search
Received a message?

Privacy Policy

Riverty Group GmbH Websites

Protection of personal data

The protection of your personal data (hereinafter referred to as "data") is a great and very important concern for us. In the following, we would therefore like to inform you in detail about which data is collected when you visit our online offers (website, social media, blog), hereinafter referred to as "Riverty websites", and how this is processed by us in the following. In addition, we would like to inform you about the rights to which you are entitled and the technical and organisational protection measures we have taken with regard to the processing of your data.

The privacy policy fulfils the information obligations in accordance with the requirements of Art. 12 et seq. of the EU General Data Protection Regulation (hereinafter referred to as "GDPR") and provides you with an overview of the processing of your personal data on online offers (website, social media, blog) of Riverty Group GmbH and other companies of the Riverty Group of companies (hereinafter referred to as "Riverty Group "). The Riverty Group consists of Riverty Group GmbH and the other companies named in the imprint.

This data protection notice applies to the website offering provided by the companies of the Riverty Group on the domain Riverty.com and all sub-domains. In terms of data protection law, the companies of the Riverty Group act as joint controllers within the meaning of Art. 26 DSGVO for the operation of the Riverty websites.

1. Who is responsible for processing my data?

The companies of the Riverty Group listed in the imprint are responsible for the operation of the website and for the technical processing of your data. The Riverty Group processes data in accordance with the provisions of the GDPR and local data protection laws.

Where applicable, your data will be shared among the companies of the Riverty Group to the extent described here. The companies of the Riverty Group are jointly responsible for the protection of your data (Art. 26 GDPR). If a Riverty Group company is solely responsible for the operation of the technical website within the meaning of the GDPR, you will find the relevant information in the company or product-specific data protection notices.

To ensure that you can exercise your legal rights arising from the data protection requirements, Riverty Group provides you with the following central contact address: .

A complete list of the data processing companies on this website as well as their address data, contact persons and supplementary data protection information can be found in the imprint.

2. Personal data

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by means of an identifier such as a name, an e-mail address, a postal address or an online identifier such as an IP address or a cookie identifier.

Processing of personal data is only permitted with legal permission. When visiting and using the website, your personal data will only be processed if Riverty Group has legal permission to do so.

3. Wich data are collected?

When you visit the website, information is automatically collected by the requesting device (hereinafter referred to as "access data"). This access data includes server log files, which usually consist of information about the browser type and version, the operating system, the internet service provider, the date and time of use of the website, the previously visited websites and newly accessed websites via the website and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned when the internet connection is used and the internet provider can assign it to a person.

If you continue to use the website services, pseudonymous usage profiles and/or the data you enter on the website (e.g. search words, login data, ratings, form or contract entries, click data) are processed.

In principle, you can use the website without providing your data, for example to obtain information about us.

A detailed breakdown of the purposes for which, how long and on what legal basis this data is processed can be found in section 4 of this data protection notice.

4. For which purposes are the data collected?

The purposes of data processing on this website may result from technical, contractual or legal requirements and, where applicable, from consent.

Riverty Group jointly uses the data referred to in section 2 and the data referred to in section 3 for the following purposes, among others:

  • to provide the Website and ensure technical security, in particular to correct technical errors and to ensure that unauthorised persons do not gain access to the Website's systems; and
  • to process your contact request.
  • for the purpose of improving the website offer
  • for the purpose of web tracking and analysis of user behaviour

Further information on the listed purposes of data processing can be found in the following sections of this privacy notice. If personal data are processed for purposes other than those just listed, you will be informed in the following section about the subject matter, the manner and duration, the purpose, the legal basis used and any different responsibilities for the processing.

4.1 Use of cookies

Cookies are small text files used on Riverty websites to make the user experience more efficient. We use cookies to personalise content and ads and to analyse traffic to our website. We also share information about your use of our website with our analytics partners.

By law, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your consent. You can change your consent at any time from the cookie statement on our website or revoke it.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can find out which cookies are used in detail at the Cookie-Consent-Manager .

