KWS Kontowechsel Service GmbH (“KWS”), Olympiastrasse 1, 26419 Schortens, recorded in the commercial register of the district court of Oldenburg under number HRB 207246, offers customers support in switching an account (“Account Switching Service”) from another bank (“Transferring Bank”) to a new bank (“New Bank”). It is very important for KWS that all personal data of customers and/or third parties is protected and treated confidentially. With this declaration, the customer using the Account Switching Service is informed of which personal data is processed and for which purpose when using the Account Switching Service.
The responsible body pursuant to the General Data Protection Regulation and other data protection laws of the member states and other statutory data protection provisions is:
KWS Kontowechsel Service GmbH
Olympiastrasse 1
26419 Schortens
Germany
Phone: +49 (0) 4421 999 777
E-Mail: service@accounttransferservice.com
Web-address: switchagent.eu
For all questions and as a contact person on the subject of data protection, the data protection officer is available to customers at all times. His contact details are:
KWS Kontowechsel Service GmbH
Olympiastraße 1
26419 Schortens
Germany
E-Mail: datenschutz.gee@majorel.com
As part of the Account Switching Service, KWS processes the following personal data in particular:
(a) Master data: forename, surname, address, date of birth, email address and account data (name of bank, IBAN) and the master data of the second account holder if it is a joint account This data is usually erased after 365 days at the latest.
(b) Online account login data: customer account number and PIN for their previous online account at the Transferring Bank through which the customer can see the account to be transferred. This data is never saved but is immediately erased after processing.
(c) Movement data for the past 12 months or movement data for the period provided by the Transferring Bank if the PSD2 request (standardised interface for requesting account information in the EU) is used by the Transferring Bank: name of the payment partner, creditor ID, last posting date, last mandate reference, last intended use, any amount paid. This data is saved in anonymised form and processed to improve the service in accordance with appropriate data protection.
(d) Informed payment partner: name of the payment partner, address, reference number. This data is saved in anonymised form and processed to improve the service in accordance with appropriate data protection.
(e) Electronic signature for automatic payment partner notifications: Unless KWS has received written consent for account switching assistance, the customer has the option of signing an additional authorisation digitally (using a mouse, smartphone, tablet, or similar) after selecting and confirming the payment partners to be notified. This increases the acceptance of the payment partners. The signature is usually deleted after 365 days at the latest.
(f) Request changeover status: if the customer has informed a payment partner, a PSD2 request may be issued with the aim of requesting the changeover status from the payment partner concerned. To do this, the customer’s login data (account number and PIN) with the Transferring Bank is processed. This data is never saved but is immediately erased after processing.
(g) Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Such data may, for example, appear in the purpose of use in connection with transfers to political parties, trade unions or certain associations.
Using the Account Switching Service is voluntary. The customer is not obliged to use this service or enter the required data, in particular entering their login data to their online account with the Transferring Bank. KWS shall never contact the customer for advertising purposes and shall also not forward data to third parties for this purpose.
Article 6(1)(a) GDPR serves as the legal basis insofar as KWS obtains consent from the data subject to process personal data.
Customers must explicitly consent to the processing of special categories of personal data in order for these to be processed by KWS for the purpose of changing accounts. The legal basis is then also Art. 6 (1) (a) GDPR. Since it is not technically possible to exclude transfers relating to special personal data, consent in this regard is required in order to use the service.
When processing the customer’s personal data that is required to complete the Account Switching Service, Article 6(1)(b) GDPR shall serve as the legal basis. This also applies for processing required to execute precontractual measures.
If processing personal data is required to fulfil a legal obligation of KWS, Article 6(1)(c) GDPR shall serve as the legal basis. If processing is required to ensure a legitimate interest of KWS or a third party and the interests, fundamental rights and freedoms of the customer do not outweigh the first-mentioned interest, Article 6(1)(f) GDPR shall serve as the legal basis for data processing.
The customer’s personal data shall be sent to the authorities and public bodies if there are statutory obligations of disclosure, for example tax law regulations. The legal basis for the disclosure is then Art. 6 (1) sentence 1 (c) GDPR.
