DEBTVISION GmbH, Fritz-Elsas-Strasse 31, 70174 Stuttgart, Germany (referred to hereinafter as “we”), operates the “DEBTVISION” electronic platform (referred to hereinafter as the “platform” and available via www.platform.debtvision.de), which is a marketplace that enables companies providing capital and companies seeking capital (referred to hereinafter as our “customers”) to arrange financing. Via our Internet presence www.debtvision.de (referred to hereinafter as the “website”) we offer all visitors to our website (referred to hereinafter as “visitors”) information about our products and services and enable them to establish contact with us. Furthermore, authorized representatives of our customers (referred to hereinafter as “users”) can register or arrange to be registered on our platform and can subsequently operate on the platform.
We use any personal data concerning our visitors and users only in accordance with the applicable provisions under data protection law, including, in particular, the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The following text provides information on how we process any personal data you have provided, what information, if any, we collect, how we handle it and whom we may provide it to and for what purpose. By using our website www.debtvision.de and our “DEBTVISION” platform you agree to the collection, processing and use of data as described below.
1. Controller for the Processing of Personal Data Within the Meaning of the GDPR
2. Data Protection Officer
3. General Information on Data Processing on the Website and Platform
We process personal data concerning our users only to the extent required to provide a functioning website as well as the content and services on our platform. Personal data concerning our users is generally processed only following consent from the respective user (Article 6 (1) letter a)). An exception arises in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted based on statutory provisions (Article 6 (1) letter c)) or in order to safeguard our legitimate interests (Article 6 (1) letter f)).
Please be advised that you are not obliged at any time to consent to the processing of personal data. However, if you do not voluntarily provide certain personal data to us you cannot use certain functions of our website and platform at all or can make only restricted use of them.
You may revoke any consent you granted previously at any time. In order to revoke consent it is sufficient to send notice (no particular form required) by e-mail to email@example.com. Revoking consent does not affect the legality of data processing prior to that time.
4. General Information on Routine Erasure and Blocking of Personal Data
We process and store your personal data on the website and platform only for the period required to achieve the respective storage purpose or if this is stipulated by the European body issuing directives and regulations or another legislative body in laws or regulations to which we are subject.
Personal data could be stored after the original storage purpose has ceased in order, in particular, to comply with retention obligations under commercial and tax law. The German Securities Trading Act (WpHG), the German Money Laundering Act (GwG), the German Banking Act (KWG), the German Commercial Code (HGB) and the German Fiscal Code (AO) serve as a basis for this. We are additionally subject to the statutory limitation periods under Sections 195 et seq. of the German Civil Code (BGB).
If the storage purpose ceases or a storage period prescribed by the European body issuing directives and regulations or another legislative body expires, the personal data will be blocked or erased in accordance with the statutory provisions.
5. Processing of Personal Data and Type, Purpose and Legal Basis of Their Use
a) When visiting the website
Visitors automatically send information to the provider of our website when calling up the website. This information is temporarily stored in a log file.
The following data are collected in this process and stored until automatically deleted:
- Date and time of access
- IP address of the requesting terminal
- Amount of data transferred
- Information on the browser type and version used
- User’s operating system
- Name of the Internet service provider
- Website from which the user’s system accessed our website (referrer URL)
- Websites the user’s system calls up via our website
Such data are not stored together with other personal data concerning the user.
We process the aforementioned data for the following purposes:
- Ensuring a smooth connection is established with the website
- Safeguarding the functionality of the website and removing faults
- Enhancing and optimizing the website
- Ensuring the security of our IT systems
- Investigating and pursuing cases of misuse and
- For other administrative purposes
The legal basis for the temporary storage of data and log files is Article 6 (1) letter f) GDPR. Our legitimate interest lies in the aforementioned data processing purposes. We do not under any circumstances use the personal data so collected to draw any conclusions regarding you as an individual.
