OVERVIEW
Being successful requires not only technical expertise, but also a willingness to constantly take on new challenges.

About us

04

A company's expertise is measured by its experience and past performance. Our highest priority is the satisfaction of our customers.

References

03

"It is not that we have too little time, but rather that we do not use the time we have!"
Lucius A. Seneca

Recognising added value and implementing it effectively.

Value added
01

FINNOVAL GmbH
Königstraße 7
01097 Dresden

Fon: +49 (0)351 212 44 710

Mail: kontakt@finnoval.de

FINNOVAL GmbH
Königstraße 7
01097 Dresden

Fon: +49 (0)351 212 44 710

Mail: kontakt@finnoval.de

HEY

Privacy Policy

Confidentiality is paramount.

Your personal data is handled in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (BDSG) as well as other legal requirements as the basis for a trusting business relationship with our partners, clients, customers, and suppliers. We maintain the confidentiality of your personal data and ensure its protection through technical and organizational security measures that comply with current security standards. The privacy policy applies to the website www.finnoval.de and all its subdomains.

You can change your privacy preferences at any time at settings .

01. Responsible party

Name and contact details of the controller:

FINNOVAL GmbH
Königstraße 7
01097 Dresden

Telefon: 0351 21244710

Mail: kontakt@finnoval.de

(hereinafter referred to as “Company” or “we”)

We are currently not required to appoint a data protection officer. If you have any questions about your data, you can contact us at kontakt@finnoval.de

02. Definitions

Personal data“ is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing“ is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

The "controller“ is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

Special categories of personal data“ is data that reveals your racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life, as well as genetic data and biometric data that uniquely identifies a natural person.

 

03. Type of data

We process the following personal data:

  • Personal information such as your name, date of birth, documents to verify your identity (including a copy of your ID card or passport), contact details you provide to us, and all details relating to our business relationship, such as contract details, customer IDs, file numbers, customer numbers, bank details (IBAN, BIC, bank, account holder), and payment information.
  • Data transmitted by your browser and automatically collected by our server when you access our website, such as the date and time of your visit, your IP address, data about the device you are using to interact with the contact form (e.g., browser settings, browser type, operating system, device ID), the name of the file accessed, and the amount of data transmitted. Additional data is only collected if you actively disclose it, e.g., in the case of an inquiry.
  • Data provided to us by third parties in the course of contract initiation or fulfillment, such as data records from contractual partners, cooperation partners, suppliers, and other third parties.
  • Special categories of personal data: As a matter of principle, we do not collect or process any special categories of personal data. Should it be necessary in individual cases to collect or otherwise process special categories of personal data, we will always do so in accordance with the GDPR/BDSG and the relevant national regulations.

04. Legal basis for the processing of your data

We only process your personal data if there is a legal basis under the GDPR or if you have given your consent:

  • Consent: Based on your previously given express and voluntary consent. You have the right to withdraw your consent at any time with effect for the future (Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, if applicable Art. 9 para. 2 lit. a), Art. 7 GDPR).
  • Performance of a contract/pre-contractual measures: To initiate and execute your contractual relationship with the company (Art. 6 para. 1 sentence 1 lit. b) GDPR)
  • Safeguarding legitimate interests: To safeguard our legitimate interests, subject to the mandatory requirement that your interests do not outweigh ours (Art. 6 (1) sentence 1 lit. f) GDPR).

 

We will only disclose your personal data to third parties if:

  • you have given your express consent (Art. 6 (1) sentence 1 lit. a) GDPR);
  • the disclosure is necessary for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your personal data (Art. 6 (1) sentence 1 lit. f) GDPR);
  • in the event that there is a legal obligation to disclose the data (Art. 6 (1) sentence 1 lit. c) GDPR).

05. Purpose of data processing

We process your personal data only for specific purposes and only the personal data relevant to achieving this purpose (principle of data minimization). We process personal data in particular for the following purposes:

  • to fulfill the contract concluded with you and to manage our business relationship, including communication with you, as well as to handle customer service-related questions and complaints, and to facilitate receivables management;
  • to learn more about you as a customer, the products and services you use, and other products and services you may be interested in;
  • for measures to improve our products and services and the technologies we use, including reviewing and updating our systems and processes, and for market research purposes to find out how we can improve our existing products and services or what other products and services we can offer;
  • Marketing and advertising, e.g. to draw your attention to products and services that we believe may be of interest to you, and to contact you to carry out marketing campaigns;
  • to implement measures to improve and develop services and products in order to offer you a personalized approach with tailor-made offers and products;
  • Purposes for which you have given us prior consent, for example when subscribing to a newsletter;
  • Exchange data with credit agencies (e.g., Schufa, Creditreform) to determine creditworthiness and default risks, in particular if the requirements of Section 31 of the German Federal Data Protection Act (BDSG) are met;
  • Assertion, exercise, or defense of legal claims;
  • Ensuring IT security and IT operations;
  • Managing risks.

