Privacy Policy

Name and Contact Details of our Controller

The controller within the meaning of data protection law for the collection and use of personal data is:

Creditreform Boniversum GmbH
Hammfelddamm 13
41460 Neuss
Germany

Tel: +49 2131 109-501
Fax: +49 2131 109-557
Email: info@boniversum.de
Website: www.boniversum.de

For more information about our company, please the imprint of our website at www.boniversum.de/en/imprint.

Contact Details of Our Data Protection Officer

You may contact our data protection at:

Creditreform Boniversum GmbH
Datenschutzbeauftragter
Hammfelddamm 13
D-41460 Neuss
Germany
datenschutz@boniversum.de

Legal Bases for Processing Personal Data

Where we process personal data, the following applies:

• Where we obtain your consent to process your personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) will serve as the legal basis for processing personal data.
• When processing personal data for the performance of a contract with you, Article 6(1)(b) of the GDPR will serve as the legal basis. This also applies where processing is necessary for steps prior to entering into a contract.
• Where processing personal data is necessary for compliance with a legal obligation to which we are subject, Article 6(1)(c) of the GDPR will serve as the legal basis.
• In case personal data must be processed to protect your or another natural person’s vital interests, Article 6(1)(d) of the GDPR will serve as the legal basis.
• Where processing is necessary for purposes of our or a third party’s legitimate interests that are not overridden by your interests or fundamental freedoms and rights, Article 6(1)(f) of the GDPR will serve as the legal basis for processing.

Data Erasure and Storage Periods

We will erase or block personal data when the purpose for its storage no longer applies. Furthermore, data may be stored if required by EU or national regulations or laws or other provisions to which we are subject as the controller. Personal data will also be stored or erased if a storage period required above expires, unless this data must continue to be stored for the conclusion or performance of a contract.

This means:Where we process personal data on the basis of consent (Article 6(1)(a) of the GDPR), this data will no longer be processed when this consent is withdrawn, except in case of other legal grounds for processing this data, such as if we may continue to process your data for the performance of contract or for purposes of our legitimate interests (see below) at the time of withdrawal.

Where we process data for purposes of our legitimate interests (Article 6(1)(f) of the GDPR) with prior consideration, we will store this data until these legitimate interests no longer apply, consideration leads to other results or you object in accordance with Article 21 of the GDPR (see the visually-emphasized “Right to Object to Processing for Purposes of Legitimate interests” under C).

Where we process personal data for the performance of a contract, we will store this data until the contract is fully performed and processed and no claims under the contract may be exercised, i.e., until the statute of limitations expires. Under Section 195 of the German Civil Code [Bürgerliches Gesetzbuch (BGB)], the statute of limitations lasts three (3) years. However, certain claims, such as damages, will only expire after 30 years (see Section 197 of the German Civil Code). In case of a legitimate reason to believe that this may be relevant, we will store personal data for this long. The above statutes of limitations will commence at the end of the year (i.e., on December 31) in which the claim was established and the creditor learns or, without gross negligence, should have learned of the circumstances establishing the claim and the identity of the debtor.

Please note that we are also subject to legal storage obligations for tax and accounting reasons which require us to store certain data, which may include personal data, for six (6) to ten (10) years as evidence of our accounting. These storage periods have priority over the above-stated erasure obligations and will also commence at the end of the respective year, i.e., on December 31.

Complaints about the deletion periods in a credit report can also be directed to the conciliation body of the association "Die Wirtschaftsauskunfteien" at:

TIGGES DCO GmbH
-Beschwerde Auskunfteien-
Zollhof 8
40221 Düsseldorf

Tel: +49 211 819982-70
E-Mail: beschwerde-auskunfteien@tigges-dco.de
Website: www.tigges-dco.de/ueberwachungsstelle

Sources of Personal Data

Personal data processed by us is primarily provided by the data subjects themselves, for example, by:

• Transmitting information, such as their IP address, to our web server via their browser and device (e.g., PC, smartphone, tablet or notebook) when using our website
• Requesting information material or offers from us as prospective customers
• Placing orders or concluding contracts as our customers
• Requesting information material, press releases, statements, etc., as media representatives
• Supplying us with goods as suppliers or performing contracted services
   

Only in exceptions will we process personal data provided by third parties, e.g., when someone acts on a third party’s behalf.

