The protection of your personal data is particularly important to us. We therefore process your personal data (hereinafter “data”) exclusively on the basis of the statutory provisions. With this privacy notice, we would like to inform you comprehensively, in accordance with Article 13 of the European General Data Protection Regulation (EU GDPR) about the processing of your data in our company as well as the data protection claims and rights to which you are entitled.
Who is responsible for data processing and whom can you contact?
The responsible entity is
financial.com AG
Georg-Muche-Str. 3, 80807 München
E-Mail: HR@financial.com
Phone: 089-318528-0
The data protection officer is
Gerald Lill
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: g.lill@projekt29.de
Phone: 0941-2986930
Which data is processed and from which sources do the data originate?
We process the data that we receive from you during contract initiation or execution, on the basis of consents, as part of your application with us or in the course of your employment with us.
The following is considered personal data:
Your basic and contact details, which include, for example in the case of customers, first and last name, address, contact details (email address, telephone number, fax), and bank details.
For applicants and employees, these include, for example, first and last name, address, contact details (email address, telephone number, fax), date of birth, data from résumés and employment references, bank details and religious affiliation.
For business partners, these include, for example, the designation of their legally authorized representatives, company name, commercial register number, VAT identification number, company registration number, address, contact persons’ details (email address, telephone number, fax), and bank details.
In addition, we also process the following other personal data:
- Information regarding the nature and content of contract data, order data, sales and transaction data, customer and supplier history as well as consulting documentation
- Advertising and sales data
- Information from your electronic interactions with us (e.g., IP address, login data)
- Other data that we receive from you in the course of our business relationship (e.g., in customer meetings)
- Data that we generate ourselves from basic/contact data and other data, such as through customer needs and potential analyses
- Documentation of your consent declarations for receiving, for example, newsletters
For which purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 in its applicable version:
To fulfil (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):
Your data is processed for contract execution online or in one of our branches, as well as for managing your employment relationship in our company. The data is processed in particular when initiating and executing contracts with you.
To comply with legal obligations (Art. 6 para. 1 lit. c GDPR):
Processing your data is necessary to fulfil various legal obligations, such as those arising from the Commercial Code or the Fiscal Code.
To safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR):
Based on a balancing of interests, data processing may occur beyond actual contract fulfilment to safeguard our legitimate interests or those of third parties. Data processing for legitimate interests occurs, for example, in the following cases:
- Advertising or marketing (see section 4)
- Measures for business management and further development of services and products
- Maintaining a group-wide customer database to improve customer service
- In the context of legal proceedings
On the basis of your consent (Art. 6 para. 1 lit. a GDPR):
If you have given us consent to process your data, for example, to receive our newsletter.
Processing of personal data for advertising purposes
You may object to the use of your personal data for advertising purposes at any time, in whole or in part, without incurring any costs other than the transmission costs at basic rates.
Under the legal requirements of § 7 para. 3 UWG, we are permitted to use the email address you provided at the time of contract conclusion to send you direct advertising for our own similar products or services. You receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations by email, you may object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs at basic rates. A notification in text form is sufficient. Of course, every email also contains an unsubscribe link.
Who receives my data?
If we use a service provider as a processor, we remain responsible for the protection of your data. All processors are contractually obligated to treat your data confidentially and to process it only in the context of service provision. The processors we commission receive your data only to the extent necessary for their respective tasks. These include, for example, IT service providers needed for the operation and security of our IT systems, as well as advertising and address publishers for our own promotional activities.
Your data is processed in our customer database. The customer database supports the improvement of data quality of existing customer data (duplicate cleanup, relocation/deceased status, address correction) and enables enrichment with data from public sources.
This data is made available to group companies if necessary for contract execution. Customer data is stored separately on a company-specific basis, with our parent company acting as a service provider for the individual participating entities.
Where a legal obligation exists or in the context of legal proceedings, authorities, courts and external auditors, may be recipients of your data.
