Privacy policy

Thank you for your interest in our service. The protection of your data and its confidentiality are very important to us. In the following, we would therefore like to explain to you which personal data we process for what purpose and in what form when you use our service. Of course, we comply with the legal provisions of the General Data Protection Regulation (GDPR), the new Federal Data Protection Act (BDSG-neu), as well as other data protection regulations.

1. Scope

This privacy policy applies to the www.vantik.com website, all other websites by Vantik GmbH, the Vantikcard app, the Vantik app and our other online presences.

2. Person in charge

Vantik GmbH (hereinafter "we" or "Vantik") is a service operator in the sense of §13 Telemedia Act, §18 para. 2 MStV and responsible body in the sense of §3 para. 7 Federal Data Protection Act. The protection of privacy and the protection of our users are of particular importance to us. You can access this privacy policy at any time under the heading "Privacy Policy" at https://vantik.com/de/datenschutz on our website.


Vantik GmbH

Rosenthaler Str. 13

10119 Berlin

Germany


Email: hello@vantik.com

Website: www.vantik.com

Data Protection Officer: Sarah Fliegner

3. Provision of the website and log files

Description and scope of data processing

Every time you access our websites, data is automatically processed in log files that originate from your terminal device and may also include personal data. This applies to the following data:

  • Browser type/version
  • Operating system
  • Provider name
  • IP address
  • Date and time of the call
  • Websites visited (and any search terms)
  • Referrer URL (the previously visited page)

We do not process this data together with other personal data of yours, i.e. we do not assign this data to your person.

Legal basis for data processing

The legal basis for the processing of this data is Art. 6 (1) f) GDPR. As a website operator, we have a legitimate interest in data processing.

Purpose of data processing

The processing is necessary to ensure the functionality of the website and to perform statistical analyses in order to optimize and correctly display the content of our websites and, if necessary, to provide law enforcement authorities, e.g. in the event of a cyber attack, with the information necessary for prosecution. This is also a legitimate interest in data processing. This data processing is absolutely necessary for the operation of the websites. There is therefore no possibility to object.

Duration of storage

The above mentioned data will be deleted as soon as they are no longer required to achieve the aforementioned purposes. In the case of processing your IP address, the deletion takes place after 3 months at the latest.

4. Own cookies

Description and scope of data processing

For some of our services, it is necessary that we use so-called cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to run programs or download viruses onto your computer. The main purpose of our own cookies is rather to provide an offer tailored specifically to you and to make the use of our services as time-saving as possible. We use our own cookies in particular

  • for login authentication
  • to save your language settings
  • to indicate that information placed on our website has been displayed to you - so that it will not be displayed again the next time you visit the website
  • to understand how you use our offer

In addition, we also use cookies and comparable technologies (e.g. web beacons) from partners for analysis and marketing purposes.

Legal basis for data processing

We want to enable you a more comfortable and individual use of our website. These services are based on our aforementioned legitimate interests, the legal basis is Art. 6  (1)  f) GDPR.

5. Cookies and web tracking for analysis purposes

Description and scope of data processing

In order to improve our website, we use cookies and comparable technologies (e.g. web beacons) for statistical collection and analysis of general usage behavior based on access data. In addition, we use analytics services to evaluate the use of our various marketing channels. Some of the access data generated during the use of our website is used for interest-based advertising. By analyzing and evaluating this access data, we are able to display personalized advertising to you on our website and on the websites of other providers.

Legal basis for data processing

The legal basis for this data processing, which is described in more detail in the following section, is Article 6 (1) f) GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website. In the following list of the technologies used by us, you will also find information on how to object to our analysis measures by means of a so-called opt-out cookie. Please note that after deleting all cookies in your browser or the subsequent use of another browser and/or profile, an opt-out cookie must be set again.

If you wish to object to the use of cookies and similar technologies in your browser, you can do so in the settings of your browser. This will disable all third-party cookies for web tracking and analytics purposes.

Services used

Google Analytics und Google Analytics Remarketing

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Mutterunternehmen: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google")

Description

Google Analytics uses cookies and similar technologies to analyze and improve our website based on your user behavior. Your IP address is shortened before the usage statistics are analyzed so that no conclusions can be drawn about your identity. For this purpose, the code "anonymizeIP" has been added to Google Analytics on our website to ensure anonymized collection of IP addresses.

