Privacy policy
The German wording is legally binding. The English version is for information only.
A. Privacy policy for the website leasing-pilot.com
1. Data protection
Deutsche Mittelstandsfinanzplattform GmbH, Bonner Str. 12, 51379 Leverkusen, Germany (hereinafter referred to as "we") operates the website/advice and brokerage platform "leasing-pilot.com" (hereinafter also referred to as "platform" or "LeasingPilot").
This data protection declaration informs you which personal data we collect when you use https://leasing-pilot.com and for what purposes the data is used. Personal data is any data with which you can be personally identified. You can access this information at any time at www.leasing-pilot.de/datenschutz.
1.1 Responsible party and contact
The responsible party within the meaning of the data protection laws is:
Deutsche Mittelstandsfinanzplattform GmbH
Bonner Str. 12
51379 Leverkusen
Germany
Telephone: +49 2171 7768 698
If you have any questions or suggestions regarding data protection, please do not hesitate to contact us by e-mail at the address datenschutz(@)leasing-pilot.com or by post to the above address for the attention of the data protection officer.
You can contact our data protection officer as follows: datenschutz(@)leasing-pilot.com.
1.2 Subject of data protection
The subject of data protection is personal data. According to Art. 4 No. 1 DSGVO, this is all information that relates to an identified or identifiable natural person; this includes, for example, name, postal address, e-mail address or telephone number, but may also include identification numbers or usage data. Usage data is data that is required to use our websites, such as information about the beginning, end and extent of the use of our website, the IP address and login data.
1.3 Automated data collection
When accessing our website, your end device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us:
- Web page accessed
- Date and time of access
- Referrer
- IP address (shortened by one octet)
- Browser type/version
- Operating system used
- the requested internet address (URL)
- URL of the previously visited website and the access method used (protocol)
- amount of data sent
- duration of the connection
- HTTP status code
- Client browser signature
This non-personal data is stored exclusively for technical reasons and to ensure the error-free provision and security of our website and is not assigned to a specific person at any time. This data is collected automatically as soon as you enter this website.
On the other hand, your data is collected when you actively provide it to us. This can be, for example, data that you enter in a contact form or when you hand us a business card, contact us by e-mail, etc.
1.4 What rights do you have with regard to your data?
As a data subject of the processing of your personal data, you are entitled to the following rights with regard to your personal data:
- The right to information about the processed data with regard to origin, recipient and purpose,
- the right to have your personal data corrected,
- the right to have your personal data deleted,
- the right to restrict the processing of your personal data
- the right to the portability of your personal data.
In cases where data processing is based on Art. 6(1)(e) or (f) DSGVO, or for the purpose of direct marketing, you have the right to object to the processing at any time.
You also have the right to contact a supervisory authority in the event of complaints. The supervisory authority responsible for North Rhine-Westphalia is:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.
Kavalleriestrasse 2-4
40213 Düsseldorf
poststelle@ldi.nrw.de
1.5 Data processing when exercising your rights
Finally, we would like to point out that we process the personal data provided by you when exercising your rights pursuant to Articles 15 to 22 of the Data Protection Regulation for the purpose of implementing these rights in order to be able to provide proof thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for the purpose of data protection control and otherwise restrict processing in accordance with Art. 18 DSGVO. These processing operations are based on the legal basis of Art. 6 (1) lit. c DSGVO in conjunction with Art. 15 to 22 DSGVO. Art. 15 to 22 DSGVO and § 34 para. 2 BDSG.
1.6 Storage period
Unless a more specific storage period is stated within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
7 SSL or TLS encryption
The leasing-pilot.com website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties in accordance with applicable security standards.
2 Hosting
2.1 External hosting
This website is hosted by an external service provider (hoster). The personal data collected on our website is stored on the hoster's servers.
We use the following hoster:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
https://www.hetzner.com
Personal data may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
2.2 Order processing
We have concluded a contract on order processing (AVV) with the host. This is a contract required by data protection law, which ensures that the host only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
3. SMS two-factor autjentication
3.1 External SMS service provider
As part of our service, we use the Twilio SMS service to enable you to send and receive short messages (SMS), provided that you select authentication with an SMS code as part of the two-factor authentication.
Twilio SMS is a service of:
Twilio Inc.
