Privacy policy

Berlin, 01.01.2022

Denario GmbH, with its registered office at Gormannstr. 14, 10119 Berlin, Germany, and registered with the Commercial Register of the Local Court of Charlottenburg under the registration number HRB 230837 B, operates an Internet portal at https://www.denario.io/ (the "Denario Portal") and a web and mobile application (the "Denario App") and, in cooperation with its partners, provides "Payment Services" and other functionalities for the management and control of business finances (together the "Denario Services"). The Denario Services are aimed exclusively at start-ups and small and medium-sized businesses (SMBs).

The following information provides you with an overview of how we handle your personal data and your rights under data protection law, in particular the European Regulation (EU) 2016/679 (GDPR). This covers the scope and purpose of the processing of personal data by Denario GmbH as the controller within the meaning of the GDPR when you are visiting the Denario Platform (section 2), using the Denario App (section 3) and using the Denario Services (section 4). Reference is made to the respective legal basis and justifications of the GDPR at the relevant points. This is followed by information on the storage period (section 5), the transfer of personal data to third parties (section 6), and the location of the respective data processing (section 7). Finally, you will find information on your rights (section 8).

We reserve the right to change this privacy policy from time to time in order to adapt it to current legal framework conditions, requirements of supervisory authorities or consequences from relevant case law. We may also change the privacy policy in order to adapt it to changed or new services or to combine additions and supplements in one document. A change will only affect the processing of your personal data for the future, a reduction of the level of data protection below the legal requirements is excluded. The current version is available on our website (www.denario.io).

We would like to inform you separately about the use of cookies, you can find relevant information on a separate section below.

1 Contact addresses: Who is responsible and whom can I contact?

The responsible controller as defined in Article 4 no. 7 GDPR is:
Denario GmbH

Anklamer Str. 47, 10115 Berlin

Phone: +49 (0) 152 0369 4851

E-mail: support@denario.io

The responsible controller as defined in Article 4 no. 7 GDPR is:

Denario GmbH

Anklamer Str. 47, 10115 Berlin

Phone: +49 (0) 152 0369 4851

E-mail: support@denario.io

The supervisory authority responsible for us is:

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstr. 219, 10969 Berlin

Phone: +49 (0) 30 13889 0

Fax: +49 (0) 30 215 5050

E-mail: mailbox@datenschutz-berlin.de

Website: www.datenschutz-berlin.de

2 Processing of data when visiting the Denario App

2.1 Scope of data processing

Our system automatically collects data and information from the computer system from which you access the Denario Portal. This involves processing the following data (the "Log Data"):

  • Information about the type of browser and the version used (so-called user agent);
  • the operating system of your computer system;
  • the IP address of your computer system;
  • the amount of data sent in bytes;
  • the date, time and duration of access;
  • the language setting.

Log Data – with the exception of the IP address – does not allow any personal reference. It is also not possible for us to establish a personal relationship via the assignment or linking of Log Data and IP address. The IP address is processed and stored by us in log files.

2.2 Purpose of the data processing

Log Data, in particular your IP address, is collected to make the Denario Portal and its content available. For the data traffic between your computer system and the Denario Portal, a storage of the IP address is necessary. This is done to ensure the functionality and security of the Denario Portal and our information technology systems. In addition, this data can be used to optimize the performance of our server infrastructure, identify any problems and finally analyze and rectify them. At the same time, this is a continuous improvement of the Denario Services.

2.3 Legal basis

To the extent the processing of your personal data is necessary for the performance of a contract or in order to take steps prior to entering into a contract, the legal basis for the collection of data is Article 6 (1) sentence 1 lit. b) GDPR (implementation of pre-contractual measures respectively contract performance).

The legal basis for the storage of the Log Data is Article 6 (1) sentence 1 lit. f) GDPR (protection of legitimate interests). According to this, the processing of personal data is lawful if it is necessary to safeguard the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data. We have weighed this up in our favor to the extent that the data only interferes very slightly with the interests of the data subject, but for us it is necessary to store the data so that we can operate our systems and website in a stable and secure manner, in particular to detect attacks. In addition, we have an interest in measuring the utilization of our website.

