Data Protection Information

Privacy notice

‍

Name and address of the controller

FIB Frankfurt International Bank AG
Wilhelm-Leuschner-Strasse 27-29
60329 Frankfurt am Main
Frankfurt am Main, Germany
Phone: +49 69 - 247433980
E-mail: info@fib-ag.com
Website: https://www.fib-ag.com

is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.

‍

Name and address of the data protection officer

The data protection officer of the controller is
AGOR AG
Niddastrasse 74
60329 Frankfurt am Main
Frankfurt am Main, Germany
Phone: +49 (0) 69 - 9494 32 410
E-mail: info@agor-ag.com
Website: www.agor-ag.com

‍

General information on data processing

Scope of the processing of personal data

We only collect and use the personal data of users of our website in so far as this is necessary to provide a functional website, our content and services.

In principle, the collection and use of our users' personal data only takes place with their consent. An exception to this principle applies in cases where the processing of data is permitted by law or where it is not possible to obtain prior consent for factual reasons.

‍

Legal basis for the processing of personal data

The legal basis for the processing of personal data is generally derived from
Art. 6 para. 1 sentence 1 lit. a GDPR when obtaining the consent of the datasubject.

Art. 6 para. 1 sentence 1 lit. b GDPR for processing operations necessary for the performance of a contract to which the data subject is party. This includes processing operations that are necessary for the performance of pre-contractual measures.

Art. 6 para. 1 sentence 1 lit. c GDPR for processing operations that are necessary for compliance with a legal obligation.

Art. 6 para. 1 sentence 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.

Art. 6 para. 1 sentence 1 lit. f GDPR, if the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest. In order to be able to base the processing of personal data on a legitimate interest, an assessment is carried out for each relevant process in consultation with the data protection officer, whereby the following three conditions must be met:
1) The controller of the personal data or a third party has a legitimate interest in the data processing.
2) The processing is necessary for the purposes of the legitimate interest.
3) The interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.

‍

Data deletion and storage duration

The user's personal data will be deleted or restricted as soon as the purpose of storage no longer applies. Data may be stored for longer if this has been provided for by the European or national legislator in EU regulations, laws orother provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

‍

Use of our website, general information

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the user's computer system. The following information may be collected

- IP address
- Date and time of the enquiry
- Time zone difference to Greenwich Mean Time (GTM)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- browser
- Operating system and its interface
- Language and version of the browser software

The data described is stored in the log files of our system. This data is not stored together with other personal data of the user.

‍

Purpose and legal basis for data processing

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.

The legal basis for the temporary storage of data and log files is Art. 6 para.1 sentence 1 lit. f GDPR.

The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. The user therefore has no right to object.

‍

Duration of storage

Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.

If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or anonymised. It is then no longer possible to identify the accessing client.

‍

General information on the use of cookies

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When you visit a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

‍

TDDDG:

The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications Digital Services Data Protection Act(TDDDG).

Please note that the legal basis for the processing of the personal data collected in this context then results from the GDPR (Art. 6 para. 1 sentence 1GDPR). The relevant legal basis for the processing of personal data in each specific case can be found below on the respective cookie or on the respective processing itself.

The primary legal basis for the storage of information in the end user's terminal equipment - i.e. in particular for the storage of cookies - is your consent, Section 25 para. 1 sentence 1 TDDDG. Consent is given when you visit our website - although of course it does not have to be given - and can be revoked at any time in the cookie settings.

Pursuant to Section 25 para. 2 No. 2 TDDDG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user. In the cookie settings, you can see which cookies are classified as absolutely necessary (often also referred to as ‘technically necessary cookies’) and therefore fall under the exemption rule of Section 25 para. 2 TDDDG and therefore do not require consent.

‍

GDPR:

When cookies are used, the data specified in this privacy policy is stored and transmitted.
Cookies are stored on the user's computer and transmitted from there to our website. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes in the settings of your Internet browser. Stored cookies can also be deleted there. Please note that you may no longer be able to use all the functions of ourwebsite if you deactivate cookies.

The legal basis for the processing of personal data using cookies results fromArt. 6 para. 1 sentence 1 lit. f GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.
We would like to point out that individual functions of our website can only be offered using cookies.
We do not use user data collected by technically necessary cookies to createuser profiles.