375 Beale Street
Suite 300
San Francisco
CA 94105, USA
(hereinafter "Twilio").
The use of Twilio SMS is in accordance with the General Data Protection Regulation (DSGVO) and in compliance with other data protection regulations.
When using Twilio SMS, personal data such as your mobile phone number, the content of the SMS (numerical code) and the date and time of sending and receiving the SMS are processed. This data is stored and processed by Twilio on servers in the USA. Twilio has submitted to the EU-US Privacy Shield and thus guarantees compliance with European data protection standards.
(https://www.privacyshield.gov/participant?id=a2zt0000000TNk2AAG&status=Active).
Personal data is processed on the basis of Art. 6 (1) (b) DSGVO if this is necessary for the performance of a contract or the implementation of pre-contractual measures, or on the basis of Art. 6 (1) (f) DSGVO if this is necessary to protect our legitimate interests. Our legitimate interests are the provision of an efficient and secure communication option via SMS.
3.2 Oder processing
We have concluded a contract for commissioned processing with Twilio in accordance with Art. 28 DSGVO, by which Twilio is obliged to process the personal data only in accordance with our instructions and to ensure data processing in accordance with the applicable data protection regulations.
You may object to the processing of your personal data in connection with Twilio SMS at any time by notifying us of your objection by e-mail or by post. Please note, however, that in this case the use of Twilio SMS for authentication purposes within the framework of two-factor authentication is no longer possible and this may have an impact on the functionality of our offer. In this case, you are required to use an authentication app or request the access code by email.
For more information on Twilio's privacy policy, please refer to Twilio's privacy policy at https://www.twilio.com/legal/privacy.
4. Appointment bookings and events via Microsoft Bookings
4.1 External appointment booking service provider
Within the scope of our online offer, we offer you the possibility of booking appointments and reservations by means of Microsoft Bookings, a service of the
Microsoft Corporation
One Microsoft Way, Redmond
WA 98052-6399
USA
(hereinafter referred to as "Microsoft")
to agree. Microsoft Bookings is integrated into our website via an iFrame, which enables you to use the service directly on our website.
The use of Microsoft Bookings is in accordance with the General Data Protection Regulation (DSGVO) and in compliance with the other provisions of data protection law.
By using Microsoft Bookings, personal data such as your name, e-mail address, appointment and reservation data and, if applicable, other data optionally provided by you such as telephone number and address are processed. This data is stored and processed by Microsoft on servers within the European Union or the European Economic Area.
Your personal data is processed on the basis of Art. 6 (1) (b) DSGVO if this is necessary for the performance of a contract or the implementation of pre-contractual measures, or on the basis of Art. 6 (1) (f) DSGVO if this is necessary to protect our legitimate interests. Our legitimate interests are the provision of a user-friendly and efficient appointment and reservation management.
4.2 Order processing
We have concluded a contract for commissioned processing with Microsoft in accordance with Art. 28 DSGVO, by which Microsoft is obliged to process personal data only in accordance with our instructions and to ensure data processing in accordance with the applicable data protection regulations.
You can object to the processing of your personal data in connection with Microsoft Bookings at any time by notifying us of your objection by e-mail or by post. Please note, however, that in this case the use of Microsoft Bookings will no longer be possible and this may also affect the functionality of our offer.
You can find further information on data protection at Microsoft in the Microsoft data protection regulations at https://privacy.microsoft.com/de-de/privacystatement.
5 Integration of Microsoft Teams for online appointments and seminars
5.1 External appointment booking service provider
We use the Microsoft Teams platform to hold online meetings and seminars. Microsoft Teams is a service of the
Microsoft Corporation
One Microsoft Way, Redmond
WA 98052-6399
USA
(hereinafter referred to as "Microsoft")
If you access the "Microsoft Teams" website, the provider of "Microsoft Teams" is responsible for data processing. However, accessing the "Microsoft Teams" website is only necessary to download the software for using "Microsoft Teams".
If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service will then also be provided via the "Microsoft Teams" website.
When you use Microsoft Teams, personal data about you is processed. Depending on how you use Microsoft Teams (e.g. via a browser or an app), various personal data may be collected, such as your IP address, browser information, device information, information about the features and content you use in Microsoft Teams, and, where applicable, your email address and name and display name; the following meeting metadata is stored: e.g. date, time, meeting ID, phone numbers, location, text, audio and video data. You may have the option to use the chat function in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Microsoft Teams" apps.
