FinLeap – Privacy Policy

FinLeap (as defined in section 1 below) takes the protection and confidentiality of your data very seriously. With the following privacy policy (hereinafter: “Privacy Policy”), FinLeap is informing you about the collection, use and processing of personal data when using FinLeap’s website www.finleap.com (hereinafter: “Website”) and FinLeap’s newsletter (jointly: “Services”).

Unless explicitly defined otherwise in this Privacy Policy, used terms shall have the meaning ascribed to them in Art. 4 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “GDPR”). In accordance with Art. 4 no. 1 GDPR, personal data means all detailed information about personal or factual circumstances of a specific or identifiable natural person, such as e.g. your name, your telephone number or your address.

You can access this Privacy Policy at any time on our Website at www.finleap.com/privacy-policy/

1. Identity and Contact Details of the Controller and the Data Protection Officer

The controller responsible for the collection, use and processing of your personal data within the meaning of Art. 4 no. 7 GDPR is:

FinLeap GmbH
Hardenbergstr. 32
10623 Berlin, Germany
Telephone: +49 (0) 30 609865290
Email: privacy@finleap.com
Web: www.finleap.com

You will find more detailed information regarding FinLeap GmbH (hereinafter “FinLeap” or “we” or “us”) in our Imprint.

FinLeap’s data protection officer is:
Philipp Dannenberg
Intelliant GmbH
Koppenstr. 46
10243 Berlin, Germany
Email: privacy@finleap.com

2. Automated Collection of Data – Server-Log-Files

When accessing our Website your browser is transmitting the following data for technical reasons:
– Date and time of your access,
– Browser type and version,
– Used operating system,
– URL of the previously visited website,
– Quantity of transmitted data.

This data is stored by FinLeap only for technical reasons and will, at no time, be assigned to an individual person. This data processing is carried out on the basis of our legitimate interest in the secure and error-free operation of our IT infrastructure, the fight against misuse, the prosecution of criminal offences and the securing, assertion and enforcement of claims, Art. 6 Para. 1 f) GDPR.

3. Newsletter
We offer you a free newsletter service. FinLeap uses the newsletter to inform you about current news, events and to send you other information that may be of interest to you. Furthermore, we inform you in the newsletter about news and products of our portfolio companies. To receive the newsletter via e-mail, you can sign up on our Website. For the newsletter service we need your e-mail address and, in order to address you personally, your first and last name. After registration you will receive an e-mail. This contains a link with which you can confirm your registration. You will not receive the newsletter until you have confirmed it.

You can unsubscribe from the newsletter at any time. Each newsletter contains information on how you can cancel the newsletter with effect for the future.

The collection and processing of your personal data for the newsletter as well as the transmission to MailChimp described below is based on your consent, which can be withdrawn at any time in the future, and is necessary for the provision of the newsletter, Art. 6 Para. 1 a) GDPR.

FinLeap uses the service Mandrill of The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA, 30308, USA (hereinafter: “MailChimp“) to send the newsletter. This service allows FinLeap to internally manage a database of email contacts to communicate with you via email. The service manages information about when an email was read by you and when you interacted with incoming email messages, for example by clicking on links included in the email. This is done by so-called web beacons, also called tracking pixels. These are small image files that allow us to evaluate user behavior. Through the use of MailChimp personal data are transmitted to the USA. MailChimp is certified under the EU-US-Privacy Shield, so that an adequate level of data protection according to Art. 45 GDPR is ensured.

MailChimp in turn transmits this data to external service providers in order to be able to offer their services. MailChimp processes all data in accordance with European data protection standards.

You can object to this tracking at any time by unsubscribing from the newsletter as described above. The evaluation by MailChimp described above is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions.
Further information about data protection at MailChimp can be found in MailChimp’s privacy policy.

4. Recruitee
For the recruitment process FinLeap is using the services of Recruitee B.V., Johan Huizingalaan 763, (1066 VH) Amsterdam, the Netherlands (hereinafter: “Recruitee”). Recruitee is a webservice implemented in the FinLeap Website. So if you start the application process by clicking on a job offer on our careers page you will be linked directly to Recruitees service in a separate window. The collection and processing of your personal data for the recruitment as well as the transmission to Recruitee is necessary to take steps at your request prior to entering into a contract, Art. 6 Para. 1 b) GDPR. Furthermore, it is FinLeap’s legitimate interest to facilitate recruitment and to ensure the data privacy by encrypted processing, Art. 6 Para. 1 f) GDPR. We kindly ask for your understanding that due to data privacy reasons we can’t process applications received outside of Recruitee.

After you start the recruiting process, we collect data for the following purposes:
– learning more about the behaviour of the visitors of our careers website to improve our recruitment process and this Website,
– improving and monitoring the performance of this Website, and
generating anonymized data that we share with our partners.

We process the following personal data of careers website visitors:
– device and browser,
– IP-address,
– requests and responses sent from and to your device,
– source website (we use a cookie to track this), and
– your behaviour on our Website.

