Privacy policy
Riverty Group GmbH Websites
Riverty website privacy policy
The protection of your personal data (hereinafter referred to as “data”) is a major and very important concern for us. In the following, we would therefore like to provide you with detailed information about what data is collected when you visit our online offers (website, social media, blog), hereinafter referred to as “Riverty Websites”, and how this data is processed by us. In addition, we would like to inform you about your rights and the technical and organisational protection measures we have taken with regard to the processing of your data.
The data protection information meets the information obligations in accordance with the requirements of Article 12 et seq. of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and provide you with an overview of the processing of your personal data on online offers (website, social media, blog) of Riverty Group GmbH and other companies of the Riverty Group of companies (hereinafter referred to as “Riverty Group”). The Riverty Group consists of Riverty Group GmbH and the other companies listed in the appendix.
This data protection notice applies to the offering on the website of the Riverty Group companies on the Riverty.com domain and all subdomains. Within the framework of data protection legislation, the companies of the Riverty Group act as co-controllers within the meaning of Art. 26 GDPR for the operation of Riverty websites.
General information on data protection relating to the operation of the Riverty websites
1. Who is responsible for processing my data?
The companies of the Riverty Group listed in the appendix are responsible for the operation of the website and for the technical processing of your data. The Riverty Group processes data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (hereinafter referred to as “BDSG”).
Where applicable, your data will be shared between the Riverty Group companies in the manner described in this document The Riverty Group companies are jointly responsible for the protection of your data (Art. 26 GDPR). If a Riverty Group company is solely responsible for operating the technical website within the meaning of the GDPR, you can find the relevant information in the company-specific or product-specific data protection notices of that company.
In order for you to be able to exercise your legal rights under data protection regulations, the Riverty Group provides you with the following central contact address: @email .
A complete list of the data processing companies on this website as well as their address details, contact persons and additional information on data protection can be found in the appendix.
2. Personal Info
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an email address, a postal address or an online identifier such as an IP address or a cookie identifier.
Personal data may only be processed with legal permission. If you visit and use the website, your personal data will only be processed if the Riverty Group has obtained legal permission to do so.
3. What data is collected?
When you visit the website, information is automatically collected by the requesting device (hereinafter referred to as “access data”). This access data includes server log files, which usually consist of information about the browser type and browser version, operating system, Internet service provider, date and time of use of the website, previously visited websites and newly visited websites via the website and the IP address of the computer. With the exception of the IP address, the log files of the server cannot be personally identified. An IP address is personally identifiable if it is permanently assigned when the internet connection is used and the Internet provider can assign it to a person.
If you continue to use the services of the website, pseudonymous usage profiles and/or the data you enter on the website (e.g. keywords, login data, reviews, forms or contracts entered, click data).
In principle, you can use the website without providing your data, for example to obtain information about us.
A detailed overview of the purposes for which, for how long and on what legal basis this data is processed can be found in point 4 of this data protection notice.
4 For what purposes is the data collected?
Cookies are small text files that are used on Riverty websites to make the user experience more efficient. We use cookies to personalise content and ads and to analyse traffic on our website. We also share information about your use of our website with our analytical partners.
By law, we may store cookies on your device if they are strictly necessary for the operation of this site. We need your consent for all other types of cookies. You can change or withdraw your consent at any time via the cookie statement on our website.
This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. In the Cookie Content Manager you can see in detail which cookies are used.
Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website will not function properly.
Functional cookies help website owners understand how visitors interact with web pages by anonymously collecting and reporting information.
Marketing cookies are cookies that help improve the user experience and measure the reach of the website. These cookies allow us to track and analyse the behaviour of users on the website. However, web tracking does not require personal identification of the user concerned, so that when registering your access data, the saved IP address is not used or is only used in abbreviated form (last eight digits) and pseudonymous user profiles are created. Personal user profiles are only created in exceptional cases and if you have consented to the placement of the respective cookie via our cookie content manager. These cookies may share the information collected with other organisations or advertisers. These are permanent cookies that almost always come from third parties. Web tracking services are provided on a regular basis by our service providers, who only process the usage profiles according to our instructions and not for their own purposes. This is guaranteed by means of contracts for order processing. If the service providers are established outside the European Union or the European Economic Area (hereinafter referred to as “EU or EEA”), a so-called transfer by a third country takes place. This is permitted if you have agreed to this, and we have created a guarantee for a level of data protection that corresponds to the European standard or the EU Commission has classified the third country in question as a lower third country. The transfer of the service concerned to a third country is indicated below. Further information about the recipients of your data and the transfer to third countries can be found in chapters 5 and 6 of this data protection notice.
