Data Privacy

The operators of the website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data with which you can be identified. This privacy policy explains what kind of data is collected and what it is used for. It also outlines how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

1. Controller of the processing

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, …).
For the data processing on this website are jointly responsible:

DF Deutsche Forfait AG
Gustav-Heinemann-Ufer 56
50968 Köln
Tel.: +49 221 97376-0
Email: dfag@dfag.de

Deutsche Forfait GmbH
Gustav-Heinemann-Ufer 56
50968 Köln
Tel.: +49 221 97376-0
Email: dfag@dfag.de

DF Deutsche Forfait AG is the parent company of DF Group, which could not provide its services without cooperation based on the division of labor. Therefore, the above-mentioned parties have entered into an agreement of joint controllership in the sense of Art. 26 GDPR and are therefore jointly responsible for the personal data collected and processed from you under this website. It has been agreed that Deutsche Forfait GmbH will fulfill all obligations according to GDPR. This concerns in particular the exercise of your rights and the fulfillment of the information obligations pursuant to Art. 13 f GDPR.

2. Data protection officer

We have appointed a data protection officer for our company. For any questions, requests, further information or complaints regarding data protection, please contact:

Stefan Käsler
TÜV SÜD Akademie GmbH
Westendstraße 160
80339 München/Deutschland
Email: datenschutzbeauftragter@dfag.de

3. Duration of storage

Unless a more specific duration of storage has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for erasure of your data or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). In the latter case, the data will be deleted once the permissible reasons no longer apply.

4. Data transfer to the USA

Amongst others, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be passed on to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

5. Right of revocation and objection

5.1 Withdrawal of consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw your consent already given at any time. The legality of the data processing carried out until the withdrawal remains unaffected.

5.2 Right to object to the collection of data in special cases and to direct marketing pursuant to Art. 21 GDPR

If the data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object to the collection of data, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection in accordance with Art. 21 para. 1 GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object to the processing concerning your personal data for the purpose of such marketing at any time; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection in accordance with Art. 21 para. 2 GDPR).

6. Data collection on this website

6.1 Cookies

Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behavior or display advertising.
We use cookies that are necessary to carry out the electronic communication process (essential cookies) or to provide certain functions that you have requested (functional cookies). Essential cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free provision of services. When visiting our website for the first time, you will also be asked about consent to the storage of cookies. The storage of functional cookies for the optimized provision of our website is then exclusively based on this consent (Art. 6 para. 1 lit. a GDPR); the consent can be revoked at any time.

You can set up your browser to get informed about the setting of cookies, to allow cookies in individual cases, to exclude the acceptance of cookies for certain cases or in general and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and, if necessary, request your consent. You can revoke your consent at any time in the cookie settings (via the fingerprint icon) of the website.

a. Cookie consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or withdrawal of your consent(s).
  • Your IP-address
  • Information about your browser
  • Information about your terminal device
  • The time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) or their withdrawal to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

The cookie consent technology of Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

b. Contract on data processing

We have concluded a processing contract with Usercentrics. This is a contract required by data protection law pursuant to Art. 28 para 3 GDPR, which ensures that Usercentrics only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

6.2 Server log files

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• time of the server request
• IP address

A combination of this data with other data sources is not made.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.

6.3 Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

If necessary, this data will be forwarded to the unit of the corporate group responsible for your inquiry. In the case of contact requests by e-mail, the subsidiaries of DF Deutsche Forfait AG in Cologne and in Prague receive their data via a joint mail distribution list. At the operational level, employees of the subsidiaries perform tasks for the respective other party on a basis of a personal union. Therefore, the following companies have entered into an agreement on joint controllership within the meaning of Art. 26 EU GDPR. It has been recorded which areas of work within the sister companies fall under joint controllership. This includes the processing of your inquiries. The agreement stipulates that Deutsche Forfait GmbH fulfills all obligations pursuant to the GDPR. This concerns in particular the exercise of your rights and the fulfillment of the information obligations pursuant to Art. 13 f GDPR.

Jointly responsible for the processing of your data according to Art. 26 GDPR are

Deutsche Forfait GmbH
Gustav-Heinemann-Ufer 56
50968 Köln, Deutschland
Telefon: +49 221 97376-0
E-Mail: dfag@dfag.de

DF Deutsche Forfait s.r.o. & DF Deutsche Forfait Middle East s.r.o.
Václavské náměstí 846/1
Nové Město, 11000, Prague, Czech Republic
Telefon: +420 221 014 620
E-Mail: dfag@dfag.de

The cooperation in the processing of your personal data within our group of companies is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR in conjunction with Recital No. 48).