3 Processing of data when using the Denario App

3.1 Scope of data processing

When you use the Denario App, we process the following data:

  • IP address of the user;
  • Date and time of the request;
  • Content of the request (concrete page);
  • Access Status/HTTP Status Code;
  • the amount of data transferred in each case;
  • Operating system of the user;
  • after a registration (cf. section 4.1.3) the corresponding UserID and OrgID.

3.2 Purpose of the data processing

We use the data processed when using the Denario App to offer our products and services and to fulfil our contractual and pre-contractual obligations. The data collected as part of the usage analysis enables us to make the Denario App more stable and customer-friendly by technically diagnosing and solving any problems that arise. In addition to stability, the IT security of the Denario App can also be guaranteed. In addition, the collected data also enables the further development of the Denario App and the Denario Services.

3.3 Legal basis

The legal basis for the data processed when using the Denario app is Article 6 (1) sentence 1 lit. b) GDPR (implementation of pre-contractual measures or contract performance), insofar as this data is necessary for the initiation and performance of the contract.

Furthermore, the processing of data is carried out on the basis of a balancing of interests in accordance with Article 6 (1) sentence 1 lit. f) GDPR (protection of legitimate interests). We have carried out this assessment in our favor to the effect that the data only interferes very slightly with the interests of the data subject, while we use the data, also in the interest of the data subject, to improve the stability and security of our products.

4 Processing of data when using the Denario Services in the Denario Portal or the Denario App

4.1 Scope of data processing

The following describes the collection of data when (i) using our webchat, (ii) agreeing to a demo, (iii) registering as a customer, (iv) assessing creditworthiness, (v) communicating with our customer support, (vi) subscribing to our newsletter, and (vii) applying for jobs:

4.1.1 Webchat

In the context of the webchat, we collect the following personal data of the chat participant:

  • Name, e-mail address, mobile number if applicable;
  • Conversation history (chat logs);
  • Circumstances of communication via webchat (e.g., IP address, time/date stamp).

The persons concerned are regularly persons who have an interest in our services, e.g., employees of a potential contractual partner.

4.1.2 Arrangement of a Demo

When you make an appointment for a personal demonstration of the Denario Services (the "Demo"), we collect the following data:

  • Name, e-mail address and mobile number of the person requesting the Demo;
  • Company name or designation of the potential contractual partner;
  • Circumstances of communication, for example, by e-mail or by telephone (e.g., IP address, time/date stamp, telephone number);
  • Approximate number of employees of the potential contractual partner.

4.1.3 Registration as a customer

When registering a potential contractual partner on the Denario Portal or in the Denario App, we collect the following data:

  • Company name or designation of the potential contractual partner;
  • Legal form of the potential contracting party;
  • if applicable, registration number and date of entry in the commercial register;
  • if applicable, Tax Identification Number (TIN);
  • Address of the registered office or principal place of business of the contracting party;
  • Details of the account-holding bank;
  • IBAN of the specified company accounts;
  • Language preferences;
  • The name, e-mail address, and mobile number of the person for whom the Denario Account is being created;
  • Name, e-mail address and mobile number of all additional users that are created;
  • In the future we might also collect name, date and place of birth, nationality and residence of the potential contractual partner's authorized representatives;
  • Name, date and place of birth, nationality and place of residence of the beneficial owners within the meaning of the German Money Laundering Act (GwG);
  • after successful registration optionally (i) the profile pictures of registered users as well as (ii) the name, e-mail address and profile picture of other team members invited by a user.

In the case of partnerships, the persons concerned are the natural persons who are partners and, irrespective of the legal form, the managing directors/board members and employees authorized to represent the potential contracting party as well as the employees of the potential contracting party whom the latter invites to use the Denario Services. Insofar as necessary in connection with audits under money laundering law, further persons affected may be existing beneficial owners within the meaning of the GwG.