Opt-out cookie

You can, as mentioned above, configure your browser to refuse cookies or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address), as well as the processing of this data by Google, by downloading and installing a browser add-on provided by Google.

Purpose of processing

Google will process the information obtained through the cookies in order to evaluate your use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage.

Data protection outside the EU/EEA

We have agreed standard data protection clauses of the European Commission with Google:

https://privacy.google.com/businesses/processorterms/mccs/

Privacy policy

https://policies.google.com/privacy?hl=de

Google Optimize

Provider

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google Optimize")

Description

Google Optimize is a service of Google Analytics. The cookies used by Google Optimize enable an optimization and analysis of your use of our website. As a rule, the cookies generated are transferred to a Google server in the USA and stored. Our use of Google Optimize takes place with IP anonymization activated, which means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to evaluate your use of our website, to create reports on optimization tests and related website activities, and to provide us with other services related to the use of the website and the internet.

Purpose of processing

Google Optimize helps us to improve the attractiveness and functionality of our website. With the help of Google Optimize, we play out new content and features to a percentage of our users and statistically evaluate the change in usage.

Opt-out cookie

You can prevent the storage of cookies by setting your browser accordingly. In addition, you can prevent the collection of data generated by the cookie and related to your use to Google and the processing of this by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Data protection outside the EU/EEA

We have agreed standard data protection clauses of the European Commission with Google:

https://privacy.google.com/businesses/processorterms/mccs/

Privacy policy

http://www.google.com/policies/privacy

Google Tag Manager and Google AdWords Conversion Tracking

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Mutterunternehmen: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google")

Description

By means of "AdWords Conversion Tracking", we record and analyze defined customer actions (such as clicking on an ad, page views, downloads). We use "AdWords Remarketing" to show you individualized advertising messages for our products on partner websites of Google. Both services use cookies and similar technologies for this purpose. If you use a Google account, Google may, depending on the settings stored in the Google account, link your web and app browsing history with your Google account and use information from your Google account to personalize ads.

Purpose of processing

We use the Google Tag Manager and Google AdWords Conversion Tracking services to display ad campaigns on Google's platform and measure their success.

Opt-out cookie

If you do not want this assignment to your Google account, it is necessary that you log out of Google before accessing our website. You can configure your browser to reject cookies. In addition, you can deactivate the "personalized advertising" button in Google's advertising settings. In this case, Google will only display general advertising that has not been selected based on the information collected about you.

Data protection outside the EU/EEA

We have agreed standard data protection clauses of the European Commission with Google:

https://privacy.google.com/businesses/processorterms/mccs/

Privacy policy

https://policies.google.com/privacy?hl=de

Facebook-Pixel and use of Facebook Remarketing

Provider

Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook")

Description

Our websites use so-called conversion and retargeting tags (also "Facebook Pixel") of the social network Facebook for marketing purposes. For this purpose, Facebook processes data that the service collects via cookies and similar technologies on our website. The data generated in this context may be transferred by Facebook to a server in the USA for evaluation and stored there.

Purpose of processing

We use Facebook Pixel to analyze the general use of our websites and to track the effectiveness of Facebook advertising ("conversion"). In addition, we use Facebook Pixel to play you individualized advertising messages based on your interest in our products ("retargeting").

Opt-out cookie

If you are a Facebook member and have allowed Facebook to do so via your account's privacy settings, Facebook may also link the information collected about your visit to us to your member account and use it to target Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. If you deactivate the data processing by Facebook, it will only display general Facebook ads that are not selected on the basis of the information collected about you.

Data protection outside the EU/EEA

In the event that personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield.

We have also agreed standard European Union data protection clauses with Facebook:

https://www.facebook.com/legal/EU_data_transfer_addendum

Privacy policy

https://www.facebook.com/about/privacy

TwitterAds

Provider

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter")

Description

We use services of the microblogging service Twitter. The data processed in this way does not contain any concrete information about your person or data that we have exchanged in the context of a contractual relationship or that you have entered in an inquiry on our site, and it does not allow your person to be identified. Only general and technical information about accessed pages is evaluated. This pseudonymous information is also not combined with other information about your person.

