General data protection information

In this privacy policy, we, the Kineo Group, explain how we collect and process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions and similar documents may govern specific matters.

This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR") and the Swiss Data Protection Act ("DPA"). However, whether and to what extent these laws are applicable depends on the specific individual case.

The controller for the data processing on this website and the data processing described here is

For Switzerland:
Kineo Finance AG
Aeschengraben 20
CH-4051 Basel

For Germany:
Kineo Finance GmbH
(Managing Director: Dimitrios Dimitrakopoulos)
Ludwigstraße 8
D-80539 München

The controller decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).

Collection and processing of personal data

We process personal data that we receive from our interested parties, customers and business partners as part of our business relationship. We also process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. press, media, Internet, commercial register) or from other third parties (e.g. Creditreform) (e.g. for the execution of orders, for the fulfillment of orders).

If you contact us ( i.e. by e-mail), we will process your data to process your request and in the event that follow-up questions arise. If you contact or commission us, your name, address and contact details (telephone, e-mail address) will be collected and stored.

In addition, all information is collected that is necessary in the course of the prospective customer process and for the examination and fulfillment of a contract.

Access data when visiting the website

We, the website operator or site provider, collect data on access to the website on the basis of our legitimate interest (Art. 6 para. 1 f) GDPR) and store these as "server log files" on the website server or the server/web account of the statistics programs. The following data is logged and analyzed in this way

  • the browser type and version used (if transmitted by the user)
  • the operating system used
  • Date and time of access
  • the number of visits
  • the time spent on the website
  • source/reference from which you came to the page (if transmitted by the user)
  • the IP address of the user (is anonymized before it is saved).

Only anonymized IP addresses of visitors to the website are stored. It is not possible to establish a personal reference.

The server log files and backups are stored for a maximum of 14 days (backups in encrypted form) and then deleted (exception Apachelog: log files are not deleted). Data is stored for security reasons, e.g. to be able to investigate cases of misuse. If data must be retained for reasons of proof, it is exempt from deletion until the incident has been finally clarified.

Purpose of data processing and legal basis

We primarily use the personal data we collect to conclude and process our contracts with our customers and business partners. If the data processing is carried out for the implementation of pre-contractual measures that are carried out at your request or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 b) GDPR. We only process other personal data if you consent to this (Art. 6 para. 1 sentence 1 a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 para. 1 sentence 1 f) GDPR). A legitimate interest lies, for example, in responding to your email.

If you have given us your consent to process your personal data for specific purposes, we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require one. Consent that has been given can be withdrawn at any time, but this has no effect on data processing that has already taken place.

Disclosure of data to third parties

As part of our business activities and for the purposes described above, we also disclose data to third parties where permitted and where we deem it appropriate, particularly in connection with the processing of contractual relationships. This includes, in particular, the disclosure to service providers commissioned by us, such as our IT providers (so-called processors) or other third parties whose activities are necessary for the performance of the contract.

The use of our services makes it necessary for data to be transferred to other companies within the Kineo Group. Insofar as this transfer serves administrative purposes, the data is transferred on the basis of our legitimate business and economic interests or otherwise if it is necessary to fulfill our contractual obligations, your consent or other legal permission has been obtained.

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection law (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Duration of storage of personal data

We process and store your personal data for as long as is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as far as possible. Shorter retention periods generally apply to operational data (e.g. system protocols, logs).

Data security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse.

Rights of the data subject

You have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing, in particular for the purposes of direct marketing, profiling for direct advertising and other legitimate interests in processing, within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR).

Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or require it for the assertion of claims. If you incur costs, we will inform you in advance.

If you have given us your consent to process your personal data for specific purposes (for example, when you register to receive newsletters), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require one. Consent that has been given can be withdrawn at any time, but this has no effect on data processing that has already taken place.

Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.

ou can contact us at any time using the contact options listed in the legal notice if you have further questions on the subject of personal data.

Right to data portability

ou can request that we send you the personal data that you have provided to us in a structured, commonly used and machine-readable format. Alternatively, you can request the direct transfer of the personal data you have provided to us to another controller, insofar as this is possible.

Right to lodge a complaint with the competent supervisory authority

Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority.

The competent supervisory authority for data protection issues in Germany is the data protection officer of the federal state in which Kineo Finance GmbH has its registered office.

The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Amendments

We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.

16.09.2024