Data Privacy

1. Data protection at a glance

General information according to Art. 13, 14 GDPR

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on data protection, please refer to our privacy policy listed below this text.

Collection of data on this website

Who is responsible for the collection of data on this website?

Data processing on this website is carried out by the operator of this website, namely DF Deutsche Forfait AG. You can find the contact information in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected through your provision to us. This may, for example, be data that you fill in a contact form.

Other data is collected by our IT systems either automatically or after giving your consent when you visit the website. These are mainly technical data such as:

  • IP address
  • Date and time of the request
  • Time zone difference to GMT
  • Content of the website
  • access status (HTTP status)
  • Amount of data transferred
  • Website from which you accessed our website, web browser, operating system, browser language and browser version

This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior. The lawfulness of the processing is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

What rights do you have regarding your personal data?

You have the right to obtain access to the personal data and information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You have the right to obtain without undue delay the rectification or the erasure of this data. If you have given your consent to data processing, you can withdraw this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For these purposes, as well as for further questions regarding data protection, you can contact our data protection officer or us at the address given in the imprint at any time.

Analysis tools and third-party tools

When visiting this website, your surfing behavior may be statistically analyzed. This is done primarily with so-called analysis programs.

Detailed information about these analysis programs can be found in the following data privacy policy.

2. Hosting and content delivery networks (CDN)

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We use the following hoster:

EIB Systeme GmbH
Eckendorfer Strasse 43
33609 Bielefeld

Conclusion of a contract for commissioned data processing

In order to ensure data protection-compliant processing, we have concluded a processing contract with our hoster in accordance with Art. 28 GDPR.

3. General notes and mandatory information

Data protection

The operators of the website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data with which you can be identified. This privacy policy explains what kind of data is collected and what it is used for. It also outlines how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Controller of the processing

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

The controller of data processing on this website and therefore responsible party is:

DF Deutsche Forfait AG
Nördliche Münchner Straße 9c
82031 Grünwald

Telephone: +49 89 21551900-0
E-mail: dfag@dfag.de

DF Deutsche Forfait AG is the parent company of DF Group, which has a very closely interlinked corporate structure and could not provide its services without cooperation based on the division of labor. We also process your personal data collected and processed on this website within DF Deutsche Forfait Group, which includes DF Deutsche Forfait AG and the following subsidiaries:

  • DF Deutsche Forfait GmbH, Cologne, Germany,
  • DF Deutsche Forfait s.r.o. and DF Deutsche Forfait Middle East s.r.o., both Prague, Czech Republic

The cooperation within the group is in our legitimate interest (Art. 6 para. 1 lit. f GDPR).

Duration of storage

Unless a more specific duration of storage has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for erasure of your data or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). In the latter case, the data will be deleted once the permissible reasons no longer apply.

Data protection officer

We have appointed a data protection officer for our company. For any questions, requests, further information, complaints or criticism regarding data protection, please contact:

Ms. Mareike Vogt
TÜV-SÜD Sec-IT GmbH
Ridlerstrasse 57
80339 Munich/Germany

E-mail: datenschutzbeauftragter@dfag.de

Data transfer to the USA

Amongst others, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be passed on to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Withdrawal of consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw your consent already given at any time. The legality of the data processing carried out until the withdrawal remains unaffected.

Right to object to the collection of data in special cases and to direct marketing pursuant to Art. 21 GDPR

If the data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object to the collection of data, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection in accordance with Art. 21 para. 1 GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object to the processing concerning your personal data for the purpose of such marketing at any time; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection in accordance with Art. 21 para. 2 GDPR).

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability pursuant to Art. 20 GDPR

You have the right to receive the personal data that we process by automated means based on your consent or fulfillment of a contract in a structured and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests that you send to us, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change of the address line of the browser from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Right of access, right to rectification and right to erasure pursuant to Art. 15, 16, 17 GDPR

Within the framework of the applicable legal provisions, you have the right at any time to free access to your personal data and the information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to rectification or erasure of this data. For this purpose, as well as for further questions regarding your personal data, you can contact us at any time at the address given in the imprint or via datenschutzbeauftragter@dfag.de.