Purpose of processing

Twitter enables us to use target group-based advertising, re-targeting and conversion tracking for online advertising. This involves serving ads to specific audiences based on a selection of general criteria, such as demographics, regions, or interests. In addition, Twitter allows us to target ads based on your past page views. For example, you may be shown ads from us if you have shown interest in our service (re-targeting).

Opt-out cookie

You can prevent this data processing by selecting the appropriate settings on your web browser to prevent the storage of cookies; we would like to point out that in this case you may not be able to use all functions of our website to their full extent. Twitter also adheres to the do-not-track setting of your browser. As a Twitter user, you can also prevent this data processing by deactivating the "tailor ads based on information shared by advertising partners" checkbox next to the "sponsored content" heading in the security and privacy settings.

Data protection outside the EU/EEA

We have agreed standard European Union data protection clauses with Twitter:

https://privacy.twitter.com/en/for-our-partners/global-dpa

Privacy policy

https://twitter.com/settings/your_twitter_data

Bing Ads

Provider

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft")

Description

Our website uses Bing Ads, a service provided by Microsoft Corporation. Microsoft uses cookies and similar technologies to present you with ads that are relevant to you. Microsoft Bing Ads uses a cookie to recognize that an ad has been clicked on and redirected to our website. We learn only the total number of users who have clicked on a Bing ad and no personal information about the identity of the user is disclosed. The data generated in this context may be transferred by Microsoft to a server in the USA for evaluation and stored there for a maximum of two years.

Purpose of processing

We use Bing Ads to enable ads based on prior visits to our or other websites on the internet. The use of these technologies enables Microsoft and its partner sites to serve ads based on prior visits to our or other sites on the internet.

Opt-out cookie

You may refuse the use of cookies by selecting the appropriate settings on your browser (as described above); please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by cookies and related to your use of the website to Microsoft, as well as the processing of this data by Microsoft, by deactivating the personalized ads on Microsoft's objection page. Please note that in this case, after deleting all cookies from your browser or using a different browser and/or profile at a later time, you will need to opt-out again.

Data protection outside the EU/EEA

In the event that personal data is transferred to the USA, Microsoft has submitted to the EU-US Privacy Shield and we have agreed standard European Union data protection clauses with Microsoft:

https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

Privacy policy

https://privacy.microsoft.com/de-de/privacystatement

Linkedin Ads

Provider

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn")

Description

We use the conversion tracking technology and the retargeting function of LinkedIn on our website. For this purpose, the LinkedIn tag is embedded on our website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

Purpose of processing

LinkedIn Ads can be used to serve personalized ads on LinkedIn to visitors of this website. We also have the ability to generate anonymous reports on the performance of the ads and website interaction information.

Opt-out cookie

If you are logged in to LinkedIn, you can deactivate the data collection at any time using the following link:

https://www.linkedin.com/psettings/enhanced-advertising

Privacy policy

https://www.linkedin.com/legal/privacy-policy

Post Affiliate Pro

Provider

Quality Unit, s.r.o. Tomanova 80/c, SK-83107 Bratislava, Slovakia ("Post Affiliate Pro")

Description

The cookies used by Post Affiliate Pro are used to track the origin of website interactions, offers and services used, which were generated via links of our affiliate partners. Among other things, Post Affiliate Pro can recognize that you, as a visitor to the website, have clicked on the affiliate link on our affiliate partner's website.

Purpose of processing

We use Post Affiliate Pro to organize our affiliate program.

Opt-out cookie

If you wish to object to the evaluation of user behavior via cookies, you can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

Privacy policy

https://www.postaffiliatepro.com/privacy-policy-post-affiliate-pro/

Outbrain

Provider

Outbrain UK Ltd, 5 New Bridge Street, London, EC4V 6JA, UK ("Outbrain")

Description

In some areas of our website we use the technology of the provider Outbrian. With the help of a so-called widget, you as a user are referred to further content within our website and on third-party websites that may be of interest to you. The content displayed in the Outbrian widget is automatically controlled and delivered by Outbrian in terms of content and technology. The further reading recommendations integrated by Outbrain, e.g. below an article, are determined on the basis of the content you have read so far. For the display of this interest-based further content, Outbrain uses cookies that are stored on your device. The display of reading recommendations by Outbrain using cookies is done on a purely pseudonymous basis. To anonymize the IP address, the last part of the IP address is removed.