All log files are stored for a maximum period of seven days and subsequently erased automatically. If log files are necessary in order to investigate and pursue misuse, these may also remain stored for evidence purposes until the incident has been clarified.
b) When using the contact form and establishing contact by e-mail
We offer visitors to our website a contact form that can be used for establishing contact electronically. If visitors (referred to hereinafter as “persons requesting contact”) choose this option, our provider forwards the data entered in the input screen via e-mail using SSL encryption.
The data forwarded from the input screen is:
- User’s first and last name
- User’s e-mail address
- Content of the message
- In addition, the following data are collected and stored when the message is transmitted:
- Date and time the message is sent
- User’s IP address
In accordance with Article 6 (1) letter a) GDPR, your consent to the processing of these data will be obtained prior to sending the message and reference made to this data protection information.
As an alternative to using the contact form, visitors can also make contact with us directly via the e-mail address provided (firstname.lastname@example.org) (also referred to hereinafter as “persons requesting contact”). In this case, the personal data transmitted with the e-mail will be stored.
In this context, the data will not be disclosed to third parties without prior consent. The data are used exclusively for processing the conversation.
Purpose of data processing:
- The personal data provided via the input screen are processed solely for the purpose of establishing contact.
- The other personal data transmitted during the sending process help to prevent misuse of the contact form and safeguard the security of our IT systems.
Legal basis for data processing:
- If the user’s consent has been obtained pursuant to Article 6 (1) letter a) GDPR.
- Article 6 (1) letter f) GDPR is the relevant legal basis for the processing of data transmitted to us when an e-mail is sent. If contact is established via e-mail, our necessary legitimate interest in processing the data lies in processing the request.
We store personal data transmitted via e-mail or the contact form until the person requesting contact requests that we erase them or revokes their consent to their storage, or it is no longer necessary to store the data. This is the case, for example, if the relevant conversation with the person requesting contact has ended. The conversation has ended only if it appears from the relevant circumstances that the reason for establishing contact has been conclusively resolved. Mandatory statutory provisions – including retention periods due to any subsequent processing of contracts – remain unaffected.
The additional personal data collected during the sending process are erased after a period of seven days at the latest.
The person requesting contact has the option to revoke their consent to the processing of personal data at any time and without providing reasons. If a person establishes contact with us via e-mail, they can object to the storage of their personal data at any time. In such a case, we cannot continue our conversation with them. The revocation of consent or objection to storage can be addressed to email@example.com and does not require any particular form. Once you have received confirmation of the revocation of consent or objection to storage, all personal data stored during the process of establishing contact will be irrevocably erased.
c) When registering as an investor on the platform
To use the platform and access our services and content, customers must define individuals from their company who will be given personalized access to our platform. This registration can be carried out on our website. Registration involves granting consent to data processing pursuant to Article 6 (1) letter a) GDPR.
During the registration process the following personal data must be provided in mandatory fields on an input screen:
- Personal data: first and last name of contact
- Communication data: e-mail, telephone
- Address data
In addition, further company-related data (such as full company name, address), but not personal data, are requested during the registration process.
We store these data to enable the performance of services and use of the platform within the context of the contractual relationship with a customer.
The legal basis for the processing of personal data in the context of registration is, on the one hand, the consent given pursuant to Art. 6 (1) a DSGVO and, on the other hand, our legitimate interest pursuant to Art. 6 (1) f DSGVO. Our legitimate interest here is the processing of the registration to attract new customers and investors for our platform. Furthermore, it is in our interest to provide the customer with a registration process that is as quick and easy as possible, which enables the review of contract documents and transmission of all required data at the same time. Last but not least, the registration and the associated processing of personal data is in the interest of the customer for whom the data subject is registering. This is because this customer wishes to use the services of DEBTVISION on its own behalf and has this possibility only when natural persons register on the platform.
