Privacy Policy

We, infinmi GmbH (hereinafter collectively referred to as “the company”, “we” or “us”), take the protection of your personal data very seriously and would like to inform you about data protection within our company at this point.

Preface

Within the scope of our responsibility under data protection law, the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter referred to as “GDPR”) has imposed additional obligations on us to ensure the protection of personal data of individuals affected by data processing (hereinafter also referred to as “customer”, “user”, “you”, “your” or “data subject”). Where we decide, either alone or jointly with others, on the purposes and means of data processing, this primarily includes the obligation to inform you transparently about the type, scope, purpose, duration, and legal basis of the processing (cf. Articles 13 and 14 GDPR). With this statement (hereinafter referred to as “Privacy Notice”), we inform you about the manner in which your personal data is processed by us. Our Privacy Notice is modular in structure. It consists of a general section applicable to all processing of personal data and processing situations that occur each time a website is accessed (A. General), a specific section whose content relates only to the respective processing situation specified therein, in particular the detailed visit to websites (B. Website), and another section relating to direct cooperation within the scope of our activities (C. Loan brokerage).

To help you find the sections relevant to you, please refer to the following overview of the structure of this Privacy Notice:

A | General

(1) Definitions

Based on Article 4 GDPR, the following definitions apply to this Privacy Notice:
  • “Personal data” (Article 4(1) GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, online identifier, location data, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Identifiability may also result from linking such information or additional knowledge. The origin, form, or embodiment of the information is irrelevant (photos, video or audio recordings may also contain personal data).
  • “Processing” (Article 4(2) GDPR) means any operation or set of operations performed on personal data, whether or not by automated means. This includes, in particular, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data, as well as changing the purpose on which the processing was originally based.
  • “Controller” (Article 4(7) GDPR) means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  • “Third party” (Article 4(10) GDPR) means any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons authorised to process personal data under the direct responsibility of the controller or processor; this also includes other legal entities within the same corporate group.
  • “Processor” (Article 4(8) GDPR) means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, in particular in accordance with its instructions (e.g. IT service providers). In data protection terms, a processor is not considered a third party.
  • “Consent” (Article 4(11) GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them by a statement or by a clear affirmative action.

(2) Name and address of the controller

The entity responsible for processing your personal data within the meaning of Article 4(7) GDPR is: infinmi GmbH Eiswerder Straße 18E, 13585 Berlin 030-33939100 wir@infinmi.de Further information about our company can be found in the legal notice on our website: https://infinmi.de/impressum/

(3) Contact details of the data protection officer

If you have any questions or require a point of contact regarding data protection, our data protection officer is available at any time. Contact details: Inken Salbrecht dsgvo@infinmi.de 030-339391010

(4) Legal bases for data processing

As a matter of principle, the processing of personal data is prohibited by law unless it falls under one of the following legal bases:
  • Article 6(1)(a) GDPR (“Consent”): where the data subject has given consent to the processing of their personal data for one or more specific purposes;
  • Article 6(1)(b) GDPR: where processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the data subject’s request;
  • Article 6(1)(c) GDPR: where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. statutory retention obligations);
  • Article 6(1)(d) GDPR: where processing is necessary to protect vital interests of the data subject or another natural person;
  • Article 6(1)(e) GDPR: where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
  • Article 6(1)(f) GDPR (“Legitimate interests”): where processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject (especially where the data subject is a minor).
The storage of information in the end user’s terminal equipment or access to information already stored there is only permitted if covered by one of the following legal bases:
  • Section 25(1) TTDSG: where the end user has given consent based on clear and comprehensive information, pursuant to Article 6(1)(a) GDPR;
  • Section 25(2)(1) TTDSG: where the sole purpose is the transmission of a message via a public telecommunications network; or
  • Section 25(2)(2) TTDSG: where storage or access is strictly necessary to provide a telemedia service explicitly requested by the user.
For each processing operation carried out by us, we specify the applicable legal basis below. Processing may also be based on multiple legal bases.

