Privacy Policy

FinMarie GmbH, Oskar Helen Park 17, 14195 Berlin, Germany, registered in the Commercial Register (Handelsregister) at the Municipal Court (Amtsgericht) of Charlottenburg (Berlin) under registration no. HRB 203007 B (“FinMarie“) hereby informs you about the processing of personal data for which FinMarie is the controller within the meaning of the EU General Data Protection Regulation (GDPR). If you have any questions regarding data protection, you can also reach us at k@finmarie.com or/and by telephone at: +49 30700159595.

 

In the following, we have compiled the most important information on typical data processing for you, separated for different data subject groups. For certain data processing operations that only affect specific groups, the information requirements are fulfilled separately. Where the term “data” is used in the text of this Privacy Policy, it refers solely to personal data within the meaning of the GDPR.

 

Calling up our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. These access data include in particular:

 

  • IP address of the requesting device,
  • Date and time of the request,
  • Address of the website accessed and the requesting website,
  • details of the browser used and the operating system,
  • online identifiers.

The data processing of this access data is necessary to enable the visit of the website and to ensure the permanent functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above, in order to create statistical information about the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices used to access the webpages increases) and to generally maintain our website administratively. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. We do not store the access data.

The information stored in the log files does not allow any direct conclusions to be drawn about your person – in particular, we only store the IP addresses in shortened, anonymised form. The log files are stored for 30 days and archived after subsequent anonymisation.

Technically necessary cookies

We use cookies on our website. Cookies are small text files with information that can be stored on the user’s end device when visiting a website via the browser. When the website is called up again with the same end device, the information stored in cookies can be read and processed. In doing so, we use processing and storage functions of the browser of your end device and collect information from the memory of the browser of your end device.

We distinguish in the structure of our Privacy Policy between technically necessary cookies and tracking cookies. Technically necessary cookies are required for the functionality of the website and cannot be deactivated via the cookie management function of this website. However, you can generally deactivate cookies in your browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the website may not work or may no longer work properly if you generally deactivate cookies in your browser

Session Cookies

The FinMarie website uses its own cookies to increase user-friendliness. 

  1. The purpose of using session cookies is to identify and authorise you for the entire duration of your visit after you have successfully logged in to the protected area, to store visitors’ preferences and to tailor the content of our website specifically to their needs.
  2. The data processed are:
  • HTTP-data:

HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

  • The settings made by the user, e.g. for the language.
  1. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in providing the individual sessions for the users and the respective language setting.
  2. The data on settings is actively provided by the user. The log data and time stamps are automatically provided by the user’s browser.
  3. Recipients of the personal data are IT service providers, which we use within the framework of an agreement for data processing. We cannot establish a reference to users with such cookies.
  4. The cookie settings are automatically deleted again after the end of the browser session. In addition, we also use cookies that remain on your hard drive for a certain period of time (up to two years) beyond the browser session. On a subsequent visit, this allows us to restore settings that you selected on a previous visit.
  5. The use of the website is not possible without disclosing personal data. Communication via the website without disclosing data is technically not possible.

 

Consent Cookies

We use so-called consent cookies to store your consents, possible revocations of consents and objections against the use of cookies on our website.

  1. The purpose of data processing is the storage of user decisions regarding cookies (consent, revocation, opt-out). 
  2. The data processed are:
  • HTTP-data:

HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

  • User decision on cookies:

The user’s decision on individual cookies or groups of cookies. Time of decision and of last visit.

  1. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the simple and reliable control of cookies in accordance with the respective user decision.
  2. The data is actively provided by you (decision on cookies) or automatically by your browser (log data, time stamp).
  3. The recipients of the personal data are IT service providers which we use within the framework of an agreement on commissioned processing.
  4. If you refuse the use of cookies, this user decision to refuse cookies will be deleted at the end of the session. The other data will be deleted after one year.
  5. The use of this website is not possible without disclosing personal data. Communication via the website without disclosing data is technically not possible.

 

reCAPTCHA

Google reCAPTCHA is used for some form entries on this website.

  1. The purpose of the data processing by reCAPTCHA is to prevent automated mass entries by malware.
  2. The data processed are:
  • HTTP-data:

HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

  • Error data:

These are error messages from the server and individual applications that are stored.