Purpose of processing

Our website uses the technology of the provider Outbrain to point you to further content within our website and on websites of third parties that may also be of interest to you.

Opt-out cookie

You can prevent the use of cookies by setting your browser accordingly, by clicking on "decline" or opt-out under Outbrian's privacy policy. The opt-out only applies to the device you are using and also loses its validity when you delete your cookies.

Privacy policy

https://www.outbrain.com/de/legal/privacy

Hotjar

Provider

Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 314, Malta ("Hotjar")

Description

Hotjar works with cookies and other technologies to collect information about the behavior of website visitors and about their end devices – in particular, IP address of the device (collected and stored only in anonymized form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information in a pseudonymized user profile. The information is neither used by Hotjar nor by us to identify individual users nor is it merged with other data about individual users. The cookie stored in your browser in case of your consent will be completely deleted after 365 days at the latest.

Purpose of processing

We use Hotjar to better understand your needs as a visitor to our website and to optimize the experience on our website. Using Hotjar's technology, we get a better understanding of the website visitor experience (e.g., how much time you spend on which pages, which links you click, etc.) and this helps us tailor our website's offerings based on feedback.

Opt-out cookie

As a website visitor, you can object to Hotjar storing a user profile and information about your visit to our website, as well as to Hotjar setting tracking cookies on other websites, by following the instructions at the link below:

https://www.hotjar.com/privacy/do-not-track/

Privacy policy

https://www.hotjar.com/legal/policies/privacy/


Taboola

Provider

Taboola, Inc, 16 Madison Square West, 7th Floor, New York, New York 10010, USA ("Taboola")

Description

Taboola enables us to provide user-specific recommendations for content and ads based on browsing behavior and customer interests. Taboola collects and processes the following data by means of cookies: Target page, subsequent page, pages visited, clicks, user status conversion data. The data collected is anonymous for us and therefore does not allow us to draw any conclusions about your user identity. The cookie stored in your browser in case of your consent will be completely deleted after 365 days at the latest.

Purpose of processing

We use Taboola for conversion measurement. This allows us to track the behavior of our users after they have been redirected to the website by clicking on a Taboola ad. This procedure is used to evaluate the effectiveness of the Taboola ads for statistical and market research purposes and can help to optimize future advertising measures.

Opt-out cookie

You can deactivate the use of cookies at any time by making the appropriate settings via Taboola's privacy policy. After you have opted out, you will no longer receive personalized advertising.

https://www.taboola.com/policies/privacy-policy#user-choices-and-opting-out

Data protection outside the EU/EEA

We have agreed standard data protection clauses of the European Commission with Taboola:

https://www.taboola.com/policies/media-privacy-addendum

Privacy policy

https://www.taboola.com/policies/privacy-policy

Crazy Egg

Provider

Crazy Egg, Inc, 16220 Ridgeview Lane, La Mirada, California, 90638, USA ("Crazy Egg")

Description

Crazy Egg is a web tracking tool and uses cookies to analyze your use of our website. The information generated by the cookie about your use of our website is usually transmitted to a Crazy Egg server in the USA and stored there. No personal data is collected, processed or used through the use of Crazy Egg.

Purpose of processing

We use Crazy Egg as a tracking tool with which we record randomly selected individual visits (only with anonymized IP address). Crazy Egg uses cookies to evaluate how you use the website (e.g. which content is clicked on). For this purpose, a usage profile is visually displayed.

Opt-out cookie

You can prevent the storage of cookies by selecting the appropriate settings on your browser. You can also prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) to Crazy Egg as well as the processing of this data by Crazy Egg by following the instructions under the following link: http://www.crazyegg.com/opt-out

Data protection outside the EU/EEA

We have agreed with Taboola on standard data protection clauses of the European Commission to oblige Crazy Egg to comply with an adequate level of data protection.

