Privacy policy for the use of the Bankathon website

Bankthon is a product of finleap connect GmbH (hereinafter referred to as “finleap connect”). finleap connect is always aware of the importance of the data entrusted to us. The responsible handling, confidentiality and protection of your data is therefore of particular importance to us. The Processing of your personal data is carried out exclusively within the framework of the statutory provisions, the applicable data protection law and this data protection policy. This data protection policy informs you which personal data is processed via our website www.bankathon.net.

In the following we will show you the type, scope and purpose of processing your personal data. You can access this information at any time on our website in the current version at https://www.bankathon.net/privacypolicy/. We ask you to take note of the following information.

Controller/Contact

“Controller” in the sense of the EU-General Data Protection Regulation (GDPR), other data protection laws in force in the member states of the European Union and other data protection provisions is:

finleap connect GmbH

Gaußstraße 190c

22765 Hamburg, Germany

Authorised representatives: Frank Kebsch, Patrick Dittmer, Ramin Niroumand, Cornelia Schwertner

External Data Protection Officer: Marc Neumann, IBS data protection services and consulting GmbH, Zirkusweg 1, 20359 Hamburg, Germany

If you have any questions or suggestions regarding data protection, please do not hesitate to contact us by e-mail.

The subject of data protection

The subject of data protection is personal data. Individual specifications about the personal or objective relationships of a defined or definable natural person. Personal data is therefore information that can be used to draw conclusions about an identified or identifiable natural person. In principle, all information about which a personal reference can be established also falls under the concept of personal data. For example, a person’s name, address, e-mail address, telephone number, personnel number, vehicle registration number plate, appearance or walk are all personal data. Furthermore, usage data also has   a personal connection. Usage data means data that is required to use our Website. This includes, for example, information about the start, end and scope of your use.

Scope of personal data processing

We only process personal data of our users if this is necessary to provide a functional website. Collection and utilisation of our users’ personal data is only undertaken periodically with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and where the processing of the data is permitted by law.

Automated data collection in the provision of the website

When you access our website, your browser or mobile phone automatically transmits the following data for technical reasons:

  • Date and time of access
  • Browser type/version
  • Operating system used
  • Resource retrieved
  • Quantity of data transmitted
  • The user’s IP address

This data is stored exclusively for technical reasons and is not assigned to any person at any time.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

Purpose of processing

The data is stored in log files to ensure the website’s functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context. These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR.

Duration of retention

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the storage of the data in log files, this is the case after 31 days at the latest.  

Objection and removal option

Collection of data for provision of the website and storage of data in log files is absolutely necessary for operation of the website. Consequently, there is no option to object on the part of the user.

Cookies

Cookies are small text files that make it possible to store specific device-related information on the user’s device. On the one hand, they serve the user-friendliness of websites and thus the users. On the other hand, they serve the collection of statistical data for the use of the website and analysis of these for the purpose of improving the offer. The user can control the use of cookies.   Most browsers have an option which limits or completely prevents storage of cookies.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after changing pages.

We also use cookies on our website which enable analysis of the user’s surfing behaviour.

The user data collected in this way is pseudonymised via technical provisions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with users’ other personal data. When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and referred to this data protection declaration. A note is also included in this context as to how the user can disable the storage of cookies in the browser settings.

Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify use of websites for users. Some features of our website will not be available without the use of cookies. In this case, it is necessary that the browser will be recognised even after changing the page.

The analysis cookies are used to improve the quality of our website and its content. Using analysis cookies, we learn how the site is used and can constantly optimise our service.

Duration of storage, objection and removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features in full.

Contact via the website

Due to legal regulations, the finleap connect Bankathon website contains information that enables quick electronic contact to our company, in particular a general e-mail address. If you contact us by e-mail, the personal data that you transmitted will be automatically stored. Such personal data transmitted to us on a voluntary basis will be stored for the purposes of contacting or dealing with the matter for you. Log files are also created for technical reasons. Besides that, this data is not transferred to third parties.

Legal basis for data processing

The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 para. 1 lit. a GDPR. The legal basis for processing the data transferred in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 (b) GDPR.

Purpose of data processing

The processing of personal data in the input screen is used by us only for processing the contact. The legitimate interest of the person responsible for the collection of the log files lies in ensuring the proper functioning of the website. The other personal data processed during the sending process is for preventing the misuse of the contact form and to ensure the security of our information technology systems.

Duration of retention

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Personal data that was collected in addition during the sending procedure will be deleted after a period of seven days at the latest.

Objection and removal option

The user has the option of revoking his or her consent to the processing of personal data at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data. It will not be possible to continue the conversation in this case.

