Our handling of your data and your rights
Privacy notice according to Art. 13 and 21 of the General Data Protection Regulation (GDPR)
With the following privacy notice, we would like to give you an overview of how your personal data is processed by us and what rights you have in this regard. Which specific data are processed and how they are used depends largely on the requested or agreed-upon services. Therefore, not all sections of this information notice may apply to your particular situation.
This privacy notice may be updated periodically. You will find the latest version on this page at any time.
The responsible party (controller) pursuant to data protection law, in particular the EU General Data Protection Regulation (GDPR), is
Treasury Intelligence Solutions GmbH
Langer Anger 7
Phone: +49 6227 69 82 40
You can reach our data protection officer at:
Data protection officer of Treasury Intelligence Solutions GmbH
c/o activeMind AG Management- und Technologieberatung
Potsdamer Str. 3
Phone: +49 (0) 89 / 91 92 94 900
We process your data for the following purposes and on the following legal bases:
We process personal data in accordance with the GDPR and national data protection legislation, in particular the German Federal Data Protection Act (Bundesdatenschutzgesetz):
1. To fulfil our contractual obligations or in order to take pre-contractual measures prior to entering into a contract (Art. 6 (1)(b) GDPR)
We process the data provided by you solely for contacting you and providing you with the requested service. The same applies to the processing operations required to carry out pre-contractual measures, such as in cases of queries regarding our services.
2. Due to statutory requirements (Art. 6(1)(c) GDPR)
We are subject to various legal obligations that result in data processing. These include, for example, tax laws, the applicable statutory accounting regulations, responding to inquiries and meeting the requirements of supervisory and/or law enforcement authorities, and compliance with various reporting obligations.
In addition, the disclosure of personal data may be required in the context of administrative/judicial measures of gathering evidence, prosecuting or enforcing civil claims.
3. Within the scope of our legitimate interests (Art. 6(1)(f) GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect our legitimate interests of these or third parties. Examples of such cases are:
- if you contact us by e-mail or telephone, the data you provide will be stored for the purpose of individual communication with you,
- technical support and customer service,
- enforcement of legal claims and defense in legal disputes,
- the usage of a CRM system.
What categories of data may we process about you?
We may process the following categories of personal data obtained in the framework of the business relationship with you:
- contact details such as telephone number and e-mail address,
- field of activity and/or position within your company,
- past correspondence with you.
Who receives your data?
1. In-house (internal recipients)
Our employees, insofar as necessary for contacting you and fulfilling our contractual and statutory obligations (including the fulfilment of pre-contractual measures).
2. Our data processors
Furthermore, our service providers and subcontractors (data processors) may receive your data, insofar as they require the data for the fulfilment of their respective services. This may include external service providers in the following areas:
- IT support,
- cloud and hosting services,
- CRM system provider,
All service providers are contractually obliged to treat your data confidentially.
3. Other recipients (third parties)
A transfer of data to recipients outside of our company will only take place in compliance with the applicable data protection regulations. In particular, following recipients may obtain personal data:
- our external data protection officer,
- public bodies and institutions (e.g., tax authorities, law enforcement authorities) when presented with a statutory or regulatory obligation to disclose the data,
tax consultants, certified public accountants and income/corporate tax auditors.
Is data transferred to a third country or to an international organization?
A data transfer to organisations or countries outside the European Union and the European Economic Area (so-called third countries) takes place if:
- the European Commission has decided that an adequate level of protection exists in the relevant third country (Art. 45 GDPR), or
- on the basis of appropriate safeguards (standard contractual clauses issued by the EU Commission), or
- you have given us your consent, or
- it is necessary for the performance of the contract.
Currently, your data is processed by the following recipients based outside the European Union and the European Economic Area:
- Cloud service providers,
- Videoconferencing services.
We have contractually agreed with our service providers that data protection safeguards have to be put in place with their contract partners in compliance with the European level of data protection.
For a copy of the appropriate safeguards in place, please contact us via one of the communication channels listed above.
How long will your data be stored?
We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations. Data no longer required for these purposes are deleted on a regular basis.
There are some exceptions to the above-mentioned deletion criteria, in particular for:
- fulfilling statutory retention requirements, e.g., pursuant to the German Commercial Code (Handelsgesetzbuch) and the Fiscal Code (Abgabenordnung). The respective retention periods are usually six to ten years.
- maintaining evidence in accordance with the legal statute of limitations. According to Sec. 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch), these statutes of limitations can be up to 30 years, whereby the regular limitation period is three years.
If the data processing takes place based on our legitimate interests, personal data will be deleted as soon as these interests no longer exists. The aforementioned exceptions apply here as well.
Your rights as a data subject
You can exercise the following rights at any time by contacting us:
- right of access: You have the right to ask us whether we hold any of your personal information (Art. 15 GDPR).
- right to rectification: You have the right us to ask us to correct personal information you think is inaccurate (Art. 16 GDPR).
- right to erasure: You have the right to ask us to delete your personal information in certain circumstances (Art. 17 GDPR).
- right to the restriction of processing: You have the right to ask us to restrict our use of your personal data in certain circumstances (Art. 18 GDPR).
- right to data portability: This only applies to information you have given to us. You have the right to request data be transferred to another organisation. This right only applies if you have consented to the data processing or have entered into a contract with us (Art. 20 GDPR).
- right to object to processing: You have the right to object to the processing of your data (Art. 21 GDPR).
If you have given us your consent, you can withdraw it at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can contact a supervisory authority with a complaint at any time, including the supervisory authority of your place of residence and the authority that oversees us. A list of German supervisory authorities and their addresses can be found under: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Am I obliged to provide data?
Within the scope of the contractual relationship, you have to provide us the personal data necessary for the commencement, implementation and termination of the contractual relationship and for the fulfilment of the associated contractual obligations, and the personal data we are legally obliged to collect. Without this data, we will not be able to conclude or execute the contract with you.
Do automated decision-making and profiling take place?
Automated decision-making and profiling do not take place.
Right to object in individual cases according to Art. 21(1) GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6(1)(f) GDPR (data processing based on legitimate interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If you wish to exercise your right to object, please contact us via one of the contact channels listed above.