DEBTVISION GmbH, Pariser Platz 7, 70173 Stuttgart (hereinafter “we”) operates the electronic platform “DEBTVISION” (hereinafter the “Platform” and available via https://ufp.debtvision.de/), which assists arranging banks, capital borrowers and professional capital lenders (hereinafter our “Customers“) in distributing Schuldschein loans and registered bonds, as well as during the term of such financing products. Via our website www.debtvision.de (hereinafter the “Website“), we offer all visitors to our website (hereinafter “Visitors“) information about our products and services and enable them to contact us. Furthermore, our customers can register or have themselves registered for our platform by authorized representatives (hereinafter “Users“) and subsequently act on it through the users.

We only use any personal data of our visitors and users in accordance with the applicable data protection regulations, in particular the requirements of the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (BDSG).

Due to rapid technical developments, we will have to make adjustments to our privacy policy from time to time. You will always find the current version of the privacy policy on this page. All changes to the privacy policy only apply to future use. We will not change the guidelines retroactively, unless this is required by law.

 

1. The controller for the processing of personal data within the meaning of GDPR

DEBTVISION GmbH
Pariser Platz 7
70173 Stuttgart
Germany
Phone: +49 711 127 73400
Website: www.debtvision.de
E-mail: service@debtvision.de

 

2. Data protection officer

Data Protection Officer at
DEBTVISION GmbH
Am Hauptbahnhof 2
70173 Stuttgart
Phone: +49 711 127 0
E-mail: datenschutz@lbbw.de

 

3. Collection and processing of your personal data

3.1 When visiting the Website

a. When accessing the Website, Visitors automatically send information to the provider of our Website. This information is temporarily stored in a so-called log file. The following data is recorded:

• Date and time of access
• IP address of the device (anonymized)
• data volume transmitted
• Information about the type of browser and the version used
• Operating system of the User
• Name of the Internet service provider
• Website from which the user’s system accessed our website (referrer URL)
• Use of functions of the Website

We store the log files for security reasons, in particular to prevent and detect attacks on our websites or attempted fraud.

This data is not stored together with other personal data of the User.

With regard to the cookies used, please refer to the information we have provided for you below.

 

b. We only store other personal data if you provide us with this data, e.g. as part of a registration, a contact form, a survey or for the performance of a contract. Even in these cases, we only store your personal data to the extent that we are permitted to do so on the basis of your consent or in accordance with the applicable legal provisions (further information on this can be found below in the section “Legal basis of processing”).

 

c.You are neither legally nor contractually obliged to provide us with your personal data. However, it is possible that certain functions of our Websites depend on the provision of personal data. If you do not provide your personal data in these cases, this may result in functions not being available or only being available to a limited extent.

 

3.2 When registering on the Platform as a capital lender

In order to use our Platform and access our services and content, customers must define persons from their company who will receive personalized access to our Platform. This registration can be initiated on our Website.
As part of the registration process, the following personal data must be entered as mandatory fields in an input mask:

• Personal data: salutation, first name, last name and position of the contact person
• Business communication data: E-mail, telephone, mobile number
• Company name
• Business address data

In addition, further company-related data (e.g. full company name and address) is requested as part of the registration process.
This data is stored by us to fulfill the provision of services and use of the Platform as part of the contractual relationship with a Customer.

As a registered User of our Platform, you have the option of canceling your registration for the future at any time at service@debtvision.de.

 

3.3 When registering on the Platform as a capital borrower

In order to use our Platform and access our services and content, corporate customers acting as capital borrowers must also define persons from their company who will receive personalized access to our Platform. The request for registration can be submitted via our registration form on the website, whereupon we will contact you. When using this contact option, the data entered in the input mask is forwarded via our provider by e-mail with SSL encryption. The data forwarded from the input mask is:

• Salutation, first and last name and position of the User
• Business communication data: E-mail, telephone, mobile number
• Company name
• Business address data
• Content of the message

In addition, the following data is collected and stored when the message is sent:

• the date and time the message was sent
• the IP address of the User

In addition, further company-related data (e.g. full company name and address) is requested when contact is made.
This data is stored by us to fulfill the provision of services and use of the Platform as part of the contractual relationship with a Customer.

As a registered User of our Platform, you have the option of canceling your registration for the future at any time at service@debtvision.de.

