Data protection

Privacy policy for the use of the website

Introduction
We are aware of the importance of the personal data entrusted to us. We consider it one of our most important duties to ensure the confidentiality of the data entrusted to us by customers and visitors to this website. The following explains some of the precautions we take to protect your privacy.

The responsible party pursuant to Art. 4 (7) DS-GVO for the processing of your personal data is:

Loan Stars GmbH
represented by Tim Wieland Flieger
Georg-Schumann-Straße 4, 04105 Leipzig
info@loanstars.de

See also our imprint. In the following referred to as "we" or "us".

Personal data is any information relating to an identified or identifiable natural person (e.g. name, address, telephone number, date of birth or e-mail address).

When we process personal data, this means that we collect, store, use, transmit to others or delete it, for example.

2.1 Automatically transmitted access data (log files)

During the informational use of the website, i.e. the mere viewing without a registration and without you providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you, to ensure stability and security, to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack and must therefore be processed by us:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (page visited)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Previously visited page
  • The internet service provider of the accessing system
  • Browser
  • Operating system
  • Language and version of the browser software

When using this general data and information, we do not draw any conclusions about you. The data and information is collected anonymously and evaluated by us statistically with the aim of increasing data protection and data security and optimizing our internet presence. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO (GDPR).  

The server log files are stored for a maximum of 7 days and then deleted. The storage of data is done for security reasons, for example to be able to clarify cases of abuse. If data must be retained as evidence, it is exempt from deletion until the case has been finally resolved.

2.2 Specification of personal data for the use of the services provided by us

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. We also use other common functions to analyze or market our offers. Through applications on our website (e.g. contact and application forms), you have the opportunity, among other things, to provide us with data within the scope of our business relationship, in particular for the purpose of establishing, implementing or terminating contracts for our products and services ("business relationship data"). We also process certain usage data that is generated when you use our electronic media (e.g., when you use contact and application forms) for additional purposes beyond the mere provision of the respective media as part of our business relationship. For example, we process certain usage data that is collected during the use of our web-based application forms for the purpose of establishing, implementing or terminating contracts for our products and services and for the legally required notifications to authorities. Detailed information on the usage data that is collected when using the website and other related electronic media can be found in this privacy policy.

You will receive the special data protection information for the respective product or service from us separately when you apply for the respective product or service.

It is therefore possible that the following personal data will be collected and processed during the use of our website, for example during the credit inquiry, naturally with your knowledge and consent:

  • Personal data, e.g. surnames, first names, date of birth and addresses
  • Family circumstances e.g. marital status
  • Contact data such as telephone number, mobile phone number, electronic contact data (e-mail address)
  • Bank account data
  • Monthly income
  • Employment status
  • Housing type

The purpose of processing the above data results from the context of your use of our website. If you do not wish to provide us with the data required for this purpose, you will unfortunately not be able to use the corresponding services.

We process your personal data for the following purposes and on the basis of the legal bases mentioned. In the event that the data processing is based on a balance of interests, we will also explain our legitimate interest in pursuing the processing:

No

Purpose of the processing of the legitimate

Explanation of the legitimate interest, if relevant

1.

Provision of the website when accessed by the user

Art. 6 para. 1 lit f DSGVO (GDPR), fulfillment of contract

2.

Provision of the web applications (e.g. contact and application forms) in which you can provide us with data as part of our business relationship, in particular for the establishment, performance or termination of contracts for our products and services.

Fulfillment of contract, approval

3.

Identifying malfunctions and ensuring system security, including detecting and tracking unauthorized access and attempted access to our web servers

Fulfillment of our legal obligations in the area of data security as well as legitimate interest; we have a legitimate interest in eliminating malfunctions, ensuring system security, and detecting and tracking unauthorized access attempts or accesses.

4.

Telephone consultation

Fulfillment of contract or approval

5.

Consultation via e-mail

Fulfillment of contract or approval

6.

Capture, analysis, and forwarding of documents relevant to the provision of advice to the Credit intermediation

Fulfillment of contract

 

Upon request, we can provide you with information on the interest assessments we have carried out. To do so, simply use the information in section no. 12 "Contact".

Please note your right to object to the processing of data for the purpose of direct marketing or for personal reasons (see section on data subject rights).

Your personal data will only be passed on to third parties if this is necessary for the fulfillment of the contract, if we or the third party have a legitimate interest in the transfer or if we have your consent. If data is transferred to third parties, this will be explained in data protection provisions. In the case of transfer on the basis of consent, the explanation may also be provided when consent is obtained.