In addition, KWS sometimes works with sub processors. KWS shall send them the data as part of statutory data protection regulations insofar as required for the sub processor. The legal basis for the transfer in this case is Art. 6 (1) sentence 1 (b) or (f) GDPR.
The Transferring Bank from which the account is to be transferred shall be informed by KWS of the data. Deutsche Post AG (post) and finAPI, experian, truelayer (PSD2 interface provider) and retarus (telefax), all with registered office in Germany, are used for this purpose. The legal basis for the transfer in this case is Art. 6 (1) sentence 1 (b) or (f) GDPR.
KWS uses external service providers as sub processors to handle its business transactions. They only act on instructions and are contractually obliged to comply with the provisions of data protection law within the meaning of Article 28 of the GDPR.
As part of the Account Switching Service, KWS exclusively processes the customer’s personal data for the purpose of facilitating the customer’s account switching by informing their previous payment partners of the account switching.
Special categories of personal data is also used by KWS exclusively to inform the desired payment partner.
In addition, payment partner data (e.g. name of the payment partner and whether a credit or direct debit is concerned) is saved in anonymised form and processed for analysis purposes and to optimise the service.
Data processing under provision 2 of this data protection declaration shall only take place is there is a legal basis to do so under provision 3 of this data protection declaration.
Should the customer tick the box in the KWS interface (“I hereby consent to KWS processing my personal data within the context of the Account Switching Service and as determined in more detail in the data protection declaration”), the customer grants KWS consent to the required data processing illustrated here.
In order to improve our services, KWS uses cookies and comparable technologies (e.g. web beacons) for statistical recording and analysis of general user behaviour based on access data. KWS will process this data, in particular in order to evaluate the use of the Account Switching Service, create reports about our customers’ activities and render other services associated with the Account Switching Service.
Cookies are text files saved in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be saved on the user’s operating system. This cookie contains a string of characters that allow for the browser to be clearly identified if the website is visited again. The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.
We offer customers the option of registering for the Account Switching Service by entering their personal data. The data is entered in an input mask, sent to us and saved. The data is not forwarded to third parties. The following data is collected during the registration process:
1) The IP address of the customer
2) Date and time of registration
3) IBAN for the old and new bank account
4) Name, Date of birth, Address, E-Mail address
The legal basis for data processing is Article 6(1)(a) GDPR if there is user consent or Article 6(1)(b) GDPR if the data is required to fulfil the contract.
The data is erased as soon as it is no longer required to achieve the objective of its collection. This is the case for data collected during the registration process if the registration is cancelled on our website or amended or if the data is no longer required to execute the agreement.
The customer may terminate registration at any time. The data saved relating to the customer may be amended by the customer at any time.
A contact form is available on our website which can be used to contact us electronically. If a customer uses this option, the data entered in the input mask is sent to us and saved. This data is:
1) Name
2) Email address
The following data is also saved at the time of sending the message:
1) The IP address of the user
2) Date and time of registration
Alternatively, customers may contact us at the email address provided. In this case, the customer’s personal data sent with the email is saved.
The data is not forwarded to third parties in this context. The data is only used for processing the conversation.
The legal basis for the processing of data sent in an email is Article 6(1)(f) GDPR. If the purpose of making contact by email is to enter into an agreement, the additional legal basis for processing is Article 6(1)(b) GDPR.
Processing personal data from the input mask only helps us to process the contact request. If contact is made by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed in the sending process help us to prevent misuse of the contact form and ensure the security of our information technology systems.
The data is erased as soon as it is no longer required to achieve the objective of its collection. This is the case for personal data from the contact form input mask and personal data sent by email if the conversation with the customer has ended. A conversation has ended if it can be determined from the facts that the issue has been definitively cleared up.
The user may revoke their consent to the processing of personal data at any time. Should the user make contact with us by email, they may object to the saving of their personal data at any time. In such instances the conversation cannot be continued.
All personal data saved as part of making contact is erased in this instance.
The customer’s personal data is erased as soon as the purpose for the saving no longer applies. It may also be saved if this has been stipulated by European or German legislators in orders, laws or other regulations under union law to which KWS is subject. Data is also blocked or erased if the storage period prescribed by the aforementioned regulations has expired unless there is a need to continue to save the data to enter into an agreement or fulfil the agreement.