 

3.4 When registering on the platform as an arranging bank

In order to use our Platform and access our services and content, arranging banks must also define persons from their company who will receive personalized access to our platform. The request for registration can be submitted via our contact form on the Website or by sending an e-mail to service@debtvision.de, whereupon we will get in touch with you. When using the contact option on our Website, the data entered in the input mask is forwarded via our provider by e-mail with SSL encryption. The data forwarded from the input mask is:

• First and last name
• Company name
• Business e-mail address
• Content of the message

In addition, the following data is collected and stored when the message is sent:

• the date and time the message was sent
• the IP address of the User

In addition, further company-related data (e.g. full company name, address and telephone number) are requested when contact is made.
This data is stored by us to fulfill the provision of services and use of the Platform as part of the contractual relationship with a Customer.

As a registered User of our Platform, you have the option of canceling your registration for the future at any time at service@debtvision.de.

 

3.5 When using the platform as a registered User of a Customer

Each time a page of the Platform is accessed and each time a file is retrieved, general data about this process is automatically stored in a log file together with the pseudonymized user ID. These are:

• the activities on the Platform (including the creation and modification of deal-related data, the submission of orders or the download and upload of documents)
• the name of the retrieved file
• the date and time of the retrieval
• the data wolume transferred
• a message whether the retrieval was successful
• a description of the type of web browser used
• the operating system used

In addition, every time a file is downloaded that is password-protected or has a confirmation text, further information about this process is stored in addition to the file itself. These are:

• Name of the User who downloaded the file as well as
• Name of the User, i.e. the company for which the User is acting

As a registered User of our Platform, you have the option of canceling your registration for the future at any time at service@debtvision.de.

For more detailed explanations on the objection, please refer to section 12 of this privacy policy.

Users should note that they will no longer be able to use the Platform once they have objected, even though they have been authorized to use the Platform by a user contract with a Customer.

 

4. Purposes of use

a. The personal data collected during a visit of our Website are used to operate the Website as comfortable as possible and to prevent our IT systems form cyber attacks and other illegal acts.

 

b. We only process the personal data of our Platform Users to the extent necessary for the content and services of the Platform. This includes, in particular, the further development and optimization of the Platform as well as the documentation of actions and activities in connection with transactions.

 

c. As­far as you provide us further personal data e.g. in the context ­of a registration, a contact form, a survey, or for the execution­ of a contract, we use­ this data for the purposes mentioned, for the purpose of customer management and – when necessary – for the purposes of processing and settling any business transactions, in each case to the extend necessary for this purpose.

 

5. Transfer of personal data to third parties, social media services

Our Website also contains links to third-party websites. If Visitors click on such links, certain data may be passed on to these third parties to the extent required. We have no influence on whether and how the third-party websites and services rocess the personal data of Visitors. The websites and services of third parties are not reviewed by us and we are not responsible for them or their privacy practices. Visitors should read the data protection notices of the third-party websites or services that they access via our Website.

When linking to the social media services of “XING” and “LinkedIn”, we use the so-called “Share button”. Below you will find information on what data is transmitted by them if you wish to share articles on our site via the “Share button”.

 

XING
Our website uses functions of the XING network. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
The “XING Share button” is used on this Website. When this Website is accessed, a short-term connection is established via the Visitor’s browser to servers of New Work SE (“XING”), with which the “XING Share Button” functions (in particular the calculation/display of the counter value) are provided. XING does not store any personal data of visitors who access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior through the use of cookies in connection with the “XING Share Button”. The current data protection information on the “XING Share Button” and additional information can be found on this website:

https://privacy.xing.com/de

 

LinkedIn
Our Website continues to use the “share function” of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
If Visitors click on the LinkedIn button on one of our pages to share a message, they will be redirected to their user account in a separate browser window – provided they are logged into their LinkedIn user account – and can share the electronic publication stored on our Website by adding a comment.

When accessing LinkedIn, the IP address assigned to the visitor’s device is transmitted to LinkedIn. LinkedIn also stores information about the devices of its users; LinkedIn is, if required, able to assign IP addresses to individual users. If Visitors are currently logged in to LinkedIn, a cookie with your LinkedIn ID is stored on your device. This enables LinkedIn to track that you have visited this page and how you have used it.

If Visitors want to avoid this, they should log out of LinkedIn or deactivate the “stay logged in” function. Visitors can also delete the cookies on their device and close and restart their browser. In this way, LinkedIn information through which their account can be directly associated with the visit to our Website is deleted.