4.1.1 Legal basis for data processing
The legal basis for the placement of cookies is Art. 6 para. 1 lit. an and/or f GDPR.
4.1.2 Duration of storage or criteria to determine this duration
The data collected and evaluated when functional and optional cookies are used is generally stored until you object to their use. However, the storage period of the analysis cookies is a maximum of 24 months.
4.1.3 Possibility of objection and deletion
You have the right to object to the processing of your data when using cookies in accordance with Art. 21 GDPR, insofar as there are reasons for doing so which arise from your particular situation. If you wish to exercise your right to object, please contact the contact address given in section 1. If you object to this data processing, you can only use the website to a limited extent or not at all.
In addition, you can object at any time to your consent to the processing of your data in the context of the use of optional cookies. The objection can be technically objected to by an opt-out in our cookie consultant manager on this website or by the technical deletion of cookies by the browser you use. The following link will take you to the settings screen of our cookie consultant manager.
4.2 Personalised newsletter
The website offers the possibility to subscribe to newsletters. To send you a newsletter, we process the e-mail address you provided, the name of your company and the country on the basis of the consent you provided when registering. To the extent required by law, we use the so-called double opt-in procedure to subscribe to the newsletter. After registering and granting your consent, we will send you a message to the e-mail address you provided in which we ask you to confirm your registration. In order to prevent misuse of your data and to prove your consent, we store your access data recorded during registration as well as the registration message and the texts used for this purpose. Once you have confirmed your subscription to the newsletter, your details will be stored in our customer database.
For the sending of our personalised newsletter, we collect statistical data about the use of our website and to optimise our offer accordingly and adapt the offer (newsletter and other content) to your needs. For this purpose, one or more cookies are stored on your computer, by which data is collected for marketing and optimisation purposes and stored and processed on the servers of our marketing automation tool. The collected data is combined with the personal data that you have provided on the website in order to create a profile. Profiling can be stopped by disabling the cookie function in your browser.
4.2.1 Purpose and legal basis of data processing
The purpose of sending our newsletter and downloading content is to inform business customers in an advertising manner about products, solutions and services from our ID & Fraud Management, Credit Risk Management, Payment and Financing Services and Receivables Management business units and about events. This diversity of companies can only be achieved with the help of other companies in the Riverty Group. Therefore, with your consent, we may transfer your data for advertising purposes within our group of companies.
The purpose of the personalised newsletter is to approach (potential) business customers in an advertising manner in order to inform them about products, solutions and services from our business units and about events. The legal basis for the processing of your data when registering and participating in the newsletter is your consent according to Art. 6.1 GDPR/§ 7.2 No. 3 German Act against unfair competition (hereinafter referred to as “UWG”).
4.2.2 Duration of storage or criteria to determine this duration
Your data will be stored during your subscription to the newsletter. After the newsletter has been deactivated, your data will be stored for 1 year in order to prove that your consent to the newsletter has been obtained and that we have acted in accordance with the law. The same applies if you have withdrawn your consent. Data processing for advertising purposes will then no longer take place.
4.2.3 Possibility of objection and deletion
You can revoke your consent to the processing of your personal newsletters at any time by notifying the company of your withdrawal via the email address @email or with the subject line “Revocation of newsletter”. You can also object via the unsubscribe link in the newsletter email.
4.3 Personalised newsletters when downloading e-books/whitepapers/studies
In exchange for downloading white papers/ebooks/studies (hereinafter referred to as “content”) on current topics from our business areas, we have agreed to send you a personalised newsletter.
For the purposes of this agreement, we process the e-mail address you have provided, the name of your company and the country in which you are sent a newsletter. To the extent required by law, we use the so-called double opt-in procedure to subscribe to the newsletter. After registration, we will send you a message to the e-mail address you provided in which we ask you to confirm your registration. In order to prevent misuse of your data and to prove the contract, we store your access data recorded during registration, as well as the registration message and the texts used for this purpose.
For the sending of our personalised newsletters, we collect statistical data about the use of our website and to optimise our offer accordingly and adapt the offer (newsletter and other content) to your needs. For this purpose, one or more cookies are stored on your computer, by which data is collected for marketing and optimisation purposes and stored and processed on the servers of our marketing automation tool. The data collected is combined with the data you provide on the website to create a profile. Profiling can be stopped by disabling the cookie function in your browser.
Once you have confirmed your subscription to the newsletter, your details will be stored in our customer database.
