Privacy & Security

General note and mandatory information

6 June 2022

Naming of the responsible body

Responsible according to Art. 4 No. 7 EU Data Protection Basic Regulation (DSGVO) is:
G&H Banking Software AG
Hohenzollerndamm 150
14199 Berlin

You can reach our data protection officer at: datenschutzbeauftragter@bancos.com
Further contact information can be found in the imprint.

How do we collect your data?

On the one hand, your data will be collected by you communicating it to us. This can be data that you send us by e-mail, for example. Other data is automatically collected by our IT system when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page call).

What do we use your data for?

We collect some of the data to ensure that the website is error-free. Other data can be used to analyse your user behaviour. Data that we collect as part of a job advertisement is used by us to carry out the selection process. The data provided by you will be processed for the processing of your application and, if an employment relationship is established, also for the performance of the employment relationship. We process other data to process enquiries you send us by e-mail, for example.

What rights do you have regarding your data?

You have the following rights with regard to your personal data:

  • Right to information according to art. 15 DSGVO
  • Right to rectification according to Art. 16 DSGVO
  • Right to cancellation according to Art. 17 DSGVO
  • Right to limitation of processing pursuant to Art. 18 DSGVO
  • Right to data transfer according to Art. 20 DSGVO

Right of objection

If data processing is carried out on the basis of Art. 6 Para. 1 lit. e) or f) DSGVO, you also have the right at any time for reasons arising from your particular situation, to object to the processing of your personal data; this also applies to profiling based on these provisions. Please refer to this data protection declaration for the respective legal basis on which processing is based. If you lodge an objection, we will no longer process your personal data concerned unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21 para. 1 DSGVO). If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 DSGVO). The objection is free of charge and can be made in any form, if possible to the e-mail address datenschutzbeauftragter@bancos.com.

Right to data transferability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The information is provided in a machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.

Right to information, correction, blocking, deletion

You have the right to free information about your stored personal data, the origin of the data, its recipients and the extent to which it is used at any time within the framework of the applicable statutory provisions. the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.

Some data processing operations are only possible with your express consent. A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of complaint to the responsible supervisory authority

In the event of a breach of data protection law, you as the party concerned have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority with regard to data protection issues is the data protection officer of the federal state in which our company has its registered office. The responsible supervisory authority is for you: Berlin Commissioner for Data Protection and Freedom of Information Friedrichstr. 219 10969 Berlin Phone: +49 30 13889-0 E-mail: mailbox@datenschutz-berlin.de

Data collection when visiting our website

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and by the lock symbol in the browser line.

1. description and scope of data processing

Server log files

In server log files, the provider of the website collects and stores information that your browser automatically transmits to us. These are:

  • Visited page on our domain
  • Date and time of the server request
  • browser type and browser version
  • Operating system used
  • Referrer URL
  • hostname of the accessing computer
  • Internet Service Provider
  • IP address

These data are not merged with other data sources.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f) DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the computer of the website user. For this purpose, the IP address of the user must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f) DSGVO.
also lies in these purposes.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the purpose of providing the website, this is the case when the session in question has ended. In the case of storage of data in log files, this is the case after one month at the latest.

Possibility of opposition and removal

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of opposition on the part of the website user.

2. Website tracking with etracker

The provider of this website uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) for the analysis of usage data. We do not use cookies for web analysis by default. Insofar as we use analysis and optimization cookies, we obtain your explicit consent separately in advance. If this is the case and you consent, cookies are used to enable statistical coverage analysis of this website, measurement of the success of our online marketing measures, and test procedures, for example, to test and optimize different versions of our online offering or its components. Cookies are small text files that are stored by the Internet browser on the user’s terminal device. etracker cookies do not contain any information that enables identification of a user.

The data generated with etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is thus subject to the strict German and European data protection laws and standards. etracker has been independently audited in this regard, certified and awarded the data protection seal of quality ePrivacyseal.

The data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (GDPR). Our concern in terms of the GDPR (legitimate interest) is the optimization of our online offer and our web presence. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or disclosure to third parties takes place.

You may object to the aforementioned data processing at any time. The objection has no adverse consequences.

