data-protection-declaration

data-protection-declaration

Privacy statements

The German wording is legally binding. The English version is for information only.

A. Privacy Policy for the website leasing-pilot.com

1. Data protection

Deutsche Mittelstandsfinanzplattform GmbH, Bonner Str. 12, 51379 Leverkusen, Germany (hereinafter referred to as "we") operates the brokerage platform "leasing-pilot.com" (hereinafter also referred to as "platform" or "LeasingPilot").

With this privacy policy, we inform you which personal data we collect in the course of your use of https://.leasing-pilot.com and for what purpose the data is used. In this context, personal data is any data with which you can be personally identified. You can access this information at any time at www.leasing-pilot.de/datenschutz.

1.1 Responsible party and contact

The responsible party within the meaning of the data protection laws is:

Deutsche Mittelstandsfinanzplattform GmbH
Bonner Str. 12
51379 Leverkusen
Telephone: +49 2171 7768 698

If you have any questions or suggestions regarding data protection, please feel free to contact us by e-mail at datenschutz(@)leasing-pilot.com or by mail to the aforementioned address for the attention of the data protection officer. 

You can contact our data protection officer as follows: datenschutz(@)leasing-pilot.com.

1.2 Subject of data protection

The subject of data protection is personal data. According to Art. 4 No. 1 DSGVO, this is all information that relates to an identified or identifiable natural person; this includes, for example, name, postal address, e-mail address or telephone number, but may also include identification numbers or usage data. Usage data is data that is required to use our websites, such as information about the beginning, end and extent of the use of our website, the IP address and login data.

1.3 Automated data collection

When accessing our website, your end device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us: 

  • Web page accessed
  • Date and time of access
  • Referrer
  • IP address (shortened by one octet)
  • browser type/version
  • operating system used
  • the requested internet address (URL)
  • URL of the previously visited website and the access method used (protocol)
  • amount of data sent
  • duration of the connection
  • HTTP status code
  • Client browser signature

This non-personal data is stored exclusively for technical reasons and to ensure the error-free provision and security of our website and is not assigned to a specific person at any time. This data is collected automatically as soon as you enter this website.

On the other hand, your data is collected when you actively provide it to us. This can be, for example, data that you enter in a contact form.

1.4 What rights do you have regarding your data?

As a data subject of the processing of your personal data, you are entitled to the following rights with respect to your personal data:

  • Right to information about the processed data with regard to origin, recipient and purpose,
  • Right to rectification of your personal data,
  • Right to erasure of your personal data,
  • right to restrict the processing of your personal data
  • Right to the portability of your personal data.
  • In cases where data processing is based on Art. 6(1)(e) or (f) DSGVO, or is carried out for the purpose of direct marketing, you have the right to object to the processing at any time.

You also have the right to contact a supervisory authority in case of complaints. The supervisory authority responsible for North Rhine-Westphalia is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.
Kavalleriestrasse 2-4
40213 Düsseldorf

poststelle@ldi.nrw.de

1.5 Data processing when exercising your rights

Finally, we would like to point out that we process the personal data provided by you when exercising your rights pursuant to Articles 15 to 22 DSGVO for the purpose of implementing these rights and to be able to provide proof thereof. We will process data stored for the purpose of providing information and preparing it only for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO. These processing operations are based on the legal basis of Art. 6 (1) lit. c DSGVO in conjunction with. Art. 15 to 22 DSGVO and Section 34 (2) BDSG.

1.6 Storage period

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

1.7 SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

2. Hosting

2.1 External hosting

This website is hosted by an external service provider (hoster). The personal data that is collected on our website is stored on the hoster's servers.

We use the following hoster:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
https://www.hetzner.com

Personal data may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

2.2 Order processing

We have concluded an order processing agreement (AVV) with the host. This is a contract required by data protection law, which ensures that the latter only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4. Data collection on our website

4.1 Cookies

We store so-called "cookies" to provide you with an extensive range of functions and to make the use of our websites more comfortable. "Cookies" are small files that are stored on your terminal device with the help of your Internet browser. If you do not wish the use of "cookies", you can prevent the storage of "cookies" on your computer by making the appropriate settings in your Internet browser. Please note that the functionality and scope of functions of our offer may be limited as a result. 

Specifically, we use the following cookies:

CSRF (Cross Site Request Forgery).
These cookies cannot identify you as a person. Unless cookies are technically mandatory for operation, we will ask for your consent before using such cookies.

Cookies are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); the consent can be revoked at any time.

If you do not wish cookies to be used, you can prevent cookies from being stored on your computer by making the appropriate settings in your Internet browser. Please note that the functionality and scope of functions of our offer may be limited as a result.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

4.2 Contact form

If you contact us via the contact form and enter your contact and address data as well as your e-mail address, your data from the contact form will be stored by us for the purpose of processing the request and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

4.3 Inquiry by e-mail, telephone or fax

If you contact us by e-mail, we store all inquiries for a period of 3 years. Which data is collected in the case of a contact form can be seen from the respective contact form. In the case of inquiries of potential legal relevance, we reserve the right to retain the inquiries within the relevant limitation periods (Art. 6 para. 1 lit. f DSGVO). Insofar as we are legally obligated to retain them, we also store inquiries for the legally prescribed period (Art. 6 para. 1 lit. c DSGVO).

