Privacy policy

Version: 01.10.2022.

Overview

We as Bavest Technologies GmbH (hereinafter "Bavest" or "We") offer you the next generation financial platform and use the latest digital technologies for you. In order to perform this task, we process your personal data. Thank you for visiting our website and for your interest in Bavest. In doing so, we are particularly concerned to respect your privacy and to ensure the protection of your personal data by processing your personal data in accordance with the content of this Privacy Policy and applicable data protection laws.

Responsibility

We, as the operator of the Website and our Platform (including the Web App, iOS App, and Android App) at https://www.bavest.co sand other subdomains of this domain (hereinafter also referred to as "website" or "platform"), are responsible for the collection and use of personal data of users (hereinafter referred to as "users" or "you") on our platform and when using our services in accordance with applicable data protection law, in particular the General Data Protection Regulation ("GDPR"). In the following, we inform you within the scope of our information obligations (Art. 13 et seq. DSGVO) which data is processed when you visit our website and on which legal basis this is done.

Information about the responsible person

Bavest Technologies GmbH
Ludwig-Erhard-Allee 10
76131 Karlsruhe

E-Mail: support@bavest.co

If you have any questions about the collection and use of data, you can contact us at any time.


Processing of personal data

Cookies

Cookies are very small text files used by Internet sites that your browser stores on your computer and by the body that sets the cookie (here by us), certain information flows. Cookies cannot execute programs or transmit viruses to your computer. Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser. Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time. This information is used to optimize our offer and to provide you with more comfort and protection while surfing our pages. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. You can set your internet browser to inform you as soon as a web server wants to send you a cookie. You can then agree to accept the cookie or refuse this. You can configure your browser setting according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website. You can find out more about this in the help system of your Internet browser.


General storage period of personal data

Unless otherwise stated or specified within this privacy policy, the personal data collected by the website will be stored until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. If there is a legal obligation to store the data or another legally recognized reason for storing the data (e.g. legitimate interest), the personal data in question will not be deleted until the respective reason for storing the data no longer applies.


Legal basis for the storage of personal data

The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. If we process your data, this is regularly done on the basis of your consent according to Art. 6 para. 1 lit. a DSGVO (e.g. when you voluntarily provide your data in the registration mask or as part of the contact form), for the purpose of contract performance according to Art. 6 para. 1 lit. b DSGVO (e.g., when using In-APP purchases or the use of other paid functions on the platform) or on the basis of legitimate interests pursuant to Art. 6 (1) lit. f DSGVO, which are always weighed against your interests (e.g., in the context of advertising measures). The relevant legal basis will be specified in a separate section of this privacy policy, if applicable.


Links on social media platforms

Our website links to our pages on various social media platforms. We point out that by clicking on these links you leave our website and also the scope of this privacy policy. On the social media platforms, the respective privacy statements and terms of use of the operator of the social media platform apply exclusively.


Logfiles

Each time you access our website, we collect the following personal data, which are automatically processed in the log files :

- Access status/http status code

- Überträgte amount of data

- Website IP called

-Address of the requesting computer

- Type of internet browser used

- Language of the Internet browser used

- Version of the Internet browser used

- Operating system and its version

- Date and time of the visit

- Time zone difference from Greenwich Mean Time (GMT)

- Referrer- websites accessed by the visitor's system via our website

- Internet service provider of the users

.

The remaining data is stored for a limited period of time. We use this data for the operation of our website, in particular to detect and eliminate website errors, to determine the utilization of the website and to make adjustments or improvements, thus it is technically necessary (legal basis: Art. 6 para. 1 p. 1 lit. f DSGVO).


User account opening at Bavest via the website or the apps

You can open a user account (account) on our website or in our apps. Within the scope of registration, the following data will be requested and processed by us.

- First and last name

- E-mail address

- Username


The purpose of the data processing is the initiation of a customer relationship between the user and Bavest, but also the compliance with legal requirements. We base the data processing of this personal data when opening an account on the legal basis of Art. 6 (1) lit. b DSGVO (contract initiation) as well as Art. 6 (1) lit. c DSGVO in connection with the respective relevant legal obligation. Bavest stores this data only as long as we need it. Once you are a user with us, your data will remain stored for the duration of the customer relationship. In addition, due to legal obligations, it may be necessary for us to store your data beyond the contractual relationship, i.e. beyond the time of termination of the customer relationship.