We must point out to Visitors that we otherwise have no knowledge of the content of the transmitted (personal) data or its use by LinkedIn. Further information on this can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

 

We offer the links to the above-mentioned social media services, including the possibility to share content on them, on the basis of Art. 6 (1) point f GDPR. Our legitimate interest lies in making our Platform better known. The underlying promotional purpose is to be considered a legitimate interest within the meaning of the GDPR.

Visitors who click on the link do so voluntarily and therefore give their consent to the above-mentioned data processing in accordance with Art. 6 (1) point a GDPR.

 

6. Disclosure of personal data when using the Platform

Selected activities of a User on the Platform can also be viewed by parties involved in the transaction in the user functions of “Origination”, “Syndicate”, “Backoffice”, “Sales” and “Borrower”. These are activities on the Platform whose transparency facilitates or enables the management of the transaction or which are required for the proof of legally effective actions. These are:

For managing the transaction in general (user functions “Origination”, “Syndicate”, “Back office”, “Sales” and “Borrower”):

• Name and job title of the User,
• E-mail address and telephone number of the User,
• Authorizations of the User and
• Timestamp of the user’s last activity.

In the context of direct communication via the Platform (user functions “Origination”, “Syndicate”, “Backoffice”, “Sales” and “Borrower”):

• Name of the User,
• Message content and
• Date and time the message was sent.

When an order is submitted (user functions “Syndicate”, “Sales”, “Backoffice”, “Origination” and “Borrower”):

• Name of the User and e-mail address who entered, modified, deleted or released the order on the Platform,
• as well as the date and time of the respective order processing.

In the context of transaction processing (user functions “Syndicate”, “Sales”, “Backoffice”, “Origination” and “Borrower”):

• Name and e-mail address of the users designated by the user as contact persons for transaction processing.

Beyond that, we do not disclose any data to third parties, in particular Users not involved in the respective transaction, unless the User has expressly given their consent. This does not include the disclosure of data due to legal provisions.

If we involve external service providers in the context of processing personal data, this is done exclusively in compliance with the data protection provisions of commissioned data processing in accordance with the GDPR. We ensure that we only work with processors that provide sufficient guarantees that appropriate technical and organizational measures are implemented to ensure an adequate level of protection of the personal data of all Visitors and Users and their rights to your person.

 

7. Evaluation of usage data and use of analysis tools

7.1 When visiting the Website

We use the services of the analysis tool “Webalizer” for the statistical evaluation of Visitor access and exclusively to improve our offer.

The “Webalizer” tool only collects statistical data, such as the most frequently visited Website content, the most frequently used browsers and the countries from which the queries originate.

The “Webalizer” tool works in the version we use with the anonymization of IP addresses. The IP addresses are shortened by the last three digits before any use to analyze usage behavior, so that a personal reference can no longer be established and you as a User remain anonymous to us.

The anonymized data records are stored locally on the server and evaluated internally for statistical purposes only. This data will not be passed on to third parties at any time. The “Webalizer” tool does not use cookies.

You can object to the processing at any time for reasons arising from your particular situation. Please use the contact address above.

 

7.2 When using the Platform

We want to constantly improve the content of our Platform for you and tailor it to your interests. In order to recognize usage processes, we use Matomo, an open source software for the statistical evaluation of user access. The IP address is anonymized immediately after processing and before it is stored. The information generated about your use of the Platform is stored on our web servers in Germany.

In your profile you can deactivate data collection by Matomo. We will then note in your profile, that no data is collected by Matomo. This applies to all your devices that you use to access our Platform. In addition, a Matomo deactivation cookie is stored in your browser. You can find more information on data protection for the open source software Matomo at https://matomo.org/privacy-policy/.

 

8. Use of cookies on the Website and Platform

Cookies are small files that are stored on your desktop, notebook or mobile device by a website you visit. This allows us to recognize, for example, whether there has already been a connection between your device and our Website or Platform, or which language or other settings you prefer. Cookies may also contain personal data. When you use our Website and Platform, we will only use the necessary cookies to guarantee the functionality of our Website and Platform. These cookies are absolutely necessary for the operation of the site and Platform and enable, for example, security-relevant functionalities. Both the Website and the Platform cannot function properly without these cookies.