Privacy policy

http://www.crazyegg.com/privacy

6. Vantikcard waiting list

Description and scope of data processing

In order to give people interested in Vantikcard the opportunity to register before the launch and thus get access to Vantikcard as early as possible, we have set up a waiting list. Interested people can register on this waiting list and thus receive relevant information about Vantikcard. For the management of the waiting list we use the solutions of ReferralHero.

Legal basis for data processing

The legal basis of the processing is your consent according to Art. 6 (1)  a) GDPR.

Services used

ReferralHero

Provider

Sparktech Software Ltd, 102 Bromstone Road, Broadstairs, CT10 2HX, United Kingdom, ("ReferralHero")

Description

ReferralHero and its service providers automatically collect certain information using tracking technologies such as cookies, web beacons and similar technologies, and web forms. Your information is never sold or shared with third parties for their own business interests. Records containing your information may be used from time to time for troubleshooting or in connection with investigations of platform performance issues or security incidents. In addition, these records may also be used to detect and prevent spam and to detect and prevent abuse.

Purpose of processing

We use ReferralHero to give you access to our waiting list and to run our referral campaign. We also use ReferralHero to send emails with information such as waitlist position, referred members, and milestones.

Privacy policy

https://referralhero.com/privacy-policy

7. Newsletter

Description and scope of data processing

You have the option to subscribe to our newsletter, in which we will inform you regularly about innovations to our products and promotions. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter.

The storage serves the sole purpose of sending you the newsletter and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in each newsletter. A message to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose.

We use standard market technologies in our newsletters to measure interactions with the newsletters (e.g., opening of the e-mail, links clicked). We use this data in pseudonymous form for general statistical evaluations and for the optimization and further development of our content and customer communication. This is done with the help of small graphics embedded in the newsletters (so-called pixels). The data is only collected pseudonymously and is not linked to your other personal data. We want to share content that is as relevant to our customers as possible via our newsletter and better understand what readers are actually interested in.

Legal basis for data processing

The legal basis for the processing is your consent pursuant to Art. 6 (1) a) GDPR. The legal basis for measuring the interaction with our emails is our legitimate interest according to Art. 6 (1)  f) GDPR.

Duration of storage

If you do not want the analysis of usage behavior, you can unsubscribe from the newsletters or deactivate graphics in your email program by default. The data on the interaction with our newsletters is stored pseudonymously for 30 days and then completely anonymized.

Services used

Customer.io

Provider

Peaberry Software Inc, 921 SW Washington St, Suite #820, Portland, OR 97205, USA ("Customer.io")

Description

To send our newsletter, we use the tool Customer.io. For this purpose, your data is also stored by Customer.io. Customer.io collects and stores the following data each time a file is requested from their website: IP address, website from which the respective file was retrieved, name of the file, date and time of the retrieval, amount of data transferred and message about the success of the retrieval. This access data is used exclusively in a non-personalized form for the technical optimization of the sending and presentation of the e-mails or for statistical purposes. Your data will not be passed on to other third parties by Customer.io.

Purpose of processing

We use Customer.io to send our newsletter and to evaluate how the newsletters are opened and used.

Data protection outside the EU/EEA

We have agreed standard European Union data protection clauses with Customer.io:

https://customer.io/legal/scc/

Privacy policy

https://https://customer.io/privacy-policy.html

Mailchimp

Provider

Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA ("Mailchimp")

Description

Mailchimp is a newsletter distribution platform of the US provider Rocket Science Group, LLC. After you have registered for our newsletter, you will receive a confirmation email (double opt-in process). Your registration is logged so that we can prove that we have your consent to use your personal data to send the newsletter. For this reason, the time of your registration, the confirmation time and the IP address are also stored. After completion of the registration process, MailChimp stores your data on its own servers and uses it to send the newsletter on our behalf. MailChimp may also use the data to improve its own services, but will never use it to contact you directly or share your data with third parties.

