Privacy policy

As of 09.09.2025

DEBTVISION GmbH, Pariser Platz 7, 70173 Stuttgart (hereinafter “we”), operates the electronic platform “DEBTVISION” (hereinafter the “Platform”, accessible at https://ufp.debtvision.de/), which supports arranging banks, borrowers, and professional investors (hereinafter our “Clients”) in the placement of promissory note loans (Schuldscheindarlehen) and registered bonds (Namensschuldverschreibungen), as well as throughout the lifecycle of these financing products. Through our website www.debtvision.de (hereinafter the “Website”), we provide each visitor to our Website (hereinafter “Visitor”) with information about our products and services and enable them to contact us. In addition, our Clients may register—or have authorized representatives (hereinafter “Users”) register on their behalf—for our Platform, after which the Users may operate on it.


We use any personal data of our Visitors and Users solely in accordance with the applicable data protection regulations, particularly the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).


Due to rapid technological developments, we will need to make adjustments to our Privacy Policy from time to time. The current version of the Privacy Policy will always be available on this page. All changes to the Privacy Policy apply only to future use. We will not retroactively amend the policy unless required to do so by law.

1. Responsible Entity

DEBTVISION GmbH
Pariser Platz 7
70173 Stuttgart
Deutschland
Tel.: +49 711 127 73400
Website: www.debtvision.de
E-Mail: service@debtvision.de 

2. Data Protection Officer

Data Protection Officer of
DEBTVISION GmbH
Am Hauptbahnhof 2
70173 Stuttgart
Tel.: +49 711 127 0
E-Mail: datenschutz@lbbw.de 

3. Collection and Processing of you Personal Data

3.1 When Visiting the Website

a. When accessing the Website, Visitors automatically transmit information to the provider of our Website. This information is temporarily stored in so-called log files. The following data is collected:

 

  • Date and time of access
  • IP address of the device (anonymized)
  • Information about the browser type and version used
  • User’s operating system
  • Device type used
  • Website from which the user’s system accessed our Website (referrer URL)
  • Use of website functions


For security reasons, we store the log files, in particular to prevent and detect attacks on our websites or attempted fraud.

 

These data are not stored together with other personal data of the user. 


For information regarding the cookies used, please refer to the information provided for you below. 


b. We only store other personal data if you provide it to us—for example, in the course of a registration, a contact form, a survey, or for the performance of a contract. In these cases, we store your personal data only to the extent permitted by your consent or by applicable legal provisions (for more information, see the section “Legal Bases of Processing” below).


c. You are neither legally nor contractually required to provide us with your personal data. However, it is possible that certain functions of our Websites depend on the provision of personal data. If you do not provide your personal data in such cases, this may result in functions not being available or only being available to a limited extent.

3.2 When Registering on the Platform as an Investor

To use our Platform and access our services and content, Clients must designate individuals within their organization who will receive a personalized access account to our Platform. This registration can be initiated via our Website. As part of the registration process, the following personal data must be provided as mandatory fields in an input form:

 

  • Personal details: salutation, first and last name of the contact person
  • Business contact details: email, telephone number
  • Company name
  • Business address details
  • Content of the message


In addition, further company-related data (such as full company name and address) are requested during the registration process. We store this data in order to fulfill the provision of services and to enable the use of the Platform within the scope of the contractual relationship with a Client.


As a registered user of our Platform, you may cancel your registration at any time with effect for the future by contacting us at service@debtvision.de.

3.3 When Registering on the Platform as a Borrower

To use our Platform and access our services and content, corporate clients acting as Borrowers must also designate individuals within their organization who will receive personalized access to our Platform. A request for registration can be submitted via our registration form on the Website, after which we will contact you. When using this contact option, the data entered in the input form is transmitted via our provider by email with SSL encryption. The data transmitted from the input form includes:


  • Salutation, first and last name of the user
  • Business contact details: email, telephone number
  • Company name
  • Business address details
  • Content of the message


In addition, the following data are recorded and stored when the message is sent:


  • Date and time of sending the message


Furthermore, additional company-related data (such as full company name and address) are requested during the contact process. We store this data in order to fulfill the provision of services and to enable the use of the Platform within the scope of the contractual relationship with a Client.


As a registered user of our Platform, you may cancel your registration at any time with effect for the future by contacting service@debtvision.de.