We use Microsoft Teams to conduct "online meetings". If we want to record "online meetings", we will transparently inform you in advance and - if necessary - ask for your consent.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
Automated decision-making within the meaning of Art. 22 DSGVO is not used.
Data processing is carried out for the purpose of conducting and organising online appointments and seminars and for improving the functionality and security of the service. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. b) DSGVO (contract performance and pre-contractual measures) and Art. 6 para. 1 p. 1 lit. f) DSGVO (legitimate interest in the efficient and secure organisation of online appointments and seminars).
5.2 Order processing
Microsoft processes the data on our behalf on the basis of a commissioned processing agreement pursuant to Art. 28 DSGVO. Microsoft has also submitted to the EU-US Privacy Shield and thus provides an adequate level of data protection for the processing of personal data in the USA (European Commission Decision of 12.07.2016, C(2016) 4176 final). For more information about data protection at Microsoft Teams, please see Microsoft's privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
If you have any questions or concerns about data protection when using Microsoft Teams, you can contact our data protection officer at any time. You can find the contact details in our data protection declaration.
6. integration of Microsoft Teams for online appointments and seminars
6.1 External e-mail sender of platform
For sending e-mails via our website, we use the "SendGrid" service of
SendGrid, Inc.
1801 California Street
Suite 500
Denver, CO 80202
USA
(hereinafter "SendGrid").
SendGrid is a cloud-based email sending service that helps us send emails efficiently and securely.
The data you enter on our website, such as name, email address and message content, is transmitted to SendGrid and processed there. The data is stored on SendGrid servers in the USA. SendGrid is certified under the EU-US Privacy Shield, which ensures that the European level of data protection is also maintained during processing in the USA.
6.2 Order processing
SendGrid processes this data on our behalf and in accordance with our instructions in order to carry out the email dispatch and to ensure the quality and security of the email dispatch. SendGrid may also use this information to optimise the use of its service, e.g. through technical improvements or to prevent misuse.
The use of SendGrid is based on Art. 6 (1) lit. f DSGVO. Our legitimate interest is to make our email dispatch efficient, secure and user-friendly.
For more information on data protection at SendGrid, please see SendGrid's privacy policy: https://www.twilio.com/legal/privacy/sendgrid.
To object to the processing of your data by SendGrid, please contact us and inform us of your objection. Please note that in this case, not all functions of our website may be fully usable.
7. data collection on our website
7.1 Cookies
We store so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more comfortable. "Cookies" are small files that are stored on your end device with the help of your internet browser. If you do not wish to use "cookies", you can prevent them from being stored on your computer by making the appropriate settings in your internet browser. Please note that the functionality and scope of functions of our offer may be limited as a result.
Specifically, we use the following cookies:
CSRF (Cross Site Request Forgery).
These cookies cannot identify you as a person. Insofar as cookies are not technically mandatory for operation, we will ask you for your consent before using such cookies.
Cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG); consent can be revoked at any time.
If you do not wish cookies to be used, you can prevent cookies from being stored on your computer by making the appropriate settings in your internet browser. Please note that this may restrict the functionality and range of functions of our website.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.
7.2 Contact form
If you contact us via the contact form and enter your contact and address data as well as your e-mail address, your details from the contact form will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 Para. 1 lit. b DSGVO, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.
7.3 When downloading LeasingPilot white papers/customer presentations
On our website we offer you the opportunity to download LeasingPilot whitepapers or customer presentations free of charge.
In order to provide the download, you consent to the collection of your first and last name, your e-mail address, your telephone number, your company affiliation including company location and industry category. As part of the entry process, we draw your attention to this data protection declaration and inform you that by clicking on the "Download whitepaper" button you agree to be contacted by LeasingPilot by e-mail or telephone. For the purpose of contacting you in the most satisfactory way possible, this data will be processed.
The processing of this data, especially in the process of contacting you, is therefore based on your voluntary consent in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time pursuant to Art. 7 (3) DSGVO. To do so, you can use the contact details listed in this data protection declaration (e-mail, telephone, post). The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Upon revocation, the data will be deleted immediately and will no longer be processed in any way.
