Skip to content
DE|EN

Data Privacy Policy

Privacy Policy of Finmatics GmbH

The protection of your personal data [1] ("Data") is of particular concern to us. In this privacy policy, we therefore inform you in accordance with Articles 13 and 14 of the General Data Protection Regulation ("GDPR") about how we, as the data controller within the meaning of Article 4(7) GDPR, process your data in connection with

  • your visit to and use of this website and our social media pages,
  • business and customer relationships with you,
  • your contact requests,
  • your newsletter subscriptions,
  • your participation in Finmatics events
  • your job application.

You can find more information on data processing in the context of our Finmatics software here.

  1. Who is responsible for data processing and who can you contact if you have any questions?

    The controller under data protection law for the data processing described in this privacy policy is the:

    Finmatics GmbH
    Lindengasse 41/10, 1070 Wien
    Phone: +43 1 997 4163
    ("we", "us")


  2. What categories of data do we process?

    In connection with your visit to our website (www.finmatics.com) and our social media pages, we process data that falls into the following categories:
    • IP address and IP location
    • other access data (such as information about your browser, system data about devices and operating systems used, date and time of the server request, referrer URL, amount of data sent)

    We collect this data automatically using cookies and plug-ins (see section 3 for more details).

    If you are a customer or business partner (or an employee of a customer or business partner), we process the data that you provide to us in the context of initiating the contractual relationship or during the ongoing contractual relationship, such as:
    • name/company
    • address
    • contact details (e-mail address, telephone number)
    • company register data
    • bank details
    • VAT number
    • names and contact details of contact persons in the company
    • contract texts and business correspondence
    • data neccessary for providing software demo accounts (login data)
    • customer ratings ("success stories")

    When you contact us, in particular via our website, by email, telephone or social media, we process data that falls into the following categories:
    • salutation and name
    • contact details (e-mail address, telephone number)
    • customer number
    • other disclosed data

    If you have subscribed to our newsletters (in particular monthly newsletter, weekly release notes and blog updates), we process your data that fall under the following categories:
    • name
    • e-mail address
    • other data (e.g. data in connection with your access to our newsletter messages)

    If you participate in Finmatics' events (such as workshops, webinars, presentations), we will process the following data:
    • contact details
    • photos and videos

    If you are an applicant with us, we will process the data that you provide to us as part of your job application, such as
    • name
    • address
    • contact details (e-mail address, telephone number)
    • data on professional career

    If you are a whistleblower under the Austrian Whistleblower Protection Act, we will process the data you provide to us as part of your report, such as
    • name
    • adress
    • contact details (e-mail address, telephone number)
    • data in connection with your reference

 

  1. How do we process your data?
    1. Website & Social Media
      1. Cookies & Plug-Ins

        Our website uses cookies provided by third-party providers to make the website more user-friendly. Cookies are small text files that are temporarily stored on your device and/or saved by your browser. You will also find third-party plug-ins on our website, which provide the website with additional functionalities. When you visit our website, these plug-ins are deactivated by default, so they do not send any data to third parties without any action on your part.

        The collection of your data in connection with cookies and plug-ins is based on your consent in accordance with Article 6(1) a GDPR in conjunction with Section 165(3) TKG.

        You can refuse the storage of individual cookies or the activation of plug-ins by configuring the cookie banner. You can revoke any consent you have given to the use of cookies and the activation of plug-ins at a later date at any time with effect for the future via your browser settings.

        When cookies are set or plug-ins are activated on the basis of voluntary consent, data is sometimes transferred to recipients in third countries outside the EEA. In these third countries, no level of data protection comparable to the GDPR can be guaranteed; in particular, there is a risk that data may be viewed by authorities for control and monitoring purposes. By giving your consent, you agree that cookies or plug-ins from providers from other third countries may be used and accept a possible lower level of data protection (Article 49 (1) a GDPR).

        Cookies that are absolutely necessary for the functioning of the website (technically necessary cookies) cannot be rejected or deactivated. In these cases, data processing is based on our legitimate interest pursuant to Article 6(1) f GDPR in being able to provide our website in an appropriately functional manner.