  1. Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  2. Functional cookies help us to understand how visitors interact with websites by collecting and reporting information anonymously.
  3. Marketing Cookies are cookies that helps us to optimize the user experience and measure the reach of the website. With the help of these cookies, we are able to record and evaluate user behavior on the website. However, web tracking does not require personal identification of the user concerned, so that when your access data is recorded, the saved IP address is either not used or is only used in a shortened form (shortening by the last octet) and pseudonymous usage profiles are created. Personal user profiles are only created in exceptional cases and if you have given your consent for the cookie in question to be set via our Cookie Consent Manager. These cookies may generally share the information collected with other organizations or advertisers. They are persistent cookies that almost always come from third parties. Web tracking services are regularly provided by our service providers, who only process usage profiles according to our instructions and not for their own purposes. This is ensured by means of contracts for order processing. If the service providers are established outside the European Union or the European Economic Area (hereinafter referred to as "EU or EEA"), a so-called third country transfer takes place. This is permissible if you have consented to it, we have created a guarantee for a level of data protection appropriate to the European standard or the EU Commission has classified the respective third country as a safe third country. The third country transfer of the respective service is marked below. For more information about the recipients of your data and the third country transfer, please refer to section 5 and section 6 of this privacy policy.

Cookies Overview can be found here.

4.1.1 Legal basis of the data processing

The legal basis for the use of cookies is Art. 6 para. 1 lit. a and/ or f GDPR.

4.1.2 Duration of storage, deletion and retention period

 The data collected and evaluated when using cookies are usually stored until you object to their use. However, the storage period for cookies is a maximum of 24 months (2 years).

4.1.3 Possibility of objection and removal

You have the right to object to the processing of your personal data when using not necessary cookies in accordance with Art. 21 GDPR, if there are reasons for doing so arising from your particular situation. If you wish to exercise your right of objection, please contact the address given under section 1. If you object to this data processing, you will only be able to use the website to a limited extent or not at allFurthermore, you can object your consent to the processing of your data within the scope of the use of optional cookies at any time. The objection can be made technically by opting out in our cookie consent manager on this website or by the technical cleaning of cookies with the help of the browser you use. Within the footer of this site, you can go to the settings mask of our Cookie-Consent-Manager

4.2 Personalised newsletter

On the website there is the possibility to subscribe to newsletters. If you receive a newsletter, we process the e-mail address, name of your company and the country, based on the consent given by you upon registration. For the registration / subscription of those newsletters we always use as far as legally required a double-opt-in procedure. After registration and the granting of your consent, we will send you a message to the e-mail address you provided, asking you to confirm your registration. To prevent the misuse of your data and to prove your consent, we store the access data you entered during registration as well as the registration notification and the texts used for this purpose. After confirmation you are registered for the newsletter and your data will be stored in our customer database.

To sent you our personalized newsletters, we collect statistical data on the use of our web offer and to optimize our offers accordingly and to adapt the offer (newsletter and other content) to your needs. For this purpose, one or more cookies are stored on your computer, which are used to collect data for marketing and optimization purposes and to store and process the data on the servers of our Marketing Automation Tool. The collected data is merged with the personal data you provide on the website to create a profile. You can end the profiling process by deactivating the cookie function in your browser.

4.2.1 Purposes and legal basis of data processing

The mailing of our newsletter and the downloading of our content is aimed to addressing business customers to inform them about products, solutions and services of our business units ID & Fraud Management, Credit Risk Management, Payment and Financing Services as well as Receivables Management and events. This entrepreneurial diversity can only be achieved with the help of other companies in the Riverty Group, which is why we are entitled, with your consent, to pass on your data for promotional purposes within our group. You can view an overview of the companies in the Riverty Group of companies in the imprint

The personalized newsletter is aimed at addressing (potential) business customers to inform them about products, solutions and services of our business units and events. The legal basis for the processing of your data when registering for and participating in the newsletter is your consent in accordance with Art. 6 sec. 1 lit. a GDPR / § 7 sec. 2 no. 3 German Law against unfair competition (hereinafter referred as "UWG").