4.1.4 Communication with customer support

When communicating with our customer support via telephone or e-mail, the following personal customer data in particular is processed:

  • Name, e-mail address, mobile number if applicable;
  • communication data corresponding to the respective request (e.g., IP address, time/date stamp);
  • Transmitted content e.g., log files, screenshots. The person concerned is in each case the person who makes use of the support and, if applicable, the persons whose personal data are contained in the data and documents that are transmitted to us.

4.1.5 Newsletter

When communicating with our customer support via telephone or e-mail, the following personal customer data in particular is processed:

  • Name, e-mail address, mobile number if applicable;
  • communication data corresponding to the respective request (e.g., IP address, time/date stamp);
  • Transmitted content e.g., log files, screenshots. The person concerned is in each case the person who makes use of the support and, if applicable, the persons whose personal data are contained in the data and documents that are transmitted to us.

4.1.6 Job postings

We process personal data in connection with job postings on the Denario Portal:

  • Last name, first name of the applicant;
  • E-mail address of the applicant;
  • Mobile number, if applicable;
  • Curriculum vitae of the applicant, including references;
  • Information about the current employer;
  • Content of the application documents sent to us.

The person concerned is the person applying for a job.

4.1.7 Google services (Google API disclosure)

Denario's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4.1.8 FullStory web analysis service

We use the web analysis tool FullStory to continuously develop our website and provide visitors with the best possible experience and customer service. FullStory is provided by our software partner FullStory Inc, 120 Ottley Dr., NE, Ste. 100, Atlanta, GA 30324, United States of America ("FullStory"). FullStory records the DOM (Document Object Model) elements within the browser window together with the associated CSS styles. The DOM is the interface between HTML and dynamic JavaScript. All elements become objects that can be called, changed, added and deleted dynamically. CSS is a stylesheet language for electronic documents and together with HTML and DOM one of the core languages of the World Wide Web. Dynamic changes to DOM elements, e.g. by using Javascript, are also recorded. This allows sessions to be recorded on dynamic web pages. FullStory also uses cookies, which enable session-based analysis of your use of the website. The data generated by the cookie and other records about visits to our websites are sometimes stored, processed and made available to us by FullStory. FullStory only records your IP address and deletes it automatically after a period of 30 days at the latest. By using the "Discard user IP addresses" extension, we ensure that FullStory does not transmit your IP address to us. FullStory further records your name and email address. The personal data recorded by FullStory is sometimes stored, processed and made available to us by FullStory for customer service activities. All personal data is being anonymized or deleted 30 days after recording at the latest. By using the "Discard user IP addresses" extension, we ensure that FullStory does not transmit your IP address to us. FullStory further records your name and email address. The personal data recorded by FullStory is sometimes stored, processed and made available to us by FullStory for customer service activities. All personal data is being anonymized or deleted 30 days after recording at the latest.

FullStory is a software company from the USA. FullStory Inc, 120 Ottley Dr., NE, Ste. 100, Atlanta, GA 30324, United States of America.

FullStory is used for the purpose of economic optimization and demand-oriented design of our web application, as well as for customer service and success activities. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.


For more information, please refer to FullStory's privacy policy, which can be found here.

4.2 Purpose of the data processing

The collection and processing of data takes place

  • in the case of section 4.1.1 for the purpose of product information and contract initiation. The personal data is required in particular to contact chat participants;
  • in the case of section 4.1.2 for the purpose of initiating a contract, in particular for setting up and preparing a Demo appointment and, if applicable, for preparing a subsequent registration for the Denario Account. Personal data is required in particular for contacting;
  • in the case of section 4.1.3 for the purpose of initiating and executing the contract with the potential contractual partner. The data enables the use of the Denario Services and the provision of data and documents to our partners, who thereby fulfil their legal and regulatory obligations. The data is also required for the security of the Denario Account, as only users assigned to the relevant Denario Account should be able to gain access and identify their company and persons associated with it. Crimes are to be prevented. Furthermore, in individual cases it may be a matter of asserting, exercising or defending legal claims;
  • in the case of section 4.1.4 for the purpose of communication with our customer support;
  • in the case of section 4.1.5 for the purpose of sending and managing the newsletter ordered in the individual case; and
  • in the case of section 4.1.6 for the purpose of processing job applications with a view to meeting and recruiting potential employees or contacting them about future employment.