Personal data of job applicants

If you apply for a job, we process your personal data to facilitate the entire job application procedure on the legal grounds of Art. 6 Para. 1 b) and f) GDPR. After the procedure we will delete your personal data as soon as possible, unless we have informed you that we require it for other purposes.

The following personal data can be processed for the job application procedure:
– Any personal data that you provide through our job application form including, but not limited to: Full name, email address, phone number, picture, cover letter, résumé, LinkedIn profile, Indeed profile and which job you have applied for,
– Statuses, notes and planning related to your job application, and
– Email communications.

We will store the personal data we receive in the recruitment process for a period of 12 months for preventive reasons.

Under European data protection law, we are required to inform you that withholding personal data in your job application can give you a disadvantage in comparison to other candidates who are applying for the same role.

Your personal data has to be processed by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (herein “LinkedIn”) and Indeed Ireland Operations Limited, 124 St. Stephen’s Green, Dublin 2, Ireland (herein “Indeed”) to allow for the “Apply with LinkedIn” and “Apply with Indeed” functionalities even when you don’t use that functionality. LinkedIn and Indeed may use cookies.

You can find more Information in LinkedIn’s and Indeed’s privacy policies. Further information about data protection at Recruitee can be found in Recruitee’s privacy policy.

5. Cookies
Our Website uses “cookies” in accordance with Art. 6 Para. 1 f) GDPR in order to make the use of our Website more convenient and tailored to your needs, for example by saving certain entries and settings. Cookies are small text files that are stored on your computer using your Internet browser.
You can prevent cookies from being stored by making the appropriate settings in your web browser. However, we would like to point out that in this case you may not be able to use all functions of the Website in full.

6. Google Analytics

Our Website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Google Analytics uses “cookies” to help analyzing how users use the Website. The information generated by the cookie about your use of the Website (including your truncated IP-adress as described below) will be transmitted to and stored by Google on servers in the United States. Google is certified under the EU-US-Privacy Shield, so that an adequate level of data protection according to Art. 45 GDPR is ensured.

As IP-anonymisation is activated on our Website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there.

Google will use this information on behalf of FinLeap for the purpose of evaluating your use of our Website, compiling reports on website activity and providing us other services relating to website activity and internet usage. The collection and processing of your personal data is accordingly based on FinLeap’s legitimate interest in a demand-oriented design as well as the statistical evaluation of our website and the fact that your legitimate interests do not outweigh, Art. 6 Para. 1 f) GDPR.
The IP-address, that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this Website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser.

As an alternative to the browser Addon or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within our Website in the future (the opt-out applies only for the browser in which you set it and within this domain). An opt-out cookie will be stored on your device, which means that you will have to click the link again, if you delete your cookies. If cookies are disabled, it may result in not all services of FinLeap’s Website being available to you.

You will find more information about Google and Google Analytics in Google’s data privacy and security overview and privacy policy.

7. Social Media
We are active on Social Media for marketing reasons and to inform you about current news, events and to send you other information that may be of interest to you. Furthermore, we inform you about news and products of our portfolio companies. For sharing information from our Website on Social Media we do not use scripted Social Media plugins. Instead, our share buttons only contain a link to the Social Media (f.e. sharer.php for Facebook). This ensures that your data such as your (possibly truncated) IP address, entire cookies or other information will only be transmitted to the Social Media and thus possibly also to servers in the USA if and when you press the corresponding button yourself. The same applies to the links to our Social Media sites we have implemented on our Website. It is possible that a Social Media provider can associate your visit to our Services with your user account if you are logged into your Social Media account.

We have no influence on the amount and extent of data processed by the provider of the Social Media when you press a share button or click on the corresponding link and access the Social Media site, and therefore only inform you according to our level of knowledge. As soon as you access the Social Media site, the terms and conditions and the privacy policy of the respective provider of the Social Media apply.

We use the following Social Media for the above-mentioned purposes (for more information click on the links to get to the respective privacy policy):
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA),
Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA),
LinkedIn (see section 4 above),
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA),
XING (XING SE, Dammtorstraße 30, 20354 Hamburg, Germany), and
Google+ (see section 6 above).

Unless otherwise stated in this privacy policy, we process the personal data that you may transmit to us via Social Media based on our legitimate interest to establish or maintain contact with you, Art. 6 Para. 1 f) GDPR.

8. YouTube
We use plugins from YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube”), a subsidiary of Google (see section 6 above), to integrate videos from YouTube. When you watch a YouTube video, a connection to YouTube’s servers is established and automatically collected data is processed by YouTube or Google (the adequate level of data protection is ensured see section 6 above). You will find more information on data protection in YouTube’s privacy policy.

9. Google Maps
We use Google Maps, a service from Google (see section 6 above), to display an interactive map. By using Google Maps, information about the use of the Website including your IP address can be transmitted to Google in the USA (the adequate level of data protection is ensured, see section 6 above). You will find more information in the terms of service of Google Maps and in Google’s privacy policy.

