Privacy policy

With this privacy policy, we inform you about the scope of the processing of your personal data (hereinafter „data“).

 

1. Responsible for data processing

Responsible for data processing in accordance with the provisions of the General Data Protection Regulation (GDPR) is:

 

valantic Digital Finance GmbH

Birketweg 21

80639 Munich

 

Tel.: +49 (0) 89 215 468 20

Web: www.verovis.com

E-mail: info@verovis.com

 

2. Contact details of our data protection officer

Matthias Rosa

RMPrivacy GmbH

Große Langgasse 1A, 55116 Mainz

 

Web: www.rmprivacy.de

E-mail: datenschutz@verovis.com

 

3. Joint processing

We process personal data jointly in the valantic-group of companies for the purpose of effective internal management of personal data and group systems. For this purpose, we transfer your data to companies affiliated with us in accordance with §§ 18 ff. SCA analogously or process the data in systems that are jointly operated with the companies affiliated with us.

You can view the stakeholders of our group of companies here:

• german: https://www.valantic.com/de/kontakt/
• English: https://www.valantic.com/en/contact/

The legal basis for the joint data processing is our overriding legitimate interest in effective administration and IT infrastructure pursuant to Art. 6 para.1 f) GDPR.

For the processes subject to joint data processing, we are jointly responsible with our affiliated companies in accordance with Art. 26 GDPR. Accordingly, we have bindingly defined the internal responsibilities and accountabilities in a contract.

The information requirements of the GDPR will be fulfilled by the respective company with which you are in contact first.

We have assigned the fulfillment of the data subject rights internally to the valantic GmbH internally. You may also contact us at any time with inquiries or to assert your data protection rights at the addresses listed in item 1. standing contact data. We will then forward your request internally for processing.

The specific processes that fall under joint processing are identified accordingly below.

 

4. General information on data processing

During our business and website operations, we process data.

This also includes disclosure by transfer to third parties and, if applicable, to so-called third countries outside the European Union („EU“) and the European Economic Area („EEA“). Insofar as we transfer data outside the EU or the EEA, we have marked this accordingly below.

 

5. Data processing

The individual data concerned, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are listed below:

 

a)     Web page visit log file

We log your website visit. In doing so, we process:

• Name(s) of our accessed website(s),
• Date and time of retrieval,
• the amount of data transferred,
• the browser type and version,
• the operating system you are using,
• the referrer URL (the previously visited website),
• Your IP address,
• the requesting provider.

The legal basis for data processing is our overriding legitimate interest in the ongoing provision and security of our website pursuant to Art. 6 para. 1 f) GDPR.

The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.

 

b)     Hosting

To provide our online presence, we use the services of web hosting providers who process the above-mentioned data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.

The legal basis for data processing is our overriding legitimate interest in the provision of our website pursuant to Art. 6 para. 1 f) GDPR.

 

c) Contact

If you contact us, we process the following data from you for the purpose of processing and handling your request: Name, contact details – if provided by you – and your message.

The legal basis of the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations pursuant to Art. 6 para. 1 b) GDPR and/or our overriding legitimate interest in processing your request pursuant to Art. 6 para. 1 f) GDPR.

The data is transmitted to the servers of the following service providers in the USA as part of processing on behalf of valantic GmbH: HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA.

The HubSpot, Inc. office for Europe is in Ireland: 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

HubSpot is certified under the EU-US Data Privacy Framework and to that extent falls under the EU adequacy decision for the US.  

The recipients of the data are valantic Digital Finance GmbH and its affiliated companies. The data is exchanged with the affiliated companies based on an overriding legitimate interest because the group companies cooperate in the provision of various services. The user may object to the processing of his/her data at any time by sending an e-mail to datenschutz@verovis.com or by using the dedicated unsubscribe function in e-mails.

