Privacy Policy
I. General Data Protection Information according to the EU General Data Protection Regulation (GDPR)
II. Data Protection Information for Website Users
III. Data Protection Information for Applicants
IV. Data Protection Information for Business Partners
I. General Data Protection Information according to EU General Data Protection Regulation (GDPR)
credX AG (hereinafter referred to as “we” or “us”) takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.
Personal data is information that can be used to identify you personally. This includes, for example, your name, email address, and telephone number. However, purely technical data that can be assigned to a person is also considered personal data. This Privacy Policy explains what data we collect, for what purpose we use it, and on what legal basis we rely.
Information on the Controller
The controller for data processing is:
credX AG
Elisenstr. 28
50667 Cologne
Email: info@credxmarkets.com
Phone: +49 221 97 59 87 50
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the rectification, blocking, or erasure of this data (unless there is a statutory retention obligation or other reasons under Art. 17 para. 3 GDPR that prevent this). Furthermore, you have the right to have all data you have provided to us transferred in a common file format (right to data portability), provided you have submitted the data to us as part of a declaration of consent or for the fulfillment of a contract.
For this and further questions on data protection, you can contact us at any time via email at datenschutz@credxmarkets.com or at the address provided in the imprint.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority.
Recipients of Data
As a general rule, we do not disclose personal data unless explicitly stated otherwise in this Privacy Policy (see sections II to IV).
II. Data Protection Information for Website Users
The following information provides a simple overview of what happens to your personal data when you visit our website.
What data of yours do we collect and process? And for what purposes?
Data such as your name, telephone number, email address, and similar information is collected when you provide it to us. This can happen, for example, by entering the data into a contact form.
Other data is automatically collected by our IT systems when you visit the website. This primarily includes technical data (e.g., log files and cookies). This data is collected automatically as soon as you enter our website. In particular, the data actively provided by you is used for contacting you and for initiating contractual relationships. The predominantly automatically collected data is stored to ensure the error-free provision of the website and to analyze user behavior.
For more detailed information on the individual processes, please refer to the following points (1-3).
Voluntary Nature of Data Provision
The provision of your personal data on this website is generally voluntary and is neither legally nor contractually required. You are not obliged to provide personal data on this website. Nevertheless, the provision of this website’s functions requires the processing of your personal data.
To which recipients is the data disclosed?
As a general rule, we do not disclose personal data unless explicitly stated otherwise in this data protection notice. However, the website is hosted by our service provider Hosteurope GmbH, Hansestr. 111, 51149 Cologne. Hosteurope GmbH will also automatically process the aforementioned personal data within this framework. This is done exclusively according to our instructions and on our behalf in accordance with a data processing agreement pursuant to Art. 28 GDPR.
The transfer of personal data to the aforementioned service provider is based on Art. 6 para. 1 lit. f GDPR. This legal basis permits the processing of personal data in our “legitimate interest,” provided that your fundamental rights, freedoms, or interests in refraining from data processing do not override them. Our legitimate interest lies in using specialized service providers who can implement appropriate hosting more efficiently than we can. You can object to this data processing at any time if there are reasons arising from your particular situation that speak against the transfer of personal data to a server service provider. For this, an email to datenschutz@credxmarkets.com is sufficient.
For more detailed information on the individual processes, please refer to the following points (1-3).
Data Security
For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
1. Automatic Data Collection on Our Website
Cookies
The internet pages sometimes use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer by your browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after the end of your visit. Other cookies remain stored on your device until you delete them (“persistent cookies”). These cookies allow us to recognize your browser on your next visit.
You can configure your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or generally, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Cookies that are necessary for carrying out the electronic communication process or for providing certain functions desired by you are stored on the basis of Art. 6 para. 1 lit. f GDPR. This legal basis permits the processing of personal data in our “legitimate interest,” provided that your fundamental rights, freedoms, or interests in refraining from data processing do not override them. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g., cookies for analyzing your browsing behavior) are stored, these will be treated separately below.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- User’s device used, including MAC address
- Message about successful retrieval
- Amount of data transferred
- Hostname of the accessing computer
- Time of server request
- IP address
This data is not merged with other personal data that you actively provide on the website.
