🔔 Wie kann ich mein Unternehmen auf die eIDAS2.0 und die EUDI-Wallets vorbereiten?

Privacy Policy

The protection of your personal data is the declared aim of Verimi GmbH (hereinafter referred to as Verimi). Data protection has a particularly high priority for Verimi and is carried out in accordance with the relevant legal provisions. With this statement we inform you about the processing of your personal data at Verimi in order to fulfil our information obligations according to Art. 12 et seq. of the General Data Protection Regulation (GDPR).

1. Responsible body

Responsible for data processing within the meaning of data protection law is:

Verimi GmbH 
Oranienstraße 91 
10969 Berlin

E-mail: service@verimi.com

Telephone: +49 (0) 30 259 244 720

Managing directors authorised to represent the company: Roland Adrian, Dr. Dirk Woywod

Data Protection Officer

If you have any questions regarding data protection, please contact our data protection officer:

TechGDPR DPC GmbH 
Heinrich-Roller-Straße 15 
10405 Berlin

E-mail: verimi.dpo@techgdpr.com

2. Personal data

Personal data is any information relating to an identified or identifiable natural person. When you register with Verimi, use our services, visit our website or use our app, we process personal data about you as described in this Privacy Policy.

3. Data processing on our website

 3.1 Contact

You have various options for contacting us, such as by e-mail, telephone or via the contact forms on our website. The forms allow visitors to our website to learn more about our company, download content and provide their contact information. They can be used by us to get in touch with visitors to our website and to determine which of our company’s services are of interest to them.

By completing this form, we collect your answers to the relevant questions for the purpose of suggesting the right product to you based thereon, and your contact details for the sole purpose of contacting you following the questionnaire. These include your full name, company name, email address and telephone number (optional). The legal basis for this processing Art. 6 para. 1 lit. b GDPR as the form is used to gather information from the customer about their need in order to make an offer, taking the initial steps to form a contract with them.

The data we collect when you contact us will be deleted after 2 years from the last day of contact with your organisation.

4. Data processing by sales department

4.1 Customer/Leads database

Verimi GmbH maintains an internal database listing customer and lead information in order to keep track of contact with them to promote its product to them in order to convert them from leads to customers. This database includes name of the customer/lead representative, contact details i.e. email address and phone number, name of the organisation, organisation address, and information about communication and relationship with the organisation including:

  • Email messages
  • Sales appointment and meeting notes
  • Business contacts
  • Newsletter opt-out (when applicable).

The legal basis for this processing Art. 6 para. 1 lit. b GDPR as Verimi requires this information in order to take the steps necessary to initiate the contact with potential customers and perform their contractual obligations towards current customers.

The data collected and stored on this database will be stored for 2 years after last contact with leads that do not convert into customers, and for 10 years after the termination of the contract with Verimi for customers.

4.2 Newsletters

Verimi GmbH processes the email address of interested parties that sign up to receive its newsletter. The legal basis for this processing is the user’s consent when they actively sign up to receive newsletters, in accordance with Art. 6 para.1 lit. a GDPR.

The data collected and stored on this database will be stored for 2 years after last contact with the customer, but data subjects have also the option to opt out from this type of email communication anytime through a link included in the email.

5. Communication with leads and partners

5.1 Signing partners up for product integration

Verimi GmbH processes personal data of partners’ representatives for the purpose of singing them up and supporting them with product integration. To do so, it processes the representative’s full name, email address, name of the company, their unit, phone number and optionally, a description of the project where the Verimi platform will be used.

The legal basis for this processing Art. 6 para. 1 lit. b GDPR as Verimi requires this information in order to take the steps necessary to initiate the contact with the partner.

The data processed for this purpose is retained for 10 years after the termination of the contract between Verimi GmbH and its partner.

5.2 Providing partners with product integration support

Included in the package of Verimi GmbH’s product for partners, is the possibility to receive support from Verimi. To do so, and address any other enquiries that a partner may have about the product integration, Verimi processes the email address of the partner representative in order to carry out communication with them.

The legal basis for this processing Art. 6 para. 1 lit. b GDPR as Verimi requires this information in order to carry out its contractual obligations toward the partner.

