With the following information, we would like to give you an overview of how we process your personal data as well as your rights under the Data Protection Act. What specific data is processed in detail and how it will be used depends on the requested or agreed services.
Contact details as follows:
Neuer Markt 2
76352 Baden-Baden, Germany
Phone: +49 7221 5007-0
Fax: +49 7221 5007-222
You can reach our operational data protection officer at:
Data protection officer
Neuer Markt 2
76352 Baden-Baden, Germany
We process personal data that we receive from our customers as part of our business relationship. In addition, we process – as far as necessary for the provision of our services – personal data that we might collect from publicly accessible sources (e.g. debtor directories, land registers, trade and association registers, press, internet) or that was obtained from our distribution partners or from other third parties (e.g. a credit agency). Relevant personal data includes:
and other data comparable to the aforementioned categories.
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal German Data Protection Act (BDSG):
a. For the fulfilment of contractual obligations (Article 6 (1) (b) of the GDPR)
Data is processed in order in order to provide financial services as part of the execution of our contracts with our customers or to carry out pre-contractual actions, which are carried out upon request. The purposes of data processing are primarily geared towards the specific product (e.g. leasing, factoring) and may include, but are not limited to, needs analysis, consulting and to perform transactions. Further details on the purposes of data processing can be found in the relevant contract documents and terms and conditions.
b. As part of the balance of interests (Article 6 (1) (f) of the GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract for the protection of our legitimate interests or those of third parties, in particular:
Consultation and exchange of data with credit agencies (e.g. SCHUFA) to identify credit risk or default risk
For the purposes of examining possible credit risks and default risks as well as preventing criminal offences, we provide CRIF Bürgel GmbH, Radlkoferstraße 2, D-81373 Munich, Germany, with data on the application and the applicant. CRIF Bürgel GmbH will provide us with data stored on your person in the DSPortal (Deutsches Schutz Portal) if we have credibly demonstrated our legitimate interest.
In addition, we transfer personal data collected in the context of this contract concerning the application, execution and termination of this business relationship as well as data on non-contractual or fraudulent behaviour to SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Germany, and Creditreform Boniversum GmbH, Hellersbergstraße 11, D-41460 Neuss, Germany.
The legal bases of these transfers are Article 6 (1) (b) and Article 6 (1) (f) of the GDPR. The legal basis of the transfers to CRIF Bürgel GmbH are additionally section 25 h of the German Banking Act as well as Art. 6 (1) (a) GDPR. Transfers on the basis of Article 6 (1) (f) of the GDPR may only be made to the extent necessary to safeguard our legitimate interests or those of third parties and provided these interests do not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.
The data exchange with the credit bureaus also serves the fulfilment of legal obligations to carry out creditworthiness checks of customers (section 505 a and section 506 of the Civil Code, section 18 a of the Banking Act).
Credit agencies process the data obtained and also use it for the purposes of profiling (scoring) in order to provide their contractors in the European Economic Area and in Switzerland and, where applicable, other third-party countries (if there is an adequacy decision by the European Commission) with information in order to, inter alia, make assessments on the creditworthiness of natural persons.
Detailed information according to Article 14 of the GDPR on the activities of the credit agencies can be found for the respective credit agency under the following links:
Review and optimisation of requirements analysis procedures for direct customer contact
Optimisation and needs-based design of the website
Advertising or market and opinion research, provided that you have not objected to the use of your data
Asserting legal claims and defence in legal disputes
Ensuring the IT security and IT operation of our company
Prevention and investigation of criminal offences
Video surveillance for the protection of domiciliary rights, and for the collection of evidence in cases of robbery and fraud (see also section 4 BDSG)
Measures for building and plant safety (e.g. access control)
Measures to safeguard domiciliary rights
Measures for business management and further development of services and products
c. On the basis of your consent (Article 6 (1) (a) GDPR)
Insofar as you have given us your consent to process your personal data for specific purposes (e.g., disclosure of data within the Group, or analysis of payment transaction data for marketing purposes), the legality of this processing is assured on the basis of your consent. Consent that has been issued can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into effect, i.e. before 25 May 2018. The revocation of consent does not affect the legality of the data processed until the revocation.
d. Based on legal requirements (Article 6 (1) (c) GDPR) or in the public interest (Article 6 (1) (e) GDPR)
In addition, we are subject to various legal obligations, i.e. legal requirements (e.g., the Banking Act, the Money Laundering Act, and tax laws) as well as banking supervisory requirements (e.g., the European Central Bank, the European Banking Authority, the Deutsche Bundesbank, and the Federal Financial Supervisory Authority). The purposes of the processing include, but are not limited to, the creditworthiness check, identity and age checks, prevention of fraud and money laundering, the fulfilment of tax auditing and reporting obligations, and the assessment and management of risks.
Within our organisation, the entities that gain access to your data are those who need it in order to fulfil our contractual and legal obligations. Our service providers and vicarious agents may also receive data for these purposes. These are companies in the categories of financial services, IT services, logistics, printing services, telecommunications, debt collection, advising and consulting, as well as sales and marketing.
