Privacy

[Privacy Policy – 17.09.2021]

Your trust in our products and services is important to us. Finteam takes the protection of your personal data very seriously. Personal data is only collected, processed or used if the person concerned has consented, if it is necessary for the performance of a contract or if a law permits or prescribes the collection, processing, or use.

With this privacy policy we would like to inform you about the details of data collection and data processing as well as about your rights in this context.

The responsible entity

The entity responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other data protection provisions is:

Finteam

E-mail: project@finteamservices.com

Web: https://finteamconsult.com/

Basic information on the processing of personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Finteam only processes personal data if the user has given his or her consent or if the data processing is permitted by legal regulations. The legal basis is Art. 6 para. 1 EU General Data Protection Regulation (GDPR). According to the regulation, the processing of personal data is only permitted if the data subject consents (Art. 6 (1) (a) GDPR) or the processing for one of the following purposes is necessary:

To fulfil a contract with the data subject or to carry out pre-contractual measures at the request of the data subject (Art. 6 (1) (b) GDPR).

To fulfil a legal obligation of our company (Art. 6 (1) (c) GDPR).

To protect the vital interests of the data subject or another natural person (Art. 6 (1) (d) GDPR).

To perform a task which is in the public interest or which has been entrusted to our company by the public administration (Art. 6 (1) (e) GDPR).

To protect a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject for the protection of personal data prevail (Art. 6 (1) (f) GDPR).

Duration of storage and deletion of data

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Data may be stored beyond this period if this is provided for by law. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract. Prescribed storage periods in this sense are e.g., retention periods under tax law or commercial law.

Collection of access data (creation of log files)

The website of Finteam automatically collects general data and information from the computer system of the calling computer each time it is called up, which is stored in the log files of the server. The following data and information is collected:

Browser type including version used
Operating system used by the calling computer
Date and time of the call
IP address of the user
Internet service provider of the user
Website from which our website is accessed
Websites and sub-websites accessed from our website
Other similar data and information that serve to avert danger in the event of attacks on our system.

The data is stored anonymously in the log files of our system. No link is made with other personal data of the user, Finteam does not draw any conclusions about the person concerned. The legal basis for the data processing is Art. 6 (1) (f) GDPR.

The storage is necessary to ensure the functionality of our website and the correct display of the contents. Furthermore, the data serve our statistics and the continuous optimisation of our content. Finally, the data is stored in order to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

No data is passed on to third parties unless there is a legal obligation to disclose it. Since the collection and storage of the data in the log files is absolutely necessary for the trouble-free operation of the website, the user has no possibility to object. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Insofar as the data was collected for the purpose of providing the website without interruption, this is the case when the internet session ends.

Cookies

We use cookies on our website. Cookies are text files which are placed on your computer by our server and thus store certain data. Cookies usually contain a characteristic data string which enables a clear allocation of the Internet browser when the user calls up a website. This makes it possible to recognise and identify the calling browser. Cookies help us to make it easier for you to use the website. Through the recognition of the browser and storing previously entered data, the offers, and contents of our website can be individually optimised (e.g., access data, search terms) so that you do not have to enter it again each time you visit the website. The legal basis for this is Art. 6 (1) (f) GDPR.

In addition, we use cookies on our website that enable an analysis of the user’s surfing behaviour. However, the data collected in this way is pseudonymised, i.e., the personal data is replaced by other identifiers so that it is no longer possible to identify the person concerned without the use of additional information. Since your consent is obtained when you access the website, the legal basis for the processing of personal data by means of analysis cookies is Art. 6 (1) (a) GDPR.

Since cookies are stored on the user’s computer, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. You can delete cookies at any time. However, if cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. For further information on the general functionality of cookies, please visit www.allaboutcookies.org. For further information on the cookies we use on our website, please read our Cookie Policy.

Contact form and email contact

The Finteam website contains a contact form which can be used to contact us electronically. The data entered by the user in the input mask is transmitted to us and stored. Furthermore, the IP address of the user as well as the date and time of transmission are also stored. The legal basis for the processing is therefore Art. 6 (1) (a) GDPR. As far as the storage of the IP address is concerned, the legal basis is also Art. 6 (1) (f) GDPR.

Alternatively, it is possible to contact us via the e-mail address provided on our website. In this case, in addition to the e-mail address, the personal data that is transmitted is provided by the user in the e-mail. The legal basis in this respect is Art. 6 (1) (f) GDPR. The processing of the data transmitted via the contact form or by e-mail serves exclusively to carry out the desired contact. Other data is stored in order to prevent or detect misuse of the website and to ensure the security of our system. The data is not passed on to third parties unless there is a legal obligation to disclose it.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. As far as the data transmitted by the user in the contact form or in the e-mail is concerned, the data transmitted is deleted when the communication in question has ended, unless the content of the communication still has legal significance.

The data subject may at any time revoke consent to data processing or object to the use of the data. In this case, the intended contact with the user is no longer possible or communication that has already begun cannot be continued.

Blog

Within the Blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. Content and data is publicly viewable. You have choices about the information on your profile. You don’t have to provide additional information on your comment; however, profile information helps you to get more from our Services. It is your choice whether to include sensitive information in your comment and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the storage is Article 6 (1) (f) GDPR.

Commercial and business services

We process data of our contractual and business partners, e.g. customers and interested parties in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer enquiries.

We process this data to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organisation. We only disclose the data of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g., to participating telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).

We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g., in online forms, by means of special labelling or symbols, or in person.

Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users). And, the Legal bases are Contractual performance and pre-contractual enquiries (Art. 6 (1) (b) GDPR), Legal obligation (Art. 6 (1) (c) GDPR), and our Legitimate interests (Art. 6 (1) (f) GDPR).

