Privacy Policy

In our User Privacy Notice we have compiled all essential information about our handling of your personal data and your corresponding rights for you.

This User Privacy Notice is effective from 30. January, 2023

1. Scope and updates of this User Privacy Notice

This User Privacy Notice applies to the use of the getfondo.com websites and all websites connected to them, as well as all applications, services, products and tools of getfondo.com (collectively the "Services"), regardless of how you access or use these Services, including access via mobile devices.

We may change this User Privacy Notice at any time by posting the revised version here and indicating the effective date of the revised User Privacy Notice. You will be notified of any material changes to this User Privacy Notice by email if you have registered a user account with us.

2. What personal data we collect and process

We collect your personal data when you use our Services, create a new getfondo.com account, provide us with information, add or update information in your getfondo.com account, participate in online community discussions or otherwise interact with us. 

In total, we collect the following personal data:

2.1 Personal data you provide when using our Services or creating a getfondo.com account:

- Data that identifies you, such as your name, address, telephone numbers, email addresses, your user name, profile picture or your tax identification number that you provide when setting up your getfondo.com account or at a later date.

- Other content that you generate or that relates to your account

You may provide us with additional information by updating or adding information to your getfondo.com account, by participating in community discussions, member chats, inquiries, customer service calls recorded with your consent, or if you contact us for any other reason regarding our Services.

Other data that we are required or entitled by applicable law to collect and process and that we need for your authentication or identification, or for the verification of the data we collect.

2.2 Personal data we collect automatically when you use our Services or create a getfondo.com account

Computer and connection information, such as statistics regarding your use of our Services, information on data traffic to and from websites, referral URL, information on advertisements, your IP address, your access times, your browser history data, your language settings and your weblog information.

2.3 Personal data we collect in connection with the use of cookies and similar technologies

We use cookies, web beacons and similar technologies to collect data while you use our Services. We collect this data from the devices (including mobile devices) that you use our Services with. The data collected includes the following usage- and device-related information:
- Data about the pages you visit, the access time, frequency and duration of visits, the links on which you click and other actions you take as part of your use of our Services and in advertising and email content.
- Location data, including your general location data (e.g., region based on your IP address) and the precise location data of your mobile device. Please note that most mobile devices allow you to manage or disable the use of location services for all applications in the settings menu.
- For more information about our use of these technologies and your choices, see '7 Cookies & similar technologies'.

2.4 Social network data you share with us

We allow you to share data with social networks or use social networks or similar service providers with whom you already have an account to create a getfondo.com account or to link your getfondo.com account to your social network account or account at a similar service provider (e.g. Facebook and Google). These social networks and similar service providers may automatically grant us access to certain personal data about you that is stored there (e.g., content you have viewed or like, information about the advertisements you have viewed or clicked on, etc.). You can control the personal data we can access by using the privacy settings of the social network or similar service provider.

We use social media links to various social networks. With the help of these links you can, among other things, share content or recommend products to others. The social media links are integrated in a way that no personal data can be collected by the social networks when the page is accessed. Only when the user clicks on a social media link, a connection to the respective social network is established. For the purpose and scope of the data collection and the further processing and use of data by social networks as well as your rights and setting options for the protection of your privacy, please refer to the data protection information of the respective networks or websites. You will find the links below.

On our websites we have included social media links to the following social networks: 

- Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). Link to the Facebook Privacy Notice: https://www.facebook.com/about/privacy

- Twitter (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA). Link to the Twitter Privacy Notice: https://twitter.com/privacy

- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. Irland). Link to the YouTube Privacy Notice: https://policies.google.com/privacy?hl=en-en

3. Purposes and legal basis for data processing and categories of recipients

We process your personal data for various purposes and based on several different legal bases that allow this processing. For example, we process your personal data to provide and improve our Services, to provide you with a personalized user experience on this website, to contact you about your getfondo.com account and our Services, to provide customer service, to provide you with personalized advertising and marketing communications, and to detect, prevent, mitigate and investigate fraudulent or illegal activity. We also share your information with third parties (including service providers acting on our behalf) and other members of our company group for these purposes pursuant to section 5.6 of this User Privacy Notice.

