The controller is Frank Thelen Capital GmbH, Joseph-Schumpeter-Allee 25, 53227 Bonn, registered at the commercial register of the local court (Amtsgericht) Bonn under HRB 18448, represented by the managing director Frank Thelen (“we/us/our”) who offers the website frank.io as well as related services (“Website”).
For any questions about data protection you may contact us via firstname.lastname@example.org.
Frank Thelen Capital GmbH,
Joseph-Schumpeter-Allee 25, 53227 Bonn, registered at the commercial register of the local court (Amtsgericht) Bonn under HRB 18448, represented by the managing director Frank Thelen
Purpose and Legal Basis of Processing Data; Provision and Recipients of Data
The data will be processed for fraud prevention as well as for advertising and quality assurance purposes in order to ensure continuous technical correctness and improvement of the Website.
ApplApplicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).
When processing data according to Art. 6 (1) f. GDPR we or our engaged third party providers pursue the legitimate interests of marketing, quality assurance and fraud prevention.
We as well as our external service partners receive your data for processing those for the purpose of providing our Website and for hosting quality assurance and marketing purposes. You provide data if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face legal disadvantages, for example, limited or no possibility of using our Website.
Transfer of Data outside of the EU
In course of data processing by us data may be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third party providers such as cloud services and external service partners which process data on our behalf.
Deletion of Data
The data are deleted if such data are no longer necessary for the purpose of processing.
You have the right to withdraw your consent relating to the use of data any time with effect for the future when such data processing is based in your consent.
You have the right to object to the processing of our data (for example for direct marketing purposes) at any time.
You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect.
You are entitled to request the erasure of your data.
You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.
You have also the right to lodge a complaint with a supervisory authority at your choice. An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
We have implemented sufficient measures to ensure data and IT security. The Website is operated through a safe TLS-connection. If an TLS-connection is activated third parties are prevented from reading any data that are transferred by you to us.
More Detailed Information
- What are Personal Data?
- How are my Data processed when visiting the Website and you contacting us? Does automated decision making (including “Profiling”) take place?
- What service and Third Party Services (Cookies, Analytics) does the Website use?
- Are my Data transferred to Third Parties?
- Are my Data transferred outside the EU?
- Your Rights: Right to access, object, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint
1. What are Personal Data?
Personal data are any information relating to an identified or identifiable natural person. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed.
We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing.
2. How are my Data processed when visiting the Website and you contacting us? Does automated decision making (including “Profiling”) take place?
Visiting the Website
If you browse our Website (frank.io) the provider of the website collects and stores information automatically in so-called “server-log-files” that your browser transfers to us. These are:
name of the retrieved website/file (URL), date and time of retrieval, transferred data volume, notification of successful retrieval (HTTP status), browser type and version, the user's operating system, referrer URL (previously visited page), the browser’s user agent, (anonymized) IP address and the requesting provider.
We use these data only for statistical analysis for the purpose of operation, security and optimization of our Website. If such data are considered personal data such processing is based on Art. 6 (1) c. or f. GDPR or TMG and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.
When contacting us via email, the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based (on the legal basis of Art. 6 (1) a. GDPR) or for pursuing your request (based on Art. 6 (1) b. GDPR).
Automated Decision Making (including “Profiling”)
In general we do not process any data via “profiling” or in form of automated decision making via the Website. However, such automated decision making including profiling may happen by third party providers through the Website. We will inform you about such fact if possible.
Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips. The data subject shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him or her in a similar manner. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is admissible under Union or Member State law to which the data controller is subject and where such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) is taken with the data subject's express consent. In such exceptional cases, the person responsible shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data subject, to state his own position and to challenge the decision.
3. What services and Third Party Services (Cookies, Analytics) does the Website use?
In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”) containing information to identify returning visitors for the time of their visit to our Website. Cookies are usually saved on your device and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.
The processing of data when using Cookies is based on our legitimate interests of a statistical analysis of the User relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.
We use Google Analytics a web analytics tool offered by Google LLC, Mountain View, CA, USA (“Google“). This analysis service uses so-called “cookies”. For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this Website to analyze your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.
We point out that an automated decision making (including "profiling") (see also above) can take place when integrating Google and an existing Google account.