Newsletter, data protection regulations regarding the use and application of MailChimp

Users are given the opportunity to subscribe to the finleap connect newsletter on our website. The personal data transmitted to the data processor when the newsletter is ordered results from the input form used for this purpose.

finleap connect informs business partners and interested parties at regular intervals by means of a newsletter about offers from the company. Recipients of the newsletter will be informed about content related to finleap connect, e.g. product updates or Bankathon-Events. You can find out more about the Bankathon on the bankathon.net website. Our company newsletter can only be received if (1) you have a valid e-mail address and (2) you register for the newsletter dispatch. Furthermore, subscribers to the newsletter can be informed by e-mail if there are changes to the newsletter offer or changes in the technical conditions.

We use the newsletter distribution platform MailChimp to send our newsletter. MailChimp is an offer from Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (Rocket).  

Data processing in connection with the sending of the newsletter only takes place if you have given your explicit consent. This is done regularly by means of a double opt-in procedure. The data stored on successful registration is transmitted to Rocket and stored by Rocket. The data entered during registration will not be passed on to any other third parties.

MailChimp uses the stored data for sending and evaluating the newsletter on our behalf. Furthermore, MailChimp can use this data according to its own information to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for economic purposes, in order to determine from which countries the recipients come. However, the service does not use the recipient data of our newsletter to approach recipients directly nor do they pass the information on to third parties.

MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and thus commits itself to comply with EU data protection regulations. Furthermore, we have concluded a data processing agreement with MailChimp. This is a contract in which MailChimp undertakes to protect our users’ data, to process it on our behalf in accordance with our data protection regulations and, in particular, not to pass it on to third parties. You can view MailChimp’s privacy policy at https://mailchimp.com/legal/privacy/ .

MailChimp also uses the Google Analytics analysis tool from Google, Inc and may include it in its newsletters. Further details on Google Analytics can be found in this data protection statement under “Google Analytics”.

Legal basis for data processing

The legal basis for processing data after the user registers for the newsletter is, if the user’s consent to this has been obtained, is Art. 6 Para. 1 lit. a GDPR.

Purpose of data processing

The user’s email address is collected in order to deliver the newsletter.

Duration of retention

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user’s e-mail address will therefore be stored as long as the subscription to the newsletter has not been revoked.

Objection and removal option

The consent to receive the newsletter and to the associated storage of data can be revoked by the user concerned at any time. You can revoke your consent at any time by sending an e-mail or by clicking on the link provided in each newsletter.

Integration of third-party services and content: Vimeo

We use,  on the basis of our legitimate interest in the analysis, optimisation and operation of our website within the meaning of Art. 6 para. 1 lit GDPR, content and applications from Vimeo to integrate videos of the platform on our pages. The use of the offer presupposes that Vimeo recognise the IP address of the users. Without the IP address, you cannot send the content to the browser of the respective user. finleap connect has no influence on whether Vimeo stores the IP addresses, e.g. for statistical purposes. For more information about this, please check Vimeo’s website: https://vimeo.com/privacy

Please note that Vimeo may use Google Analytics. For more information on Google Analytics, please refer to the section “Use of Google Analytics with anonymisation function”.

Use of Google Analytics with anonymisation function

Our website uses features of the Google Analytics web analytics service. Provider is Google Ireland Limited (hereinafter referred to as “Google”), Gordon House, Barrow St, Dublin 4, D04 E5W5, Ireland.

Google Analytics uses the “cookies” mentioned above, which are stored on your computer in order to enable an analysis of the use of the website by you. Cookie-generated information about your use of this website is usually transmitted to and stored on a Google server in the USA.

By using this website you agree to the processing  of data about you by Google in the manner described above and for the aforementioned purpose.

IP anonymisation

We use the “Activate IP anonymization” function on this website, to ensure anonymized collection of IP addresses (so called IP masking).  Thus your IP address will be truncated by Google within the member states of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on our behalf, for the purpose of evaluating your use of the website, for compiling reports on website activity, and for providing us other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not bought together with other Google data. Google may also pass this information on to third parties in so far as this is required by law or if third parties process the data on Google’s behalf.

Google Tag Manager

Google Tag Manager is a solution that allows marketers to manage web page tags through a single interface. The ‘Tag Manager’ tool itself, which implements the tags, is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data under certain circumstances. The “Google Tag Manager” does not access this data. If deactivation occurs at domain or cookie level, it remains in use for all tracking tags, insofar as they are implemented with “Google Tag Manager”. For more information, see: http://www.google.de/tagmanager/use-policy.html.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser software or by installing the appropriate browser add-ons. You can also prevent cookie-generated data about your use of the website (including your IP address) being passed on to Google, and prevent this data from being processed by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent data collection by Google Analytics by clicking on the following   link. This sets an opt-out cookie that prevents the future collection of your data when visiting this website:

Optout button (disable Google Analytics)

We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this to be carried out, you can disable the function via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to finleap connect:

The right to be informed

As a data subject, you have the right granted by the European Directive and Regulator to receive free information from finleap connect about your stored personal data and a copy of this information at any time. Furthermore, the European Directive and Regulator has granted you, as the person concerned, access to the following information:

  • the purposes of processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of a right to rectification or erasure of the personal data concerning you or of a restriction of the processing by the person responsible or of a right to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data is not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, in accordance with Article 22 Para.1 and 4, GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, you have a right of access to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, you have, in addition,  the right to obtain information about the appropriate guarantees in connection with the transfer.

