Data Protection

Data protection for website visitor

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data refers to any data that can personally identify you. Detailed information on data protection can be found in our privacy policy listed below this text.

Data Collection on our Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

How do we collect your data?

Your data is collected, in part, by you providing it to us. This can be, for example, data that you enter into a contact form.

Other data is automatically collected by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking, or deletion of this data. For this purpose, as well as for further questions regarding data protection, you can contact us at any time using the address provided in the imprint. Furthermore, you have a right to complain to the competent supervisory authority.

Analysis Tools and Third-Party Tools

When you visit our website, your surfing behavior can be statistically evaluated. This is mainly done using cookies and analytics programs. The analysis of your surfing behavior is usually anonymous; your surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you about the objection options in this privacy policy.

2. General information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the Internet (e.g., communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

Responsible Party

The responsible party for data processing on this website is:

A.B.S. Global Factoring AG
Mainzer Straße 97
65189 Wiesbaden
Phone: +49 (611) 977 10 0
Email: info@abs-ag.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. An informal email to us is sufficient for revocation. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to file complaints with the competent supervisory authority

In the case of data protection violations, the data subject has the right to file a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: www.bfdi.bund.de

Right to data portability

You have the right to have data that we process based on your consent or in fulfillment of a contract automatically handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done if it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from ”http://” to ”https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, Blocking, Deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking, or deletion of this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.

Objection to advertising emails

The use of contact data published within the framework of the imprint obligation for sending unsolicited advertising and information materials is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

3. Data Protection Officer

We have appointed a data protection officer for our company.

Postal address:

ATT: Data Protection Officer
A.B.S. Global Factoring AG
Mainzer Str. 97
65189 Wiesbaden

Email: datenschutz@abs-ag.com

4. Data Collection on our Website

Cookies

The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called ”session cookies.” They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Cookies that are necessary for the electronic communication process or for the provision of certain functions you request (e.g., shopping cart function) are stored based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If other cookies (e.g., cookies for analyzing your browsing behavior) are stored, they will be treated separately in this privacy policy.

Server-Log-Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6(1)(f) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.

Contact form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of the data entered into the contact form is, therefore, exclusively based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. An informal email to us is sufficient. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation.

The data you enter into the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Inquiry by email, phone, or fax

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6(1)(a) GDPR) and/or on our legitimate interests (Art. 6(1)(f) GDPR), as we have a legitimate interest in the effective processing of inquiries addressed to us.

The data you send to us via contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

5. Analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (”Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called ”cookies.” These are text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Browser Plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google’s privacy policy

Contract data processing

We have entered into a contract data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

6. Plugins und Tools

IDnow

If you submit an offer to conclude a customer contract through our website, we collect the following data:

  • Company and address data of your company or business
  • Salutation, first name, last name, and contact details (email address, phone number) of the person authorized to sign the contract on behalf of the contracting party
  • Information about the content of the offer

For the identification of the person mentioned above, we use the IDnow procedure. In this process, the camera of the respective end device is used so that you can be recorded via video chat or by taking a photo together with an identification document. The document is viewed over the video connection, and a photo is stored. In addition, an acoustic recording takes place during the conversation. The completion of the identification process is done by entering an SMS transaction number (TAN).

We have commissioned IDnow GmbH for the collection and processing of data for identification purposes. Compliance with data protection regulations has been contractually ensured, and the contract complies with the requirements of Article 28 of the GDPR. The data collected in this way is provided exclusively to us.

Further information about the IDnow procedure will be automatically provided to you during the execution of the process.

The processing of personal data in the IDnow procedure is based on justification under Article 6(1)(f) of the GDPR. Fulfilling identification obligations under the Money Laundering Act within this simplified procedure serves the customer-oriented implementation of legal requirements and is necessary as more complex procedures are no longer reasonable in the context of advancing digital developments. This enables us to keep our offer attractive to you.

Transactional emails through Mailjet

We also initiate the sending of non-promotional emails directly related to the use of our service (e.g., during registration, password reset, etc.). For this, we use the Mailjet product, a service for managing email addresses. The provider is Mailjet SAS (Global HQ), 13-13 bis, rue de l’Aubrac, 75012 Paris, FRANCE. For the processing of transactional emails, the provider has access to the content of the transactional emails, including personal data such as customer names, customer email addresses, customer addresses, supplier names, supplier email addresses, supplier addresses, credit limit, invoice number, invoice amount, etc.