If your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, the processing of this data is based on Art. 6 para. 1 lit. b GDPR. The personal data that we receive in connection with aninquiry will remain with us until you request us to delete it, withdraw your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

6.4 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.
We use Google Analytics on our website to provide you with the best possible service. Statistically evaluated data about user behavior on our website helps us to optimize the site so that it can be found more easily by interested parties on Google.

This analysis tool is only used if you have given the appropriate consent, which was requested via the cookie consent technology of Usercentrics during your first visit on our website. The processing is thus carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR. Your consent can be withdrawn at any time via the cookie settings.

Data transfer to the USA is additionally based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

a. IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA before being shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

b. Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

c. Order processing

We have concluded a processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

d. Demographic characteristics on Google Analytics

This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising by Google as well as from visitor data by third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

e. Storage duration

Data stored by Google at user level and at event level that is linked to cookies, user identification (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

6.5 Investor distribution list

a. Personal data regarding the distribution list for investors

If you would like to receive investor information offered on the website, we require an e-mail address from you as well as information which allows us to verify you as the owner of the e-mail address provided and to obtain your consent to receive investor information. There will be no further collection of data unless you provide it to us on voluntary basis. We will use the data exclusively for sending the requested information.

The processing of the data entered in the investor distribution list registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent to the storage of the data, the e-mail address and their use for sending information at any time and unsubscribe from the mailing list at the e-mail address datenschutzbeauftragter@dfag.de, which you will also find in disclaimer of all e-mails you receive. The legality of the data processing operations already carried out remains unaffected by the withdrawal.

The data you provide for the purpose of receiving the newsletter will be stored by us or the service provider until you unsubscribe from the investor mailing list. It will be deleted from the investor mailing list after you unsubscribe. The storage of data for other purposes remains unaffected by this.

After you have unsubscribed from the investor distribution list, your e-mail address may be stored by us or the service provider in a blacklist in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

b. Disclosure to third parties

With regard to investor mailing lists, we sometimes use external service providers to fulfill our contractual and legal obligations. The data that you provide to us via the newsletter registration form is transmitted to our service providers. The legal basis for data processing is Art. 6 para. 1 lit. b and f DSGVO. Our service providers will only process your data insofar as this is necessary for the fulfillment of their service obligations and follow our instructions regarding this data. To ensure data protection-compliant processing, we have concluded a processing agreement with our service providers.

6.6 Adobe Fonts

This website uses web fonts from Adobe for the standardized display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you access this website, your browser downloads the required fonts directly from Adobe for a correct display on your terminal device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when providing the fonts.

The storage and analysis of the data takes place exclusively via your consent based on Art. 6 para. 1 lit. a GDPR, which was requested via our cookie consent technology from Usercentrics when you first visit our website. The consent can be revoked at any time. If you have not given your consent, we cannot guarantee an optimal presentation of our website.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.
For more information on Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html.

6.7 Font Awesome (local hosting)

This site uses Font Awesome for consistent font rendering. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers.
For more information about Font Awesome, please see the Font Awesome privacy policy at: https://fontawesome.com/privacy.

7. Personal data of applicants

In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure that the collection, processing and use of your data will be in compliance with applicable data protection laws as well as all other legal requirements and that your data will be treated in strict confidence.

Please contact us if you would like to send us your application documents in encrypted form.

7.1 Controller of the processing and exchange of documents within DF Deutsche Forfait Group

The above-mentioned DF subsidiaries are jointly responsible for processing your personal data in the application process. Thus, your application documents can also be made available to the companies where employment is to be considered. The agreement stipulates that Deutsche Forfait GmbH fulfills all obligations pursuant to the GDPR when processing personal data in the application process. This concerns in particular the exercise of your rights and the fulfillment of the information obligations pursuant to Art. 13 f GDPR. It is therefore in our legitimate interest (Art. 6 para. 1 lit. f GDPR) to also make the application documents available to DF AG and the companies where employment is to be considered.

7.2 Categories of personal data

We only process personal data that is related to your application and that we have received from you as part of the application process [by mail or electronic means]. The data usually includes:

  • First name, last name, title
  • Your contact information such as address, telephone number, fax number, e-mail address, and/or professional position, if applicable
  • Your application data, consisting of your cover letter, curriculum vitae and the usual supporting documents and certificates
  • Further data that you provide to us in connection with your application, if applicable

In addition, we check whether you are listed on sanction lists according to the anti-terrorism regulations EC Regulation 2580/2001 and EC Regulation-881/2002. However, this check is only carried out if recruitment is imminent.