4.3.1 Purpose and legal basis of data processing
The purpose of sending our newsletter and downloading so-called content is to inform business customers in an advertising manner about products, solutions and services of our ID & Fraud Management, Credit Risk Management, Payment and Fi-nancing Services and Receivables Management business units and about events. This enterprise diversity can only be reflected with the help of other companies in the Riverty Group. Therefore, with your consent, we may transfer your data for advertising purposes within our group of companies.
The purpose of the personalised newsletter is to approach (potential) business customers in an advertising manner in order to inform them about products, solutions and services from our business units and about events. The legal basis for the processing of your data during registration and participation in the newsletter is consent according to Art. 6 para. 1 lit. a GDPR/§ 7 para. 2 no. 3 Act against unfair competition (hereinafter referred to as “UWG”).
4.3.2 Duration of storage or criteria to determine this duration
Your data will be stored during your newsletter subscription. After the newsletter has ended, your data will be stored for 1 year in order to prove that your consent to the newsletter has been obtained and that we have acted in accordance with the law. The same applies if you have withdrawn your consent. Data processing for advertising purposes will then no longer take place.
4.3.3 Possibility of objection and deletion
You can revoke your consent to the processing of your data in the context of participation in our personalised newsletter offer when downloading e-books/whitepapers/studies at any time by notifying the company of your withdrawal via the e-mail address @email and the subject line “Revocation of newsletter”. You can also object via the unsubscribe link in the newsletter email.
4.4 Business customer survey
If you have a business relationship with us, we may occasionally use your data for a customer survey to assess your satisfaction with our services and identify areas for improvement. Participation in the survey is voluntary and will only take place with customers who gave us their consent when the business relationship was established. The investigation is carried out using service providers that are bound by instructions from us as contract processors. We check these service providers for data protection before the surveys are carried out.
4.4.1 Purpose and legal basis of data processing
The purpose of the survey is to improve our products and services in order to build and maintain a good customer relationship. The data protection basis for this study can be found in Art. 6.1.f GDPR. Our legitimate interest lies in the fact that we want to provide our customers with a regular and efficient way of expressing criticism so that we can adapt our services accordingly.
4.4.2 Duration of storage or criteria to determine this duration
The data used is stored in our CRM system for the duration of our contractual relationship. After the end of our contractual relationship, the data will only be used for a final customer satisfaction survey and then blocked for this type of data processing.
4.4.3 Possibility of objection and deletion
You have the right to withdraw your consent to the use of your data for research among business customers at any time. In each email you will find a message inviting you to participate. You also have the right to object to processing. You are also entitled to demand the erasure of your data in accordance with Art. 17 GDPR. You also have the right to correct your data and to receive information about the data stored by us.
To exercise your rights as a data subject, you can contact us at the address given in point 1 or send an email to: @email.
4.5 Online application
Riverty Group publishes job vacancies on this website which you can use to apply. You will be redirected to the applicant portal via the job requisition. In this context, the actual data processing for the application process for your online application will not take place on this website.
4.5.1 Deviating responsibility under data protection law
The company that has published the job advertisement and is looking for new employees is responsible for the job advertisements. This company will receive your data upon receipt of your request. Your data will not be passed on to other companies unless this is required by law or you consent to this.
Further information about the responsibilities, the purpose of the data processing and the legal basis, as well as about possible recipients and retention periods can be found in the respective vacancy. Further details on data processing for the specific application procedure for your online application can be found in the registration and creation of your application profile.
4.5.2 Purpose and legal basis of data processing
After receiving your online application for a specific vacancy, your data will be processed for recruitment purposes. During the contractual start of an employment relationship, your potential employer has an interest in ensuring that you have the necessary professional competence and personal suitability for the vacant position.
The legal basis for processing your data is Art. 6.1.b GDPR. Data processing is therefore carried out with a view to establishing a possible contractual relationship or employment relationship with you.
4.5.3 Duration of storage or criteria to determine this duration
Your data will be processed for as long as necessary to enter into the employment relationship. After completion of the online application and the acceptance decision, your data will be deleted at the end of the statutory retention period (currently 6 months).
4.5.4 Option to object and delete
Based on the applicable legal basis, there is no right to object to the described processing procedure on the basis of Art. 21 GDPR. If you have any questions in this respect, please do not hesitate to contact the affected Riverty Group companies at the contact addresses provided in the appendix.
4.6 Email and phone contact
The website offers the possibility to contact the Riverty Group companies via an email address or a phone number. If you make use of this option, the data entered, your e-mail address and/or your telephone number and your request will be forwarded to the relevant company of the Riverty Group. Depending on the request (e.g. questions about the products and services of the Riverty Group, exercise of your rights as a data subject, such as information, will be further processed (using service providers).