You can find more information about data protection at etracker here.

3. cookies

Our website uses cookies. These are small text files that your browser stores on your terminal device. Cookies help us to make our website more user-friendly, effective and secure. Some cookies are “session cookies”. Such cookies are deleted automatically at the end of your browser session. On the other hand, other cookies remain on your terminal until you delete them yourself. With a modern browser you can monitor, restrict or prevent the use of cookies. Many browsers can be configured so that cookies are deleted automatically when the program is closed.

The deactivation of cookies can result in a limited functionality of our website. The setting of cookies, which are used to carry out electronic communication processes or to provide certain functions you have requested (e.g. shopping cart) is made on the basis of Art. 6 para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these will be dealt with separately in this data protection declaration.

4. Third-party services

Google Ads and conversion tracking
We use the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking. Google Conversion Tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. If you visit certain web pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. Thus, there is no way that cookies can be tracked across Ads customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. This tells customers the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking, you can object to this use by preventing the installation of cookies through a corresponding setting in your browser software (deactivation option). You will then not be included in the conversion tracking statistics. Further information as well as Google’s privacy policy can be found at: http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/

Google remarketing/ “lookalike audiences”-function
The Provider uses the remarketing or “lookalike audineces” function of Google Inc. (“Google”) on the Website. By means of this function, the provider can target the visitors of the website with advertisements by displaying personalized, interest-related advertisements for visitors of the provider’s website when they visit other websites in the Google Display Network. To carry out the analysis of website usage, which forms the basis for the creation of interest-based advertisements, Google uses so-called cookies. For this purpose, Google stores a small file with a sequence of numbers in the browsers of the website visitors. This number is used to record visits to the website as well as anonymized data about the use of the website. No personal data of the website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas. You can permanently disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://www.google.com/settings/ads/plugin. Alternatively, you can deactivate the use of cookies by third-party providers by visiting the deactivation page of the Network Advertising Initiative at http://www.networkadvertising.org/choices/ and implementing the further information on opting out provided there. Further information on Google Remarketing as well as Google’s privacy policy can be found at: http://www.google.com/privacy/ads/.

Microsoft Ads (Bing) and conversion tracking
We use the online advertising program “Microsoft Advertising” of Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft”) and in this context the Microsoft Advertising Conversion Tracking. The data processing serves marketing and advertising purposes and the purpose of measuring the success of the advertising measures (conversion tracking). For this purpose, Microsoft sets a cookie on your terminal device if you have accessed our website via a Microsoft Bing ad. In this way, Microsoft and we can recognize that someone has clicked on an ad, been redirected to our website and reached a previously determined target page (“conversion site”). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion site. Microsoft collects, processes and uses information via the cookie, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. No personal information about the identity of the user is processed. For more information on data protection and the cookies used by Microsoft Advertising, please see: Data Security Policy and Privacy Policy

Facebook remarketing
The Provider uses the “Custom Audiences” remarketing function of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on the Website. By means of this function, the provider can target visitors to the website with advertising by displaying personalized, interest-related Facebook ads for visitors to the website when they visit the Facebook social network. To perform the function, the Remarketing tag of Facebook is implemented on the website of the Provider. Via this tag, a direct connection to the Facebook servers is established when visiting the website. This transmits to the Facebook server which of our web pages you have visited. Facebook assigns this information to your personal Facebook user account. For more information about the collection and use of data by Facebook, about your rights in this regard and options for protecting your privacy, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy/. If you do not want Facebook to assign the collected information directly to your Facebook user account, you can deactivate the “Custom Audiences” remarketing function here. To do this, you must be logged in to Facebook.