Amazon Web Services (website host)

Our website (including the apps) is hosted by AWS (Amazon Web Services), an external service provider (hereinafter "hoster"). The personal data collected on this website is stored on the hoster's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data. AWS stores our data exclusively on European servers.


Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us as the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link http://tools.google.com/dlpage/gaoptout?hl=de.



Google Analytics Deactivation

This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form in order to exclude the possibility of a direct link to a person. For more information about data processing by Google, please see Google's privacy policy: http://www.google.de/intl/de/policies/privacy.


Google Firebase

We use Google Analytics Firebase (hereinafter Google Firebase) to analyze user behavior. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.Google Firebase includes various functions that allow us to analyze your In-APP behavior. This allows us, for example, to analyze your screen views, button presses, In-APP purchases, or the effectiveness of advertising efforts. We can also determine which features within our platform are used frequently or infrequently. Google Firebase stores for these purposes, among other things, the number and duration of sessions, operating systems, device models, region and a number of other data. A detailed overview of the data collected by Google Firebase can be found under https://support.google.com/firebase/answer/6318039?hl=de

The use of Google Firebase may require the transfer of your personal data to the USA. The storage period for the data collected in this way is regulated as follows: Google Firebase is used to optimize this platform and to improve our offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

For more information about Google Firebase, visit: https://firebase.google.com/ https://www.firebase.com/terms/privacy-policy.html


Stripe

We offer the option to process the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510,Townsend St., San Francisco, CA 94103 (Stripe). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we share the following data with Stripe to the extent necessary for the performance of the contract (Art. 6 para. 1 lit. b. DSGVO).


 - Name des Karteninhabers

- E-mail address

- Customer number

- Order number

- Bank details

- Credit card details

- Credit card expiration date

- Credit card verification number (CVC)

- Date and time of the transaction

- Transaction amount

- Name of the provider

- Location


The processing of the data provided under this section is not required by law or contract. Without the transfer of your personal data, we cannot process a payment via Stripe. Stripe is required for you to subscribe to Bavest Plus or Bavest Pro, without a payment via Stripe a full use of the Pro versions is not possible. This is in line with our legitimate interest in offering an efficient and secure payment method.

Stripe has a dual role as a controller and processor in data processing activities. As a controller, Stripe uses your übermitted data to fulfill regulatory obligations. This is in accordance with Stripe's legitimate interest (pursuant to Art. 6 para. 1 lit. f DSGVO) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b DSGVO). We have no influence on this process. 

.

Stripe acts as a processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated to comply with the provisions of data protection law within the meaning of Art. 28 DSGVO.

Stripe has implemented compliance measures for international data transfers. Diese gelten für alle weltweiten Aktivitäten, bei denen Stripe personenbezogene Daten von natürlichen Personen in der EU verarbeitet. Diese Maßnahmen basieren auf den EU-Standardvertragsklauseln (SCCs).

For more information about opt-out and removal options with respect to Stripe, please visit: https://stripe.com/privacy-center/legal 

Your data will be stored by us until the completion of payment processing. This also includes the period required for the processing of refunds, receivables management and fraud prevention. For us, according to [§ 147 AO / § 257 HGB], a statutory retention period of 6 years applies.

 



Other service providers

It is possible that some of the data processing is carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers and cloud service providers that store our website and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to our service providers, they may only use the data to perform the tasks specified by us. In principle, when using service providers, we only work with companies that process data within the European Economic Area or are located in countries that guarantee an adequate level of data protection in accordance with an adequacy decision of the European Union. The use of external service providers is for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our services, supported by professional providers (Art. 6 para. 1 lit. f DSGVO).


Newsletter

We would like to use our newsletters to inform you about news at Bavest, technical updates on the platform and our range of services, among other things. In addition, we would like to use our newsletters to inform you about current economic developments and news from the world of finance.

Provided that you have expressly consented in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address. Unsubscribing is possible at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscribe request at any time by e-mail to: support@bavest.co.

If you confirm your e-mail address, we store your e-mail address, the time of registration and the IP address used for registration. The purpose of processing the data is to send you our newsletters and to be able to prove your registration, as well as to understand your interaction with our newsletters.


Your rights

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.Information, deletion and correctionYou have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing, as well as a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Right to restriction of processing

You have the following rights vis-à-vis us with regard to the personal data concerning you:

- Right to information

- Right to rectification or erasure

-Right to restriction of processing

- Right to object to processing

- Right to data portability. 

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.