4.6.1 Purposes and legal basis of data processing
The legal basis for the processing of your contact details is Art. 6.1.f GDPR. The legitimate interests lie in the processing of your request and further communication. If your contact is to conclude a contract with the company, the legal basis for processing your contact details is Art. 6.1.b GDPR.
4.6.2 Duration of storage or criteria to determine this duration
After your request has been processed and further communication has ended, the contact details will be deleted. This does not apply if your contact is aimed at concluding a contract with the company or if you assert your rights as a data subject, such as information. In this case, the data is stored until the contractual and/or legal obligations have been fulfilled and the statutory retention periods do not prevent the deletion. This is usually the case after 6 months.
4.6.3 Objection and deletion options
You have the right to object to the processing of your contact details where there are reasons for doing so arising from your particular situation. If you wish to exercise your right to object, please contact the contact address given in section 1. If you object, communication cannot continue. This does not apply if the storage of your contact details is necessary for the conclusion or performance of a contract or the exercise of your rights as a data subject.
4.7 Loox CRM system
Loox is a cloud-based contact relationship management (CRM) system used to capture and keep up to date information about potential customers, new customers, existing customers, partners, competitors, suppliers and service providers of the Riverty Group.
If your contact details are collected, for example on this website by subscribing to our newsletter, the data is forwarded to the relationship management system for further processing and processed there for the purposes for which it was collected. A logical separation of customers ensures that only those companies have access to the data stored there that is legally authorised to do so (e.g. by their consent or a corresponding contractual relationship with you).
4.7.1 Purpose and legal basis of data processing
The purpose of the data processing is the legally permitted use of your basic personal data for the purpose of further data processing for which you have legitimised us by your consent, for example, or for which we have been legitimised by a corresponding contractual relationship for data processing. The legal basis is therefore Art. 6.1.a. GDPR or Art. 6.1.b. GDPR.
4.7.2 Duration of storage or criteria to determine this duration
The data used is stored in our CRM system for the duration of our contractual relationship. At the end of our contractual relationship, the data is only used for a final customer satisfaction survey and is then blocked for this type of data processing. If the data processing is based on consent, the data will be deleted if you have objected to further use in the future.
4.7.3 Objection and deletion options
If the data processing is based on a contractual relationship between you and us, you are not entitled to object to the described processing procedure in accordance with Art. 21 GDPR. If your consent is the legal basis for data processing, you have the right to object to this processing at any time. You also have the right to demand the erasure of your data in accordance with Article 17 of the GDPR. You also have the right to correct your data and to receive information about the data stored by us. In order to exercise your rights as a data subject, you can contact us at the address given in section 1.
4.8 Digital events and functions
The Company regularly offers digital events for its employees, customers and/or service providers (hereinafter “Participants”). Events take place on separate parts of the company’s website or on externally hosted platforms of connected service providers. Depending on the event in question, participants are obliged to visit the website prepared for the event (the so-called landing page) by means of a user name and password or by means of a password defined in advance for the event (hereinafter “Participation Data”). In this process, the IP address and the required participant data are processed.
4.8.1 Purpose and legal basis of data processing
The purpose of data processing is to enable participation in the company’s digital events. The legal basis under data protection law is based on the purposes pursued by the events. For example, if the events are mandatory training for our employees, the legal basis is regular Art. 6.1.b. GDPR/Section 26 Paragraph 1 BDSG. Participation in and the related processing of data is therefore necessary for the performance of the employment relationship. If the offered event is an optional, i.e. voluntary training or an information event for participants is the legal basis for regular Art. 6.1.f. GDPR The processing is therefore based on a legitimate interest in creating an additional offer for the participants and is also voluntary. It is also possible that service providers do not provide the offered event as commissioned processors within the meaning of Article 4(8) of the GDPR, but act as a responsible body within the meaning of Article 4(7) of the GDPR. In these cases, these are always voluntary events, the participation of which depends on your consent for data processing. In the case of such an event, you will be asked on the landing page to give your consent for the data processing by the relevant organiser. The legal basis for data processing is then Art. 6.1.a. GDPR. In this case, you must assert your rights as a data subject directly with the organiser. Further information about this can be found in point 7.
4.8.2 Duration of storage or criteria to determine this duration
The company processes your data in the context of the provision of digital events and functions until the conclusion of the relevant event. As a result, your data (username, email address, IP address) will be completely deleted at the end of the event. If your data is processed by the organiser on its own responsibility, the storage period is determined by the respective data protection information of the organiser.
