1. General; Responsible
With this notice, we would like to inform you about how we CAPTIQ GmbH (Neue Mainzer Str. 66-68 60311 Frankfurt am Main; hereinafter also referred to as 'CAPTIQ', 'we', 'us') process personal data in connection with the loan brokerage platform (see also the website www.captiq.com, the 'Website') (the 'Platform') provided by us. We take the confidentiality and protection of your personal data very seriously. For this reason, we process your personal data exclusively to the extent permitted by law, in particular on the basis of the provisions of the German Data Protection Regulation ('GDPR') and the German Federal Data Protection Act.
For the processing of personal data relating to the Platform carried out by us ourselves, we are in principle the controller within the meaning of the GDPR, although any processing by the partner bank and the financier is carried out in each case under their own responsibility (cf. on this (and also on the terms 'partner bank' and 'financier') below under 2.b).
2. Data processing
a) Usual processing operations in connection with websites
When you visit our website (www.captiq.com), this involves processing data that is regularly processed when you visit a website.
i) Visit the website
In principle, you can visit our website without providing us with any personal data. As is usual with most websites, our systems automatically record every access or retrieval of our website and store this temporarily in a log file ('log files'). The data stored in this context includes in particular the following data:
- IP address of the requesting computer,
- name and URL of the accessed file,
- date and time of access,
- amount of data transferred,
- recognition data of the browser used
This data cannot be assigned to specific persons. Personal user profiles are also not created - unless mentioned elsewhere in this privacy policy. The aforementioned processing of data takes place for the purpose of enabling the use of the website (connection establishment; session control) and for internal system-related purposes (technical administration, system security). The storage in log files takes place in order to ensure the functionality of the website. In addition, we use this data to optimize the website and to ensure the security of our systems. Insofar as the processing of such data in the context of visiting the website involves personal data, the corresponding processing of this data is based on Art. 6 (1) p. 1 lit. f GDPR (legitimate interest). The legitimate interest follows from the above-mentioned purposes.
ii) Google Analytics
The website uses Google Analytics, a web analytics service provided by Google. If you do not consent to the use of this tool when (first) accessing the website, no personal data from you will be processed using this tool. By means of this service, we can evaluate the use of our website and collect information about the needs of users in order to increase the user-friendliness of our online offer and its quality on this basis. In order to carry out these evaluations, aggregated and anonymous statistical data in particular are collected. Google Analytics uses 'cookies', which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. However, since this website uses IP anonymization, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can prevent the storage of the corresponding cookies by making the appropriate setting in your browser software or by deactivating the use of Google Analytics regarding our website with regard to your personal data in the consent management tool contained on our website. However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more information about Google Analytics, click here:
http://www.google.com/analytics/terms/de.html
http://www.google.com/intl/de/analytics/learn/privacy
http://www.google.de/intl/de/policies/privacy
http://www.google.com/intl/de/analytics/learn/privacy
http://www.google.de/intl/de/policies/privacy
The legal basis for the processing of personal data described above is Art. 6 para. 1 p. 1 lit. a GDPR (consent).
The responsible service provider of the aforementioned Google services is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
As already described above, data may also be processed by Google in the USA. There is currently no comprehensive decision by the EU Commission on the adequacy of the level of data protection in the USA. In order to ensure an adequate level of data protection, so-called standard data protection clauses within the meaning of Article 46 (2) (c) of the GDPR are used (by Google) (Google can provide you with corresponding documentation on the standard data protection clauses).
iii) Contact by E-mail
There are various ways of contacting us by email on the website. If you contact us in this way or send us an inquiry, the personal data you have transmitted will be processed by us in order to answer your inquiry. This data is used by us exclusively for the purpose of processing the corresponding request. The legal basis for the processing of the aforementioned personal data is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interests). The legitimate interest results from the fact that we can only carry out the action requested by the user (e.g. answering inquiries) by processing the user's data accordingly. If the contact is aimed at the possibility of concluding a contract with us,
Art. 6 para. 1 sentence 1 lit. b GDPR (contract performance and pre-contractual measures) legal basis for the processing.