Below you will find an overview of the cookies used:

Website

1. _GRECAPTCHA (Technical name)
   • Provider: Google
   • Purpose: Verification of natural persons in contact forms
   • Expiry Date: 6 months
   • Domain: www.debtvision.de
2. pll_language (Technical name)
   • Provider: Debtvision
   • Purpose: Storage of language settings
   • Expiry Date: 1 Year
   • Domain: www.debtvision.de

Platform

1. KEYCLOAK_IDENTITY[_LEGACY] (Technical name)
   • Provider: Keycloak
   • Purpose: Identity of the logged-in user
   • Expiry Date: Session
   • Domain: ufp.debtvision.de
2. KEYCLOAK_SESSION[_LEGACY] (Technical name)
   • Provider: Keycloak
   • Purpose: Session of the logged in user
   • Expiry Date: 10 hours
   • Domain: ufp.debtvision.de
3. AUTH_SESSION_ID[_LEGACY] (Technical name)
   • Provider: Keycloak
   • Purpose: Session of the logged in user
   • Expiry Date: Session
   • Domain: ufp.debtvision.de
4. KEYCLOAK_LOCALE (Technical name)
   • Provider: Keycloak
   • Purpose: Locale for Keycloak
   • Expiry Date: Session
   • Domain: ufp.debtvision.de
5. mtm_consent_removed (Technical name)
   • Provider: Matomo
   • Purpose: Saves that a user does not wish to be tracked
   • Expiry Date: Never
   • Domain: ufp.debtvision.de

 

9. Safety

We always ensure a high level of security when we collect or process your data. DEBTVISION uses effective technical and organizational measures to ensure the security of your data. In this way, we protect your data against manipulation, loss, destruction or access by unauthorized persons. We are constantly improving our security measures and adapting them to the latest technological developments.

 

10. Legal basis of processing

a. If you have given us your consent to process your personal data, this constitutes the legal basis for the processing (Art. 6 (1) (a) GDPR).

b. The legal basis for the processing of personal data for the purpose of initiating or fulfilling a contract with you is Art. 6 (1) (b) GDPR.

c. Insofar as the processing of your personal data is necessary to fulfill our legal obligations (e.g. to store data), we are authorized to do so in accordance with Art. 6 (1) (c) GDPR.

d. We also process personal data for the purpose of safeguarding our legitimate interests and the legitimate interests of third parties in accordance with Art. 6 (1) (f) GDPR. The maintenance of the functionality of our IT systems, the marketing of our own and third-party products and services and the legally required documentation of business contacts are such legitimate interests. As part of the necessary balancing of interests, we take into account in particular the type of personal data, the purpose of processing, the circumstances of processing and your interest in the confidentiality of your personal data.

 

11. Deletion of your personal data

We delete your personal data from the use of the Website and Platform as soon as the purpose for which we collected and processed the data­ no longer applies. Data will only be stored beyond this time if this is necessary in accordance with the laws, regulations or other legal provisions to which we ­are subject in the EU or in accordance with legal provisions in third countries if an appropriate level of data protection is provided there. If deletion is not possible in individual­ cases, the corresponding personal data is marked with the aim of restricting its future processing.

 

12. Rights of data subjects

a. Rights of data subjects pursuant to Art. 15 – 20 GDPR

You have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. The restrictions under § 34 and § 35 BDSG apply to the right to information and the request for erasure. In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR in conjunction with § 19 BDSG. The data protection supervisory authority responsible for DEBTVISION is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.

 

b. Right of withdrawal pursuant to Art. 7 (3) GDPR

If you have consented to the processing of your personal data by us, you have the right to withdraw your consent at any time. The legality of the processing of your personal data up to the point of revocation is not affected by the revocation. ­Further processing of this data on the basis of another legal basis, for example to fulfill legal obligations (see section “Legal bases for processing”), also remains­ unaffected.

 

c.­ Right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) GDPR (data processing in the public interest) or Art. 6(1)(f) GDPR (data processing on the basis of a balancing of interests). If you object to­, we will only continue to process your personal data if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.

 

13. Data transfer to recipients outside the European Economic Area

If Visitors to the Website click on a link to third-party websites (see section 5), personal data may be transferred to recipients in countries outside the European­ Union (“EU”), Iceland, Liechtenstein and Norway (= European Economic Area) ­and processed there.

On the Platform, data is only transferred to third countries (countries outside the European Economic Area – EEA) if it is a third country with an adequate level of protection in accordance with Art. 45 para. 1 GDPR and this is necessary for the execution of our customer’s orders or if a visitor or user has expressly given us their consent.

In the following countries, the EU considers that there is an adequate level of protection for the processing of personal data in accordance with EU standards (so-called adequacy decision): Andorra, Argentina, Canada (restricted), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. ­We agree the application of EU standard contractual clauses or binding corporate ­regulations with recipients in other countries in order to create an appropriate level of protection in accordance with legal requirements.