Introduction and Applicability

SCAN4FIN GmbH (“SCAN4FIN” or “we”) collects certain information during its operations and interactions with third persons. We, among others, operate the website https://scan4fin.com through which you share some of your information (the “Website”) and provide the application SCAN4FIN dedicated to analyzing payment data available on https://app.scan4fin.com (the “SCAN4FIN Application”).

 

Some of the information collected by us is considered a personal data. Personal data is any information relating to an identified or identifiable natural person (“Personal Data”, such natural personal to which it relates is a “Data Subject”). Examples of Personal Data can be name, email address, address, telephone number, IP address, date of birth, etc. Any information that does not fulfill this condition (such as it is aggregated or de-identified in a way that it can be no longer reasonably associated with an identified or identifiable natural person) is not considered a Personal Data and, consequently, does not need to be treated as such.

 

Personal Data enjoys special protection under applicable data protection law and we fully respect such regulation. Therefore, any Personal Data you provide to us is treated solely in compliance with an applicable regulation and as described in this privacy policy.

 

This privacy policy respects the legal requirements imposed on processing of Personal Data by the Regulation (EU) 2016/679 of the European Parliament and of the Council  of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”).

 

In a language of the GDPR, we (SCAN4FIN GmbH) are the controller of the Personal Data that you provide to us. If we share any Personal Data with the third parties, these act as processors. For further information about how we disclose and share your Personal data, please see section “Sharing Information with Third Parties”.

 

The aim of this privacy policy is to comprehensively describe how we collect, use, disclose or otherwise process your Personal Data and what rights you have with respect to Personal Data relating to yourself.

 

This privacy policy applies to your use of the Website and the SCAN4FIN Application as well as any other interactions you might have with us (e.g. email or other communication, participation on the organized events, job applications, etc.).

 

This privacy policy does not apply to any third party applications, services or businesses that might be part of SCAN4FIN activities or which you may encounter when leaving our Website or the SCAN4FIN Application (please see section “External Websites and Service Providers”).

 

This Website, our services and SCAN4FIN Application is not supposed to be used by anyone younger than 16 years old. For any child younger than 16 years old, the consent with processing of his / her personal data must be given or authorised by the holder of parental responsibility over such child. Please notify us if you learn that anyone younger than 16 years old has unlawfully provided us with Personal Data, we will take action to delete all such data.

 

If you do not agree with the terms of this privacy policy, do not access or use the Website, the SCAN4FIN Application or our services or do not interact otherwise with SCAN4FIN.

 

Information We Collect

Generally, no one is under any statutory or contractual obligation to provide any information to us. The use of the Website is possible without actively providing us any Personal Data. Nevertheless, certain actions of yours may involve providing some of your Personal Data to us which we collect and receive. This can happen in the following ways:

 

  • Contact Form on the Website: if you decide to contact us through a contact form available on the Website, we receive your name and email address and – if you decide to provide this additional information – your company, together with your message.
  • Newsletter Registration and Administration: if you decide to sign up for receiving our newsletter, we receive your email address.
  • Requesting a demo session of the SCAN4FIN Application: if you request a demo session through a form available on our Website, we receive your name, email address, phone number, company name and – if you decide to provide this additional information – your address and company website.
  • Requesting a SCAN4FIN Application account: if you request to obtain a SCAN4FIN Application user account through a form available on our Website, we receive your name, phone number, email address, company and function (merchant / group company).
  • Registration to receive certain materials published by us, such as reports or studies: if you register to receive certain materials published by us on our Website, such as educational materials or industrial reports or studies, we receive your email address and other details (if required by the respective registration form).
  • Submitting Comments to Blog Posts on our Website: when you decide to leave a comment to any of the blog post on our Website, we receive your name, email address and the content of your comment.
  • Additional information provided to SCAN4FIN: we receive additional information that you provide if you participate in an event or activity organized by us, apply for a job, interact with our social media accounts or request support or otherwise communicate with us.

 

To be able to use the SCAN4FIN Application, you need to provide us with certain Personal Data to create your user account. We collect the following data to allow you to create your user account and access the SCAN4FIN Application:

  • Administering multi-mandate structure of the accounts: within the SCAN4FIN Application, it is possible to create multi-layer structure of accounts (mandate accounts, mandate accounts’ users, merchant accounts, merchant accounts’ users). For creating merchant or mandate account, we require company name, address, tax number, phone number, email address, function and PSP/AP. For creating merchant or mandate accounts’ user, we require salutation, name, phone number, email address, address, role, attribution to a higher level layer (mandate / merchant account) and password (encrypted).
  • Login to your user account: we require your username and password (encrypted).
  • Data upload, analytics and export: if your data files names uploaded to the SCAN4FIN Application, your credentials to import data through API or your merchant or mandate account name contains any Personal Data (such as your name, if you are a merchant – natural person), this will be processed by us within the SCAN4FIN Application when importing or exporting data or displaying data analytics.