Compliance with data protection regulations has been contractually ensured, and the contract complies with the requirements of Article 28 of the GDPR. The associated processing of personal data is justified under Article 6(1)(f) of the GDPR. The use of transactional emails is essential for the contemporary processing of the quickpaid contractual relationship, as more complex procedures are outdated and no longer reasonable for you. For more information on data protection in connection with Mailjet, please visit: https://www.mailjet.de/privacy-policy/.

Automated processing of invoices by Insiders Smart Invoice

Within the processing of quickpaid contracts, we use the product ”smart INVOICE.” The provider is Insiders Technologies GmbH, Brüsseler Straße 1, 67657 Kaiserslautern. The product is used for the automated processing of invoice receipts by extracting invoice recipient and creditor data. The provider has access to all invoice data, including personal data such as customer name, customer address, possibly email address, supplier name, supplier address, possibly email address, customer number with the supplier, VAT ID of the supplier, and the supplier’s bank details.

Compliance with data protection regulations has been contractually ensured, and the contract complies with the requirements of Article 28 of the GDPR.

The processing of personal data associated with the use of the mentioned product is justified under Article 6(1)(f) of the GDPR. The use of automated invoice processing is essential for the contemporary processing of the quickpaid contractual relationship, as more complex procedures are outdated, more error-prone, and no longer reasonable for you. This allows us to keep our offer attractive to you.

For more information on data protection in connection with ”smart INVOICE,” please visit: https://www.insiders-technologies.de/home/privacy-policy.html.

7. Creditreform Information according to Article 14 of the EU General Data Protection Regulation (EU GDPR)

Creditreform is one of the leading credit protection organizations in the Federal Republic. To fulfill our tasks, we maintain a business database that stores data on almost all German companies as well as individuals participating in economic life.

Our customers include both domestic and foreign credit institutions, leasing companies, insurance companies, telecommunications companies, debt collection companies, mail-order, wholesale, and retail companies, as well as other companies that deliver goods or services on invoice. Within the legal framework, a part of the data available in the business database is also used for supplying other company databases and producing corresponding data carriers.

In our database, information is stored, particularly about the name, company name, address, marital status, professional activity, financial circumstances, any liabilities, and notes on payment behavior. The purpose of processing the stored data is to provide information about the creditworthiness of the requested person/company, including other credit-relevant information. The legal basis for processing is Article 6(1)(f) of the EU GDPR. Information about this data may only be provided if a customer credibly demonstrates a legitimate interest in knowing this information. If data is transmitted to countries outside the EU, this is done based on the so-called standard contract clauses, which you can view or request at the following link: eur-lex.europa.eu

According to Article 14 of the EU GDPR, we hereby inform you that data of the described type has been transmitted to your person/company for the first time.

Any inquiries should be addressed in writing to;

Creditreform Wiesbaden Hoffmann & Nikbakht KG
Adolfsallee 34, D-65185 Wiesbaden
Phone: 0611-991950
Email info@wiesbaden.creditreform.de

You can reach our data protection officer by email at: datenschutz@wiesbaden.creditreform.de

The data will be stored as long as their knowledge is necessary for the fulfillment of the purpose of storage. Knowledge is usually necessary for a storage period of initially four years. After expiration, it will be checked whether storage is still necessary; otherwise, the data will be deleted precisely on the day. In the case of resolving an issue, the data will be deleted precisely three years after resolution. Entries in the debtor register are deleted precisely three years after the day of the entry order, according to § 882e ZPO. Further details can be found in the ”Code of Conduct for the Examination and Deletion Periods of Personal Data by German Credit Reporting Agencies,” established by the association ”Die Wirtschaftsauskunfteien e.V.”

Legitimate interests within the meaning of Article 6(1)(f) of the EU GDPR may include: credit decisions, business initiation, participation relationships, claims, credit checks, insurance contracts, overdue claims, enforcement information.