(5) Data deletion and storage duration

For each processing operation, we specify how long the data is stored and when it is deleted or blocked. Unless a specific storage period is stated, personal data is deleted or blocked once the purpose or legal basis for storage ceases to apply. Data is generally stored only on servers located in Germany, subject to possible disclosures under A.(7) and A.(8). Storage beyond the stated period may occur in the event of a (potential) legal dispute or other legal proceedings, or where required by statutory retention obligations (e.g. § 257 HGB, § 147 AO). Once the statutory retention period expires, data is deleted or blocked unless further storage is required and legally justified.

(6) Data security

We implement appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties (e.g. TLS encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purpose of processing, as well as the risks to the data subject. These measures are continuously improved. Further information is available upon request. Please contact our data protection officer (see A.(3)).

(7) No automated decision-making (including profiling)

We do not intend to use personal data collected from you for automated decision-making processes, including profiling.

(8) Statutory obligation to disclose certain data

In certain cases, we may be subject to a legal obligation to disclose lawfully processed personal data to third parties, in particular public authorities (Article 6(1)(c) GDPR).

(9) Your rights

You may assert your rights as a data subject at any time using the contact details provided under A.(2). You have the right:
  • to request information pursuant to Article 15 GDPR about your personal data processed by us;
  • to request rectification pursuant to Article 16 GDPR of inaccurate or incomplete data;
  • to request erasure pursuant to Article 17 GDPR, unless processing is required for legal obligations or legal claims;
  • to request restriction of processing pursuant to Article 18 GDPR;
  • to receive your data pursuant to Article 20 GDPR in a structured, commonly used, and machine-readable format (“data portability”);
  • to object pursuant to Article 21 GDPR to processing based on Article 6(1)(e) or (f) GDPR;
  • to withdraw consent pursuant to Article 7(3) GDPR at any time;
  • to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. A list of authorities is available at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

(10) Changes to this Privacy Notice

Due to further developments in data protection law or technological and organisational changes, this Privacy Notice is regularly reviewed and updated. Changes are published on our German website at https://infinmi.de/datenschutzerklaerung/. This Privacy Notice is valid as of:

B | Website

(1) Explanation of the function

You can obtain information about our company and the services we offer in particular at https://infinmi.de including its associated subpages (hereinafter collectively referred to as the “Websites”). When visiting our Websites, personal data relating to you may be processed.

(2) Processed personal data

When using the Websites for informational purposes, the following categories of personal data are collected, stored, and further processed by us: “Log data”: When you visit our Websites, a so-called log data record (server log files) is temporarily and anonymisedly stored on our web server. This record consists of:
  • the page from which the page was accessed (so-called referrer URL)
  • the name and URL of the requested page
  • the date and time of access
  • a description of the type, language, and version of the web browser used
  • the IP address of the requesting device, which is shortened in such a way that personal identification is no longer possible
  • the amount of data transferred
  • the operating system
  • the message indicating whether the request was successful (access status/HTTP status code)
  • the GMT time zone difference
“Contact form data”: When contact forms are used, the data transmitted via them is processed (e.g. gender, first and last name, telephone number, address, email address, and the time of transmission).

(3) Purpose and legal basis of data processing

We process the above-mentioned personal data in accordance with the provisions of the GDPR, other applicable data protection regulations, and only to the extent necessary. Where the processing of personal data is based on Art. 6 para. 1 sentence 1 lit. f GDPR, the stated purposes also constitute our legitimate interests. The processing of log data serves statistical purposes and the improvement of the quality of our Website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 sentence 1 lit. a or lit. f GDPR). The processing of contact form data is carried out for the purpose of handling customer enquiries (legal basis is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR). If the processing of data requires the storage of information on your end device or access to information already stored on your end device, § 25 para. 1, 2 TTDSG constitutes the legal basis.

(4) Duration of data processing

Your data will only be processed for as long as is necessary to achieve the processing purposes stated above; the legal bases specified within the respective processing purposes apply accordingly. With regard to usage and storage duration, please refer to section A.(5) and the Cookie Policy at https://infinmi.de/cookierichtlinie-eu/.