The data processed for this purpose is retained for 3 years, unless they are relevant for GwG, in which case they are retained for 5 to 10 years due to legal requirements.

5.3 Communicating with partners

For any general communication with partner organisations, for the purpose of addressing any other integration issue and providing information about product changes and operations to the platform, Verimi GmbH processes the email address and content of the email communication i.e. including name, role and signature if included in the email, with the partner’s representative.

The legal basis for this processing Art. 6 para. 1 lit. b GDPR as Verimi requires this information in order to carry out its contractual obligations toward the partner organisation.

The data processed for this purpose is retained for 10 years after the termination of the contract between Verimi GmbH and its partner.

5.4 Provide certificates for partner product integration

Verimi partners might require certificates in order to integrate Verimi products. These are shared by Verimi GmbH to the partner. For this purpose, Verimi processes the full name, email address, company name, phone number and company unit of the individual making said request.

The legal basis for this processing Art. 6 para. 1 lit. b GDPR as Verimi requires this information in order to carry out its contractual obligations toward the partner organisation.

The data processed for this purpose is retained for 3 years after the expiration of the certificate.

Recipients of data

In order to be able to offer you all functions at Verimi, we also use selected service providers who process data on our behalf. We only pass on data to service providers carefully selected by us and instructed in writing within the framework of legally permissible order processing. These only receive the data that is necessary for the fulfilment of the order and process it exclusively on our instructions. This includes the following categories of commissioned processors: Identification service providers, software developers, hosters of servers, cloud storage and mails, technical service providers, service providers for mail dispatch and newsletter dispatch, ticket system providers, customer support, content management system providers, customer relationship management providers, as well as web analytics service.

Your visit to our homepage and on the start page of our Wallet is evaluated by collecting and analyzing various statistical data. This is done through our cookie-free web analytics service Matomo.

You may choose to prevent this website from aggregating and analysing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You are not opted out. Uncheck this box to opt-out.

7. In principle, no data transfer outside the EU

Verimi processes your data on servers within the European Union. This also applies to service providers commissioned by us for data processing.

In rare individual cases, e.g., when using our support, your data may be transferred to so-called third countries (outside the European Union or the European Economic Area) or personal data may be processed there.

Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions to Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. When obtaining your consent, you will also be informed of this.

8. No automated decision making and profiling

The processing of your personal data by us for the purposes indicated in sections 3 to 5 is not related to automated decision making or profiling.

9. Data security

All data stored by us, or any order processors are protected against unauthorised access, loss and modification using current security standards. For this purpose, extensive technical and organisational security precautions are applied with a standard that at least corresponds to the legal requirements.

10. Your rights

You have the following rights with respect to us regarding the data relating to you:

  • Right to information about your stored personal data, its origin and possible recipients and the purpose of the data processing (Art. 15 GDPR),
  • Right to rectification of inaccurate data (Art. 16 GDPR),
  • Right to erasure of processed personal data, unless processed to fulfill a legal obligation or public interest (Art.17 GDPR), or there are statutory retention periods (see point 12.)
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to withdraw your consent. We will then no longer continue the processing based on this consent for the future. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation. (Art. 7 GDPR),
  • Right to data portability but only in instances where data is processed on the basis of consent or performance of a contract (Art. 20 GDPR),
  • Right to object within the framework of the legal requirements. Should the data processing by us be based on legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. You may object to the processing of your data for direct marketing purposes at any time, even without giving reasons (Art. 21 GDPR).

You have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it is a matter of objecting to the processing of data for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.

If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.

To exercise your rights, please send us an informal message (see 1. responsible body)

Right of appeal

If you are of the opinion that the processing of personal data concerning you by us is unlawful or that we are violating data protection law for other reasons, you can complain to the supervisory authority responsible for us:

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61

10555 Berlin

Tel.: +49 30 13889-0

Fax: +49 30 2155050

E-mail: mailbox@datenschutz-berlin.de

If you have any questions about our privacy policy or about data protection at Verimi in general, please do not hesitate to contact us (see 1. Responsible body).

11. Amendment of this privacy policy

We may occasionally update this Privacy Policy, for example, if we make changes to our website, app or services, or if legal or regulatory requirements change.

Version status: April 2024