General Categories and Purposes of and Legal Bases for Processing Personal Data

We process the following categories of personal data:

• Users of our website
• Prospective customers
• Media representatives
• Customers
• Suppliers
   

Depending on the data category, we process personal data for the following purposes and on the stated legal bases of the General Data Protection Regulation (GDPR):

User data: Data of our website’s users is collected and processed by us anonymously. Persons cannot be identified. IP addresses are only processed in anonymized form. Any personal data that is processed is processed for purposes of our legitimate interests on the basis of Article 6(1)(f) of the GDPR. Our legitimate interests are our interest in the security and integrity of our website and of the data on our web server (especially to detect disruptions and errors and track unauthorized access), our marketing interests and interest in collecting data for statistical purposes (to improve our website, services and offers). We determined that processing this data is necessary for purposes of our legitimate interests and not overridden by your interests or fundamental rights and freedoms that may require the protection of this data.

Data of prospective customers/media representatives: We only process data of media representatives or prospective customers of our services that is entered into an input field or provided to us by email for an inquiry. Such data may be provided freely and will only be processed to process your inquiry. Data provided freely to us for the purpose of receiving information about our services is processed as part of the requested steps prior to entering into a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of your transmitted consent in accordance with Article 6(1)(a) of the GDPR.

Customer data: We process data of our customers for the performance of a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent in accordance with Article 6(1)(a) of the GDPR. This also applies to processing necessary for steps prior to entering into a contract (e.g., to prepare and discuss offers).

Data of suppliers/business partners: We process data of our suppliers and business partners for the performance of a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent in accordance with Article 6(1)(a) of the GDPR. This also applies to processing necessary for steps prior to entering into a contract (e.g., to prepare and discuss offers).

Recipients or Categories of Recipients of Personal Data

Your personal data will only be transferred to third parties or otherwise transmitted if necessary for contract performance (e.g., to process an order) or for billing purposes (e.g., to process payments for goods or services) or if we have a legitimate interest in such a transfer/transmission that is not overridden by your interests or fundamental rights and freedoms or to which you consented.

Categories of recipients may include:

• Service providers
• Suppliers
• Media representatives
• Payment service providers, Banks
• Tax consultants

Data Processed for Our Newsletter

You may subscribe to our free newsletter on our website or by request. When you subscribe to our newsletter, the following data from the input field will be transmitted to us:

• Your email address (mandatory)
• Your first and last name (optional)
• Your company (optional)
   

The following data will also be collected when you subscribe to our newsletter (opt-in evidence):

• Your IP address
• Time and date of your subscription

This prevents misuse of our services and of your email address and enables us to comply with our legal obligations to provide evidence that your email address actually opted in, i.e., explicitly consented to receiving our newsletter.

Subscriptions to our newsletter use the so-called double opt-in procedure. This means that, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent subscriptions using others’ email addresses. When you click on the link to confirm your subscription, your IP address and the time and date on which you clicked on the link will be recorded. We process this data to comply with our legal obligations to provide evidence that your email address actually opted in, i.e., explicitly consented to receiving our newsletter.

Your consent to processing this data will be requested and this Privacy Policy will be noted during the subscription process.

Use of the mailingwork Newsletter Service
Personal data is transferred to our newsletter service provider, mailingwork GmbH, Birkenweg 7, D-09569 Oederan, Germany, to send our newsletter, assess and analyze the user behavior of newsletter recipients and manage subscriptions. This data is only used for sending our newsletter. mailingwork complies with all legal data protection requirements. mailingwork is a German company that only processes data on German servers. We concluded a processing agreement with mailingwork that includes adequate guarantees of data security and grants us the right to issue instructions for data processing. mailingwork’s privacy policy is available at: mailingwork.de/datenschutz

Purpose of Data Processing
We collect and process the user’s email address to send our newsletter. We use this email address for marketing purposes. We record the user’s IP address and of the time and date on which the user clicks on the confirmation link in the double opt-in email to comply with our legal obligations to provide evidence of our obtainment of explicit consent. We collect other personal data as part of the subscription process to prevent misuse of our services and of the user’s email address. We document unsubscriptions from our newsletter for up to 3 years as evidence of consent and to defend against potential claims.

Legal Basis for Data Processing
The legal basis for processing data after you subscribe to our newsletter is your consent in accordance with Article 6(1)(a) of the GDPR. If you previously purchased similar goods or services, the legal basis for processing your data for our newsletter is Section 7(3) of the German Act Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb (UWG)]. The legal basis for storing your IP address and the time and date of when you clicked on the confirmation link in the double opt-in email and for potential further storage of up to 3 years after you unsubscribe from our newsletter is our legitimate interests under Article 6(1)(f) of the GDPR which consist of having evidence of your consent and defending ourselves against corresponding claims.

