Privacy Policy – Finance Network e.V.

Privacy Policy

1. Overview of Data Protection

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data with which you can be personally identified. For detailed information on data protection, please refer to our Privacy Policy set out below.

Data Collection on This Website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator, Finance Network e.V.. You can find the relevant contact details under “Note on the responsible entity” in this Privacy Policy.

How do we collect your data?

Your data is collected primarily when you provide it to us. This may, for example, include data you enter into a contact form or when you upload files through our application form.

Other data is collected automatically or upon your consent when you visit the website by our IT systems. This mainly consists of technical data (e.g. internet browser, operating system or the time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour.

Important for Applicants: If this website is used to initiate or enter into contracts (e.g. through our event application), the data submitted (including CVs) is processed not only for participant selection but explicitly for commercial transfer to our partners and sponsors for recruitment purposes.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or erasure of this data. If you have given your consent to data processing, you can revoke this consent at any time with future effect. Under certain circumstances, you also have the right to request that the processing of your personal data be restricted. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding any questions on the topic of data protection.

Analytics and Third-Party Tools

When visiting this website, your browsing behaviour can be statistically analysed. This primarily takes place using so-called analytics programmes.

You can find detailed information about these analytics programmes in the Privacy Policy below.

2. Hosting

We host our website content with the following provider:

Webflow

Our site is hosted and built with Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter “Webflow”). When you visit our website, Webflow collects various log files, including your IP address.

Webflow is a tool for creating and hosting websites. Webflow may store cookies or use other recognition technologies required for the display of the page, for providing certain website features, and to ensure the security of the website (so-called “necessary cookies”).

For further details, please refer to Webflow’s privacy policy: https://webflow.com/legal/eu-privacy-policy .

The use of Webflow is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. Where consent has been requested, data processing takes place solely on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG (insofar as the consent includes the storage of cookies or access to the user’s end device — e.g. device fingerprinting — within the meaning of TDDDG). Consent may be revoked at any time.

Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here: https://webflow.com/legal/eu-privacy-policy .

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an arrangement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please see: https://www.dataprivacyframework.gov/participant/6365 .

3. General Notes and Mandatory Information

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that the transmission of data over the internet (e.g. when communicating by email) may have security gaps. Complete protection of the data against access by third parties is not possible.

Note on the Responsible Entity

The controller (responsible entity) for data processing on this website is:

Finance Network e.V.
Mombacher Straße 68
55122 Mainz
Germany
Email: participants@finance-network.co

The responsible entity is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Storage Period

Unless a specific retention period has been stipulated within this Privacy Policy, your personal data remains with us until the purpose for processing it no longer applies. If you make a legitimate request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, erasure will occur once these grounds no longer apply.

General Information on the Legal Bases for Data Processing on This Website

Insofar as you have given consent to the processing of your personal data, we process your data on the basis of Art. 6(1)(a) GDPR and, where special categories of data (under Art. 9(1) GDPR) are processed, on the basis of Art. 9(2)(a) GDPR. In the case of explicit consent for transferring personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR. Where you have consented to the storage of cookies or the accessing of information on your device (e.g. via device fingerprinting), the data processing is additionally based on § 25(1) TDDDG. Consent may be withdrawn at any time. If your data is required for contract fulfilment or for pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if it is necessary for compliance with a legal obligation, we process your data on the basis of Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR. You can find information on the relevant legal bases in each specific case throughout this Privacy Policy.

Recipients of Personal Data

As part of our business activities, we work with various external entities. Crucially, for applicants to our events, data recipients include corporate partners and sponsors.

We transfer personal data to external entities if:

Revoking Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You may revoke consent that you have already provided at any time. The legality of the data processing carried out before your revocation remains unaffected by the revocation.

Right to Object to Data Collection in Specific Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT, AT ANY TIME, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR ANY PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ESTABLISH, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data which we process on the basis of your consent or in fulfilment of a contract delivered to yourself or a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Access, Rectification, and Erasure

Within the framework of the applicable legal provisions, you have the right at any time to obtain information, free of charge, about your stored personal data, its origin, its recipients, and the purpose of the data processing, and, where applicable, the right to rectification or erasure of this data. You can contact us at any time concerning this or any other issues relating to personal data.

Right to Restrict Processing

You have the right to request that the processing of your personal data be restricted. You can contact us at any time regarding this. The right to restrict processing applies in the following cases:

If you have restricted the processing of your personal data, such data — apart from being stored — may only be processed with your consent or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as any forms or enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the padlock icon in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our website uses so-called “cookies.” Cookies are small data packages and do not harm your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain on your end device until you delete them yourself or until they are automatically removed by your web browser.

Cookies can be placed by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies allow the integration of certain third-party services within websites (e.g. cookies for handling payment services).

Cookies have various functions. Many cookies are technically necessary as certain website functions would not work without them (e.g. shopping cart functions or video display). Other cookies can be used to analyse user behaviour or for advertising purposes.

Cookies that are required for electronic communication, for providing certain functions you have requested (e.g. for the shopping cart function) or for optimising the website (e.g. cookies to measure web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Where consent to the storage of cookies and comparable recognition technologies has been requested, processing takes place exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent may be revoked at any time.