The basis for data processing is Art. 6 para. 1 lit. f GDPR. This legal basis permits the processing of personal data within the “legitimate interest” of the controller, provided that your fundamental freedoms or interests do not override them. Our legitimate interest lies in easier administration and the ability to detect and track hacking attempts. You can object to data processing at any time if there are reasons that particularly restrict your rights or if there is a special interest in preventing the processing. For this, an email to datenschutz@credxmarkets.com is sufficient.
The server log files with the aforementioned data are automatically deleted after 14 days. We reserve the right to store server log files for a longer period if there are facts that suggest unauthorized access (such as an attempted hacking or a so-called DDOS attack).
2. Contacting Us
When you contact us (for example, via email or after using the contact form), the information you provide will be stored for the purpose of processing your inquiry and in case follow-up questions arise. The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and on our “legitimate interest” (Art. 6 para. 1 lit. f GDPR). The latter legal basis permits the processing of personal data in our “legitimate interest,” provided that your fundamental rights, freedoms, or interests in refraining from data processing do not override them. Our “legitimate interest” lies in the ability to process contact requests. You can revoke your consent to data use, given when using the contact form, at any time. An informal email notification to us is sufficient for this. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after your inquiry has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.
3. External Services – Analytics Tools, Plug-ins, etc.
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses several “cookies” (see above) to identify your browser. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. However, we have activated the IP anonymization function on this website, so your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The storage of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offering and its advertising. You can prevent the transmission of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Due to the immediate partial deletion of IP addresses, only statistical data remains, so that personal identification is immediately deleted.
Google Web Fonts
This site uses so-called Web Fonts, provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the uniform display of fonts. When you open a page, your browser loads the required Web Fonts into its browser cache to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This informs Google that our website has been accessed via your IP address. This information is usually transmitted to a Google server in the USA and stored there. Regarding the handling of data transfer to the USA, please refer to the previous explanations regarding Google Analytics.
The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support Web Fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s Privacy Policy: https://www.google.com/policies/privacy/.
Google Maps
This site uses the Google Maps map service via an API. The provider is Google LLP., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. Regarding the handling of data transfer to the USA, please refer to the previous explanations regarding Google Analytics.
The use of Google Maps is in the interest of an appealing presentation of our online offerings and easy discoverability of the locations we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
More information on the handling of user data can be found in Google’s Privacy Policy: https://www.google.de/intl/de/policies/privacy/.
Use of SalesViewer® Technology
On this website, data is collected and stored for marketing, market research, and optimization purposes using SalesViewer® technology from SalesViewer® GmbH, based on the legitimate interests of the website operator (Art. 6 para. 1 lit. f GDPR).
For this purpose, a JavaScript-based code is used, which serves to collect company-related data and its corresponding use. The data collected with this technology is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymized and not used to personally identify the visitor of this website.
The data stored within SalesViewer will be deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent its deletion.
You can object to data collection and storage at any time with effect for the future by clicking this link https://www.salesviewer.com/opt-out to prevent future collection by SalesViewer® within this website. An opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you will need to click this link again.
III. Data Protection Information for Applicants
The following information provides a simple overview of what happens to your personal data when you apply to us.
What data of yours do we collect and process? And for what purposes?
We process the data you have sent us in connection with your application to assess your suitability for the position (or, if applicable, other open positions in our companies) and to carry out the application process.
The primary legal basis for processing your personal data in this application procedure is Section 26 BDSG (Federal Data Protection Act) in the version applicable from May 25, 2018. According to this, the processing of data necessary in connection with the decision on establishing an employment relationship is permissible.
If the data should be required for legal enforcement after the completion of the application process, data processing may occur based on the requirements of Art. 6 GDPR, particularly for the protection of legitimate interests according to Art. 6 para. 1 lit. f GDPR. This legal basis permits the processing of personal data in our ‘legitimate interest’, provided that your fundamental rights, fundamental freedoms, or interests in refraining from data processing do not override them. Our interest then lies in the assertion or defense of claims.
How long will the data be stored?
Data of applicants will be deleted after 6 months in case of a rejection.
In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.
Should you have been offered a position as part of the application process, the data from the applicant data system will be transferred to our human resources information system.
Voluntary Nature of Data Provision
The provision of your personal data is generally voluntary. However, for an application with us, it is absolutely necessary to process certain data about you.
To which recipients is the data disclosed?