In addition, data may be transferred to third parties if we are required to do so by law or by enforceable governmental or court order.

We use order processors who support us in the handling of our business processes. These are carefully selected by us, are bound by our instructions and are regularly monitored. Specifically, this includes the following service providers or categories of service providers:

  • IT service providers
  • Fulfilment agents for the provision of consulting and support services
  • Web analysis service providers
  • Fulfillment agents for the provision of billing services
  • Telecommunications service providers
  • Management consultants
  • Tax consultants

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment and value-paying orders), if it is required by law (e.g. tax reporting obligations), if you have given us your consent or within the framework of order data processing. If service providers in third countries are used, they are obligated to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses in addition to written instructions.

The duration for which the personal data is stored is listed below or is determined by the following criteria:

Log files

90 days

Contract relevant data during product mediation such as ID data

Deletion after confirmed transfer to the provider

Consulting relevant data during product mediation such as parts of master data, product data, contract data, contact data

Until the end of the contract term and expiry of the legal storage periods

Contract relevant data for the provision of own products such as parts of the master data, product data, contract data, contact data

Until the end of the contract term and expiry of the legal storage periods

Data and documents which have been legitimized for processing by separate approval processes

Until the respective purposes cease to apply or until consent is revoked

Data for application pre-filling

Until the purpose ceases to apply or until revocation of consent

Data relevant to brokerage mandates, such as consulting documentation

Until expiry of the legal storage periods

In the context of contract fulfillment, for the performance of certain services (e.g. obtaining financing offers) as well as in our own legitimate interest, it is sometimes necessary to transmit your data to external providers (e.g. banks) or intermediaries, for example, so that the external providers can prepare the offers requested by you. The data is usually transmitted back to us by the external providers in a processed form. For some products or providers, a credit check is carried out before a contract is concluded. For this purpose, the necessary personal information is transmitted by us or the third-party providers to an authorized credit information agency.

8.1 Credit information

We obtain information on your previous payment history and creditworthiness information on the basis of mathematical-statistical methods using (not exclusively) address data.

8.2 Reports to banks and intermediaries

On behalf of the customer, we transmit the personal data entered in the context of a credit application as well as further evidence required for the credit decision to the banks and intermediaries listed below:

8.3 Reports to credit agencies

We report due claims to credit agencies if the service has not been rendered despite being due, the transmission is necessary to protect our legitimate interests or the legitimate interests of third parties, and:

  • the claim is enforceable or has been expressly acknowledged; or
  • the debtor has been reminded in writing at least twice after the due date of the claim, the first reminder was sent at least four weeks ago, the debtor has been informed in advance, but at the earliest at the time of the first reminder, about a possible consideration by a credit agency and the claim has not been disputed; or
  • the contractual relationship on which the claim is based can be terminated by us without notice due to payment arrears and the debtor has been informed about a possible consideration by a credit agency.

In addition, we may report non-contractual behavior (e.g. fraudulent behavior, misuse) to credit agencies, insofar as this is necessary to protect our legitimate interests or the legitimate interests of third parties and there is no reason to assume that the legitimate interest of the person concerned is overridden.

Our reports as well as inquiries for credit assessment are sent to the following credit agency(ies):

SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Germany
Creditreform Boniversum GmbH, Hellersbergstraße 11, D-41460 Neuss, Germany
CRIF Bürgel GmbH, Radlkoferstrasse 2, D-81373 Munich, Germany
Arvato infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany, Data protection

In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether you generally permit the setting of cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Management Platform ("CMP").You can access this here: https://complianz.io/.

9.1 Cookies from a technical point of view

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using, so that certain information can flow to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis we will explain below: 

  • Transient cookies: such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. In this way, various requests from your browser can be assigned to the joint session and your computer can be recognized when you return to our website.
  • Persistent cookies: such are deleted automatically after a specified duration, which is set differently depending on the cookie. You can view the cookies set and the durations at any time in your browser settings and delete the cookies manually.
  • [Other technologies: These features do not rely on cookies, but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. The result is also that we can use the techniques described below. Here, too, you can of course consent or object.]

9.2 Technically necessary cookies

Essential, for the display of the website technically necessary functions: The technical structure of the website requires us to use techniques, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. In principle, these are transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies are stored in the Consent Management Platform ("CMP"). You can access this here: https://complianz.io/. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f DS-GVO. 15

 

Please use the information in the Contact section to assert your rights. Please make sure that we are able to clearly identify you.

