1. Identity and Contact Details of the Controller and the Data Protection Officer
The controller responsible for the collection, use and processing of your personal data within the meaning of Art. 4 no. 7 GDPR is:
You will find more detailed information regarding FinLeap GmbH (hereinafter “FinLeap” or “we” or “us”) in our Imprint.
finleap’s data protection officer is:
10243 Berlin, Germany
2. Automated Collection of Data – Server-Log-Files
When accessing our Website your browser is transmitting the following data for technical reasons:
- Date and time of your access,
- Browser type and version,
- Used operating system,
- URL of the previously visited website,
- Quantity of transmitted data.
This data is stored by finleap only for technical reasons and will, at no time, be assigned to an individual person. This data processing is carried out on the basis of our legitimate interest in the secure and error-free operation of our IT infrastructure, the fight against misuse, the prosecution of criminal offences and the securing, assertion and enforcement of claims, Art. 6 Para. 1 f) GDPR.
We offer you a free newsletter service. finleap uses the newsletter to inform you about current news, events and to send you other information that may be of interest to you. Furthermore, we inform you in the newsletter about news and products of our portfolio companies. To receive the newsletter via e-mail, you can sign up on our Website. For the newsletter service we need your e-mail address and, in order to address you personally, your first and last name. After registration you will receive an e-mail. This contains a link with which you can confirm your registration. You will not receive the newsletter until you have confirmed it.
You can unsubscribe from the newsletter at any time. Each newsletter contains information on how you can cancel the newsletter with effect for the future.
The collection and processing of your personal data for the newsletter as well as the transmission to MailChimp described below is based on your consent, which can be withdrawn at any time in the future, and is necessary for the provision of the newsletter, Art. 6 Para. 1 a) GDPR.
finleap uses the service Mandrill of The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA, 30308, USA (hereinafter: “MailChimp“) to send the newsletter. This service allows finleap to internally manage a database of email contacts to communicate with you via email. The service manages information about when an email was read by you and when you interacted with incoming email messages, for example by clicking on links included in the email. This is done by so-called web beacons, also called tracking pixels. These are small image files that allow us to evaluate user behavior. Through the use of MailChimp personal data are transmitted to the USA. MailChimp is certified under the EU-US-Privacy Shield, so that an adequate level of data protection according to Art. 45 GDPR is ensured.
MailChimp in turn transmits this data to external service providers in order to be able to offer their services. MailChimp processes all data in accordance with European data protection standards.
For the recruitment process finleap is using the services of Recruitee B.V., Johan Huizingalaan 763, (1066 VH) Amsterdam, the Netherlands (hereinafter: “Recruitee”). Recruitee is a webservice implemented in the finleap Website. So if you start the application process by clicking on a job offer on our careers page you will be linked directly to Recruitees service in a separate window. The collection and processing of your personal data for the recruitment as well as the transmission to Recruitee is necessary to take steps at your request prior to entering into a contract, Art. 6 Para. 1 b) GDPR. Furthermore, it is finleap’s legitimate interest to facilitate recruitment and to ensure the data privacy by encrypted processing, Art. 6 Para. 1 f) GDPR. We kindly ask for your understanding that due to data privacy reasons we can’t process applications received outside of Recruitee.
After you start the recruiting process, we collect data for the following purposes:
- learning more about the behaviour of the visitors of our careers website to improve our recruitment process and this Website,
- improving and monitoring the performance of this Website, and generating anonymized data that we share with our partners.
We process the following personal data of careers website visitors:
- device and browser,
- requests and responses sent from and to your device,
- source website (we use a cookie to track this), and
- your behaviour on our Website.
Personal data of job applicants If you apply for a job, we process your personal data to facilitate the entire job application procedure on the legal grounds of Art. 6 Para. 1 b) and f) GDPR. After the procedure we will delete your personal data as soon as possible, unless we have informed you that we require it for other purposes.
The following personal data can be processed for the job application procedure:
- Any personal data that you provide through our job application form including, but not limited to: Full name, email address, phone number, picture, cover letter, résumé, LinkedIn profile, Indeed profile and which job you have applied for,
- Statuses, notes and planning related to your job application, and
- Email communications.
We will store the personal data we receive in the recruitment process for a period of 6 months for preventive reasons.
Under European data protection law, we are required to inform you that withholding personal data in your job application can give you a disadvantage in comparison to other candidates who are applying for the same role.
Our Website uses “cookies” in accordance with Art. 6 Para. 1 f) GDPR in order to make the use of our Website more convenient and tailored to your needs, for example by saving certain entries and settings. Cookies are small text files that are stored on your computer using your Internet browser. You can prevent cookies from being stored by making the appropriate settings in your web browser. However, we would like to point out that in this case you may not be able to use all functions of the Website in full.
6. Google Analytics
Our Website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Google Analytics uses “cookies” to help analyzing how users use the Website. The information generated by the cookie about your use of the Website (including your truncated IP-adress as described below) will be transmitted to and stored by Google on servers in the United States. Google is certified under the EU-US-Privacy Shield, so that an adequate level of data protection according to Art. 45 GDPR is ensured.
As IP-anonymisation is activated on our Website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there.
As an alternative to the browser Addon or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within our Website in the future (the opt-out applies only for the browser in which you set it and within this domain). An opt-out cookie will be stored on your device, which means that you will have to click the link again, if you delete your cookies. If cookies are disabled, it may result in not all services of finleap’s Website being available to you.