4.2.2 Duration of storage or criteria for determining this duration

 Your data will be saved during your subscription to the respective newsletter. After inactivity, your data will be saved for a period of 1 year to be able to prove that your consent has been obtained for the newsletter and that we have acted in accordance with the law. The same applies if you have revoked your consent. Data processing for advertising purposes will then no longer take place.4.2.3 Possibility of objection and removal

You can revoke your consent to processing in the context of sending personalised newsletters at any time by informing the company of your revocation via the e-mail address or with the subject "Newsletter revocation". An objection can also be made by using the unsubscribe link in the newsletter email.

4.3. Personal newsletter when downloading e-books/whitepapers/studies

In return for the download of whitepapers/e-books/studies (hereinafter referred to as "content") on current topics from our business areas as well as in return for services supplied within the framework of special campaigns (e.g. fundraising campaigns, etc.), we have agreed with you to sent you a personal newsletter.

Within the scope of this agreement, for the sending a newsletter, we process the e-mail address, name of your company and the country you have specified. We use as far as legally required the so called Double-Opt-In procedure to register for the newsletter. In this process, we will send a message to the e-mail address you provided after registration, asking you to confirm your registration. To prevent the misuse of your data and to prove this agreement, we store the access data you entered during registration, the registration notification and the texts used for this purpose.

To sent you personalized newsletters, we collect statistical data on the use of our website and to optimize our offer accordingly and to adapt the offer (newsletter and other content) to your needs. For this purpose, one or more cookies are stored on your computer, which are used to collect data for marketing and optimization purposes and to store and process the data on the servers of our Marketing Automation Tool. The collected data will be merged with the personal data you provide on the website to create a profile. You can end the profiling process by deactivating the cookie function in your browser.

After confirmation you are registered for the newsletter and your data will be stored in our customer database.

4.3.1 Purposes and legal basis of data processing

The mailing of our newsletter and the downloading of our content is aimed at addressing business customers to inform them about products, solutions and services of our business units ID & fraud management, credit risk management, payment, and financing services as well as receivables management and about events. This entrepreneurial diversity can only be depicted with the help of other companies in the Riverty Group, which is why we are entitled, with your consent, to forward your data for promotional purposes within our group of companies. You can get an overview of the companies in the Riverty Group in the imprint.

The  personalized newsletter is aimed at addressing (potential) business customers to inform them about products, solutions, and services of our business units as well as events. The legal basis for the processing of your data when registering for and participating in the newsletter is your consent in accordance with Art. 6 sec. 1 lit. a GDPR and as far as required with other european regulations.

4.3.2 Duration of storage or criteria for determining this duration

Your data will be stored during your participation in the newsletter. After inactivity of the newsletter, your data will be stored for the duration of 2 years, in order to be able to prove that your consent was obtained for the newsletter, that we have acted in accordance with the law. The same applies if you have revoked your consent. Data processing for advertising purposes will then no longer take place.

4.3.3 Possibility of objection and removal

You can revoke your consent to processing in the context of participating in our personalised Newsletter Offer when downloading e-books/whitepapers/studies at any time by notifying the company of your revocation via the e-mail address newsletter-unsubscribe@riverty.com or with the subject "Newsletter revocation". An objection can also be made by using the unsubscribe link in the newsletter email.

4.4 Business customer survey

If you have a business relationship with us, we may occasionally use your data to conduct a customer survey to determine your satisfaction with our services and to identify areas for improvement. Participation in the survey is voluntary and only takes place with those customers who have given us their consent to do so when establishing the business relationship. The survey is carried out with the help of service providers who, as processors, are controlled by us according to our instructions. A data protection check of these service providers has been carried out by us before the surveys are conducted.

