+49260394271 info@hw-leasing.it.com
EN DE

Privacy Policy

Your privacy is our priority. Learn how we protect and handle your personal information.

Last Updated: December 15, 2024

Privacy Policy

1. Introduction

At HW Leasing GmbH, we are committed to protecting your privacy and ensuring the security of your personal information. This comprehensive privacy policy explains how we collect, use, store, and protect your personal data when you use our financial services, visit our website, or interact with us in any capacity.

This policy covers all aspects of our data handling practices, including financial data protection, compliance with German and European data protection laws (GDPR), and adherence to international banking standards. By using our services or providing us with your personal information, you agree to the terms outlined in this privacy policy.

Important Note: We never sell your personal data to third parties. Your financial privacy is paramount to our business relationship.

2. Information We Collect

2.1 Information You Provide

  • Personal identification information: Full name, date of birth, social security number, passport/ID number, nationality
  • Contact information: Email address, phone numbers, residential and business addresses, emergency contact details
  • Financial information: Bank account details, credit history, income statements, tax returns, employment information, asset declarations
  • Account credentials: Username, encrypted passwords, security questions and answers, two-factor authentication settings
  • Transaction history: Loan applications, payment records, leasing agreements, investment portfolios, insurance policies
  • Communication records: Customer service interactions, complaint records, feedback forms, survey responses
  • Marketing preferences: Communication preferences, newsletter subscriptions, promotional material consent

2.2 Automatically Collected Information

  • Device information: IP address, browser type and version, operating system, device identifiers, screen resolution
  • Usage data: Pages visited, time spent on pages, click patterns, search queries, referral sources
  • Location data: Approximate geographic location based on IP address, GPS data if permitted
  • Cookie data: Session identifiers, user preferences, analytics data, security tokens
  • Transaction metadata: Time stamps, transaction amounts, payment methods used, processing status

2.3 Information from Third Parties

  • Credit bureaus: Credit scores, credit reports, payment history, public records
  • Financial institutions: Bank statements, account verification, transaction history from partner banks
  • Payment processors: Payment confirmation, fraud detection alerts, chargeback information
  • Government agencies: Tax information, regulatory reporting, compliance verification
  • Business partners: Referral information, co-signed applications, joint account details

3. How We Use Your Information

3.1 Financial Services Provision

  • Account management: Opening, maintaining, and closing customer accounts
  • Loan processing: Evaluating loan applications, determining creditworthiness, processing approvals
  • Risk assessment: Analyzing financial stability, fraud prevention, anti-money laundering checks
  • Payment processing: Executing transactions, maintaining payment records, reconciliation
  • Customer support: Providing account assistance, resolving disputes, answering inquiries

3.2 Legal and Regulatory Compliance

  • KYC compliance: Verifying customer identity as required by German banking laws
  • AML monitoring: Screening for suspicious activities, reporting to authorities when required
  • Tax reporting: Fulfilling tax obligations, providing necessary documentation to tax authorities
  • Regulatory reporting: Submitting required reports to financial supervisory authorities
  • Legal requests: Responding to court orders, subpoenas, and lawful government requests

3.3 Communication and Customer Service

  • Transaction notifications: Sending account alerts, payment confirmations, statement notifications
  • Policy updates: Informing about changes in terms, conditions, and privacy policies
  • Security alerts: Notifying about suspicious account activity, security breaches
  • Customer surveys: Gathering feedback to improve service quality

3.4 Marketing and Business Development (With Consent)

  • Product recommendations: Suggesting relevant financial products based on your profile
  • Promotional communications: Sending newsletters, special offers, market insights
  • Market research: Analyzing trends to develop new financial products and services
  • Performance analytics: Measuring campaign effectiveness, customer engagement metrics

4. Information Sharing and Disclosure

4.1 Financial Service Providers

  • Banking partners: Secure transmission of account and transaction data for loan processing
  • Credit reporting agencies: Sharing credit-related information for risk assessment
  • Payment processors: Encrypted payment information for transaction processing
  • Insurance providers: Relevant data for insurance products and claims processing
  • Investment managers: Portfolio data for investment advisory services