(5) Transfer of personal data to third parties; legal basis

The following categories of recipients may be granted access to your personal data:
  • Service providers for the operation of our Website and the processing of data stored or transmitted by the systems (e.g. data centre services, payment processing, IT security). The legal basis for disclosure is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as they are not processors
  • Online portals of banks or the financial services industry that we use to create concrete financing offers for you. The legal basis for disclosure is Art. 6 para. 1 sentence 1 lit. a or lit. b GDPR
  • Banks or credit institutions with which we apply for financing on your behalf. The legal basis for disclosure is Art. 6 para. 1 sentence 1 lit. a or lit. b GDPR
Beyond this, we only pass on your personal data to third parties if you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

(6) Use of cookies, plugins, and other services on our Website

a) Cookies

We use cookies on our Websites. Cookies are small text files that are stored on your hard drive and assigned to the browser you use via a characteristic string of characters, allowing the entity that sets the cookie to receive certain information. Cookies cannot execute programs or transmit viruses to your computer and therefore cannot cause damage. They serve to make the internet offering more user-friendly and effective overall, i.e. more pleasant for you. Cookies may contain data that enables recognition of the device used. In some cases, however, cookies only contain information about certain settings that are not personally identifiable. Cookies cannot directly identify a user. A distinction is made between session cookies, which are deleted once you close your browser, and persistent cookies, which are stored beyond a single session. With regard to their function, cookies are further classified as follows:
  • Technical cookies: These are strictly necessary to navigate the Website, use basic functions, and ensure the security of the Website; they do not collect information about you for marketing purposes nor do they store which websites you have visited;
  • Performance cookies: These collect information about how you use our Website, which pages you visit, and whether errors occur during website use; they do not collect information that could identify you – all collected information is anonymous and is only used to improve our Website and understand what interests our users;
  • Advertising cookies, targeting cookies: These are used to provide website users with advertising or third-party offers tailored to their needs and to measure the effectiveness of such offers; advertising and targeting cookies are stored for a maximum of 13 months;
  • Sharing cookies: These are used to improve the interactivity of our Website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
The legal basis for cookies that are strictly necessary to provide you with the service you expressly request is § 25 para. 2 no. 2 TTDSG. Any use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to § 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 sentence 1 lit. a GDPR. This applies in particular to the use of performance, advertising, targeting, or sharing cookies. Furthermore, we only pass on personal data processed via cookies to third parties if you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

b) Cookie Policy

Further information on which cookies we use and how you can manage your cookie settings and disable certain types of tracking can be found in our Cookie Policy at https://infinmi.de/cookierichtlinie-eu/.

c) Social media plugins

We do not use social media plugins on our Websites. If our Websites contain symbols of social media providers, these are used solely for passive linking to the pages of the respective providers.

d) Communication via WhatsApp

We offer the option to contact us via the WhatsApp messenger service. The provider of this service is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you contact us via WhatsApp, we process your telephone number, your name, and the content you transmit in order to handle your request. The legal basis is Art. 6 para. 1 lit. b GDPR if the enquiry serves the initiation or performance of a contract; otherwise Art. 6 para. 1 lit. f GDPR (our legitimate interest in efficient communication). We use the WhatsApp Business version. WhatsApp receives access to metadata of the communication and may process this data for its own purposes. Further information can be found in WhatsApp’s privacy policy at https://www.whatsapp.com/legal/privacy-policy-eea . Data is only transmitted to WhatsApp once you actively click the corresponding button.

C | Darlehensvermittlung

(1) Erläuterung der Funktion

Wenn wir darlehensvermittelnd für Sie tätig werden, können personenbezogene Daten von Ihnen verarbeitet werden.