4.3 Legal basis

The legal basis for the data processing described above is generally Article 6 (1) sentence 1 lit. b) GDPR (implementation of pre-contractual measures or contract performance). Within the scope of our business relationship, you must provide the personal data that is required for the establishment, implementation and termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we are generally unable to conclude a contract with you or to execute or terminate an existing contract. If you do not provide us with the necessary information, documents and respective information on changes, we will not be able to establish a desired business relationship or may have to terminate it at short notice.

In cases where processing is not absolutely necessary for the performance of the contract, the legal basis is Article 6 (1) sentence 1 lit. f) GDPR (protection of legitimate interests). We have weighed the interests in our favor to the extent that the collected data only slightly interferes with the interests of the data subject, while we use the data, also in the interest of the data subject, to improve the functionality, stability and security of our products. Important are, for example, the examination and optimization of processes for customer contact or business control and risk management within our company. This also includes, for example, the prevention of fraud and criminal acts as well as the provision of sufficient IT security. Furthermore, in individual cases it may be a matter of asserting, exercising or defending legal claims.

When processing your data in the sense of section 4.1.6 and section 4.1.7, the legal basis is your consent in accordance with Article 6 (1) sentence 1 lit. a) GDPR, and in the case of section 4.1.7 also Section 26 of the German Federal Data Protection Act (BDSG), provided that you have given your consent to the processing of personal data relating to you for one or more specific purposes. In these cases, the processing of data based on your consent is lawful until you revoke your consent. A revocation is possible at any time, is effective for the future and affects the processing of all data following the revocation. We consider the submission of application documents as consent.

Insofar as we collect data of identification and creditworthiness in sections 4.1.3 and 4.1.4, which we are legally obliged to collect, the legal basis is Article 6 (1) sentence 1 lit. c) GDPR (legal obligation). If we act on behalf of a third party, the legal basis on which the third party can rely is decisive. In this case, please refer to the privacy policy of the third party for more details.

5 Storage period

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected (see sections 2.2, 3.2 and 4.2 above) and the respective statutory retention periods have expired in each individual case. Therefore, we do not process and store your data for longer than is necessary to fulfil our contractual and legal obligations. In particular, it must be taken into account that your business relationship with us is generally a continuing obligation which is intended to last for many years. In addition, we must retain your data, for example, in order to comply with legal, in particular commercial and tax law retention obligations. These may result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention periods to be observed by us are between two (2) and ten (10) full calendar years. Furthermore, we store data to the extent necessary to preserve evidence in accordance with the statutory limitation periods. According to Sections 194 ff. of the German Civil Code (BGB), these are generally three (3), but in certain cases also up to thirty (30) full calendar years. Data on claims from chargebacks and similar disruptions will be deleted as soon as the claim has been settled in full, unless they are part of documents that are subject to correspondingly longer retention periods in accordance with HGB and AO. Data that we collect in connection with our newsletter (section 4.1.6) will be stored – subject to a possible request for deletion or revocation at any time by clicking on the link provided at the end of each newsletter e-mail or by sending an e-mail to support@denario.io – for as long as we need this data to send the newsletter. The data will also be deleted if we stop sending the subscribed newsletter.

6 Disclosure to third parties

As a matter of principle, we do not pass on personal data to third parties. Within our company, only those departments that need your data to fulfil our contractual and legal obligations and to protect our legitimate interests will have access to it. Data will only be passed on to third parties, in particular to public bodies and institutions or service providers employed by us, in exceptional cases, if

  • you have given your express consent to this in accordance with Article 6 (1) sentence 1 lit. a) GDPR; or
  • a transfer is legally permissible and in particular required in accordance with Article 6 (1) sentence 1 lit. b) GDPR for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures; or
  • in accordance with Article 6 (1) sentence 1 lit. c) GDPR, there is a legal obligation for the disclosure (e.g., following a request by state law enforcement authorities); or
  • the disclosure is necessary in accordance with Article 6 (1) sentence 1 lit. f) GDPR for the protection of legitimate business interests and for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data; or
  • we use external service providers (so-called data processors) for data processing in accordance with Article 28 GDPR, who have previously been obligated to handle your data with care. These include, in particular, third-party services that we use for the functionality and improvement of the Denario Services and the security of our information technology systems (e.g., our hosting providers, cloud providers, services for connecting the Denario Services to your ERP systems, for customer communication or analysis of user behavior).

