with. On the other hand, we must be able to defend ourselves against any legal claims in our own interest (duty of proof). We are obliged to delete or anonymise your data at the latest when the 180-day period expires. In the case of anonymisation, the data is only available to us in the form of so-called metadata without direct personal reference for statistical analysis (e.g. time to hire etc.).
4. Integration of third party tools in the application process: Asana
We use the tool Asana for the collection, processing and use of personal and non-personal data. The provider is Asana, Inc, 1550 Bryant Street, 8th Floor, San Francisco, CA 94103, USA.
1) Basis for processing
The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which allows us to process data for the performance of a contract or pre-contractual measures.
2) Data processing contract
viafintech has concluded a commissioned data processing contract in accordance with Art. 28 DSGVO and the so-called EU standard contractual clauses with Asana. As a result, ASANA undertakes to protect the data (in particular personal data) of our applicants, i.e. also your data, in compliance with the Data Protection Regulation, i.e. in accordance with the EU standard, and not to pass it on to third parties. For this purpose, we use the standard contractual clauses stipulated and approved by the European Commission in accordance with Art. 46 Para. 2 lit. c DSGVO.
VII. Data processing in the context of further actions and campaigns
From time to time, we may make certain content available to our visitors as part of certain
time-limited promotions, e.g. providing so-called white papers. This is a document containing
high-quality specialist information on a specific topic. This can be so-called case studies,
research results or advice content. The whitepaper format usually comprises at least 2 pages,
pursues a professional discourse on a subject and aims at providing solutions, strategies or
technical explanations. In order to use or obtain the offered contents free of charge from
viafintech GmbH, the entry of personal data is necessary.
By ticking the appropriate box you confirm your agreement that your entered personal data may be
collected by viafintech GmbH and processed and used for the following purposes:
To submit the relevant content (e.g. whitepapers), as well as to provide further information on
other whitepapers and to submit offers related to the subject of the whitepaper by e-mail, by
post and/or by telephone.
VIII. Use of other third-party tools
1. LinkedIn Lead Generation
We use so-called lead generation tools on our Internet pages; these are third-party tools that
are integrated into our Internet pages. In this context, a lead is a potentially interested
party who, for example, is highly likely to be interested in either a company or a specific
product because of his or her habits and who, on the other hand, voluntarily provides the
advertiser with his or her personal data, in particular contact data (lead = data set) to
further establish a dialogue, thus has great potential to become a future customer, which is why
the processing of such data is in our legitimate interest. The purpose is to contact you within
the framework of the initiation of a business relationship. This results in Art. 6 Para. 1 lit.
f GDPR as the legal basis for the processing of data.Bei dem von uns eingesetzten Lead
Generierungs Tool handelt es sich um das von der LinkedIn AG, Dammtorstraße 29-32, 20354
Hamburg, Germany zur Verfügung gestellte sog. “LinkedIn Lead Generation”.
So-called lead generation forms from LinkedIn are used for this purpose; these may contain
functions and content from the LinkedIn service. If you are registered with a member account of
the LinkedIn platform, LinkedIn may assign access to the above-mentioned content and functions
to your member account.
If you wish to disable this function in relation to your member account, please follow the link
below to opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
2. Google Tag Manager
We use the so-called Google Tag Manager of the provider Google Ireland Limited (registration
number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland on our Internet pages. The
Google Tag Manager itself does not collect any personal data but enables us to integrate and
manage our own so-called tags.
Tags are small code elements that are used in particular to measure traffic and visitor
behaviour on our websites, to measure the impact of online advertising and social channels, to
set up remarketing and targeting, and to test and optimise websites. We use the Tag Manager,
especially for the Google Analytics service. If you have deactivated it, the Google Tag Manager
will take this deactivation into account. For more information about the Google Tag Manager see:
3. Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA (“Google”). According to Google, the contact for all data
protection issues is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
our product based on your user behaviour. The data collected in this context may be transferred
by Google to a server in the USA for evaluation and stored there. If personal data is
transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. However, your
IP address will be shortened before the evaluation of the usage statistics so that no
conclusions can be drawn about your identity. For this purpose, Google Analytics has been
extended by the code “anonymizeIP” to ensure anonymous recording of IP addresses. The legal
basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
Google will process the information obtained through the cookies in order to evaluate your use
of the website and the products, to compile reports on website activities for the website
operators and to provide further services associated with website and internet use.