KWS shall only, generally, save personal data for as long as required to fulfil contractual or statutory obligations unless there are contrary statutory storage obligations such as based on the German Commercial Code (Handelsgesetzbuch), the German Tax Code (Abgabenordnung), the German Banking Act (Kreditwesengesetz) and/or the German Anti-Money Laundering Act (Geldwäschegesetz). The specified storage retention periods are between two and ten years.
KWS uses appropriate technical and organisational measures in order to protect the data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TLS encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and impact) for the data subject.
KWS will provide more detailed information on request. Customers may contact the data protection officer for this purpose.
KWS does not intend to use collected personal data for an automated decision-making process (including profiling).
The customer is entitled at any time to request information about the processing of their personal data by KWS. KWS shall explain data processing to the customer within the context of issuing this information and provide them with an overview of the data concerning them that has been saved. If data saved at KWS is incorrect or no longer applies, the customer is entitled to have this data corrected. The customer may also request that their data be erased. Should the erasure not be possible, as an exception, due to other legal regulations, the data shall be blocked, meaning that it will not be available for this statutory purpose. The customer may also ensure the processing of their data is restricted, for example if the customer believes the data saved by KWS is not correct. The customer shall also be entitled to a right of data portability, i.e. that KWS shall also send them a digital copy of the personal data they provided
The customer may contact the aforementioned contact information at any time in order to assert the rights described here. This also applies if the customer would like to obtain copies of guarantees as evidence of an adequate level of data protection.
In addition, there is also the right to object to data processing based on Article 6(1)(e) or (f) GDPR. Furthermore, there is the right to complain to the data protection supervisory authorities responsible for KWS. This right may only be asserted in respect of a supervisory authority in the member state of the residence of the customer, the workplace of the customer or the place of the alleged breach.
The customer is entitled to revoke the consent once granted at any time pursuant to Article 7(3) GDPR. This means that KWS may not continue to process the data on which this consent is based in future. Such revocation of consent will not affect the lawfulness of processing carried out based on such consent until it is revoked.
If KWS has processed customer data based on legitimate interests pursuant to Article 6(1)(f) GDPR or due to public interest pursuant to Article 6(1)(e) GDPR, the customer has the right pursuant to Article 21 GDPR to object to the processing of data and state reasons resulting from the customer’s special situation and that indicate an overriding of the customer’s interests worthy of protection. If the objection is to data processing for direct advertising purposes, the customer has a general right of objection that is also to be implemented without stating reasons.
Should the customer avail themselves of the right of revocation or objection, an informal notice sent to the contact information mentioned above under provision 1 of this data protection declaration shall suffice.
In the context of the further development of data protection law as well as technological or organisational changes, the data protection information will be regularly reviewed for the need for adaptation or additions. Customers will be informed of any changes, in particular on the German website at https://kontowechsel24.de/impressum/#datenschutzerklaerung.
Valid as of August 2022
KWS Kontowechsel Service GmbH
Olympiastraße 1
26419 Schortens
Email: info@kontowechsel24.de
is responsible for processing your personal data on this website (hereinafter referred to as “we”).
We process personally identifiable information (“personal data”) in accordance with GDPR provisions.
You can contact our designated Data Protection Officer at the address indicated above by using the reference ‘For the attention of the Data Protection Officer’ or by writing to datenschutz.gee@majorel.com with the subject line ‘For the attention of the Data Protection Officer’.
When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information pertaining to your web browser type and version, your operating system, your internet service provider (ISP), the date and time you used the website, the websites previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer. With the exception of your IP address, the information contained in the server log files is not personally identifiable. An IP address is personally identifiable when it is static (permanently allocated when using internet access) and the ISP is able to attribute it to a specific person.
Some features of our website require that you divulge personal information to us. In this case, the information provided by you is used to provide the service requested by you or process a matter submitted by you (e.g. search queries, entries made in forms or contracts, click data). Other services on this website will require you to provide information such as your first and last name, email address and phone number. These are required in cases you wish us to contact you back.