As a registered user of our platform you have the option of canceling the registration at firstname.lastname@example.org at any time. You may also have the data stored via the registration amended at any time.
d) When registering as a borrower on the platform
In order to be able to use our platform and access our services and content, corporate customers who act as capital recipients must also define persons from their company who will receive personalized access to our platform. However, this registration cannot be carried out directly on our website. Instead, a contact form can be used to submit a request for registration, whereupon we will contact you. When using this contact option, the data entered in the input mask will be forwarded via our provider by e-mail with SSL encryption
The following personal data must be provided in mandatory fields:
- Personal data: first and last name of contact
- Communication data: e-mail, telephone
- Read and write permissions
- In addition, the following data are collected and stored when the message is transmitted:
- Date and time the message is sent
- User’s IP address
For the processing of this data, your consent pursuant to Art. 6 (1) a DSGVO is obtained before sending the message and reference is made to this data protection notice. The legal basis for this processing of personal data in the context of contacting us for registration is, on the one hand, the consent given pursuant to Art. 6 (1) a DSGVO and, on the other hand, our legitimate interest pursuant to Art. 6 (1) f DSGVO. Our legitimate interest here is the processing of the registration for the acquisition of new customers and capital buyers for our platform. Furthermore, it is in our interest to provide the customer with the fastest and easiest registration process possible. And finally, the registration and the associated processing of personal data is in the interest of the customer for whom the data subject is registering. This is because this customer wishes to use the services of DEBTVISION for himself and has this possibility only when natural persons register on the platform.
The data subject using the contact form has the possibility to withdraw his consent to the processing of personal data at any time and without giving reasons. In such a case, we cannot continue the registration process. A revocation of consent can be made informally to email@example.com. After you have received confirmation of the revocation of consent, all personal data stored in the course of contacting you will be irrevocably deleted.
e) When using the platform as a registered user of a customer
Via this process general data are automatically stored in a log file together with the pseudonymized user identifier each time a page on the platform is accessed and each time a file is retrieved. This relates to:
- Activities on the platform (e.g. creating and amending deal-related data, issuing orders or downloading and uploading documents)
- Name of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- A report on whether the retrieval was successful
- A description of the type of web browser used
- Operating system used
- In addition, with every time a file is downloaded that is password protected or has a confirmation text attached, further information about this process is stored in addition to the file itself. This is the following: the name of the user who downloaded the file and name of the user, i.e. the company for which the user acts
Purposes of data processing:
- Enhancing and optimizing the platform
- Creating (aggregated) statistics that are not traceable to individual persons
- Documenting actions and activities in connection with transactions that are legally binding or aimed at initiating the conclusion of contracts between registered companies (e.g. issuing of soft and firm orders)
- To document actions and activities in connection with transactions that may trigger a payment obligation (such as downloading additional information such as rating reports or others) or which are preceded by the acceptance of a confirmation text (such as a disclaimer or a confidentiality agreement)
- Detecting and preventing misuse and disruptions, insofar as is permitted by law and necessary
The first time you log in to our platform we obtain your consent pursuant to Article 6 (1) letter a) GDPR for processing and storing your user activities together with your user identifier. Your consent is granted on a voluntary basis.
We also reserve the right to process and store these data for the purpose of safeguarding our legitimate interests in accordance with Article 6 (1) letter f) GDPR. In this case, safeguarding the platform’s functionality as well as preventing fraud and documenting the persons operating on the platform as required by law represent the legitimate interests on our part that make it necessary to process your personal data.
Registered users can revoke their consent to such processing at firstname.lastname@example.org at any time and without providing reasons. Furthermore, they can also object to the processing of their personal data. A more detailed explanation of objection can be found in Section 14 of this data protection information. Please note that users cannot use the content and services of our platform without granting us their consent.
If a user objects to the processing of personal data, revokes their consent and/or has their registration for our platform canceled, or the purpose of the processing ceases, we will erase this user’s personal data. This does not apply to data that we must continue to process based on statutory provisions of the European body issuing directives and regulations or another legislative body.
6. Disclosure of Personal Data
We do not disclose data to third parties unless the visitor or user has expressly consented to this. This does not apply to the disclosure of data based on legal provisions.