In addition, insurers, banks, credit agencies and service providers may receive your data for the purpose of contract initiation and fulfilment.
How long is my data stored?
We process your data until the business relationship ends or until the applicable statutory retention periods expire (for example, those arising from the commercial code, the fiscal code, Care Act or Working Hours Act); beyond that, until the conclusion of any legal disputes in which the data is required as evidence.
Will personal data be transferred to a third country?
As a general rule, we do not transfer data to a third country. Any transfer would occur only in an individual case on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards or your explicit consent.
What data protection rights do I have?
You have the right at any time to access, rectify, delete or restrict the processing of your stored data, the right to object to processing, as well as the right to data portability and the right to lodge a complaint under the conditions set out in data protection law.
Right to access:
You may request information from us on whether and to what extent we process your data.
Right to rectification:
If we process data that is incomplete or incorrect, you may request its correction or completion at any time.
Right to deletion:
You may request the deletion of your data if we are processing it unlawfully or if processing disproportionately interferes with your legitimate protection interests.
Please note that legal retention obligations may prevent immediate deletion.
Regardless of your right to deletion, we will delete your data promptly and completely where no contractual or statutory retention obligations exist.
Right to restriction of processing:
You may request the restriction of processing if:
- You contest the accuracy of the data, for a period enabling us to verify accuracy
- Processing is unlawful but you oppose deletion and request restricted use instead
- We no longer need the data for its intended purpose, but you require it for legal claims
- You have objected to the processing
Right to data portability:
You may request that we provide your data, which you have supplied to us, in a structured, commonly used and machine-readable format and that we transmit this data to another responsible party without hindrance, provided that:
- We process this data based on your consent or a contract and
- Processing is carried out by automated means
Where technically feasible, you may request that we transfer your data directly to another responsible party.
Right to object:
If we process your data on the basis of legitimate interests, you may object to such processing at any time; this also applies to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms or unless the processing is required for the establishment, exercise or defense of legal claims. You may object to the processing of your data for direct marketing purposes at any time without providing reasons.
Right to lodge a complaint:
If you believe that we are violating German or European data protection law when processing your data, we encourage you to contact us so we can clarify the matter. You also have the right to contact the supervisory authority responsible for you, namely the respective regional data protection authority.
If you wish to exercise any of the rights listed above, please contact our Data Protection Officer. In case of doubt, we may request additional information to verify your identity.
Am I required to provide data?
Processing your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide this data, we will generally have to decline to conclude the contract or will be unable to continue an existing contract and must therefore terminate it. However, you are not required to give consent for the processing of data that is not relevant or not legally required for contract fulfilment.
Information Under Article 13 GDPR - Applicants
The protection of your personal data is especially important to us. We therefore process your personal data (hereinafter “data”) exclusively on the basis of the applicable legal regulations. With this privacy notice, we would like to inform you comprehensively, pursuant to Article 13 of the European General Data Protection Regulation (EU GDPR), about how your data is processed in our company as well as about your data protection rights.
1. Who is responsible for data processing and whom can you contact?
The responsible entity is
financial.com AG
Georg-Muche-Str. 3
80807 München
E-Mail: hr@financial.com
Phone: 089-318528-0
The data protection officer is
Gerald Lill
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: anfrage@projekt29.de
Phone: 0941-2986930
2. What data do we process?
During the application process, we process only those categories of personal data that are necessary for this purpose. This includes basic information such as your name and contact details, the application documents you submit, such as your résumé, certificates and qualifications, as well as communication data like your email address or telephone number. Notes from interviews or assessments may also be included. If relevant for evaluating your suitability, publicly accessible profile data, for example from professional networks such as LinkedIn, may also be considered.
Within our company, your personal data is accessible only to those individuals who require it to fulfil their contractual or legal obligations, such as the human resources department, accounting, the relevant specialist department, the works council or the representative body for employees with disabilities.