 

If we intend to further process your personal data for a purpose other than that for which the personal data was collected, we will provide you with information about this other purpose and all other relevant information in accordance with this privacy policy prior to such further processing.

06. Deletion, retention period of your data

We ensure that all your personal data is deleted in accordance with the principle of data minimization and Art. 17 GDPR.

In accordance with Art. 17 GDPR, we only store your personal data for as long as is necessary for the respective purposes for which we process your personal data. If we process personal data for multiple purposes, it will be automatically deleted or blocked as soon as the last specific purpose has been fulfilled, provided that there are no legal, statutory, or contractual retention periods that prevent deletion.

The commercial and tax law retention periods for storage and documentation are up to ten years. In addition, the storage period is also based on the statutory limitation periods pursuant to Sections 195 et seq. of the German Civil Code (BGB), which are up to 30 years, with the regular limitation period being three years if the data is required for the assertion, exercise, or defense of (civil) legal claims.

Under certain circumstances, your data may also need to be retained for longer periods due to official or court orders.

Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the company is subject.

07. Technical and organizational measures to protect your data

We process your personal data in accordance with the security requirements set out in Art. 32 GDPR. To this end, we have implemented appropriate technical and organizational measures that comply with recognized IT standards and are continuously reviewed. This ensures that your data is adequately protected against misuse or any other unauthorized data processing at all times.

Personal data that you transmit to us via our website is encrypted during transmission; we use Secure Socket Layers (SSL) encryption technology for this purpose.

08. Data transfer to third parties

01. We may also transfer your personal data to third parties for the purposes set out in this privacy policy and in accordance with statutory disclosure and reporting requirements.

This includes companies and institutions in the following categories:

  • Tax advisor/auditing firms;
  • Authorities;
  • Insurance;
  • Collection agencies and lawyers;
  • Suppliers;
  • Public authorities and institutions (e.g., social security agencies, supervisory authorities, etc.) if there is a corresponding obligation/authorization.

02. We also transfer your personal data to subcontractors (processors) who support us in handling our business processes as part of fulfilling our business relationship. They process your data on our behalf on the basis of a so-called “contract for data processing on behalf of” us.

We use processors in the following categories:

  • Distribution partner;
  • Internet service provider;
  • (IT) service provider;
  • Support center;
  • IT-Provider;
  • Tracking service provider;
  • Printing service provider;
  • Archiving service provider;
  • Credit reporting agencies;
  • Credit institutions and payment service providers;
  • Distribution partner.

03. Data transfer to non-EU member states

If data is processed in countries outside the EU or the European Economic Area (“EEA”), the company will ensure that your personal data is processed in accordance with European data protection standards. If the third country does not have a level of data protection recognized as adequate by the European Commission, we will ensure before the transfer that the recipient has an adequate level of data protection in accordance with Art. 44 ff. GDPR (e.g., through self-certification by the recipient or by agreeing on so-called EU standard contractual clauses of the European Union with the recipient).

09. Individual data collection

Automated decision-making

We do not use automated decision-making in accordance with Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you separately in accordance with the statutory provisions.

Data collection on our website

01. Visit to the website

Data categories: When you visit our website, data is automatically stored in the server statistics (so-called server log files), which your browser automatically transmits to us. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • Date and time of retrieval;
  • IP address of the accessing device or server;
  • Request details and destination address;
  • Name of the file accessed and amount of data transferred;
  • Notification of whether the retrieval was successful;
  • Name of your Internet service provider;
  • Information about the browser type and version used;
  • the user's operating system.

 

For data protection reasons, the IP address is anonymized in the log files containing this data.

Purpose of processing: We process the aforementioned data for the following purposes:

  • Ensuring smooth connection establishment to the website
  • Ensuring comfortable use of our website
  • Evaluation of system security and stability
  • for administrative purposes

Legal basis for data processing: Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.