Cookies are used on our website. Cookies are small text files that are saved to your computer when visiting a website. The cookies that are saved can be attributed to the web browser used by you. When the website is visited again, the web browser returns the content of the cookies, thus enabling you, the user, to be recognized. Certain cookies are deleted when you log out or end the browser session (“transient cookies” or “session cookies”). Other cookies are saved for a specific period of time (“temporary cookies”) or indefinitely (“persistent cookies”). These cookies are automatically deleted when the defined period lapses. The privacy and security settings of your browser enable cookies to be deleted at any time and also enable you to configure the use of cookies in accordance with your preferences. However, you may not be able to use all the features of our website if you delete the cookies used by our website.
As a general principle, cookies enable online recognition without reference to a specific person. Cookies may become personally identifiable when the information they contain is merged with other information apart from the information generated by the cookies themselves. Depending on their function and purpose, the cookies we use can be divided into the following categories: strictly necessary cookies, preference cookies, statistics cookies and marketing cookies.
These services, technologies and cookies are necessary to help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. They are used on the legal basis of Art. 6 para. 1 lit. f (overriding legitimate interests) of the General Data Protection Regulation (GDPR). The legitimate interests are in particular the monitoring of the technical performance of the website as well as our interest in the economic use of partner sales channels. The website cannot function properly without these cookies. They can therefore not be deactivated via our Consent Management System and by you as a website user.
Preference Cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. They are used on the legal basis of Art. 6 para. 1 lit. a GDPR (your consent). The data processing only begins when you have given the corresponding opt-in. You can withdraw your consent at any time with effect for the future (see privacy settings). The withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.
These services, technologies and cookies are needed to understand how our visitors use our website, to detect errors and to continuously improve the website. They are used on the legal basis of Art. 6 para. 1 lit. a GDPR (your consent). The data processing only begins when you have given the corresponding opt-in. You can withdraw your consent at any time with effect for the future (see privacy settings). The withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.
These services, technologies and cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers. They are used on the legal basis of Art. 6 para. 1 lit. a GDPR (your consent). The data processing only begins when you have given the corresponding opt-in. You can withdraw your consent at any time with effect for the future (see privacy settings). The withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.
The purpose of data processing may be based on technical, contractual or statutory requirements or result from consent having been given by the user.
We use the data described in section 2 for the following purposes:
For information on other data processing purposes, please refer to the sections below of this Privacy Policy.
4.1 PROVISION OF THE WEBSITE
4.1.1 DESCRIPTION AND SCOPE OF DATA PROCESSING
In order to enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and to optimize the proper functioning of our website.
4.1.2 PURPOSE AND LEGAL BASIS OF DATA PROCESSING
The legal basis for the creation of server log files follows from Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the proper functioning of our website, conducting security analyses and defending against threats.
4.1.3 DURATION OF STORAGE OR CRITERIA APPLIED IN DEFINING THIS PERIOD
When the pages of our website are accessed, information is logged to server log files that are stored on our web server; the IP address contained in them is deleted after 7 days at the latest. No analysis is conducted during this time unless there is a denial of service or other attack.
4.1.4 OPTIONS FOR LODGING AN OBJECTION AND HAVING YOUR DATA REMOVED
You have the right to lodge an objection to the processing of your data contained in the server log files provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1.
4.2 CONTACT FORM, EMAIL, CHATBOT AND TELEPHONE CONTACT INFORMATION
4.2.1 DESCRIPTION AND SCOPE OF DATA PROCESSING
On our website you have the option of contacting us by way of a contact form, by email, by telephone or by chatbot using the designated email address and phone number. If you take advantage of this option, the information you enter in the contact form, your email address and/or your phone number are disclosed to us and stored in a dedicated database. Depending on the reason you are contacting us (questions about our products and services, pursuing your rights as a data subject, e.g. submitting a request for information) your contact details are processed (with the assistance of service providers). If necessary for processing your request, this information may be shared with third parties (e.g. partner companies).
4.2.2 PURPOSE AND LEGAL BASIS OF DATA PROCESSING
The legal basis for processing your contact details follows from Art. 6 para. 1 lit. f GDPR. We have legitimate interests in processing your request and in continued communication. If the purpose for your establishing contact with us is to enter into a contract with our company, the legal basis for processing your contact details follows from Art. 6 para. 1 lit. b GDPR.
