• Home
  • Privacy Policy

Privacy Policy

Status July 2023

Table of contents

I. Name and address of the responsible person 
II. Contact details of the data protection officer 
III. Data processing on the DISTRESSWIRE platform  
IV. Rights of the data subject 
V. Provision of the platform and creation of the log files 
VI. Cookies use 
VII. Newsletter 
VIII. Hosting 
IX. Registration 
X. Use of the platform 
XI. E-mail contact 
XII. Company websites 
XIII. Company appearances in job-oriented networks 
XIV. Payment and credit check 
XV. Partner programs 
XVI. Plugins used 
 

I. Name and address of the responsible party   
The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

DISTRESSWIRE Verwaltungsgesellschaft mbH              
Fritz-Schumacher-Weg 73
60488 Frankfurt am Main    
Deutschland              
+49 69 34867298              
info@distresswire.com              
www.distresswire.com

II. Contact details of the data protection officer  
The data protection officer of the responsible party is:  
DataCo GmbH  
Dachauer Street 65  
80335 Munich  
Germany  
+49 89 7400 45840  
www.dataguard.de

III. Data processing on the DISTRESSWIRE platform  
On this page, we inform you about the data protection provisions applicable to the DISTRESSWIRE platform. The platform is an offer of DISTRESSWIRE Verwaltungsgesellschaft mbH, Lindenstrasse 22, 61440 Oberursel, Germany ("DISTRESSWIRE Verwaltungsgesellschaft mbH", "we" or "us").

1. Scope of processing  
The platform serves in particular to broker investment opportunities in insolvency and restructuring situations between sellers of companies and/or their advisors and potential investors and/or their advisors. In addition, platform users can publish a personal profile, a company profile as well as information on successfully completed company transactions, industry news and events.

The creation of a personal profile is required for the use of the platform. The following personal data is requested for this purpose:

  • First name
  • Last name
  • Company
  • Username
  • Business email address
  • Password

The transfer of data always takes place via an SSL secured channel.

2. Purpose of processing  
The processing of the data serves to fulfill the service on the platform, to ensure the function, to improve the platform and for marketing and advertising purposes.

3. Legal basis for the processing of personal data  
The processing serves to protect a legitimate interest of our company or a third party and is based on Art. 6 (1) p. 1 lit. f GDPR as the legal basis for the processing.

4. Data deletion and storage period  
The personal data collected by us for the service will be deleted in accordance with Art. 6 (1) p. 1 lit. c GDPR after expiry of the tax and commercial law retention and documentation obligations (from HGB, StGB or AO), unless you have consented to further storage in accordance with Art. 6 (1) p. 1 lit. a GDPR.

5. Possibility of objection and elimination  
The User may exercise his right of revocation at any time by deleting his personal user profile on the platform. If the User objects to the processing of his/her personal data for the purpose of fulfilling the service, he/she cannot use DISTRESSWIRE. For marketing and advertising purposes, the User may object electronically.

IV. Rights of the data subject  
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the responsible party:

1. Right to information  
You may request confirmation from the responsible party as to whether personal data concerning you are being processed by him.

If there is such processing, you can request information from the responsible party about the following:

  • the purposes for which the personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the responsible party or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data, if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification  
You have a right to rectification and/or completion vis-à-vis the responsible party, insofar as the processed personal data concerning you are inaccurate or incomplete. The responsible party shall carry out the rectification without undue delay.

3. Right to restriction of processing  
Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  • if you contest the accuracy of the personal data concerning you for a period enabling the responsible party to verify the accuracy of the personal data;
  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  • the responsible party no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the interested party outweigh your grounds.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the responsible party before the restriction is lifted.

4. Right to deletion

a) Obligation to delete  
You may request the responsible party to delete the personal data concerning you without undue delay, and the responsible party is obliged to delete such data without undue delay, if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing was based pursuant to Art. 6 (1) p. 1 lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data concerning you have been processed unlawfully.
  • The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties  
If the responsible party has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

c) Exceptions  
The right to erasure does not exist insofar as the processing is necessary to

  • to exercise the right to freedom of expression and information.
  • for compliance with a legal obligation which requires processing under Union or Member State law to which the responsible party is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party;
  • for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  • for the assertion, exercise or defense of legal claims.