4.4.1 Purposes and legal basis of data processing

The purpose of the survey is to improve our products and services and thus to expand and maintain good customer relations. The data protection legal basis for this survey can be found in Art. 6 sec. 1 lit. f GDPR. Our legitimate interest is to offer our customers a regular and efficient channel for expressing criticism so that we can adapt our services accordingly.

4.4.2 Duration of storage or criteria for determining this duration

The data used is saved in our CRM (Customer Relationship Management) system for the duration of our contractual relationship. After termination of our contractual relationship, the data will only be used for a last customer satisfaction survey and then blocked for this type of data processing.

4.4.3 Possibility of objection and removal

You have the right to revoke your consent to the use of your data for business customer surveys at any time. You will find a corresponding note in every e-mail inviting you to participate. You also have the right to object to the processing of your data. You also have the right to demand the deletion of your data in accordance with Art. 17 GDPR. Furthermore, you have the right to correct your data and to receive information about the data stored by us.To exercise your data protection rights, please contact us at the contact address mentioned in section 1 or by e-mail at: newsletter-unsubscribe@riverty.com .

4.5 Online application

On this website, the Riverty Group publishes job advertisements where you can apply for a job. You will be forwarded to the group wide applicant portal via the job advertisement. In this respect, the actual data processing for the application procedure for your online application does not take place on this website.

4.5.1 Deviating responsibility under data protection law

The company that published the job advertisement and is looking for new employees is responsible for the job advertisements. It is the company that regularly receives your data when we receiving your application. Your data will not be passed on to other companies unless it is required by law or you give your consent.

Further information on the responsibilities, the purpose of data processing and the legal basis as well as possible recipients and storage period can be found in the respective job advertisement. Further details on data processing for the specific application procedure for your online application can be found when registering and creating your applicant profile.

4.5.1 Purposes and legal basis of data processing

Upon receipt of your online application for a specific job advertisement, your data will be processed for hiring purposes only. During the phase of contractual initiation of an employment relationship, your potential employer has an interest in ensuring that you have the necessary professional competence and personal aptitude for the vacant position.

The legal basis for the processing of your data is Art. 6 sec. 1 lit. b GDPR. The data processing therefore takes place for the purpose of establishing a potential contractual or employment relationship with you.

4.5.2 Duration of storage or criteria for determining this duration

Your data will be processed for as long as it is necessary to establish the employment relationship. After completion of the online application and the hiring decision, your data will be deleted after the legal retention period (currently regularly 6 months).

4.5.3 Possibility of objection and removal

Due to the applicable legal basis, there is no right of objection for the described processing procedure according to Art. 21 GDPR. If you have any questions in this regard, you can contact us via the given information at any time.

4.6 E-mail and telephone contact

The website offers the possibility to contact the company via an e-mail address or a telephone number. If you make use of this option, the data entered, your e-mail address and/or your telephone number and your request will be transmitted to the company. Depending on the request (e.g. questions about the company's products and services, assertion of your data subject rights such as general information), your contact data will be processed further (with the help of our service providers).

4.6.1 Purposes and legal basis of data processing

The legal basis for the processing of your contact data is based on Art. 6 sec. 1 lit. f GDPR. The legitimate interests lie in the processing of your request and further communication. If your contact aims at the conclusion of a contract with the company, the legal basis for the processing of your contact data is Art. 6 sec. 1 lit. b GDPR.

4.6.2 Duration of storage or criteria for determining this duration

After processing your request and the termination of further communication, the contact data will be deleted. This does not apply if your contact is aimed at concluding a contract with the company or you assert your rights as a data subject, such as information. For this purpose, the data will be stored until the contractual and/or legal obligations have been fulfilled and legal retention periods do not prevent deletion. This is regularly the case after 6 months.

4.6.3 Possibilities of objection and removal

You have the right to object to the processing of your contact data, insofar as there are justified reasons for doing so that arise from your particular situation. If you wish to take advantage of your right to object, please contact us at the contact address given in section 1. If you object, the communication cannot be continued. This does not apply if the storage of your contact data is necessary for the initiation or fulfillment of a contract or the assertion of your data subject rights.

