Data protection

Thank you for your interest in our website.

We at PAIR Finance – a service from PAIR Finance GmbH – (hereinafter “PAIR Finance” or “we”) respect your privacy and pay careful attention to the protection of your data and its confidentiality. In this privacy policy, we are informing you about which personal data we collect in line with the use of our online services and the associated websites, as well as the use of our services by clients, business partners and potential or existing customers (hereinafter also “you”) and for what purposes we use this data.

The terms used within this Privacy Policy, such as “personal data” and “processing” are defined in Article 4 of the General Data Protection Regulation (GDPR). On this basis, personal data is all detailed information on the personal or objective circumstances of a specific or identifiable natural person, such as your name, your telephone number and your address.

1. Data Controller

The Data Controller, as defined in the EU General Data Protection Regulation (“GDPR”), who is responsible for the collection, processing and use of your personal data is PAIR Finance GmbH, Hardenbergstrasse 32, 10623 Berlin. You can reach us using the contact information in Imprint.

You can contact our Data Protection Officers by post at PAIR Finance GmbH, Datenschutz, Hardenbergstrasse 32, 10623 Berlin or by sending an e-mail to datenschutz@pairfinance.de.

2. Data Processing

In line with the use of our website, personal data is only collected where necessary for technical reasons or if you are using specific functions or services available on our website, such as the contact form or agent login. We also process data communicated to us by you when you make contact.

2.1 Visiting our website

When you visit our website, specific access data is recorded automatically, e.g. date and time of access, name of file requested, website from which the file was requested, access status (e.g. file transferred, file not found), the web browser you are using, the operating system of your device and the IP address of the requesting device.
It is necessary to process this data to make the visit to the website possible and guarantee the continuous functionality, availability and security of our systems. The legal basis for this data processing is Article 6, para. 1, letter b, GDPR.

For the purposes specified above, the access data is temporarily stored in internal logfiles in order to generate statistical Information about the use of our website and further develop our website in line with usage habits and maintain our website on a general, administrative basis. The legal basis for this data processing is Article 6, para. 1, letter f GDPR, based on our justified interest in the proper optimisation of our website.

The information stored in the logfiles does not allow any direct conclusions about who you are, and, in particular, we only store IP addresses in truncated, anonymised form. The logfiles are saved for 7 days and subsequently deleted.

2.2 Contact forms for potential clients

We give you the opportunity to send us enquiries about the use of our services directly via our contact form. At certain times, we also offer promotional pages, e.g. in line with trade shows, giving the option of contacting us and arranging a meeting.

In order to use the contact forms we provide, you must provide your name and an e-mail address so that we contact and discuss arrangements with you. Other mandatory fields are marked as such. You can also provide further information in order to allow us to assess your enquiry more quickly.

We process the information provided by you in the contact form in order to respond to your enquiry, put together a customised quotation, contact you for further discussions and react to your wishes, questions and criticisms. The legal basis for the data processing described is Article 6, para. 1, letter b, GDPR.

The data collected from the use of the contact form is deleted after your enquiry has been processed, providing no collection contract has been concluded and it does not need to be saved based on links to other processes until such processes are complete, or you have not given us you consent to make contact in future for other marketing measures.

2.3 Agents, contract partners and potential clients

If you are an agent, a contract partner or a potential client for our services, we collect regular master data (e.g. names and addresses) and contract data (e.g. contract content, contractual communications, names of contact persons) and, where applicable, payment data (e.g. bank details, payment history) on a regular basis in line with cooperation and communication with you for the purposes of fulfilling our contractual or pre-contractual services and obligations.

As a PAIR Finance client, you are given access to our service platform. To use the service platform, you will need to enter various details, most importantly your name, an e-mail address and a password. In line with the use of the platform, we also record the time of your first login, the last two logins, including times and IP address and the total number of logins for security verification reasons, plus the language selected in the system in order to display the content.