  • Data to check for improper access by a bot (reCAPTCHA data)

This is data that we use to check whether you are accessing our website as a human or whether it is an abusive access by a so-called bot. A bot is a computer program that performs repetitive tasks largely automatically without relying on human interaction. This includes data from your human interaction with the website (browser fingerprint), such as your mouse click on the checkbox „I am not a robot“ (reCAPTCHA).

 

  1. The legal basis for the processing is our legitimate interest pursuant to Article 6 para. 1 lit. f of the GDPR. Our legitimate interest is the provision of the content and search functions of the website accessed by the user and the management of the cookie settings made by the user and also to ensure the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and evidentiary documentation of faults (e.g. DDoS attacks) and prevention of abusive access by bots.
  2. The data is actively provided by the user or automatically by the user’s browser.
  3. Recipients of personal data are IT service providers (e.g. hosting), which we use within the framework of an agreement for the data processing. The recipient of the data for the purpose of verifying improper access by a bot is Google Ireland Limited as the provider of the reCAPTCHA tool (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) as the independent person responsible for the data processing. Google does not have access to form entries but analyses the movement pattern of the mouse and the click behaviour in order to distinguish human entries from machine entries. When such form fields are called up, the service is technically called up using the visitor’s IP address, i.e. Google servers can store and use your IP address and other data automatically transmitted by your browser (Web server log file). reCAPTCHA is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”); Google’s privacy policy applies exclusively. We would like to point out that personal data may be transmitted here to the USA and other third countries that are considered unsafe third countries under data protection law according to the GDPR. We have no influence on the type and scope of data processing by Google. You can find Google’s data protection information at: https://policies.google.com/privacy?hl=de
  4. Data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 14 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified. Search data is automatically deleted after 24 hours at the latest. Cookie management data is deleted after 6 months.
  5. The use of this website is not possible without the disclosure of personal data such as the IP address. Communication via the website without disclosing data is technically not possible.
  6. No automated decision making takes place.
Tracking and analysis cookies

We use cookies on our website. 

 Depending on their function and purpose, the user’s consent may be required for the use of certain cookies. The granting of your consent takes place by means of a so-called “cookie banner”: When you access our website, we display our cookie banner. In our cookie banner, you can declare your consent to the use of all cookies requiring consent on this website by clicking the “Accept” button. Without such consent, the cookies requiring consent will not be activated. By clicking on the “Close” button, you can also completely refuse the use of cookies that require your consent. Your decision will be stored in a cookie. Alternatively, you have the option of accessing our “Cookie Board” by clicking on the “More Information” button. In the Cookie Board, you can make an individual selection of cookies and customise them at a later date. We store your cookie settings in the form of a cookie on your end device in order to determine whether you have already made cookie settings when you return to the website.

Google Analytics

If you have given your consent, we use the web analysis tool Google Analytics on our website. With the help of Google Analytics, we can examine the user behaviour of visitors to our website in pseudonymised and anonymised form. You can deactivate data processing by Google Analytics at any time in our “Cookie Board”. Alternatively, you can install a browser plug-in from Google that prevents data collection by Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de .

  1. The purpose of the data processing is the analysis of user behaviour and the measurement of the reach of our website and of the advertisements placed in order to optimise our web offer.
  2. The data processed are:
  • Google Analytics HTTP-data:

This is protocol data that is technically generated when the Google Analytics web analysis tool used on the website is used via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

  • Google Analytics End Device Data:

Data generated by the web analytics tool Google Analytics and assigned to your end device: This includes a unique ID for (re-)recognising returning visitors (so-called “client ID”) as well as certain technical parameters for controlling the collection of data for web analytics.

  • Google Analytics measurement data:

Device-related raw data (so-called “dimensions” and “measurement values”) that are collected and analysed by the Google Analytics web analysis tool when using our web offering: This includes, in particular, information about the sources through which visitors reach our web offer, information about the location, the browser and the end device used, information about the use of the website (in particular page impressions, frequency of calls and length of stay on called pages) as well as information about the fulfilment of certain goals (in particular transactions in the online shop). The data is assigned to the client ID assigned to your end device. As a result, device-related usage profiles are created in which all device-related raw data are combined into one client ID. The data that we collect using Google Analytics does not enable us to identify you personally (i.e. by your civil name). We also do not combine the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.

