Date: January 20th, 2023

Privacy Policy

DEBTVISION GmbH, Pariser Platz 7, 70173 Stuttgart, Germany (hereinafter “we“) operates the electronic platform “DEBTVISION” (hereinafter the “Platform” and available via https://ufp.debtvision.de/) which assists arranging banks, capital borrowers and professional capital lenders in distributing Schuldschein loans and registered bonds to professional investors, as well as during the term of such financing products

(hereinafter our “Customer(s)“). We offer Visitors to our Website (hereinafter the “Visitor(s)“) information about our products and services through our Website www.debtvision.de (hereinafter the “Website“), and enable them to contact us. Furthermore, representatives authorized by our Customers (hereinafter the “User(s)“) can register or be registered for our Platform and subsequently act on it.

We use personal data of our Visitors and Users, if any, only in accordance with the applicable data protection regulations, including in particular the requirements of the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (BDSG). In the following, we would like to inform you about the way we process the personal data provided by you in each case, what information we may collect, how we handle it, to whom we may disclose it and for what purpose. You consent to the collection, processing and use of data as described below by using our Website www.debtvision.de and our Platform “DEBTVISION”.

1. The controller for the processing of personal data within the meaning of GDPR

DEBTVISION GmbH
Pariser Platz 7
70173 Stuttgart
Germany
Telephone: +49 (0) 711 / 127 73400
Website: www.debtvision.de
E-mail: service@debtvision.de

2. Data protection officer

Data protection officer at
DEBTVISION GmbH
Am Hauptbahnhof 2
70173 Stuttgart
Tel.: +49 711 127 0
Fax: +49 711 127 6673495
E-Mail: datenschutz@lbbw.de

3. General information on data processing on the Website and Platform

As a matter of principle, we process personal data of our Users only to the extent required to provide a functional Website, our Platform content or our services

4. General information on the routine deletion and blocking of personal data

We process and store your personal data on the Website and Platform only for the period of time required to achieve the relevant processing purpose or to the extent that has been provided for by the European Directive and Regulation maker or any other legislator in laws or provisions to which we are subject.

Processing of personal data after the original processing purpose has ceased to apply could arise in particular from the fulfillment of retention obligations under commercial or tax law. This is based on the German Securities Trading Act (WpHG), the German Money Laundering Act (GwG), the German Banking Act (KWG), the German Commercial Code (HGB) and the German Fiscal Code (AO). In addition, we are subject to the limitation periods pursuant to Art. 195 et seq. of the German Civil Code (BGB).

If the purpose of processing ceases to apply or if a processing period prescribed by the European Directive and Regulation maker or any other competent legislator expires, the personal data will be blocked or deleted in accordance with the statutory provisions.

5. Processing of personal data and the nature, purpose and legal basis of use

a) When visiting the Website
When accessing the Website, Visitors automatically send information to the provider of our Website. This information is temporarily stored in a so-called log file.
The following data is collected and stored until it is automatically deleted:

  • the date and time of access;
  • the IP address of the terminal (anonymized);
  • the data volume transmitted;
  • information about the type of browser and the version used;
  • the operating system of the User;
  • the name of the Internet service provider;
  • the website from which the user’s system accessed our Website (referrer URL);
  • the websites that are accessed by the user’s system via our Website.

This data is not stored together with other personal data of the user.

We process the aforementioned data for the following purposes:

  • ensuring a smooth connection setup of the Website;
  • ensuring the functionality of the Website and eliminating malfunctions;
  • further development and optimization of the Website;
  • ensuring the security of our information technology systems;
  • detection and prosecution of misuse as well as
  • for further administrative purposes.

Art. 6 (1) point f GDPR forms the legal basis for the temporary storage of data and log files. Our legitimate interest arises from the above-mentioned purposes of data processing. Under no circumstances will we use this collected data to draw conclusions as to you as a person.

All log files are stored for a maximum of seven days and will then be automatically deleted. If log files are required to detect and prosecute any misuse, they may also remain stored for evidentiary purposes until the incident has been clarified.
In addition to processing the above data in log files, we use so-called session cookies on our Website which do not store any personal data. Further information on the use of Cookies on our Website can be found in section 8 of this Privacy Policy.

Furthermore, we use the services of the analysis tool “Webalizer” for the statistical evaluation of Visitor accesses. We use the data exclusively for the improvement of our offer.

