Preamble

 

Thank you for your interest in our offers and services. The protection of personal data during the processing and use of our website or when using our services is important to us. Your data is protected within the framework of all relevant legal regulations.

​

Frienton GmbH operates the website "Frienton" as well as the software solution of the same name ("Frienton Platform"). Personal data is processed in the context of the operation of the website and platform as well as in connection with the services provided via the platform ("Frienton’s Services"). As a visitor to the website or user of Frienton’s Services, we would like to inform you with this Data Protection Declaration about the type, scope and purpose of the processing of your personal data.

​

The terms used in this data protection declaration (e.g. "personal data", "order data processing", "pseudonymous" or "anonymous") correspond to the definitions of the General Data Protection Regulation ("GDPR"), in particular those of Article 4.

 

Responsible for data processing is the provider of the website and platform:

Frienton GmbH
Franz-Joseph-Str. 11 

D-80801 Munich, 

Germany

 

We reserve the right to adapt this data protection declaration at any time within the scope of the legal frameworks.

​

Data protection supervisor

 

Frienton's Data Protection Officer can be contacted via the e-mail address info@frienton.com or at the following address:

Frienton GmbH
Data Protection Officer
Franz-Joseph-Str. 11 

D-80801 Munich, 

Germany

​

Scope & purpose of the processing of personal data

 

The type, scope and purpose of the processing of personal data depends on which of our offers are used. Personal data is processed in particular when our website is visited or services are obtained via the Frienton platform.

​

Website

 

In order to make our website available to visitors, to provide basic functions, and to enable proper operation the processing of personal data, including IP addresses, is technically necessary. Basically, this is device data. However, since this data may be used to establish a reference to the website, it must be classified as personal data in accordance with the GDPR. The legal basis for the processing of this data is GDPR Article 6(1b - performance of contract).

​

In order to improve the quality of our website, we store data about individual access for statistical purposes. This data set consists of:

• Website visited

• Page from which the website was requested

• Time of access

• Amount of data sent in bytes

• Access status (e.g. website not found)

• IP address of the requesting computer

• Browser used

• Operating system used

 

This data is stored anonymously in accordance with the Telemedia Act (TMG). The creation of personal user profiles is therefore excluded. The processing is not expressly carried out for the purpose of gaining knowledge about the person of the visitor to the website. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. If data must be retained for reasons of proof, they are exempt from deletion until the incident has been clarified and finalised. The legal basis for the production is GDPR Article 6(1f - legitimate interest).

​

Frienton platform

 

Through the Frienton platform, Frienton provides services to small and medium-sized businesses. These include in particular, the preparation and analysis of information on the financial situation of our clients.

 

In connection with our platform, we process data that is necessary for on one hand, the provision of our services and on the other hand, data to satisfy legal obligations such as banking, commercial, tax and associated information retention obligations. In addition to general bank details and transaction data personal data such as names and e-mail addresses of users is required. In addition, we occasionally contact our clients through the Platform to inform them about new services and to request feedback on how to improve our services.

The legal bases for services for our clients are GDPR Article 6 (1f - legitimate interest), Article 6 (1b -performance of contract) and Article 6 (1c - compliance with legal obligation).

 

In the course of registering on the Frienton platform, we collect some general data. In addition to the user's e-mail address, this data also includes the legal form and industry of their company as well as the country in which they have a registered office.

 

As a “multi-banking” or “open banking” solution for small and medium-sized enterprises, we import relevant data from our user’s business bank accounts onto our platform. This includes, in particular, transaction data such account numbers, references, account balances and account movements. Based on this information, we create dashboards that provide an overview of the financial situation of the respective company. In addition, we offer various analysis tools for financial data as well as relevant statistics via our platform. Central to the function of Frienton is the largely automatic categorisation of transaction data.

 

Since our clients are currently exclusively legal entities, most data is not considered personal data. However, references and transaction data may contain personal data and will accordingly be treated with care.

 

We obtain the required bank and account data from FinAPI GmbH (Adams-Lehmann-Str. 44, 80797 Munich, Germany, "FinAPI"). As a PSD2-compliant aggregator, FinAPI establishes the interface to our users banks. The data transmission is completely encrypted. In order to protect this bank data from unauthorised access, the usual PSD2-compliant security standards of the respective bank apply. In particular, the so-called two-factor authentication applies here. All information required to retrieve the bank data is recorded directly in the FinAPI web environment and processed accordingly. Information on data protection at FinAPI can be viewed under https://www.finapi.io/datenschutz/.

Frienton has no direct relationship with the banks of the platform users. Inquiries about the data protection of the respective bank must therefore be made directly to the account-holding institution.