Storage Period
Your data will be erased when it is no longer necessary for the purposes for which it was collected. We will store your email address for as long as you subscribe to our newsletter.

Unsubscribed email addresses and related personal data that we collected when you consented to our newsletter may be stored for up 3 years on the basis of our legitimate interests in providing evidence of your consent. This data is only processed for the purpose of defending against potential claims. Erasure may be requested at any time if the original consent is confirmed.

Other personal data collected as part of the subscription process will normally be erased after 7 days.

Objection and Erasure Option
You may unsubscribe from our newsletter free of charge and informally at any time. To do so, every newsletter includes an unsubscribe link that also allows you to withdraw your consent to the storage of personal data collected during the subscription process.

Data Processed for Our Media Mailing List

You may subscribe to our free newsletter on our website or by submitting a request. When you subscribe to our newsletter, the following data from the input field will be transmitted to us:

• Your email address (mandatory)
• Your first and last name (optional)
• Your medium (optional)
   

The following data will also be collected when you subscribe to our newsletter (opt-in evidence):

• Your IP address
• Time and date of your subscription
   

This prevents misuse of our services and of your email address and enables us to comply with our legal obligations to provide evidence that your email address actually opted in, i.e., explicitly consented to receiving our press releases.

Subscriptions to our media mailing list use the so-called double opt-in procedure. This means that, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent subscriptions using others’ email addresses. When you click on the link to confirm your subscription, your IP address and the time and date on which you clicked on the link will be recorded. We process this data to comply with our legal obligations to provide evidence that your email address actually opted in, i. e., explicitly consented to being added to our media mailing list.

Your consent to processing this data will be requested and this Privacy Policy will be noted during the subscription process.

Use of the Mailingwork Newsletter Service
Personal data is transferred to our newsletter service provider, mailingwork GmbH, Birkenweg 7, D-09569 Oederan, Germany, to send our media mails, assess and analyze the user behavior of newsletter recipients and manage subscriptions. This data is only used for sending our media mails. mailingwork complies with all legal data protection requirements. mailingwork is a German company that only processes data on German servers. We concluded a processing agreement with mailingwork that includes adequate guarantees of data security and grants us the right to issue instructions for data processing. Mailingwork’s privacy policy is available at: mailingwork.de/datenschutz

Purpose of Data Processing
We collect and process the user’s email address to send our press releases. We use this email address for marketing purposes. We document unsubscriptions from our newsletter for up to 3 years as evidence of consent and to defend against potential claims.

Legal Basis for Data Processing
The legal basis for processing data after you subscribe to our media mailing list is your consent in accordance with Article 6(1)(a) of the GDPR.

Storage Period
Your data will be erased when it is no longer necessary for the purposes for which it was collected. We will store your email address for as long as you subscribe to our media mailing list.

Unsubscribed email addresses and related personal data that we collected when you consented to be added to our media mailing list may be stored for up 3 years on the basis of our legitimate interests in providing evidence of your consent. This data is only processed for the purpose of defending against potential claims. Erasure may be requested at any time if the original consent is confirmed.

Objection and Erasure Option
You may unsubscribe from our media mailing list free of charge and informally at any time. To do so, every press release includes an unsubscribe link that also allows you to withdraw your consent to the storage of personal data collected during the subscription process.

Contacting Us by E-Mail, Fax or Telephone

You may contact us in several ways. Our email address, telephone number and fax number are provided on our website. However, even when you send us an email, call us or send us a fax, we will necessarily process at least the transmitted personal data that is stored by us or our systems.

Your personal data will not be transferred to third parties and will only be used to process our conversation.

Purpose of Data Processing
Personal data that is transmitted by email, fax or telephone is processed by us to process your inquiry. We need your email address, fax number or telephone number to reply. This represents our legitimate interests in processing this data.

Legal Basis for Data Processing
The legal basis for processing this data with your consent, which may be viewed as part of our communication, is Article 6(1)(a) of the GDPR and, otherwise, our legitimate interests under Article 6(1)(f) of the GDPR in processing this data. If you contact us with the intention of concluding a contract, Article 6(1)(b) of the GDPR (steps prior to entering into a contract) will serve as an additional legal basis for processing your data.

Storage Period
Your data will be erased when it is no longer necessary for the purposes for which it was collected.