5. Right to information  
If you have asserted the right to rectification, erasure or restriction of processing against the responsible party, the responsible party is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.  
You have the right to be informed about these recipients by the responsible party.

6. Right to data portability  
You have the right to receive the personal data concerning you that you have provided to the responsible party in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the responsible party to whom the personal data has been provided, provided that

  • the processing is based on consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR and
  • the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one responsible party to another responsible party, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party.

7. Right of objection  
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The responsible party shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law  
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated decision in individual cases including profiling  
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for the conclusion or fulfillment of a contract between you and the responsible party,
  • is permitted by legislation of the Union or the Member States to which the responsible party is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  • is done with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (b) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in a. and c., the responsible party shall take reasonable steps to safeguard the rights and freedoms of, and the legitimate interests of, the data subject, including at least the right to obtain the intervention of a person on the part of the responsible party, to express his or her point of view and to contest the decision.

10. Right to complain to a supervisory authority  
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The supervisory authority responsible for us is:  
The Hessian Commissioner for Data Protection and  
Freedom of Information  
Gustav-Stresemann-Ring 1, 65189 Wiesbaden  
P.O. Box 3163, 65021 Wiesbaden  
Phone: 0611 14080  
Fax: 0611 1408 - 900  
E-mail: poststelle@datenschutz.hessen.de   
Web: www.datenschutz.hessen.de

V. Provision of the platform and creation of the log files

1. Description and scope of data processing  
Each time our platform is called up, our system automatically collects data and information from the operating system of the calling device.  
The following data is collected:

  • Language and version of the browser software
  • Operating system of the user and its interface
  • Host name of the accessing computer (IP address)
  • Date and time of access
  • Referrer URL (the previously visited page)
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Amount of data transferred
  • Access status/ HTTP status code

This data is stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Purpose of data processing  
The temporary storage of the IP address by the system is necessary to enable delivery of the platform to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the platform. In addition, we use the data to optimize the platform and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.  
These purposes are also our legitimate interest in data processing according to Art. 6 (1) p. 1 lit. f GDPR.

3. Legal basis for data processing  
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) p. 1 lit. f GDPR.

4. Duration of storage  
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the platform, this is the case when the respective session has ended.

If the data is stored in log files, these are deleted after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Possibility of objection and elimination  
The collection of data for the provision of the platform and the storage of the data in log files is mandatory for the operation of the platform. The user can object to this. Whether the objection is successful is to be determined in the context of a balancing of interests.

VI. Cookies use

1. Description and scope of data processing  
Our platform uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's device. When a user calls up a platform, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables the device to be uniquely identified when the platform is called up again.

We use cookies to make our platform more user-friendly. Some elements of our platform require that the calling device can be identified even after a platform change.

The following cookies are used on the DISTRESSWIRE platform:

Technically necessary / functional cookies:

  • XSFR-TOKEN (Laravel cookie for, among other things, secure form submission / https://laravel.com/docs/9.x/csrf)
  • stripe_mid (Stripe cookie for e.g. Fraud Protection / https://cookiedatabase.org/cookie/stripe/__stripe_mid/)
  • distresswire_session (Laravel cookie for user login)

Performance / analysis cookies:

  • Google Analytics

The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.

Use of Cookiefirst  
For our website, we use the cookie consent technology of CookieFirst, a service of Digital Data Solutions B.V., Plantage Middenln 42a, 1018 DH Amsterdam (hereinafter "CookieFirst"), in order to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law.  
When you enter our website, the following personal data is transferred to CookieFirst:

  • Your consent(s) or revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your terminal device
  • Time of your visit to the website.