4.2 Legal and Regulatory Requirements

  • Court orders: Complying with judicial requests for customer information
  • Regulatory authorities: Reporting to BaFin, ECB, and other supervisory bodies
  • Tax authorities: Providing required information for tax compliance
  • Law enforcement: Cooperating with legitimate criminal investigations
  • Anti-money laundering: Reporting suspicious transactions to relevant authorities

4.3 Business Transfers and Mergers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the new entity. We will provide notice before your personal information becomes subject to a different privacy policy, and you will have the opportunity to opt-out or request data deletion where legally permissible.

4.4 With Your Explicit Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you request specific services that require data sharing with our partners.

5. Data Security and Protection Measures

5.1 Technical Security Measures

  • Advanced encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Multi-factor authentication: Required for all administrative access and customer accounts
  • Network security: Enterprise-grade firewalls, intrusion detection systems, DDoS protection
  • Access controls: Role-based permissions, principle of least privilege, regular access reviews
  • Data backup: Encrypted, geographically distributed backups with regular recovery testing
  • Security monitoring: 24/7 SOC monitoring, automated threat detection, incident response

5.2 Organizational Security Measures

  • Employee training: Mandatory security awareness training, phishing simulation tests
  • Background checks: Comprehensive screening for all employees with access to financial data
  • Confidentiality agreements: Legal obligations for all staff and contractors
  • Security policies: Comprehensive information security management system (ISMS)
  • Regular audits: Internal and external security assessments, penetration testing
  • Incident response: Detailed procedures for security breach detection and response

5.3 Your Security Responsibilities

  • Strong passwords: Use unique, complex passwords for your account
  • Device security: Keep your devices updated and use antivirus software
  • Secure connections: Only access your account from trusted networks
  • Logout practices: Always log out completely when using shared computers
  • Phishing awareness: Be cautious of suspicious emails or phone calls requesting information
  • Immediate reporting: Contact us immediately if you suspect unauthorized access

5.4 Data Breach Notification

In the unlikely event of a data breach that may affect your personal information, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR. We will provide clear information about what happened, what information was involved, and what steps we are taking to address the situation.

6. Cookies and Tracking Technologies

Cookie Type Purpose Duration
Essential Cookies Basic website functionality, security, login authentication Session
Functional Cookies User preferences, language settings, personalization Up to 1 year
Analytics Cookies Website usage analysis, performance monitoring, improvement insights Up to 2 years
Marketing Cookies Personalized advertising, campaign measurement, retargeting Up to 1 year

Additional Tracking Technologies

  • Google Analytics: Traffic analysis, user behavior insights, conversion tracking
  • Web beacons: Email open rates, engagement measurement
  • Local storage: Browser-based data storage for enhanced user experience
  • Session replay tools: Understanding user interactions for UX improvements

Cookie Management

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for specific websites. Please note that disabling certain cookies may affect website functionality and your user experience.

7. Your Rights (GDPR/CCPA Compliance)

7.1 Right of Access

You have the right to request a copy of all personal data we hold about you. This includes account information, transaction history, and any other data we have collected or processed.

7.2 Right to Rectification

If you believe any of your personal data is inaccurate or incomplete, you have the right to request correction or completion of this information.

7.3 Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data, subject to certain limitations such as legal obligations, legitimate business purposes, and regulatory requirements in the financial sector.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal data while we investigate a complaint or concern you have raised about its accuracy or our use of it.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller.

7.6 Right to Object

You can object to our processing of your personal data for marketing purposes at any time. You also have the right to object to processing based on legitimate interests.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within 30 days and may require verification of your identity to process your request securely.

8. Children's Privacy

Our financial services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.

