LeasAG
DE
LeasAG - Leasing aus Leidenschaft

Data privacy.

Data protection information for customers and other affected parties1
With the following information we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the services requested or agreed. Therefore not all parts of this information will apply to you.

Data protection information for customers and other affected parties1
With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the services requested or agreed. Therefore not all parts of this information will apply to you.


Who is responsible for data processing and who can I contact?

Responsible is:
LeasAG Leasing Aktiengesellschaft
Karl-Geusen-Str. 173, 40231 Düsseldorf
Phone: 0211 / 730607-0
info[at]leasag[dot]de

You can reach our company data protection officer at:

LeasAG Leasing Aktiengesellschaft
Data Protection Officer
Karl-Geusen-Str. 173, 40231 Düsseldorf
Phone: 0211 / 730607-0
datenschutzbeauftragter@leasag.de


What sources and data do we use?

We process personal data that we receive from our customers or other affected parties within the scope of our business relationship. In addition, we process - to the extent necessary for the provision of our services - personal data which we obtain from publicly accessible sources (e.g. debtor directories, land registers, commercial and association registers, press, Internet) or which we are entitled to receive from other third parties (e.g. a credit agency).
Relevant personal data are personal data (name, address and other contact data, date and place of birth and nationality), identification data (e.g. ID card data) and authentication data (e.g. specimen signature). In addition, this can also include order data (e.g. SEPA mandate), data from the fulfilment of our contractual obligations (e.g. turnover data in instalment collection), information about your financial situation (e.g. creditworthiness data, scoring or rating data, origin of assets), credit and leasing relevant data (e.g. income and expenses), advertising and sales data (incl. advertising scores), documentation data (e.g. minutes of meetings) as well as other data comparable with the aforementioned categories.


What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the EU Basic Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG).

a. for the fulfilment of contractual obligations (Art. 6 para. 1b DSGVO) The processing of data takes place for the provision of leasing and hire-purchase agreements and financial services within the framework of the execution of our contracts with our customers or for the execution of pre-contractual measures, which take place on request. The purposes of data processing depend primarily on the specific product (e.g. leasing or hire purchase). For further details on data processing purposes, please refer to the relevant contractual documents and terms and conditions.

b. within the framework of the weighing of interests (Art. 6 para. 1f DSGVO) If necessary, we process your data beyond the actual fulfilment of the contract to safeguard the legitimate interests of us or third parties. Examples:

  • Consultation of and data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness or default risks in leasing or hire-purchase transactions,
  • Review and optimisation of procedures for needs analysis in order to address customers directly,
  • Advertising or market and opinion research unless you have objected to the use of your data,
  • Assertion of legal claims and defence in legal disputes,
  • Ensure the IT security and operation of the Bank,
  • Prevention and investigation of criminal offences,
  • Video surveillance for the protection of the house right, for the collection of evidence in case of robberies or fraud,
  • Measures for building and plant security (e.g. access controls),
  • Measures to secure the householder's title,
  • Measures for business management and further development of services and controls
  • Risk control within LeasAG

Privacy policy for customers and other concerned parties

c. on the basis of your consent (Art. 6 para. 1a DSGVO)
If you have given us your consent to the processing of personal data for certain purposes (e.g. passing on data to refinancing banks, evaluation of data for marketing purposes, photographs as part of events, newsletter dispatch), the legality of this processing is given on the basis of your consent. Your consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the DSGVO came into force, i.e. before 25 May 2018. The revocation of a consent only takes effect for the future and does not affect the legality of the data processed until the revocation.

d. due to legal requirements (Art. 6 para. 1c DSGVO) or in the public interest (Art. 6 para. 1e DSGVO).
In addition, as a leasing company we are subject to various legal obligations, i.e. legal requirements (e.g. German Banking Act, Money Laundering Act, Securities Trading Act, Tax Acts) as well as banking supervisory requirements (e.g. German Federal Bank and Federal Financial Supervisory Authority). The purposes of processing include, among other things, creditworthiness checks, identity and age checks, fraud and money laundering prevention, compliance with tax control and reporting obligations as well as the assessment and management of risks in our company.

Who receives my data?
Within our company, those entities that need your data to fulfil our contractual obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes if they, in particular, maintain banking secrecy. These are companies in the categories of banking services, IT services, logistics, printing services, telecommunications, debt collection, consulting as well as sales and marketing.

With regard to the transfer of data to recipients outside our company, it should first be noted that as a leasing company we are obliged to maintain secrecy regarding all customer-related facts and valuations of which we gain knowledge. We may only pass on information about our customers if this is required by law, if the customer has consented or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:

  • Bodies and institutions (e.g. Deutsche Bundesbank, Bundesanstalt für Finanzdienstleistungsaufsicht, tax authorities, criminal prosecution authorities, courts) where there is a legal or official obligation.
  • Other credit and financial service institutions or comparable institutions to which we transfer personal data for the purpose of conducting our business relationship with you (refinancing banks, credit agencies).
  • Creditors or insolvency administrators who inquire in the context of a levy of execution
  • Third parties who may be involved in the lending process (e.g. insurance companies, trustees, service providers who carry out valuations).
  • Other data recipients may be those entities for which you have given us your consent to the transfer of data or to which we are authorised to transfer personal data on the basis of a weighing of interests.


Is data transferred to a third country or to an international organisation?

Data is transferred to offices in countries outside the European Union (so-called third countries) if it is required by law (e.g. tax reporting obligations) or you have given us your consent.
Furthermore, we do not intend to transfer your personal data to third parties.

With the consent of the person concerned or on the basis of legal regulations to combat money laundering, terrorist financing and other criminal acts as well as within the framework of a weighing of interests, in individual cases personal data (e.g. legitimation data) will be transmitted in compliance with the data protection level of the European Union.