Only statistical data is collected via the “Webalizer” tool, such as the most frequently visited Website content, the most frequently used browsers, the countries from which the queries originate.

The tool “Webalizer” works in the variant we use with the anonymization of IP addresses. In that process, the IP addresses are shortened by the last three digits before any use for the analysis of usage behavior, so that a personal reference can no longer be established and you as a user remain anonymous to us.

The anonymized data records are locally stored on our server and evaluated internally for statistical purposes only. At no time will this data be disclosed to third parties. The “Webalizer” tool does not use Cookies.

You may object to such processing at any time on grounds arising from your particular situation. Please use the above contact address for that purpose.

b) When using the contact form and when contacting us by e-mail
We offer Visitors a contact form on our Website which may be used for electronic contact. If Visitors choose that option (hereinafter “Contact Inquirer“), the data entered in the input mask is forwarded via our provider by e-mail with SSL encryption.
The data forwarded from the input mask are:

  • the first and last name of the User;
  • the e-mail address of the User;
  • the content of the message.
  • In addition, the following data is collected and stored when the message is transmitted:
  • the date and time the message was sent;
  • the IP address of the User.

Your consent pursuant to Art. 6 (1) point a GDPR will be obtained for the processing of this data before sending the message and reference is made to this Privacy Policy.
As an alternative to using the contact form, Visitors may also contact us directly via the e-mail address provided (service@debtvision.de) (hereinafter also referred to as “E-Mail Inquirer“). In that case, the personal data transmitted by that e-mail will be stored.
In this context, the data will not be disclosed to any third party without prior consent. The data will be used exclusively for processing the conversation.

Purpose of data processing:

  • The processing of the specified personal data from the input mask or the delivered e-mail serves solely to process the contact.
  • Any other personal data transmitted during the sending process of the contact form completed help to prevent misuse of the contact form and to ensure the security of our information technology systems.

Legal basis for data processing:

  • If the User has given consent, Art. 6 (1) point a GDPR.
  • The relevant legal basis for processing the data transmitted to us in the course of sending an e-mail is Art. 6 (1) point f GDPR. In the case of contact by e-mail, our required legitimate interest for the processing of data lies in the processing of the request.

Personal data transmitted via e-mail or the contact form will be stored by us until the Contact or E-Mail Inquirer requests us to delete it, withdraws his or her consent to storage, objects to the storage of his or her e-mail sent to us or when data storage is no longer required. That applies, for example, when the relevant conversation with the Contact or E-Mail Inquirer has ended. The conversation will only be finished when it is clear from the relevant circumstances that the reason for the contact has been conclusively clarified. Mandatory legal provisions – in particular retention periods due to any subsequent contract processing – shall remain unaffected.
The additional personal data collected during the sending process of the contact form will be deleted after a period of seven days at the latest.

The Contact Inquirer has the possibility at any time and without giving reasons to withdraw his or her consent to the processing of personal data. The E-Mail Inquirer may object to the storage of his or her personal data at any time. In such event, we will not be able to continue the conversation with the Inquirer. A withdrawal of consent or objection to storage may be made informally to datenschutz@debtvision.de. After receipt of confirmation of the withdrawal of consent or the objection to storage, all personal data stored in the course of contacting you will be irrevocably deleted.

c) When registering on the Platform as a capital lender
Customers must specify individuals from their company who will receive personalized access to our Platform to be able to use our Platform and to access our services and content. That registration can be initiated on our Website.
The following personal data must be provided as mandatory fields in an input mask as part of the registration process:

  • personal data: salutation, first name, last name and position of the contact person;
  • business communication data: e-mail, telephone, mobile number;
  • business address data.

In addition, further company-related data (such as full company name and address), but no other personal data, is queried as part of the registration process.
We store that data for the fulfillment of the service provision and the use of the Platform as part of the contractual relationship with a Customer.

The legal basis for the processing of personal data in the context of registration is our and the capital lender’s legitimate interest as a user of the Platform, i.e., the employer of the acting data subjects pursuant to Art. 6 (1) point f GDPR. Our legitimate interest in that case is the processing of the registration to attract new capital lenders to our Platform. Furthermore, it is in our interest to provide the Customer with a registration process that is as quick and easy as possible, allowing the review of contract documents and transmission of all required data at the same time. Finally, the registration and related processing of personal data is in the interest of the Customer for whom the data subject is registering. This is because that Customer wishes to use the services of DEBTVISION for itself and is only able to do so when a natural person registers on the Platform.