Purpose of processing

We use Mailchimp to organize and further evaluate the sending of newsletters. With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to the servers of MailChimp in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

Data protection outside the EU/EEA

We have entered into a "Data Processing Agreement" with MailChimp, a contract in which MailChimp undertakes to protect the data of our users: https://mailchimp.com/legal/data-processing-addendum/

Privacy policy

https://mailchimp.com/legal/privacy

8. Registration process

Description and scope of data processing

As part of the registration process in the app or via our website, the following personal data is collected and processed:

  • Name and first name
  • Address (street, zip code, city, country)
  • E-mail address
  • Phone number (mobile number)
  • Dates of birth (date, place, country)
  • IBAN, BIC, Bank details
  • Nationality
  • Tax liability
  • Profession, industry
  • Voluntary information on net income, savings, sources of funds, and investment experience
  • Gender

The data collected during the registration process will be forwarded to our partner bank DAB BNP Paribas for the purpose of account opening. The corresponding data protection provisions of DAB BNP Paribas apply:

https://b2b.dab-bank.de/Footer/Datenschutzerklaerung/

Legal basis for data processing

The legal basis for data processing in the context of providing our service is Art. 6 (1) b) GDPR. In addition, we are required by law to store the data forwarded to DAB BNP Paribas; the legal basis for this is Art. 6 (1) c) GDPR.

Purpose of data processing

This data is processed to create your account, to provide you with the necessary access data and for the purpose of communication.

Duration of storage

The above data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case at the end of the third year after the termination of the contract, unless storage beyond this is provided for on the basis of regulations issued by the European or national legislator in Union law.

9. Video identification

Description and scope of data processing

In the course of registering with Vantik and opening an account with BNP DAB Paribas, you will be required to execute your identity via video identification through IDnow. During the registration process you will be redirected via link to the provider IDnow GmbH, Auenstraße 100, 80469 Munich, Germany ("IDnow"). Vantik transmits to IDnow the data you provided during the registration process.

The identification is done with a valid ID document, your identity and age will be verified. A prerequisite for video identification is that you allow IDnow access to the camera and microphone of your mobile device. During the identification process, a secure video connection is created between IDnow and your mobile device. During the video identification process, parts of the conversation are recorded and stored as proof of execution.

After the video identification is completed, the data is forwarded from IDnow to Vantik, where the height and eye color in your ID document are blacked out by IDnow beforehand. Vantik then forwards the data to BNP DAB Paribas.

  • Images & data on identification documents:
  • Identification document data: type of identification document, country of issue, issuing authority, date of issue, date of validity, first name, last name, address, date of birth, place of birth, nationality, gender.
  • Pictures of the identification document: front and back side, security features
  • Video Logs
  • Audio Logs

Legal basis for data processing

The legal basis for the transfer of data in this step is Art. 6 (1) b) GDPR.

The legal basis for forwarding the data collected during the video identification procedure is Art. 6 (1) b) GDPR. The implementation of the video identification is based on Art. 6 (1) c) GDPR in order to comply with the provisions of the GwG. The legal basis for the processing of the data is additionally Art. 6 (1) a) GDPR. You give your consent to the processing of the personal data in question at the beginning of the video call with the IDnow employee verifying your identity, who asks you about the making and processing of the recordings. We delete the data insofar as they are no longer required for the respective purpose and no contractual or legal retention obligations exist.

You can learn more about video identification in IDnow's privacy policy: https://www.idnow.io/de/datenschutz/

Purpose of data processing

The processing of the above personal data is carried out for the fulfillment of our contractual service obligations, which we provide you with our mobile app or via our website.

10. Customer service

Description and scope of data processing

We use the ticket system of the company Zendesk and the company Intercom to process customer requests. In order to process your requests, necessary data such as surname, first name, postal address, telephone number, e-mail address may be collected via our website in order to be able to answer the request.

Legal basis for data processing

The legal basis for data processing is Art. 6 (1)  a) and b) GDPR (consent and fulfillment of contract).

Services used

Zendesk

Provider

Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA ("Zendesk")

Description

We use Zendesk as a tool for our customer service, which includes emails, chat function and calls. When you use Zendesk, the IP address of your terminal device and the address of the sub-site from which you access Zendesk are collected. Zendesk also uses cookies and similar technologies. The data collected in this context may be transmitted to and stored on a Zendesk server in the United States. The conducted conversations are logged and stored.