Art. 6 para. 1 sentence 1 lit. b GDPR (contract performance and pre-contractual measures) legal basis for the processing.
b) Processing of data of the (potential) borrower in connection with credit mediation
i. We do not grant loans ourselves, but will refer your credit request to our partner bank, Solaris SE (Anna-Louisa-Karsch-Straße 2, 10178 Berlin; hereinafter the 'Partner Bank'). For this purpose, we transmit your credit application, including the relevant data, information and documents provided by you in connection with the credit application and the relevant information about you that we receive from third parties in connection with the credit application, to the Partner Bank (these data, documents and information hereinafter also the 'Application Documents'). Please note that the personal data processed by us in this context is generally required for the brokerage services we provide; without the provision of the relevant data, it will generally not be possible for the partner bank to conclude a corresponding loan agreement with you.
ii. Our partner bank has entered into a framework agreement with der Heydt Securitisation SA (17 rue de Flaxweiler, L-6776 Grevenmacher), acting on behalf of CAPTIQ Compartment 2019-001, (hereinafter also the 'Financier') for the assumption of the loan agreements. In the event of such takeover, the Financier shall become the legal and economic owner of the credit claim or your creditor and contractual partner regarding the loan (in each case instead of the partner bank). In this context, the financier requires the application documents which we provide to it for this purpose - after a disbursement of the loan amount by the partner bank to you.
For the purpose of brokering a loan, we process the correspondence between you and the partner bank or financier regarding your loan request, which takes place via the platform (this mainly concerns the correspondence until a loan agreement is concluded or until your loan request is rejected).
The partner bank and the financier each process your data under their own responsibility. The partner bank processes your data for the initiation, conclusion and processing of any credit agreement, including the transfer of the credit agreement to the financier. The financier processes your data for the initiation, conclusion and handling of the transfer of the credit agreement as well as the collection of receivables. The financier may use service providers commissioned by it and subject to its instructions for the execution and processing of the credit agreement.
iii. A credit check on you is required to process your loan request. For this purpose, we work together with appropriate credit agencies (hereinafter the 'credit agencies'), from which we receive corresponding credit reports. For the purpose of or in connection with the commissioning of the credit bureaus, we transmit the following data to the credit bureau in particular: first name, last name, address, date of birth, annual financial statement data, BWA, personal income and expenses, personal asset data.
We are currently working with the following credit agencies in particular:
We are currently working with the following credit agencies in particular:
- CAPTIQ transmits personal data collected as part of the contractual relationship about the application, implementation and termination of this business relationship as well as data about non-contractual behavior or fraudulent behavior to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden ('SCHUFA'). The legal bases for these transfers are usually Article 6 Paragraph 1 Letter b and Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR); see also under iv. below. Transmissions on the basis of Article 6 paragraph 1 letter f GDPR may only take place if this is necessary to protect the legitimate interests of the bank/savings bank or third parties and does not outweigh the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data . The exchange of data with SCHUFA may also serve to fulfill legal obligations to carry out credit checks on customers (§ 505a of the German Civil Code, § 18a of the Banking Act). The customer also releases CAPTIQ from banking secrecy to the extent that CAPTIQ is subject to such. SCHUFA processes the data received and also uses them for the purpose of profiling (scoring) to provide their contractual partners in the European Economic Area and Switzerland and possibly other third countries (if there is an adequacy decision by the European Commission) information, among other things, to assess the creditworthiness of natural to give to people. Further information on the activities of SCHUFA can be found in the SCHUFA information sheet in accordance with Art. 14 GDPR (see the link below) or online at www.schufa.de/global/datenschutz-dsgvo/. Further information on the data processing carried out by SCHUFA can be found at www.meineschufa.de/de/datenschutzhinweis. Please note that we are not responsible for this linked content; this is SCHUFA information provided by SCHUFA.
- Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss (“Boniversum”); Further information on the data processing carried out by Boniversum can be found at https://www. boniversum.de/eu-GDPR/informationen-nach-eu-GDPR-fuer- Verbraucher/. Please note that we are not responsible for this linked content.
- Verband der Vereine Creditreform e.V., Hammfelddamm 13, 41460 Neus ('Creditreform'); further information on the data processing carried out by Creditreform can be found at https://www.creditreform.de/datenschutz. Please note that we assume no responsibility for this linked content.
The data obtained from the credit agencies may also be transmitted to a certain extent to the partner bank and/or the financier for the purpose of loan brokerage or to check your creditworthiness.
iv. Insofar as we transmit personal data to the partner bank or the financier and process it for this purpose, this is done to fulfill an existing contract with you on the use of the platform or in fulfillment of the respective brokerage relationship, including the associated order to forward your credit inquiry and application documents to the partner bank or the financier for the initiation of a credit agreement and to enable further correspondence on the credit inquiry between you and the partner bank or the financier (legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR).
Data processing in connection with obtaining creditworthiness information is based on Art. 6 (1) sentence 1 lit. b GDPR (contract or pre-contractual measures) or Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interest arises from the fact that we or the partner bank and the financier need to know whether the applicant is a solvent contractual partner).
