Data protection

With this data protection declaration, we inform you about the scope of the processing of your personal data (hereinafter referred to as “data”).

1. responsible for data processing

Responsible for data processing in accordance with the provisions of the General Data Protection Regulation (GDPR) is
A.B.S. Global Factoring AG
Mainzer Str. 97
65189 Wiesbaden
Phone: +49 611 977100
Fax: +49 611 97710250
E-Mail: info@abs-factoring.com

2. contact details of our data protection officer

Markus Junkes
RMPrivacy GmbH
Große Langgasse 1A, 55116 Mainz, Germany
Web: www.rmprivacy.de
E-mail: datenschutz@abs-factoring.com

3. joint processing

We process personal data jointly within the A.B.S. Global Factoring group of companies for the purpose of effective internal management of personal data and group systems. For this purpose, we transfer your data to companies affiliated with us in accordance with §§ 18 ff. AktG by analogy, or process the data in systems that are operated jointly with our affiliated companies.

The legal basis for joint data processing is our overriding legitimate interest in effective administration and IT infrastructure in accordance with Art. 6 para. 1 f) GDPR.

We are jointly responsible with our affiliated companies for the processes that are subject to joint data processing in accordance with Art. 26 GDPR. Accordingly, we have bindingly defined the internal competences and responsibilities in a contract.

The respective company with which you are in contact first will fulfil the information obligations of the GDPR.

We have assigned the fulfilment of data subject rights internally to A.B.S. Global Factoring AG. You can also contact us at any time with enquiries or to assert your data subject rights using the contact details provided in section 1. We will then forward your enquiry internally for processing.

The specific processes that fall under joint processing are labelled accordingly below.

4. general information on data processing

We process data as part of our business and website operations.

This also includes disclosure by transfer to third parties and, if applicable, to so-called third countries outside the European Union (“EU”) and the European Economic Area (“EEA”). Where we transfer data outside the EU or the EEA, we have labelled this accordingly below.

5. data processing

The individual data concerned, processing purposes, legal bases, recipients and, if applicable, transfers to third countries are listed below:

a) Log file when visiting the website

We log your website visit. In doing so, we process

Name(s) of our website(s) accessed,
the date and time of access
the amount of data transferred,
the browser type and version
the operating system you are using,
the referrer URL (the previously visited website),
your IP address,
the requesting provider.
The legal basis for data processing is our overriding legitimate interest in the continuous provision and security of our website in accordance with Art. 6 para. 1 f) GDPR.

The log file is deleted after seven days, unless it is required to prove or clarify specific legal violations that have become known within the retention period.

b) Hosting

To provide our online presence, we use the services of web hosting providers who process the above-mentioned data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.

The legal basis for data processing is our overriding legitimate interest in the provision of our website in accordance with Art. 6 para. 1 f) GDPR.

c) Making contact

If you contact us, we process the following data from you for the purpose of processing and handling your enquiry Name, contact details – if provided by you – and your message.

The legal basis for data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations pursuant to Art. 6 para. 1 b) GDPR and/or our overriding legitimate interest in processing your enquiry pursuant to Art. 6 para. 1 f) GDPR.

d) Customer account

In connection with the opening and use of a customer account, we process your inventory data (name, address, e-mail address, bank details) and your usage data (user name, password). This enables you to manage your orders and commissions and we can identify you as a customer. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 a) GDPR.

e) Contract processing

We process your contract data to fulfil the contractual relationship between you and us.

The legal basis for data processing is the fulfilment of our contractual obligations in accordance with Art. 6 para. 1 b) GDPR and, in individual cases, the fulfilment of our legal obligations in accordance with Art. 6 para. 1 c) GDPR.

We transmit your contract data (name, date of order, payment method, financing data, amount and payment recipient, bank details or credit card data if applicable) to the payment service provider commissioned to process the payment.

f) Your identification as contractual partner (POSTIDENT)

We use the POSTIDENT procedure of Deutsche Post AG, Charles-de-Gaulle-Straße 20, D-53113 Bonn, Germany, in order to be able to identify you in a legally secure manner when concluding the contract.

The following data may be involved: Salutation, title/academic degree (if available), surname, first name (all first names), maiden name, place of birth, date of birth, nationality, street and house number, postcode and city, ID card data (such as type of ID card, ID card number, place and date of issue, issuing authority, period of validity), mobile phone number, e-mail address, as well as other necessary verification data for the identification process.

Your e-mail address is required in order to send you a process number by e-mail as part of your identification, which you can use to start the identification process at any time. The mobile phone number serves as a secure second factor in the sense of a two-factor authentication for a TAN transmission for individual procedures.

The legal basis for data processing in the case of purchase on account is the fulfilment of our legal obligation pursuant to Art. 6 para. 1 c) GDPR to fulfil the identification obligations under the Money Laundering Act (GwG).

g) “Know-Your-Customer” (KYC) check

In order to ensure your or your company’s financial integrity and, in particular, to fulfil our obligations under the German Money Laundering Act (GwG), we are required to request further information in addition to your identity. In addition to your identity as a customer, we are obliged, among other things, to determine the beneficial owner and to obtain a corresponding picture of the nature and scope of your business activities (KYC check).

We use the services of ClariLab GmbH & Co KG, Platz der Einheit 2, 60327 Frankfurt am Main, Germany, for the KYC check.

The legal basis for data processing as part of the KYC check is the fulfilment of our legal obligation pursuant to Art. 6 para. 1 c) GDPR in accordance with the German Money Laundering Act (GwG).

h) Credit assessment and determination of default risks

To determine creditworthiness or default risks in the financing business and the need for seizure protection accounts or basic accounts, we transmit your name and address to a credit agency, which compares this data with its own database in order to check your creditworthiness. The credit agency then transmits the corresponding credit information to us.

The legal basis for the processing of your data is Art. 6 para. 1 b) GDPR in order to decide whether a contract can be concluded with you.

Your data will be sent to the following credit agencies to carry out the credit check:

Creditsafe i Sverige AB
Fabriksgatan 7
41250 Gothenburg
Sweden
Data protection notice: https://www.creditsafe.com/se/sv/product/privacy-policy.html

Creditsafe Germany GmbH
Sonnenallee 221 F
12059 Berlin
Berlin, Germany
Data protection notice: https://www.creditsafe.com/de/de/rechtliches/datenschutz.html

Tink AB
Vasagatan 11
11120 Stockholm
Sweden
Data protection notice: https://tink.com/legal/privacy-and-security/

Creditreform Wiesbaden Hoffmann & Nikbakht KG
Adolfsallee 34
65185 Wiesbaden
Wiesbaden, Germany
Data protection notice: https://www.creditreform.de/wiesbaden/datenschutz

Xpector Tech AB
Hvitfeldtsplatsen 7
41120 Gothenburg
Sweden
Data protection information: https://www.xpektor.se/privacypolicy

In the context of this data processing, a decision based solely on automated processing within the meaning of Art. 22 GDPR may be made. This is permissible for carrying out the credit check in accordance with Art. 22 Para. 2 b) GDPR in conjunction with Section 31 Para. 1 BDSG.

i) For the purpose of insuring the financing transaction and the associated risk management by the insurer, we transmit your name and address to the insurer, which compares this data with its own database in order to check the risk of the financing transaction.

The legal basis for the processing of your personal data is our legitimate interest pursuant to Art. 6 para. 1 f) GDPR, insofar as the insurance is necessary for the conclusion or fulfilment of the financing transaction with you.

Your data will be transmitted to the following insurer

Great Lakes Insurance SE
Königinstraße 107
80802 Munich
Germany
Data protection information: https://www.munichre.com/glise/en/general/privacy.html

Information on data processing by the insurer, including complaint options, can be found in the data processing information of Great Lakes Insurance SE, which is published in the currently valid version on the following website https://www.munichre.com/de/allgemein/datenschutz.html

j) Electronic signature

To send contracts to our customers for electronic signature, we transmit the content of the contract, your name, your signature and your e-mail address to service providers.

The legal basis for the processing of your data is Art. 6 para. 1 b) GDPR in order to have the contract signed electronically.

k) Newsletter

In order to provide you with regular information about our company and offers, we offer to send you an e-mail newsletter. When you register for the newsletter, we process the data you entered when registering (e-mail address and other voluntary information). In order to prevent misuse, we will send you an e-mail after your registration in which we ask you to confirm your registration (double opt-in procedure). In order to be able to prove the registration process in a legally compliant manner, your registration will be logged. This includes the time of registration and confirmation as well as your IP address.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 a) GDPR. Data processing in connection with the sending of the confirmation e-mail for your registration and the associated data logging is carried out in accordance with Art. 6 para. 1 f) GDPR due to our legitimate interest in the proof of your proper registration.

If you give us your consent, we will also evaluate in the newsletters whether you have opened the newsletter and the scrolling and clicking behaviour in the newsletter. The purpose of this is to optimise our newsletter to your interests and to improve the content of our newsletter. The legal basis for analysing the newsletter is your consent in accordance with Art. 6 para. 1 a) GDPR.

We use service providers to whom we transmit the aforementioned data to send the newsletter:
Hubspot: Hubspot, Inc, 25 First Street, Cambridge, MA 02141, USA

Hubspot, Inc. based in 25 First Street, Cambridge, MA 02141, USA is a US-American company. Therefore, a transfer of data to the USA cannot be ruled out. Hubspot, Inc. is certified under the EU-US Data Privacy Framework and therefore falls under the EU adequacy decision for the USA.

l) Direct e-mail advertising for existing customers

Unless you have objected, we will send you direct advertising in connection with the goods and services you have purchased in order to offer you similar goods and services. We use the e-mail address you used when you concluded the contract.

You can object to this use at any time without incurring any costs other than the transmission costs according to the basic rates.

The legal basis for sending this direct advertising is Section 7 (3) UWG in conjunction with Art. 95 GDPR. We use service providers to whom we transmit the specified data to send the advertising emails.

m) Use of cookies

We use cookies on our website. Cookies are small text files that are stored on your end device (PC, smartphone, tablet, etc.) and saved by your browser.

Information about the specific cookies we use, their providers and purposes can be found in our consent banner. There you can give your consent to the respective services as required by Section 25 (1) TDDDG, revoke this consent or subsequently adjust your settings.

aa) Our consent banner

We use a consent banner to document your selection of certain data processing procedures and to fulfil our obligations under data protection law. When you visit our website, your cookie preferences are requested via a banner. We then set a cookie in which data on granted or revoked consent is stored. The data processing is carried out to fulfil our legal obligations in accordance with Art. 6 para. 1 c) GDPR.

Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

bb) Google Consent Mode

We use the Google Consent Mode service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”) on our website. We use this function to harmonise your consent with the Google services we use. Depending on the user’s confirmation or refusal, conversion tracking by Google is continued or prevented. The data processing is carried out to fulfil our legal obligations in accordance with Art. 6 para. 1 c) GDPR.

It is possible that data may also be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA.

Google is certified under the EU-US Data Privacy Framework and is covered by the EU adequacy decision for the USA.

n) External content

We use dynamic content (“content”) from third parties to optimise the presentation and offer of our website. When you visit the website, a request is automatically sent to the server of the respective content provider via an interface, during which certain log data (e.g. the user’s IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there.

We use external content in connection with the following functionalities:

aa) Integration of YouTube videos

We have integrated videos from the “YouTube” portal of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. Google does not store any cookies in your browser.

The legal basis for the processing is your prior consent in accordance with Art. 6 para. 1 a) GDPR.

It cannot be ruled out that data will be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.

bb) Social media plugins

We use social media plugins from Facebook, Instagram and LinkedIn on our website. These plugins are only activated if you have given your prior consent via the consent banner. This means that no data is transferred to the respective social networks when you simply visit our website.

Only when you click on the corresponding button of a social media service and thereby give your consent will a direct connection to the servers of the respective provider be established. The following data, among others, is transmitted

Your IP address
The page accessed on our website
Date and time of the interaction

If you are a member of one of the aforementioned social media networks, the respective provider can assign the access to the content and functions to your respective profile as a user, provided you have given your prior consent.

Please note that we have no influence on further data processing by the social networks. Please note that the use of social media plugins may also result in the transfer of data to third countries:

Meta Platforms Ireland Limited (for Facebook and Instagram): 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland: https://www.facebook.com/about/privacy/ http://instagram.com/about/legal/privacy/. Meta is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the US.

The legal basis for data processing in the present context is your consent in accordance with Art. 6 para. 1 a) GDPR.

cc) Appointment booking MS Bookings

You can easily book appointments with our employees yourself via the MS Bookings booking platform. If you make an online appointment booking on our website, we use the Microsoft Bookings service provided by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

When booking an appointment online, we process the personal data contained in the booking form. This includes: Title, name, telephone number, email address and, if applicable, the company and any additional notes or messages.

The legal basis for data processing is our overriding legitimate interest in providing a simple appointment booking system in accordance with Art. 6 para. 1 f) GDPR.

Microsoft Ireland Operations Limited is a subsidiary of the Microsoft Group with headquarters in the USA. Data may therefore be forwarded to Microsoft Online Inc. based in the USA and processed there. Microsoft is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.

o) Analysis / Marketing

aa) Google services

We use various services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”) on our website. It is possible that data may also be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA.

Google is certified under the EU-US Data Privacy Framework and is covered by the EU adequacy decision for the USA.

bb) Google Analytics

We use the Google Analytics tracking tool from Google on our website. We use Google Analytics to analyse your use of the website, to compile reports on the activities within this website and to provide other services associated with the use of the website and thus improve user-friendliness.

When Google Analytics is used, the interactions of website visitors are primarily recorded and systematically analysed with the help of cookies.

We use Google Analytics with the extension “anonymiseIp()”. This truncates IP addresses within the member states of the EU or EEA. If a transmission to Google’s servers in the USA takes place, the full IP address is only transmitted in exceptional cases and shortened there. A direct personal reference is therefore generally excluded. In particular, it is no longer possible to identify the computer or end device of the website visitor.

The following data is processed through the use of Google Analytics:

3 bytes of the IP address of the website visitor’s accessed system (anonymised IP address),
the website accessed,
the website from which the user accessed the page on our website (referrer)
the subpages that are accessed from the website
the time spent on the website,
the frequency with which the website is accessed.

cc) Google Tag Manager

We use Google Tag Manager to manage and bundle our Google services and third-party providers on an online presence. Tags are small code elements on an online presence that are used, among other things, to measure visitor numbers and behaviour, to record the impact of online advertising and social channels, to use remarketing and targeting and to test and optimise online presences.

dd) Google Ads Conversion Tracking Pixel

We use Google Ads Conversion Tracking Pixel on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service enables us to measure the effectiveness of our Google Ads advertising by tracking the actions of users who click on our adverts.

When a user clicks on one of our adverts, a cookie is placed on the user’s device. This cookie has a duration of 30 days and enables us to collect certain data, e.g. whether the user has carried out a desired action (such as a purchase or registration) on our website. The data collected by the conversion tracking pixel helps us to optimise our advertising and create targeted campaigns that are tailored to the interests of our target group.

ee) HubSpot tracking pixel

We use the services of HubSpot Inc, 25 First Street, Cambridge, MA 02141, USA on our website. HubSpot is an integrated software solution package for marketing, sales and customer service. This includes email marketing, social media publishing & reporting, contact management, landing pages and web analyses via a tracking pixel.

HubSpot uses cookies and tracking technologies that are stored on your end device and enable your use of our website to be analysed. The information collected in this way (e.g. IP address, geographical position, browser type, duration of the visit and pages accessed) is analysed by HubSpot on our behalf to generate reports on the visit and the pages visited. This helps us to continuously optimise our website and our marketing measures.

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given us this consent via the consent banner (cookie consent tool). You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing the corresponding options there.