Google Tag Manager
We use the “Google Tag Manager” service by Google LLC, Mountain View, CA, USA, to manage website tags and to evaluate the use of the Website. The Google Tag Manager is a cookie-free domain that does not collect any personal data. The tool triggers other tags, which in turn may collect data. The Google Tag Manager does not access this data.
If deactivated at the domain or cookie level (see above), this will remain valid for all tracking tags implemented with Google Tag Manager.
We point out that an automated decision making (including “profiling”) (see also above) can take place when integrating Google or an existing Google account.
You can also find more information here: services.google.com/sitestats/en.html
Our Website uses the “Google Fonts” service of Google LLC, Mountain View, CA, USA to integrate and display text on the Website. Insofar as personal data are processed, this is done on the legal basis of Art. 6 (1) f. GDPR or TMG, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of quality assurance or statistical analysis of user behaviour are pursued.
We point out that an automated decision making (including “profiling”) (see also above) can take place when integrating Google and an existing Google account.
Our Website uses the “Instagram Embedding” service of Instagram LLC, 1601 Willow Rd Menlo Park CA 94025, USA (or Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland) for the integration of content (such as videos and images) on the Website. Insofar as personal data are processed, this is done on the legal basis of Art. 6 (1) f. GDPR or TMG, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of quality assurance or statistical analysis of user behaviour are pursued.
For an existing Instagram account, profiling (see also above) can take place.
OPT-OUT: You can influence the data processing by the settings of your account: https://help.instagram.com/116024195217477/?helpref=hc_fnav&bc=368390626577968&bc=285881641526716
4. Are my Data transferred to Third Parties?
We work together with external service providers who support us in the execution of the steps necessary for the processing of our offer online or offline. In principle, we only transfer personal data to third parties to the extent permitted by law (e.g. for the processing for offering our Website on Art. 6 (1) b. GDPR) or you give your consent (Art. 6 (1) a. DSGVO) or instruct us to do so. For more information, please contact email@example.com.
5. Are my Data transferred outside the EU?
When using our Website your data may be transferred to countries outside the EU because of the use of third party providers.
This applies for the services by Google, Instagram as well as services behind links on the Website (such as Facebook, Instagram and Twitter). The US companies providing the services of Google and Instagram are each certified under EU-US-Privacy-Shield and comply with data protection standards applicable in the EU. For more information please refer to https://www.privacyshield.gov/.
In data are transferred outside the EU via the integration of the service of Cloudflare Inc, Townsend St, San Francisco, CA 94107, USA, for the purpose of integrating content on the website (Content Delivery Network) (legal basis: Art. 6 (1) b. or f. GDPR with our legitimate interest in the proper presentation of the Website). Cloudflare is certified according to the EU-US-Privacy-Shield agreement and thus guarantees compliance with data protection regulations in the EU (see: https://www.privacyshield.gov/). More information about Cloudflare can be found here: https://www.cloudflare.com/privacyshield/ or https://www.cloudflare.com/security-policy/.
For more information please refer to firstname.lastname@example.org.
6. Your Rights: Right to access, object, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint
In accordance with the statutory provisions, you as the data subject have the right to access and receive information about your data processed by us free of charge at any time.
In addition, you can assert your rights to correction, deletion or restriction of the processing or the right of objection against us at any time. This also applies to a right to data portability.
You may object to the processing of your personal data if your personal data is used for direct marketing and/or if data is collected on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR and as far as there are reasons for a contradiction, which result from your special situation.
If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future.
To exercise your rights, you can contact us via email to email@example.com.
You have and each user has a right to lodge a complaint vis-á-vis a supervisory authority of his/her choice (e.g. for North Rhein Westphalia (NRW): https://www.ldi.nrw.de/metanavi_Kontakt/index.php). The supervisory authorities in Germany are the competent (data protection) authorities under the respective laws of the federal states.
An overview of the European National Data Protection Authorities may be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Duration of the storage of personal data; deletion periods
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. The data processed by us according to “Visiting the Website” above are stored for 7 days.
In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)).
Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.
The Website is operated through a safe TLS-connection. If an TLS-connection is activated third parties are prevented from reading any data that are transferred by you to us.
We have installed technical and organizational measures in order to safeguard our Website against loss, destruction, access, changes or the distribution of your data by unauthorized persons.
For any inquiries and additional questions about processing personal data please contact firstname.lastname@example.org.
Further details may be found here: https://frank.io/en/contact/