In all of the above cases, we ensure that third parties only have access to personal data that is necessary for the performance of individual tasks. Under no circumstances do we sell personal data to third parties.

7 Data processing in the European Union; exceptions

The processing of your data generally takes place within the member states of the European Union (EU) or the European Economic Area (EEA). This also applies to cooperation with thirdparty services. A data transfer to third countries (countries outside the EU or the EEA) only takes place if this is necessary for the execution of your orders or the provision of your products or if it is required by law (e.g., fiscal or foreign trade reporting obligations) or if you have given us your consent. Where technically feasible, third-party services are used by us with activated IP anonymization.

When using individual third-party services, your IP address may be transferred to a server in the US. In the event that data is transferred to servers in the US and stored there, we include the respective current EU standard contractual clauses in the respective data processing conditions and have them signed or otherwise accepted by our third-party service providers.

8 Your rights

If your personal data is processed by us on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR, you have the right to object at any time pursuant to Article 21 GDPR, insofar as reasons arise from your particular situation. If you wish to exercise your right of objection, an e-mail (privacy@denario.io) will suffice. In such a case, we may only continue processing your data if there is a compelling reason that outweighs your interests, rights and freedoms. A compelling reason may arise in particular from the fact that the processing serves the assertion, exercise or defense of legal claims or we are forced by law to continue processing (for example, in the case of statutory file retention periods or other special legal regulations).

You also have the right

  • to revoke your consent at any time with the consequence that we will no longer process the data based on this consent in the future (Article 7 (3) GDPR);
  • to request information about whether we process your personal data (Article 15 (1) GDPR). If this is the case, you are entitled to further information (Article 15 (2) GDPR). In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details. The right to information is limited by the right of third parties to the protection of their personal data (Article 15 (4) GDPR);
  • to demand without delay the correction of incorrect personal data concerning you or the completion of incomplete personal data, also by means of a supplementary declaration (Article 16 GDPR);
  • to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims (Article 17 GDPR);
  • to request the restriction of the processing of your personal data, insofar as (i) the accuracy of the data is disputed by you, (ii) the processing is unlawful, but you refuse the erasure of the personal data, (iii) we no longer require the data, but you need them for the assertion, exercise or defense of legal claims or (iv) you have objected to the processing pursuant to Article 21 (1) GDPR (Article 18 GDPR);
  • to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (Article 20 GDPR);
  • to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy (Article 77 GDPR). If you have any questions about data protection in our company, please contact us at the contact address given in section 1.

Cookie policy of Denario GmbH

Berlin, 01.12.2021

The following information provides an overview of the use of cookies when visiting the Denario Portal and using the Denario App. Cookies are small text files that are placed on your device (e.g., computer, laptop, smartphone, tablet) to store certain information, such as internet protocol data or website activity. Your browser sends these cookies back each time you revisit the Denario Portal or Denario App to recognize your device for a period of time and improve your user experience. We use first party cookies on our website which are set and controlled by us. Through such, certain information stored in the cookies is returned to our website. In addition, we use certain third-party cookies through which the information stored in the cookies is sent back to a third-party website to which the cookie belongs.

All cookie information is used to display our products optimally and as user-friendly as possible according to your preferences. Personal data is generally not stored. However, cookies are based on the unique identification of your browser and internet device. Insofar as information processed in connection with cookies qualifies as personal data within the meaning of the European Regulation (EU) 2016/679 (GDPR), we will only process such data if you have consented or if storage is absolutely necessary in order to be able to use the services offered and accessed via the Denario App.