3.4 When Registering on the Platform as an Arranging Bank

To use our Platform and access our services and content, arranging banks must also designate individuals within their organization who will receive personalized access to our Platform. Requests for registration can be submitted via our contact form on the Website or by email to service@debtvision.de, after which we will contact you. When using the contact option on our Website, the data entered in the input form is transmitted via our provider by email with SSL encryption. The data transmitted from the input form includes:


  • Salutation, first and last name of the user
  • Business contact details: email, telephone number
  • Company name
  • Business address details
  • Content of the message


Additionally, the following data are recorded and stored when the message is sent:


  • Date and time of sending the message


Further company-related data (such as full company name, address, and telephone number) are also requested during the contact process. We store this data to fulfill the provision of services and enable the use of the Platform within the scope of the contractual relationship with a Client.


As a registered user of our Platform, you may cancel your registration at any time for the future by contacting service@debtvision.de.

3.5 When Using the Platform as a Registered User of a Client

Each time a page on the Platform is accessed or a file is retrieved, general data about this process is automatically stored in a log file along with a pseudonymized user ID. This includes:


  • Activities on the Platform (e.g., creation and modification of deal-related data, placing orders, downloading or uploading documents)
  • Name of the file accessed
  • Date and time of access
  • Amount of data transferred
  • Information on whether the access was successful
  • Description of the type of web browser used
  • Operating system used


Furthermore, when downloading a password-protected file or a file with a confirmation text, additional information about this process is stored, including:


  • Name of the user who downloaded the file
  • Name of the user’s company for which the user acts


As a registered user of our Platform, you may cancel your registration at any time for the future by contacting service@debtvision.de.


For further explanations regarding objections, please refer to Section 12 of this Privacy Notice. Users should note that after lodging an objection, they will no longer be able to use the Platform, even if they were authorized to do so under a usage agreement with a Client.

4. Purpose of Use

a. Personal data collected during a visit to our Website are used to operate it as conveniently as possible and to protect our IT systems from cyber-attacks and other unlawful activities.


b. Personal data of our Platform users are processed only to the extent necessary for the content and services of the Platform. This includes the development and optimization of the Platform and the documentation of actions and activities related to transactions.


c. If you provide us with additional personal data—for example, through registration, a contact form, a survey, or to perform a contract—we use this data for the aforementioned purposes, for customer management, and, if necessary, for processing and billing any business transactions, each to the extent required.

5. Transfer of Personal Data to Third Parties and Social Media Services

Our Website also contains links to third-party websites. If visitors click such links, certain data may be transferred to these third parties as required. We have no control over whether and how third-party websites and services process visitors’ personal data. Third-party websites and services are not reviewed by us, and we are not responsible for their data protection practices. Visitors should read the privacy policies of the third-party websites or services accessed via our Website.


Visitors who click the link do so voluntarily and thereby give their consent to the data processing described above pursuant to Art. 6(1)(a) GDPR.

6. Disclosure of Personal Data When Using the Platform

Selected activities of a Platform user may also be viewed by parties involved in the transaction within the user functions “Origination,” “Syndicate,” “Backoffice,” “Sales,” and “Borrower.” These include activities on the Platform whose transparency facilitates or enables the management of the transaction or is necessary to document legally effective actions. Specifically:

For general transaction management (user functions “Origination,” “Syndicate,” “Backoffice,” “Sales,” and “Borrower”):

  • Name and professional title of the user
  • User’s email address and telephone number
  • User permissions
  • Timestamp of the user’s last activity

For direct communication via the Platform (user functions “Origination,” “Syndicate,” “Backoffice,” “Sales,” and “Borrower”):

  • Name of the user
  • Content of the message
  • Date and time of sending

For order submission (user functions “Syndicate,” “Sales,” “Backoffice,” “Origination,” and “Borrower”):

  • Name and email address of the users who entered, modified, deleted, or approved the order on the Platform
  • Date and time of each order processing

For transaction processing (user functions “Syndicate,” “Sales,” “Backoffice,” “Origination,” and “Borrower”):

  • Name and email address of users designated as contacts for transaction processing


No other data are disclosed to third parties, particularly to other users involved in the transaction, unless the user has explicitly consented, except as required by law.


If we engage external service providers to process personal data, this is done exclusively in compliance with GDPR requirements for data processing on behalf of others. We ensure that we only work with processors who provide sufficient guarantees that appropriate technical and organizational measures are implemented to ensure an adequate level of protection for all personal data and users’ rights.

7. Evaluation of Usage Data and Use of Analytics Tools

7.1 When Visiting the Website

On our website, we use the analytics tool IONOS WebAnalytics from the German company 1&1 IONOS SE (Elgendorfer Straße 57, 56410 Montabaur, Germany). The purpose of using this tool is to collect statistical data about the use of our website in order to continuously improve it.


The IONOS WebAnalytics tool does not use cookies and collects data via so-called log files or JavaScript-based technology (pixels). The data processing is carried out exclusively in an anonymized form, so that no personal reference is possible.