 

In order to make the Frienton Platform available to users, to provide basic information and to enable proper operation, the processing of personal data, in particular of IP addresses, is technically necessary. Essentially this is device data, however since this data can possibly be used to establish a reference to the user, it must be classified as personal data in accordance with the GDPR. The legal basis for the processing of this data is GDPR Art. 6(1b - performance of contract).

 

In order to ensure the security of our platform and to improve the user experience, we also process data about accesses as server log files. Since conclusions about the user can also be derived from this, the data collected in this context must also be treated as personal data in accordance with the GDPR. The following data is stored in the server log files:

• Website visited

• Page from which the website was requested

• Time at the time of access

• Amount of data sent in bytes

• Access status (e.g. website not found)

• IP address of the requesting computer

• Browser used

• Operating system used

 

This data is stored anonymously in accordance with the Telemedia Act (TMG). The registration of personal user profiles is thus excluded. The processing is expressly not carried out for the purpose of gaining knowledge about the person of the visitor to the website. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. If data must be retained for reasons of proof, they are exempt from deletion until the incident has been finally clarified. The legal basis for the processing is GDPR Art. 6(1f - legitimate interest).

​

Social networks

 

For marketing purposes, we are active on popular social networks. There we share the latest news, inform regarding upcoming events, describe our products and services and/or information regarding about offers of our partners. If you contact us via social media, the respective page or our account, we process your personal data, which you transmit to us in this way on the basis of our legitimate interest (in accordance with GDPR Art. 6(1f)) via this network to establish or maintain contact with you. 

​

Our share buttons only receive a link to the relevant social networks. We do not use scripted plugins in this context. Thus, we do not process any personal data at this point.

​

We also ensure that your data (the IP address, cookies or other information) is only transmitted to social networks if you press the corresponding button yourself, and thus possibly also to servers in the USA. The same applies to the links to our social media pages that we have integrated on our website and our e-mails.

​

We have no influence on the scope of the data processed by the respective social media platform. When accessing a social media page, the terms and conditions and the privacy policy of the respective provider apply. It is possible that a social media provider may link your visit to our website or the use of our platform to your user account while you are logged into your social media account.

​

We are active on the following networks:

• Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland)

• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

• Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland)

• YouTube (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA)

​

Communication

 

To initiate a contractual relationship or within the framework of an existing contractual relationship, we contact interested parties and clients via e-mail. With these e-mails, we support interested parties in registering on the Frienton platform. On the other hand, we provide our clients with information required by law, inform them about innovations or adjustments to our services or ask for their feedback on how to improve our services.

​

The status of interested party lasts for three months. After that, the interested party has either completed the account creation or the incomplete registration will be deleted. An exception arises for interested parties who actively register for our waiting list. The data stored during registration, in particular the e-mail address, will be stored by us for a maximum period of twelve months in order to enable contact as soon as we can offer our services to the interested party. The right of the interested party to have themselves and their data removed from the waiting list remains unaffected.

​

The legal basis is GDPR Article 6(1b - contractual relationship).

​

We use SendGrid to process automated e-mails, manage them and create associated statistics. Through SendGrid, we manage the contact details of our clients and prospects and keep track of when a recipient reads an incoming email and when they have taken an action related to that email. For this purpose, we use so-called web beacons. You can prevent the described evaluations by deactivating the display of images in your e-mail program by default. However, a complete presentation of all content and the full use of all functions of the e-mail program is then not possible.

​

In order to offer our clients an optimal service experience, we have implemented "Freddie", a virtual analysis on our homepage and the Frienton platform. Freddie is a chatbot based on the Service Wix Chat (Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel). As part of the use of this offer, personal data may be stored in third countries in accordance with the GDPR.

​

Cookies

 

Cookies are small files that are stored on a visitor's hard drive. They make it possible to keep information for a certain period of time and to identify the computer of the visit.

​

On our website and the Frienton platform, we use cookies to measure reach and to optimise our offer. The cookies are transmitted either by us or by third parties commissioned by us to the browser of the website visitor and stored there. As a result, recognition of the device used is essentially possible. The data collected in this way is pseudonymous. A direct assignment of the data to the website visitor is therefore not possible. In addition, this data is not stored together with other personal data of the website visitors. In some cases, the data is anonymised before use, so that the conclusion on the website visitor becomes impossible overall.

​

These cookies are only set if you have provided your consent. For this purpose, we provide you with a corresponding communication field at the beginning of the website visit or the use of the platform. For this we use a solution provided by our content management system Wix (Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel).

 

The legal basis for the processing is GDPR Art. 6(1a - consent). A given consent can be revoked by the client at any time with effect for the future by adjusting the cookie settings in your browser.