We divide cookies into three categories according to their function and purpose: essential cookies (see section 2.1), cookies for marketing purposes (section 2.2) and cookies for analysis purposes (section 2.3).

We reserve the right to change this cookie policy from time to time in order to adapt it to current legal framework conditions, requirements of supervisory authorities or consequences from relevant case law. We also update this policy if we change the cookies we use. The current version can be accessed via our website (www.denario.io).

1 Contact addresses: Who is responsible and whom can I contact?

The responsible controller as defined in Article 4 no. 7 GDPR is:
Denario GmbH
Anklamer Str. 47, 10115 Berlin
Phone: +49 (0) 152 0369 4851
E-mail: support@denario.io

The responsible controller as defined in Article 4 no. 7 GDPR is:
Denario GmbH
Anklamer Str. 47, 10115 Berlin
Phone: +49 (0) 152 0369 4851
E-mail: support@denario.io

The supervisory authority responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219, 10969 Berlin
Phone: +49 (0) 30 13889 0
Fax: +49 (0) 30 215 5050
E-mail: mailbox@datenschutz-berlin.de
Website: www.datenschutz-berlin.de

2 Scope of data processing

2.1 Essential cookies

Essential cookies make it possible to identify the accessing browser even after a page change. The content of these cookies includes the user language you have selected and the cookie settings you have already accepted. At the same time, necessary information for accessing remote resources is transferred and users are authorized for Denario Services. This also allows technical data or information required for the correct functioning of individual services to be temporarily stored on the user's device. Certain essential cookies, in addition to identifying our users, are also used to communicate with you, such as with our sales team. Finally, essential cookies are set for billing purposes with third-party providers. However, we do not collect IP addresses, browser types, operating system information or other information about your device through essential cookies.

In particular, these are the following cookies:

2.2 Cookies for marketing purposes

Cookies can also be set for marketing purposes. For example, UTM parameters are recorded when browsing the website. Furthermore, so-called website tags, i.e. measurement codes and associated code fragments, are managed via an interface and used for the further implementation of marketing tools in particular. With these cookies, a profile of your interests can be created by us and/or third parties and relevant advertising can be shown to you. In addition, it becomes possible to draw attention to our offers with the help of advertising material on external websites. Third party cookies can also track your browsing behavior across external websites. If you do not allow these cookies, you will be shown less targeted advertising.

In detail, you can set the following cookies:

- Name

- Description

- Classification

  1. - lang
    - Transfers the preferred user language, "en" for English, "de" for German, to display strings in the last selected language in the next session
    - First party
  2. - cookies-accepted
    - Saves the cookie settings. Next session, the cookie banner will not be displayed again and the last saved settings will be used
    - First party
  3. - accessToken
    - A technical token that stores the ID and roles of the current user in the webapp. Used to authorize the user
    - First party
  4. - refreshToken
    - Another technical token that the user receives after successful login. It is used to obtain a new accessToken after expiry
    - First party
  5. - Intercom In-App Messenger
    - Communication with users and identification
    - Third party, provided by Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2, Ireland and Intercom Inc. 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA
  6. - Storyblok
    - Website hosting service
    - Third party, provided by Storyblok GmbH, Peter-Behrens-Platz 2, 4020 Linz

2.3 Cookies for analysis purposes

These cookies enable an analysis of the use of our website. In addition to the date and time, the frequency with which certain pages are accessed is recorded. The click path also allows us to track how visitors move around our website and interact with it. If you do not allow these cookies, we will not know when you visited our website. Accordingly, we cannot monitor the performance of our website.