If we commission external service providers in connection with the processing of personal data, this occurs solely on the basis of compliance with the provisions under data protection law relating to contract data processing pursuant to the GDPR. We ensure that we work only with contract processors who offer sufficient guarantees that suitable technical and organizational measures are carried out to ensure an adequate level of protection for the personal data of all visitors and users as well as their rights as individuals.
7. Transmission of Personal Data to Third Countries
Data on the platform is only transmitted to third countries (countries outside the European Economic Area – EEA) if the third country concerned has an adequate level of protection (e.g. Switzerland) pursuant to Article 45 (1) GDPR and this is required in order to execute our customer’s orders or a visitor or user has expressly granted us their consent.
With regard to the website, transmissions to third countries may also occur if a visitor clicks on a link to third-party websites (further information can be found in Section 9 of this data protection information). You can find information on this in the relevant data protection information on the websites you access via our website.
We also rely on the services of Google Analytics (Section 10 of this data protection information), Google AdWords (Section 11 of this data protection information) and Google Fonts (Section 12 of this data protection information). Use of these services involves the transmission of visitors’ data to third countries. Information on how users can prevent this is provided in the relevant sections below.
8. Use of Session Cookies
This website uses session cookies that do not contain any personal data (collectively referred to hereinafter as “cookies”) in order to collect and store information required by the system. Cookies cannot execute programs or transfer viruses to your terminal. Cookies are small text files that are installed on your computer and stored by your browser for the active session. These types of cookies are automatically deleted after the end of the session.
Cookies are installed on the basis of Article 6 (1) letter f) GDPR. As the operator of this website and our platform we have a legitimate interest in storing cookies in order to facilitate the smooth provision of our content and services to all visitors without any technical faults.
Visitors can prevent the installation of cookies by setting their browser software accordingly; please note, however, that it may not be possible to use all the functions of our website or platform in full in this case.
9. Links to Other Websites and Social Media Services
Our website also contains links to third-party websites. If visitors click on such links, the required amount of certain data may be disclosed to such third parties. We have no control over whether and how the third-party websites and services process visitors’ personal data. We do not examine the third-party websites and services and are not responsible for them or their data protection practices. In this regard visitors should read the data protection information for the third-party websites and services they access via our website.
In the text below we would like to draw visitors’ attention more closely to links to the social media services of XING and LinkedIn and notify them regarding the data these services transfer if they wish to share articles on our site via a share button.
Our website uses functions of the XING network. The provider is XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany.
The XING share button is used on this web page. When this web page is called up, the visitor’s browser briefly establishes a connection with the servers of XING SE (“XING”) via which the XING share button functions (including the calculation/counter display) are provided. XING does not store any personal data concerning visitors when this web page is called up. In particular, XING does not store any IP addresses, neither is your user behavior analyzed via the cookies used in connection with the XING share button. You can find the current data protection information on the XING share button and additional information on this web page: https://www.xing.com/app/share?op=data_protection
Our website also uses the share function of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
If visitors click on the LinkedIn button on one of our pages in order to share a message, provided they are logged in to their LinkedIn user account this message will be forwarded to their user account in a separate browser window and they can share the electronic publication stored on our website and add a comment.
When LinkedIn is accessed, the IP address that was allocated to the visitor’s terminal is transmitted to LinkedIn. LinkedIn additionally stores information regarding its users’ terminals; LinkedIn may thus be able to allocate IP addresses to individual users. If visitors are logged into LinkedIn at the time, a cookie containing their LinkedIn identifier is located on their terminal. LinkedIn is therefore able to establish that they visited this page and how they used it.
If visitors would like to prevent this, they should log out of LinkedIn or deactivate the “Stay logged in” function. Visitors can also delete the cookies installed on their device and close and restart their browser. This erases LinkedIn information that can directly link their account to their visit to our website.
We must advise visitors that we otherwise have no knowledge of the content of the (personal) data transmitted or its use by LinkedIn. More detailed information on this can be found in LinkedIn’s data protection information at: https://www.linkedin.com/legal/privacy-policy.