Purpose of processing

We use Zendesk to process user requests faster and more efficiently. With the help of Zendesk, we improve our communication by being able to classify, sort, and respond to emails in a personalized way. We also use Zendesk to organize and execute phone calls with customers.

Data protection outside the EU/EEA

Zendesk has submitted to the EU Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active

Privacy policy

https://www.zendesk.com/company/customers-partners/privacy-policy/


Intercom

Provider

Intercom, Inc, 98 Battery Street, Suite 402, San Francisco, California 94111, USA ("Intercom")

Description

Intercom is a communication service that we use for support requests. In order for this to be possible, contact information such as your email address and name must be synchronized with Intercom via an interface. Intercom uses user data only for technical processing of requests and does not share it with third parties. We also use Intercom for statistical analysis of the use of our website. Intercom analyzes the use of our website by means of cookies and tracks our customer relations, with the aim of improving our offer.

Purpose of processing

We use Intercom to respond to your support requests.

Opt-Out Cookie

You can prevent the installation of cookies by setting your browser accordingly. You can object to the sending of e-mails and performance measurement by Intercom at any time - among other things, each e-mail contains a corresponding link for unsubscribing.

Data protection outside the EU/EEA

Intercom is certified under the EU-US Privacy Shield:

https://www.intercom.com/privacy#addendum

Privacy Policy

https://www.intercom.com/privacy


11. Other services

Amazon Web Services (AWS)

Provider

Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210, USA ("Amazon")

Description

Our Vantik and Vantikcard app - and therefore your user account - is hosted by Amazon Web Services on servers in Germany.

Legal basis for data processing

The involvement of AWS is based on our legitimate interests in a secure and efficient provision and optimization of our offer pursuant to Art. 6 (1) f) GDPR in conjunction with Art. 28 GDPR (order processing).

Data protection outside the EU/EEA

Amazon takes strict technical measures to protect your personal data. Amazon does not share your personal information with third parties unless the sharing is necessary to perform the agreed services or Amazon must do so to comply with the law or a valid and binding order of a governmental or regulatory authority. The data transmitted for this purpose will be limited to the minimum necessary.

Amazon may also store the information in countries outside the European Economic Area. However, Amazon will take the necessary steps to ensure that an appropriate level of data protection is maintained.

Amazon participates in the EU-US Privacy Shield if your data is transferred to the USA.

You can find more details here:

https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Privacy policy

https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_German_2020-08-15.pdf

Adjust

Provider

Adjust GmbH, Saarbrücker Str. 38a, 10405 Berlin, Germany ("Adjust")

Description

Adjust collects and uses the IP address and - if not deactivated by the user in the system settings of his device - temporary device identification numbers on our behalf. Your data is pseudonymized immediately after collection and before further processing. A direct conclusion to your person is not possible. The information collected through this use is only used to analyze the function and use of the app, for example by creating aggregated evaluations and graphics on the number of visits and the number of pages called up per user.

Legal basis for data processing

The legal basis for data processing is Art. 6 (1) f) GDPR (legitimate interest). We have a legitimate interest in providing effective advertising measures.

Purpose of processing

This information is used for our own market research and to optimize our own advertising measures.

Privacy policy

https://www.adjust.com/terms/privacy-policy/


Zapier

Provider

Zapier, Inc, 548 Market St. #62411, San Francisco, California 94104, USA ("Zapier")

Description

Zapier is an online tool that makes it possible to link different web applications, transfer data and thus realize process automation. It does this by automatically linking and synchronizing the actions of the software we use, so that recurring processes can be executed automatically. In the process, your customer data is logged and saved.

Purpose of processing

In order to interconnect tools and thus comply with the request for information and documentation via the contact form, we use the integration service provider Zapier.

Data protection outside the EU/EEA

Zapier Inc. is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with the European level of data protection:

https://www.privacyshield.gov/participant?id=a2zt0000000TNk2AAG

Privacy policy

https://zapier.com/privacy

Segment

Provider

Segment.io, Inc. 101 15th St San Francisco, CA 94103, USA ("Segment")

Description

Segment processes your data (consent, shortened IP address) as a necessary part of the function of the website and the app in order to load custom services on the site. Segment stores this data pseudonymously for recognition.