4.2.3 DURATION OF STORAGE OR CRITERIA APPLIED IN DEFINING THIS PERIOD
Your contact details are deleted once your request has been processed and further communication has been discontinued. This does apply if the purpose of your establishing contact with us is to conclude a contract or you wish to exercise your right as a data subject (e.g. request information). In this case your details are stored until all contractual and/or statutory obligations have been fulfilled and statutory retention periods (currently 6 to 10 years) do not prevent this information from being deleted.
4.2.4 OPTIONS FOR LODGING AN OBJECTION AND HAVING YOUR DATA REMOVED
You have the right to lodge an objection to the processing of your contact information provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1. If you lodge an objection, communication with you cannot be continued. This does not apply if the storage of your contact details is necessary for completing precontractual procedures, fulfilling a contract or exercising your rights as a data subject.
4.3 ASSERTING YOUR RIGHTS AS A DATA SUBJECT
4.3.1 DESCRIPTION AND SCOPE OF DATA PROCESSING
On the website you have the possibility of asserting your rights as a data subject, e.g. request information on your personal information that is currently stored by us in relation to your visit of the website. In order to assert your rights as a data subject, it may be necessary that you provide us information pertaining to your person and the specific information that has been processed. Without providing this information, we are not able to cater to your rights as a data subject.
4.3.2 PURPOSE AND LEGAL BASIS OF DATA PROCESSING
The legal basis for processing your personal information in asserting your rights as a data subject follows from Art. 6 para. 1 lit. c GDPR, “Complying with a legal obligation”.
4.3.3 DURATION OF STORAGE OR CRITERIA APPLIED IN DEFINING THIS PERIOD
We store the correspondence exchanged with you in relation to your asserting your rights as a data subject for a period of three years. This does not apply to information obtained to clarify your identity, e.g. by way of a labeled photocopy of your personal identity card, where we have been provided one. It will be deleted within one week at the latest of establishing your identity.
4.3.4 OPTIONS FOR LODGING AN OBJECTION AND HAVING YOUR INFORMATION REMOVED
The processing of your information is required for complying with your rights as a data subject, and to that extent you have no right to revoke your consent to its processing.
4.4 WEBTRACKING
The website contains services that optimize user-friendliness and measure the reach of the website. Your access data (see section 2) is recorded and with the help of cookies (see section 3), the usage behavior is evaluated. In principle, personal identification is not required for web tracking, so that when your access data is entered, the stored IP address is either not used or is used exclusively shortened (shortened by the last octet) and pseudonymous user profiles are created. In principle, these are not merged with other data and you have the possibility of withdrawal at any time. The creation of personal user profiles takes place exclusively in exceptional cases and provided that you have given your consent.
The web tracking services are provided by Majorel Group Luxembourg S.A.
The legal basis for collecting and analyzing pseudonym usage profiles follows from Art. 6 para. 1 lit. f GDPR / Section 15(3) German Telemedia Act (TMG). We have a legitimate interest in optimizing the user-friendliness of our website and performing marketing reach measurements.
The data collected and evaluated when using the web tracking services is usually stored until you object to their use.
5. WHO COMES INTO POSSESSION OF MY PERSONAL DATA?
Within our company those who need access to your information for the purposes described in section 4 will be given access to it. Service providers contracted by us may also be given access to your information (“contract data processors”, e.g. data centers, mailing services for newsletters, web tracking). They are bound by our directives and must provide for data security and the confidential treatment of your information under the contract data processing agreements we have concluded with them.
No sharing of information with other recipients such as advertising partners, providers of social media services or credit institutions (“third parties”) takes place.
6. IS MY PERSONAL DATA PROCESSED OUTSIDE OF THE EU OR EEA (‘TRANSFER TO A THIRD COUNTRY’)?
The use of Google Analytics as described in section 3.3. above causes personal data to be transferred to a third country since the data centers of Google Inc. are located outside of the European Union and the European Economic Area (“EU or EEA”). Such transfers of personal data to third countries may result in your personal information being transmitted to a country which does not provide for the same standard of data protection as the EU or EEA. For this case, respective EU Standard Contractual Clauses have been signed. You can request a copy of these safeguards by contacting the addresses indicated in section 1 above.