Thereafter, your inquiries will be deleted if we do not need them for legal reasons for a longer period of time, in particular for the assertion, safeguarding or defense of claims. The storage is based on our legitimate interest, the proper documentation of our business operations and the protection of our legal positions (Art. 6 para. 1 lit. f DSGVO).

4.4 Registration and project creation

You have the option of registering as a customer, broker or provider on the LeasingPilot platform in order to be able to contact the other parties as a user or provider customer, broker or provider. Personal data as well as company data and project data are collected and processed if you provide them to us for the purpose of executing a contract or when opening a user account as a customer or provider. Which data is collected can be seen from the respective input forms and their qualification as mandatory fields. Without this data, registration as a user, third-party user or provider is not possible. The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

We process the data entered and check it for completeness so that we can ensure a targeted placement of the project request with the appropriate provider. According to the data provided by the customer, broker and provider, we search for the providers that match the customer's or broker's project requirements and the corresponding selection criteria of the providers. The customer or broker can then independently select the proposed providers and decide which provider should be granted access to the relevant information and the records and documents uploaded in the data room.

Deletion of your customer account is possible at any time and can be done by sending a message to our address datenschutz@leasing-pilot.com. We store and use the data provided by you for the purpose of processing the contract. After complete execution of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiration of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved on our part. Unless otherwise specified, we will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the website plus a period of 7 days, during which we keep backup copies after deletion. We also continue to retain your data if we are required to do so for legal reasons or if the data is needed for a longer period of time for criminal prosecution or to secure, assert or enforce legal claims.

If you delete your user account, your profile will be deleted completely and permanently. However, we still keep backup copies of your data for a period of 7 days before these are also permanently deleted, unless this data is required for legal reasons or for criminal prosecution or for securing, asserting or enforcing legal claims for a longer period of time.

Insofar as data must be retained for legal reasons, processing will be restricted. The data will then no longer be available for further use.

4.5 Use of the leasing and hire-purchase calculator

On the website, you have the option of using the leasing and hire-purchase calculator, with which you can determine and calculate offers with regard to the effective interest rate. In order to be able to print or download the results for yourself, it is necessary to provide the relevant user details (name and an e-mail address) as well as information that allows us to check that you are the owner of the e-mail address provided, as well as consent to storage and to being contacted by us for advertising purposes. The legal basis for contacting us is Art. 6 para. 1 p. 1 lit. a) DSGVO. You can revoke the consent given at any time without this affecting the effectiveness of the consent until the time of revocation.

4.6 Data room use

As a registered customer, broker or provider, you may use the data room accessible on the platform exclusively after log-in (use of user name and password) to upload documents and data for the respective project. The providers selected by the customer or broker are granted access rights to these data and documents for the purpose of submitting offers for the products requested by you. Exclusively the respective customer or broker with whom contact exists via the data room for the specific project has access to the documents and data uploaded by the provider.

We are not responsible under data protection law for the processing of personal data uploaded and stored in the data room by the respective customer, broker or provider.

To this extent, we are a processor and process the data stored in the data room for the respective customer, broker or provider responsible under data protection law in accordance with the respective order data processing agreement.

5 Analysis tools and advertising

5.1 Matomo

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable the cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

5.2 IP anonymization

We use IP anonymization for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

5.3 Hosting

We host Matomo exclusively on our own servers, so that all analysis data remains with us and is not passed on.

6. Online marketing

We do not use any online marketing tools.

7. Newsletter

If you would like to subscribe to our newsletter, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in each newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you have provided to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and will be irrevocably deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.

Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

8. Plugins and tools

8.1 Vimeo without tracking (Do-Not-Track).

This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activity and will not set cookies.

The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy.

For more information on the handling of user data, please see Vimeo's privacy policy at:
https://vimeo.com/privacy.

8.2 Google Web Fonts (local hosting).

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

8.3 Font Awesome (local hosting)

This site uses Font Awesome for the consistent display of fonts. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers.

For more information about Font Awesome, please see the Font Awesome privacy policy at: https://fontawesome.com/privacy.

9. Passing on of data

In principle, your personal data will only be passed on without your express prior consent in the cases listed below: 

The personal data and company data collected by us will be passed on to the providers (leasing companies), leasing advisors and/or consultants (if these are external third parties (e.g. debt advisors or affiliated lawyers or tax consultants) or other cooperation partners (e.g. insurance brokers or insurers) visible and selected via the selection masks within the scope of the brokerage service requested by you. With regard to the transfer of external advisors or cooperation partners, the transfer of your data will only take place on the basis of your express separate prior electronic consent. 
The legal basis for processing in the case of sole traders is Art. 6 para. 1 lit. b DSGVO, in all other cases Art. 6 para. 1 lit. f DSGVO, based on the legitimate interest in fulfilling the contract with the customer.