How long will my data be stored?
We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation which is intended to last for years.

If the data are no longer required for the fulfilment of contractual or statutory obligations, they are regularly deleted, unless their further processing - for a limited period - is necessary for the following purposes:

  • Fulfilment of commercial and tax retention obligations, which may arise, for example, from the German Commercial Code (HGB), the Fiscal Code (AO), the Banking Act (KWG) and the Money Laundering Act (GWG). The periods for storage and documentation specified there are usually two to ten years.
  • Preservation of evidence within the framework of the statutory statute of limitations. According to §§195ff of the German Civil Code (BGB), these statutes of limitations can be up to 30 years, whereby the regular statute of limitations is 3 years.


What data protection rights do I have?
Every data subject has the right to information pursuant to Article 15 DSGVO, the right to rectification pursuant to Article 16 DSGVO, the right to deletion pursuant to Article 17 DSGVO, the right to restriction of processing pursuant to Article 18 DSGVO, the right to objection pursuant to Article 21 DSGVO and the right to data transfer pursuant to Article 20 DSGVO. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to cancellation. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO in conjunction with § 19 BDSG).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the DSGVO came into force, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

Is there an obligation for me to provide data?
As part of our business relationship, you must provide us with the personal data that we require to establish, conduct and terminate a business relationship and to fulfil the associated contractual obligations, or which we are legally obliged to collect. Without this information, we will generally not be able to enter into, execute and terminate a contract with you.

In particular, we are required by money laundering regulations to identify you on the basis of your identification document before establishing a business relationship and to collect and record your name, place of birth, date of birth, nationality, address and identification data. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not establish or continue the business relationship you have requested.

To what extent is there automated decision-making?
As a matter of principle, we do not use fully automated decision-making pursuant to Article 22 DSGVO for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you of this and your rights in this regard separately, insofar as this is prescribed by law.

Does profiling take place?
We process your data automatically but not with the aim of evaluating certain personal aspects (profiling). We do not use profiling.

Information on your right of objection under Article 21 DSGVO

Right of objection in individual cases
You have the right to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you carried out pursuant to Article 6(1)(e) of the Data Protection Regulation (data processing in the public interest) and Article 6(1)(f) of the Data Protection Regulation (data processing on the basis of a balancing of interests), including profiling based on this provision within the meaning of Article 4(4) of the Data Protection Regulation.

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Leasing out of passion

Addressee of an opposition
The objection can be made form-free with the subject "Objection" under indication of your name, your address and your date of birth and should be addressed to:

LeasAG Leasing Aktiengesellschaft
Data protection officer
Karl-Geusen-Str. 173, 40231 Düsseldorf, Germany
Phone: 0211 / 730607-0
datenschutzbeauftragter@leasag.de

1 e.g. authorised representatives, interested parties in products, non-customers, e.g. third-party guarantors

1. Data protection at a glance

General information
The following notes provide a simple overview of what happens to your personal information when you visit our website. Personal information is any information that personally identifies you. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Data collection on our website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the
LeasAG Leasing Aktiengesellschaft
Karl-Geusen-Str. 173, 40231 Düsseldorf, Germany
Phone: 0211 / 730607-0
info@leasag.de

How do we collect your data?
On the one hand, your data is collected by you communicating it to us. This may be data that you enter in a contact form.

Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data is collected to ensure that the website is error-free. Other data can be used to analyse your user behaviour. 

What rights do you have with regard to your data?
You have the right at any time and free of charge to obtain information about the origin, recipient and purpose of your stored personal data. You also have the right to request that this data be corrected, blocked or deleted. You can contact us at any time at the address given in the imprint for this as well as for further questions on the subject of data protection. Furthermore, you have the right to appeal to the responsible supervisory authority.

Analysis Tools and Tools from Third-Party Providers
When you visit our website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information on this can be found in the following privacy statement.

You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.

2 General information and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data protection explanation.

If you use this website, various personal data will be collected. Personal data is data with which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security gaps. A complete protection of the data against access by third parties is not possible.

Reference to the responsible office
The responsible body for data processing on this website is:

LeasAG Leasing Aktiengesellschaft
Karl-Geusen-Str. 173, 40231 Düsseldorf, Germany
Phone: 0211 / 730607-0
info@leasag.de

Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal to the responsible supervisory authority
In the event of breaches of data protection law, the data subject shall have the right to lodge a complaint with the competent supervisory authority. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of the data protection officers and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data transferability
 

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.

Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this and other questions on the subject of personal data.

Objection against advertising mails
We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3. data protection officer

Statutory data protection officer
We have appointed a data protection officer for our company.
You can reach our company data protection officer at

LeasAG Leasing Aktiengesellschaft
data protection officer
Karl-Geusen-Str. 173, 40231 Düsseldorf, Germany
Phone: 0211 / 730607-0
datenschutzbeauftragter@leasag.de

4. data collection on our website

Cookies
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser during your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Cookies which are necessary for the electronic communication process or for the provision of certain functions requested by you (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a justified interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are dealt with separately in this data protection declaration. 

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Used operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

The data processing is based on Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Contact details
If you send us enquiries by e-mail via the website, your details from your e-mail, including the contact data you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent. The processing of the data sent by you in the e-mail is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. The data sent by you in the e-mail remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after completed processing of your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

5. Analysis tools and advertising
This website does not use any analysis tools or advertising.

6. Plugins and tools

Google Web Fonts

This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at developers.google.com/fonts/faq and in Google's privacy policy: www.google.com/policies/privacy/.

Google Maps
This page uses the Google Maps map service via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

You will find more information on the handling of user data in Google's data protection declaration: www.google.de/intl/de/policies/privacy/.