This personal data will not be passed on to third parties. There is no legal or contractual obligation on your part to provide the personal data collected here. It is provided on a voluntary basis. The data will not be used for the purposes of automated decision-making or profiling within the meaning of Art. 22 DSGVO.
7.4 Inquiry by e-mail, telephone or fax
If you contact us by e-mail, we store all enquiries for a period of 3 years. Which data is collected in the case of a contact form can be seen from the respective contact form. In the case of enquiries of potential legal relevance, we reserve the right to retain the enquiries within the relevant limitation periods (Art. 6 para. 1 lit. f DSGVO). Insofar as we are legally obliged to retain them, we also store enquiries for the legally prescribed period (Art. 6 para. 1 lit. c DSGVO).
Thereafter, your enquiries will be deleted if we do not need them for longer for legal reasons, in particular to assert, secure or defend claims. The storage is based on our legitimate interest, the proper documentation of our business operations and the safeguarding of our legal positions (Art. 6 para. 1 lit. f DSGVO).
7.5 Registration and project creation
You have the option of registering on the platform as a customer, broker or provider in order to be able to contact the respective other parties as a customer, broker or provider. Personal data as well as company data and project data are collected and processed if you provide them to us for the execution of a contract or when opening a user account as a customer, broker or provider. Which data is collected can be seen from the respective input forms and their qualification as mandatory fields. Without this data, registration as a user, third-party user or provider is not possible. The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
We process the data entered and check it for completeness so that we can ensure targeted advice and referral of the project enquiry to the appropriate provider. In accordance with the data provided by the customer, broker and provider, we search for the providers suitable for the customer based on the project requirements of the customer or broker and corresponding specific selection criteria of the providers. The customer or broker can then select the proposed providers in consultation with LeasingPilot and decide which provider should be granted access to the relevant information and the records and documents uploaded in the data room. LeasingPilot advises and supports the customer or broker in the selection process.
Deletion of your customer account is possible at any time and can be done by sending a message to our address datenschutz@leasing-pilot.com. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved on our part. Unless otherwise stated, we will delete or anonymise your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the website plus a period of 7 days during which we keep backup copies after deletion. We also retain your data if we are required to do so by law or if the data is required for a longer period of time for criminal prosecution or to secure, assert or enforce legal claims.
If you delete your user account, your profile will be deleted completely and permanently. However, we will keep backup copies of your data for a period of 7 days before these are also permanently deleted, unless this data is required for longer for legal reasons or for criminal prosecution or to secure, assert or enforce legal claims.
If data must be retained for legal reasons, processing will be restricted. The data will then no longer be available for further use.
7.6 Use of the leasing and hire-purchase calculator
On the website you have the option of using the leasing and hire-purchase calculator, with which you can determine and calculate the effective interest rate for offers or existing financing. In order to be able to print or download the results for yourself, it is necessary for you to provide us with the relevant user details (name and an e-mail address) as well as information which allows us to check that you are the owner of the e-mail address provided, as well as consent to storage and to being contacted by us for advertising purposes. The legal basis for contacting us is Art. 6 para. 1 p. 1 lit. a) DSGVO. You can revoke the consent given at any time without this affecting the effectiveness of the consent until the time of revocation.
7.7 Data room use
As a registered Customer, Broker or Provider, you may use the data room accessible on the Platform exclusively after log-in (use of user name and password) to upload documents and data for the respective project. The providers selected by the customer or broker are granted access rights to these data and documents for the purpose of submitting offers for the products requested by you. Only the respective client or broker with whom contact is made via the data room for the specific project has access to the documents and data uploaded by the provider.
We are not responsible under data protection law for the processing of personal data uploaded and stored in the data room by the respective customer, broker or provider.
In this respect, we are a processor and process the data stored in the data room for the respective customer, broker or provider responsible under data protection law in accordance with the respective order data processing agreement.
7.8 Hubspot CRM
We use Hubspot CRM on this website. The provider is
Hubspot Inc.
25 Street
Cambridge, MA 02141
USA
(hereinafter referred to as Hubspot CRM).
Among other things, Hubspot CRM enables us to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyse customer interactions via email, social media or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyse the user behaviour of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. Where consent has been requested, processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; consent can be revoked at any time.