The legal basis for the processing of personal data using cookies for analysis and advertising purposes (see below) is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given their consent and Art. 6 para. 1 lit. b GDPR for pre-contractual measures.

‍

Cookie consent with Usercentrics/Cookiebot

We have integrated the consent management tool “Usercentrics/Cookiebot” (formerly“Cookiebot”) (https://usercentrics.com/de/) from Usercentrics GmbH, SendlingerStraße 7, 80331 Munich, Germany, Tel.: +49 89 21 54 01 20, email:contact@usercentrics.com) on our website to request consent for data processing or the use of cookies or similar functions. With the help of“Usercentrics/Cookiebot,” you have the option of giving or refusing your consent to certain functionalities of our website, e.g., for the purpose of integrating external elements, integrating streaming content, statistical analysis, reach measurement, and personalized advertising. With the help of“Usercentrics/Cookiebot,” you can give or refuse your consent for all functions or give your consent for individual purposes or individual functions. You can also change the settings you have made at a later date. The purpose of integrating “Usercentrics/Cookiebot” is to allow users of our website to decide on the above-mentioned matters and to offer them the option of changing settings they have already made when continuing to use our website.

When you visit our website, the following personal data is transferred to Usercentrics:

Your consent(s) or withdrawal of your consent(s), your IP address, information about your browser, information about your device, and the time of your visit to the website.

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

“Usercentrics/Cookiebot” uses the Google Cloud Platform from Google Ireland Limited, Google Building Gordon House, 4 BarrowSt, Dublin, D04 E5W5, Ireland. The server locations are in Frankfurt and Belgium. A transfer to a third country, the USA, cannot be ruled out. However, we have concluded a data processing agreement and standard data protection clauses with the provider.

The legal basis for processing is Art. 6 (1) (c) in conjunction with Art. 6 (3) (a)in conjunction with Art. 7 (1) GDPR and, alternatively, (f). By processing the data, we help our customers (the controllers under the GDPR) to fulfill their legal obligations (e.g., duty of proof). Our legitimate interests in the processing lie in storing user settings and preferences with regard to the use of cookies and other functionalities.

Further information on data processing by “Usercentrics/Cookiebot” can be found in the privacy policy at https://usercentrics.com/de/datenschutzerklaerung/.

By clicking on the blue button at the bottom left of each page of this website, you can adjust your consent settings at any time.

‍

Your rights / rights of the data subject

Right to information

You have the right to receive information from us as the controller as to whether and which personal data concerning you are processed by us, as well as further information in accordance with the legal requirements under Art. 13, 14 GDPR.
You can assert your right to information at:
datenschutz@fib-ag.com

‍

Right to rectification

If the personal data processed by us and relating to you is incorrect or incomplete, you have a right to rectification and/or completion. The correction will be made immediately.

‍

Right to restriction

You have the right to restrict the processing of personal data concerning you in accordance with the statutory provisions (Art. 18 GDPR).

‍

Right to erasure

If the reasons set out in Art. 17 GDPR apply, you can request that the personal data concerning you be deleted immediately.

We would like to point out that the right to erasure does not exist if the processing is necessary for one of the exceptional circumstances mentioned inArt. 17 para. 3.

‍

Right to information

If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

‍

Right to data portability

Under the GDPR, you also have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.

‍

Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

‍

Right to object

You also have the right to object, on grounds relating to your particular situation at any time to processing of personal data concerning you which is based on lit. e or f) of Article 6 para. 1 GDPR.

‍

Automated decision-making in individual cases, including profiling

Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

‍

Right to lodge a complaint with a supervisory authority

Finally, if you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

‍

Data transfer outside the EU

The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union as part of the use of third-party services. We only authorise the processing of your data in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that your data may only be processed on the basis of special guarantees, such as the EU Commission's officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations, the so-called "standard contractual clauses" (SCC).

‍

EU-USTrans-Atlantic Data Privacy Framework

As part of the so-called ‘Data Privacy Framework’ (DPF), the EU Commission has also recognised the level of data protection for certain companies from the USA as secure as part of the adequacy decision of 10 July 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/s/participant-search.