      2. External links on our website

        On our website you will find external links that lead to websites of social media platforms (e.g. Facebook, Instagram, LinkedIn, Xing, YouTube, Google Maps). The external links are displayed on the website as a button with the logo and name of the respective social media service. When you visit our website, these buttons do not send any data to third parties without any action on your part.

        When you click on a social media button, you will be redirected to the website of a third party (the respective social media service provider). After redirection, we have no influence on the use of cookies and the data collected by the third-party provider. The social media service providers use their own cookies and process your data in accordance with their own privacy policies. We recommend that you check the respective data protection declarations before you voluntarily pass on data to these providers (for the processing of your data when visiting our social media fan pages, see point iii)).

        In this context, please note that clicking on the external links on our website may result in your data being transferred to and processed in third countries outside the EEA.


      3. Social media pages

        If you visit our company pages that we have set up on social media (Facebook, Instagram, LinkedIn, Xing) ("fan pages"), your data will be processed in connection with this visit, regardless of whether you are registered or logged in to the respective social media service. This processing takes place on the one hand for the purpose of improving the advertising systems of the respective social media service provider, and on the other hand for the purpose of presenting our company to users of the respective social media service and enabling communication with visitors to the fan pages. By operating the fan pages, we contribute to the processing of the personal data of visitors to our fan pages by the respective social media service provider and are therefore jointly responsible with them within the meaning of Article 26 GDPR.

        Detailed information on the processing of your data in connection with our fan pages can be found on the following pages:
    2. Business relations

      If you are our customer or business partner (or an employee of our customer or business partner), we process your data or the data of your employees for the purpose of processing the business relationship (e.g. provision of services, processing of claims arising from the contract, invoicing) on the basis of the fulfillment of (pre)contractual obligations pursuant to Article 6 (1) b GDPR and for the fulfillment of legal obligations pursuant to Article 6 (1) c GDPR (e.g. proper accounting) and to safeguard our legitimate interests pursuant to Article 6 (1) f GDPR, such as the processing of business relationships.

      We process your data or data of your employees as part of the provision of free software demo accounts, in particular the contacts and login data, in accordance with Article 6 (1) a GDPR.


    3. Contact, inquiries

      When you contact us (e.g. via our online forms, telephone or email), we process your data for the purpose of processing your contact. Data processing takes place on the basis of the fulfillment of (pre-)contractual obligations pursuant to Article 6 (1) b GDPR and for the fulfillment of legal obligations pursuant to Article 6 (1) c GDPR (e.g. proper accounting) or on the basis of our legitimate interests pursuant to Article 6 (1) f GDPR, such as in particular the maintenance of relationships with (potential) customers and the provision of information to customers and interested parties.


    4. Newsletter

      If you subscribe to one of our newsletters, available at www.finmatics.com/en/newsletter, blog.finmatics.com/en/release-notes, blog.finmatics.com/en, we will process the data you voluntarily provide, in particular your name and e-mail address, in order to send you up-to-date information about our products, events and other relevant news at regular intervals.

      Data processing is carried out on the basis of your express consent in accordance with Article 6(1) a GDPR in conjunction with Section 174(3) TKG. You can revoke your consent at any time with effect for the future via the "unsubscribe button" in the respective newsletter e-mail. Your data will be stored until you effectively withdraw your consent.

      As part of sending the newsletter, we use cookies and similar technologies (see point 3.a) aa) to collect information about your newsletter reading behavior (e.g. opening and click rates). The evaluation of this information serves to understand your reading habits and to better adapt content to you.


    5. Event participants

      If you register for Finmatics events (in particular webinars, workshops, presentations), we process the contact details you provide to register and process them for the administration of your participation in the events (Article 6 (1) b GDPR). As part of some events, photos and/or videos may also be taken of you (Article  6 (1) a GDPR), which we publish on our social media channels (in particular LinkedIn and Instagram). If you do not want your photos taken and/or published, please inform the event organization or the responsible photographer in advance. 

    6. Applicants

      If you apply to us, we process the data provided by you for the implementation of pre-contractual measures (handling of the application process with the aim of concluding a contract, Article 6 (1) b GDPR) and / or on the basis of your express consent (Article 6 (1) a GDPR) if we wish to keep you on record as an applicant.