As a registered User of our Platform, you have the possibility to cancel the registration under service@debtvision.de at any time. Furthermore, you can have the data stored about you modified at any time.

d) When registering on the Platform as a capital borrower
Corporate Customers acting as capital borrowers must also specify individuals from their company who will receive personalized access to our Platform to be able to use our Platform and to access our services and content. However, that registration cannot be performed directly on our Website. Instead, a contact form can be used to submit a request for registration, whereupon we will contact you. When using that contact option, the data entered in the input mask is forwarded via our provider by e-mail with SSL encryption.
The data forwarded from the input mask are:

  • the salutation, first name, last name and position of the User;
  • business communication data: e-mail, telephone, mobile number;
  • business address data;
  • the content of the message.
  • In addition, the following data is collected and stored when the message is transmitted:
  • the date and time the message was sent;
  • the IP address of the User.

In addition, other company-related data (such as full company name and address), but no other personal data, is queried when contacting us.
We store that data for the fulfillment of the service provision and the use of the Platform as part of the contractual relationship with a Customer.

The legal basis for this processing of personal data in the context of contacting for registration is our and the capital borrower’s legitimate interest as a user of the Platform, i.e., the employer of the acting data subjects pursuant to Art. 6 (1) point f GDPR. Our legitimate interest in that case is the processing of the registration to attract new capital borrowers to our Platform. Furthermore, it is in our interest to provide the Customer with a registration process that is as quick and easy as possible. Finally, the registration and related processing of personal data is in the interest of the Customer for whom the data subject is registering. This is because that Customer wishes to use the services of DEBTVISION for itself and is only able to do so when a natural person registers on the Platform.

e) When using the Platform as a registered User of a Customer
Each time a page of the Platform is accessed and each time a file is retrieved, general data about that process is automatically stored in a log file together with the pseudonymized User ID. These are:

  • the activities on the Platform (including the creation and modification of deal-related data, the placing of orders or the download and upload of documents);
  • the name of the file retrieved;
  • the date and time of retrieval;
  • the data volume transmitted;
  • a message whether the retrieval was successful;
  • a description of the type of web browser used;
  • the operating system used.

In addition, each time a file is downloaded that is password-protected or has a confirmation text, further information about that process is stored in addition to the file itself. These are:

  • the name of the User who downloaded the file as well as
  • the name of the user, i.e., the company for which the User is acting;

data processing purposes:

  • further development and optimization of the Platform;
  • creation of (aggregated) statistics that cannot be traced back to any individual;
  • documentation of actions and activities in connection with any transaction that is legally binding or aimed at initiating the conclusion of contracts between registered companies (e.g., placement of soft and firm orders);
  • documentation of actions and activities in connection with any transaction that may trigger a payment obligation (such as the download of additional information like rating reports or similar) or that are preceded by the acceptance of a confirmation text (such as a disclaimer or a confidentiality statement),
  • to the extent permitted by law and required to detect and stop misuse and malfunctions.

Your User activities together with your User ID are processed for the purpose of safeguarding our legitimate interests and the legitimate interests of the capital borrowers and their arrangers pursuant to Art. 6 (1) point f GDPR. Our legitimate interests in that case are to ensure a functioning Platform as well as the prevention of fraud and the legally imposed documentation of the persons acting on the Platform which require to process your personal data. The legitimate interests of the capital borrowers and their arrangers can be found in ensuring a smooth transaction process and efficient management of the transaction, as well as in ensuring proof of legally binding actions of users on the Platform.

Registered Users may object to the processing of their personal data. Please refer to section 11 of this Privacy Policy for more detailed explanations of the objection.

If a User objects to the processing of personal data and/or has his or her registration on our Platform terminated, or if the purpose of the processing no longer applies, we will delete the personal data of that User. Any data that we must continue to process on the Platform due to legal requirements by the European Directive and Regulation makers or any other legislator or if required for the proof of legally effective actions is excluded herefrom.

6. Disclosure of personal data

Selected activities of a User on the Platform may also be viewed by parties involved in the transaction in the user functions of “Origination”, “Syndicate”, “Back Office”, “Sales” and “Borrower”. These are activities on the Platform, the transparency of which facilitate or enable the management of the transaction or which are required for the proof of legally effective actions.

These are:

for the management of the transaction in general (user functions of “Origination”, “Syndicate”, “Back Office”, “Sales”):

  • the name and job title of the User;
  • e-mail address and telephone number of the User;
  • authorizations of the User and
  • timestamp of the User’s most recent activity.