‍

Data processing under the Swiss Federal Act on Data Protection

In principle, the use of our website is subject to the statutory provisions of the GDPR. If you also visit our website from Switzerland and in so far as the associated data processing also affects you as a Swiss citizen, these data protection provisions also apply to you under the Swiss Federal Act on Data Protection (‘Swiss FADP’ in the version of 1 September 2023), analogous to the GDPR.

In principle, the Swiss FDPA does not provide for a legal basis. In this respect, we only process your data from Switzerland if the processing is lawful, is carried out in good faith and is proportionate in accordance with Art. 6 para. 1 and 2 of the Swiss FADP. Furthermore, your data will only be collected by us for a specific purpose that is recognisable to the data subjectand will only be processed in such a way that it is compatible with these purposes in accordance with Art. 6 para. 3 of the Swiss FADP.

In this context, please also note that although certain terms are formulated differently under the GDPR, they have the same legal meaning as under the SwissFDPA. For example, the GDPR terms ‘processing’ of ‘personal data’, ‘legitimate interest’ and ‘special categories of data’ used in this data protection notice correspond to the terms ‘processing’ of ‘personal data’, ‘overriding interest’ and ‘sensitive personal data’ used in the Swiss FADP.

The data subject rights set out here pursuant to Art. 12 et seq. GDPR can also be asserted by data subjects from Switzerland in accordance with the provisions of Art. 25 et seq. of the Swiss FADP.

‍

Minors under the age of 16

Minors under the age of 16 are expressly not addressees of our website and our offers on this website. We would like to point out that legal guardians must supervise their children's online activities. Minors under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We explicitly do not request personal data from minors under the age of 16, do not knowingly collect it and do not pass it on to third parties.

‍

Contacting us electronically by e-mail

If you would like to contact us, you will find an e-mail address on our website that you can use to contact us electronically. In this case, the user's personal data transmitted with the e-mail will be stored.

Your data will not be passed on to third parties in this context; the data will only be used to process the communication.

The legal basis for the processing of the contact enquiry and its handling is regularly Art. 6 para. 1 sentence 1 lit. b GDPR.

Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

‍

Registration

Direct registration via FIB x PORTal

You have the option of registering on our homepage (under the FIB x PORTal link) by entering your personal data. The data is entered into an input mask, transmitted to us and stored. The data will not be passed on to third parties. The following data is collected as part of the registration process:
Gender, first name, surname, email address, registration profile, company, jobtitle (optional), telephone number (optional), business email address
The following data is also stored at the time of registration:
The user's IP address, date and time of registration
Registration regularly serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures in the form of the extended use of our website. The legal basis for the processing of the data is therefore Art. 6 para. 1 sentence 1 lit. b GDPR.

After registering, you have the option of submitting a credit enquiry in your account area.

Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case for the data collected during the registration process if the registration on our website is cancelled or amended.

This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Continuing obligations require the storage of personal data during the term of the contract. Warranty periods and the storage of data for tax purposes must also be observed. The storage periods to be observed here cannot be determined across the board, but must be determined on a case-by-case basis for the respective contracts and contracting parties.

You have the option of cancelling your registration on our website at any time. You can also have your stored data amended at any time.

You can send your deletion or modification request informally by e-mail (corporate@fib-ag.com). You can alsomake changes yourself where this is provided for by the portal.

Below is a detailed description of how to delete your account and change your data:
If the data is required for the fulfilment of a contract or for theimplementation of pre-contractual measures, premature deletion of the data is only possible in so far as contractual or legal obligations do not prevent deletion.

‍

Applications

On this website, we list job vacancies that interested parties can apply for by email. Unsolicited applications can also besent to us by email. When we receive an application, we process the data provided by the applicant solely for the purpose of filling the vacant position.

‍

The main legal basis for this is Art. 88 GDPR inconjunction with § 26 (1) BDSG (alternatively Art. 6 (1) (b) and (f) GDPR).

‍

Within our company, only those persons who are responsible for handling the application process and who are responsible for deciding on the outcome of the application will have access to your personal data. We will delete your personal data as soon as it is no longer required for the above-mentioned purposes.

‍

If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interests in this sense include, for example, the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

‍

Your personal data will not be transferred to third parties.