Collecting this data allows us to create general usage statistics, detect errors, and further develop our website both technically and content-wise. No data that could allow conclusions about your identity is stored or processed.


The anonymized data sets are stored locally on the server and evaluated internally exclusively for statistical purposes. The data in the log directory is deleted every 8 weeks. At no time is this data shared with third parties.


You can object to the processing at any time for reasons arising from your particular situation. Since IONOS WebAnalytics does not collect personal data, it is not possible for us to delete or associate data that could identify you personally.


For more information on the data protection of IONOS WebAnalytics, please refer to the provider’s privacy policy at: https://www.ionos.de/terms-gtc/terms-privacy


7.2 When Using the Platform

We aim to continuously improve the Platform’s content and tailor it to your interests. To track usage, we use Matomo, an open-source software for statistical analysis of user access. IP addresses are anonymized immediately after processing and before storage. Information generated about your Platform usage is stored on our web servers in Germany.


You can prevent Matomo data collection via the following link: [iFrame Matomo Opt-out]. This applies to all devices you use to access the Platform. Additionally, a Matomo opt-out cookie is stored in your browser. More information on Matomo’s data protection can be found here: https://matomo.org/privacy-policy/.

8. Use of Cookies on the Website and Platform

Cookies are small files that a website you visit stores on your desktop, laptop, or mobile device. From these files, we can, for example, determine whether there has already been a connection between your device and our website or platform, or which language or other settings you prefer. Cookies can also contain personal data. When you use our website and platform, we will only use the necessary cookies to ensure the functionality of our website and platform. These cookies are essential for the operation of the site and platform and enable, for example, security-relevant functionalities. The website and platform cannot function properly without these cookies.


Furthermore, with your consent, we use so-called analytics and customization cookies when using the website. These collect information that is used in aggregated form to help us better understand how our website is used or how effective our marketing campaigns are. They also serve to tailor our website to your interests.


Below you will find an overview of the cookies used:

Webseite - Necessary Cookies

1. 5db045857d85cb11f24d82ea1f12854a (Technical Name)

  • Provider: integration.mywebsite-editor.com
  • Purpose: For editing and publishing the website
  • Expiration: Session
  • Domain: integration.mywebsite-editor.com

2. dm_total_visits (Technical Name)

  • Provider: Debtvision
  • Purpose: Used by the website to count how often a visitor visits the site
  • Expiration: 11 months and 30 days
  • Domain: www.debtvision.de

3. dm_last_visit (Technical Name)

  • Provider: Debtvision
  • Purpose: Used by the platform to know when the website was last visited
  • Expiration: 11 months and 30 days
  • Domain: www.debtvision.de

4. dm_timezone_offset (Technical Name)

  • Provider: Debtvision
  • Purpose: Used by the platform to determine which time zone the website refers to
  • Expiration: 15 days
  • Domain: www.debtvision.de

5. csrf_token (Technical Name)

  • Provider: Debtvision
  • Purpose: Protects against hacking attacks and malicious actors
  • Expiration: 29 days
  • Domain: www.debtvision.de

6. TERMLY_API_CACHE (Technical Name)

  • Provider: Debtvision
  • Purpose: Used to store the visitor’s consent result to improve the performance of the consent banner
  • Expiration: 1 year
  • Domain: www.debtvision.de

7. JSESSIONID (Technical Name)

  • Provider: Debtvision
  • Purpose: Used to maintain an anonymous user session via the server in Java™ 2 Platform Enterprise Edition web applications
  • Expiration: Session
  • Domain: www.debtvision.de

8. dm_last_page_view (Technical Name)

  • Provider: Debtvision
  • Purpose: Used by the platform to know which page was last viewed
  • Expiration: 11 months and 30 days
  • Domain: www.debtvision.de

9. dm_this_page_view (Technical Name)

  • Provider: Debtvision
  • Purpose: Used by the platform to know when the page was first viewed
  • Expiration: 11 months and 30 days
  • Domain: www.debtvision.de

10. rc::a (Technical Name)

  • Provider: Google
  • Purpose: Used to track and analyze user behavior to distinguish humans from bots or automated software
  • Expiration: Permanent
  • Domain: www.google.com
Webseite - Analytics and Customization Cookies:

1. S7 (Technical Name)

  • Provider: Debtvision
  • Purpose: Collecting data about website usage and user behavior on the website.
  • Expiration: 29 minutes
  • Domain: www.debtvision.de

2. _cohortId (Technical Name)

  • Provider: Debtvision
  • Purpose: Helps the website track Core Web Vitals performance and return accurate data to optimize website performance later.
  • Expiration: Session
  • Domain: www.debtvision.de