Below you will find a summary of the purposes for which we process your personal data, including the categories of recipients to whom we transmit personal data for the purposes stated, sorted by our legal basis for this processing:

3.1 We process your personal data in order to fulfil our contract with you and to provide you with our Services (Article 6(1) (b) GDPR). This includes the following purposes:
Processing of data relating to you or your company for the purpose of entering into a contract with you and executing it.
Solution of problems with your getfondo.com account, enforcing fee claims and providing other customer support services.
Enforcement of our General Terms and Conditions and this User Privacy Notice and other rules and policies.

3.2 We process your personal data in order to comply with legal obligations to which we are subject (Article 6(1) (c) GDPR). This includes the following purposes:
Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or government agencies, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
Prevention, detection and mitigation of illegal activities (e.g. fraud, money laundering and terrorist financing).

Complying with information requests from third parties based on any statutory information rights they have against us (e.g. in the event of an intellectual property infringement, product piracy or other unlawful activity).
Ensuring the information security of our Services.

Retention and storage of your personal data to comply with specific legal retention requirements (for more information on getfondo.com’s storage of your data, see '5. Storage duration and erasure').
Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:
Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies
Third parties based on statutory information claims against us
Third party service providers and financial institution partners

Third parties who are involved in judicial proceedings, in particular, if they submit a legal order, court order or equivalent legal order to us
Credit agencies, bureaus, or associations, if required by applicable law (e.g. information on payment delays, payment defaults or other irregularities that may be relevant to your credit report).

3.3 We process your personal data in order to protect your vital interests or the vital interests of another natural person (Art. 6(1) (d) GDPR). This includes the following purposes:
Prevention, detection, mitigation and investigation of unlawful activities that may result in impairment of your vital interests or the vital interests of another natural person, unless there is a statutory obligation to this effect.
Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:
Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies
Third parties who are involved in judicial proceedings
External service providers

3.4 We process your personal data where necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6(1) (f) GDPR), except where such interests are overridden by your interests or fundamental rights and freedoms. In order to reconcile our legitimate interests with your rights, we have introduced appropriate control mechanisms. On this basis, we process your data for the following purposes:

- Participation in proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation to this effect, and we may legitimately assume that the disclosure of the data is necessary to avert imminent disadvantages or to report a suspicion of an illegal act. In such cases, we will only disclose what we believe is necessary, such as your name, city, zip code, telephone number, email address, (previous) user names, IP address, fraud complaints and ad content.

- Protection of the legitimate interests of third parties in connection with civil law disputes, unless there is a statutory obligation to this effect, if we may legitimately assume that it is necessary to disclose the data to such third parties in order to avert imminent disadvantages.

- Prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (e.g. through the use of the telephone number stored in your getfondo.com account for two-factor authentication), unless there is a statutory obligation to this effect.

- Monitoring and improvement of the information security of our Services, unless there is a statutory obligation to this effect.
Performance of identity checks, evaluation of applications and comparison of information for accuracy and verification purposes.

- Automatic filtering and, where necessary, manual review of messages sent through our messaging tools to prevent fraudulent or suspicious activity or violations of our General Terms and Conditions or other rules and policies, as further explained below under Filtering of messages sent via our messaging tools (see '9. Other important information regarding data protection').
Provision of functions for users that make the processing of transactions easier or more convenient.

- Analysis and improvement of our Services, e.g. by reviewing information from users about blocked or crashed pages in order to identify and solve problems and to thereby provide you with an improved user experience.

- To the extent permitted by applicable law without your consent, communications with you via electronic mail (e.g. email) or telephone to offer you vouchers, discounts and special offers, to conduct opinion polls and surveys, and to inform you about our Services. If you do not wish to receive marketing communications from us, you can unsubscribe by clicking on the link in the email you received. For technical reasons, the implementation may take a few days.

- Customization of page content to display the ads and services you may like based on the actions you take.

- Evaluation of the quality and success of our email marketing campaigns (e.g. through analysis of opening and click rates).