Please note that we will initially only restrict the further processing of your data if retention periods prevent the deletion.

10.1 Rights to information and correction

You can request that we confirm whether we are processing personal data relating to you and you have the right to information with regard to your data processed by us. If your data is incorrect or incomplete, you may request that your data be corrected or completed. If we have passed on your data to third parties, we will inform them of the correction, insofar as this is required by law.

10.2 Right to deletion

If the legal requirements are met, you can demand that we delete your personal data without delay. This is particularly the case if:

  • Your personal data is no longer required for the purposes for which it was collected
  • The legal basis for the processing was exclusively your consent and you have revoked it
  • You have objected to the processing for advertising purposes ("advertising objection")
  • You have objected to processing based on the legal basis of Legitimate Interest on personal grounds and we cannot demonstrate that there are overriding legitimate grounds for processing
  • Your personal data has been processed unlawfully
  • Your personal data must be erased to comply with legal requirements

If we have disclosed your data to third parties, we will inform them of the deletion to the extent required by law. Please note that your right of deletion is subject to restrictions. For example, we do not have to or are not allowed to delete data that we still have to retain due to legal retention periods. Data that we need for the assertion, exercise or defense of legal claims are also excluded from your right of deletion.

10.3 Right to restrict processing

You may, if the legal requirements are met, request us to restrict processing. This is particularly the case if:

  • The accuracy of your personal data is disputed by you, and then until we have had the opportunity to verify the accuracy
  • The processing is not lawful and you request restriction of use instead of erasure (see the previous section for this)
  • We no longer need your data for the purposes of processing, but you need them to assert, exercise or defend your legal claims
  • You have objected on personal grounds, and then until it is determined whether your interests are overridden

If a right to restriction of processing exists, we will mark the data concerned to ensure that it is only processed within the narrow limits that apply to such restricted data (namely, in particular, for the defense of legal claims or with your consent).

10.4 Right to data portability

You have the right to receive personal data that you have given us for the performance of a contract or on the basis of consent in a transferable format. In this case, you may also request that we transfer this data directly to a third party, insofar as this is technically feasible.

Your right to revoke consent If you have given us consent to process your data, you may revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.

10.5 Right to object to direct marketingg

You may also object at any time to the processing of your personal data for advertising purposes ("advertising objection"). Please note that, for organizational reasons, there may be an overlap between your revocation and the use of your data in the context of an already ongoing campaign.

10.6 Right of objection for personal reasons

You have the right to object to the processing of data by us for reasons arising from your particular situation, insofar as this is based on the legal basis of legitimate interest. We will then stop processing your data unless we can prove - in accordance with the legal requirements - compelling reasons for further processing that are worthy of protection and which outweigh your rights.

You have the right to file a complaint with a data protection authority. To do so, you may in particular contact the data protection authority that is responsible for your place of residence or your federal state or that is responsible for the place where the violation of data protection law has occurred. Alternatively, you can also contact the data protection authority responsible for us, this is:

Saxon Data Protection and Transparency Commissioner
Frau Dr. Juliane Hundert
Devrientstraße 5
01067 Dresden

Telephone

0351/85471 101

Telefax:

0351/85471 109

Internet:

www.datenschutz.sachsen.de

E-Mail:

saechsdsb@slt.sachsen.de
No access for electronically signed documents!

Key:

If you want to send an encrypted email to the Saxonian Commissioner for Data Protection and Transparency, please use their public encryption key (PGP, asc-format).

We are at your disposal for information, suggestions on the subject of data protection and for exercising your rights. Please direct your request, stating your current address or the address we have on file, your date of birth and your e-mail address (if available) to:

Loan Stars GmbH
Georg-Schumann-Straße 4
04105 Leipzig

E-Mail: info@loanstars.de
Telephone: +49 341 / 21825790
Telefax: +49 341 / 21825791

 

Data protection information on the processing of credit inquiries

Introduction
Personal data is processed for the purpose of processing credit inquiries in connection with the execution of our contracts with our customers or for the purpose of carrying out pre-contractual measures in response to your inquiry. The purposes of the data processing depend primarily on the specific product and may include, among other things, needs analysis, advice, asset management and servicing, and the execution of transactions. Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions. This data protection notice applies to the processing of your personal data within the scope of loan brokerage. -betreuung sowie die Durchführung von Transaktionen umfassen. Die weiteren Einzelheiten zum Zweck der Datenverarbeitung können Sie den jeweiligen Vertragsunterlagen und Geschäftsbedingungen entnehmen. Diese Datenschutzhinweise gelten für die Verarbeitung Ihrer personenbezogenen Daten im Rahmen der Darlehensvermittlung.