3. snowplowOutQueue_snowplow_cf (Technical Name)

  • Provider: Debtvision
  • Purpose: Used to analyze visitor behavior on the website.
  • Expiration: Permanent
  • Domain: www.debtvision.de

Platform – Necessary Cookies

1. KEYCLOAK_IDENTITY[_LEGACY] (Technical Name)

  • Provider: Keycloak
  • Purpose: Identity of the logged-in user
  • Expiration: Session
  • Domain: ufp.debtvision.de

2. KEYCLOAK_SESSION[_LEGACY] (Technical Name)

  • Provider: Keycloak
  • Purpose: Session of the logged-in user
  • Expiration: 10 hours
  • Domain: ufp.debtvision.de

3. AUTH_SESSION_ID[_LEGACY] (Technical Name)

  • Provider: Keycloak
  • Purpose: Session of the logged-in user
  • Expiration: Session
  • Domain: ufp.debtvision.de

4. KEYCLOAK_LOCALE (Technical Name)

  • Provider: Keycloak
  • Purpose: Locale for Keycloak
  • Expiration: Session
  • Domain: ufp.debtvision.de

5. mtm_consent_removed (Technical Name)

  • Provider: Matomo
  • Purpose: Stores that a user does not wish to be tracked
  • Expiration: Never
  • Domain: ufp.debtvision.de


9. Security

We always maintain a high level of security when collecting or processing your data. DEBTVISION implements effective technical and organizational measures to protect your data against manipulation, loss, destruction, or unauthorized access. We continuously improve these measures in line with technological developments.

10. Legal Basis for Processing

a. To the extent that you have given us consent for the processing of your personal data, this consent constitutes the legal basis for the processing (Art. 6(1)(a) GDPR).

b. For the processing of personal data for the purpose of initiating or fulfilling a contract with you, Art. 6(1)(b) GDPR provides the legal basis.

c. To the extent that the processing of your personal data is necessary to fulfill our legal obligations (e.g., data retention), we are authorized to do so pursuant to Art. 6(1)(c) GDPR.

d. In addition, we process personal data for the purposes of safeguarding our legitimate interests as well as the legitimate interests of third parties, in accordance with Art. 6(1)(f) GDPR. Ensuring the functionality of our IT systems, marketing our own as well as third-party products or services, and the legally required documentation of business contacts are such legitimate interests. In the context of the necessary balancing of interests, we particularly take into account the type of personal data, the purpose of processing, the circumstances of processing, and your interest in the confidentiality of your personal data.

11. Deletion of Personal Data

We delete your personal data from the use of the website and platform as soon as the purpose for which we collected and processed the data ceases to apply. Beyond this point, data will only be stored to the extent required by laws, regulations, or other legal provisions to which we are subject in the EU, or under the laws of third countries, provided that an adequate level of data protection exists there. If deletion is not possible in individual cases, the corresponding personal data will be marked with the aim of restricting their future processing.

12. Data Subject Rights

a. Data Subject Rights under Articles 15 – 20 GDPR

You have the right to access your personal data pursuant to Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, and the right to data portability under Art. 20 GDPR. Limitations under §§ 34 and 35 BDSG apply to the rights of access and erasure. In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR in conjunction with § 19 BDSG. The competent data protection supervisory authority for DEBTVISION is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.


b. Right of Withdrawal under Art. 7(3) GDPR

If you have consented to the processing of your personal data by us, you have the right to withdraw your consent at any time. The lawfulness of the processing of your personal data up to the point of withdrawal is not affected by the withdrawal. Further processing of these data on another legal basis, for example to comply with legal obligations (see section “Legal Basis for Processing”), also remains unaffected.


c. Right to Object under Art. 21 GDPR

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out pursuant to Art. 6(1)(e) GDPR (processing in the public interest) or Art. 6(1)(f) GDPR (processing based on a balancing of interests). If you object, we will only continue to process your personal data if we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

13. Data Transfer to Recipients Outside the European Economic Area (EEA)

If visitors to the website click on links to third-party websites (see section 5), personal data may be transferred to recipients in countries outside the European Union (“EU”), Iceland, Liechtenstein, and Norway (= European Economic Area) and processed there.


On the platform, data transfer to third countries (countries outside the European Economic Area – EEA) only takes place to the extent that it involves a third country with an adequate level of protection according to Art. 45 para. 1 GDPR and is necessary for the execution of our client’s orders, or if a visitor or user has expressly given us their consent.