Upwork, Eloquens and other Platform Services

We process the data of our users, registered users in order to be able to provide our contractual services to them as well as on the basis of legitimate interests in order to ensure the security of our offer and to be able to develop it further. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.

Commercial services

We process the data of our customers and clients in order to enable them to select, purchase or commission the selected services or works and associated activities as well as their payment and delivery or execution or performance. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.

Direct marketing

The legal basis for the processing of your personal data in the context of direct marketing measures is either your consent or our legitimate interest in marketing and promoting our courses and services. The purpose of processing your personal data in the context of direct marketing measures is to send information, offers and, if applicable, to promote sales.

Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected; this is the case in particular upon receipt of the revocation or objection. You can revoke your consent at any time for the future or object to the processing of your personal data in the context of direct marketing measures at any time for the future.

Your rights as a data subject

If personal data is processed by us, you are a data subject within the meaning of the GDPR, and you are entitled to the following rights:

a) Right to confirmation and information

You can request confirmation from us at any time as to whether personal data relating to you is being processed by us. If this is the case, you have the right to be informed by us about the following circumstances

circumstances:

the categories of personal data being processed;
the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
the planned duration of the storage of the personal data relating to you or, if it is not possible to provide specific information on this, criteria for determining the duration of the storage;
the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
any available information on the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
In addition, you have a right to information as to whether personal data is transferred to a state that is not a member of the EU (so-called third country) or to an international organisation.
In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

b) Right to rectification

You have the right to request that we correct any inaccurate personal data relating to you without delay. Furthermore, you have the right to request us to complete incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing.

c) Right to erasure (right to be forgotten)

You may request us to erase the personal data concerning you without undue delay if one of the following reasons applies:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you have been processed unlawfully.
The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

If the personal data concerning you has been made public by Finteam, and we are obliged to erase the personal data in accordance with the above principles, we are also obliged to inform other data controllers that you, as the data subject, have requested the erasure of all links to or copies or replications of the personal data. In this regard, we shall take appropriate measures, including technical measures, to comply with these obligations, taking into account the available technology and the costs of implementation, in any case to the extent that the processing is no longer necessary, i.e., if required by law or if legitimate interests prevent the erasure.

d) Right to restriction of processing

You may request us to restrict the processing of personal data relating to you under the following conditions:

You dispute the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, and you request the restriction of the use of the personal data instead of erasure.
The personal data is no longer needed by us for the purposes of processing, but you need this data to assert, exercise or defend legal claims.
You have objected to the processing pursuant to Article 21 (1) of the GDPR, and it is not yet clear whether the legitimate grounds of Finteam override your reasons.

If the processing of personal data relating to you has been restricted, this data – apart from being stored – may only be used with your consent or for the assertion, exercise, or defence of legal claims or for the protection of personal data or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. In this case, you will also be informed by us before the restriction is lifted.

e) Right to information

If you have exercised the right to rectification, erasure, or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure, unless this proves impossible or involves a disproportionate effort. In this respect, you may request us to inform you about these recipients.

f) Right to data portability

You have the right to receive the personal data concerning you, which you have made available to us, in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6 (1)(b) GDPR and (b) the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you may request that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

g) Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing by us of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

The Finteam shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the assertion, exercise, or defence of legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing.

This also applies to profiling, insofar as it is connected with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

h) Right to revoke data protection consent

If you have given your consent under data protection law, you have the right to revoke this consent at any time with effect for the future.

i) Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for the conclusion or performance of a contract between you and Finteam or is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject, and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or is carried out with the express consent of the data subject.

However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies, and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

If the decision is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or if it is made with the data subject’s explicit consent, Finteam shall implement suitable measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include at least the right to obtain the intervention of a data subject on the part of the responsible person, to express his or her point of view and to contest the decision.

j) Right to complain to the supervisory authority

Notwithstanding the rights you have against us, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR. The supervisory authority to which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

Online Payment, Secure data transmission and Credit card information

The transmission of your personal information during an order transaction is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3). Any credit card information you provide will not be stored by us, but will be encrypted and collected directly from our payment service provider via hypertext transfer protocol secure (“https”).

We may share information with, and you may need to provide credit or debit card information directly to the provider in order to process payment details and authorize payment following a secure link. The information which you supply to in such cases is not within our control and is subject to our payment service provider’s own Privacy Notice and Terms and Conditions.

Integration Of Services And Contents Of Third Parties

We use within our online offer on the basis of our legitimate interests (Art. 6 (1) (f) GDPR), content or services offered by third-party providers in order to integrate their content and services. This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content, and we endeavour to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

Deletion Of Data And Storage Period

Your personal data will be deleted or blocked as soon as the purpose for storing it no longer applies. This is generally the case after the purpose of the data processing has ceased to exist. In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

Who is the recipient of data? To whom is your data disclosed ?

Data is only disclosed to third parties if there is a legal basis for the processing. For example, we disclose personal data to persons or companies that act as processors for us in accordance with Art. 28 of the GDPR. A processor is anyone who processes personal data on our behalf, i.e., in particular in an instruction and control relationship with us. In accordance with the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus to provide your data with comprehensive protection.

What security measures have we taken to protect your data?

The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our servers. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU or compliance with officially recognised special contractual obligations.

Economic analyses and market research

For business reasons and in order to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our online offer.

The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g., regarding services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e., anonymised values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarised data).

Children Data

Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Obligation to provide personal data

You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.

Do Not Sell My Personal Information

We do not sell information that directly identifies you, like your name, address, or phone records.

Hosting

The services for hosting and displaying the website are partly provided by our service provider as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact us.

Content Delivery Network

For the purpose of a shorter loading time, we use a so-called Content Delivery Network (“CDN”) for some offers. With this service, content, e.g., large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please contact us.

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.