  • Google Analytics report data:

Data contained in aggregated segment- and device-related reports generated by the Google Analytics web analytics tool based on the analysis of raw device-related data.

  1. The legal basis for the processing is Article 6 para. 1 lit. a) of the GDPR (consent).
  2. The data is automatically provided by the user’s browser.
  3. The recipient of the data is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) within the scope of data order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The basis for the data processing in the USA is your consent given via the cookie consent banner (Art. 49 para. 1 lit. a) GDPR). In the USA, there is no level of data protection comparable to the requirements of the GDPR. It is possible that government agencies access personal data without us or you knowing about it. It is probably not possible to enforce your rights in the USA. You can revoke your consent at any time with effect for the future via the Cookie Board [https://finmarie.com/].
  4. The data will be deleted after 6 months.
  5. The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. In the event that the data is not provided, we cannot perform web analysis using Google Analytics.
Social media and third-party providers
Privacy policy for the use of Facebook plug-ins (Like button)

Plug-ins of the social network Facebook are integrated on our webpages. You can recognise the Facebook plug-ins by the Facebook logo or the “Like-button” (“I like”) on our website. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/

However, the forwarding to Facebook only takes place when the Facebook plugin is clicked on separately. Before the click, no data is transmitted to Facebook and no cookies are stored on your device.

Technically, the same happens that would happen if you were to switch to Facebook’s website via a link: Facebook receives all the information that your browser automatically transmits (including your IP address). Facebook also sets its own cookies on your end device. This also happens if you do not have a Facebook user account. If you are logged in to Facebook, your data will be directly assigned to your account. If you do not want your data to be associated with your Facebook user account, you must log out of Facebook before clicking on the Facebook plugin.

The collection and processing of this data takes place exclusively within the area of responsibility of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook Ireland Limited uses Facebook Inc. in the USA (1 Hacker Way, Menlos Park, CA 94025, USA) as a service provider.

We have no knowledge of further details of the processing of personal data in Facebook’s area of responsibility or of possible data processing in the USA. We have no influence on the data processing of Facebook.

For information on the processing of personal data by Facebook, please refer to Facebook’s privacy policy at https://de-de.facebook.com/policy.php

 

Privacy policy for the use of Twitter

Functions of the Twitter service are integrated on our webpages. However, the forwarding to Twitter only takes place by separately clicking on the Twitter plugin. Before activating the plugin, no data is transmitted to Twitter and no cookies are stored on your device.

Technically, the same happens that would happen if you were to switch to Twitter’s website via a link: Twitter receives all the information that your browser automatically transmits (including your IP address). Twitter also sets its own cookies on your end device. This also happens if you do not have a Twitter user account. If you are logged in to Twitter, your data will be directly assigned to your user account. If you do not want your data to be associated with your Twitter user account, you must log out of Twitter before activating the plugin.

The collection and processing of this data is the sole responsibility of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We have no knowledge of further details of the processing of personal data in Twitter’s area of responsibility or of data processing in the USA. We have no influence on the data processing of Twitter.  

Information about the processing of personal data by Twitter can be found in the Twitter privacy policy: https://twitter.com/de/privacy.

 

Privacy policy for the use of LinkedIn
Our FinMarie website uses functions of the LinkedIn network. However, the forwarding to LinkedIn only takes place by separately clicking on the LinkedIn plugin. Before activation, no data is transmitted to LinkedIn and no cookies are stored on your device.

Technically, the same happens that would happen if you were to switch to LinkedIn’s website via a link: LinkedIn receives all the information that your browser automatically transmits (including your IP address). LinkedIn also sets its own cookies on your end device. This also happens if you do not have a LinkedIn user account. If you are logged in to LinkedIn, your data will be directly assigned to your user account. If you do not wish to have your data associated with your LinkedIn user account, you must log out of LinkedIn before activating the plugin.

The collection and processing of this data takes place exclusively within the area of responsibility of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn also transfers data to affiliated companies and service providers in the USA.