From the EU’s perspective, the following countries provide an adequate level of protection for the processing of personal data in accordance with EU standards (so-called adequacy decision): Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. For recipients in other countries, we agree on the application of EU standard contractual clauses or binding corporate rules to ensure an adequate level of protection in accordance with legal requirements.

DEBTVISION GmbH also offers, as part of customer events, the possibility to participate via a web conferencing tool. In this context, we also process your personal data.

Privacy Notice

Information on the processing of personal data by DEBTVISION GmbH pursuant to Art. 13 of the General Data Protection Regulation (GDPR) for the use of web conferencing tools, where DEBTVISION GmbH processes personal data.


Name and contact details of the controller and its representative:

DEBTVISION GmbH

Pariser Platz 7, 70173 Stuttgart

Tel.: +49 (0)711 127-73400

E-mail: service@debtvision.de


Contact details of the data protection officer:

Data Protection Officer of DEBTVISION GmbH

Am Hauptbahnhof 2, 70173 Stuttgart

Tel.: +49 (0)711 127-0

Fax: +49 (0)711 127-6673495

E-mail: datenschutz@LBBW.de


Purposes and legal basis for the processing of personal data

  • Registration for virtual customer events: If you wish to participate in a virtual customer event, we will provide you with the relevant information and access data by e-mail during registration. Your personal data will be processed for registration purposes. The legal basis for your participation is your consent pursuant to Art. 6 (1) (a) GDPR.
  • Use of a web conferencing tool: During the use of web conferencing tools and, if applicable, during a recording of the web conference, your personal data will be processed for the purposes described above. To establish a connection and transmit video and audio data of the conference to your device, we require your IP address. The legal basis for processing to conduct the web conference is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, or in the context of an employment relationship, Art. 88 in conjunction with § 26 (1) BDSG, in order to ensure the functionality of the tool and the security of the web conference.
  • Recording of web conferences: If a recording of the web conference is planned, you will be informed about this in advance. With your consent, your image and, if applicable, your voice will be recorded. Before the recording starts, you will receive an audio and visual signal indicating that recording is taking place. Recording of your voice and image occurs only with your consent pursuant to Art. 6 (1) (a) GDPR. All other processing related to the recording is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
  • Legal obligation to record conversations: If there is a statutory obligation to record conversations, the legal basis is Art. 6 (1) (c) GDPR. Conversation recordings are not stored within or by the web conferencing tool.
  • Feedback and surveys: At the end of a web conference, you may be asked to provide feedback or participate in a survey. Processing of your responses is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR.


Recipients or categories of recipients of personal data

DEBTVISION GmbH uses processors to provide and operate a web conferencing tool. In addition, a full-service partner may be engaged to support the organization, execution, and follow-up of the web conference. No personal data is transmitted to third parties.


Intent to transfer personal data to a third country or international organization

DEBTVISION GmbH processes personal data at locations within the EU/EEA. Transfer of personal data outside the EU/EEA is not intended and only occurs if DEBTVISION GmbH has previously consented and an adequate level of data protection is ensured.


Duration of storage

DEBTVISION GmbH stores personal data only as long as the data is needed or required by statutory retention periods. Web conference recordings based on consent are stored for 180 days and then deleted. If statutory retention periods require storage, the data will be kept until the retention period expires.


Rights of data subjects

Every data subject has the right to access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), and data portability (Art. 20 GDPR). Restrictions on access and erasure are subject to §§ 34 and 35 BDSG. Additionally, there is a right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). The competent supervisory authority for DEBTVISION GmbH is:


Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg


Requirement to provide data and consequences of non-provision

Providing personal data to DEBTVISION GmbH is neither legally nor contractually required and is not necessary for the conclusion of a contract. If you do not provide the data, participation in or execution of a web conference may not be possible.


Right to withdraw consent

You have the right to withdraw any consent granted to store recording data at any time, without affecting the lawfulness of processing carried out prior to the withdrawal. After withdrawal, DEBTVISION GmbH will no longer process your personal data.


Processing based on legitimate interests

DEBTVISION GmbH processes personal data, such as metadata, names, and e-mail addresses, to ensure the functionality of the web conferencing tool and the security of the data and communication. The interests of data subjects are safeguarded by collecting only the data strictly necessary. No attention tracking is carried out. You may turn off your video at any time during the web conference.


Automated decision-making and profiling

No automated decision-making or profiling is carried out.


Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6 (1) (f) GDPR (processing based on legitimate interests). If you object, DEBTVISION GmbH will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.


Objections may be submitted informally to:


DEBTVISION GmbH

Pariser Platz 7

70173 Stuttgart

Germany

Tel.: +49 711 127 73400

Website: www.debtvision.de

E-mail: service@debtvision.de