4.7 Loox CRM-System

Loox is a cloud-based contact relationship management system (CRM system) and is used to record and keep up to date information on prospective customers, new customers, existing customers, partners, competitors, suppliers and service providers of Riverty companies.

If your contact data is collected, for example, on this website by registering for our newsletter, the data is transferred to the contact relationship management system for further processing and is processed there for the purposes for which it was collected. Here, logical client separation ensures that only those companies have access to the data stored there that are legally authorized to do so (e.g. through their consent or a corresponding contractual relationship with you).

4.7.1 Purposes and legal basis of data processing

The purpose of the data processing is the lawful use of your personal data for further data processing for which you have legitimized us, among other things, through your consent or for which we have been legitimized through a corresponding contractual relationship with you. The legal basis is therefore Art. 6 sec. 1 lit. a GDPR or Art. 6 sec. 1 lit. b GDPR.

4.7.2 Duration of storage or criteria for determining this duration

The data used is stored in our CRM system for the duration of our contractual relationship. After termination of our contractual relationship, the data will only be used for a last customer satisfaction survey and then blocked for this type of data processing. If the data processing is based on consent, the data will be deleted if you have objected to its further use.

4.7.3 Possibilities of objection and removal

If the data processing is based on a contractual relationship agreed between you and us, there is no right to object to the described processing operation pursuant to Art. 21 GDPR. If your consent is the legal basis for the data processing, you have the right to object to this processing at any time. You also have the right to request the deletion of your data in accordance with Art. 17 GDPR. In addition, you have the right to correct your data and to receive information about the data stored by us. To exercise your rights as a data subject, please contact us at the address given in section 1.

4.8 Digital events and activities

The Company regularly offers digital events for its employees, customers and/or service providers (hereinafter "Participants"). The events take place on separate areas of the company's own website or on externally hosted platforms of connected service providers. Depending on the respective event, the Participants are required to visit the website prepared for the event (so-called “landing page”) by means of username and/or E-Mail-Adress and password or by means of a password defined in advance for the event (hereinafter "Participation Data"). In this process, the IP address and the required participation data of the participants will be processed.

4.8.1 Purposes and legal basis of data processing

The purpose of data processing is to enable employee of the company or external parties to participate in digital online events provided by the company. The legal basis under data protection law is based on the purposes pursued with the events. If it is a matter of mandatory trainings of our employees, the legal basis is regularly Art. 6 para. 1 lit. b) GDPR. Participation and the associated data processing is therefore necessary to conduct the employment relationship and its contract. If the event offered is an optional, i.e. voluntary, training or an information event for the participants, the legal basis is regularly Art. 6 (1) (f) GDPR. The processing is therefore based on a legitimate interest that lies in the creation of additional value for our employee. It is also possible that service providers do not provide the offered event as a processor within the meaning of Article 4 No. 8 of the GDPR, but act as a controller within the meaning of Article 4 No. 7 of the GDPR. In these cases, it is always a matter of voluntary events whose participation depends on your consent to the data processing. If it is such an event, you will be asked on the landing page to give your consent to the data processing in favour of the respective organizer. The legal basis for data processing is then Art. 6 para. 1 lit. a) GDPR. In this case, you must assert your rights directly towards the organizer. Further information on this can be found under section 7.

4.8.2 Duration of storage or criteria for determining this duration

The company processes your data within the scope of the offered event until the respective event has been completed. Accordingly, your data (username, e-mail address, IP address) will be completely deleted after the end of the event. If the processing of your data is carried out by the organizer as data controller, the duration of the storage is determined by the respective data protection information of the organizer.

4.8.3 Possibilities of objection and removal

If the data processing is based on a contractual relationship and/or employment relationship agreed between you and us, there is no right to object to the described processing operation pursuant to Art. 21 GDPR. If your consent is the legal basis for the data processing, you have the right to object to this processing at any time for the future. You also have the right to request the deletion of your data in accordance with Art. 17 GDPR. In addition, you have the right to correct your data and to receive information about the data stored by us. To exercise your rights as a data subject, please contact us at the address given in section 1.