Furthermore, CookieFirst stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the CookieFirst cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

CookieFirst is used to obtain the legally required consent for the use of cookies, Art. 6 (1) p. 1 lit. c GDPR. You can find more information at: https://cookiefirst.com/legal/general-terms-conditions

2. Purpose of data processing  
The purpose of using technically necessary cookies is to simplify the use of the platform for users. Some functions of our platform cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.  
The following cookies are used on the DISTRESSWIRE platform:

Technically necessary / functional cookies:

  • XSFR-TOKEN (Laravel cookie for, among other things, secure form submission / https://laravel.com/docs/9.x/csrf)
  • stripe_mid (Stripe cookie for e.g. Fraud Protection / https://cookiedatabase.org/cookie/stripe/__stripe_mid/)
  • distresswire_session (Laravel cookie for user login)

Performance / analysis Cookies:

  • Google Analytics

The user data collected through technically necessary / functional cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

3. Legal basis for data processing  
The legal basis for the processing of personal data using technically unnecessary cookies is Section 25 (1) TTDSG in conjunction with. Art. 6 (1) lit. a) GDPR.

The legal basis for the processing of personal data using technically necessary cookies is Section 25 (2) TTDSG in conjunction with. Art. 6 (1) lit. f) GDPR.

4. Duration of storage, possibility of objection and elimination  
Cookies are stored on the user's device and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are blocked for our platform, it may no longer be possible to fully use all functions of the platform.

VII. Newsletter

1. Description and scope of data processing    
On our platform there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.

  • Email address

No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. Purpose of data processing    
The collection of the user's email address is used to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

3. Legal basis for data processing    
The legal basis for the processing of data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 (1) p. 1 lit. a GDPR.

4. Duration of storage    
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Accordingly, the user's email address will be stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

5. Possibility of objection and elimination    
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.  
This also enables the revocation of consent to the storage of personal data collected during the registration process.

VIII. Hosting

The platform is hosted on servers of a service provider contracted by us.

Our service provider is:  
Host Europe GmbH  
Hansestrasse 111  
51149 Cologne

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the platform. The information stored is:

  • Language and version of the browser software
  • Operating system of the user and its interface
  • Host name of the accessing computer (IP address)
  • Date and time of access
  • Referrer URL (the previously visited page)
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Amount of data transferred
  • Access status/ HTTP status code

This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) lit. f GDPR. The platform operator has a legitimate interest in the technically error-free presentation and optimization of its platform - for this purpose, the server log files must be collected.

We have concluded an order processing agreement with the relevant service provider, in which we oblige the relevant service provider to protect user data and not to disclose it to third parties.

The location of the website's server is geographically in Germany.

IX. Registration

1. Description and scope of data processing  
On our platform, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

  • First name
  • Last name
  • Company
  • Username
  • Business email address
  • Password
  • IP address of the calling computer
  • Date and time of registration

As part of the registration process, the user's consent to the processing of this data is obtained.

2. Purpose of data processing   
Registration of the user is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.  
To use DISTRESSWIRE, it is necessary to register with your own profile.

3. Legal basis for data processing   
If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) p. 1 lit. b GDPR.

4. Duration of storage   
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

This is the case for the data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to fulfill contractual or legal obligations.

5. Possibility of objection and elimination   
As a user, you have the option to cancel the registration at any time. You can change the data stored about you at any time. To delete your personal data, you can delete your user account. You can make a change to your personal data in your personal settings on the platform. A change of the company name can only be made by the administrator of your company account.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

X. Use of the platform

1. Description and scope of data processing   
On our platform, we offer users the possibility to access certain investment opportunities. In doing so, users who have uploaded and published the respective investment opportunity can see which users have viewed the published investment opportunities or downloaded documents associated with the investment opportunity and may use this information for evaluation and presentation purposes towards third parties. The following personal data is disclosed to this group of users in their personal account area:

  • First name
  • Last name
  • Company
  • Key functions
  • Business email address
  • Date and time of the view / download
  • Viewed / downloaded information / documents

In addition, users are informed when other users save their published investment opportunities as bookmarks and as soon as other users have viewed their personal profile.

