1. Introduction and Contact Details of the Responsible Party
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how your personal data is handled when you use our website. Personal data refers to any data that allows you to be personally identified.
1.2 The controller responsible for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Finstravo GmbH, Grünbacher Ring 6b, 84427 Sankt Wolfgang, Germany; E-mail: k.mann@finstravo.com.
The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
2. Data Collection When Visiting Our Website
2.1 When you use our website for purely informational purposes—that is, if you do not register or otherwise submit information to us—we collect only the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website visited
- Date and time of access
- Amount of data sent (in bytes)
- Referrer (the source from which you accessed the page)
- Browser used
- Operating system used
- IP address used (where applicable: in anonymized form)
Processing is carried out pursuant to Art. 6 Para. 1 lit. f of the GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data is not shared with third parties or used for any other purposes. However, we reserve the right to retrospectively review the server log files should there be concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to us), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the padlock symbol in your browser’s address bar.
3. Contacting Us
When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form is evident from the respective form itself. This data is stored and used exclusively for the purpose of responding to your inquiry, for establishing contact, and for the associated technical administration.
The legal basis for the processing of this data is our legitimate interest in responding to your inquiry pursuant to Art. 6 para. 1 lit. f GDPR. If your inquiry aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted once your inquiry has been fully processed. This is deemed to be the case when it can be inferred from the circumstances that the matter in question has been conclusively resolved, provided that no statutory retention obligations preclude such deletion.
4. Page Functionalities
Google Web Fonts
To ensure a consistent display of fonts, this website uses so-called “Web Fonts” provided by the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you access a page, your browser loads the necessary Web Fonts into your browser cache to correctly display text and fonts, and establishes a direct connection to the provider’s servers. In this process, certain browser information—including your IP address—is transmitted to the provider.
Data may also be transmitted to: Google LLC, USA.
The processing of personal data in connection with establishing a connection to the font provider is carried out only if you have granted us your explicit consent in accordance with Art. 6 Para. 1 lit. a of the GDPR. You may revoke your granted consent at any time with effect for the future by deactivating this service via the “Cookie Consent Tool” provided on the website. If your browser does not support Web Fonts, a standard font from your computer will be used instead.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Further information regarding Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/
5. Rights of the Data Subject
5.1 Applicable data protection law grants you, vis-à-vis the controller, the following data subject rights (rights of access and intervention) regarding the processing of your personal data; for the specific conditions governing the exercise of these rights, please refer to the cited legal basis:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw granted consents pursuant to Art. 7 para. 3 GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
5.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT, AT ANY TIME AND ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING THE DATA IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT, AT ANY TIME, TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION FOR DIRECT MARKETING PURPOSES.
6. Duration of Storage of Personal Data
The duration for which personal data is stored is determined by the respective legal basis, the purpose of the processing, and—where applicable—by the respective statutory retention periods (e.g., retention periods under commercial and tax law).
When personal data is processed on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data in question is stored until you withdraw your consent.
If statutory retention periods exist for data processed within the scope of contractual or quasi-contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR, such data is routinely deleted upon the expiration of these retention periods, provided that it is no longer required for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in its continued storage.
When personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR, such data is stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
When personal data is processed for the purposes of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, such data is stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.
Unless otherwise indicated in the other information provided in this declaration regarding specific processing situations, stored personal data is generally deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.