With respect to the disclosure of data to recipients outside our company, we may only disclose information about you if we are required to do so by law or if you have given us your consent to do so. Under these conditions, recipients of personal data may be, for example:
Other data recipients may be those to whom you have given us your consent for your data to be submitted.
A transfer of data to official bodies in countries outside the European Union (so-called third-party countries) takes place, as far as
Unless otherwise stated, we process your data on our website either to action your request (Article 6 (1) (b) GDPR) or based on our legitimate interests (Article 6 (1) (f) GDPR) as follows:
a. Usage data
Every time you access a page and retrieve a file, this process automatically saves general data to a log file. The storage is exclusively system-related and is purely for statistical purposes or to report criminal offences in exceptional circumstances.
We use this data to improve our websites and to present content tailored to your interests on various sites in the network and on multiple devices. As part of this process, usage data is not merged with personalised data. Should you decide to provide us with your data, this data will be backed up securely during the entry process. The same applies to the storage in our system. For security reasons, we store your IP address. This can be accessed in case of a legitimate interest.
We do not save your browser history. A transfer of data to third parties or any other evaluation does not take place, unless there is a legal obligation to do so.
In detail, the following data record is saved each time it is accessed:
In order to be able to give you the best possible advice as part of a request via our contact forms, the appropriate group company that is best suited to respond to your request will be identified after inquiring about your specific interest at the top of the page. If you contact us (e.g. via contact forms), the designated company will save your data in order to process your request (Article 6 (1) (b) GDPR) or in case any further correspondence is required.
Insofar as you expressly consent to receiving our newsletter within the scope of the contact form (Article 6 (1) (a) GDPR), you grant GRENKE AG, GRENKEFACTORING GmbH and GRENKE Bank AG permission to contact you in the future by phone, e-mail or post to inform about current products and services. If necessary, your data will also be stored by us for the purposes of sending our newsletter. In addition, we store your IP address and the date of your registration in order to be able to prove the newsletter subscription in case of doubt. You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the newsletter.
Otherwise, your data will be deleted after processing your request. Exceptions from this include data for which there are statutory or other prescribed storage requirements.
The data provided during registration will only be used by us to enable you to use our website (Article 6 (1) (b) GDPR).
We collect the following data for the registration process:
We are happy to inform you on the basis of your consent (Article 6 (1) (a) GDPR) about the latest news with our newsletter.
In order to receive the newsletter, you must enter your name and e-mail address. You can also enter and submit further optional information. After you have submitted your e-mail address, you will receive an e-mail from us to the e-mail address you have specified, in which you must click a confirmation link to verify the e-mail address you provided.
Your data will be stored by us only for the purposes of sending our newsletter. In addition, we store your IP address and the date of your registration in order to be able to prove the newsletter subscription in case of doubt.
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the newsletter.
aa) General information
In order to make your visit to our websites more pleasant and to enable the use of certain functions, we use so-called cookies on various sites. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliates to recognise your browser on your next visit (so-called persistent cookies).
Cookies cannot access other files on your computer or identify your email address.
cc) Legitimacy of the storage of cookies
The essential, functional and statistical cookies are stored on the basis of our legitimate interests (Article 6 (1) (f) GDPR) for the optimisation and needs-based design of our website.
Cookies are stored for marketing purposes on the basis of the user's consent (Article 6 (1) (a) GDPR). These cookies are therefore only set if the user agrees to the storage by issuing their consent to the cookie notification on the website.
dd) Deactivating and deleting cookies
The setting you choose on the first visit in response to the cookie notification will be saved. The selected settings can be adjusted here in the privacy settings at any time.
Most browsers are otherwise set to automatically accept cookies. If the default settings for cookies are stored in your browser, all processes run in the background without any notifications. However, you can change these settings at any time.
You can set your browser so that you are informed about the setting of cookies and can decide on a case-by-case basis whether they are to be accepted or deactivated for specific cases or in general.
ee) Overview of the cookies we use
Essential cookies are required in order to be able to use our website as they enable basic functions such as site navigation and access to secure areas of the website. The website may not work properly without these cookies.
Technical cookie for the load balancer
Statistical cookies collect information about the use of a website – such as the user’s most frequently visited pages and whether the user receives error messages when using a website. These cookies do not store information that allows the user to be identified. The information gathered is pooled and therefore evaluated anonymously. These cookies are used exclusively to improve a website's performance and thus the user experience.
Used to send data about the device and the visitor's behaviour to PIWIK.
30 minutes – 1 year
Session or permanent cookie
To detect if a visitor has deliberately deactivated tracking.
Cookies for marketing purposes
Cookies for marketing purposes are used to play targeted advertisements relevant to the user and adapted to their interests. They are also used to limit the frequency of an ad and to measure the effectiveness of advertising campaigns. They register whether you have visited a website or not. This information may be shared with third parties, such as advertisers. Cookies to improve targeting and advertising are often linked to third-party site functionalities.
These cookies enable behavioural advertising and analysis of Facebook
These cookies enable behavioural advertising and analysis of Instagram.
These cookies enable behavioural advertising and analysis on the Google AdWords platform.