7.3 Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent of necessity to decide on the conclusion of an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship) in conjunction with Art. 88 and Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time. Your personal data will only be passed on within our company to persons involved in processing your application.

If the application is successful, the data submitted will be stored by our HR department based on Section 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of concluding the employment relationship. Due to the anti-terrorism council regulations (EC) No 2580/2001 and (EC) No 881/2002, DF Deutsche Forfait AG and its subsidiaries are prohibited from entering into economic relationships with organizations and persons suspected of terrorism. To comply with the regulation, we are obliged to check each invited applicant against sanctions lists of suspected terrorists (Art. 6 para. 1 lit. c GDPR).

7.4 Recipients of data

As a matter of principle, we will only use your application documents for the decision process to fill the position for which you have applied. For this purpose, we will forward your application documents to the employees involved in the application process.

If you submit an unsolicited application that does not relate to a specific position, we may use your application documents for the decision process to fill any position under consideration. For this purpose, we will forward your application documents to colleagues from the department in which a subsequent position may be considered.

7.5 Data transfer to third parties and transfer to third countries

We do not transfer your applicant data to persons outside DF Group. We also do not transfer your applicant data to a third country outside the EU or to any international organization.

7.6 Storage and deletion periods

Your personal data will be stored for the period of the application procedure that is necessary for a decision on your application.

If your application does not result in an employment, we will delete your applicant data after six months from final rejection by you or by our company. Digital data will be deleted, physical application documents disposed appropriately. Longer storage may take place if you have given your consent (Art. 6 Para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.

Longer retention periods only apply in each case you have separately consented to longer retention or, exceptionally, there is a legitimate interest in archiving and your interest in deletion does not outweigh this interest.

8. Your rights

8.1 Right to lodge a complaint with a supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

8.2 Right to data portability pursuant to Art. 20 GDPR

You have the right to receive the personal data that we process by automated means based on your consent or fulfillment of a contract in a structured and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.

8.3 Right of access, right to rectification and right to erasure pursuant to Art. 15, 16, 17 GDPR

Within the framework of the applicable legal provisions, you have the right at any time to free access to your personal data and the information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to rectification or erasure of this data. For this purpose, as well as for further questions regarding your personal data, you can contact us at any time at the address given in the imprint or via datenschutzbeauftragter@dfag.de.

8.4 Right to restriction of processing pursuant to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint or via datenschutzbeauftragter@dfag.de. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
  • If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, your and our interests will be weighed against each other. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

9. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests that you send to us, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change of the address line of the browser from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

In accordance with the requirements of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we inform you in the following about the processing of your personal data in the context of communication and your rights in this regard.

1. Controller of the processing and data exchange within DF Deutsche Forfait Group

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).

At the operational level, employees of the subsidiaries of DF Deutsche Forfait AG perform tasks for the respective other party in a personal union. Therefore, the following companies have entered into an agreement on joint responsibility within the meaning of Art. 26 EU GDPR. It was specified which areas of work within the sister companies fall under joint responsibility. This includesThis includes the processing of your data that we receive in the course of communication with you. If necessary, this data will be forwarded to the unit within the group of companies that is responsible for your inquiry. In the case of contact requests by e-mail, employees of the subsidiaries jointly receive your transmitted data via a mail distribution list. The joint responsibility agreement regulates that Deutsche Forfait GmbH fulfills all obligations according to GDPR. This concerns in particular the exercise of your rights and the fulfillment of the information obligations pursuant to Art. 13 f GDPR.

The following subsidiaries of DF Group are jointly responsible for processing communication data of business partners:

Deutsche Forfait GmbH
Gustav-Heinemann-Ufer 56
50968 Köln, Deutschland
Telefon: +49 221 97376-0
E-Mail: dfag@dfag.de

DF Deutsche Forfait s.r.o.
Václavské náměstí 846/1
Nové Město, 11000, Prague Czech Republic
Telefon: +420 221 014 618
E-Mail: dfag@dfag.de

DF Deutsche Forfait Middle East s.r.o.
Václavské náměstí 846/1
Nové Město, 11000, Prague Czech Republic
Telefon: +420 221 014 618
E-Mail: dfag@dfag.de

In the case of inquiries by mail, communication with you will be conducted first and foremost by the DF company with which you are in contact or which is suitable for handling your request.