In addition, our information on the handling of your data when visiting our website applies, which you can find in the above section "A Privacy policy for the use of the website".

Responsible pursuant to Art. 4 (7) DS-GVO is:

Loan Stars GmbH
represented by Tim Wieland Flieger
Georg-Schumann-Straße 4, 04105 Leipzig
info@loanstars.de

In order to be able to perform the duties undertaken towards you with the loan brokerage agreement, we collect and store the following data from you:

  • Personal master data (name, address/other contact data (telephone, e-mail address), date/place of birth, gender, nationality, marital status, legal capacity, occupational group key/partner type (employed/self-employed), residential status (rent/own), legitimation data (e.g. ID data), authentication data (e.g. specimen signature), tax ID, SCHUFA score).
  • Object data
  • Company, income, turnover and tax data
  • Other personal or economic circumstances
  • Supply requests
  • Bank account data, etc.
  • Contract master data: Application data (data provided by you when you apply to conclude a contract)
  • Contract data for a specific contract (such as contract number, financing volume, term, premium, risk/contract changes, investment amounts, credit amounts and performance data)
  • Data on the object (e.g. location and value of a property) or on the object of financing (e.g. brand and license plate number in the case of vehicle financing), etc.

In most cases, you provide us with this data yourself. In some cases, we also receive the data from cooperation and product partners (e.g. real estate agents, insurance brokers, etc.) with whom you are already in contact.

We process your personal data in compliance with the General Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and all other relevant laws in the respective applicable versions. The data processing is necessary for us to fulfill our obligations under the loan brokerage agreement and to enable you to use our services. We process the data that you have provided to us. In individual cases, we may also permissibly process your personal data from publicly accessible sources (e.g. Internet, commercial register, register of associations). We also process data that is transmitted to us by cooperation and product partners (e.g. brokers, platform operators, banks) or by other third parties (e.g. Schufa) as permitted.

Your data will be processed on the grounds of your given consent. The legal basis for the processing is then Art. 6 para. 1 lit. a DSGVO. Your data will also be processed in order to fulfill our contractual obligations arising from the loan brokerage contract or to carry out pre-contractual measures (e.g. needs analysis, preparation of documents). The specific purpose of the processing results from the tasks assumed for you in each case. Within the scope of our cooperation, you must provide us with the personal data that is required for the commencement and performance of our services, as we cannot otherwise act on your behalf.

The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO. We are also required by law (e.g. GWG, AO, HGB, GewO) to process your personal data. The legal basis for data processing is Art. 6 para. 1 lit. c DSGVO. We also process your data to protect our legitimate interests or the legitimate interests of third parties (e.g. platform operators, banks). Such processing is necessary, for example, for risk and business management, the optimization of our business processes, the further development of our services, to improve our service quality, for customer and partner loyalty, for the prevention and investigation of criminal offences, for the assertion of our legal claims and to ensure the security of our IT systems or for obtaining creditworthiness information. The legal basis for the processing follows from Art. 6 para. 1 lit. f DSGVO.

It may happen that we want to process your personal data for another purpose that does not fall under the previously mentioned points. In such a case, we will inform you separately before processing and obtain your consent.

The provision of personal data is voluntary. You are neither legally nor contractually obligated to provide us with your data.

Within the scope of our business relationship, however, you must provide those personal data that are required for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it. In particular, we are obliged under money laundering regulations to identify you before the establishment of the business relationship, for example, on the basis of your identity card, and to collect and record your name, place of birth, date of birth, nationality and residential address. If you do not provide us with the necessary information and documents, we may not be able to enter into or continue the business relationship requested by you.

Due to the complexity of loan brokering, we use cooperation partners, pool companies and external specialists to fulfill our contractual obligations in individual cases. Your data will be passed on in order to fulfill our obligations arising from the contract concluded in accordance with Art. 6 Para. 1 lit. b DSGVO and the consent given by you in accordance with Art. 6 Para. 1 lit. a DSGVO. Your personal and contract master data may be passed on to the following recipients:on Ihnen erteilten Einwilligung – nach Art. 6 Abs. 1 lit. a DSGVO. Ihre Personen- und Vertragsstammdaten können an folgende Empfänger weitergegeben werden:

  • Employees of our company: these are obliged to maintain data secrecy, even beyond the date of termination of the employment relationship.
  • Sub-agents, cooperation and association partners: We transfer your data to partners in order to fulfill our obligations under the loan brokerage agreement with you or to ensure continuity of care in the event that it is no longer possible for us to provide your care. Depending on the product requested, the scope of our mandate and your particular situation, we may have recourse to various partners. All sub-brokers and cooperation partners are bound by a separate data secrecy obligation.
  • Public authorities and institutions (e.g. Deutsche Bundesbank, Federal Financial Supervisory Authority, European Banking Authority, European Central Bank, tax authorities, Federal Central Tax Office) in the event of a legal or official obligation.
  • Credit and financial services institutions, comparable institutions and order processors to whom we transmit personal data in order to carry out the business relationship with you. In detail: Processing of banking transactions, support/maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data destruction, purchasing/procurement, space management, real estate appraisals, loan processing services, collateral management, recovery, payment card processing (debit/credit cards), customer administration, lettershops, marketing, media technology, reporting, research, risk controlling, expense reporting, telephony, video legitimation, website management, securities services, share registers, fund management, auditing services, payment transactions.

Depending on the individual case, your personal data may be transferred to the recipients listed here as examples (e.g. banks).

However, the mere naming of a potential recipient does not mean that your data will also be transferred to this recipient in the specific individual case. Other data recipients may be those bodies for which you have given your consent to the transfer of data.

 

 

As a matter of principle, we do not transfer data abroad. However, if in individual cases it should become necessary to transfer data abroad, we generally only work with partners and service providers who process data within the European Economic Area (EEA). If, in exceptional cases, your data is processed outside the European Economic Area when using service providers, we have concluded special contracts with the service providers that meet the requirements of the European Commission's standard contractual clauses or the data is processed in countries that guarantee an adequate level of data protection in accordance with an adequacy decision of the European Union.

If you have given us your consent in the loan brokerage agreement, we will use your data to send you supplementary offers and information on products that are not part of the loan brokerage agreement. Depending on your consent, we will therefore transmit your contact data (surname, first name, e-mail address and telephone number) and your product interests to one of our cooperation partners for the purpose of advising you on other products, e.g. insurance. You can revoke this consent at any time. To do so, you can use our contact options mentioned above. If you revoke your consent, your data will no longer be processed on the basis of the consent. The permissibility of the data processing carried out on the basis of your consent until the revocation remains unaffected by the revocation.

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed for several years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is required for the following purposes: 

  • Fulfillment of commercial and tax retention periods: These include the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for retention or documentation are two to ten years. 
  • Preservation of evidence within the framework of the statute of limitations. In accordance with sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.

You are entitled to the following rights with regard to data processing:

  • Right to confirmation
  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to revoke consent granted under data protection law
  • Right to lodge a complaint with supervisory authorities (Art. 77 DSGVO)

For more details on your rights, please refer to the section “Privacy policy for the use of the website” above.

You have the right to lodge a complaint with a data protection authority pursuant to Art. 57 (1) lit. (f) DSGVO. In particular, you can contact the data protection authority responsible for your place of residence or your federal state, or which is responsible for the place where the violation of data protection law has occurred. Alternatively, you can also contact the data protection authority responsible for us, this is:

Saxon Data Protection and Transparency Commissioner
Frau Dr. Juliane Hundert
Devrientstraße 5
01067 Dresden

Telephone

0351/85471 101

Telefax:

0351/85471 109

Internet:

www.datenschutz.sachsen.de

E-Mail:

saechsdsb@slt.sachsen.de
No access for electronically signed documents!

Key:

If you want to send an encrypted email to the Saxonian Commissioner for Data Protection and Transparency, please use their public encryption key (PGP, asc-format).

If the processing is based on Art. 6 para. 1 lit a or Art. 9 para. 2 lit a DSGVO, you have the right to revoke the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke your consent for analysis and marketing cookies at any time under Cookie Settings.



As a matter of principle, we do not use any means of automated decision-making including profiling in accordance with Art. 22 DSGVO in connection with the website. Should we use means for automated decision-making including profiling in individual cases, we will inform you about this separately if this is required by law.

We reserve the right to amend this data protection declaration in the event of changes to the legal situation or changes to our services or data processing. However, this applies exclusively with regard to statements on data processing. If user consents are required or if components of the data protection declaration contain regulations of the contractual relationship with the users, changes are only possible with the consent of the users.

Contact us

Send us an initial non-binding enquiry and get to know us in a personal telephone conversation.

2024 © LoanStars
Scroll to Top