Specifically, you can set the following cookies:

- Name

- Description

- Classification

  1. - Google Analytics
    - Web analytics service, for example, to measure advertising ROI and to track Flash, video, and social networking sites and applications
    - Third party, provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  2. - Google Optimize
    - Website tags are managed and updated. Serves the implementation of marketing tools.
    - Third party, provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  3. - Google Firebase
    - Advertising media are used to draw attention to our offers on external websites. With the help of AdServer cookies, certain parameters for measuring success, such as the display of ads or clicks, can be measured.
    - Third party, provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

3 Purpose of the data processing

Essential cookies as defined in section 2.1 are mandatory. They ensure functions without which the Denario App cannot be used or offered as intended. We also need such cookies to be able to detect any problems that may occur on the Denario App. In addition, we can analyze the causes of the respective malfunction and, for example, prevent the security of your data from being compromised.

The use of cookies in accordance with section 2.2 serves our marketing. We try to increase the attractiveness of the Denario App. To do this, we would like to personalize our content as precisely as possible to your needs and, if necessary, also address you in a personalized manner outside our website. In addition, we can determine how successful individual advertising campaigns are by measuring their reach.

The use of cookies in accordance with section 2.3 serves to analyze and evaluate user behavior on the Denario App so that we can measure and improve our performance. Therefore, these cookies mainly enable statistical reports on website activity, which are used to design and optimize our products and offers to meet your needs. Also, allow for a continuous tracking of the performance of our front-end code and monitor bugs and issues. In addition, we try to increase the attractiveness of the Denario App by identifying errors or ambiguities in the operation of our website and eliminating them in the future.

4 Legal basis

As essential cookies as defined in section 2.1 absolutely necessary for the operation of the Denario Portal as well as the Denario App, they cannot be disabled. They are always active and are set without your consent. You can set your browser to block these cookies. However, if you do so, your ability to access the Denario Portal or the Denario App and use the Denario Services will be impaired. Insofar as information processed in connection with essential cookies qualifies as personal data, the legal basis for this processing is Article 6 (1) sentence 1 lit. f) GDPR (protection of legitimate interests). Accordingly, the processing of personal data is lawful if it is necessary to safeguard the legitimate interests pursued by the controller or by a third party, except where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data. We have weighed this up in our favor because the data only interferes very slightly with the interests of the data subject, but for us storage is necessary for the proper functionality of the Denario Portal as well as the Denario App. With regard to the security of our services, it is also in your interest to prevent downtime or damage that could affect the confidentiality of your data.

To the extent that personal data is processed in connection with the marketing or analysis function of the cookies pursuant to section 2.2 as well as section 2.3, this is based on your consent pursuant to Article 6 (1) sentence 1 lit. a) GDPR. These cookies are therefore only set as soon as you give us your consent to do so. To grant consent, we provide you with a communication field, the cookie banner, at the beginning of the website visit. You can obtain further information by clicking on the cookie settings. Here you can make choices and control the cookies we store on your device. You can change your cookie settings on the website at any time. In particular, you have the right to revoke your consent to the use of marketing and analytics cookies at any time and without any formal requirements. If you do so, we will no longer process your data for these purposes.

5 Storage period

Some of the cookies we use are automatically deleted from your device as so-called session cookies after the end of the respective browser session. In addition, we use so-called persistent cookies, which remain on your device for a certain period of time after the end of your browser session. On your next visit, the country and language you selected on your last visit to the Denario App, for example, are then immediately recognized. Personal data is deleted in any case when it is no longer needed for the purposes of processing.

6 Data processing in the European Union; exceptions

The processing of your data generally takes place within the member states of the European Union (EU) or the European Economic Area (EEA). This applies both to first party cookies set by us and to third party cookies permitted by us. Data transfer to third countries (countries outside the EU or EEA) only takes place if you have given us your consent. In particular, some cookies may be set by third-party providers based in the US. In such cases, your data may be transferred to a server in the US. By consenting to such cookies, you also consent to the transfer of your data to the US in accordance with Article 49 (1) lit. (a) GDPR. Please note that US recipients may not provide a data protection level equivalent to the data protection level in the EU (see ECJ, C-311/18, Schrems II). Among other things, government authorities in the US have the right to access your data without legal restrictions or judicial reservations. EU citizens generally have no effective legal remedies against such access.

If you have any questions about the use of cookies in our company, please contact us at the contact address given in section 1.