You have the right to information about the data stored about you. If the data stored about you is incorrect, you have the right to correction or deletion. If it cannot be immediately determined whether the data is incorrect or correct, you have the right to block the respective data until clarification. If your data is incomplete, you have the right to complete the data.

Data protection of customers

The following privacy policy provides an overview of the collection and processing of customer data based on applicable data protection laws, especially Article 13, 14, 21 of the General Data Protection Regulation (GDPR). The subsequent order processing serves to implement the requirements of Article 28 GDPR. The following information about Creditreform’s data processing is provided for information purposes only. Overall, this provides an overview of the processing of personal data by us and the rights of customers and prospects under data protection law. The specific data processed and the manner of use depend significantly on the requested or agreed-upon services.

A. Privacy Policy for Customers

1. Who is responsible for data processing, and who can I contact?

The controller is:

A.B.S. Global Factoring AG (auch A.B.S.), Mainzer Straße 97, 65189 Wiesbaden
Phone:+49-611-977100; Fax:+49-611-97710250, Email: info@abs-ag.com

The data protection officer can be reached at:

Data Protection Officer
A.B.S. Global Factoring AG
Mainzer Str. 97
65189 Wiesbaden

and directly via email at:

datenschutz@abs-ag.com

2. What sources and data do we use?

We process personal data obtained from our customers in the course of our business relationship. Additionally, we process personal data obtained from publicly accessible sources (e.g., debtor directories, land registers, commercial and association registers, press, internet) to the extent permitted and as necessary for the provision of our services. Relevant personal data includes personal details (e.g., name, address, and other contact details, date and place of birth, and nationality), identification data (e.g., ID data), and authentication data (e.g., signature samples). It may also include order data (e.g., payment orders), data from the fulfillment of our contractual obligations, information about the financial situation (e.g., creditworthiness data, scoring/rating data, origin of assets), advertising and sales data, documentation data, and other data comparable to the mentioned categories.

3. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG):

3.1 To fulfill contractual obligations (Art. 6(1)(b) GDPR)

3.1 To fulfill contractual obligations (Art. 6(1)(b) GDPR)

Data processing is carried out to provide financial services within the framework of our contracts with customers or to carry out pre-contractual measures initiated at the request of the customer. The purposes of data processing primarily depend on the specific product (e.g., factoring) and may include needs analysis, advice, and transaction execution. Further details on the purposes of data processing can be found in the relevant contractual documents and terms and conditions.

3.2 In the context of balancing interests (Art. 6(1)(f) GDPR)

Where necessary, we process personal data beyond the actual performance of the contract to safeguard our legitimate interests or those of third parties. Examples include:

  • Consultation and data exchange with credit agencies (e.g., Creditreform) to determine credit or default risks in financial transactions and the need for protection against attachment or basic accounts.
  • Examination and optimization of procedures for needs analysis for direct customer contact
  • Advertising or market and opinion research, newsletter dispatch, unless the use of personal data has been objected to
  • Assertion of legal claims and defense in legal disputes
  • Ensuring IT security and operation of the company’s
  • IT Prevention and investigation of crimes
  • Video surveillance to enforce property rights, collect evidence in the case of robberies and fraud, or for proof of transactions
  • Measures for building and plant security (e.g., access controls)
  • Measures to ensure property rights
  • Measures for business control and the development of services and products
  • Risk management in the A.B.S. Global Factoring corporate group

3.3 Based on consent (Art. 6(1)(a) GDPR)

If we have obtained consent for the processing of personal data for specific purposes (e.g., data sharing within the group), the legality of such processing is based on this consent. Consent can be revoked at any time. This also applies to the revocation of declarations of consent made before the GDPR came into effect on May 25, 2018. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation.

3.4 Due to legal requirements (Art. 6(1)(c) GDPR) or in the public interest (Art. 6(1)(e) GDPR)

We are also subject to various legal obligations, i.e., statutory requirements (e.g., Banking Act, Money Laundering Act, tax laws) as well as banking supervisory requirements (e.g., European Central Bank, European Banking Authority, German Federal Bank, and Federal Financial Supervisory Authority). The purposes of processing include, among other things, creditworthiness checks, identity and age verification, fraud and money laundering prevention, compliance with tax control and reporting obligations, and the assessment and management of risks in the A.B.S. Global Factoring corporate group.