7. WHAT DATA PRIVACY RIGHTS DO I HAVE?
You have the right to request access to your personal data that is currently stored by us. If this data is incorrect or not up to date, you have the right to request rectification. You also have the right to have your personal data erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal data provided by you in a structured, commonly-used, machine-readable format (right to data portability).
If you have given your consent to the processing of your personal information for specific purposes, you can withdraw that consent at any time for the future. Your notice of revocation is to be addressed to us by writing to the contact address indicated in section 1.
Pursuant to Art. 21 GDPR, you also have the right for reasons relating to your specific situation to raise an objection to the processing of your data that is done on the basis of Art. 6 para.1 lit.f GDPR. You also have the right to lodge an objection to the processing of your personal information for direct marketing purposes. The same applies to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website.
You also have the right to lodge a complaint with the competent data protection authority. The authority responsible for us is:
Landesbeauftragte für den Datenschutz in Niedersachen
Prinzenstraße 5, 30159 Hannover
You also have the right to contact the data protection authority at your place of residence and request support in pursuing your matter.
8. TO WHAT EXTENT DOES AUTOMATED DECISION-MAKING TAKE PLACE?
We do not use any fully automated decision-making processes for any of the purposes set out in section 4.
9. IS PROFILING DONE?
No profiling takes place for any of the purposes set out in section 4.
10. HOW WE PROTECT YOUR PERSONAL DATA?
We take technical and organizational measures to protect your personal data and keep it confidential. We take extensive technical and organizational security measures, which are regularly reviewed and adapted to technological progress, to prevent manipulation or loss or misuse of your personal data. This includes, among other things, the use of recognized encryption methods (SSL or TLS). However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions that are not in our area of responsibility. In particular, data disclosed in unencrypted form – e.g. if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the user’s responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.
11. WHAT HAPPENS IF THE PRIVACY POLICY IS CHANGED?
In the event of changes to the law or changes to our corporate processes, we may adjust this privacy policy accordingly. For this reason, we ask you to read this Privacy Policy regularly. You can access this Privacy Policy at any time by visiting our website and selecting the Privacy Policy link at the bottom of the page.
Date of this Privacy Policy: September 2022
I. DATA CONTROLLER
KWS Kontowechsel Service GmbH
Olympiastraße 1
26419 Schortens
Email: info@kontowechsel24.de
Majorel Group Luxembourg S.A. is accountable for the processing of the personal information described below (referred to hereinafter as “we”, “us”, “our”).
You can contact our designated Data Protection Officer at the address indicated above by using the reference ‘For the attention of the Data Protection Officer’ or by writing to datenschutz.gee@majorel.com with the subject line ‘For the attention of the Data Protection Officer’.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”) is also responsible for processing information. For more information, please consult: https://www.facebook.com/policy.php
You can contact Facebook’s data protection officer here: https://www.facebook.com/help/contact/540977946302970
You can find information on the processing of personal information by Facebook in your Facebook profile under the Settings menu – Privacy, or here: https://www.facebook.com/help/568137493302217
II. PROCESSING OF PERSONAL INFORMATION
1. GENERAL REMARKS
According to the GDPR, “personal data” (referred to below as “personal information”) means any information relating to an identified or identifiable natural person (“data subject”). Also pseudonymized information that cannot be directly linked to you, e.g. by way of a name or email address, is also personal information.
2. YOUR RIGHTS
You have the right at any time to request access to your personal information that is currently on file with us. If this information is incorrect or not up to date, you have the right to request that it be corrected. You also have the right to have your personal information deleted and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. Where our processing by automated means of information provided by you is based on your consent or is the subject of a contract with you, you have the right to request a copy of this data in a structured, commonly-used, machine-readable format (right to data portability). If you want to exercise any of your rights, you can address these issues to the contact indicated in section 1 above.
If you have given your consent to the processing of your personal information, you can revoke this consent at any time with effect for the future. For information on your right to lodge an objection, see section III of this privacy policy.
You also have the right to lodge a complaint with the competent data protection authority. You can assert these rights by contacting the data controller.