If you would like to make use of this right to information, you can contact one of our support employees at at any time.

The right of rectification

You also have the right, granted by the European legislator, to request the immediate rectification of inaccurate personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

If you would like to make use of this right to information, you can contact one of our support employees at any time.

The right to limitation of processing

You have the right granted by the European legislator of directives and regulations to require finleap connect to restrict processing if one of the following conditions is met:

  • The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
  • The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data.
  • We no longer need the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims.
  • You have objected to the processing pursuant to Art. 21 Para. 1 GDPR and it is not yet clear whether finleap connect’s legitimate reasons outweigh yours.

If one of the above conditions is fulfilled and you wish to request the restriction of personal data stored by finleap connect, you can contact one of our support employees at any time. Our employee will arrange for processing to be restricted.

Right to erasure

You have the right granted by the European Directive and Regulator to require finleap connect to delete your personal data immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • You revoke your consent on which the processing pursuant to Art. 6 Para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR and there is no other legal basis for processing.
  • You submit an objection to the processing according to Art. 21 Para. 1, GDPR, and there are no overriding legitimate grounds for processing, or you submit an objection according to Art. 21 Para. 2 GDPR objecting to the processing.
  • The personal data has been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the responsible person is subject.
  • The personal data concerning you has been collected in relation to services offered by the information society according to Art. 8 Para. 1 GDPR.

If one of the above-mentioned reasons applies and you wish to have your personal data stored at finleap connect deleted, you can contact one of our support employees at any time. The employee will arrange for the deletion request to be complied with without delay.

If the personal data has been made public by us and our company is responsible pursuant to Art. 17 Para. 1 GDPR to delete personal data, we will take appropriate measures, including technical measures, taking into account available technology and implementation costs, to inform other data processors who process the published personal data, that you have requested the deletion of all links to such personal data or of copies or replications of such personal data from those other data processors, where processing is not necessary. Our employees will do what is necessary in individual cases.

Right to data portability

You have the right granted by the European regulator to receive the personal data concerning you that you have provided to finleap connect in a structured, common and machine-readable format. You also have the right to transfer this data to another data controller without obstruction by finleap connect, provided that the processing is based on the consent provided for in Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract in accordance with Art. 6 para. 1 letter b GDPR and processing is carried out by means of automated procedures, except where processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

Furthermore, when exercising your right to data transferability pursuant to Art. 20 para. 1 GDPR, the right to require that the personal data is transmitted directly from finleap connect to another  responsible person, as far as technically feasible and provided that this does not affect the rights and freedoms of others.

To assert the right to data transferability, you can contact one of our support employees at any time.

Right of appeal

You have the right granted by the European legislator for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which may be processed on the basis of Art. 6 para. 1 letters e or f GDPR. This also applies to profiling based on these provisions.

finleap connect no longer processes personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If finleap connect processes personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If you object to finleap connect processing for direct advertising purposes, finleap connect will no longer process your personal data for these purposes.

Furthermore, for reasons arising from your particular situation, you have the right to object to the processing of personal data concerning you which finleap connect uses for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless such processing is necessary to fulfil a task in the public interest.

To exercise your right of objection, you can contact one of our support employees at any time. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Automated individual decision-making including profiling

You have the right granted by the European directive and regulatory body not to be subject to a decision based exclusively on automated processing – including profiling – which has legal effect against you or which significantly affects you in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between you and finleap connect, or (2) is admissible under Union or Member State legislation to which finleap connect is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or (3) takes place with your express consent.

If the decision (1) is necessary for the conclusion or performance of a contract between you and us or (2) is made with your express consent, finleap connect will take reasonable measures to protect your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by finleap connect, to state their own position and to challenge the decision.

If you wish to assert rights relating to automated decisions, you can contact one of our support employees at any time.

Right to withdraw data protection consent

You have the right to revoke your consent to the processing of personal data at any time as granted by the European Directive and Regulator.

If you would like to exercise your right to revoke your consent, you can contact one of our support employees at any time.

The right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.

The supervisory authority responsible for finleap connect is:

Freie und Hansestadt Hamburg

The Hamburg Commissioner for Data Protection and Freedom of Information

Prof. Dr. Johannes Caspar

Kurt-Schumacher-Allee 4, 20097 Hamburg,

6th floor

Phone: 040 / 428 54 – 4040

Fax: 040 / 428 54 – 4000

E-mail: mailbox@datenschutz.hamburg.de

The supervisory authority with which the appeal has been lodged shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.