For personal data sent by email, this applies when the conversation with you ends and we waited 3 months to see if we need to refer to your inquiry or the details of your communication again. A conversation ends when the circumstances make it evident that the matter has been settled.

Fax data is stored separately from print data in the fax machine’s memory. After printing out a fax, this memory is freed up again for the next fax to be received and saved. After being printed, parts of a fax may remain in the device’s memory temporarily until it is overridden by the next received fax. Normally, data is therefore erased automatically after approx. 1-2 weeks. If you send us a computer fax, we will receive your fax as an email and our email provisions will apply.

For incoming and outgoing calls, your telephone number or your name/company registered with your telephone service provider and the time and date of your call will be saved on our telephone system in a so-called circular buffer which overrides the oldest data with new data. Normally, data will therefore be erased from our telephone system automatically after approx. 3-4 months.

Communication may be subject to storage obligations under commercial or tax law which will then have priority (see “Data Erasure and Storage Periods” above).

Objection and Erasure Option
You may withdraw your consent to processing your personal data or object to further processing of your data for purposes of legitimate interests (see “Right to Object to Processing for Purposes of Legitimate Interests” under C of this Privacy Policy) at any time. However, the conversation then cannot be continued. We allow withdrawing consent and objecting to further data processing by sending us an informal message (e.g., email). In this case, all personal data that was stored when you contacted us will be erased.

Purpose of Data Processing

Technically-necessary cookies are used to make the website easier to use for users. Certain functions of our website that require the user’s browser to be recognized when switching between pages cannot be offered without cookies. The user data collected through technically-necessary cookies is not used for profiling.

Analysis cookies are used to improve the quality and content of our website. This shows us how our website is used and allows us to optimize our offer.

Legal Basis for Data Processing
The legal basis for processing personal data using cookies is Article 6(1)(f) of the GDPR, i.e., our legitimate interests. Our legitimate interests consist of the above-stated purposes. With the user’s consent, the legal basis for processing personal data using cookies for analysis purposes is Article 6(1)(a) of the GDPR or, otherwise, our legitimate interests under Article 6(1)(f) of the GDPR for the above-stated purposes.

Storage Period
Certain cookies used by us will be deleted when your browser session ends, i.e., when you close your browser (so-called session cookies). Other cookies will remain on your device and enable use or other (third-party) service providers to recognize your device during your next visit (persistent cookies).

We also store data collected for purposes of our legitimate interests until these no longer apply, consideration leads to other results or you object in accordance with Article 21 of the GDPR (see the visually-emphasized “Right to Object to Processing for Purposes of Legitimate interests” under C). Whether our legitimate interests continue to apply is checked regularly, at least annually. Our interests especially no longer apply if the data is no longer sufficiently relevant for the assessment and statistics of the use of our website. This will be assumed, at the latest, after 3 years.

Objection and Erasure Option
Cookies are placed on and transmitted to our website by your computer. This gives you full control over the use of cookies. By changing the settings of your browser, you may disable or limit cookies. Stored cookies may be deleted at any time, including automatically. Activating such “Do Not Track” settings on your browser will be understood as your objection to the further collection and use of your personal data. Please note: if you disable cookies on our website, you may not be able to fully use all of our website’s functions.

Use of etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time by clicking on the slider. The objection has no disadvantageous consequences. If no slider is displayed, the data collection is already prevented by other blocking means.

Further information on data protection with etracker can be found here.

Use of Google Tag Manager

The Google Tag Manager is a solution from Google with which companies can manage website tags via an interface. The Google Tag Manager is a cookieless domain that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We would like to point this out separately. The Google Tag Manager does not access this data. The processing companies are: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland,

The service uses technologies such as cookies and pixels that are placed in the browser. In doing so, only aggregated data for triggering tags is collected through the use of the service. The legal basis for the processing of the data is Art. 6 para. 1 s. 1 lit. f DS-GVO. The data will be deleted after the purposes have been fulfilled.

Use of Google Ads and Google Conversion Tracking

This website uses Google Ads. Ads is an online advertising platform of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

When using Google Ads, we apply so-called conversion tracking. When you click on an ad displayed by Google, a conversion tracking cookie will be placed on your device. Cookies are small text files placed by your browser on your computer. These cookies are not used to personally identify users. If you visit certain pages of our website before the cookie expires, Google and we will learn if you click on an ad and were forwarded to this page.

Every Google Ads customer receives a different cookie. These cookies cannot be tracked through websites of Ads customers.