10. Change of Purpose
We will only process your personal data for a purpose other than that for which the personal data have been collected if permitted by law or if you have consented to the changed purpose of data processing. In this case we will inform you about these other purposes before further processing and provide you with all other relevant information.

11. Duration of Storage and Deletion of your Data
If your personal data are no longer required for the aforementioned purposes or you revoke your consent on which the data processing is based, they will be deleted. If the data must be kept for legal reasons, they will be blocked in this respect. The data is then no longer available for further use.

We will store the personal data we receive in the recruitment process for a period of 12 months for preventive reasons.

12. Your Rights
As a person affected by the processing of personal data, you have the rights granted in Articles 15 to 21 GDPR and listed below for information purposes. If you wish to exercise your rights or receive information on data protection, you can contact us or our Data protection officer by sending an e-mail to privacy@finleap.com or by using the other contact options listed in section 1 above.

12.1. Right to Withdraw your Consent

You have the right to withdraw your consent to the processing of your personal data at any time.
It is sufficiet to send an e-mail to privacy@finleap.com. Further contact options can be found under section 1 above.

12.2. Right of Access
In accordance with Art. 15 GDPR, you have the right to request confirmation from FinLeap as to whether personal data relating to you is processed; if this is the case, you have the right to receive information free of charge, in particular on the personal data stored about you and a copy of this information.
In addition, pursuant to Art. 19 Sentence 2 GDPR, you have the right to request FinLeap to inform you of all recipients to whom personal data have been disclosed.

12.3. Right to Rectification
Pursuant to Art. 16 GDPR, you have the right to request FinLeap to correct and/or complete your personal data if they are incorrect or incomplete.

12.4. Right to Erasure

In accordance with Art. 17 GDPR, you have the right to request FinLeap to delete your personal data without delay. Deleting your data has the effect that FinLeap’s Services can no longer be used in full extend or used at all.

FinLeap is obliged to delete personal data immediately if processing is not necessary and if one of the following reasons applies:
– The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
– You have withdrawn your consent on which the processing was based and there is no other legal basis for the processing.
– You have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for processing or you have lodged an objection to the processing pursuant to Art. 21 Para. 2 GDPR.
– The personal data have been processed unlawfully.
– Deleting your personal data is necessary to fulfil a legal obligation under German or European law.

If FinLeap has made your personal data public and is obliged to delete it, we will take appropriate measures, taking into account the available technology and implementation costs, to inform our data processors who are processing your personal data that you have requested to delete all links to your personal data or copies or replications of your personal data. The measures shall only be taken in so far as processing is not necessary.

12.5. Right to Restriction of Processing
In accordance with Art. 18 GDPR, you have the right to request FinLeap to restrict processing if one of the following conditions is fulfilled:
– You have disputed the accuracy of your personal data for a period that enables FinLeap to check the accuracy of your personal data.
– The processing is unlawful and you have refused to delete your personal data and have instead requested a restriction on the use of your personal data.
– FinLeap no longer needs your personal data for processing purposes, but you do need them to assert, exercise or defend legal claims.
– You have filed an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it is not clear yet whether our legitimate interests outweigh yours.

If the processing of personal data has been restricted in accordance with the conditions above, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing is restricted, FinLeap will inform you before the restriction is lifted.

12.6. Right to Object

According to Art. 21 GDPR, you have the right to object to the processing of your personal data form-free and at any time, if your personal data is processed
a) on the basis of Art. 6 Para. 1 f) GDPR, or
b) for the purposes of direct advertising or profiling.
It is sufficient to send an e-mail to privacy@finleap.com. Further contact options can be found under section 1 above.

FinLeap will no longer process your personal data in the event of an objection. This does not apply in the case of data processing pursuant to Art. 6 Para. 1 f) GDPR if FinLeap can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or if the data is processed to assert, exercise or defend legal claims.

12.7. Right to Data Portability

According to Art. 20 GDPR, you have the right to receive your personal data which you have provided to FinLeap in a structured, common and machine-readable format.
In addition, you have the right to transmit your personal data yourself or through us directly to another controller, insofar as this is technically feasible and insofar as the rights and freedoms of others are not affected.

12.8. Right to Lodge a Complaint with a Supervisory Authority
Finally, under Art. 77 GDPR, you have the right to lodge a complaint to a supervisory authority responsible for FinLeap.
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
Visitors‘ entrance: Puttkamerstr. 16 – 18
10969 Berlin, Germany
Phone: 030 13889-0
E-Mail: mailbox@datenschutz-berlin.de
Web: www.datenschutz-berlin.de

13. Changes to our Privacy Policy
We reserve the right to amend this Privacy Policy at any time to the extent legally possible. The current version of our Privacy Policy is always available at www.finleap.com/data-privacy/.

Updated: May 24th, 2018