 

d) Contact for applications

If you contact us to send us your application as an employee, e.g. by e-mail or via a contact form, the data you provide (e.g. name, e-mail address, desired location, etc.), your message and the application documents submitted will be processed solely for the purpose of processing and handling your application request.

Recipients of your data are the provider of the applicant management software, who process the data on our behalf, and the affiliated companies of valantic Digital Finance GmbH. The data is shared with the affiliates based on an overriding legitimate interest. As a group of companies, valantic Digital Finance GmbH and its affiliated companies pursue some internal common tasks, such as recruitment. The visitor may object to the processing of his/her data at any time by sending an e-mail to datenschutz@verovis.com or by using the dedicated unsubscribe function in e-mails.

The legal basis for data processing is primarily Sec. 26 BDSG. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be necessary for legal prosecution after completion of the application process, data processing may be carried out to safeguard our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, namely for the assertion and/or defense of claims.

 

e) Applicant pool

If you give us your consent to continue to store your application documents after the application process has been completed, we will store them in our applicant pool for the purpose of contacting you about future vacancies that fit your profile. The legal basis for processing within the scope of our applicant pool is your prior consent pursuant to Art. 6 para. 1 a) GDPR.

 

f) Contract processing

Within the scope of your commissioning by us and for the initiation and implementation of the existing contractual relationship between you and us, we process various data.

If we have commissioned you to provide a service, we will process your data (if specified: name, contact details, address, personal qualifications) and all information required while fulfilling the order exclusively for the purpose of processing and handling the contractual relationship.

The processing of the data takes place accordingly on the basis of Art. 6 para. 1 b) GDPR.

In addition, we process your personal data in the event that we are subject to a legal obligation. This may result from commercial, tax, money laundering, financial or criminal law.

In this context, the processing of the data takes place accordingly on the basis of the fulfillment of our legal obligations pursuant to Art. 6 para. 1 c) GDPR.

Should the data be necessary for our own legal prosecution or defense, data processing may be carried out to safeguard our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, namely to assert and/or defend claims.

 

g) Newsletter

In order to provide you with regular information about our company and offers, we offer the dispatch of an e-mail newsletter. With your newsletter registration, we process the data you entered during registration (e-mail address and other voluntary information). To prevent misuse, we will send you an e-mail after your registration in which we ask you to confirm your registration (double opt-in procedure). In order to be able to prove the registration process in a legally compliant manner, your registration is logged. This concerns the time of registration and confirmation as well as your IP address.

The legal basis for sending the newsletter is your consent pursuant to Art. 6 para. 1 a) GDPR. The data processing in connection with the sending of the confirmation email for your registration and the associated data logging is carried out in accordance with Art. 6 para.1 f) GDPR due to our legitimate interest in proving your proper registration.

If you give us your consent, we also evaluate in the newsletters whether you have opened the newsletter and the scrolling and clicking behavior in the newsletter. This is done for the purpose of optimally tailoring our newsletter to your interests and improving the content of our newsletter. The legal basis for the analysis of the newsletter is your consent in accordance with Art. 6 para. 1 a) GDPR.

For the dispatch of the newsletter, we use service providers to whom we transmit the named data.

The data collected in this process is transmitted to the servers of the following service providers as part of processing on behalf of valantic GmbH in the USA: HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA.

The HubSpot, Inc. office for Europe is located in Ireland: 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

HubSpot is certified under the EU-US Data Privacy Framework and to that extent falls under the EU adequacy decision for the US.

 

h)     Cookies use

We use so-called cookies on our website. Cookies are small text files that are stored on your end device (PC, smartphone, tablet, etc.) and saved by your browser.

Information about the specific cookies we use, their providers and purposes can be found at our Consent-Banner. There you can give your consent to the respective services as required by Sec. 25 para. 1 TTDPA, revoke it or adjust your settings subsequently.