 

SCAN4FIN Application is a tool designed to analyze transaction data. You need to ensure that the transaction data files that you upload into the SCAN4FIN Application do not contain any Personal Data unless you have an explicit consent of each concerned Data Subject with such processing. You are solely responsible for any harm caused to any Data Subject or any third party through violation of this paragraph. You shall also indemnify us against any claims brought against us by any Data Subject or any third party due to violation of this paragraph by you.

 

Furthermore, certain information about you is collected automatically. This information does not contain any Personal Data.

    • Additional data about usage of our Website. Our hosting provider collects automatically certain additional data such as which pages on our Website were visited, from which website you arrived on our Website, what is your browser or the amount of data that was transferred on our Website. Your IP address is anonymized, hence, the collected information does not include any Personal Data.
    • Google Analytics: We use Google Analytics on our Website that can collect certain information relating to you. For further information about how we use this service, please see section “Tracking Tools”.
    • Cookies: We use cookies on our Website and SCAN4FIN Application that can collect certain information relating to you. For further information about how we use cookies, please see section “Cookies”.

 

 

How We Use the Information

We use Personal Data collected by us in order to enable you to use our Website and SCAN4FIN Application and provide you with services that you requested or that you are interested in. In particular, Personal Data can be used for the following purposes:

    • To communicate with you when responding to your inquiries, requests, interactions through our Website (e.g. contact form or the form through which you request a SCAN4FIN Application demo session or a SCAN4FIN Application user account) or our social media accounts. If you contact us in any way, we may use your Personal Data to respond you. If you contact us in order to apply for a job, we may keep all information provided by you (incl. contact information, CV, photo and cover letter) in our internal database and contact you in the future if we think we might have a suitable opportunity for you.
    • To provide our services and operate our Website and SCAN4FIN Application. We use collected information to support and optimize delivery of our services and operation of our Website and SCAN4FIN Application, analyze and monitor usage of and activities on our Website and SCAN4FIN Application, identify and address potential security or technical issues and perform standard IT procedures to ensure security of the data, such as regular backups.
    • To send email communication. If you registered in any way to receive information or updates from us, we will use your Personal Data provided within such a registration to provide you with the relevant content. Examples can be a newsletter registration or a registration to receive certain materials published by us, such as reports or studies. We may also use contact details provided by you to send you additional information that we believe can be of business interest to you. In any case, you can always unsubscribe from receiving such information through a link that will be available in each email communication of this nature that we will send you or you can contact us with this request directly on info@scan4fin.com.
    • To handle your comments to blog posts that you submit for publishing on our Website. 
    • For billing, account management and other administrative purposes. If you buy a service from us, such as access to the SCAN4FIN Application or any other paid services that might be offered by us (consulting / products, events, educational materials, seminars), we use Personal Data to administer accounts, invoicing and payments.
    • For administration of events organized by us. In case you participate in any event organized by us, such as seminar, conference or workshop, we use your Personal Data to communicate with you, administer the event organization or share your review of the event or your input on our Website and other social channels. We may publish photos and videos from the event on which you might be visible.
    • As required by the applicable laws and regulations or as requested by the – as per the applicable laws – entitled authority.

 

In case of SCAN4FIN Application, we use Personal data collected by us to provide you with the services of the SCAN4FIN Application, administer your settings, create mandate / merchant accounts or user accounts that you requested and all other actions provided to you or requested by you within the SCAN4FIN Application. You may – depending on your role and user rights – decide to grant access to another person or remove it, assign roles to other persons, configure settings, adjust profile information of other users, etc.

 

We never use your Personal Data for commercial purposes or send them to any third parties.