For details, please refer to Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.hubspot.de/data-privacy/privacy-shield.
8. analysis tools and advertising
8.1 Matomo
This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyse user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.
With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
8.2 IP anonymisation
We use IP anonymisation for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you.
8.3 Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
9. Online marketing
We do not use any online marketing tools.
10. newsletter
If you would like to subscribe to our newsletter, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of your e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in each newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and will be irrevocably deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.
Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
11. Plugins and tools
11.1 Vimeo without tracking (Do-Not-Track)
This website uses plugins of the video portal Vimeo. The provider is
Vimeo Inc
555 West 18th Street
New York
New York 10011
USA.
When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. However, we have set Vimeo in such a way that Vimeo will not track your user activities and will not set any cookies.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy.
Further information on the handling of user data can be found in Vimeo's privacy policy at:
https://vimeo.com/privacy.
11.2 Google Web Fonts (local hosting)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
11.3 Font Awesome (local hosting)
This site uses Font Awesome for the uniform display of fonts. Font Awesome is installed locally. A connection to servers of Fonticons, Inc. does not take place.
For more information about Font Awesome, please see the Font Awesome privacy policy at: https://fontawesome.com/privacy.
11.4 reCAPTCHA (Version 2)
This site uses reCAPCHA version 2 from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland on some pages. This service helps us to differentiate whether the input is made by a human or abusively by machine and automated processing.
The tool carries out analyses in the background, e.g. of the IP address, in order to be able to exclude automated requests on the log-in pages at an early stage.
The use of reCAPCHA is in the interest of secure use of our website and serves to prevent automated software (so-called bots) from using our web services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
To ensure the functionality of the websites, it is necessary to prevent automated log-in attempts with improperly obtained data at an early stage before websites are no longer available to the users of the websites due to the automated and mass requests. When using reCAPTCHA, Google may collect information (including your IP address) that is generated through interaction with this service.
The data is deleted after the analysis has been carried out.
Further information on data collection, processing and use by Google as well as your rights in this regard and setting options to protect your privacy can be found in Google's data protection information: https://policies.google.com/privacy?hl=de.
By using reCAPTCHA, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
12. passing on of data
In principle, your personal data will only be passed on without your express prior consent in the following cases:
The personal data and company data collected by us will be passed on to the providers (leasing companies), leasing advisors and/or consultants (if these are external third parties (e.g. debt advisors or affiliated lawyers or tax consultants) or other cooperation partners (e.g. insurance brokers or insurers) visible and selected via the selection masks within the scope of the brokerage service requested by you. With regard to the disclosure of external advisors or cooperation partners, the disclosure of your data will only take place on the basis of your express separate prior electronic consent.
The legal basis for processing is Article 6 (1) (b) DSGVO in the case of sole traders and Article 6 (1) (f) DSGVO in all other cases, based on the legitimate interest in fulfilling the contract with the customer.
If it is necessary to clarify unlawful use of our services or for legal prosecution, personal data will be forwarded to the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behaviour. A transfer may also take place if this serves to enforce terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offences subject to fines and the tax authorities.
This data is disclosed on the basis of our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data are not overridden, Art. 6 (1) lit. f DSGVO or on the basis of a legal obligation under Art. 6 (1) lit. c DSGVO.
We rely on contractually affiliated third-party companies and external service providers ("order processors") to provide the services. In such cases, personal data is passed on to these order processors to enable them to continue processing. These Processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes specified by us and are also contractually obliged by us to treat your data exclusively in accordance with this data protection declaration and the German data protection laws.
Specifically, in addition to the service providers mentioned in sections 2 to 6 and 7.8 above, we use the following processors: https://sipgate.de
We have concluded a contract on commissioned processing (AVV) with the respective processor. This is a contract required by data protection law, which ensures that the processor only processes the personal data of our telephone contact persons in accordance with our instructions and in compliance with the GDPR.
The legal basis is Art. 28 DSGVO for the transfer of data to processors, alternatively on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialised processors, and the fact that your rights and interests in the protection of your personal data are not overridden, Art. 6 (1) lit. f DSGVO.