We have no knowledge of further details of the processing of personal data in LinkedIn’s area of responsibility or of data processing in the USA. We have no influence on the data processing by LinkedIn.

For information on the processing of personal data by LinkedIn, please refer to the LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

 

Privacy policy for the use of Instagram

The person responsible for the data processing has integrated components of the Instagram service on this website.

However, the forwarding to Instagram only takes place when you click on the Instagram plugin. Before the click, no data is transmitted to Instagram or to Facebook as the operator of Instagram and no cookies are stored on your device.

Technically, the same happens as would happen if you were to switch to the Instagram or Facebook website via a link: Instagram or Facebook receives all the information that your browser automatically transmits (including your IP address). Facebook also sets its own cookies on your end device. This also happens if you do not have an Instagram user account. If you are logged in to Instagram or Facebook, your data will be directly assigned to your user account. If you do not want the assignment to your Instagram or Facebook user account, you must log out of Instagram and Facebook before clicking on the Instagram plugin.

The collection and processing of this data takes place exclusively within the area of responsibility of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook Ireland Limited uses Facebook Inc. in the USA (1 Hacker Way, Menlos Park, CA 94025, USA) as a service provider.

We have no knowledge of further details of the processing of personal data in Facebook’s area of responsibility or of possible data processing in the USA. We have no influence on the data processing by Facebook.

For information on the processing of data by Instagram, please see the Instagram Privacy Policy at https://help.instagram.com/519522125107875 and the Instagram Cookie Policy at: https://help.instagram.com/1896641480634370?ref=ig.

 

Privacy policy for the integration of YouTube videos 

We have embedded videos in our website that are stored on YouTube and can be played directly from our websites.

With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. The integration of YouTube content takes place in the so-called “extended data protection mode” („erweiterten Datenschutzmodus“). Google, as the operator of YouTube, provides this mode and thus ensures that no data is transmitted to Google before you click to play the video and that no cookies are stored on your device.

As soon as you click the button to play the content from YouTube, the video is loaded from YouTube. Technically, the same happens that would happen if you were to switch to YouTube’s website via a link: YouTube receives all the information that your browser automatically transmits (including your IP address). YouTube also sets its own cookies on your end device. This also happens if you do not have a YouTube user account. If you are logged in to YouTube or Google, your data will be directly assigned to your user account. If you do not wish to have your data associated with your YouTube or Google user account, you must log out of YouTube and Google before clicking on the video file.

The collection and processing of this data takes place exclusively within the area of responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider

We have no knowledge of further details of the processing of personal data in Google’s area of responsibility or of possible data processing in the USA. We have no influence on the data processing by Google.

Information about the processing of personal data by Google can be found in the Google privacy policy: https://policies.google.com/privacy

Market research 

If you have given your consent to market research, we will also use your information beyond the processing of the services you have requested in order to provide you with an Internet presence geared to your interests and will use your data for the evaluation necessary for this purpose, as well as for market research purposes. For this purpose, it is technically necessary for us to compile your data in user profiles and to evaluate them for the aforementioned purposes. This is only done internally and only for the aforementioned purposes. The legal basis for processing your data for market research is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent in this regard at any time with effect for the future. If you have not declared your consent or revoke it, data will not be used for advertising and market research.

 

Contact form, Social Media

We are active on social media for marketing reasons and inform you there about current news, events and provide other information that may be of interest to you. In addition, we inform you about news. Should you make contact with the respective webpage or account of our company on a social network, we process the personal data that you submit to us, for the purpose of establishing or maintaining contact with you on this network. If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and for the event of follow-up questions. The legal basis is our legitimate interest (Art. 6 para. 1 lit. f) GDPR), namely our interest in maintaining contact with customers and interested parties. We do not pass the data on to third parties without your consent. Communication data is stored by us for a period of twelve months.

 

Our newsletter

If you have registered for our newsletter, we process your data for the purpose of sending you news and information about us and our offers. If you would like to receive the newsletter, we require a valid e-mail address from you and your prior express consent. We check that the recipient agrees to receive the newsletter. This data will only be used for sending the newsletter and will not be passed on to third parties. Further data is not collected. When you register for the newsletter, we store your IP address and the date of registration. This storage serves solely as evidence in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorised person. The legal basis for the processing is Art. 6 para. 1 lit. a) GDPR (consent). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time by clicking on a corresponding link in the newsletter itself – if this is available. Alternatively, please contact our service. Your e-mail address will be deleted when you unsubscribe from the newsletter.