4. Who receives personal customer data?

Within the A.B.S. Global Factoring corporate group, only those departments or entities that need customer data to fulfill our contractual and legal obligations have access to it. Service providers and vicarious agents used by us may also receive data for these purposes, provided they maintain confidentiality. These may include companies in the categories of credit services, IT services, logistics, printing services, telecommunications, debt collection, consulting, and marketing and sales. Regarding the disclosure of data to recipients outside our corporate group, it should be noted that we are obligated to maintain confidentiality regarding all customer-related facts and assessments we are aware of. Information about customers may only be disclosed if legal provisions require it, the customer has given consent, or we are authorized to provide a banking reference. Under these conditions, recipients of personal data may include:

  • Public authorities and institutions (e.g., German Federal Bank, Federal Financial Supervisory Authority, European Banking Authority, European Central Bank, tax authorities, law enforcement authorities) if there is a legal or regulatory obligation
  • Other credit and financial institutions or similar institutions to which we transmit personal data for the purpose of conducting the business relationship with you (depending on the contract, e.g., banks, credit agencies)
  • Other companies in the A.B.S. Global Factoring corporate group for risk management due to legal or regulatory obligations

Other data recipients may be those entities for which consent has been granted for data transfer or for which we have been exempted from the obligation of confidentiality according to an agreement or consent.

Furthermore, data may be disclosed to third parties to assert or defend legal claims, including against contractual partners, or for the purpose of analyzing and improving our offering and maintaining its attractiveness (e.g., maintaining customer lists, analyzing databases, advertising measures, developing modern technical solutions such as our customer portal), provided there is no reason to believe that you have an overriding legitimate interest in not disclosing your data (Article 6(1)(f) GDPR).

5. Are data transferred to a third country or to an international organization?

Data transfer to entities in countries outside the European Union/EEA (so-called third countries) occurs if necessary for the execution of customer orders, required by law (e.g., tax reporting obligations), consent has been given, or if we have a legitimate overriding interest in this regard. Furthermore, data transfer to entities in third countries is envisaged in the following cases:

The A.B.S. Global Factoring corporate group has outsourced data center services (especially technical support and remote maintenance) to other companies. In individual cases, this may involve access to customer data while complying with EU data protection requirements.

The data processing is also carried out in accordance with EU data protection requirements. Information about suitable or appropriate safeguards and the possibility to obtain a copy of them, or where they are available, can be requested from the data protection officer.

6. How long will personal data be stored?

We process and store personal data as long as necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is an ongoing obligation lasting for years. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be regularly deleted, unless its temporary further processing is necessary for the following purposes: Fulfillment of commercial and tax retention obligations: These include the Commercial Code (HGB), the Fiscal Code (AO), the Banking Act (KWG), and the Money Laundering Act (GwG). The specified periods for storage or documentation are two to ten years.

Preservation of evidence within the framework of statutory limitation provisions. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can last up to 30 years, with the regular limitation period being three years.

7. What data protection rights exist?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to data portability under Article 20 GDPR, and the right to object under Article 21 GDPR. Restrictions apply to the right to information and the right to erasure under §§ 34 and 35 BDSG.

Furthermore, there is a right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG). Consent to the processing of personal data can be revoked at any time under Article 7(3) GDPR. This also applies to the revocation of consent declarations made before the GDPR came into effect on May 25, 2018. The revocation of consent only takes effect for the future. Processing carried out before the revocation is not affected.

8. Is there an obligation to provide data?

In the course of our business relationship, customers must provide personal data necessary for the establishment and implementation of a business relationship and the fulfillment of related contractual obligations or which we are legally obligated to collect. Without this data, we will generally not be able to conclude or execute the contract. In particular, we are obligated under anti-money laundering regulations to identify natural persons acting on behalf of the customer before establishing the business relationship based on their identification document, collecting and recording their name, place of birth, date of birth, nationality, address, and ID data. To comply with this legal obligation, the customer must provide us with the necessary information and documents under the Money Laundering Act and promptly notify us of any changes that occur during the business relationship. If the customer does not provide us with the necessary information and documents, we are not allowed to establish or continue the business relationship requested by the customer.