4.8.3 Objection and deletion options
If the data processing is based on a contractual relationship and/or employment relationship between you and us, there is no right to object to the described processing in accordance with Art. 21 GDPR. If your consent is the legal basis for data processing, you have the right to object to this processing at any time with effect for the future. You also have the right to demand the erasure of your data in accordance with Art. 17 GDPR. You also have the right to correct your data and to receive information about the data stored by us. To exercise your rights, please contact us at the address given in section 1.
4.9 Microsoft Bookings
The company collects and processes personal data for the online booking of meeting appointments. For this purpose, she uses the service “Microsoft Bookings” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052–6399, USA. The connection to the service is only established when you call up the online booking function via a button on our website. More information on how user data is handled can be found in Microsoft’s privacy policy.
You are not required to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use one of the other contact options offered to arrange an appointment.
4.9.1 Purposes and legal basis of data processing
The legal basis for the transfer, storage and processing of data is your consent in accordance with Art. 6.1.a. GDPR.
4.9.2 Duration of storage or criteria to determine this duration
The data will be erased as soon as it is no longer required for the purpose for which it was collected.
4.9.3 Options for objections and deletion
You have the right to withdraw your consent to data processing or to object to the use of the data at any time. In that case, the intended contact with the user is no longer possible or the communication that has already started can no longer be continued.
5. Who receives my data?
Within the Riverty Group, access to your data will be granted to the offices that need it in order to achieve the purposes mentioned in point 4. Service providers employed by Riverty Group can also gain access to your data (so-called “order processors”, for example data centres, hosting, IT infrastructure support or web design). 6. Order processing contracts ensure that these service providers are bound by instructions, data security and the confidential handling of your data.
6. Is my data processed outside the EU or the EEA (transfer to third countries)?
If the service providers and/or third parties listed in point 4 process your data outside the EU or EEA for the purposes set out in point 4, your data may be transferred to a country where an adequate level of protection for the EU or EEA cannot be guaranteed. However, such a level of data protection can be guaranteed with an appropriate guarantee. Standard contractual clauses provided by the EU Commission can be considered as an appropriate guarantee. In accordance with the ruling of the European Court of Justice of 16 July 2020 (Case C-311/18), service providers commissioned by us in third countries are obliged to inform us of the additional appropriate technical and organisational measures taken to prevent state supervision mechanisms. If there is any doubt about the legality of this data processing, the service providers concerned are obliged to adapt their technical and organisational measures.
A copy of these guarantees can be requested from the contact details mentioned in point 1.
Guarantees may be waived in exceptional cases, for example if you give your consent or if the transfer to a third country is necessary for the performance of your contract with the Riverty Group companies. The EU Commission has also recognised certain third countries as safe third countries, so that appropriate guarantees can also be waived from the company.
A transfer to a third country shall take place, inter alia, in the following cases:
Service providers are used to make the website available and the default settings of the website whose data centres are located in a third country or who have access to the data centres within the European Union or the EEA from a third country site. Standard contractual clauses have been agreed with the service providers concerned to ensure compliance with European data protection standards.
The use of web tracking services shall be carried out by service providers whose data centres are located in a third country or who have access to data centres within the European Union or the EEA from a third country site. Compliance with the European level of data protection has been agreed with these service providers via standard contractual clauses in accordance with Art. 46.2.c.GDPR.
7. What data protection rights do I have?
You have the right to obtain information about your personal data stored by us at any time. If data concerning your person is incorrect or no longer up to date, you have the right to demand that it be corrected. You also have the right to demand the erasure or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may also have the right to receive the data you provide in a commonly used and machine-readable format (right to data portability). If you have given your consent to the processing of personal data for certain purposes, you can withdraw this consent at any time with effect for the future. The revocation must be sent to the Company at the contact address indicated in point 1. In accordance with Art. 21 GDPR, you also have the right to object at any time to the processing of your data on the legal basis of Art. 61.f. GDPR for reasons arising from your particular situation.
Right of appeal
You also have the option of contacting a data protection authority and making a complaint there. See annex for authorities responsible for Riverty Group companies.
You can also contact the data protection authority responsible for your place of residence.
8. To what extent is there automated decision-making?
We do not use fully automated decision-making processes for the purposes listed under point 4.
9. Is profiling taking place?
Profiles shall not be drawn up for the purposes set out in point 4.
10. Updating the privacy policy
If this privacy policy is changed, the change will be indicated in this policy, on the homepage and in other appropriate places.
Version of the data protection notice: October 2022