 

Lawful Basis for Processing of Your Personal Data

When we process your Personal Data, we rely on the following lawful basis:

  • your consent for collecting and processing Personal Data when you use a contact form on our Website, sign up for a newsletter registration (incl. newsletter administration), register to receive certain materials published by us, such as reports or studies, submit comments to blog posts on our Website, request a SCAN4FIN Application demo session or request a SCAN4FIN account.
  • our legitimate interest for collecting and processing Personal Data when responding to your communication or social media interactions or when handling your job requests.
  • performance of a contract for collecting Personal Data in any case where you enter into a contractual relationship with us (e.g. providing a service that you requested, your access to and use of the SCAN4FIN Application, administering your participation in an event or activity organized by us, administering accounts, invoicing and payments).
  • compliance with a legal obligation in case the collecting of Personal Data is required by applicable laws and regulations or by the entitled authority.

 

In cases in which we process your Personal Data based on your consent, we collect the timestamp when and IP address from which the consent was granted. This helps us to prove that we received the consent to processing Personal Data as required by the respective legislation. Both information is saved to our database located on our servers. The IP address is saved in an anonymized form.

 

How Long We Keep Your Information

We keep any Personal Data received from you for as long as it is necessary to achieve the purposes described in this privacy policy. Please be informed that in certain cases we are bound by statutory obligations to retain and archive certain documents and information for a specified period of time. Some of these might include your Personal Data.

 

Sharing Information with Third Parties

Some of your Personal Data may be transferred to and processed by our third party service providers and partners (“Third Party Service Providers”). Some of the services such Third Party Service Providers may provide to us is, for example, hosting services or email marketing services. We engage the following third parties as part of our infrastructure of Third Party Service Providers that may receive your Personal Data:

 

Our Website

Service provider’s name Services Service provider’s country Applicable for
STRATO AG Hosting provider used for our Website Germany Website
Amazon Web Services, Inc. Hosting provider used for the SCAN4FIN Application/ *server location is Frankfurt am Main, Germany USA/ *Germany Application
The Rocket Science Group, LLC Provider of MailChimp, an email marketing services software used for e.g. sending newsletters or other marketing communication USA Website
Google LLC Provider of Google Analytics, an analytical tool used to track traffic on our Website

(note: Google Analytics only receives anonymized data)

USA Website
Google LLC Provider of G Suite solution, incl. email server, storage space and other tools USA Website

Application

 

 

Please keep in mind that the SCAN4FIN Application is built on a multi-mandate structure. That means that your user account is – depending on where it is in the hierarchy of the accounts – part of higher level structures, i.e. merchant and mandate accounts. Some of your Personal Data, e.g. your contact or profile information, may be accessed and – based on the role and user rights of particular user – modified by other users that are subject to the same merchant or mandate account.

 

Other than that, we may share your Personal Data in the following cases:

 

  • With your consent or upon your instructions.
  • To comply with applicable laws or regulations or if we receive a requests of an entitled authority to disclose certain Personal Data.

 

  • With affiliate companies. We may share certain Personal Data with our affiliate companies, parents or subsidiaries (PTT2 Solutions GmbH, Connect4fin GmbH).
  • Due to changes to our business. If we are involved in merger, acquisition, reorganization, sale of assets, financing, due diligence processes, bankruptcy, insolvency, liquidation or any similar proceedings, some of the Personal Data may be shared with third parties.
  • To enforce our rights (e.g. contracts or policies) or prevent or investigate fraud.

 

In case your Personal Data is transferred outside of the EU, we only transfer your Personal Data to third countries that are deemed as having adequate data protection laws as determined by the European Commission.

 

We may disclose other information provided by you that are not Personal Data for any purpose (e.g. analytical purposes).

 

Access to Your Personal Data and Your Rights

If you are an individual from the EU country, you have the following rights with respect to your Personal Data collected by us:

    • right to be informed how Personal Data is processed: right to receive information about the scope, extent and legal basis of processing of your Personal Data. This information is covered in this privacy policy.
    • right of access: right to receive a confirmation as to whether or not your Personal Data is being processed, and, where that is the case, access to the Personal Data and the information about the purposes of the processing, the categories of the Personal Data concerned, the disclosure of the Personal Data and the envisaged period for which the Personal Data will be stored.
    • right to rectification: right to request and obtain the rectification of inaccurate Personal Data or to have incomplete Personal Data completed.
    • “right to be forgotten”: right to request and obtain the erasure of your Personal Data if statutory conditions are met.
    • right to withdraw the consent with the processing of your Personal Data given to us.
    • right to restriction of processing: right to request and obtain restriction of processing e.g. when you contest the accuracy of your Personal Data, the processing is unlawful or the Personal Data is no longer needed for the purposes of processing.
    • right to data portability: right to receive your Personal Data in a structured, commonly used and machine-readable format and to transmit those data to another controller (or, request to have the Personal Data transmitted directly from us to another controller, where technically feasible) where the processing is based on consent or on a contract and the processing is carried out by automated means.
    • right to object: right to object, at any time to processing of your Personal Data which is based on the public interest or the legitimate interests of us or a third party or where Personal Data is processed for direct marketing purposes.
    • right to lodge a complaint with a supervisory authority: please see section “Data Protection Authority” to find out about contact details of our supervisory authority.