7. Social Media
We are active on Social Media for marketing reasons and to inform you about current news, events and to send you other information that may be of interest to you. Furthermore, we inform you about news and products of our portfolio companies. For sharing information from our Website on Social Media we do not use scripted Social Media plugins. Instead, our share buttons only contain a link to the Social Media (f.e. sharer.php for Facebook). This ensures that your data such as your (possibly truncated) IP address, entire cookies or other information will only be transmitted to the Social Media and thus possibly also to servers in the USA if and when you press the corresponding button yourself. The same applies to the links to our Social Media sites we have implemented on our Website. It is possible that a Social Media provider can associate your visit to our Services with your user account if you are logged into your Social Media account.
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA),
- Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA),
- LinkedIn (see section 4 above),
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA),
- XING (XING SE, Dammtorstraße 30, 20354 Hamburg, Germany), and
- Google+ see section 6 above.
8. Re-Targeting Tools
8.1 LinkedIn Insight Tag
8.2 Facebook Pixel & Facebook Remarketing
We use Facebook Pixel and Facebook Remarketing, services from Facebook (see Section 7 above). This function allows us to target the visitors of the Website with personalized interest-based advertisements in the social media network Facebook. In order to do this, Facebook Pixel tracks users as they interact with our Website. When you visit the social network Facebook, you will then see personalized, interest-based advertisements. This takes place on the basis of our legitimate interest, Art. 6 Para. 1 f) GDPR.
10. Google Maps
11. Google Tag Manager
12. Change of Purpose
We will only process your personal data for a purpose other than that for which the personal data have been collected if permitted by law or if you have consented to the changed purpose of data processing. In this case we will inform you about these other purposes before further processing and provide you with all other relevant information.
13. Duration of Storage and Deletion of your Data
If your personal data are no longer required for the aforementioned purposes or you revoke your consent on which the data processing is based, they will be deleted. If the data must be kept for legal reasons, they will be blocked in this respect. The data is then no longer available for further use.
We will store the personal data we receive in the recruitment process for a period of 12 months for preventive reasons.
14. Your Rights
As a person affected by the processing of personal data, you have the rights granted in Articles 15 to 21 GDPR and listed below for information purposes. If you wish to exercise your rights or receive information on data protection, you can contact us or our Data protection officer by sending an e-mail to firstname.lastname@example.org or by using the other contact options listed in section 1 above.
14.1. Right to Withdraw your Consent
You have the right to withdraw your consent to the processing of your personal data at any time. It is sufficient to send an e-mail to email@example.com. Further contact options can be found under section 1 above.
14.2. Right of Access
In accordance with Art. 15 GDPR, you have the right to request confirmation from finleap as to whether personal data relating to you is processed; if this is the case, you have the right to receive information free of charge, in particular on the personal data stored about you and a copy of this information. In addition, pursuant to Art. 19 Sentence 2 GDPR, you have the right to request finleap to inform you of all recipients to whom personal data have been disclosed.
14.3. Right to Rectification
Pursuant to Art. 16 GDPR, you have the right to request finleap to correct and/or complete your personal data if they are incorrect or incomplete.
14.4. Right to Erasure
In accordance with Art. 17 GDPR, you have the right to request finleap to delete your personal data without delay. Deleting your data has the effect that finleap’s Services can no longer be used in full extend or used at all.
finleap is obliged to delete personal data immediately if processing is not necessary and if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You have withdrawn your consent on which the processing was based and there is no other legal basis for the processing.
- You have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for processing or you have lodged an objection to the processing pursuant to Art. 21 Para. 2 GDPR.
- The personal data have been processed unlawfully.
- Deleting your personal data is necessary to fulfil a legal obligation under German or European law.
If finleap has made your personal data public and is obliged to delete it, we will take appropriate measures, taking into account the available technology and implementation costs, to inform our data processors who are processing your personal data that you have requested to delete all links to your personal data or copies or replications of your personal data. The measures shall only be taken in so far as processing is not necessary.
14.5. Right to Restriction of Processing
In accordance with Art. 18 GDPR, you have the right to request finleap to restrict processing if one of the following conditions is fulfilled:
- You have disputed the accuracy of your personal data for a period that enables finleap to check the accuracy of your personal data.
- The processing is unlawful and you have refused to delete your personal data and have instead requested a restriction on the use of your personal data.
- finleap no longer needs your personal data for processing purposes, but you do need them to assert, exercise or defend legal claims.
- You have filed an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it is not clear yet whether our legitimate interests outweigh yours.
If the processing of personal data has been restricted in accordance with the conditions above, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing is restricted, finleap will inform you before the restriction is lifted.
14.6. Right to Object
According to Art. 21 GDPR, you have the right to object to the processing of your personal data form-free and at any time, if your personal data is processed
a) on the basis of Art. 6 Para. 1 f) GDPR, or
b) for the purposes of direct advertising or profiling.
It is sufficient to send an e-mail to firstname.lastname@example.org. Further contact options can be found under section 1 above.
finleap will no longer process your personal data in the event of an objection. This does not apply in the case of data processing pursuant to Art. 6 Para. 1 f) GDPR if finleap can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or if the data is processed to assert, exercise or defend legal claims.
14.7. Right to Data Portability
According to Art. 20 GDPR, you have the right to receive your personal data which you have provided to finleap in a structured, common and machine-readable format. In addition, you have the right to transmit your personal data yourself or through us directly to another controller, insofar as this is technically feasible and insofar as the rights and freedoms of others are not affected.
14.8. Right to Lodge a Complaint with a Supervisory Authority
Finally, under Art. 77 GDPR, you have the right to lodge a complaint to a supervisory authority responsible for finleap.
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Visitors‘ entrance: Puttkamerstr. 16 – 18
10969 Berlin, Germany
Phone: 030 13889-0
Updated: November 26th, 2019.