- Information about your right to object to processing based on our legitimate interests can be found below under '6. Rights as a data subject' and, with regard to the use of cookies and similar technologies, below under '7. Cookies & similar technologies'.

3.5 With your consent (Art. 6(1) (a) GDPR), we process your personal data for the following purposes:

- Personalization, measurement and improvement of our advertisements.

- Analysis of user behaviour to improve our Services with the help of our own tools as well as tools from third-party providers, also in the context of product development, insofar as the data processing for these purposes is not based on another legal basis (in particular legitimate interests).

- You can find information about your right to withdraw your consent below under '6. Rights as a data subject' and information with regard to the use of cookies and similar technologies below under '9. Cookies & similar technologies'.

Without your consent, we will not pass on your personal data to third parties for their marketing or advertising purposes, nor will we sell or otherwise make it available to third parties for a fee.

4. Data transfers (from the European Economic Area to third countries)

We will only transfer your personal data from the European Economic Area (EEA) to third countries, i.e. countries outside the EEA, on the basis of appropriate safeguards. Third countries providing an adequate level of data protection according to the European Commission currently include Andorra, Argentina, Canada (for companies covered by the Personal Information Protection and Electronic Documents Act), Switzerland, the Faroe Islands, Guernsey, the State of Israel, the Isle of Man, Japan, Jersey, New Zealand, Uruguay and the United Kingdom.

In other cases, getfondo.com provides the necessary safeguards, e.g. through the conclusion of data protection contracts adopted by the European Commission (e.g. standard data protection clauses) with the recipients, or through other measures provided for by law. A copy of the documentation of the measures taken by us is available on request.

5. Storage duration and erasure

Your personal data will be stored by us and our service providers in accordance with applicable data protection laws to the extent necessary for the processing purposes set out in this User Privacy Notice (see '3. Purposes and legal basis for data processing and categories of recipients' for more information on the processing purposes). Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for legal compliance, tax, accounting or auditing purposes). In Europe, the retention periods are generally between 6 and 10 years (e.g. for contracts, notifications and business letters). As far as legally permissible or required, we restrict the processing of your data instead of deleting it (e.g. by restricting access to it). This applies in particular to cases where we may still need the data for the execution of the contract or for the assertion of or defense against legal claims, or where such retention is otherwise required or permitted by law. In these cases, the duration of the restriction of processing depends on the respective statutory limitation or retention periods. The data will be deleted after the relevant limitation or retention periods have expired.

The specific retention periods for personal data are documented in our regional data retention guidelines. How long we retain personal data may vary depending on the Services we provide and our legal obligations under applicable national law. The following factors typically affect the retention period:
Necessity for the provision of our Services This includes such things as executing the contract with you, maintaining and improving the performance of our products and keeping our systems secure. Most of our retention periods are determined on the basis of this general rule.

Consent-based processing of personal data If we process personal data on the basis of consent (including consent to the extended storage), we store the data for as long as necessary in order to process it according to your consent.
Statutory, contractual or other similar obligations Corresponding storage obligations may arise, for example, from laws or official orders. It may also be necessary to store personal data with regard to pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.

6. Rights as a data subject

Subject to possible restrictions under national law, as a data subject, you have the right to access, rectification, erasure, restriction of processing and data portability with regard to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data on the basis of our legitimate interests. You can also lodge a complaint with a supervisory authority.
Our competent Data Protection Supervisory Authority is:
Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg (Brandenburg Federal State Commissioner for Data Protection and for the Right to Access Records) Stahnsdorfer Damm 77, 14532 Kleinmachnow, Germany, http://www.lda.brandenburg.de

Your rights in detail:

- You can withdraw your consent to the processing of your personal data by us at any time. As a result, we may no longer process your personal data based on this consent in the future. The withdrawal of consent has no effect on the lawfulness of processing based on consent before its withdrawal.
- You have the right to obtain access to your personal data that is being processed by us. In particular, you may request information on the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information as to the personal data’s source (where they are not collected from you), the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details. Your right to access may be limited by national law.