30 days–2 years
These cookies enable behavioural advertising and analysis of LinkedIn
These cookies enable behavioural advertising and analysis of Twitter.
These cookies collect information that is either used to track the interests of our customers' users and to help improve the experience on their websites or to help us understand how our products and services are used.
These cookies enable behavioural advertising and analysis within the context of email marketing and measuring the effectiveness of email advertising. Tracking is done anonymously until a user identifies him or herself by submitting a form.
f. Range analysis using Piwik
Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) (f) GDPR), we use Piwik, a software for the statistical evaluation of user access.
You can revoke your consent to this data processing as follows
g. Use of Marketo
We use the services of Marketo EMEA Limited to send our newsletters, manage advertising permissions and collect statistical information about the use of our website, and to optimise our website accordingly.
When you purchase a product or service from us, your e-mail address will be transferred to Marketo so that we can send you e-mails in the future for similar goods or services. Insofar as you have not expressly consented to the use, our legal basis for this is our legitimate interest (Article 6 (1) 1 (f) GDPR).
Marketo uses so-called “cookies”, which are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is transmitted to a server of Marketo (in an EU/EEA country) and stored there. On behalf of the operator of this website, Marketo uses this information to evaluate the use of the website by registered persons and to compile reports on website activity. You can prevent cookies from being saved by making an appropriate setting in your browser software; however, we would like to draw your attention to the fact that, if you do so, you might not be able to use all the functions of this website to their full extent.
Tracking pixels and how you can prevent them: We point out that Marketo evaluates your user behaviour when sending the newsletter or other requested information on our behalf. For this evaluation, the emails sent contain so-called web beacons, which are also referred to as tracking pixels. These are one-pixel image files that link to our website, allowing us to evaluate your user behaviour on a session-by-session basis. In doing so, we record when you read our newsletters, which links you click in them, and from that deduce your personal interests. Marketo saves the information collected in this way on their servers in the EU/EEA.
Tracking is not available if you've deactivated the displaying of images by default in your email client. However, this might mean that the newsletter won't be displayed completely and you might not be able to use all the features. If you view the images manually, the above tracking is carried out.
h) Integration of social media plug-ins
We are currently using the following social media plug-ins: Facebook, Instagram, Twitter, LinkedIn.
When you visit a page that contains such a plug-in, the browser will connect to the social media providers' servers and provide the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in section 3 of this declaration will be transmitted, whereby in the case of Facebook and XING, according to the respective providers in Germany, only an anonymous IP is recorded. This happens regardless of whether you have an account with this plug-in provider and are logged in there. If you are logged in to the plug-in provider, this data will be assigned directly to your account. If you click the button, the plug-in provider also stores this information in your user account and informs your contacts publicly. If you do not want your profile to be linked with the plug-in provider, you must log out before clicking the button.
The plug-in provider stores this data as usage profiles and uses it for the purposes of advertising, market research and/or tailored website design. Such an evaluation is carried out in particular (also for non-logged-in users) to present needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles; you must contact the respective plug-in provider to exercise them.
For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which can be found below. You will also find further information about your rights and settings options to protect your privacy here.
Addresses of the respective providers and URLs with their privacy policies:
Unless explicitly stated in this privacy statement, the usage and registration data stored with us is deleted as soon as it is no longer required for its intended use and the deletion does not conflict with any statutory retention obligations.
We process and store other personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed to last for years. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is necessary for the following purposes:
Every affected person has with respect to us
With regard to the right to information and the right to deletion, the restrictions under sectionsection 34 and 35 BDSG apply.
In addition, there is a right to appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into effect, i.e. before 25 May 2018. Please note that the revocation is only applicable for the future. Processing that took place before the revocation is not affected.
As part of our business relationship, you must provide the personal data required in order to enter into a business relationship and perform its associated contractual obligations, or the personal data that we are required to collect by law. Without this information, we will generally not be able to conclude or execute the contract with you.
In particular, according to the money laundering regulations, we are obligated to identify you prior to entering into a business relationship with you on the basis of your identification document and to record and save your name, place of birth, date of birth, nationality, address and identification data. In order for us to be able to fulfil this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and immediately notify us of any changes during the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue your desired business relationship.
In principle, we do not use any fully automated decision-making processes pursuant to Art. 22 GDPR in order to justify or maintain the business relationship. If we do use these procedures in individual cases, we will inform you about this separately, if this is required by law.
We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:
Information about your right of revocation according to Art. 21 GDPR
1. Case-specific right of revocation
You have the right at any time, for reasons arising from your particular situation, to revoke your consent for the processing of personal data relating to you, which takes place on the basis of Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the establishment, exercise or defence of legal claims.
2. Right to revoke your consent to the processing of data for direct advertising purposes
In individual cases, we process your personal data in order to perform direct advertising. You have the right to object at any time to the processing of personal data concerning you for such advertising, which includes profiling to the extent that it is related to such direct advertising.
If you object to the processing for direct advertising purposes, your personal data will no longer be processed for such purposes.
You can revoke your consent to this by sending a correspondingly worded letter to:
Data protection officer
Neuer Markt 2
D-76352 Baden-Baden, Germany
or by E-mail: email@example.com