​

HubSpot uses so-called "web beacons" and also sets cookies, small text files that are stored locally in the cache of your web browser on your end device. They enable us to analyse your website usage. HubSpot analyses the information collected, such as IP address, geographical location, browser type, visit duration and pages viewed, in order to generate reports on visits and pages visited.

The data is deleted as soon as it is no longer required for the purpose for which it was collected. You have the option of permanently objecting to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies in your browser settings. You can also object to the processing of your personal data at any time with effect for the future.

​

HubSpot CRM

On our website, we use the services of HubSpot (25 First Street, 2nd Floor Cambridge, MA, USA) to support marketing activities. The company's European headquarters are located in Ireland (2nd Floor 30 North Wall Quay, Dublin 1, Ireland).

 

Among other things, Hubspot CRM enables us to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to record, manage and analyse customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be analysed and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we can also record and evaluate the user behaviour of the contacts stored on our website. The information and website content collected by HubSpot is stored on the servers of HubSpot's service providers.

 

The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be withdrawn at any time.

​

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.

 

Adequacy decision, EU-U.S. Data Privacy Framework

HubSpot also processes your data in the USA. Since HubSpot may transfer personal data to affiliated companies and subcontractors outside the EU and the EEA, additional safeguards are required to ensure the level of data protection under the GDPR. For the USA, an adequacy decision has been issued by the EU Commission in accordance with Art. 45 (1) GDPR, as HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework. This regulates the transfer of personal data of EU citizens to the U.S. It demonstrates compliance with appropriate data protection standards and can be viewed at www.dataprivacyframework.gov/s/participant-search. For transfers to other third countries outside the EU and the EEA for which no adequacy decision exists, standard data protection clauses are agreed in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient in the third country to process the data in accordance with the European level of protection.

 

Further information on data protection can be found in HubSpot's privacy policy: HubSpot privacy policy, HubSpot information on the EU GDPR and information on the cookies used by HubSpot.

 

Google services

 

Frienton uses the Google Analytics service of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, "Google"). The registered office of Google is located in a so-called third country. Comparable data protection standards as in the EU are not established there. Therefore, suitable standard protection clauses have been agreed with Google in accordance with GDPR Art. 46, which can be viewed in Google's privacy policy.

​

Google Analytics uses cookies. The information collected in this way is usually sent to a server in the USA and stored there. After 90 days at the latest, cookies that are stored in your company if you give your explicit consent will be completely deleted.

 

There is an data order agreement between Frienton and Google. As part of this agreement, Google uses the information collected to evaluate the use of our website and provides us with other related services. We use the aforementioned evaluations and services to continuously improve our services.

​

End of the business relationship

 

Upon termination of the business relationship between Frienton and a client, we are obliged to store the client's data in accordance with the statutory retention periods. If these retention obligations are fulfilled, this data will be deleted. Data that does not fall under the retention obligations will be deleted immediately.

​

Rights as a user

 

When processing personal data, the GDPR grants visitors to our website and users of the Frienton platform certain rights:

​

• Right to information (GDPR Art. 15): As a user, you have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you also have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR. 

• Right to rectification and erasure (GDPR Art. 16 & 17): As a user, you have the right to request the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data. Furthermore, as a user, you have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in detail in GDPR Art. 17 applies. This is especially true if the data is no longer needed for the original purposes.

• Right to restriction of processing (GDPR Art. 18): As a user, you have the right to demand the restriction of processing if one of the suspensions listed in GDPR Art. 18 exists, for example in the event of objection to processing for the duration of any examination.

• Right to data portability (GDPR Art. 20): In certain cases, you as a user have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to third parties.

• Right to object (GDPR Art. 21): If data is collected on the basis of GDPR Art. 6 (1s or 1f), you as a user are granted the right to object to the processing at any time for reasons arising from your particular situation. Frienton will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

• Right to lodge a complaint with a supervisory authority (GDPR Art. 77): As a user, you have the right to lodge a complaint if you believe that the processing of your data violates data protection regulations. In particular, the right to lodge a complaint may be exercised with a supervisory authority in the Member State of residence, place of work or place of the alleged infringement.

​

Career at Frienton

​

Applicants determine the scope of the data they wish to submit to Frienton. Applications are transmitted electronically to our recruiting managers and processed there as quickly as possible. The transmission is encrypted. In addition, your data will not be passed on. Your information will be treated confidentially in our house.

​

We process the applicant data exclusively for the purpose of selecting applicants. Data processing for other purposes does not take place.

In order to be able to contact applicants at a later date, we store their profile electronically. Applicants can informally object to the storage of data at any time.

​

​

Created with ❤ for entrepreneurs as well as small and medium-sized enterprises in Germany. With Frienton you have complete integrated digital financial management system from a single source.

​