3. OBLIGATION TO PROVIDE PERSONAL INFORMATION
As a general rule, you are not obligated to provide personal information to us. You must provide specific information only when concluding a contract (e.g. your email address or your name). Without this information we cannot enter into a contract with you or perform the contract. Facebook may impose other requirements on you. For more information, please consult https://www.facebook.com/policy.php.
4. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
Your personal information is not disclosed to third parties unless this is necessary for fulfilling obligations under a contract, we or the third party have/has an legitimate interest in disclosure, or your consent has been obtained. In addition, personal information may be shared with third parties in the event that we are obligated by virtue of operation of the law or by virtue of an enforceable directive of a governmental or other regulatory authority, or by order of a court or other authority of competent jurisdiction.
5. SERVICE PROVIDERS
We contract service providers in part for processing data. Access by service providers to your personal information is restricted to the extent necessary. As a general rule, service providers are engaged as contract data processors who are bound by our directives when processing data.
6. TRANSFER OF DATA TO NON-EEA COUNTRIES
Personal information may be transferred to third parties and contract data processors who are headquartered in non-EEA countries. In these cases, we ensure that the recipient provides for an appropriate level of data protection prior to transferring data. Some of the third parties engaged by us are headquartered in the USA. We have also concluded EU standard contractual clauses with various companies. Details can be obtained from our data protection officer on request.
7. DURATION OF STORAGE
We store your personal information for as long as it is necessary to provide our offerings and the associated services, or we have a legitimate interest in continued retention. In all other cases we delete your personal information with the exception of information (e.g. invoices) that we must retain for compliance with statutory retention periods (e.g. imposed by the tax code or commercial code).
8. PSEUDONYMIZED DATA PROCESSING
The processing of information described below primarily takes place on a pseudonymized basis. This means that we do not provide information to third parties that can be directly linked to you, e.g. by way of a name or email address, but rather a profile is created on the basis of an ID or cookie.
III. PROCESSING OF INFORMATION BY US OF USERS USING OUR FACEBOOK PAGES
The processing of information described below is for the purpose of operating our Facebook pages.
1. INSIGHTS
We receive statistical data from Facebook about the visitors to our Facebook pages by way of Facebook’s Audience Insights service. We are unable to link this information to any specific person. This feature enables us to better analyze our pages and adapt them to the needs and interests of our visitors. Facebook processes personally identifiable information in relation to this service on its own responsibility. For more information, please visit: https://www.facebook.com/iq/tools-resources/audience-insights. We need no legal basis for processing statistical or anonymized data.
2. INTERACTION ON OUR PAGES
We are also able to see when a specific Facebook user likes or subscribes to one of our Facebook pages. We are also able to link comments to individual users on our Facebook pages. The legal basis for this processing of information follows from Art. 6 (1) sentence 1 point b) and f) GDPR. We have a legitimate interest in interacting and continued communication with you. To the extent that the processing of information follows from Art. 6 (1) sentence 1 point f) GDPR, pursuant to Art. 21 (1) GDPR you have the right, for reasons relating to your particular situation, to lodge an objection at any time to the processing of your personal information with effect for the future by writing to our designated Data Protection Officer at the address indicated above by using the reference ‘For the attention of the Data Protection Officer’ or by writing to contact@majorel.com with the subject line ‘For the attention of the Data Protection Officer’ and setting out your objection.
3. MONITORING
We review the comments on our Facebook pages for any inappropriate content. In so doing, it is readily clear under which Facebook profile a specific comment was posted. A link is made between the content of the comment, the timestamp created when the comment was posted, the user ID, the Facebook user name, and a reference to the preceding posts and comments. The result of a review may lead to the comment being hidden or the user being blocked. The legal basis for this follows from Art. 6 (1) sentence 1 point c) GDPR.
IV. PROCESSING OF INFORMATION PROVIDED BY YOU BY WAY OF A CONTACT FORM OR EMAIL
On our Facebook pages you have various options for contacting us for various purposes. We use the information provided by you in this manner solely to respond to the matter for which you have contacted us. Messages are deleted at the latest upon attending to your query, provided that we are not required to retain them for other reasons.
Last updated: November 2022