Your trust is important to us. AKA Ausfuhrkredit-Gesellschaft mbH (hereinafter referred to as “AKA”, information on the statutory disclosures can be found here) is committed to protecting personal data and to observing data protection legislation. This is why we would like to inform you here of the personal data which are recorded when you visit our website or use our SmaTiX portal, and the purpose for which they will be used.
As amendments to the applicable legislation or modifications to our internal procedures may necessitate revisions to this privacy statement, we invite you to read it regularly. The privacy statement can be accessed, saved and printed out at any time by visiting “Privacy Statement”.
This Privacy Statement applies to AKA’s SmaTiX portal which is located in the domain smatix.de.
§ 1 Person in Charge and Applicability
The Responsible Party as defined in the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and other national data protection legislation of the member states and other data protection rules is:
AKA Ausfuhrkredit-Gesellschaft mbH
Große Gallusstraße 1–7
60311 Frankfurt am Main
Tel.: +49 69 29891-00
§ 2 Data Security Manager
The external Data Security Manager is:
Herr Rechtsanwalt Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Tel.: +49 221 222183-0
§ 3 Data Processing Policy
Personal data refers to all information relating to an identified or identifiable natural person. This includes such information as
- telephone number
- date of birth
- e-mail address
- IP address
- browsing history
Information that we cannot trace back to you (or would only be able to do so at unreasonable cost), e.g. because it has been anonymised, is not classified as personal data. Personal data may in general only be processed (e.g. collected, requested, utilised, stored or transmitted) if there is a statutory basis for doing so, or with explicit consent. Personal data will be deleted as soon as the purpose for which it had been processed has been achieved, and as long as it is not subject to any statutory archiving requirements.
With regard to the processing of personal data, we are informing you below of the specific procedures, the scope and the purpose for which these data are processed, the statutory basis on which they are processed and the period for which they will be stored.
§ 4 Individual Processing Steps
Provision and Usage of the Website
Type and Extent of Data Processing
When you visit and utilise our website, we collect the personal data which your browser automatically sends to our server. This information will be temporarily stored in a log file. When you visit our website, we collect the following data which we require for technical purposes so we can display our website to you and ensure its stability and security:
- date and time of enquiry
- time zone difference to Greenwich Mean Time (GMT)
- content of enquiry (specific page)
- access status/HTTP status code
- amount of data transferred
- originating website of the request
- operating system and user interface
- language and version of browser software
The statutory basis for the aforementioned data processing is Article 6 (1) f of the GDPR. Processing the aforementioned data is necessary so a website can be provided and thus serves the legitimate interests of our company.
As soon as the aforementioned data are no longer required for displaying the website, they will be deleted. It is necessary for data to be collected and stored in log files so the website can be duly provided and maintained. Accordingly, visitors to the website do not have any right of objection. These data may be stored for an additional period in specific cases if required by law.
Login; Credit Enquiries
Type and Extent of Data Processing
The SmaTiX portal enables you to submit online requests for the financing of export transactions; this requires an access which allows you to log into the portal. In the course of a credit enquiry we collect and process – in addition to the aforementioned (cf. 1) – the following personal data from you and your business partners, respectively:
- title/academic degree (optional)
- first name and last name
- position/job title
- e-mail address (business)
- telephone number (business)
- timestamp of login
Furthermore, we are offering additional services to facilitate and speed up the handling of your enquiries.
For example, the data of your financing request in SmaTiX can be transmitted via an interface to the online application tool of the Export Credit Agency (ECA), and vice versa.
The statutory basis for the aforementioned data processing is Article 6 (1) a, b, f of the GDPR.
We process personal data only to the extent required by the specific purpose. The storage period shall therefore be determined in accordance with the duration of the contractual relationship, including its initiation and handling. Furthermore, we are obliged by law to store certain data beyond termination of the business relationship, with storage periods generally ranging from 2 to 10 years according to the Handelsgesetzbuch (HGB – German Commercial Code), the Abgabenordnung (AO – German Fiscal Code), the Wertpapierhandelsgesetz (WpHG – German Securities Trading Act) or the Geldwäschegesetz (GwG – German Anti-Money Laundering Act).<br><br>Equally significant for determining the required storage periods in the individual case are the provisions of the Bürgerliches Gesetzbuch (BGB – German Civil Code), in particular Sections 195ff. The relevant limitation period is generally 3 years, but may amount to a maximum of 30 years in individual cases.
Type and Extent of Data Processing
On our website, you have the possibility to contact us by completing a contact form which we provide for this purpose. When you submit your enquiry by using such contact form, we refer you to this privacy statement in order to obtain your consent. By using the contact form, the following personal data will be processed:
- salutation, first name and last name
- name of company
- e-mail address
- position/job title
- telephone number (optional)
We will use your e-mail address to allocate your enquiry and to reply to it. By using the contact form, none of your personal data will be transmitted to any third parties.
The temporary data processing (see Section 4.5 a) for contacting our company is subject to Article 6 (1) a of the GDPR and the voluntary declaration of consent that you provide below:
Declaration of consent
By entering my data and clicking on the “Send” button, I declare my consent to the use of my e-mail address for the purpose of replying to my contact request. I may at any time revoke my consent to the collection of my personal data when I am using the contact form.