Deletion of your data: For security reasons (e.g., to investigate misuse), the log file information is stored anonymously by the provider for a short period of time and deleted when it is no longer required.

02. Activities via the website

Data categories: When you register for an event via our website, subscribe to our newsletter, or use our web contact form, you will be asked to provide us with some of your personal data.

In addition to the data collected when the website is accessed (see above), the following data is processed:

  • First and last name;
  • Email address;
  • Date and time of registration.

Purpose of processing: The processing of the personal data you provide is necessary to handle your request and to communicate with you, as well as to operate our business.

Legal basis your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR is required for data processing.

  • Inquiries: Your consent will be obtained in advance via opt-in for the processing of data, and reference will be made to this privacy policy. By activating the checkbox and submitting the contact form or inquiry, you consent to the transmission and storage of your personal data and IP address in accordance with Art. 6 (1) (a) GDPR.
  • Newsletter: The double opt-in procedure is used for the newsletter, i.e., after you register, we will send an email to the email address you provided containing a link for final registration. Your confirmation ensures that you have actually requested the newsletter. Only after you confirm the link in the email will your data be stored for the purpose of sending you the newsletter for the duration of your use of our newsletter service.
  • Events: If you register for an event using our event registration form, we will collect, store, and process your personal data for the purpose of organizing and conducting the event. By submitting your registration, you declare your consent to this.

Deletion periods:

  • Inquiries: We only store your data for the purpose of processing your request. Your data will be deleted once your request has been processed, at the latest after four weeks, unless new processing purposes arise from the request (e.g., a contractual relationship) with other statutory retention periods.
  • Newsletter: If you do not confirm your registration for the newsletter using the double opt-in procedure, your data will be deleted after 48 hours.
  • Events: Your data will be deleted no later than 30 days after your visit.

You can unsubscribe from the newsletter at any time using the links provided in our communications. The data you have provided will then be deleted.

03. First Party Cookies

01. Functional cookies

Cookies are small text files that your browser automatically creates and that are stored on your device (PC, laptop, tablet, smartphone, etc.) when you visit our website. First-party cookies are cookies that are set directly by our website.

Data categories: Our website uses so-called session cookies.

The use of session cookies, i.e., cookies that are technically necessary for our Internet services (functional cookies), serves to make the use of our website more pleasant for you. Session cookies store data about your visit to the website and thus increase its user-friendliness: When you visit our site again, your entries and settings from your first visit are automatically applied so that you do not have to enter them again.

Language settings are stored and transmitted in the cookies.

Purpose of processing: The purpose of using technically necessary cookies is to simplify the use of websites for users.

Legal basis for data processing: The data processed by session cookies is necessary for the purposes mentioned above in order to safeguard our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) GDPR, namely to provide our services in a form that enables user-friendly use of the online offering. Log files are stored for the integrity and security of the website.

Duration of storage: Session cookies are temporary cookies and are automatically deleted when you close your browser.

Right to object and opt out:

Most browsers automatically accept cookies. You can object to the use of cookies at any time with future effect by changing the settings in your browser so that it does not accept any or only certain cookies, or so that you are notified as soon as cookies are sent. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

If cookies are disabled for our website, it may no longer be possible to use all of the website's functions to their full extent.

If you use our website with multiple devices, you must object to its use on each device.

02. Google Analytics

For the purposes of customer-oriented advertising, we create pseudonymized user profiles using Google Analytics, a web analytics service provided by Google USA. Google Analytics and Google Analytics 360 are operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google USA”). First-party cookies are used to perform this service.

Data categories: Google Analytics collects the following categories of data:

  • the anonymized IP address of the user's calling system;
  • the website accessed;
  • the website from which the user accessed the website (referrer);
  • the subpages accessed from the website visited;
  • the length of time spent on the website;
  • the frequency of visits to the website;
  • Time of the server request;
  • Orders, including sales and the products ordered;
  • the achievement of “website goals” (e.g., contact requests and newsletter subscriptions);
  • user behavior on the pages (e.g., clicks, scrolling behavior, and length of stay).

The information generated by cookies about your use of this website may be transmitted to Google servers in the USA, or Google may access data from the USA. We have activated IP anonymization on this website (“anonymizeIP”) so that your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. In exceptional cases, the full IP address is transmitted to a Google server and truncated there.