Our services and products
Webinars and information talks

If you participate in one of our webinars, we process your data for the purpose of organising and conducting the webinar. Your data will be stored or transmitted for the purpose of conducting webinars, events and information sessions. We use the Zoom webinar software to conduct webinars. For the implementation of personal information sessions, we optionally provide our customers with the use of the HubSpot booking service. For the registration and execution of webinars, the name and e-mail address of the user are stored in our IT system. After the webinar has been held, Zoom informs us whether a user has attended the webinar, the registration date, the user’s registration time and the duration of participation. To arrange an information session via the Zoom service, we require your telephone number. When using Zoom, the HubSpot service is used, which we use to import the data from Zoom into our customer management system (CRM).

Information by telephone

The group of persons concerned in relation to information by telephone are those interested in information by telephone.

If you provide your telephone number for the purpose of telephone consultation, the purpose of the data processing is our telephone consultation on the financial products. For this contact by telephone, we require the telephone number that we receive from you for this purpose and for the use of which we obtain consent. The consent to the contact by telephone can be revoked at any time.

Legal basis for the processing is Art. 6 para. 1 lit. a) GDPR (consent).

We store your telephone number for a further three months after the end of the consultation by telephone so that we can continue to advise you if necessary. If you revoke your consent, we will delete your telephone number immediately.

 

My.Finmarie

If you register with our portal My.FinMarie, we process your data for the purpose of enabling you to access and use the offers on the My.FinMarie portal. If you book paid offers of the network, we also process your data for the purpose of processing the payments.

The legal basis for the data processing is Art. 6 para. 1 lit. b) GDPR, the fulfilment of the contract for the provision of the My.FinMarie portal with you.

If you post your own comments and contributions on the My.FinMarie portal, your contributions will be visible to all other participants on My.FinMarie. If you book paid offers, recipients of data are the payment service providers used for the payment.

We use Mighty Software, Inc., 127 Lytton Ave, Palo Alto, CA 94301, USA by way of order data processing for the provision of the My.FinMarie portal. The legal basis for the transfer to the USA is your consent (Art. 49 para. 1 lit. a) GDPR), which you give us when registering for the portal. In the USA, there is no level of data protection comparable to the requirements of the GDPR. It is possible that government agencies access personal data without us or you learning about it. An enforcement of your rights is probably not possible in the USA. You may revoke your consent at any time with future effect by notifying us of your revocation using the contact information provided above or by deleting your My.FinMarie account.

We will delete your data upon termination of the contract for the use of My.FinMarie or if you delete your account via the portal yourself. Postings by you in the portal will remain visible to other participants, but your name will be replaced by a pseudonym. Booking-related data is deleted 10 calendar years after the last booking.

The provision of data is contractually obligatory. Without providing the data you cannot register for My.FinMarie.

 

Financial product brokerage

If we broker financial products for you at your request, we process your data for the purpose of suggesting suitable products to you and informing you about the products. If you have decided on products brokered by us, we transmit your details required for the conclusion of the contract to the providers of the products for the purpose of concluding the contract. In addition, we process your data to manage your contracts with the providers. A change of these purposes is not planned.

The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR, the fulfilment of the contract for the brokerage of financial products with you.

Recipients of data are the providers of financial products to whom we transmit data on your behalf for the conclusion of the contract for financial products. We also use service providers by way of order data processing in the provision of services, in particular for the provision, maintenance and care of IT systems.

We delete the information you provide to identify suitable products one year after you provide it, or, if we have suggested suitable products to you, one year after we have provided our suggestions. We delete contractual data on products you have purchased three years after termination of the contract for the financial product. Booking-related data is deleted 10 calendar years after booking. We store communication data for 6 calendar years after the last communication.

The provision of data is contractually obligatory. Without the provision of data we cannot propose and broker financial products.