As shown above, you can configure your browser to reject cookies, or you can prevent the
collection of data generated by cookies and related to your use (including your IP address) and
the processing of this data by Google by downloading and installing a browser add-on provided by
Google. As an alternative to the browser add-on or if you access our website from a mobile
device, please use this opt-out link: deactivate Google Analytics.
This will prevent Google Analytics from collecting data within this website in future (the
opt-out only works in the browser and only for this domain). If you delete your cookies in this
browser, you have to click this link again.
4. Facebook Fanpage
We operate a page (fan page) on the social network Facebook, which is offered for users outside
the USA and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour,
Dublin 2, Ireland (“Facebook”) and for all other users by Facebook Inc, 1601 Willow Road, Menlo
Park, California 94025, USA (“Facebook”) in joint responsibility with Facebook, in order to
communicate therewith followers (such as our customers and interested parties) and to provide
information about our products and services.
We may receive statistics from Facebook regarding the use of our fan page (e.g. information on
the number, names, interactions such as likes and comments, and aggregated demographic and other
information or statistics). For more information about the nature and scope of these statistics,
please refer to the Facebook notes and related help pages. Details of the respective
responsibilities can be found in the Page Insights information. The legal basis for this data
processing is Art. 6 para. 1 lit. f GDPR based on our aforementioned legitimate interest.
We have no influence on data that is processed by Facebook on its responsibility according to
data on your usage behaviour is transferred from Facebook and the fan page to Facebook. Facebook
itself processes the above-mentioned information to produce more detailed statistics and for its
own market research and advertising purposes, over which we have no influence. You can find more
detailed information on this in the Facebook data policy. In the event that personal data is
transferred to the USA, Facebook has subjected itself to the EU-US Privacy Shield.
As far as we receive your personal data when operating the fanpage, you are entitled to the
easiest way to do so is to contact Facebook directly. Facebook knows both the details of the
technical operation of the platform and the associated data processing as well as the specific
purposes of data processing and can implement appropriate measures upon request if you exercise
your rights. We will be happy to support you in asserting your rights as far as we are able and
will forward your enquiries to Facebook.
IX. Duration of storage
The data are deleted as soon as they are no longer necessary for the purpose for which they were
X. Possibility of opposition and removal
As the person concerned, you have the opportunity to have the data stored about you modified at
any time. Please contact our data protection officer with your request (request for deletion or
change) or write to us directly at email@example.com.
XI. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you
are entitled to the following rights in relation to the person responsible:
1. Right of access to information
You can request confirmation from the person responsible as to whether personal data concerning
you is being processed by us. If such processing has taken place, you can request information
from the data controller on the following:
- the purposes for which the personal data are processed;
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have
been or will be disclosed;
- the planned duration of storage of the personal data relating to you or, if it is not
possible to specify this, criteria for determining the duration of storage;
- the existence of a right of rectification or erasure of personal data concerning you, a
right to have the processing limited by the controller or a right to object to such
- the existence of a right of appeal to a supervisory authority;
You have the right to obtain information as to whether personal data concerning you are
being transferred to a third country or an international organisation. In this context, you
may request to be informed of the appropriate safeguards according to Art. 46 GDPR in
connection with the transfer.
2. Right of rectification
You have the right to ask the data controller to correct and/or complete any personal data
processed concerning you if it is incorrect or incomplete. The data controller must correct
3. Right to restrict processing.
Under the following conditions, you may request that the processing of personal data concerning
you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time
which enables the person responsible to verify the accuracy of the personal data;
- if the processing is unlawful and you object to the deletion of the personal data and
request instead that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but
you need the personal data to exercise or defend legal claims; or
- if you have lodged an objection to the processing following Art. 21 Para. 1 GDPR and it
has not yet been established whether the legitimate reasons for the controller outweigh your
If the processing of personal data relating to you has been restricted, such data, apart from
being stored, may be processed only with your consent or to assert, exercise or defending legal
claims or protecting the rights of another natural or legal person or on grounds of an important
public interest of the Union or a Member State. If the restriction on processing has been
restricted in accordance with the above conditions, you will be informed by the controller
before the restriction is lifted.