2. Categories of personal data

We only process personal data that is necessary for communicating with you. The data usually includes:

  • First and last name, title
  • Professional contact information such as address, telephone number, fax number, email address,

and possibly:

  • Date of birth
  • Place of birth
  • Nationality
  • Passport number

We collect this personal data

  • first of all from you as the person concerned, or
  • if necessary, through communications by third parties (banks, customers, intermediaries), or
  • if necessary, on the basis of research from sources that are publicly accessible.

3. Purposes of processing and legal basis

Your personal data will be processed in accordance with GDPR and the German Federal Data Protection Act (BDSG), insofar as this is necessary in the context of communication.
We process your personal data for the following purposes:

  • Communication with business partners regarding services, e.g. to process customer inquiries (Art. 6 para. 1 lit. b, lit. f GDPR);
  • Contract initiation, contract processing and contract management (Art 6 para. 1 lit. b GDPR);
  • Customer service, support and maintenance of contact where this is in our legitimate interest (Art. 6 para. 1 lit. f GDPR);
  • Extrajudicial and judicial assertion of our own claims arising from the contractual relationship with you (Art. 6 para. 1 lit. b, c, f GDPR);
  • In accordance with the anti-terrorism regulations defined in EC Regulation 2580/2001 and EC Regulation 881/2002, DF Deutsche Forfait AG and its subsidiaries are prohibited from concluding economic relationships organizations and persons under suspicion of terrorism. In order to comply with respective regulations, we are obliged to check all potential business customers against sanctions lists of suspected terrorists (Art. 6 para. 1 lit. c GDPR).

If you give us your consent to process your personal data for other purposes, Art. 6 para. 1 lit. a GDPR forms the legal basis. Your consent can be withdrawn at any time with effect for the future.

4. Recipients of the data

Due to the organizational structure of DF Group, your data may be transferred to various DF companies and processed there, as described at the beginning. Within our company, data is only passed on to persons and departments that require your data to fulfill your legitimate interests as well as contractual and legal obligations.
Personal data will only be passed on if this is necessary for the execution or fulfillment of the contract or pre-contractual measures, if legal regulations permit this or if we have received your consent.

5. Disclosure to third parties and transfer to third countries

We transfer personal data to banks if this is required for the fulfillment of the contract. The recipient banks may also be located in countries outside the EU (third countries).
In this case, we ensure an appropriate level of data protection in the target country in compliance with Art. 44 et seq. GDPR, mostly by concluding standard contractual clauses with our contractual partners in third countries or by other guarantees that ensure data protection. If this is not possible, we will inform you in this regard and explain the risks in advance.

6. Storage and deletion periods

We store your personal data as long as a contractual relationship with you exists, based on our legitimate interest. In addition, we are subject to statutory storage and documentation obligations, which result, among other things, from the German Commercial Code and the German Fiscal Code. After expiry of the respective periods, we delete your personal data, unless there is a legitimate interest in archiving and your interest in deletion does not outweigh this interest.

7. Your rights

Insofar as we process your personal data, you are entitled to various claims against us under data protection law. You have the right to,

  • obtain information about the data stored and its origin, the purpose of processing and the recipients (Art. 15 GDPR) or
  • under certain conditions, to demand rectification, blocking (restriction of processing) or erasure of your personal data (Art. 16 - 18 GDPR, § 35 BDSG),
  • to request the transfer of your data to another data controller where the processing is carried out by automated means (Art. 20 GDPR), as well as
  • complain to us or a competent data protection authority about the data processing (Art. 77 GDPR).

You may also object to the further processing of your data if we process your data based on a legitimate interest (Art. 6 para. 1 p. 1 f GDPR). As we do not process your applicant data for advertising purposes, this requires a reason arising from your particular situation. In the event of an objection, we will no longer process your personal data to which the objection relates from the time of receipt during the subsequent review and will delete it after completion of the review - in the event of a justified objection (Section 36 BDSG, Art. 21 GDPR).

You can withdraw any consent you have given us to process your data (Art. 6 para. 1 lit. a GDPR) at any time; we will then no longer process your personal data unless there is a legal obligation to do so.
To protect your rights and in case of questions, criticism and suggestions, please contact our external data protection officer:

Herr Stefan Käsler
TÜV SÜD Akademie GmbH
Westendstraße 160
80339 Munich/Germany
E-mail: datenschutzbeauftragter@dfag.de