Privacy and Cookie Policy

Introduction

This is the Privacy Statement of Corazon Communication Business GmbH&Co.KG (“Corazon”), a private limited liability company incorporated under the laws of Germany, registered with the Chamber of Commerce in Wiesbaden under number HRA 8469. It applies to all subsidiaries and branches of Corazon to the extent that they process personal data.

Corazon has its registered office at Frankfurter Str. 5 65189 Wiesbaden, Germany.

Corazon treats personal data which it receives through its websites, portals and any other means with due care and is dedicated to safeguarding any personal data it receives. Corazon is bound by the General Data Protection Regulation (Regulation (EU) 2016/679), the German Data Protection Act and the German Telecommunications Act.

This Privacy Statement is designed to advise you about the type of information that Corazon collects and the purposes for which this information is being processed, used, maintained and disclosed.

This Privacy Statement aims to explain in a simple and transparent way what personal data we gather about you and how we process it. It applies to the following persons:

We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 25 Mai  2018. The most recent version is available at www.einfachonlinezahlen.com.

Personal Data

Personal data refers to any information that tells us something about you or that we can link to you.

Corazon processes any information we receive from you, including personal and financial information you provide to us including when you or your business:   enquire or make an application for Corazon’s services, register to use and/or use any of our services and when you communicate with us through e-mail, SMS, WhatsApp, a website or portal, telephone or any other electronic means.

You share personal information with us, for example when you: visit our website, complete a(n) (online) (application) form, sign a contract, make a payment or alternatively use our payment services, or contact us through one of our channels.

We may process data about your use of our website and services („usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is consent or our legitimate interests, namely monitoring and improving our website and services on the base of Art. 6 Abs. 1 S. 1 lit. f GDPR

We also may process information relating to our customer relationships, including customer contact information („customer relationship data“).The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. The source of the customer relationship data is you or your employer. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. The legal basis for this processing is consent or our legitimate interests, based on Art. 6 Abs. 1 S. 1 lit. f GDPR namely the proper management of our customer relationships

We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters („notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

We may process information contained in or relating to any communication that you send to us („correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users based on  Art. 6 Abs. 1 S. 1 lit. a and f GDPR.

We also use data that is legally available from public sources such as commercial registers, debtor registers and the media, or data that is legitimately provided by other companies within the Corazon Group or by third parties.

Sensitive data

We do not record sensitive data relating to your health, ethnicity, religious or political beliefs unless it is strictly necessary.

What we do with your personal data

We only use your personal data for legitimate business reasons. This includes:

  • Administration. When you use our services we are legally obliged to collect personal data that verifies your identity and to assess whether we can accept you or your company as a customer. We also need to know your address or phone number to contact you.
  • Credit risk. To assess the financial position of your company we apply specific risk models that may involve the use of personal data.
  • Personalised marketing. We may send you letters, emails, or text messages offering you a product or service based on your personal circumstances, or show you such an offer when you log in to our website or mobile apps. You may unsubscribe from such personalised offers. You have the right, not to consent or to object to personalised direct marketing or commercial activities, including profiling related to these activities.
  • Providing you with the best-suited products and services. When you visit our website, call our customer service centre or visit a branch we gather information about you. We analyse this information to identify your potential needs and assess the suitability of products or services.
  • Improving and developing products and services: Analysing how you use our products and services helps us understand more about you and shows us where we can improve.
  • we analyse the results of our marketing activities to measure their effectiveness and the relevance of our campaigns.
  • Preventing and detecting fraud and data security: We have a duty to protect your personal data and to prevent, detect and contain data breaches. This includes information we are obliged to collect about you, for example to comply with regulations against money laundering, terrorism financing and tax fraud.
  • We may process your personal information to protect you and your assets from fraudulent activities, for example if you are the victim of identity theft, if your personal data was disclosed or if you are hacked.

Data that we process for any other reason is anonymised or we remove as much of the personal information as possible

Providing your personal data to others

Whenever we share personal data internally or with third parties in other countries, we ensure the necessary safeguards are in place to protect it.

For this, Corazon relies on: • EU Model clauses, which are standardised contractual clauses used in agreements with service providers to ensure personal data transferred outside of the European Economic Area complies with EU data protection law

  • Privacy Shield framework that protects personal data transferred to the United States.