9. To what extent is there automated decision-making?

To establish and conduct the business relationship, we generally do not use fully automated decision-making processes according to Article 22 GDPR. If we use such procedures in individual cases, we will inform our customers separately, if required by law.

10. Does profiling take place?

We partially process personal data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling, for example, in the following cases:

  • Due to legal and regulatory requirements, we are obligated to combat money laundering, terrorism financing, and asset-endangering crimes. Data evaluations (including in payment transactions) are also carried out. These measures also serve to protect the customer.
  • To inform and advise the customer about products in a targeted manner, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
  • In the assessment of your creditworthiness, we use scoring. This calculates the probability with which a customer will fulfill their payment obligations under the contract. Factors such as income, expenses, existing liabilities, profession, employer, length of employment, experiences from the previous business relationship, timely repayment of previous loans, and information from credit reporting agencies may be included in the calculation. Scoring is based on a mathematically-statistically recognized and proven procedure. The calculated score values support us in decision-making in the context of product completions and are included in ongoing risk management.

11. Information about the right to object under Article 21 GDPR

a) Right to object on a case-by-case basis

The data subject has the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing based on a balance of interests), including profiling based on these provisions.

If an objection is raised, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or if the processing serves the assertion, exercise, or defense of legal claims.

b) Right to object to the processing of data for direct marketing purposes

In individual cases, we process personal data for direct marketing purposes. The data subject has the right to object at any time to the processing of personal data concerning them for the purpose of such advertising, including profiling insofar as it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, we will no longer process their personal data for these purposes. The objection can be made informally and should be addressed to:

A.B.S. Global Factoring AG (auch A.B.S.), Mainzer Straße 97, 65189 Wiesbaden
Phone: +49-611-977100; Fax: +49-611-97710250, Email: info@abs-ag.com

B. Agreement on Order Processing according to Art. 28 GDPR

In cases where we, the

A.B.S. Global Factoring AG (also A.B.S.), Mainzer Straße 97, 65189 Wiesbaden
Phone: +49-611-977100; Fax: +49-611-97710250, Email: info@abs-ag.com

act as a data processor within the meaning of Art. 28 GDPR on behalf of the customer, the following agreements apply in addition to the above-mentioned data protection statement as the data controller:

1. Data Controller and Data Processor

If there is order processing, the customer remains the data controller within the meaning of Art. 4 No. 7 GDPR. In this case, we are the data processor within the meaning of Art. 28 GDPR. The following regulations specify the mutual data protection obligations and apply to all activities related to the main contract where we, our employees, or third parties commissioned by us may come into contact with personal data of the customer.

2. Subject Matter of the Order and Order Contents

We process personal data on behalf of the customer. Within the framework of the contract, the customer is solely responsible for compliance with legal provisions of data protection laws, especially for the legality of data transfer to us and for the legality of data processing. The customer is also responsible for respecting the rights of data subjects. We may only collect, process, or use data within the scope of the order and the customer’s instructions. We use the data for no other purpose and are not authorized to disclose data, which is the subject of the order, to third parties unless otherwise specified in this agreement.

The subject of the order is the receivables management of claims within the scope of an ongoing factoring or accounts receivable management relationship. Types and categories of affected data are debtor, receivable, and invoice data provided by the customer. Data subjects are the customers’ debtors.

3. Customer’s Authority to Issue Instructions

Data processing takes place exclusively within the framework of the agreements made here and according to the customer’s instructions. Changes regarding the subject matter and processing procedures require mutual agreement. Immediate notification by us is required if we believe that the customer’s instructions violate data protection regulations.

The customer issues all instructions to us in writing. Oral instructions must be promptly confirmed in writing. The written confirmation of oral instructions should be stored with the agreement in such a way that all relevant regulations are available at all times. Authorized persons of the customer for issuing instructions are the authorized signatories unless other persons have been communicated to us.

4. Customer’s Responsibility

The customer is solely responsible for assessing the permissibility of data collection, data processing, data usage, and for safeguarding the rights of data subjects.