Right to restriction of processing pursuant to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint or via datenschutzbeauftragter@dfag.de. The right to restriction of processing exists in the following cases:

-If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

-If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.

-If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.

-If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, your and our interests will be weighed against each other. As long as it has not yet been determined whose interests prevail, you have the right to request demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

4. Data collection on this website

Cookies

Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies is based on this consent exclusively (Art. 6 para. 1 lit. a GDPR); consent can be withdrawn at any time.

You can set up your browser to get informed about the setting of cookies, to allow cookies in individual cases, to exclude the acceptance of cookies for certain cases or in general and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and, if necessary, request your consent.

Cookie consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or withdrawal of your consent(s).
  • Your IP-address
  • Information about your browser
  • Information about your terminal device
  • The time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) or their withdrawal to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

The cookie consent technology of Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

Contract on data processing

We have concluded a processing contract with Usercentrics. This is a contract required by data protection law pursuant to Art. 28 para 3 GDPR, which ensures that Usercentrics only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Server log files

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser type and browser version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of the server request
  • IP address

A combination of this data with other data sources is not made.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 para. 1, lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The personal data that we receive via contact requests will remain with us until you request us to delete it, withdraw your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

5. Analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to and stored on a Google server in the USA.

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA before being shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have concluded a processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics on Google Analytics

This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising by Google as well as from visitor data by third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

Storage duration

Data stored by Google at user level and at event level that is linked to cookies, user identification (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

6. Investor distribution list

Personal data regarding the distribution list for investors

If you would like to receive investor information offered on the website, we require an e-mail address from you as well as information which allows us to verify you as the owner of the e-mail address provided and to obtain your consent to receive investor information. There will be no further collection of data unless you provide it to us on voluntary basis. We will use the data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the investor distribution list registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent to the storage of the data, the e-mail address and their use for sending information at any time and unsubscribe from the mailing list at the e-mail address datenschutzbeauftragter@dfag.de, which you will also find in disclaimer of all e-mails you receive. The legality of the data processing operations already carried out remains unaffected by the withdrawal.

The data you provide for the purpose of receiving the newsletter will be stored by us or the service provider until you unsubscribe from the investor mailing list. It will be deleted from the investor mailing list after you unsubscribe. The storage of data for other purposes remains unaffected by this.

After you have unsubscribed from the investor distribution list, your e-mail address may be stored by us or the service provider in a blacklist in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Disclosure to third parties

We partially use the following external service providers to fulfill our contractual and legal obligations regarding our investor distribution list:

EQS Group AG, Karlstraße 47, 80333 Munich, Germany, website: https://www.eqs.com/de/

IR.on AG, Mittelstraße 12-14, Haus A, 50672 Cologne, Germany, website: https://www.ir-on.com/

The data you provide to us via the registration form will be transmitted to the aforementioned service providers. The legal basis for the data processing is Art. 6 para. 1 lit. b and f GDPR. Our service providers will only process your data to the extent necessary to fulfill their service obligations and follow our instructions regarding this data. To ensure data protection-compliant processing, we have concluded a processing contract with our service providers.

7. Plugins and tools

Adobe Fonts

This website uses web fonts from Adobe for the standardized display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you access this website, your browser downloads the required fonts directly from Adobe for a correct display on your terminal device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when providing the fonts.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR; the consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.

For more information on Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html.

Font Awesome (local hosting)

This site uses Font Awesome for consistent font rendering. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers.

For more information about Font Awesome, please see the Font Awesome privacy policy at: https://fontawesome.com/privacy.

8. Own services

8.1 Personal data of applicants

In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure that the collection, processing and use of your data will be in compliance with applicable data protection laws as well as all other legal requirements and that your data will be treated in strict confidence.

Controller of the processing and exchange of documents within DF Deutsche Forfait Group

In the case of an application for any advertised vacancies, the responsible party for processing your personal data is the DF company specified as the employing company in the vacancy. In the case of an unsolicited application, DF Deutsche Forfait GmbH, Kattenbug 18 - 24, 50667 Cologne, Germany, is primarily responsible for data processing.

Due to our corporate structure, we work closely together in the DF Group, as described above. It is therefore in our legitimate interest (Art. 6 para. 1 lit. f GDPR) to make the application documents available to DF AG and the companies where employment is to be considered.

Categories of personal data

We only process personal data that is related to your application and that we have received from you as part of the application process [by mail or electronic means]. The data usually includes:

  • First name, last name, title
  • Your contact information such as address, telephone number, fax number, e-mail address, and/or professional position, if applicable
  • Your application data, consisting of your cover letter, curriculum vitae and the usual supporting documents and certificates
  • Further data that you provide to us in connection with your application, if applicable

In addition, we check whether you are listed on sanction lists according to the anti-terrorism regulations EC Regulation 2580/2001 and EC Regulation-881/2002. However, this check is only carried out if recruitment is imminent.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent of necessity to decide on the conclusion of an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship) in conjunction with Art. 88 and Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time. Your personal data will only be passed on within our company to persons involved in processing your application.

If the application is successful, the data submitted will be stored by our HR department based on Section 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of concluding the employment relationship.

Recipients of data

As a matter of principle, we will only use your application documents for the decision process to fill the position for which you have applied. For this purpose, we will forward your application documents to the employees involved in the application process.

If you submit an unsolicited application that does not relate to a specific position, we may use your application documents for the decision process to fill any position under consideration. For this purpose, we will forward your application documents to colleagues from the department in which a subsequent position may be considered.

Due to the organizational structure of DF Group, your application may be forwarded to various DF companies and processed there, as described above.

Data transfer to third parties and transfer to third countries

We do not transfer your applicant data to persons outside DF Group. We also do not transfer your applicant data to a third country outside the EU or to any international organization.

Storage and deletion periods

Your personal data will be stored for the period of the application procedure that is necessary for a decision on your application.

If your application does not result in an employment, we will delete your applicant data after six months from final rejection by you or by our company. Digital data will be deleted, physical application documents disposed appropriately. Longer storage may take place if you have given your consent (Art. 6 Para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.

Longer retention periods only apply in each case you have separately consented to longer retention or, exceptionally, there is a legitimate interest in archiving and your interest in deletion does not outweigh this interest.

Your rights

Insofar as we process your personal data, you are entitled to various claims against us under data protection law. You have the right to,

  • obtain information about the data stored and its origin, the purpose of processing and the recipients (Art. 15 GDPR) or
  • under certain conditions, to demand rectification, blocking (restriction of processing) or erasure of your personal data (Art. 16 - 18 GDPR, § 35 BDSG),
  • to request the transfer of your data to another data controller where the processing is carried out by automated means (Art. 20 GDPR), as well as
  • complain to us or a competent data protection authority about the data processing (Art. 77 GDPR).

You may also object to the further processing of your data if we process your data based on a legitimate interest (Art. 6 para. 1 p. 1 f GDPR). As we do not process your applicant data for advertising purposes, this requires a reason arising from your particular situation. In the event of an objection, we will no longer process your personal data to which the objection relates from the time of receipt during the subsequent review and will delete it after completion of the review - in the event of a justified objection (Section 36 BDSG, Art. 21 GDPR).

You can withdraw any consent you have given us to process your data (Art. 6 para. 1 lit. a GDPR) at any time; we will then no longer process your personal data unless there is a legal obligation to do so.

8.2 Communication data of business partners

In the following, we inform you about the scope, purpose and use of your personal data collected in the context of communication and your rights in this regard.

Controller of the processing and data exchange within DF Deutsche Forfait Group

The DF company with which you are in contact is primarily responsible for data processing in the context of communication. In addition, due to our corporate structure, an exchange takes place within DF Group as part of our legitimate interest, as explained in the introduction.

Categories of personal data

We only process personal data that is necessary for communicating with you. The data usually includes:

- First and last name, title

- Professional contact information such as address, telephone number, fax number, email address,

and possibly:

- Date of birth

- Place of birth

- Nationality

- Passport number

We collect this personal data

- first of all from you as the person concerned, or

- if necessary, through communications by third parties (banks, customers, intermediaries), or

- if necessary, on the basis of research from sources that are publicly accessible.