(2) Verarbeitete personenbezogene Daten

Im Rahmen unserer Tätigkeit als Darlehensvermittler werden die folgenden Kategorien personenbezogener Daten von uns erhoben, gespeichert und weiterverarbeitet:
  • Geburtsdatum und -ort
  • Staatsangehörigkeit und Familienstand
  • Steuer-ID
  • Bankverbindung
  • Erwerbssituation (Beruf, Arbeitsverhältnis, Arbeitgeber)
  • Einnahmen und Ausgaben
  • Vermögen und Verbindlichkeiten inkl. des in das Vorhaben einzubringende Eigenkapital
  • Namen und Geburtsdaten Ihrer unterhaltsberechtigten Kinder
  • Angaben zu Ihrer Wunschimmobilie (oder der als Sicherheit dienenden Immobilie) bezogen auf Anschrift, Baujahr, qm Wohn-/Nutzfläche, Energieeffizienzklasse, Grundstücksgröße sowie möglicher Miteigentumsanteile
  • Zusätzlich bei Modernisierung/Sanierung: Detaillierte Kostenaufstellung und die Höhe der zu erbringenden Eigenleistung
  • Zusätzlich bei Neubauvorhaben: Detaillierte Bau- und Baunebenkostenaufstellung sowie die Höhe der zu erbringenden Eigenleistung zur Baufertigstellung
  • Voranschrift
  • Ausweisdaten (Ausweisnummer, Ausstellende Behörde, Gültigkeitsdatum)
  • Grundbuchangaben des Beleihungsobjekts
  • Geplantes Datum der Vollauszahlung des Darlehens
  • Geplante Bezugsfertigstellung des Beleihungsobjekts
  • Finanzierungsart
  • Finanzierungsgeber
  • Finanzierungsbetrag
  • Anfänglicher Kapitaldienst (Ratenhöhe)
  • Sollzinssatz (nominal und effektiv) und anfänglicher Tilgungssatz
  • Zeitraum der Zinsbindung
  • Sofern bekannt: Zeitpunkt der Vollauszahlung
  • Dauer der tilgungsfreien Anlaufzeit
  • Vereinbarte Sicherheiten
  • Kopie Darlehensvertrag (ohne Unterschriften)

(3) Zweck und Rechtsgrundlage der Datenverarbeitung

Wir verarbeiten die vorstehend näher bezeichneten personenbezogenen Daten in Einklang mit den Vorschriften der DS-GVO, den weiteren einschlägigen Datenschutzvorschriften und nur im erforderlichen Umfang. Soweit die Verarbeitung der personenbezogenen Daten auf Art. 6 Abs. 1 S. 1 lit. f DS-GVO beruht, stellen die genannten Zwecke zugleich unsere berechtigten Interessen dar. Die Verarbeitung dieser personenbezogenen Daten sind notwendig zur Erfüllung des Darlehensvermittlungsvertrages, den Sie mit uns schließen, wenn wir darlehensvermittelnd für Sie tätig sind, oder zur Durchführung vorvertraglicher Maßnahmen, die auf Ihre Anfrage erfolgen (Art. 6 Abs. 1 S. 1 lit. b DS-GVO) Sofern für die Verarbeitung der Daten die Speicherung von Informationen in Ihrer Endeinrichtung oder der Zugriff auf Informationen, die bereits in der Endeinrichtung gespeichert sind, erforderlich ist, ist § 25 Abs. 1, 2 TTDSG hierfür die Rechtsgrundlage.

(4) Dauer der Datenverarbeitung

Ihre Daten werden nur so lange verarbeitet, wie dies für die Erreichung der oben genannten Verarbeitungszwecke erforderlich ist; hierfür gelten die im Rahmen der Verarbeitungszwecke angegebenen Rechtsgrundlagen entsprechend. Hinsichtlich der Nutzung und der Speicherdauer beachten Sie bitte Punkt A.(5).

(5) Übermittlung personenbezogener Daten an Dritte; Rechtfertigungsgrundlage

Folgende Kategorien von Empfängern erhalten ggf. Zugriff auf Ihre personenbezogenen Daten:
  • Internetportale der Banken oder der Finanzdienstleistungsbranche, die wir nutzen, um Ihnen konkrete Finanzierungsangebote zu erstellen. Rechtsgrundlage für die Weitergabe ist dann Art. 6 Abs. 1 S. 1 lit. a oder lit. b DS-GVO
  • Banken oder Kreditinstitute, bei denen wir eine Finanzierung für Sie beantragen. Rechtsgrundlage für die Weitergabe ist dann Art. 6 Abs. 1 S. 1 lit. a oder lit. b DS-GVO
Darüber hinaus geben wir Ihre personenbezogenen Daten nur an Dritte weiter, wenn Sie nach Art. 6 Abs. 1 S. 1 lit. a DS-GVO eine ausdrückliche Einwilligung dazu erteilt haben.

Contact

+49 30 33939 100 WhatsApp