For more information about Google Ads and Google Conversion Tracking, please see Google’s Privacy Policy: https://www.google.de/policies/privacy/.

Purpose of Data Processing
Information obtained through the conversion cookie is used to prepare conversion statistics for us. We will learn the total number of users who clicked on our ads and were forwarded to our website. We do not receive information that could be used to personally identify users. We only use the information provided to us to analyze and optimize our marketing.

Legal Basis for Data Processing
 “Conversion cookies” are placed on the basis of Article 6(1)(f) of the GDPR. We have a legitimate interest in analyzing user behavior to optimize our online offer and our ads.

Storage Period
Cookies placed by Google will expire after 30 days.

We also store data collected for purposes of our legitimate interests until these no longer apply, consideration leads to other results or you object in accordance with Article 21 of the GDPR (see the visually-emphasized “Right to Object to Processing for Purposes of Legitimate interests” under C). Whether our legitimate interests continue to apply is checked regularly, at least annually. Our interests especially no longer apply if the data is no longer sufficiently relevant for the assessment and statistics of the use of our website. This will be assumed, at the latest, after 3 years.

Objection and Erasure Option
You may disable or limit cookies through your browser settings. Stored cookies may be deleted at any time, including automatically. Please note that, if you disable cookies on our website, you may not be able to fully use all of our website’s functions. To opt out of tracking, you may object to this use by disabling the Google Conversion Tracking cookie in your user settings. You will then not be included in our conversion tracking statistics.

Use of the “BoniBot” Chatbot

To improve availability for and communication with users and prospective customers, our website uses the chatbot “BoniBot” of Dr. Schengber & Friends GmbH, Schorlemerstr. 12-14, D-48143 Münster, Germany, (DSAF).

For more information about data protection by DSAF, please see: https://botcamp.ai/datenschutz/ (German)

We concluded a processing agreement with DSAF that provides sufficient guarantees of legally-compliant and secure data processing.

The chatbot software used on this website applies machine learning to better understand and respond to user input. Input is therefore sent to and assessed on external servers. This is necessary for the chatbot function. The chatbot does not request or require personal data. Users therefore cannot be identified if they do not enter personal data. Entered non-personal data is used for learning purposes and stored for training purposes. This represents a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. When you use the chatbot, your IP address will be recorded by the system.

Purpose of Data Processing
We use the chatbot to respond to user inquiries on our website quickly and reliably and improve user-friendliness and availability. We also use the chatbot for our advertising and marketing interests to contact prospective customers better and more quickly. We collect your IP address to distinguish you from other visitors and chatters and to prevent the same user from opening several chats simultaneously. You may enter additional data into the chat window freely for the purpose of your inquiry.

Legal Basis for Data Processing
The legal basis for processing personal data is Article 6(1)(f) of the GDPR. Our legitimate interest in processing this data consists of the above-stated purposes and processing your inquiry.

Storage Period
The data and content of the chats will only be stored on DSAF’s servers for up to 3 months and may be manually erased by us earlier.

We also store data collected for purposes of our legitimate interests until these no longer apply, consideration leads to other results or you object in accordance with Article 21 of the GDPR (see the visually-emphasized “Right to Object to Processing for Purposes of Legitimate interests” under C). Whether our legitimate interests continue to apply is checked regularly, at least annually. Our interests especially no longer apply if the data is no longer sufficiently relevant for the assessment and statistics of the use of our website. This will be assumed, at the latest, after 3 years.

Objection and Erasure Option
You have the right to object to us, on grounds related to your particular situation, to the processing of personal data concerning you. If we cannot demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, we will no longer process your data (Article 21 of the GDPR). You may also contact us by mail or email. When you object, our conversation will end.

In this case, any personal data that was stored when you contacted us will be erased if we ascertain that contractual guarantee claims or liability claims are excluded or we have no claims against you. In all other cases, your data will be blocked and only accessible to our management and only for compliance with legal storage obligations or to defend against or exercise actual or potential claims until their expiration (see our information about storage periods above).

Encryption on Our Website

Our website and any related data transfers use SSL (HTTPS protocol / TLS) encryption. The encryption algorithm of our certificate has a key length of 2048 bit.

Transferring Personal Data to Third Countries (Outside of the EU)

We intend to transfer personal data to the United States of America (USA).

This intention specifically refers to data transmissions to the following company:

• Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) 

In its Privacy Policy, Google Inc. guarantees compliance with EU standard contractual clauses which permit data transfers to the US.