2. Purpose of data processing   
The possibility of accessing published investment opportunities as well as the related disclosure of personal data in relation to certain groups of users serves the purpose of fulfilling our contractual performance (enabling the investments or initiating the business relations between the users).

3. Legal basis for data processing   
If the use of our platform serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, Art. 6 (1) p. 1 lit. b GDPR is the legal basis for the processing of personal data.

4. Duration of storage   
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

This is the case for personal data processed for the performance of a contract or for the implementation of pre-contractual measures when the data is no longer required for the performance of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to fulfill contractual or legal obligations.

5. Possibility of objection and elimination   
As a user, you have the possibility at any time to object to the processing of your personal data in the context of the use of the platform.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

XI. E-mail contact

1. Description and scope of data processing   
Within our platform, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.

The data will be used exclusively for the processing of the conversation.

2. Purpose of data processing   
In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

3. Legal basis for data processing   
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

4. Duration of storage   
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of 14 days at the latest.

5. Possibility of objection and elimination   
If the user contacts us by e-mail or turns to his company administrator, he can object to the storage of his personal data at any time under info@distresswire.com. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

XII. Company websites

We use various networks for our company websites. When using some networks, personal data may be transferred to servers in the USA. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by the networks listed below is carried out on the basis of appropriate guarantees pursuant to Art. 46 ff GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR.

Twitter:   
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

On our company page, we provide information and offer Twitter users the opportunity to communicate. If you carry out an action on our Twitter company site (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by the companies jointly responsible for the DISTRESSWIRE corporate presence, we cannot make any binding statements about the purpose and scope of the processing of your data.

Our corporate presence in social networks is used for communication and information exchange with (potential) customers / users. In particular, we use the corporate presence for the presentation of DISTRESSWIRE, the explanation of platform functionalities, and marketing.

Every user is free to publish personal data through activities.  
The legal basis for the data processing is Art. 6 (1) p.1 lit. a GDPR.

The data generated by the company website is not stored in our own systems.

You can object at any time to the processing of your personal data that we collect in the course of your use of our Twitter corporate presence and assert your data subject rights listed under IV. of this privacy policy. To do so, send us an informal e-mail to info@distresswire.com. You can find more information about the processing of your personal data by Twitter and the corresponding objection options here:  
Twitter: https://twitter.com/de/privacy

XIII. Company appearances in job-oriented networks

1. Scope of data processing   
We use the possibility of company appearances on profession-oriented networks. We maintain a company presence on the following job-oriented networks:

LinkedIn:   
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

To ensure appropriate safeguards for the protection of the transfer and processing of personal data outside the EU, so-called standard contractual clauses (Art. 46 (2) p. 1 lit. c GDPR) have been concluded with LinkedIn.

On our site we provide information and offer users the opportunity to communicate.

The company website is used for job applications, information/PR and active sourcing.

We do not have any information on the processing of your personal data by the companies jointly responsible for the corporate presence. For more information, please refer to the privacy policy of:

LinkedIn:   
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

If you carry out an action on our company website (e.g. comments, posts, likes, etc.), it is possible that you make personal data (e.g. clear name or photo of your user profile) public.

2. Legal basis for data processing   
The legal basis for the processing of your data in connection with the use of our corporate presence is Art.6 (1) p.1 lit. f GDPR.

3. Purpose of data processing   
Our company website serves to inform users about our services. In doing so, every user is free to publish personal data through activities.

4. Duration of storage   
We store your activities and personal data published via our corporate website until you revoke your consent. In addition, we comply with the statutory retention periods.

5. Possibility of objection and elimination   
You can object at any time to the processing of your personal data that we collect in the course of your use of our corporate presence and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal email to info@distresswire.com.    
For more information on appeal and removal options, click here:

LinkedIn:   
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XIV. Payment and credit check

1. Description and scope of data processing   
We offer our customers credit card payment for the use of our services. After the payment process is completed, we receive the customers' payment data and process them in our systems for the purposes of invoicing and accounting.