    7. Whistleblower

      We provide an internal reporting channel for whistleblowers within the meaning of the Austrian Whistleblower Protection Act (Hinweisgeberinnenschutzgesetz) via https://finmaticstest.factorialhr.com/complaints. Without the express consent of the whistleblower, the identity of the whistleblower will not be disclosed to anyone other than our authorized employees. By way of derogation and to the extent a report was not made anonymously, disclosure will be made if this would be required under Union or national law (in the case of judicial/official proceedings or investigative criminal proceedings). The whistleblower will be informed in advance of the planned disclosure, unless this would jeopardize the ongoing investigation, for example. This also applies to persons affected by the whistleblowing report. The following data of whistleblowers or any persons affected by the whistleblowing report will be processed: name, contact details, relationship to us and other data in connection with the report.

      The legal basis for the processing of personal data in the context of whistleblowing is Article 6 (1) c GDPR.

      As long as and to the extent necessary to protect whistleblowers and/or other data subjects, the rights of data subjects (in particular the rights to information, access, rectification, erasure, restriction and the right to object) shall not apply (in particular for the duration of administrative or judicial proceedings or investigative criminal proceedings).

  2. Storage duration

    We process your data for as long as is necessary to fulfill the purpose underlying the respective processing and in accordance with statutory documentation and retention obligations. When data processing is no longer necessary, we will delete your data.

    Cookies

    Session cookies are only required for the duration of your current session and are deleted or lose their validity as soon as you leave our website or your current session expires. Persistent cookies are stored for a maximum period of one year.

    For deviating storage periods of cookies that are collected by the respective social media service provider when visiting our fan pages, please see the information linked in point 3.a) iii).

    Applicant data

    Unless the data is to be stored for longer on the basis of your consent, it will be deleted seven months after completion of the application process.


  3. To whom is data passed on?

    Your data will be transmitted by us to the following recipients in the course of processing for the above-mentioned purposes and, if necessary, due to legal or official obligations:

    • To our affiliated companies
    • Service providers (especially IT service providers)
    • In case of cause to legal representatives, notaries, courts and administrative authorities
    • To banks and insurance companies if necessary

    Insofar as your data is processed by our service providers (processors), we ensure that they only process your data within the scope of our contract and for the respective purposes mentioned above.


  4. Transfer to third countries

    If the above-mentioned recipients of your data are located outside the EEA and the EU Commission has not determined that the country in question has an adequate level of data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses or otherwise in accordance with Articles 46, 47 or 49 GDPR.


  5. What rights are you entitled to?

    Right to information

    If we process your data, you have the right to information about the processing purposes, the categories of data processed, the recipients of this data, the storage period, the rights to which you are entitled, the origin of the data and the existence of automated decision-making.

    Rectification and deletion

    You are entitled to request the rectification of incorrect or incomplete data concerning you. You are entitled to request the deletion of data concerning you, provided that the processing of the data is not lawful and there are no legal obligations on our part to prevent deletion.

    Restriction of processing

    You are entitled to request the restriction of the processing of your data in certain cases.

    Data portability

    You are entitled to request the transfer of the data you have provided to us in a structured, commonly used and machine-readable format. You have the right to have the data transmitted directly from us to a controller, insofar as this is technically feasible.

    Right to object

    You have the right to object to the processing of data concerning you at any time on grounds relating to your particular situation. If you object, we will no longer process data concerning you unless we can prove that our reasons for processing outweigh your interests. You can object to the use of your data for advertising purposes at any time; in this case, we will stop processing your data for advertising purposes.

    Withdrawal of consent

    You have the right to withdraw the consent to the processing of your data at any time (in particular newsletters, applicant data, success stories). This does not affect the lawfulness of the data processing carried out up to this point in time.

    Complaint

    If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna (www.dsb.gv.at).

    To exercise your data subject rights in connection with visiting our fan pages, please use the forms provided in the data protection information of the respective social media service provider linked under point 3.a) cc) or contact us by post at the contact address provided in each case.

 

(Last updated December 20, 2023)

[1] "According to Article 4(1) GDPR, "personal data" means any information relating to an identified or identifiable natural person.