In the context of direct communication via the Platform (user functions of “Origination”, “Syndicate”, “Back Office”, “Sales” and “Borrower”):

  • the name of the User;
  • the message content and
  • the date and time the message was sent.

When placing an order (user functions of “Syndicate”, “Sales”, “Back Office”, “Origination” and “Borrower”):

  • the name of the User and e-mail address who entered, modified, deleted or released the order on the Platform
  • as well as the date and time of the relevant order processing.

In the context of transaction processing (user functions of “Syndicate”, “Sales”, “Back Office”, “Origination” and “Borrower”…)):

  • the name and e-mail address of any User specified by the user as contact person for transaction processing.

Beyond that, we do not disclose any data to third parties, in particular to any user not involved in the relevant transaction, unless the Visitor or the User has expressly given their consent for that. This does not include the disclosure of data due to any legal provision.
If we involve external service providers in the context of processing personal data, this is done exclusively in compliance with the data protection provisions of commissioned data processing pursuant to GDPR. We ensure that we only work with processors that provide sufficient guarantees that appropriate technical and organizational measures are implemented to ensure an adequate level of protection of the personal data of all Visitors and Users and their rights as to you as a person.

7. Transmission of personal data to any third country

Data to any third country (countries outside the European Economic Area – EEA) is only transmitted on the Platform if it is a third country with an adequate level of protection (e.g., Switzerland) in accordance with Article 45 (1) GDPR and that is required to execute our Customer’s orders or a Visitor or User has expressly given us their consent.
A transmission to a third country may also occur on the Website if a Visitor clicks on a link to third party websites (further information can be found in section 9 of this Privacy Policy). Please refer to the relevant privacy notices of the websites you access via our Website for more information.

8. Use of session cookies

The Website uses session cookies that do not contain personal data (hereinafter collectively “Cookies”) to collect and store information required for the system. Cookies are not able to run programs or transmit viruses to your terminal. Cookies are small text files that are placed on the computer and stored by your browser for the active session. This type of Cookie is automatically deleted at the end of the session.
The setting of session cookies is based on Art. 6 (1) point f GDPR. We have a legitimate interest in storing Cookies as the operator of this Website and of our Platform in order to provide our content and services to all Visitors in a technically error-free and smooth manner.
Visitors may prevent the use of Cookies by appropriately setting their browser software; please note, however, that in such case you may not be able to use all features of our Website or Platform in full.

9. Links to other websites and social media services

Our Website also contains links to third-party websites. If Visitors click on such links, certain data may be passed on to such third parties to the extent required. We have no influence on whether and how the third-party websites and services process personal data of Visitors. We do not review third-party websites and services, and we are not responsible for them or their privacy practices. Visitors should refer to the privacy notices of the third-party websites or services they access through our Website.
In the following, we would like to draw Visitors’ attention in more detail to links to the social media services of “XING” and “LinkedIn” and indicate what data is transmitted by them if they wish to share articles on our site via a so-called “share button”.

XING
Our Website uses features of the XING network. The provider is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
The “XING Share button” is used on this Website. When this Website is accessed, a connection to servers of XING SE (“XING”) is established for a short time via the Visitor’s browser with which the “XING Share Button” features (in particular the calculation/display of the counter value) are provided. XING does not store any personal data of Visitors about the access of this Website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior via the use of Cookies in connection with the “XING Share Button”. The current data protection information on the “XING Share button” and supplementary information can be found on the following Website: https://www.xing.com/app/share?op=data_protection

LinkedIn
Our Website continues to use the “share function” of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
When Visitors click on the LinkedIn button on one of our pages to share a message, they are – provided they are logged into their user account at LinkedIn – redirected to their user account in a separate browser window and can share the electronic publication deposited on our Website by adding a comment.
When accessing LinkedIn, the IP address assigned to the Visitor’s terminal is transmitted to LinkedIn. LinkedIn also stores information about the terminals of its users; LinkedIn is, if required, able to assign IP addresses to individual users. If Visitors are currently logged in to LinkedIn, a Cookie with your LinkedIn identifier is located on your terminal. This enables LinkedIn to track that they have visited this page and the way they have used it.

If Visitors want to avoid that, they should log out of LinkedIn or disable the “stay logged in” feature. In addition, Visitors may delete the Cookies present on their device and exit and restart their browser. In this way, LinkedIn information through which their account can be directly associated with their visit to our Website will be deleted.