Payment data is passed on to the following payment service providers:

Stripe payment   
We use Stripe, a service of the American company Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (hereinafter "Stripe") to process payments via our website.

EU standard contractual clauses have been agreed with Stripe Inc. so that possible measures have been taken to ensure compliance with European data protection law.

In particular, Stripe has published the following information on the nature, scope and purpose of data processing in its privacy policy:

https://stripe.com/de/privacy#translation

Through Stripe it is possible to offer various payment methods, such as credit card payments or direct debit. In this context, Stripe offers software interfaces to integrate these payment methods with us. The crediting of a payment transaction then takes place for us via a so-called Stripe account.

If you make a payment via our platform, data of the data subject is automatically transmitted to Stripe. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

The personal data transmitted to Stripe are usually first name, last name, address, email address, IP address, telephone number, cell phone number or other data as well as financial transaction data, such as credit card number or account data, which are necessary for the processing of payments. Also necessary for the processing of the contract are such personal data that are related to the respective service.

The purpose of the data transfer is payment processing and fraud prevention. The personal data exchanged between Stripe and us may be transmitted by Stripe to credit reporting agencies. This transmission is for the purpose of checking identity and creditworthiness within the scope of our legitimate interest.

Stripe may disclose the personal data to affiliated companies and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process the data on its behalf.

2. Purpose of data processing   
The transmission of payment data to payment service providers serves to process the payment, e.g. when you purchase a product and/or use a service.

3. Legal basis for data processing   
The legal basis for the data processing is Art. 6 (1) p. 1 lit. b GDPR, as the processing of the data is necessary for the execution of the concluded purchase contract.

4. Duration of storage   
All payment data as well as data on any chargebacks that may occur are only stored for as long as they are needed for payment processing and possible processing of chargebacks and debt collection as well as for combating misuse.

Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse.

Your personal data will be deleted upon expiry of the statutory retention obligations, i.e. after 10 years at the latest.

5. Possibility of objection and elimination   
You may revoke your consent to the processing of your payment data at any time by notifying the responsible party or the payment service provider used. However, the payment service provider used may still be entitled to process your payment data if and as long as this is necessary for the contractual processing of payments.

XV. Partner programs

Furthermore, we use the following partner programs:  
INTRALINKS:   
Within the platform, a forwarding for the use of a data room of the provider Intralinks Inc, 685 3rd Avenue, NewYork, is provided. When using the interface, data of the user will be transmitted to INTRALINKS for the initiation and execution of the contractual relationship between INTRALINKS and the user.  
Your personal data will also be transferred to the USA. For the USA, there is no adequacy decision according to Art. 45 (3) GDPR. Furthermore, there are no appropriate safeguards according to Art. 46 GDPR. We would like to point out that a data transfer without an adequacy decision and without appropriate safeguards entails certain risks, which we would like to inform you about below:

Intelligence services in the USA take certain online identifiers (such as the IP address or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transmitted here can be traced back to you.

Providers of electronic communications services headquartered in the United States are subject to surveillance by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a ("FISA 702"). Accordingly, providers of electronic communications services headquartered in the U.S. have an obligation to make personal data available to U.S. authorities pursuant to 50 U.S. Code § 1881a. Even encryption of data at the electronic communications service provider's data centers may not provide adequate protection because, with respect to imported data in its possession or custody or under its control, an electronic communications service provider has a direct obligation to provide access to or surrender such data. This obligation may expressly extend to the cryptographic keys without which the data cannot be read.

The fact that this is not merely a "theoretical risk" is demonstrated by the ECJ's judgment of July 16, 2020, ‑C311/18.

Creditreform:

1. Description and scope of data processing
Within our website, there is an interface to the Verband der Vereine Creditreform e.V., Hammfelddamm 13, 41460 Neuss. The interface is used to enable users to conduct a structured investor search via DISTRESSWIRE from a broad pool of diversified companies. A data transfer of the search entries to this defined partner cannot be ruled out. A transfer to third parties is not intended.