 

Transfer of data

The data collected by us will only be passed on if:

  • you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR,
  • the disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,
  • we are legally obligated to disclose data according to Art. 6 para. 1 sentence 1 lit. c) GDPR, or
  • this is legally permissible and necessary according to Art. 6 para. 1 sentence 1 lit. b) GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures, which take place upon your request.

 

Who gets access to your data?

Within our company, access to your data is granted to those employees who need it to fulfil our contractual and/or legal obligations, i.e. who are entrusted with the contractual processing. In this context, these may also be service providers and vicarious agents employed by us. Insofar as we pass on your data to recipients outside our company, this is done in order to fulfil our contractual obligations within the scope of our business purpose, here in particular for the brokerage of desired products as well as for billing purposes vis-à-vis our cooperation partners. Data may also be passed on on the basis of statutory provisions or your express consent.

 

In order to fulfil our contractual obligations, we cooperate with the following entities, among others:

  • Product providers of financial services,
  • cooperating intermediaries,
  • technical and other service providers,
  • lawyers, tax advisors, auditors,
  • arbitration boards.

 

Your rights with regard to data processing by FinMarie GmbH

You have the following rights with regard to data processing by FinMarie. We have outlined these below; please note that this is a rough outline for the purpose of better understanding and that the exact scope of your rights follows the legal provisions of Art. 15 to 22 GDPR.

  • Right to information about which data we process about you (Art. 15 GDPR);

You have a right to information about which data about you is processed by us as well as other information according to Art. 15 GDPR, which is related to the data processing. Upon request, we will be happy to provide you with the relevant data and information and provide you with a copy of this data.

  • Right to rectify your data (Art. 16 GDPR);

You have a right to require rectification of your data if your data is inaccurate or – taking into account the purposes of the data processing – incomplete.

  • Right to deletion (Art. 17 GDPR);

You have a right to claim deletion if data is no longer needed, the processing is not lawful or other cases of Art. 17 GDPR exist. In these cases, we will delete your data immediately.

  • Right to restrict the processing of your data (Art. 18 GDPR);

You have a right to restriction of your data in the cases mentioned in Art. 18 GDPR. This includes, among other things, the case that we process data in places or to an extent by which the data processing is no longer legally justified. In addition, the case may be relevant that data is subject to a retention obligation and we are therefore not allowed to delete it without further ado. In this case, we restrict the data processing to the greatest extent possible. Restriction usually means that the data is stored, but access by employees is no longer possible.

  • Right to data portability (Art. 20 GDPR);

The right to so-called data portability allows you to receive data about yourself that you have provided to us yourself from us in the format provided for by Art. 20 GDPR and to have it transferred by us. However, data that we obtain through the processing itself (so-called processing results) is excluded from the transfer.

  • Right to object to data processing based on Art. 6 para. 1 sentence 1 lit. e), f) GDPR (Art. 21 GDPR);

We will stop the data processing based on Art. 6 para. 1 sentence 1 lit. e), f) GDPR (performance of a task within the scope of public authority/interest or processing for the protection of legitimate interests) of your data if you object to this and the objection is justified.

  • Rights to revoke a given consent, Art. 7 para. 2 GDPR;

In accordance with Art. 7 para. 2 GDPR, you have the right to revoke a consent you have given to us at any time. This has the consequence that we will no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the data processing carried out on the basis of the consent until the revocation.

  • The right not to be subject to a decision based solely on automated processing (Art. 22 GDPR);

If automated decision-making is involved, we will inform you in particular about the scope and the intended effects of the processing of your data. You have the right not to be subject to such a decision which produces legal effects concerning you or similarly significantly affects you, unless one of the reasons referred to in Art. 22 para. 2 GDPR applies.

  • The right to lodge a complaint with the supervisory authority

Finally, you have the right to complain to the data protection supervisory authority responsible for us. You can exercise this right at a supervisory authority in the member state of your residence, workplace or the location of the alleged violation. In Berlin, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Friedrichstr. 219, 10969 Berlin, Germany.

We at FinMarie take your data protection rights seriously. Therefore, please do not hesitate to contact us at the following e-mail address k@finmarie.com for data subject rights. Alternatively, you can of course also assert your rights in particular by mail or telephone.

________________________________________________________________________________________________________________________________

Actuality and change of this privacy policy

This privacy policy is currently valid and has the status February 2021.