The customer promptly and fully informs us if errors or irregularities regarding data protection regulations are discovered during the examination of the order results. The customer is responsible for the information obligations resulting from Art. 34 GDPR.

The customer defines measures for the return of provided data carriers and/or deletion of stored data after the completion of the order.

If additional costs arise after contract termination due to the issuance or deletion of data, unless already regulated in the main contract, or if the customer issues individual instructions beyond the contractually agreed scope of services, the customer bears the resulting costs.

5. Technical and Organizational Measures

We comprehensively document the implementation of the agreed technical and organizational measures before executing the order and provide them to the customer upon request for review.

Upon request by the customer, we provide the necessary information for the overview according to Art. 30 GDPR (record of processing activities) and provide information on organizational control, access control, access control, access control, disclosure control, order control, availability control, the separation requirement, as well as types of data exchange, data provision, nature and circumstances of data processing, data retention, and data transmission to third parties.

We ensure that employees involved in processing the customer’s data are obligated according to Art. 29 GDPR (data secrecy) and have been instructed in the protection regulations of the GDPR and the BDSG. The obligation of data secrecy continues even after the end of the activity. We undertake to hand over copies of the employee’s commitment declarations to the customer upon request.

We promptly inform the customer of serious disruptions to operations, suspected data protection breaches, or other irregularities in the processing of the customer’s data. The customer may have reporting obligations according to Art. 33 GDPR, which requires reporting to the supervisory authority within 72 hours of becoming aware. We will assist the customer with such reporting obligations.

We carefully store provided data carriers so that they are not accessible to third parties. We are obliged to provide the customer with information at any time, insofar as his data and documents are affected. The data protection-compliant destruction of test and reject material is carried out based on individual instructions from the customer. In specific cases determined by the customer, storage is done by us or the transfer to the customer.

If the customer is obliged to provide information to an individual regarding the collection, processing, or use of that person’s data, we will assist him in providing this information, provided he has requested us to do so in writing and reimburses us for the costs incurred by this support.

6. Subcontracting Relationships

The assignment of subcontracting relationships by us is permissible in accordance with Art. 28 (4) GDPR. If we commission third parties, we are responsible for transferring the obligations from this contract to the third party. We ensure that the confidentiality, data protection, and data security requirements correspond to those of this agreement. We confirm this upon the customer’s request.

7. Customer’s Control Rights

The customer has the right to conduct an audit of the order. They are entitled to check compliance with the agreement in announced random audits. The customer can regularly assure themselves of the data protection conformity of our technical and organizational measures during the term of the contract. For this purpose, they can request self-disclosures from us and document the results. We are obliged to provide all information necessary for an audit promptly upon written request by the customer, with a notice period of at least one week. The customer is obliged to treat all knowledge gained about our business secrets and data security measures confidentially within the framework of the contractual relationship.

8. Notification of Violations by Us

We are obliged to promptly and comprehensively report to the customer if there have been or become known violations of data protection by us or a person employed by us.

We are aware that the customer may have a reporting obligation according to Art. 33 GDPR, which requires reporting to the supervisory authority within 72 hours of becoming aware. We will assist the customer with such reporting obligations.

9. Correction, Blocking, Deletion of Data

We may only correct, delete, or block data to the extent that it corresponds to the customer’s instructions. If a data subject applies for correction, deletion, or blocking of data directly to us, we will immediately inform the customer about the request. After completing the order, we will immediately return all data carriers provided by the customer, which were the subject of the order. Results produced, backup copies, and other data sets and records related to the order are to be securely deleted or destroyed, unless there is a legal obligation for further storage or processing by us. A corresponding protocol is to be handed over to the customer.

10. Liability

We are liable to the customer for damages caused by us, our employees, or persons commissioned by us in the provision of the contractual service. The customer is responsible towards the data subject for the compensation of damages suffered by a data subject due to an unlawful or incorrect data processing within the framework of the order relationship. If the customer is obligated to pay damages to the data subject, he retains the right to recourse against us.