We must point out to Visitors that we otherwise have no knowledge of the content of the (personal) data transmitted nor of its use by LinkedIn. Please find more detailed information on this in LinkedIn’s privacy notice at: https://www.linkedin.com/legal/privacy-policy.

We offer links to the above-mentioned social media services, including the possibility to share content on them, on the basis of Art. 6 (1) point f GDPR. Our legitimate interest lies in making our Platform better known. The underlying promotional purpose is to be considered a legitimate interest within the meaning of the GDPR.

In addition, Visitors who click on the link do so voluntarily and therefore give consent to the above-mentioned data processing pursuant to Art. 6 (1) point a GDPR.

10. Automated decision-making (“profiling”)

Automated decision-making pursuant to Art. 22 GDPR does not take place on the Website nor on the Platform.

11. Right to object

Visitors and Users have the right to object at any time to the collection, processing and storage of their personal data on the basis of Art. 6 (6) point f GDPR (data processing for the protection of legitimate interests) on grounds relating to their particular situation.

After receipt of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of Visitors or Users. If the processing of your personal data serves the assertion, exercise or defense of legal claims, we are obliged to continue processing the data despite objection.

Users should note that they will not be able to continue to use the Platform after they made an objection, even though they have been legitimized to use the Platform by a user contract with a Customer.

In principle, an objection can be made without any formalities. Please address the objection, stating your first name, last name and e-mail address, to our data protection officer at the contact details given above.

12. Other rights of data subjects

Every data subject has the right of access to the personal data we have collected about him or her (Art. 15 GDPR). We will, upon request, inform data subjects of the origin, categories and recipients of the data, the purpose, the envisaged storage period and the relevant legal basis for data processing, as well as the existence of automated decision-making.

If inaccurate personal data is processed, data subjects have the right to rectification (Art. 16 GDPR). If the legal requirements are met, data subjects may request erasure or restriction of processing (Art. 17 and 18 GDPR) and, if applicable, assert the right to data portability (Art. 20 GDPR). If data subjects make use of their aforementioned rights, we will check whether the legal requirements are met and take these into account. In addition, we will comply with our notification obligation under Art. 19 GDPR and notify all recipients to whom personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort.

Visitors and Users can withdraw their consent to the processing of personal data at any time with effect for the future. It should be noted that a withdrawal does not affect the lawfulness of the processing of personal data until the time of withdrawal. In addition, it is possible that we continue to process personal data on the basis of other applicable and permissible legal grounds. Please contact us directly for a withdrawal using the contact details above or also directly to the data protection officer at datenschutz@debtivision.de.

Furthermore, there is a right to lodge a complaint with the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg https://www.baden-wuerttemberg.datenschutz.deif Visitors or Users believe that the processing of personal data concerning them violates the GDPR.
The address of the competent supervisory authority is:

The State Commissioner for Data Protection of Baden-Württemberg

Lautenschlagerstraße 20
70173 Stuttgart

Telephone: 0711 6155410
Fax: 0711 61554115

13. Data security and technical and organizational measures

We make every effort to the best of our knowledge and in accordance with the requirements of the law, in particular the GDPR and the German Federal Data Protection Act (BDSG), to take suitable technical and organizational measures to ensure an adequate level of protection for the processing of (personal) data. These measures aim to protect personal data against intentional manipulation, unauthorized or accidental deletion or disclosure, and unauthorized access by third parties. We take into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of data processing, as well as various probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons.

Nevertheless, we must point out that, despite all security measures, information that Visitors and Users voluntarily provide via the network may be used by third parties. We accept no liability in the event of data transmission errors or unexpected, unauthorized access to Visitors’ and Users’ data by third parties.

We regularly review and evaluate our technical and organizational measures for our Platform and Website and adjust them to technical developments. These measures include: SSL procedures with the highest possible SSL encryption supported by your browser, creation of temporary log files, access and separation control through a rights and roles concept for the Users of the Platform, and input control through an implemented dual control principle. A complete list of all technical and organizational measures of DEBTVISION can be obtained in the current version at datenschutz@debtvision.de.

14. Contact

If you have any questions, comments or suggestions for improvement on the subject of data protection, please feel free to contact us by e-mail at datenschutz@debtvision.de.

15. Amendments

We reserve the right to change this Privacy Policy at any time with effect for the future and to make the current version of the Privacy Policy available on our Website at this point.