Privacy Policy for fino run Ltd.

This data protection declaration of fino digital GmbH, Universitätsplatz 12,34127 Kassel, Germany, would like to inform you as a customer which customer data and personal data are collected and processed by you when using our account change service. In the case of special variants of the account change service, e. g.”fino guided”, supplementary data protection information may apply, but you will be notified separately of its validity before using the service. An account change is completed as soon as the user releases it for production with the close button (currently “Close Account Change”) and all change notifications have been sent to the respective payment partners. It is the same if the user decides to send the letters to his payment partners independently.

1. Collection and use of personal data

For the use of some services you have to be logged in as a user. When registering, you must first provide the data necessary for the provision of the services: This includes the user name, password and the deposit of an e-mail address. It is also necessary to provide additional data to verify the records. These include in particular: Salutation, first name, surname, address, date of birth and IBAN / BIC of the account keeping institutions. This data is required for identification, authentication and administrative purposes. Further information can be provided on a voluntary basis. If you have registered for a variant of the portfolio and provided personal details, this data will only be used to the extent necessary to carry out the service. IBAN will be passed on to your new bank for billing purposes. The IBAN is stored for this purpose for the last and current month and is then automatically deleted.

2. Account data

Personal data collected in the context of online banking will only be processed and used for the purpose of executing the contract. In order to use other services within the scope of the account change service, additional data may be required. Only the data required for granting access is collected. These are in particular identification codes, passwords and PINs. This data is used exclusively to retrieve the content of the corresponding modules or to be able to use these modules at all. This data is only transferred to the old bank and is never stored. The SEPA mandates that are subsequently read out will be collected exclusively for the purpose of fulfilling the account change service and will be deleted after successful transmission by means of the automated procedure.

3. Log-Files

During your visit to our web application, we store so-called cookies on your computer. Cookies are small text files that enable us to identify your computer. They do not interfere with the operating system of your computer. Among other things, we use cookies to measure the frequency of page views and general page navigation and to further develop our service. You can prevent the use of cookies by adjusting your browser settings. It is also possible to request whether you agree to this before setting a cookie. Set cookies can be deleted at any time. Please refer to the instructions of your browser software for instructions on how to adjust the settings or delete cookies. Cookies set by us are automatically deleted after the account change is completed.

4. Cookies

During your visit to our web application, we store so-called cookies on your computer. Cookies are small text files that enable us to identify your computer. They do not interfere with the operating system of your computer. Among other things, we use cookies to measure the frequency of page views and general page navigation and to further develop our service. You can prevent the use of cookies by adjusting your browser settings. It is also possible to request whether you agree to this before setting a cookie. Set cookies can be deleted at any time. Please refer to the instructions of your browser software for instructions on how to adjust the settings or delete cookies. Cookies set by us are automatically deleted after the account change is completed.

5. Hosting

Our web application and other websites are hosted by us on our own servers. These are located in an ISO 27001 certified data center in Germany. Data storage and data processing takes place exclusively in Germany. The mail is sent exclusively in the EEA. 

6. Data avoidanceexclusion of disclosure 

No data will be passed on to third parties unless there is a legal obligation to do so. Apart from that, all data are collected in accordance with § 3a BDSG (German Federal Data Protection Act). 

7. Other links to external providers 

This data protection declaration does not apply to the content of websites linked to other providers‘ websites. The data which the operators of these pages may collect is beyond our control. 

8. Encryption of personal data 

All information that you entrust us with in dialogue and application forms will be transmitted securely by means of modern Internet technology and used exclusively for the designated purpose. The Contractor shall use transmission methods such as the Transport Layer Security Protocol (TLS) which ensures that all data is transmitted in encrypted form and cannot be intercepted by third parties in plain text. The TLS protocol enables encryption of all data traffic between your browser and the server used by the contractor to provide his offers. This protects all data on the transmission path against manipulation and unauthorized access by third parties. After the account change service has been completed, an email with the account change package is sent to the user for archiving. This mail can be encrypted if desired by the user. In the case of unencrypted e-mail transmission, there is a residual risk that third parties will be able to read, intercept or change the e-mail.

9. Purpose limitation of the collected data 

The personal data you provide will only be used for the purpose for which you have provided it to us or for the use and disclosure of which you have given your consent. Surveys or transmissions to state institutions and authorities are only carried out within the framework of mandatory national legal provisions. Our employees and other persons charged with the processing of personal data are obliged to maintain confidentiality and data secrecy.

10. Data transmission 

The security of the data transfer between us and your computer/smartphone/tablet is guaranteed by the encryption of the data using TLS (Transport Layer Security).

11. Right to information and revocation 

In accordance with § 13 paragraph 1 of the German Telemedia Act, we are legally obliged to guarantee the right to informational self-determination and the protection of their personal rights when using our services. According to § 34 of the German Federal Data Protection Act (BDSG), you have the right to be informed at any time which data we have stored. You may revoke your consent to the collection, processing and use of your personal data at any time with effect for the future. Your data will then be deleted immediately in our systems.

12. Notification of changes 

This data protection declaration is provided on our Internet pages separately and updated time and again. Should other personal data than those mentioned here be used in the future in a manner that differs from the use made known at the time of their collection, you will be informed of this by electronic mail to the P. O. box you have deposited, provided that you are still contractually connected with us. In this case, you can decide whether or not to allow the changed use of your data.

13Data Protection Officer 

If you have any questions about the processing of your personal data or about data protection in generalplease contact the Data Protection Officer, who will also be at your disposal in the event of complaints:

fino digital GmbH

Commissioner for Data Protection Universitätsplatz 12,34127 Kassel E-Mail: datenschutz@fino.digital