§ 1 Preamble
§ 2 Processing purpose and legal basis
The data you have entered or deposited will only be collected and used for the purpose of providing the A352 service and therefore, in accordance with article 6 (1) (b) GDPR, to fulfill the service contract between you and us, in accordance with our General Terms and Conditions.
§ 3 Collection and use of personal data
3.1 All data is collected under the principle of data avoidance and data economy. The data is collected, processed, stored, and used exclusively for the purpose of fulfilling the A352 service. You are neither legally nor contractually obligated to transmit your personal data to us. If you decide against data entry/data transmission, we will not be able to execute your order or the requested service component, or not completely.
3.2 With initial registration or addition of further bank accounts, the online banking access data is collected. The collected online banking access data is being stored as a consent token, issued by our partner saltedge.com, in our systems to facilitate online payments and account information services within the context of the application provisioning of A352.
3.3 Within the A352 service the following personal data may be collected:
master data: first name, last name, email
company data: Company name, company address, number of employees, controlling officer(s)
Bank details: IBAN, BIC, account holder, account balances, account turnover data
Online banking access data
§ 4 Duration of storage
Your data will be stored indefinitely until you delete the data or your account. Once you delete your account, the data will be archived. Upon your request, all data will be irrevocably deleted.
§ 5 Encrypted transmission of personal data
All data traffic between your browser or terminal device and the server used by this A352 service is encrypted using a TLS protocol (Transport Layer Security Protocol) to protect it against manipulation and unauthorized access by third parties.
§ 6 Hosting
The A352 service is hosted at datacenters located within the European Union (excluding the United Kingdom).
§ 7 Recipient
7.1 No data will be passed on to third parties, unless there is a legal obligation to do so or you have consented to the passing on of data. By confirming our terms and conditions and data protection declaration, you consent to the transfer of the following data to our service providers, which we select carefully and use in the context of order processing relationships. The data transfer is carried out in order to be able to carry out individual application steps and only contains the data necessary for this.
7.2 If a group of service providers is named, the data is only passed on to one service provider at a time, depending on availability and service. Essentially, the following data can be transferred to service providers.
(a) Online Banking access data (saltedge.com token (see above)): Transmission to your bank with the help of our Banking-API providers.
(b) Correspondence and product results by e-mail: Transmission to mail delivery service provider.
§ 8 Rights of the data subjects
We guarantee your right to informational self-determination and the protection of your personal rights when using our services. You may at any time and free of charge claim the following rights against us upon request: Information about your stored data, correction or deletion of your stored data, restriction of the processing of your stored data, objection to the processing of your stored data, right of revocation of a once given consent to the collection, processing and use of your personal data with effect for the future as well as your right to data transferability. For this purpose, please use the contact details given in the imprint. You have the right to appeal to a supervisory authority at any time if you believe that the processing of your personal data has taken place unlawfully.
§ 9 Logfiles and Cookies
9.1 Each time you use the A352 service, anonymous data about this process is recorded in a log file. This includes the name of the files called up, the date and time of the call, the amount of data transferred, any error messages, the operating system and browser software of the terminal device, the website from which the web offer is visited, and general information about the usage behavior of the website or application. These records are only used for the following purposes and are not passed on to third parties:
(a) Search for the cause of possible server problems
(b) Analysis of technical errors
(c) Website maintenance
(d) Ensuring system security
(e) Protection against abuse (e.g. detection and defense against hacker attacks)
(f) Pseudonymous statistical analysis of the collected data
(g) Optimization of the application
In some cases, these processes are carried out with the help of third-party providers and/or cookies. This is done on the basis of Art. 6 I f GDPR and the legitimate interests of the person responsible described in paragraph 1. Cookies are small text files that are stored on your computer and saved by your browser. As a rule, we use session cookies, which are automatically deleted at the end of your visit or use of our application. You can prevent cookies from being set by means of your browser settings, or you can be automatically informed before a cookie is set in order to refuse it in individual cases. In this case, however, it is possible that parts of our service will not function or will not function optimally. Our cookies do not contain any features that can be used to identify you personally. If there are any deviations from paragraph 1, these are described separately in paragraph 2 under the respective service.
9.2 For this purpose we use the following third-party services, which are also recipients of the data
(a) Google Analytics, Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
The data collected with Google Analytics is automatically deleted after 14 months. Deletion takes place automatically once a month. The data is transferred to the USA under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission. The certificate can be retrieved at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. You can generally prevent GoogleAnalytics from collecting data on every website you visit by using the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de) download and install. If you are using multiple browsers, you must install the plugin in each browser. You can prevent the tracking by Google Analytics on this website by clicking on the “Disable Tracking” button below. This will set an opt-out cookie which will prevent the future collection of your data when you visit this website: However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
§ 10 Other links to external providers
§ 11 Data protection officer
If you have any questions about the processing of your personal data or about data protection in general, please contact the data protection officer, who is also available to you in case of complaints:
Representative for data protection
9 Rue du Laboratoire, L-1911, Luxembourg