4. Right of cancellation
a) Duty to delete
You may request the controller to delete the personal data concerning you immediately and the
controller is obliged to delete such data immediately if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they
were collected or otherwise processed.
- You revoke your consent on which the processing was based according to Art. 6 para. 1
lit. a or Art. 9 para. 2 lit. a FADP, and there is no other legal basis for the processing.
- You object to the processing according to Art. 21(1) GDPR and there are no overriding
legitimate reasons for the processing, or you lodge an objection to the processing according
to Art. 21(2) GDPR.
- The personal data concerning you have been processed unlawfully.
- The deletion of personal data relating to you is necessary to comply with a legal
obligation under Union law or the law of the Member States to which the controller is
- The personal data concerning you have been collected in relation to information society
services offered, following Article 8(1) of the GDPR.
b) Information to third parties
If the data controller has made public the personal data concerning you and is obliged to delete
them according to Art. 17 para. 1 DPA, it shall take reasonable measures, including technical
measures, taking into account available technology and implementation costs, to inform data
controllers who process the personal data that you, as a data subject, have requested them to
delete all links to this personal data or copies or replications of this personal data.
The right of cancellation does not apply if the processing is necessary
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation requiring processing under Union or national law to
which the controller is subject or to perform a task carried out in the public interest or
the exercise of official authority vested in the controller;
- for reasons of public interest in the field of public health according to Article 9 (2)
lit. h and i and Article 9 (3) GDPR;
- for archival, scientific or historical research purposes in the public interest or
statistical purposes according to Art. 89 para. 1 GDPR, insofar as the right referred to in
section a) is likely to render impossible or seriously prejudice the attainment of the
objectives of such processing, or
- to assert, exercise or defend legal claims.
5. Right to information
If you have asserted the right to rectify, erase or limit the processing vis-à-vis the
controller, the controller is obliged to notify all recipients to whom the personal data
concerning you have been disclosed of this rectification, erasure or limitation of processing,
unless this proves impossible or involves a disproportionate effort. You have the right to be
informed of these recipients by the data controller.
6. Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the data
controller in a structured, common and machine-readable format. You also have the right to have
this data communicated to another controller without interference from the controller to whom
the personal data has been communicated, provided that
- the processing is based on a consent according to Art. 6 para. 1 letter a GDPR or Art. 9
para. 2 letter a GDPR or on a contract according to Art. 6 para. 1 letter b GDPR and
- the processing is carried out using automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you
be transferred directly from one controller to another controller, as far as this is technically
feasible. The freedoms and rights of other persons must not be affected by this. The right to
data transferability does not apply to the processing of personal data necessary for the
performance of a task carried out in the public interest or the exercise of official authority
vested in the controller.
7. Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to
the processing of personal data relating to you which is carried out according to Art. 6
paragraph 1 letter e or f FADP; this also applies to profiling based on these provisions.
The person responsible will no longer process the personal data concerning you unless he/she can
demonstrate compelling reasons for the processing which are worthy of protection and which
outweigh your interests, rights and freedoms, or unless the processing serves to assert,
exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have
the right to object at any time to the processing of personal data concerning you for the
purpose of such marketing, including profiling, insofar as it relates to such direct marketing.
If you object to processing for the purposes of direct marketing, your personal data will no
longer be processed for those purposes. You may exercise your right of objection concerning the
use of information society services using automated procedures involving technical
specifications, without prejudice to Directive 2002/58/EC.
8. Right to revoke the declaration of consent under the data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation
of your consent does not affect the lawfulness of the processing that has taken place based on
your consent until revocation.
9. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain
to a supervisory authority, in particular in the Member State in which you are resident, your
place of work or the place of the suspected infringement if you consider that the processing of
personal data concerning you is in breach of the DPA. The supervisory authority to which the
complaint has been submitted will inform the complainant of the status and outcome of the
complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
or official requirements change.