We process the data on our clients, contract partners and potential clients in accordance with Article 6, para. 1, letter b GDPR in order to provide services to them. The data processed, its scope and purpose and the necessity for processing is determined based on the underlying contractual relationship.

In line with the execution of the contract with our agents, we use PayPal (Europe) S.à r.l. et Cie, S.C.A. (Hereinafter “PayPal“) as a payment service provider. The involvement of the payment service provider is on the basis of article 6, para. 1, letter b GDPR and on the basis of our justified interests in accordance with Article 6, para. 1, letter b GDPR, in order to provide our clients with an effective, secure payment option. The data processed by PayPal can include master data, such as name and address, bank details, such as account numbers or credit card numbers, passwords and contract, amount and recipient-related information. This data is required in order to carry out the transactions. The data entered is processed and saved by PayPal only. PAIR Finance does not receive any information on accounts or credit cards, it merely receives notification that a payment has been received. PayPal’s terms and conditions of business and its privacy policy apply to payments via PayPal, as does the information contained therein on the assertion of rights to cancellation and information and other rights for parties affected (https://www.paypal.com/de/webapps/mpp/ua/privacy-full).

For the purposes of maintaining contacts, we use a Customer Relationship Management system, or CRM for short, from Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia (hereinafter “Pipedrive”). We record company contacts for agents, business partners and potential clients in the CRM. The Pipedrive servers we use are essentially within the European Union. However, elements of your data can be processed outside the European Economic Area, particularly in the USA, for technical reasons, e.g. in line with Pipedrive support services. In order to guarantee the security of your data even in these circumstances, Pipedrive, Inc., 460 Park Ave South, New York, NY 10016, has signed up to the EU-US Privacy Shield. The legal basis is Article 6, para. 1, letter f, GDPR, based on our justified interest in using an external service provider to organise our company contacts efficiently.

2.4. Applications

Finally, we offer you the opportunity to contact us via our website for the purpose of applying for an advertised position. To organize and process the application procedure, we use the services of Greenhouse Software, Inc.,18 West 18th Street, 11th Floor New York, NY 10011, USA (hereinafter referred to as “Greenhouse”). Greenhouse is implemented as a web service directly on our website (hereinafter: “Greenhouse website”). If you click on jobs on our website, you will be redirected to our Greenhouse website.  Within this framework, we process your personal data in order to make the whole application process easier, based on the statutory reasons in Art. 6, para. 1, lit. b and lit. f GDPR.   

For visitors to our Greenhouse website, personal access data is recorded automatically, including, for example, the requesting device, the web browser used and the operating system of your device, the IP address of the requesting device, the questions and answers sent to and from your device, the website from which the Greenhouse website was accessed and your behaviour on the Greenhouse website.  

 The collection of your personal data and the involvement of Greenhouse in the context of visiting our Greenhouse website and the associated data processing is necessary in order to monitor and improve the recruitment process and the performance of the Greenhouse website, based on our legitimate interest in the efficient design of our internal processes and our service, Art. 6 para. 1, lit. f GDPR.

 Furthermore, the following personal application data may be processed in the context of the application process, in particular, but not limited to, all personal data you provide to us via the application form: name, e-mail address, telephone number, picture, address, cover letter, CV, LinkedIn profile, and the position for which you have applied for, status, notes and plans regarding your application and e-mail communication.

The collection of your personal data and the involvement of Greenhouse as part of the application process and the associated data processing is necessary for pre-contractual measures relating to your application, Art. 6 para. 1, lit. b GDPR.

 At the end of the application process we will delete your personal data as soon as possible, unless we have informed you that we need the data for other purposes. As a general rule, we store the personal data we have received from you in the course of the application process for a period of 6 months for preventive reasons.

Your personal usage data must be processed by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”) and Indeed Ireland Operations Limited, 124 St. Stephen’s Green, Dublin 2, Ireland (hereinafter “Indeed”) in order to allow the “Apply with LinkedIn” and “Apply with Indeed” functionalities, even if you do not use this functionality. LinkedIn and Indeed may use cookies. For more information, please refer to the LinkedIn and Indeed Privacy Policy. For more information about Greenhouse’s privacy policy, please refer to the Greenhouse Privacy Policy.