We offer links to the aforementioned social media services, including the option to share content on them, on the basis of Article 6 (1) letter f) GDPR. Our legitimate interest lies in raising awareness of our platform. The underlying promotional purpose is to be deemed a legitimate interest within the meaning of the GDPR.
10. Automated Decision-Making (Profiling)
Automated decision-making pursuant to Article 22 GDPR does not take place on either the website or the platform.
11. Right to Object
Visitors and users have the right to object on grounds relating to their particular situation at any time to the collection, processing and storage of personal data concerning them which is based on Article 6 (6) letter f) GDPR (data processing in order to safeguard legitimate interests).
Following receipt of an objection we will no longer process the personal data, unless we demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the visitors or users. If the processing of your personal data serves the assertion, exercise or defense of legal claims, we are required to continue to process the data despite the objection.
Visitors should note that they cannot continue to use the platform following an objection although they have been authorized by a user contract with a customer for use of the platform.
An objection does not require any particular form. Please address the objection to our data protection officer using the aforementioned contact details, stating your first name, last name and e-mail address.
12. Other Rights of Data Subjects
Every data subject has the right to receive information on the personal data we have collected concerning them (Article 15 GDPR). Upon request we notify data subjects regarding the origin, categories and recipients of the data, as well as the purpose, the expected storage period and the relevant legal basis for data processing and the existence of automated decision-making.
If incorrect personal data are processed, data subjects have the right to rectification (Article 16 GDPR). If the legal requirements are met, data subjects may request the erasure or restriction of processing (Article 17 and 18 GDPR) and, where appropriate, assert the right to data portability (Article 20 GDPR). If data subjects exercise their aforementioned rights, we will examine whether the legal requirements are met in this regard and take account of them. We will also meet our obligation of notification pursuant to Article 19 GDPR and notify all recipients to whom the personal data were disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or requires disproportionate effort.
Visitors and users may withdraw the consent granted for processing their personal data from us at any time with effect for the future. It should be noted that any revocation does not affect the lawfulness of the processing of personal data prior to the time of the revocation. It is also possible that we will process personal data based on other applicable and valid legal bases. To revoke consent, please contact us directly using the contact details above or contact the data protection officer directly at email@example.com.
Furthermore, visitors or users have the right to lodge a complaint with the State Officer for Data Protection in Baden-Württemberg https://www.baden-wuerttemberg.datenschutz.de if they are of the opinion that the personal data concerned is in breach of the GDPR.
The address of the responsible supervisory authority is:
The State Officer for Data Protection in Baden-Württemberg
Dr Stefan Brink
13. Data Security and Technical and Organizational Measures
We endeavor to the best of our knowledge and belief and in accordance with the provisions set out in legal requirements, particularly the GDPR and the German Federal Data Protection Act (BDSG), to take suitable technical and organizational measures to ensure an adequate level of protection for the processing of (personal) data. These measures aim to protect personal data against intentional manipulation, unfounded or accidental deletion and disclosure, and unauthorized third-party access. We take into consideration a number of factors including the state of the art; implementation costs; the type, scope, circumstances and purposes of data processing; the various probabilities of occurrence; and the level of risk for the rights and freedoms of natural persons.
We must nevertheless point out that, in spite of all the security measures, information that visitors and users voluntarily provide on the network may be used by third parties. We accept no liability for data transmission errors or unexpected, unauthorized third-party access to data concerning visitors and users.
We examine and evaluate our technical and organizational measures for our platform and website on a regular basis and adapt them to technological trends. These measures include SSL procedures with the highest possible level of SSL encryption supported by your browser, creation of temporary log files, access and separation control based on a rights and roles concept for users of the platform and input control based on implementation of a dual control principle. The most recent version of the full list of all technical and organizational measures taken by DEBTVISION may be requested at firstname.lastname@example.org.
If you have any questions, comments or suggestions for improvements on the subject of data protection, please contact us by e-mail at email@example.com .
We reserve the right to amend this data protection information at any time with effect for the future and to make the most recent version of the data protection information available in this section of our website.