LinkedIn tracking
On our website, we use the analysis and conversion tracking technology of the LinkedIn platform. With this technology from LinkedIn, you are shown more relevant ads based on your interests. Furthermore, we receive aggregated and anonymous reports from LinkedIn of ad activity and information about how you interact with our website. You can find more information about LinkedIn’s privacy policy here: https://www.linkedin.com/legal/privacy-policy#choices-oblig. You can object to LinkedIn analyzing your usage behavior and displaying interest-based recommendations (“opt-out”); to do so, click on the “Opt-out on LinkedIn” box (for LinkedIn members) or “Opt-out” (for other users) at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Hotjar
We use Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. Using Hotjar’s technology, we get a better understanding of our users’ experience (e.g., how much time users spend on which pages, which links they click, what they like and don’t like, etc.) and this helps us tailor our offering to our users’ feedback. Hotjar works with cookies and other technologies to collect data about our users’ behavior and about their devices, in particular IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

When visiting a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to the opt-out page at https://www.hotjar.com/policies/do-not-track/ and following the instructions there.

For more information, see the ‘about Hotjar’ section at https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar.

Requests by e-mail, telephone or fax

Description and scope of data processing

You have the opportunity to contact us via the e-mail addresses, telephone and fax numbers provided on our website. If you contact us in this way, all personal data resulting from this will be stored by us for the purpose of processing your request and used to contact you. Your information may be stored in our Customer Relationship Management (“CRM”) system. The data will not be passed on to third parties in this context. The data will be used exclusively for the cash processing of your enquiry.

The legal basis for the processing of the data for establishing contact is Art. 6 Para. 1 lit. b) DSGVO, insofar as we process your data for the implementation of pre-contractual measures which take place at your request. For non-contractual inquiries, the legal basis is Art. 6 Para. 1 lit. f) DSGVO. In this case, the data processing serves to safeguard the legitimate interest for the effective processing of the inquiries directed to us.

Duration of storage

The data transmitted by you to us via contact requests will remain with us until you request us to delete them, you object to their storage or the purpose for data storage no longer applies. The purpose for data storage does not apply if it can be inferred from the circumstances that the underlying concern has been conclusively clarified.

Objection and removal possibility

You can object to the processing of your data by sending an e-mail to datenschutzbeauftragterq@bancos.com . In such a case the communication with you cannot be continued. All personal data stored in the course of contacting you will be deleted in this case.

Information for applicants

Here we inform you about how we process your personal data when you apply for a job advertised by us or on your own initiative. You voluntarily provide us with your personal data as part of the application process. However, the provision of personal data is necessary for processing your application or concluding a contract of employment with us. This means that if you do not provide us with any personal data in an application, we cannot enter into an employment relationship with you.

Description of Data Processing

We collect and store all data that you provide to us through your application. This includes your contact details, your application documents (CV, cover letter, previous professional experience, education and certificates as well as our notes from interviews with you), Your salary requirement, the type of employment you are looking for and the date available. This also applies to any other information you provide to us, including any correspondence you have with us during the application process. We may also obtain the above information about you from other sources. This includes, for example, data that you have obviously made public within the framework of an online profile (e.g. XING, LinkedIn). We may also receive data that you transmit to us via third-party websites, e.g. from job exchanges such as Stepstone or Monster.

Purpose of data processing

We collect, store and use your personal data in order to carry out the selection process. The data provided by you will be processed for the processing of your application and, if an employment relationship is established, also for the performance of the employment relationship. Processing for any other purpose does not take place.

The legal basis is  26 Paragraph 1 BDSG or, in the case of public profiles, Art. 6 Paragraph 1 lit. f) DSGVO in connection with Art. 9 para. 2 lit. e) DSGVO. In this case, the legitimate interest is to receive a clear brief profile from you which you have obviously made public within the meaning of Art. 9 Para. 2 lit. e) DSGVO. In addition, we may process personal data about you to the extent necessary to defend against legal claims asserted against us in the application process. The legal basis is Art. 6 para. 1 lit. b) and lit. f) DSGVO. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG). If there is an employment relationship between you and us, we can further process the personal data you have already received for the purposes of the employment relationship in accordance with  26 Para. 1 BDSG. This takes place if this is necessary for the execution or termination of the employment relationship.

Duration of storage

We store your personal data only for the duration of the retention period for application data for 6 months or as long as we need it for the legitimate interest in accordance with applicable law, unless, in individual cases, you give us permission to use your documents for other positions that become available. If data storage is no longer required, the data will be deleted. A transfer to a third country is not intended.