 

 

External Websites and Service Providers

Our Website or SCAN4FIN Application might contain links to external websites. If you leave our Website or SCAN4FIN Application for such external websites, we have no control over how such external websites and their providers handle your Personal Data. We recommend you to inform yourself about the privacy policies and practices of the respective external websites and their providers and stay cautious when sharing your Personal Data. The same applies to other external applications or services that might be associated with or accessed through our Website or services or SCAN4FIN Application but that are provided by a third party.

 

SCAN4FIN will not be liable for any direct or indirect harm, loss or damage incurred in connection with collecting or handling of your Personal Data by such third party providers.

 

Security

We take security of your Personal Data and other information collected by us very seriously. We do our best to protect all such information from loss, unauthorized access or disclosure or misuse by third parties by using the technology and employing security measures that are appropriate with respect to the sensitivity of the collected information and reasonably available to us. However, given the nature of internet and information and communications technology, we cannot provide any guarantee that any information provided by you will be absolutely safe from interference of third parties, especially when being transmitted through the internet.

 

Cookies

We use cookies while operating our Website and SCAN4FIN Application. Cookies are small data files which are sent by us to your device (computer, smartphone or other end device which you use to access our Website or SCAN4FIN Application) and stored in your internet browser. Cookies can be session based (automatically deleted when you close your browser) and permanent (lasting until they are deleted in your browser or until they expire).

 

We use cookies to recognize you as a particular user when you visit our Website and personalize and improve your Website experience or to recognize your ID in the SCAN4FIN Application.

 

If you do not want cookies to be stored, you can manage that through the settings of your internet browser. However, if you disable cookies, our Website or the SCAN4FIN Application might not work properly and you can lower your user experience.

 

Our Website also uses third party cookies, such as Google Analytics.

 

Tracking Tools

On our website we use Google Analytics, a service provided by Google LLC (based in the USA). This service helps us to analyze how our Website is being used and, based on that, optimize your user experience. Google Analytics collects certain information when analysing the website traffic, such as your operating system, your browser, which pages on our Website you visited, how long you stayed, the URL from which you came to our Website or your geographical location (not street address). Google Analytics does not collect any Personal Data of yours. We make sure that your IP address that is collected by Google Analytics is anonymized so it cannot be attributed to you. Click here to opt-out or opt-in again Disallow Google Analytics to track me

 

Changes to This Privacy Policy

We may amend this privacy policy from time to time. An up-to-date version of this privacy policy will be always available on this page, together with an effective date of the current version. If we make any material changes to the privacy policy, we will inform you through additional channels, such as the newsroom section on our Website.

 

We invite you to review our privacy policy regularly to stay informed. If you disagree with any changes to this privacy policy, please do not use our Website, SCAN4FIN Application or any other SCAN4FIN services after the effective date of such changes.

 

Data Protection Authority

The main data protection authority in Germany is:

 

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

Husarenstraße 30, 53117 Bonn

Tel.: +49 228 997799 0; +49 228 81995 0

Fax: +49 228 997799 550; +49 228 81995 550

e-mail: poststelle@bfdi.bund.de

website: http://www.bfdi.bund.de/

 

According to the GDPR, you have a right to, among others, lodge a complaint with a supervisory authority. In case you believe we are processing your Personal Data within the scope of GDPR, you may direct your questions and complaints to our data protection supervisory authority:

 

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Helga Block

Postfach 20 04 44, 40102 Düsseldorf

or

Kavalleriestraße 2-4, 40213 Düsseldorf

Tel.: 02 11/384 24-0

Fax: 02 11/384 24-10

e-mail: poststelle@ldi.nrw.de

website: https://www.ldi.nrw.de

 

Contact Information

If you have any questions or comments regarding this Privacy Policy or processing of Personal Data by us, or if you wish to exercise any of your statutory rights (please see section “Access to Your Personal Data and Your Rights”), please feel free to contact us at info@scan4fin.com or at:

 

SCAN4FIN GmbH
Im Mediapark 5
50670 Cologne
Germany

 

Effective date of this privacy policy: 25.7.2018