Purposes of processing and legal basis

Your personal data will be processed in accordance with GDPR and the German Federal Data Protection Act (BDSG), insofar as this is necessary in the context of communication.

We process your personal data for the following purposes:

  • Communication with business partners regarding services, e.g. to process customer inquiries (Art. 6 para. 1 lit. b, lit. f GDPR);
  • Contract initiation, contract processing and contract management (Art 6 para. 1 lit. b GDPR);
  • Customer service, support and maintenance of contact where this is in our legitimate interest (Art. 6 para. 1 lit. f GDPR);
  • Extrajudicial and judicial assertion of our own claims arising from the contractual relationship with you (Art. 6 para. 1 lit. b, c, f GDPR);

- In accordance with the anti-terrorism regulations defined in EC Regulation 2580/2001 and EC Regulation 881/2002, DF Deutsche Forfait AG and its subsidiaries are prohibited from concluding economic relationships organizations and persons under suspicion of terrorism. In order to comply with respective regulations, we are obliged to check all potential business customers against sanctions lists of suspected terrorists (Art. 6 para. 1 lit. c GDPR).

If you give us your consent to process your personal data for other purposes, Art. 6 para. 1 lit. a GDPR forms the legal basis. Your consent can be withdrawn at any time with effect for the future.

Recipients of the data

Due to the organizational structure of DF Group, your data may be transferred to various DF companies and processed there, as described at the beginning. Within our company, data is only passed on to persons and departments that require your data to fulfill your legitimate interests as well as contractual and legal obligations.

Personal data will only be passed on if this is necessary for the execution or fulfillment of the contract or pre-contractual measures, if legal regulations permit this or if we have received your consent.

Disclosure to third parties and transfer to third countries

We transfer personal data to banks if this is required for the fulfillment of the contract. The recipient banks may also be located in countries outside the EU (third countries).

In this case, we ensure an appropriate level of data protection in the target country in compliance with Art. 44 et seq. GDPR, mostly by concluding standard contractual clauses with our contractual partners in third countries or by other guarantees that ensure data protection.

Storage and deletion periods

We store your personal data as long as a contractual relationship with you exists, based on our legitimate interest. In addition, we are subject to statutory storage and documentation obligations, which result, among other things, from the German Commercial Code and the German Fiscal Code. After expiry of the respective periods, we delete your personal data, unless there is a legitimate interest in archiving and your interest in deletion does not outweigh this interest.

Your rights

Insofar as we process your personal data, you are entitled to various claims against us under data protection law. You have the right to,

  • obtain information about the data stored and its origin, the purpose of processing and the recipients (Art. 15 GDPR) or
  • under certain conditions, to demand rectification, blocking (restriction of processing) or erasure of your personal data (Art. 16 - 18 GDPR, § 35 BDSG),
  • to request the transfer of your data to another data controller where the processing is carried out by automated means (Art. 20 GDPR), as well as
  • complain to us or a competent data protection authority about the data processing (Art. 77 GDPR).
  • You may also object to the further processing of your data if we process your data based on a legitimate interest (Art. 6 para. 1 p. 1 f GDPR). As we do not process your applicant data for advertising purposes, this requires a reason arising from your particular situation. In the event of an objection, we will no longer process your personal data to which the objection relates from the time of receipt during the subsequent review and will delete it after completion of the review - in the event of a justified objection (Section 36 BDSG, Art. 21 GDPR).

You can withdraw any consent you have given us to process your data (Art. 6 para. 1 lit. a GDPR) at any time; we will then no longer process your personal data unless there is a legal obligation to do so.

9. Final contact information

To protect your rights and in case of questions, criticism and suggestions, please contact our external data protection officer:

Ms. Mareike Vogt
TÜV -SÜD Sec-IT GmbH
Ridlerstrasse 57
80339 Munich/Germany

E-mail: datenschutzbeauftragter@dfag.de