To document your choices about certain data processing and to comply with our obligations under data protection law, we use a consent banner from complainz.io of Complianz B.V., Kalmarweg 14-5, 9723JG Groningen, The Netherlands („complianz“). When you visit our website, your cookie preferences are requested via a banner. We then set a cookie in which data on consent given or revoked is stored. The data processing is carried out to fulfill our legal obligations according to Art. 6 para. 1 c) GDPR.

Through the use of the consent banner, data of website visitors regarding granted or revoked consent (opt-in, opt-out data, consent ID, consent number, date and time of consent, implicit or explicit consent, banner language, customer preference, template version) and device data (device information, browser information (http agent, http referrer), anonymized IP address) are processed. This data is transmitted to complianz.

 

i)     Analysis / Marketing

aa)  Google services

We use various services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter „Google“) on our website. It is possible that this may also result in data transfers to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA.

Google is certified under the EU-US Data Privacy Framework and is covered by the EU adequacy decision for the US.

Google Analytics

We use the Google Analytics tracking tool from Google on our website. We use Google Analytics to evaluate your use of the website, to compile reports on the activities within this website and to provide other services related to the use of the website and thus improve the user experience.

When Google Analytics is used, the interactions of website visitors are primarily recorded and systematically evaluated with the help of cookies.

We use Google Analytics with the extension „anonymizeIp()“. This shortens IP addresses within the member states of the EU or EEA. If a transmission to Google’s servers in the USA takes place, the full IP address is only transmitted in exceptional cases and shortened there. A direct reference to a person is therefore generally excluded. In particular an assignment to the called computer or terminal of the website visitor is no longer possible.

Through the use of Google Analytics, the following data is processed:

• 3 bytes of the IP address of the called system of the website visitor (anonymized IP address),
• the accessed website,
• the website from which the user accessed the page on our website (referrer),
• the subpages that are accessed from the website,
• the length of time spent on the website,
• the frequency with which the website is accessed.

Google Remarketing/Retargeting

We use so-called tracking cookies from Google on our website. When you visit our site, information is stored in permanent cookies about which products you have viewed on our site and through which ads and third-party sites users reach our website. During a subsequent visit to a partner website, we can have personalized advertising displayed for you based on the items viewed with us.

Google Ads

We use Google Ads, an online advertising program from Google, on our website. Here, so-called conversion tracking is operated. If you click on an ad placed by Google, a cookie is set. This cookie loses its validity after 30 days and is not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

The data collected using the conversion cookie is used to generate statistics for Ads customers who have opted in to conversion tracking.  

Legal basis and revocation

The use of cookies set by Google or comparable technologies is carried out with your consent on the basis of Sec. 25 para. 1 TTDPA. The legal basis for data processing within the scope of the aforementioned Google services is your prior consent pursuant to Art. 6 para. 1 a) GDPR.

You can revoke your consent at any time with future effect , by adjusting your preferences in our Consent Banner.

 

bb)  Hubspot Analytics

We use the tracking tool HubSpot Analytics from Hubspot Germany GmbH on our website. We use HubSpot Analytics to evaluate your use of the website, to compile reports on the activities within this website and thus to control more targeted advertising measures and to improve the user-friendliness of our website.

When using Hubspot Analytics, interactions of website visitors are specifically recorded and systematically evaluated.

The use of the cookies set or comparable technologies takes place with your consent on the basis of Sec. 25 para. 1 TTDPA. The legal basis for the data processing is your consent according to Art. 6 para. 1 a) GDPR.

You can revoke your consent at any time with future effect by adjusting your preferences in our Consent-Banner. 

Hubspot Germany GmbH is a subsidiary of HubSpot, Inc., 25 First Street, 2^nd Floor, Cambridge, MA 02141, USA. Therefore, it cannot be ruled out that no data transfer to the USA will take place in the course of processing. HubSpot is certified within the framework of the EU-US Data Privacy Framework and to this extent falls under the EU adequacy decision for the USA. 