As soon as we have replied to your enquiry and the subject matter of your enquiry has been conclusively answered, we will delete the personal data processed via the contact form. The data may be stored for an additional period of time as the case may be if required by law.
- you have given us your express consent approval to do so, in accordance with Article 6 (1) Sentence 1 (a) of the GDPR
- this is permitted by law and required under Article 6 (1) Sentence 1 (b) of the GDPR to establish a contractual relationship with you
- it is subject to a statutory requirement in accordance with Article 6 (1) Sentence 1 (c) of the GDPR
- transmission of your data is required in accordance with Article 6 (1) Sentence 1 (f) of the GDPR to preserve the company’s legitimate interests and to establish, exercise or defend any legal claims, and there are no grounds for believing that you have any overriding legitimate interest in not having your data transmitted.
- In line with Article 15 of the GDPR you may request information on your personal data which we process. In particular, you may request information regarding the purpose of processing, the categories of personal data concerned, the recipients or categories of recipients to whom your personal data have been or will be disclosed, the envisaged period of time for which your personal data will be stored, the existence of the right to request rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing, the right to lodge a complaint, any information on the source of available information when your personal data has not been collected by us, information on transmission of your personal data to third countries or international organisations, the existence of automated decision-making, including profiling, and meaningful information about the logic involved.
- In accordance with Article 16 of the GDPR, you may request the rectification of any incorrect data or the completion of any deficient data without undue delay.
- In line with Article 17 of the GDPR, you may request the deletion of your personal data to the extent that processing is not necessary to exercise the right of free expression and information, to comply with any legal obligation, for reasons of public interest or to establish, exercise or defend any legal claims.
- According to Article 18 of the GDPR, you may request limitation of processing your personal data if you dispute the accuracy of such personal data, if processing is unlawful, if we no longer require the data and you oppose to the deletion of this data as you require it to establish, exercise or defend any legal claims. You may also rely on Article 18 of the GDPR if you have objected to the processing in accordance with Article 21 of the GDPR.
- In line with Article 20 of the GDPR, you have the right to receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format, or request that it be transmitted to another data processor.
- According to Article 7 (3) of the GDPR, you may revoke at any time any consent you have given us. In such case, we will no longer be allowed to continue processing your personal data.
- Under Article 77 of the GDPR you have a right to lodge a complaint with a supervisory authority. Generally speaking, you may lodge such a complaint with the supervisory authority responsible for your customary place of residence or your work place or the city in which we are domiciled.
Type and Extent of Data Processing
Our website uses only so called session cookies, which are automatically deleted when you close your browser. This type of cookie records your session ID. This allocates different requests from your browser to a single session, allowing us to recognize your device when you revisit our website.
The statutory basis for the use of session cookies can be found in Article 6 (1) Sentence 1 (f) of the GDPR. Without use of the aforementioned cookies our website cannot be used to its full extent.
The session cookies (also known as temporary or transitory cookies) are being stored only for the duration of your visit to our website. These cookies only serve the purpose of your identification during your visit to our website. After termination of each session these cookies will be deleted. They will not be used for any other than the aforementioned purpose.
Configuration of Browser Settings
Most browsers are set to automatically accept cookies. You may configure your browser to accept only certain cookies, or no cookies at all. However, you should be aware that you may not be able to use all the functions of this website if you do this. You may also configure your browser settings to delete cookies which have already been stored by the browser. It is also possible to set your browser to alert you before cookies will be stored. As there may be differences in the functionality of the various browsers, we recommend consulting the help menu of your browser for the respective configuration options.
If you require a comprehensive overview of all third-party access to your internet browser, we recommend installing specifically developed plug-ins.
§ 5 Transmission of Data
We will only transmit your personal data to any third party if
§ 6 Hyperlinks
Our website may contain so-called hyperlinks to third-party websites. By klicking these hyperlinks you will be taken straight to the respective third-party website. Amongst others, you can see this from the change in the URL. We cannot and will not assume any liability for the confidential processing of your data on such third-party websites, as it is beyond our influence to which extent these companies are observing the applicable data protection legislation. Please check these websites to find out how these companies will handle your personal data.
§ 7 Rights of the Parties Involved
You as the party involved whose data will be processed, have the following rights under the GDPR:
§ 8 Right of Objection
When we process your personal data on the basis of legitimate interests in accordance with Article 6 (1) Sentence 1 f of the GDPR, you may lodge an objection in accordance with Article 21 of the GDPR to the processing of your personal data on any grounds relating to your particular situation as well as to direct marketing activities. In the case of direct marketing activities, you have a general right of objection, which we must observe even if you do not give any reasons.
§ 9 Data Security and Safety Precautions
We undertake to protect your privacy and keep personal information confidential. To avoid any manipulation, loss or misuse of your stored data, we take extensive technical and organisational precautions which are periodically reviewed and revised in the light of technological progress. Amongst others, this includes the use of recognised encryption methods (SSL or TLS). However, please note that, given the nature of the internet, other persons or entities outside our control may not observe the rules of data protection and the above-mentioned security precautions. In particular, unencrypted data – e.g. data sent by e-mail – may be intercepted and read by third parties. We have no technical influence on this. It is the responsibility of each user to protect the data provided by him by encrypting it or otherwise protecting it from unauthorised use.