Hubspot, Inc. with its registered office at 25 First Street, Cambridge, MA 02141, USA is a US company. Therefore, a transfer of data to the USA cannot be ruled out. Hubspot, Inc. is certified under the EU-US Data Privacy Framework and is therefore subject to the EU adequacy decision for the USA.

ff) LinkedIn Insight Tag

We use the services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website. The LinkedIn Insight Tag is an analysis and tracking tool that enables us to track user behaviour on our website and collect valuable information about the effectiveness of our marketing measures.

The LinkedIn Insight Tag uses cookies and tracking technologies that are stored on your device and enable us to analyse your use of our website. The information collected in this way (e.g. IP address, geographical location, browser type, duration of the visit and pages viewed) is analysed by LinkedIn on our behalf to generate reports on the visit and the pages visited. This helps us to continuously optimise our website and our marketing strategies.

LinkedIn is a US-American company. Therefore, a transfer of data to the USA cannot be ruled out. LinkedIn is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.

gg) Meta pixel

We use the meta pixel on our website, an analysis tool from Meta Platforms, Inc, 1601 Willow Road, Menlo Park, CA 94025, USA. Meta Pixel helps us to record and analyse user behaviour on our website in order to measure the effectiveness of our advertising campaigns and optimise our marketing strategies.

The meta pixel uses cookies and similar technologies that are stored on your end device. These technologies allow us to collect information about your visit to our website, such as the pages you have visited, the interactions you have made and other information about your device and browser.

The data collected by the meta pixel is used to create target groups for our advertising and to evaluate the results of our marketing measures. This allows us to display targeted adverts on Facebook and Instagram and adapt our campaigns accordingly.

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give by actively consenting to the cookie consent banner. You have the option to withdraw your consent at any time by adjusting the cookie settings.

Please note that a transfer of your data to Meta Platforms, Inc. in the USA cannot be ruled out. Meta is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.

hh) Legal basis and cancellation

The use of cookies or comparable technologies set by Google takes place with your consent on the basis of Section 25 (1) sentence 1 TDDDG. The legal basis for data processing in the context of the aforementioned Google services is your prior consent in accordance with Art. 6 para. 1 a) GDPR.

You can revoke your consent at any time with effect for the future by adjusting your preferences in our consent banner:

6. duration of data storage

We only store personal data for as long as is necessary for the purposes for which it is processed or for as long as you have withdrawn your consent.

We are also subject to various statutory retention and documentation obligations, including under the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Money Laundering Act (GwG). The retention and documentation periods specified there are up to ten years.

7. your rights as a data subject

a) Information

You can request information about all personal data that we have stored about you free of charge at any time.

b) Correction, deletion, restriction of processing (blocking), objection

If you no longer agree to the storage of your personal data or if it has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under applicable law). The same applies if we are only to process data to a limited extent in future. You have the right to object in particular in cases where your data is required for the performance of a task carried out in the public interest or where the data processing is based on our legitimate interest, as well as profiling based on this. You also have the right to object in the case of data processing for the purpose of direct advertising.

c) Right to withdraw consent with effect for the future

You can withdraw your consent at any time with effect for the future. Your revocation does not affect the legality of the processing up to the time of revocation.

d) Data portability

If data processing is carried out on the basis of a contract, pre-contractual negotiations, consent or with the aid of automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a commonly used, structured and machine-readable format so that you can transmit the data to another controller if you wish.

e) No automated decision-making

Data subjects are not subject to automated decision-making within the meaning of Art. 22 GDPR by the data controllers. If this should occur in individual cases, data subjects will be informed of this separately.

f) Restriction of processing

Data for which we are unable to identify the data subject, e.g. if it has been anonymised for analysis purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another company may be possible with regard to this data if you provide us with additional information that allows us to identify you.

g) Exercising your rights as a data subject and right to lodge a complaint

If you have any questions about the processing of your personal data, information, correction, blocking, objection or deletion of data or the wish to transfer the data to another company, please contact datenschutz@abs-factoring.com.

You also have the option of complaining to a supervisory authority about your rights as a data subject.