 

cc)  Wistia

 We use the tracking tool Wistia from Wistia Inc (hereinafter „Wistia“) on our website. We use Wistia to evaluate your use of the website, to compile reports on the activities within this website and thus to control more targeted advertising measures and to improve the user-friendliness of our website.

When Wistia is used, the interactions of website visitors are specifically recorded and systematically evaluated.

The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 para. 1 S. 1 TTDPA. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 a) GDPR.

You can withdraw your consent at any time with effect for the future by adjusting your preferences in our consent banner.

At Wistia Inc, 120 Brookline Street, Cambridge, Massachusetts, 02139, USA, data is transmitted to the USA. Wistia is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.

 

i) External content

We use dynamic content („Content“) from third parties to optimize the presentation and the offer of our website. When visiting the website, a request is automatically made to the server of the respective content provider by means of an interface, during which certain log data (e.g. the user’s IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there.

We use external content in connection with the following functionalities:

 

aa)  YouTube video integration

We have integrated videos of the portal „YouTube“ of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“) on our website. Google does not store any cookies in your browser.

The legal basis for the processing is your prior consent pursuant to Art. 6 para. 1 a) GDPR.

It cannot be ruled out that a data transmission to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA takes place.

Google is certified under the EU-US Data Privacy Framework and to this extent falls under the EU adequacy decision for the US.

 

bb)  Google Fonts

To make visiting our website attractive, we use external fonts from Google Fonts. These are loaded from servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“) when you visit the site. Google does not store any cookies in your browser in the process. According to our information, however, the IP address of the user’s terminal device is transmitted to Google and stored. This processing takes place on the basis of our overriding legitimate interest in the optimal marketing of our offer in accordance with Art. 6 para. 1 f) GDPR.

It cannot be ruled out that a data transmission to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA takes place.

Google is certified under the EU-US Data Privacy Framework and to this extent falls under the EU adequacy decision for the US.

 

cc)  Google reCaptcha

We use the „Google reCaptcha“ captcha service from Google on our website to protect our website from interactions with bots. When you visit the website, data, including your IP address, the referrer URL, information about the operating system, information about cookies, mouse movements and keyboard strokes as well as the length of stay and the settings of your terminal device are transmitted to Google. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 f) GDPR in the security of our website.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter „Google“) is responsible for data processing. It cannot be ruled out that data will be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.

 

6. Duration of data storage

We store personal data only as long as it is necessary for the purposes for which it is processed or if you have revoked your consent. Insofar as statutory retention obligations must be observed, the storage period for certain data can be up to 10 years, regardless of the processing purposes.

 

7. Your data subject rights

a)     Information

Upon request, you will receive information free of charge at any time about all personal data that we have stored about you.

 

b)     Correction, deletion, restriction of processing (blocking), objection

If you no longer agree to the storage of your personal data or if this data has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under the applicable law) in response to a corresponding instruction. The same applies if we are only to process data in a restrictive manner in the future. You have a right of objection in particular in cases where your data is required due to the performance of a task that is in the public interest or the data processing is based on our legitimate interest, as well as profiling based on this. You also have such a right of objection in the event of data processing for the purpose of direct advertising.

 

c)     Right of revocation for consents with effect for the future

You can revoke consents granted at any time with effect for the future. Your revocation does not affect the lawfulness of the processing until the time of revocation.

 

d)     Data portability

If data processing takes place on the basis of a contract, pre-contractual negotiations, consent or with the help of automated processes, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format, so that you can transfer the data to another responsible party upon request.

 

e)     Restriction of processing

Data for which we are not able to identify the data subject, e.g. if it has been anonymized for analysis purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another company may be possible in relation to this data if you provide us with additional information that allows us to identify you.

 

f)      Exercise of your data subject rights and right of appeal

If you have any questions regarding the processing of your personal data, if you wish to obtain information, correct, block, object to or delete data, or if you wish to have your data transferred to another company, please contact us at datenschutz@verovis.com.

You also have the possibility to complain to a supervisory authority about your data protection rights.