2.5 Communication with our customer services

If you send an e-mail to our customer services in response to a payment reminder or call our hotline, we will regularly record your e-mail address, your telephone number and, where applicable, your address, depending on the contact channel you use. In order to process your enquiry properly, we may need further information (e.g. a reference, address or date of birth).

We will use this information in order to put you through to the relevant case worker and process your enquiry. The legal basis for data processing in line with contacting our customer services is Article 6, para. 1, letters b and f, GDPR. The data is generally deleted at the end of the periods of limitation for the underlying process, unless it needs to be saved for longer because of a link to another process. The statutory archiving obligations also apply.

In order to organise and process the enquiries received via our contact options, we used web-based ticketing system Zendesk from Zendesk, Inc. (1019 Market St., San Francisco, California 94103, USA, hereinafter “Zendesk”). This means that, under some circumstances, data is also transferred via servers in the USA. Zendesk is certified in accordance with the EU-US Privacy Shield. This means that Zendesk has undertaken to guarantee European data protection principles and the level of data protection, even if data is processed in the USA. If you do not agree to your data being processed by Zendesk, alternative postal contact options are available to you. Further information on Zendesk can also be found in the Zendesk Privacy Policy. The legal basis for the involvement of Zendesk and the resulting data processing is Article 6, para. 1, letter f GDPR, based on our justified interests in the efficient design of our internal processes and our customer service.

In order to improve our customer service, we use service provider MessageBird, MessageBird B.V., Trompenburgstraat 2C, 1079 TX Amsterdam, Netherlands, in order to provide and introduce communication via WhatsApp, a service from WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, privacy policy at whatsapp.com/legal/business-policy/. If we communicate with you via WhatsApp, we collect and save, for example, your first name and surname, telephone messages and the chat and messages sent. The legal basis for data processing is Article 6, para. 1, letter f GDPR, whereby our justified interests lie in improving customer service and the efficiency of the processing of customer enquiries. The data collected, especially the messages, is stored in the file with the relevant claim. On payment of the outstanding amount or termination of the collection process for another reason, we will check after a period of three years to the end of the year whether the payment or termination has been completed, whether we still need the data or whether deletion would be an infringement of statutory archiving obligations.

Finally, we sometimes record incoming telephone calls for training purposes and to improve our service quality, if and to the extent that you have given your explicit consent prior to recording. Before the call starts, you will be informed by a recorded message that your call may be recorded and asked for your consent. Of course, you can always refuse consent and not have your telephone call with us recorded. The legal basis for the recording and associated data processing is Article 6, para. 1, letter a and Article 7 GDPR, based on your consent. You have the right to revoke any consent you have given with immediate effect in accordance with Article 7, para. 3 GDPR. Once they have been evaluated for training and quality purposes, the recordings are deleted, unless they need to be saved until the resolution of an additional process of securing evidence.

3. Cookies and usage analysis

When you visit and use our website, different cookies are set. Cookies are small text files that are stored in the memory of your web browser and contain information that allow web servers to recognize you when you visit our website later. Cookies cannot execute programs or transfer viruses to your computer.

3.1 Our own use of cookies

We use our own cookies, especially to record that information on our website has been shown to you, so you are not shown it again on your next visit. The main purpose of our own cookies is to make the use of our services as time-effective and user-friendly as possible.

The aim is to make your use of our website more convenient and customised. The processing of the respective cookies is based on our justified interests as above, in this respect, the legal basis is Article 6, para. 1, letter f GDPR.

You can block cookies from being saved by refusing to accept cookies from this website in your browser settings. However, not accepting cookies can, in some cases, significantly impede the functionality of our website.

3.2 Use of third-party cookies for usage analysis

On our website, we also apply various approaches to understanding the use of the website and finding out what content is particularly important for our users and what kind of devices they are using to access it. This allows us to optimise our content and the page design to the actual browser types and devices used.