‍

Web Analytics

SalesViewer

This website uses SalesViewer technology from SalesViewer GmbH to collect and store data on the basis of your consent (Art. 6 para. 1 lit. a GDPR) to identify leads in the B2B relationship (market research and optimisation purposes).

For this purpose, a javascript-based code is used to collect company-related data and use it accordingly. The data collected with this technology (IP of your company network) is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website.

The data stored by Salesviewer is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer within this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.

‍

Content Delivery Networks (CDN)

This site uses content delivery networks to provide popular online libraries and webfonts. Access is then made directly to the operators' servers, so that data such as the calling IP address, referrer, browser information, etc. is collected there.

The legal basis for this is our legitimate interests pursuant to Art. 6 (1) (f)GDPR in presenting our site in a way that meets user needs and optimizes the user experience.

You can prevent the collection and processing of your data by CDNs by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find one at www.noscript.net, for example).

Amazon Cloudfront

We use the Amazon CloudFront content delivery network (CDN) from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS), to increase the security and delivery speed of our website. This is in line withour legitimate interest (Art. 6 (1) (f) GDPR). For this purpose, personal data may be processed in AWS server log files.

AWS is the recipient of your personal data and acts as a processor for us.

The functionality of the website cannot be guaranteed without this processing.

Your personal data will be stored by AWS for as long as necessary for the purposes described.

Further information on options for objection and removal vis-à-vis AWS can be found at: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

AWS has implemented compliance measures for international data transfers. These apply to all global activities in which AWS processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

‍

jsDelivr CDN

This site uses a so-called “content delivery network” (CDN) from jsDelivr (VolentioJSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN49EB, United Kingdom).

Userdata is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

For this purpose, the browser you are using must connect to the CDN's servers. This allows the CDN to know that our website has been accessed via your IP address.

The use is based on our legitimate interests, i.e. interest in the secure and efficient provision, analysis, and optimization of our online offering in accordance with Art. 6 (1) lit. f. GDPR.

Further information can be found in the privacy policy of jsDelivr: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/

‍

Google Cloud APIs

We use the Google Cloud APIs service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com,website: https://www.google.com/, on our website. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF -https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, which you have given on our website.

We use Google APIs to load additional Google services on the website. Google APIs are a collection of interfaces for communication between the various Google services used on your website. The service is used in particular to display Google Fonts and to provide Google Maps.

For processing purposes we collect the following data: IP address

If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the necessary data. In the context of order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transfer and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Cloud, Google Maps, Google Ads, and Google Fonts in accordance with Google's privacy policy under Google's responsibility for data protection. You can view the provider's certification under the EU-US Data Privacy Framework athttps://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You can find more information on revoking your consent either in the consent form itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

‍

Socialmedia

Socialmedia platforms

We currently use the following social media platforms:

LinkedIn

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out ,

Xing

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy policy/ Opt-Out:
https://privacy.xing.com/de/datenschutzerklaerung .

‍

Social media presence

We maintain fan pages within various social networks and platforms with the aim of communicating with the customers, interested parties and users active there and informing them about our services.

We would like to point out that your personal data may be processed outside the European Union, which may result in risks for you (e.g. when enforcing your rights under European / German law).

As a rule, user data is processed for market research and advertising purposes. For example, user profiles can be created from user behaviour and the resulting interests of users. These user profiles can in turn be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of users' personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art.6 para. 1 sentence 1 lit. f. GDPR. GDPR. If users are asked by the respective providers for consent to data processing (i.e. they declare their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a. GDPR.

Further information on the processing of your personal data and your options to object can be found under the links provided by the respective provider. The assertion of information and other rights of the data subjects can also be made against the providers, then only those who have direct access to the data of the users and have the corresponding information. We are of course available to answer any queries you may have and will support you if you need help.

A supplementary agreement is concluded with some social media platforms when operating a fan page. According to this agreement, data subject rights can generally be asserted both with the social media platform and with us. However, the primary responsibility under the GDPR for the processing of Insights data lies with the social media platform and it fulfils all obligations under the GDPR with regard to the processing of Insights data. In this context, the social media platform makes the essentials of the Page Insights supplement available to the data subjects.

As the operator of the fan page, we do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13GDPR, such as the legal basis, the identity of the controller and the storage duration of cookies on user devices.

‍