Data protection outside the EU/EEA

Segment is certified in the U.S. under the EU-U.S. Privacy Shield, so there is an adequate level of data protection for data at Segment. You can find more information here:

https://segment.com/legal/data-protection-addendum/

Privacy policy

https://segment.com/legal/privacy/

SaltEdge

Provider

SaltEdge Ltd., Level 39, One Canada Square, Canary Wharf, London E14 5AB, UK ("SaltEdge")

Description

To provide our services within the app, we work with the service provider SaltEdge as an account information service provider. Through SaltEdge, we give you the ability to link one or more of your accounts and credit cards within the app so that we can generate round-up payments based on the transaction data and invest them for you.

The following data will be processed:

  • Bank account information: First name, last name, bank name, IBAN, BIC, account number, bank code, account balance.
  • Transaction data: Date, merchant, amount paid
Legal basis for processing

The processing of the above-mentioned personal data is carried out for the fulfillment of our contractual service obligations, which we provide to you with our mobile app.

The legal basis in the context of the provision of our service is Art. 6 (1) b) GDPR.

Duration of storage

The above data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case at the end of the third year after the termination of the contract, unless storage beyond this is provided for on the basis of regulations issued by the European or national legislator in Union law.

SaltEdge Limited is the controller for the processing of your data at SaltEdge. As a rule, you give SaltEdge consent to the collection, use and storage of your data.

Privacy policy

https://www.saltedge.com/pages/privacy_policy


12. Application at Vantik

Description and scope of data processing

We offer you the opportunity to apply for job vacancies and send us your application by email or post. The following data will be collected and stored:

  • Inventory data (e.g. first and last name, address)
  • Contact details (e.g. e-mail address, telephone number)
  • Application data (e.g. cover letter, CV, certificates and other supporting documents)

Purpose of data processing

Conducting the application process and finding suitable applicants.

Legal basis for data processing

The legal basis for this processing, including contacting us for queries, is generally Art. 6 (1)  b) GDPR in conjunction with. Section 26 (1) of the German Federal Data Protection Act (BDSG), in the sense of which the application process is considered to be the initiation of an employment contract.

Duration of storage

If an employment relationship is established after completion of the application process, the personal data provided may be processed further. Otherwise, we generally retain the data for six months. After that, the data is deleted or disposed of in accordance with data protection regulations.

13. Data security and links to third party websites

Your data is protected by Vantik through technical and organizational security measures to prevent accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures, such as data encryption, are regularly improved in line with technological developments. However, we point out that the transmission of your personal data via the Internet from you to the Platform or from the Platform to you (or to other users) may involve risks that are beyond our control. Our Platform may contain links to websites of other providers to which this Privacy Policy does not apply. Vantik did not find any illegal content on the directly linked pages at the time of linking. Vantik has no influence on the content of the linked sites and cannot monitor them on an ongoing basis. Therefore, Vantik assumes no liability for the contents of the linked pages that were changed after the link was set.


14. What rights do I have against Vantik in relation to data processing?

You have the right to request information about the processing of your personal data by us at any time. When you request information, we will explain the data processing to you and provide you with an overview of the data stored about you.

If any data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You can also request the deletion of your data. If deletion is exceptionally not possible due to other legal regulations, the data will be blocked so that it is only available for this legal purpose.

You can also have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability, i.e. that we will send you a digital copy of the personal data you have provided upon request.

To exercise your rights as described here, you may contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection.

In addition, you have the right to object to data processing based on Art. 6 (1)  e) or f) GDPR.

Finally, you have the right to complain to the data protection supervisory authority responsible for us. You can exercise this right at a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement. In Berlin, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

15. How can I prevent data processing by Vantik?

In accordance with Article 7 (2) GDPR, you have the right to revoke consent you have given us at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6 (1) f) GDPR, you have the right to object to the processing of your data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will also be implemented by us without giving reasons.

If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.

16. Changes to this privacy policy

Occasionally, we update this privacy statement, for example, when we adapt our website or when legal or regulatory requirements change. We therefore reserve the right to change this privacy policy.

The current version of the privacy policy is available on our website at any time.

Last update: February 15, 2021