For this purpose, we utilise services from various external providers, who are listed below. The legal basis for the data processing described below is Article 6, para. 1, letter f GDPR, based on our justified interest in the proper design and continuous optimisation of our website.

a) Google Analytics

Our website uses the web analysis service Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Google Analytics uses cookies with a validity of 14 months to record your access data when visiting our website. On our behalf, Google summarises the access data into pseudonymised usage profiles and transfers it to a Google server in the USA. First, the IP address is anonymised. This means that we cannot tell which usage profiles belong to a specific user. Based on the data recorded by Google, we cannot identify you, nor can we determine how you use our website. In the event that, on an exceptional basis, personal data is transmitted to the USA, Google has also signed up to the EU-US Privacy Shield. This means that Google has undertaken to guarantee European data protection principles and the level of data protection here, even if data is processed in the USA.

Google uses the information gained from cookies on our behalf to evaluate the use of our website, put together reports on website activities and provide further services relating to the use of the website and the internet for us. Further information on this can also be found in Google’s Privacy Policy.

You can block Google web analysis at any time. You have various options: (1) You can set your browser to block cookies from Google Analytics. (2) You can adjust your settings for Google advertising. (3) You can set a deactivation cookie by clicking here: Deactivate Google Analytics. (4) You can install the deactivation plug-in provided by Google in your Firefox, Internet Explorer or Chrome browser using the following link (this does not work on mobile devices): Browser-Plugin.

As an alternative to the browser plug-in or on mobile device, you can click this link in order not to be tracked by Google Analytics on our website in future (this setting applies only to you current browser and this website). This saves a cookie to your device, which means you need to click on the link again if you delete your cookies. If you have deactivated cookies, it may be that not all services on our website are available to you.

You can find more information on Google Analytics here: Google’s Privacy Policy.

b) Google Tag Manager

Our website uses the Google Tag Manager, a service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Tag Manager is used to manage tools for usage data analysis and other services, known as Website Tags. A tag is an element which is stored in the source code of our website in order, for example, to record defined usages and interactions. The Google Tag Manager tool itself (that implements the tags) is a cookie-free domain and does not record any personal data. The tool is used to trigger other tags which themselves record data under specific circumstances which are explained further in this Privacy Policy. Google Tag Manager does not access this data. If deactivation has taken place at either a cookie or a domain level, this remains in place for all tracking tags implemented using the Google Tag Manager. You can also find out more about the Tag Manager in the Information from Google about the Tag Manager.

4. Links to other websites and online services

Our website may contain links to the websites and online services of other providers with which we are not associated. If you click on these links, we naturally no longer have any influence on what data is collected and recorded by the relevant providers.. More detailed information on data collection and use can be found in the privacy policy of the respective provider. As data collection and processing by third parties is not within our control, we cannot accept any responsibility for it.

We embed videos from the “YouTube” platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website. When you click on a YouTube video, information is sent to Google that you have accessed the video from our website. This is irrespective of whether you are logged into Google or your YouTube account.. If you are logged in, the information on the video played is assigned directly to your Google account and your YouTube account. If you do not wish this to happen, you need to log out before playing the video. Google saves your data and uses it, where applicable, for the purposes of advertising, market research and designing its own website to meet demand. This evaluation takes place even for users who are not logged in. Information on this can be found in the Privacy Policy, there is also the option of an Opt-Out.

PAIR Finance also has a presence on social networks and other online platforms in order to communicate with current and future clients, business partners and existing and potential customers and inform them about our services..

The resulting processing of personal data is based on our justified interest in effective information and communication in accordance with Article 6, para. 1 letter f. GDPR. If the data subjects are asked for consent to the data processing as described above by the operators of the platform, the legal basis for processing is Article 6, para. 1, letter a and Article 7 GDPR. Detailed information on the relevant processing and options to object can is available from the providers’ links below: Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): Agreement on the shared processing of personal dataPrivacy PolicyPrivacy ShieldTwitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA): Privacy PolicyPrivacy ShieldLinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland): Privacy PolicyPrivacy ShieldXing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany): Privacy Policy.