Upon receipt of your application, your applicant data will be reviewed by the HR department. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. The further process will then be coordinated. Within the company, only those individuals who require access for the proper conduct of our application process generally have access to your data.
IV. General Data Protection Information for Business Partners
The following information provides a simple overview of what happens to your personal data when you are in a business relationship with us.
What data of yours do we collect and process? And for what purposes?
Typical professional contact data of business partners is processed, such as:
- Professional email addresses
- Professional telephone, mobile phone, and fax numbers
- Business cards
- Professional postal addresses
- Your function within the company
- Data linked to contact details regarding individual contracts or other processes
Furthermore, your data may also be related to individual contracts and ultimately the entire business relationship between the company you work for and credx AG. All aforementioned data is processed for the following purposes:
- for the fulfillment of a contract with you
- for the long-term maintenance of the business relationship with the company you work for
- for marketing purposes
The processing of your aforementioned personal data regularly takes place on the basis of Art. 6 para. 1 lit. b GDPR. According to this, personal data may be processed if this is necessary for the fulfillment of a contract.
In addition, processing for the legitimate interest of long-term maintenance of the business relationship and for marketing purposes takes place on the basis of Art. 6 para. 1 lit. f GDPR. This legal basis permits the processing of personal data within the scope of the controller’s ‘legitimate interest’, provided that your fundamental rights, fundamental freedoms, or interests in refraining from data processing do not override them. You may object to this data processing at any time if there are reasons arising from your particular situation that speak against the data processing. An email to datenschutz@credxmarkets.com or another communication to the contact details mentioned above is sufficient for this purpose.
You may object to data processing for marketing purposes at any time without stating reasons. An email to datenschutz@credxmarkets.com or another communication to the contact details mentioned above is sufficient for this purpose.
How long will the data be stored?
Many of the personal data processed within a business relationship are tax-relevant and are therefore generally retained for ten years after the end of the year in which the invoice was issued or the booking was made, in accordance with the commercial and tax law retention periods from § 147 AO and § 257 HGB.
Non-tax-relevant data will only be deleted if you request us to do so. We regularly assume that we may store professional contact data within the scope of ‘legitimate interest’ according to Art. 6 para. 1 lit. f GDPR without a deletion deadline, as this data is not sensitive and you have an interest in remaining in business contact with us. However, contact data will be ‘overwritten’ if the contact person of the company changes.
Voluntary Nature of Data Provision
The provision of your personal data is generally voluntary. However, for the conclusion and execution of the business relationship, it is absolutely necessary to process certain data about you. This data includes, among other things, the business address, other company data, and information about the contractual relationship.
To which recipients is the data disclosed?
We do not disclose your data to third parties in the ordinary course of business. In exceptional cases (e.g., tax auditors or a criminal investigation), third parties, particularly authorities, may gain access to the personal data.
Furthermore, we use
- for the purpose of maintaining customer relationships and relationships with interested parties, a Customer Relationship Management system (CRM) from our service provider Brainformatik GmbH, Mobil-Oil-Str. 31, D-84539 Ampfing. Brainformatik GmbH will also automatically process the aforementioned personal data within this framework. This is done exclusively according to our instructions and on our behalf in accordance with a data processing agreement under Art. 28 GDPR.
- for the purpose of electronic communication, appointment and task management, a Microsoft Exchange Server provided by T-Systems International GmbH, Hahnstr. 43, 60528 Frankfurt am Main, as a data trustee on German data centers (see https://www.microsoft.com/de-de/cloud/rechtliche-aspekte.aspx for more information). T-Systems International GmbH will also automatically process the aforementioned personal data within this framework. This is done exclusively according to our instructions and on our behalf in accordance with a data processing agreement under Art. 28 GDPR.
The transfer of personal data to the aforementioned service providers takes place on the basis of Art. 6 para. 1 lit. f GDPR. This legal basis permits the processing of personal data in our ‘legitimate interest’, provided that your fundamental rights, fundamental freedoms, or interests in refraining from data processing do not override them. Our legitimate interest lies in relying on specialized service providers who can implement corresponding hosting more efficiently than we can. You may object to this data processing at any time if there are reasons arising from your particular situation that speak against the transfer of personal data to a server service provider. An email to datenschutz@credxmarkets.com is sufficient for this purpose.