To be able to offer you the best possible services and remain competitive in our business, we share certain data both internally as well as outside of the Corazon Group. This includes:

  • Corazon entities We transfer data across Corazon businesses and branches for operational, regulatory or reporting purposes, for example to comply with certain laws, secure IT systems or provide certain services (see section 4 ( What we do with your personal data ). We may also transfer data to centralised storage systems or to process it globally for more efficiency.
  • Independent sales agents and Service Provider.
  • Government authorities To comply with our regulatory obligations we may disclose data to the relevant authorities, for example to counter terrorism and prevent money laundering.
  • In some cases, we are obliged by law to share your data with external parties, including: • public authorities, regulators and supervisory bodies such as fraud protection agencies and the central banks of the countries where we operate;  • judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legal request;
  • With your permission Your information may also be used for other purposes for which you give your specific permission, or when required by law or where permitted under the terms of the laws of the relevant jurisdiction.

Your rights

In this Section 8, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:

(a)          the right to access;

(b)          the right to rectification;

(c)          the right to erasure;

(d)          the right to restrict processing;

(e)          the right to object to processing;

(f)           the right to data portability;

(g)          the right to complain to a supervisory authority; and

(h)          the right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

To the extent that the legal basis for our processing of your personal data is:

(a)          consent; or

(b)          that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of your rights in relation to your personal data [by written notice to us.

Cookie Policy

Corazon makes use of cookies and similar technologies throughout our websites to ensure your visit to our website goes smoothly.

  1. Session cookies: These cookies may store your browser name, the type of computer and technical information about your means of connection to this website, such as the operating system and the Internet Service Providers utilized and other similar information. This information is used to technically facilitate the navigation and use of this website. In addition, functional cookies may be used to store personal settings, such as language, or to remember your information for next visits if so requested.
  1. Analytics cookies: This website also uses analytics cookies placed by Google Analytics (including Google Tag Manager) to measure the number of visits and the parts of the website that are the most popular among our website visitors as well as for benchmarking purposes. This information is used to provide aggregated and statistical information on the use of this website and is used to improve the contents of this website to enhance your user experience. Corazon has followed the manual of the Dutch Data Protection Authority in order to ensure that Google Analytics is used in a privacy friendly manner. This means that we have instructed Google to remove the last three digits of your IP-address (“Anonymize IP”) and we have disabled the standard setting to share data with Google. Furthermore, Corazon has concluded a data processing agreement with Google Inc. and Corazon does not use other Google services in combination with the Google Analytics-cookies.
  1. Third-party/social media cookies: This website contains cookies from third-party websites, mainly social media cookies. When placed on your computer, they automatically activate handy extras, for example, a Facebook ‘like’ button or a Twitter messaging option. These cookies inform our website whether you are logged into such social media and they also enable you to share parts of this website on social media. When visiting this website, Corazon will ask for your consent to use these cookies.

Do you object to cookies?

Cookies generally process your IP-address but they do not save your personal information like e-mail address or phone number. If you do not want to have cookies stored on your computer or want to remove cookies that have already been stored, you can arrange this via your browser settings. You can find more information concerning the removal of cookies on the website of the Dutch Consumer Organization and on the website all about cookies.

How we protect your personal data

We apply an internal framework of policies and minimum standards to keep your data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments. More specifically and in accordance with the law, we take appropriate technical and organisational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed.

In addition, Corazon employees are subject to confidentiality and may not disclose your personal data unlawfully or unnecessarily.

What you can do to help us keep your data safe

Unfortunately, the transmission of information via the internet in general is not always completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We do our utmost to protect your data, but there are certain things you can do too:

  • install anti-virus software, anti-spyware software and a firewall on your computer and keep them updated;
  • do not leave verification tokens or your credit card) unattended;
  • keep your passwords strictly confidential and use strong passwords, i.e. avoid obvious combinations of letters and figures; and • be alert online and learn how to spot unusual activity, such as a new website address or phishing emails requesting personal information.

How long we keep your personal data

Once you are no longer a customer, we will retain your personal information for a reasonable period, or as otherwise allowed or required by law.

Contact us

If you want to know more about Corazon’s data policies and how we use your personal data, you can send us an e-mail to our data protection Officer: datenschutz@corazon-gruppe.de