If a loan agreement has been concluded or your loan application has been withdrawn or has been settled for another reason, we will continue to store your personal data and the application documents insofar as this is necessary to comply with any existing statutory retention obligations (legal basis: Art. 6 (1) sentence 1 lit. c) GDPR) and/or to protect our legitimate interest in asserting, exercising or defending legal claims in connection with your use of the platform (legal basis: Art. 6 para. 1 p. 1 lit. f) GDPR; we assume that your interests do not conflict with this because the subsequent storage period is reasonable with regard to the interests to be protected).
For more information on what data is processed by the partner bank, please see the partner bank's privacy notice, which can be found here: https://www.solarisbank.com/de/customer-information/ For more information on what data is processed by the financier, please see the financier's privacy notice, which can be found here: https://www.solarisgroup.com/de/privacy-policy/
3. (Other) data transfers
The personal data collected in the course of using the platform will - subject to other cases expressly described in this privacy policy (see 2..b) above) - not be passed on to third parties or transferred in any other way without your consent.
a) Exceptions to this are transfers of personal data in the case of a legal obligation to disclose (such as to government institutions and authorities), insofar as we are legally obliged to do so. The legal basis for this processing of your personal data is Art. 6 para. 1 p. 1 lit. c GDPR (fulfillment of a legal obligation).
b) In connection with the platform and the services offered on the platform, we may use external service providers who process personal data from you on our behalf and according to our instructions (Art. 28 GDPR; commissioned processing), e.g. IT service providers.
c) We may also share any data relating to your loan application or loan agreement with your financial advisor or make it available to your financial advisor (if your loan application was brought to us via your financial advisor) so that your financial advisor can provide you with the best possible advice on the relevant loan topics relating to the platform; this is done either to fulfill a contract between you and us or between you and your financial advisor (Art. 6 (1) sentence 1 lit. a GDPR) or to fulfill the legitimate interests of the financial advisor (Art. 6 (1) sentence 1 lit. f. GDPR; the legitimate interests arise from the aforementioned purpose). GDPR; the legitimate interests result from the aforementioned purpose). If your credit inquiry is submitted to us via your financial advisor, we will generally also receive personal data about you from your financial advisor in advance of or in connection with the credit inquiry.
4. Business partner
In addition, we may process personal data as part of our collaboration with contracted service providers or other business partners (collectively, the 'Business Partners'), such as financial advisors, who use or are connected to our Platform.
Within the scope of cooperation with our business partners or their contacts, we process the following categories of personal data, among others:
- Name, address, and other contact information of the business partner, such as title, address, telephone or fax number, and e-mail address;
- if applicable, information on the professional activity of the business partner;
- If applicable, permits (e.g. § 34c GewO)
- If applicable, bank details of the business partner
These aforementioned personal data are required for the establishment, implementation and processing of the contractual relationship with the respective business partner. The processing of this data is usually based on Art. 6 para. 1 p. 1 lit. b GDPR.
5. Duration of the retention of your personal data
Insofar as no other storage period results from the other provisions of this data protection notice, we will generally only store your personal data obtained by us in connection with the use of the platform for as long as this is necessary to fulfill the corresponding processing purpose (e.g., to process your requests or inquiries to us or until the respective credit agreement has been concluded or rejected), thereafter only to the extent and to the extent that we are obligated to do so due to statutory retention obligations; insofar as we no longer need your data for the purposes described above, it will only be stored during the respective statutory retention period and not processed for other purposes.
6. Your rights
You have the right to request information from us about the personal data we have stored about you. Insofar as the legal requirements are met, you also have the right to rectification, deletion or restriction of the processing of the relevant personal data, the right to object to the processing of your data by us and the right to receive the personal data relating to you from us in a structured, common and machine-readable format. If you have given your consent to the use of personal data, you can revoke this consent at any time for the future. If you believe that the processing of personal data concerning you by us violates applicable data protection law, you may lodge a complaint with the (competent) supervisory authority for data protection.
7. Contact; Data Protection Officer
You can contact us at the address mentioned in point 1. as well as via e-mail (support@captiq.com) and telephone (+49 89 7400 45840). You can also contact our data protection officer directly with any questions you may have regarding data protection. The contact details of our data protection officer are: DataCo GmbH, Dachauer Straße 65, 80335 Munich, phone: +49 89 7400 45840.
8. Data security
We maintain current technical measures to ensure data security, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art in each case.
9. Change of the data protection notice
From time to time it may become necessary to change this privacy policy. We therefore reserve the right to change the data protection information at any time with effect for the future. We therefore recommend that you read this privacy policy again at regular intervals.