9. International Data Transfers

9.1 Protection Measures

  • Adequacy decisions: We transfer data to countries with adequate protection levels as determined by the European Commission
  • Standard Contractual Clauses (SCCs): Binding agreements that ensure appropriate data protection standards
  • Data processing agreements: Contractual obligations for third-party processors
  • Regular compliance audits: Monitoring international partners' data protection practices

9.2 Transfer Destinations

  • European Union: Primary data storage and processing within EU/EEA
  • United States: Cloud storage services with appropriate safeguards
  • Other jurisdictions: Only when necessary and with proper protection measures

10. Data Retention Periods

Information Type Retention Period Reason
Account Information 10 years after account closure German banking law requirements, audit purposes
Transaction Records 10 years from transaction date Financial reporting, tax compliance, dispute resolution
Credit Reports 7 years from assessment date Risk management, regulatory compliance
Marketing Consent 3 years after withdrawal Consent record keeping, compliance documentation
Website Logs Up to 2 years Security monitoring, fraud detection, system optimization
Customer Support Records 5 years from last contact Service quality, dispute resolution, training purposes

Safe Data Disposal

  • Electronic deletion: Secure overwriting making data unrecoverable
  • Physical destruction: Industrial shredding of paper documents
  • Backup purging: Systematic removal from all backup systems
  • Disposal documentation: Records of data destruction for compliance

11. Third-Party Links and Services

Our website and services may contain links to external websites, financial tools, or services operated by third parties. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites before providing them with your personal information.

When you click on third-party links or use integrated services (such as payment processors or credit monitoring tools), you are leaving our platform and are subject to the terms and privacy policies of those third-party providers.

12. Policy Changes and Updates

12.1 Change Notification Process

  • Website notification: Prominent notice on our homepage for 30 days
  • Email notification: Direct communication to all registered users
  • Account dashboard alert: In-app notification upon next login
  • Explicit consent: Required for material changes affecting data processing

12.2 Staying Informed

The most current version of this privacy policy is always available on our website. We recommend checking the 'Last Updated' date periodically. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

13. Contact Information

Get in Touch

For any privacy-related questions, concerns, or requests, please don't hesitate to contact us. We're committed to addressing your privacy concerns promptly and transparently.

HW Leasing GmbH
Spiegelberg 57 23966 Wismar, Meckl Deutschland
+49260394271
info@hw-leasing.it.com
Mo-Fr 09:00-18:00

Response Commitment: We will respond to all privacy inquiries within 3 business days.

13.1 Filing Complaints

If you are not satisfied with how we handle your privacy concerns, you have the right to file a complaint with the relevant supervisory authority:

  • Germany: Federal Commissioner for Data Protection and Freedom of Information (BfDI)
  • Address: Graurheindorfer Str. 153, 53117 Bonn
  • Phone: +49 (0)228 997799-0
  • Email: poststelle@bfdi.bund.de

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

  • Unsubscribe links: Click the unsubscribe link in any marketing email
  • Account settings: Manage preferences through your online account dashboard
  • Customer service: Call or email us to opt out of marketing communications
  • Written request: Send a signed letter to our business address

14.2 Account Deletion Process

  1. Submit deletion request through customer service or online form
  2. Identity verification to ensure account security
  3. Settlement of outstanding obligations (loans, payments)
  4. Data retention notification for legal compliance purposes
  5. Confirmation of account closure and data processing cessation

15. Conclusion

At HW Leasing GmbH, protecting your privacy is not just a legal obligation—it's fundamental to our commitment to providing trustworthy financial services. We understand that your financial data is among your most sensitive personal information, and we treat it with the highest level of care and security.

This privacy policy reflects our dedication to transparency, compliance with German and European data protection laws, and respect for your rights as our valued customer. We continuously review and update our privacy practices to ensure they meet evolving regulatory requirements and industry best practices.

If you have any questions about this privacy policy or our data practices, we encourage you to contact us. Building and maintaining your trust through responsible data stewardship remains our top priority.

Thank you for choosing HW Leasing GmbH as your financial partner. Your privacy matters to us.

Remember: This privacy policy was last updated on December 15, 2024. Please check back periodically for updates.