If it is necessary for the clarification of an illegal use of our services or for legal prosecution, personal data will be forwarded to law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other agreements. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines and the tax authorities.
The disclosure of this data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data are not overridden, Art. 6 (1) lit. f DSGVO or due to a legal obligation under Art. 6 (1) lit. c DSGVO.

We rely on contractually affiliated third-party companies and external service providers ("order processors") to provide the services. In such cases, personal data is disclosed to these order processors to enable them to continue processing. We carefully select and regularly review these Processors to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes specified by us and are also contractually obligated by us to treat your data exclusively in accordance with this privacy policy and the German data protection laws.
Specifically, we use the following processors in addition to the service provider mentioned above in Section 2 Hosting: 

https://sipgate.de

We have concluded a contract on order processing (AVV) with the respective order processor. This is a contract required by data protection law, which ensures that the processor only processes the personal data of our telephone contact persons in accordance with our instructions and in compliance with the DSGVO.

The legal basis is Art. 28 DSGVO for the transfer of data to processors, alternatively, based on our legitimate interest in the economic and technical benefits associated with the use of specialized processors, and the fact that your rights and interests in the protection of your personal data do not prevail, Art. 6 (1) lit. f DSGVO.

As part of the further development of our business, it may happen that the structure of Deutsche Mittelstandsfinanzplattform GmbH changes, by changing the legal form, founding, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information is passed on together with the part of the company to be transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and relevant data protection laws.
Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data do not outweigh this, Art. 6 (1) lit. f DSGVO.

10. Third-party content

We have also integrated content from third-party providers on our website. This content is regularly loaded from the servers of the respective providers, so that your end device transmits certain technically necessary data to the third-party provider. In particular, it cannot be ruled out that these providers may take note of the IP address assigned to you. Insofar as personal data is processed, this is done on the basis of the data protection declarations of the respective third-party providers. The integration by us is based on our legitimate interests in being able to provide our users with the relevant content and functionalities and to operate our website economically, as well as the fact that your legitimate interests are not overridden, Art. 6 para. 1 lit. f DSGVO.

11. Deletion of your data

Unless otherwise specified, we will delete or anonymize your personal data as soon as they are no longer required for the purposes for which we collected or used them in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the website plus a period of 7 days, during which we keep backup copies after deletion. We also continue to store your data if we are required to do so for legal reasons or if the data is needed for a longer period of time for criminal prosecution or to secure, assert or enforce legal claims. 

If you delete your user account, your profile will be deleted completely and permanently. However, we will keep backup copies of your data for a period of 7 days before these are also permanently deleted, unless this data is needed for legal reasons or for criminal prosecution or to secure, assert or enforce legal claims for a longer period of time.

Insofar as data must be retained for legal reasons, processing will be restricted. The data will then no longer be available for further use.

12. Data processing when exercising your rights

Finally, we would like to point out that we process the personal data provided by you when exercising your rights pursuant to Articles 15 to 22 DSGVO for the purpose of implementing these rights and to be able to provide proof thereof. We will process data stored for the purpose of providing information and preparing it only for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO. These processing operations are based on the legal basis of Art. 6 (1) lit. c DSGVO in conjunction with. Art. 15 to 22 DSGVO and § 34 para. 2 BDSG.

13. Automated individual decisions or profiling measures.

Automated decision-making including profiling (Art. 22 DSGVO) does not take place when using our websites.

14. Changes to this data protection declaration

We reserve the right to change this data protection declaration. 

The current version of this data protection declaration is always available at https://leasing-pilot.com/datenschutz.

Status: May 18, 2022



 


B. Privacy policy for our social media profiles.

We maintain publicly accessible profiles on social networks. These are the following social networks:

We link from our website to our company profiles on the above-mentioned social networks.

No social plugins

So-called social plugins are not used on our website, so that when you visit our website, a direct connection is not automatically established with the servers of the respective social networks.

Data collection and processing

However, by visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

When using social networks, users' personal data may be processed outside the European Economic Area. In the event that an operator is certified under the EU-US Privacy Shield, it has thereby committed to comply with EU data protection standards.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

We receive statistics from the operators about the use of and visits to the company profiles on the social networks (e.g., information about the number of views, interactions such as likes and comments, and aggregated demographic and other information or statistics). We do not share any information about our customers with the respective operators, but at most certain general parameters about our company and our cooperation partners on our company profile. The operators use this information to create more detailed statistics. In addition, the operators may use the data for their own purposes, over which we have no further influence. You can find more detailed information in the data protection notices of the providers linked above.

Legal basis

The legal basis for the linking and operation of our company profiles in the social networks is Art. 6 para. 1 p. 1 lit. b or Art. 6 para. 1 p. 1 lit. f DSGVO based on our legitimate interest in our corporate communication in the respective social networks. The analysis processes initiated by the social networks may be based on deviating legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against LInkedIN).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them yourself. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Changes to this data protection declaration

We reserve the right to change this data protection declaration. 

The current version of this data protection declaration is always available at https://leasing-pilot.com/datenschutz.

Status: May 18, 2022

Stefan Sovinz

Your leasing adviser