3. For what purposes and on what legal basis will the data be processed?
Your data is processed exclusively for the purpose of deciding whether to establish an employment relationship. The processing is carried out on the basis of Section 26(1) of the German Federal Data Protection Act (BDSG) for the initiation of an employment relationship, as well as Article 6(1)(b) of the GDPR insofar as pre-contractual measures are concerned. In addition, processing may take place on the basis of Article 6(1)(a) of the GDPR if you provide consent, for example for inclusion in a talent pool or for the recording of interviews.
3.1 AI-assisted Pre-Screening (TeamSpirit)
To support the selection process, we use the software tool TeamSpirit. This tool processes only the data that you have provided to us as part of your application or that is stored in our applicant management system.
TeamSpirit performs algorithmic pre-sorting or matching support based on defined criteria such as qualifications, professional experience, language skills, place of residence and similar factors.
Important:
No automated individual decision-making takes place in accordance with Article 22 GDPR.
The final evaluation is carried out exclusively by our recruiters and specialist departments.
TeamSpirit is used as a processor in accordance with Article 28 GDPR.
The processing takes place exclusively on servers located in Germany.
Technical and organizational measures (TOMs) and subcontractors are contractually regulated and are regularly reviewed.
The deletion periods correspond to those of our applicant management system.
3.2 Recording and Transcription of Job Interviews
Job interviews may be recorded and automatically transcribed using external tools (e.g., Metaview, MeetGeek or comparable technologies). This is carried out exclusively on the basis of your explicit consent (Art. 6 para. 1 lit. a GDPR). You may, of course, apply without giving consent. The transcripts are stored in our applicant management system and handled in accordance with the usual retention periods.
4. Who will receive my data?
Recipients of your data within the company are exclusively the human resources department, the executive management and the respective responsible managers involved in the selection and decision-making process. Where necessary, the works council may also be granted access to the relevant application documents.
5. How long will my data be stored?
The retention period of your data depends on the progress of the application process. In the event of a rejection, your documents are deleted after six months in accordance with the requirements of the AGG. Longer storage only occurs if you explicitly consent to being included in our talent pool; in this case, your data will be retained for a maximum of 24 months. For unsolicited applications, the personal data you provide is processed exclusively for the purpose of assessing a potential placement and will be deleted once the selection or review process has been completed or when the purpose of processing no longer applies.
An extended storage period beyond this will only occur if the applicant has expressly given consent (e.g., inclusion in the talent pool); without such consent, the data must be deleted once the purpose of processing no longer applies.
Data processed by TeamSpirit or by interview transcription tools are subject to the same retention periods.
6. Will personal data be transferred to a third country?
As a rule, we do not transfer personal data to a third country. Should a transfer be required in an individual case, it will be carried out exclusively on the basis of an adequacy decision by the European Commission, appropriate safeguards such as the EU Standard Contractual Clauses or on the basis of your explicit consent.
7. What data protection rights do I have?
Your rights as a data subject
In connection with the application process, you have various rights under Articles 15 to 22 GDPR concerning the processing of your personal data. You have, in particular, the right to receive information about the data stored about you during the application process. Furthermore, you may, where the legal requirements are met, request the correction of inaccurate data or the deletion of your personal data, for example if the purpose of processing no longer applies.
You also have the right to request the restriction of processing. If the processing is based on your consent (e.g., in the context of a talent pool), you have the right to withdraw this consent at any time with effect for the future. In such cases, you also have the right to data portability, meaning the right to receive the data you provided in a structured, commonly used and machine-readable format.
Right to object:
If we process your personal data during the application process on the basis
of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing
on grounds relating to your particular situation. In such a case, we will no longer process your data unless
we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms or unless
the processing serves the establishment, exercise or defence of legal claims.
You also have the right to contact the data protection officer named above or the competent data protection supervisory authority with any questions or complaints concerning our handling of your personal data. For companies based in Bavaria, the competent authority is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Phone: 0981 180093-0
Fax: 0981 180093-800
E-Mail: poststelle@lda.bayern.de