5. Hosting

The operation of our online services requires infrastructure services, processing capacity, storage space and database services, for which we use service providers. We and our service providers collect data on the basis of our justified interests in the efficient and secure availability of our online services in accordance with Article 6, para. 1, letter f and Article 28 GDPR.

Your data is partially processed on servers provided by Amazon Web Services, a service from Amazon Web Services Inc., 410 Terry Avenue North, Seattle, Washington 98109, USA (hereinafter “AWS”). The connection from your device to the content on our website is established via AWS servers. The servers we use are essentially within the European Union. However, elements of your data can be processed outside the European Economic Area, particularly in the USA, for technical reasons. In order to guarantee the security of your data in this instance, AQA is part of the EU-US Privacy Shield. We have also concluded a special contract with AWS which corresponds to the requirements of the standard contract clauses for the European Commission. The legal basis is Article 6, para. 1, letter f, GDPR, based on our justified interest in having the content of our website securely and reliably stored by external service providers and, at the same time, reducing our own outlay on the provision of IT infrastructure.

6. Data Transfer

We will only forward the data we have collected if you have given your explicit consent in accordance with Article 6, para. 1, letter a GDPR, forwarding is necessary in accordance with Article 6, para. 1, letter f GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that there is an overwhelming proprietary interest in failing to disclose the data, we are obliged by law to forward the data in accordance with Article 6, para. 1, letter C GDPR or it is authorised by law or required in accordance with Article 6, para. 1, letter b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures following an enquiry from you.

Some of the data processing described in this Privacy Policy may be carried out by our service providers. As well as the service providers specified in this Privacy Policy, these may include IT service providers who look after our systems and consultancy companies. If we forward data to our service providers, they can only use this data to fulfil their roles. We carefully select and commission all service providers. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.

Data can also be forwarded in conjunction with official requests, legal rulings and legal proceedings, if it is necessary for legal compliance or execution.

7. Your rights

You have the right to demand information on the processing of your personal data by us at any time. In providing the information, we will explain how the data is processed and provide you with an overview of the data we have stored about you.

If the data we have stored is incorrect or out-of-date, you have the right to have the data corrected.

You can also request the deletion of your data. If, in exceptional circumstances, it is not possible to delete the data because of other legal requirements, the data is blocked so that it is only available for this statutory purpose.

You can also restrict the processing of your data, e.g. if you believe the data we have saved is not correct. You also have the right to data transferability, i.e. on request, we will send you a digital copy of the personal data provided by you.

If you wish to assert the rights described here, you can use the contact details set out in Section 1 above. This also applies if you wish to receive copies of guarantees to evidence an appropriate level of data protection.

You also have the right to object to data processing based on Article 6, para. 1 letter e or f GDPR or for the purposes of direct advertising. Finally, you have the right to complain to the data protection regulators with jurisdiction over us. You can assert this right at a regulatory body in the Member State in which you live or work, or the location of the alleged infringement. In Berlin, the regulatory body with jurisdiction is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.

In accordance with Article 7, para. 3 GDPR, you have the right to revoke consent granted to us at any time. As a result, we will discontinue the data processing to which the consent related with immediate effect. Revoking your consent does not affect the legality of the processing from the point of your consent until its revocation.

If we are processing your data based on a justified interest in accordance with Article 6, para. 1, letter F GDPR, you have, in accordance with Article 21 GDPR, the right to object to the processing of your data and give us reasons arising from your particular situation which you believe prove that your proprietary interests take priority. If this is an objection to data processing for the purposes of direct advertising, you have the right to object in general, which we can action without you having to cite reasons.

If you wish to assert your right to revoke or object, simply send a message to the contact data above, no specific format is required.

Date: June 2020