2. Purpose of data processing
Users of the DISTRESSWIRE platform are given the opportunity to access a pool of around 5 million companies with detailed information on each of these companies. Based on suitable search parameters, each user can create lists of target companies and the corresponding basic information on these target companies (company name, turnover, number of employees, company e-mail, contact person, position contact person). For example, insolvency administrators or their advisors can identify potential investors for companies in crisis and prepare and document an approach to these investors via DISTRESSWIRE

3. Legal basis for data processing
The users of the tool are registered customers. Thus, the use of the service aims at the conclusion of a contract within the meaning of Art. 6 (1) lit. b DSGVO.

4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

XVI. Plugins used

We use plugins for various purposes.

When using some services, personal data may be transferred to servers in the USA. The legal basis for this transfer is consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. The United States of America does not provide an adequate level of data protection based on a decision of the European Union. The essential risk of the transfer lies in the obligation of the plug-in providers to make user data accessible to American authorities under certain circumstances. An order processing agreement with standard contractual clauses is currently in place with all providers in order to make the third-country transfer as data-protection-friendly and secure as possible. Adjustments to the ECJ ruling of 16.07.2020 (Schrems II, ref. C-311/18) including additional security measures are currently being sought by us.

The plugins used are listed below:

ServiceProviderThird country transfer (country)  
 *(no third country transfer)    
**(own hosting)     
***(Adequacy Decision)		Purpose of the data processingLegal basis of the data processingLegal basis of the data processing Information on data protection and appropriate safeguards for third country transfers
DeepL DeepL SEGermany*Machine translationArt. 6 (1) p. 1 lit. b GDPRInsofar as the texts you enter contain personal data, this data will be processed by the provider of the translation service, Fa. DeepL SE, Maarweg 165, 50825 Cologne, Germany. We have concluded an order processing agreement with DeepL SE pursuant to Art. 28 GDPR. Further information on data protection at DeepL SE can be found at https://www.deepl.com/de/privacy   
 
Google AnalyticsGoogle Ireland Ltd.USATrackingArt. 6 (1) p. 1 lit. a GDPRhttps://policies.google.com/privacy?gl=DE&hl=de   
https://business.safety.google/gdpr/ 
Google MapsGoogle Ireland Ltd.Ireland (USA)Map serviceArt. 6 (1) p. 1 lit. a GDPRhttps://policies.google.com/privacy?gl=DE&hl=de   
https://business.safety.google/gdpr/   
 
Google Tag ManagerGoogle Ireland Ltd.Ireland (USA)Tag configuration and integration of Google servicesArt. 6 (1) p. 1 lit. a GDPRhttps://policies.google.com/privacy?gl=DE&hl=de   
https://business.safety.google/gdpr/   
 
Google ReCaptchaGoogle Ireland Ltd.Ireland (USA)Security checkArt. 6 (1) p. 1 lit. a GDPRhttps://policies.google.com/privacy?gl=DE&hl=de
MailChimpThe Rocket Science Group, LLCUSANewsletterArt. 6 (1) p. 1 lit. a GDPRhttps://MailChimp.com/legal/privacy/   
 

1. Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, such as for tax and accounting purposes.

2. Transfer to third countries

When using plugins marked with third country transfer or USA, personal data may be transferred to servers in third countries outside the EU, such as the USA. The legal basis for this transfer is consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. The United States of America does not provide an adequate level of data protection based on a decision of the European Union. The essential risk of the transfer lies in the obligation of the plug-in providers to make user data accessible to American authorities under certain circumstances. An order processing agreement with standard contractual clauses is currently in place with all providers in order to make the third-country transfer as data-protection-friendly and secure as possible. Adjustments to the ECJ ruling of 16.07.2020 (Schrems II, ref. C-311/18) including additional security measures are currently being sought by us. A copy of the standard data protection clauses can be requested by sending us an informal email.

3. Revocation and removal option

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection as well as the processing of your personal data by the respective providers by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.  
 

© DISTRESSWIRE 2022 All rights reserved