-You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

- You have the right to obtain from us the erasure of personal data concerning you, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. The right to erasure may be limited by national law.

- You have the right to obtain from us restriction of processing to the extent that the accuracy of the data is disputed by you, the processing is unlawful, but you oppose the erasure of the personal data, we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing.

- You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller ("right to data portability").

If your personal data is processed on the basis of our legitimate interests, you have the right to object to the processing of your personal data on grounds relating to your particular situation. This also applies to profiling. If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

The exercise of the above data subjects’ rights (e.g. right to access or erasure) is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge an appropriate fee (at most our actual costs) in accordance with the applicable statutory regulations or refuse to process the application.

Exercising your rights and managing your settings
You can exercise your rights as a data subject via email.

7. Cookies & similar technologies

When you use our Services, we and selected third parties may use cookies and similar technologies to provide you with a better, faster and safer user experience or to show you personalized advertising. Cookies are small text files that are automatically created by your browser and stored on your device when you use the Services. You can find detailed information about our use of cookies and similar technologies and your choices in our User Cookie Notice.

Our cookies and similar technologies have different functions:

- They may be technically necessary for the provision of our Services

- They help us optimize our Services technically (e.g. monitoring of error messages and loading times)

- They help us improve your user experience (e.g. save font size and form data entered)

We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies). Where possible, we take appropriate security measures to prevent unauthorized access to our cookies and similar technologies. A unique ID ensures that only we and/or selected third parties have access to cookie data.

Your choices regarding cookies

You are free to disable the use of cookies and similar technologies if this is supported by your device. You can manage your cookie settings in your browser or device settings. In addition, you can decide whether we may use cookies and similar technologies to show you personalized advertisements and analyse your usage behaviour:

Users can use the Privacy Settings to determine to what extent they consent to the processing of their personal data for analytics and advertising purposes via cookies (and similar technologies).

You can find information about third-party cookies (and similar technologies) related to advertising and how to prevent their use on the following websites:

- http://www.youronlinechoices.eu 

- http://www.aboutads.info/choices 

- http://www.networkadvertising.org/choices 

If you decide not to have your personal data processed by us for advertising purposes via cookies (and similar technologies), this does not mean that we will not show you advertisements. It simply means that these advertisements will not be personalized for you using first-party or third-party cookies, web beacons, or similar technologies; but personal data may still be collected, as described in this User Privacy Notice.

8. Data security

We protect your personal data through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access and unauthorized disclosure and alteration. To this end we use firewalls and data encryption, for example, as well as physical access restrictions for our data centers and authorization controls for data access.

9. Other important information regarding data protection

This section contains important additional information about the protection of personal data in connection with the use of our Services, including whether you are required to provide personal data.
What happens when you share your personal data on our sites or applications?

You may only use the personal data that you have access to for getfondo.com transaction-related purposes, and for purposes expressly consented by the user to whom the data relates. Using personal data of other users that you have access to for any other purpose, such as adding them to a mailing list without their express consent, constitutes a violation of our General Term and Conditions.
Personal data relating to third parties

If you provide us with personal data relating to another person, you must obtain the consent of this person or the disclosure of the data to us must be otherwise legally permissible. You must inform the other person of how we process personal data in accordance with our User Privacy Notice.

Are you obliged to provide your personal data to us?
Some of the personal data that you provide to us (e.g. data by which we can identify you) are required to enter into the contract with you. Although the provision of any other personal data is voluntary, it may be necessary for the use of our Services, such as item details and contact information when posting an ad.

Children's Privacy

Our services are not intended for the use by children. We do not knowingly collect personal data from users who are considered children under applicable national laws. Under our General Terms and Conditions, children are not permitted to use our Services.

If you attempt to change your password or your user name, update any other account information or attempt other account activity beyond those listed above, you may be required to enter your password.

You can typically end your signed in session by either signing out and/or clearing your cookies. If you have certain browser privacy settings enabled, simply closing your browser may also end your signed in session. If you are using a public or shared computer, you should sign out and/or clear your cookies when you are done using our Services to protect your getfondo.com account and your personal data.