4.9 Microsoft Bookings

The company collects and processes personal data for the online booking of meeting appointments. For this purpose, it uses the "Microsoft Bookings" service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The connection to the service is only established when you call up the online booking function via a button on our website. Further information on the handling of user data can be found in theprivacy policy from Microsoft.

 We would like to point out that you are not obliged to use Microsoft Bookings to arrange an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.4.9.1 Purposes and legal basis of data processing

 The legal basis for the data transfer, storage and processing is your consent pursuant to Art. 6 (1) a) GDPR.4.9.2 Duration of storage or criteria for determining this duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

4.9.3 Possibilities of objection and removal

You have the option to revoke your consent to data processing or to object to the use of the data at any time. In this case, the intended contact with the user is no longer possible or communication that has already begun can no longer be continued.

5. Who receives my data?

Within the company, access to your data is granted to those departments that need it to fulfill the purposes described in section 4. Service providers of the company may also be granted access to your data (so called " processors", e.g., data centers, hosting, IT infrastructure support or web design). Data processing agreements ensure that these service providers are bound by instructions, data security and confidential handling of your data.

6. Is my data processed outside the EU or EEA (third country transfer)?

If the service providers and/or third parties outside the EU/EEA mentioned in section 4 process your data for the purposes mentioned in section 4, this may result in your data being transferred to a country where no adequate level of data protection to the EU/EEA can be guaranteed. However, such a level of data protection can be ensured with a suitable guarantees. A suitable guarantee could be given by standard contractual clauses provided by the EU Commission. In accordance with the ruling of the European Court of Justice of 16 July 2020 (Case C-311/18), service providers in third countries commissioned by us are obliged to disclose to us which additional suitable technical and organizational measures have been implemented to prevent state monitoring mechanisms. If there is any doubt about the legality of such data processing, the service providers concerned will be obliged to adapt their technical and organizational measures.A copy of these guarantees can be requested from the contact details given in point 1.

Any guarantees may be waived in exceptional circumstances, such as when you consent or the transfer to a third country is necessary for the performance of your contract with the Company. The EU Commission has also recognized certain third countries as safe third countries, so that the Company may also waive any appropriate guarantees at this point.

A third country transfer takes place in the following cases, among others:

  • for the delivery and settings of the website, service providers are used whose rights centers are located in a third country or who can access the data centers within the European Union or the EEA from a branch in a third country the company has agreed with these service providers, through standard contractual clauses, to comply with the European level of data protection.
  • Web tracking services are used by service providers whose rights centers are located in a third country or who can access data centers within the European Union or EEA from a branch in a third country. The company has agreed with these service providers to comply with the European data protection level by means of standard contractual clauses in accordance with Art. 46 sec.2 lit. c GDPR.

7. What data protection rights do I have?

You have the right to request information about the personal data we have stored about you at any time. If data concerning your person is incorrect or no longer up to date, you have the right to demand its correction. You also have the right to demand the deletion or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may also have the right to have the data provided by you released in a common and machine-readable format (right of data portability). If you have given your consent to the processing of personal data for specific purposes, you can revoke your consent at any time with effect for the future. The revocation is to be addressed to the company at the contact address stated in section 1. In accordance with Art. 21 GDPR, you also have the right to object at any time, for reasons arising from your particular situation, to the processing of your data, which is carried out in accordance with the legal basis of Art. 6 sec. 1 letter f GDPR.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

8. To what extent is there automated decision-making?

We do not use any fully automated decision-making processes for the purposes mentioned under point 4.

9. Does profiling taking place?

No profiling will take place for the purposes mentioned under section 4.

10. Updating of the data protection notice

If this Privacy Policy is changed, notice of the change will be posted in this Policy, on the homepage, and in other appropriate places.

Status of the data protection notice: October 2022