Google USA has committed to complying with the Privacy Shield Agreement between the EU and the USA published by the US Department of Commerce regarding the collection, use, and storage of personal data from EU member states. Google Analytics and Google Analytics 360 are ISO 27001 certified. When visiting our website, users are informed about the use of Google Analytics and their consent is obtained for the processing of personal data used in this context. In this context, reference is also made to this privacy policy.

We have concluded a contract with Google USA regarding order processing, which obliges Google to handle your data in accordance with data protection regulations.

The analytics data collected as described above is gathered on the pages of our website but is not linked to any personal information, meaning that this information cannot be used to identify you personally. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. User behavior is only evaluated after anonymization as described above.

Purpose of processing: Optimization of our respective websites through personalization/customization of the offering as well as recognition and feature assignment of users in the case of advertising-financed offerings.

Legal basis for data processing: The legal basis is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR, which we obtain from you via opt-in before you use the website.

Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after XXX months. Other data remains stored in aggregated form for an indefinite period.

Further information about Google's privacy policy with regard to its analytics service can be found at here.

10. Rights of data subjects and your right to lodge a complaint with the supervisory authority

As a data subject whose personal data is processed, you can assert the following rights against us in accordance with the GDPR and the BDSG (“data subject rights”):

01. Right to information pursuant to Art. 15 GDPR: You have the right to request information about the personal data stored about you, in particular about

  • the purposes of processing;
  • the data categories
  • the recipients to whom your data is transferred, in particular recipients in third countries or international organizations;
  • the planned storage period or, if this is not possible, the criteria for determining this period
  • the existence of a right to rectification or erasure of the data or to restriction of processing or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • the origin of the data, if we did not collect it directly from you;
  • the existence of automated decision-making, including profiling, in particular meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject;
  • the appropriate safeguards pursuant to Article 46 GDPR when transferring your data to a third country or to an international organization.

The exceptions under Section 34 of the Federal Data Protection Act (BDSG) apply here.

02. Right to rectification pursuant to Art. 16 GDPR: You may request that we immediately rectify any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data.

03. Right to erasure pursuant to Art. 17 GDPR: You may request that we erase your personal data, provided that the legal requirements for this are met. This may be the case, for example, if

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • You withdraw your consent, which is the basis for data processing, and there is no other legal basis for processing;
  • You object to the processing of your personal data and there are no overriding legitimate grounds for the processing, or you object to the processing of data for direct marketing purposes;
  • the personal data has been processed unlawfully;
  • the erasure of the data is necessary for compliance with a legal obligation under Union or Member State law;
  • the data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

The exceptions of Art. 17 (3) GDPR and the additions pursuant to § 35 BDSG apply here.

04. Right to restriction of processing pursuant to Art. 18 GDPR: You may request that we restrict the processing of your personal data if

  • you dispute the accuracy of the personal data, for as long as we need to verify the accuracy of the data;
  • the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
  • we no longer need your personal data, but you need it to assert, exercise, or defend legal claims;
  • You have objected to the processing, as long as it is not yet clear whether our legitimate reasons outweigh yours.

05. Right to data portability pursuant to Art. 20 GDPR: Upon your request, we will provide you with your personal data that you have provided to us in a structured, commonly used, and machine-readable format so that you can transfer it to another controller. However, you are only entitled to this right if the data processing is based on your consent or is necessary for the performance of a contract and the processing is carried out using automated procedures.

06. Right of withdrawal pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent from us at any time. As a result, we will no longer continue the data processing that was based on this consent in the future.

07. Right to object pursuant to Art. 21 GDPR: If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data if there are reasons for this arising from your particular situation or if the objection is directed against direct marketing or profiling in connection with such direct marketing. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or we need your personal data to assert, exercise, or defend legal claims.

Profiling is subject to the exception in Section 37 of the Federal Data Protection Act (BDSG).

If you wish to exercise your right of withdrawal or objection, simply send an email to kontakt@finnoval.de.

08. You also have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace for this purpose.

We generally respond to requests within one month of receipt. However, this period may be extended due to specific data subject rights or the complexity of your request. In this case, we will inform you of the reasons within the one-month period.

The first step towards improvement is
recognising that you have a problem.
Contact form

Interested?

We look forward to hearing from you:


    sayhello
    sayhello