11. Obligation of Confidentiality

We are only obliged to obtain knowledge of third-party secrets to the extent necessary for the fulfillment of the contract. We are obliged to maintain confidentiality, even after the termination of the order. This obligation applies to everything that becomes known to us in the course of the order. This does not apply to facts that are obvious or do not require confidentiality in their significance. We obligate our employees, subcontractors, and other persons involved in fulfilling this agreement to confidentiality in writing. We provide the customer with copies of these confidentiality obligations.

12. Final Provisions

If the customer’s data is endangered by us through seizure or confiscation, through insolvency or comparison proceedings, or through other events or measures by third parties, we will inform the customer immediately. Furthermore, we will promptly inform all those responsible in this context that the sovereignty and ownership of the data lie exclusively with the customer.

The plea of retention in accordance with § 273 BGB is excluded with regard to processed data and associated data carriers.

C. Information about Data Processing by Creditreform

Creditreform Information according to Article 14 of the EU General Data Protection Regulation (EU-GDPR)

Creditreform is one of the leading credit protection organizations in the Federal Republic. To fulfill our tasks, we maintain an economic database in which data about almost all German companies as well as individuals participating in economic activities are stored.

Our customers include both domestic and foreign credit institutions, leasing companies, insurance companies, telecommunications companies, debt management companies, shipping, wholesale, and retail companies, as well as other companies that deliver or provide goods or services on invoice. Within the legal provisions, part of the data in the economic database is also used for supplying other company databases and creating corresponding data carriers.

Our database stores information, in particular, about the name, business name, address, marital status, professional activity, financial situation, any liabilities, and indications of payment behavior. The purpose of processing the stored data is to provide information about the creditworthiness of the requested individual/company, including other credit-relevant information. The legal basis for processing is Article 6(1)(f) of the EU-GDPR. Information about this data may only be provided if a customer credibly demonstrates a legitimate interest in knowing this information. If data is transmitted to countries outside the EU, this is done based on the so-called standard contractual clauses, which you can view or request at the following link: eur-lex.europa.eu

According to Article 14 of the EU-GDPR, we hereby inform you that data of the described type about your person/company has been transmitted for the first time.

Any inquiries are requested to be made in writing to;

Creditreform Wiesbaden Hoffmann & Nikbakht KG
Adolfsallee 34, D-65185 Wiesbaden
Phone: 0611-991950, Fax 0611-9919536, Email info@wiesbaden.creditreform.de

You can reach our data protection officer via Email: datenschutz@wiesbaden.creditreform.de

The data will be stored as long as its knowledge is necessary for the fulfillment of the purpose of storage. Knowledge is usually necessary for a storage period of initially four years. After expiration, it is checked whether storage is still necessary; otherwise, the data is deleted to the day. In the case of settling a matter, the data is deleted exactly three years after completion. Entries in the debtor register are deleted exactly three years after the day of the entry order according to § 882e ZPO. Further details can be found in the ”Code of Conduct for Inspection and Deletion Deadlines for Personal Data by German Credit Reporting Agencies,” established by the association ”Die Wirtschaftsauskunfteien e.V.”

Legitimate interests within the meaning of Article 6(1)(f) of the EU-GDPR may include: credit decisions, business initiation, participation relationships, claims, credit checks, insurance contracts, overdue claims, enforcement information.

You have the right to information about the data stored about you by us. If the data stored about you should be incorrect, you have the right to correction or deletion. If it cannot be immediately determined whether the data is incorrect or correct, you have the right to block the respective data until clarification. If your data is incomplete, you have the right to completion of the data.

If you have given your consent to the processing of the data stored by us, you have the right to revoke this consent at any time. The revocation does not affect the lawfulness of the processing of your data based on your consent until any revocation.

You can complain about the processing of data by us to the data protection authority responsible for your federal state.

The data we have stored about your person/company comes from publicly accessible sources such as public registers, the internet, the press, and other media, as well as from the transmission of data about open claims.

Right to Object:

The processing of the data stored with us takes place for compelling legitimate reasons of creditor and credit protection, which regularly outweigh your interests, rights, and freedoms, or serves the assertion, exercise, or defense of legal claims. Only in cases arising from a special situation present with you and which must be proven, can you object to the processing of your data. If such special reasons are proven to exist, the data will no longer be processed.