In the course of the further development of our business, it may happen that the structure of Deutsche Mittelstandsfinanzplattform GmbH changes by changing the legal form, founding, buying or selling subsidiaries, parts of companies or components. In such transactions, the customer information is passed on together with the part of the company to be transferred. Any transfer of personal information to third parties to the extent described above will be in accordance with this Privacy Policy and the relevant data protection laws.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data are not overridden, Art. 6 (1) lit. f DSGVO.
13. Third-party content
We have also integrated content from third-party providers on our website. This content is regularly loaded from the servers of the respective providers, so that your end device transmits certain technically necessary data to the third-party provider. In particular, it cannot be ruled out that these providers may take note of the IP address assigned to you. Insofar as personal data is processed, this is done on the basis of the data protection declarations of the respective third-party providers. The integration by us is based on our legitimate interests in being able to provide our users with the relevant content and functionalities and to operate our website economically, as well as the fact that your legitimate interests are not overridden, Art. 6 para. 1 lit. f DSGVO.
14. Deletion of your data
Unless otherwise stated, we will delete or anonymise your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the website plus a period of 7 days during which we keep backup copies after deletion. We also retain your data if we are required to do so by law or if the data is required for a longer period of time for criminal prosecution or to secure, assert or enforce legal claims.
If you delete your user account, your profile will be deleted completely and permanently. However, we will keep backup copies of your data for a period of 7 days before these are also permanently deleted, unless this data is required for longer for legal reasons or for criminal prosecution or to secure, assert or enforce legal claims.
If data must be retained for legal reasons, processing will be restricted. The data will then no longer be available for further use.
15. Data processing when exercising your rights
Finally, we would like to point out that we process the personal data provided by you when exercising your rights pursuant to Articles 15 to 22 of the GDPR for the purpose of implementing these rights and to be able to provide proof thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for the purpose of data protection control and otherwise restrict processing in accordance with Art. 18 DSGVO. These processing operations are based on the legal basis of Art. 6 (1) lit. c DSGVO in conjunction with Art. 15 to 22 DSGVO. Articles 15 to 22 DSGVO and Section 34 (2) BDSG.
16. Automated individual decisions or profiling measures
Automated decision-making including profiling (Art. 22 DSGVO) does not take place when using our websites.
17. Changes to this data protection declaration
We reserve the right to change this data protection declaration.
The current version of this data protection declaration is always available at https://leasing-pilot.com/de/datenschutzerklaerung/.
Status: 10 August 2023
B. Privacy policy for our social media profiles
We maintain publicly accessible profiles on social networks. These are the following social networks:
LinkedIn (Operator: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), Privacy Policy ofLinkedIn: https://www.linkedin.com/legal/privacy-policy.ING (Operator: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany, https://privacy.xing.com/de/datenschutzerklaerung.
YouTube (Operator: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Privacy policy of YouTube: https://policies.google.com/privacy?hl=de.
We link from our website to our company profiles on the above-mentioned social networks.
No social plugins
So-called social plugins are not used on our website, so that when you visit our website, a direct connection is not automatically established with the servers of the respective social networks.
Data collection and processing
However, by visiting our social media presences, numerous processing operations relevant to data protection are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
When using social networks, users' personal data may be processed outside the European Economic Area. In the event that an operator is certified under the EU-US Privacy Shield, it has thereby undertaken to comply with EU data protection standards.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
We receive statistics from the operators on the use and visits of the company profiles in the social networks (e.g. information on the number of views, interactions such as likes and comments as well as aggregated demographic and other information or statistics). We do not share any information about our customers with the respective operators, but at most certain general parameters about our company and our cooperation partners on our company profile. The operators use this information to create more detailed statistics. In addition, the operators may use the data for their own purposes, over which we have no further influence. You can find more detailed information in the data protection notices of the providers linked above.
Legal basis
The legal basis for the linking and operation of our company profiles in the social networks is Art. 6 para. 1 p. 1 lit. b or Art. 6 para. 1 p. 1 lit. f DSGVO based on our legitimate interest in our corporate communication in the respective social networks. The analysis processes initiated by the social networks may be based on different legal grounds to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against LinkedIn).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them yourself. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Changes to this data protection declaration
We reserve the right to change this data protection declaration without actively informing you. The current version of this data protection declaration is always available at https://leasing-pilot.com/de/datenschutzerklaerung/abrufbar.
Status: 10 August 2023