You can set your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Which cookies and services are used on this website can be found in this Privacy Policy.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

This data is not merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and the optimisation of its website — for this purpose, the server log files must be recorded.

General Contact Enquiries

If you send us general enquiries via our contact form (e.g. questions about the schedule), the information you enter in the form, including the contact details you provide, will be stored by us for the purpose of processing the enquiry. We do not share this specific enquiry data without your consent.

Event Applications (Commercial Use & CV Distribution)

Important Distinction for Applicants: If you use our forms to apply for an event (e.g. the German Finance Dinner), you are entering into a contractual relationship governed by our Terms and Conditions (T&Cs).

Consent to Share and Sell Data: By submitting your application and accepting our T&Cs, you grant us express consent (Art. 6(1)(a) GDPR) to share, distribute, and sell your application data (including your CV, academic records, and contact details) to our partners, sponsors, and third-party networks for recruitment and commercial purposes.

No Further Consent Required: Therefore, regarding your application data, no separate consent is required for us to transfer your data to these third parties. The act of applying constitutes your consent to the commercial use and distribution of your data.

The data provided in the application form will be stored until you revoke your consent. Please note that revoking consent may result in the withdrawal of your application from the event selection process.

Requests by Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your request including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of dealing with your enquiry. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your enquiry is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; consent may be revoked at any time.

The data you send to us via contact enquiries remains with us until you request its erasure, revoke your consent for its storage, or the purpose for storing the data no longer applies (e.g. after completing your request). Mandatory statutory provisions — in particular statutory retention periods — remain unaffected.

5. Social Media

Instagram

This website incorporates functions of the Instagram service. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If the social media element is active, a direct connection is established between your end device and the Instagram server. Instagram is thus informed that you have visited this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to assign your visit to this website to your user account. We would like to point out that, as the provider of the site, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Where personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility only extends to the collection of the data and its forwarding to Facebook or Instagram. Any subsequent processing by Facebook or Instagram is not part of the joint responsibility. Our joint obligations have been set out in an agreement regarding joint processing. You can find the text of this agreement here: https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subjects’ rights (e.g. requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you assert the data subjects’ rights with us, we are obliged to forward them to Facebook.

Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum , https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381 .

For more information, please see Instagram’s Privacy Policy: https://privacycenter.instagram.com/policy/ .

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an arrangement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please see: https://www.dataprivacyframework.gov/participant/4452 .

6. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on this website, we require an email address from you, as well as information allowing us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter sign-up form is based solely on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example, by clicking the “Unsubscribe” link in the newsletter. The legality of any data processing operations that have already taken place remains unaffected by the revocation.

The data you have provided to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or once the purpose of the storage no longer applies. We reserve the right to remove or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.

Data that has been stored by us for other purposes remains unaffected.

After you have unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider on a blacklist, if necessary, to prevent future mailings. The data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage on the blacklist is indefinite. You can object to this storage if your interests outweigh our legitimate interest.

7. Plugins and Tools

YouTube

This website incorporates videos from YouTube. The operator of the site is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our web pages featuring a YouTube video, a connection to YouTube’s servers is established. This informs the YouTube server which of our pages you have visited.

YouTube may also store various cookies on your end device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can gather information about visitors to this website. This data is used, among other things, to compile video statistics, improve user experience, and prevent fraud attempts. Additionally, the data collected may be processed within the Google advertising network.

If you are logged into your YouTube account, YouTube can associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of presenting our online services in an attractive manner. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent has been requested, the processing takes place solely on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG if the consent includes the storage of cookies or access to the user’s end device (e.g. device fingerprinting) as defined by TDDDG. Consent may be revoked at any time.

For more information on how YouTube handles user data, please see YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=en .

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an arrangement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please see: https://www.dataprivacyframework.gov/participant/5780 .

Google Maps

This website uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to display map content on our website.

To use the features of Google Maps, your IP address must be stored. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is enabled, Google may use Google Fonts for uniform font display. When you call up Google Maps, your browser loads the required web fonts into its browser cache to display text and fonts correctly.

The use of Google Maps is in the interest of providing an attractive online offering and facilitating the easy location of the places indicated on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent has been requested, processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TDDDG if the consent includes the storage of cookies or access to user information (e.g. device fingerprinting) within the meaning of TDDDG. Consent may be revoked at any time.

Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .

For more information on how Google handles user data, please see Google’s Privacy Policy: https://policies.google.com/privacy?hl=en .

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an arrangement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. More information is available here: https://www.dataprivacyframework.gov/participant/5780 .

8. Own Services

OneDrive / Google Drive

We may integrate OneDrive or Google Drive on this website to provide an upload area for users. OneDrive is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, and Google Drive is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you upload content, it is stored on the servers of these respective services. When you enter our website, a connection to these services may be established, indicating that you have visited our site.

The use of these services is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in providing a reliable upload area on its website. Where consent has been requested, processing is based solely on Art. 6(1)(a) GDPR; consent may be revoked at any time.

Both Microsoft and Google are certified under the “EU-US Data Privacy Framework” (DPF). This arrangement ensures compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. More information is available via: