As of 1 February 2020

CrossLend GmbH, Französische Straße 20, 10117 Berlin (“CrossLend”) owns and operates the website located at https://crosslend.com (the “CrossLend Website”). The term “CrossLend Website” does not include the CrossLend Marketplace, which is located at https://marketplace.crosslend.com. The use of the CrossLend Marketplace is governed by separate terms of use.

Each visitor to and user of the CrossLend Website is referred to as a “User” (collectively “Users”) or “you” in these Terms of Use (“ToU”).

Each User is bound by these ToU. If you use the CrossLend Website on behalf of a company, organisation, or other legal entity, you represent and warrant that you are authorised to do so and that you have the authority to bind such entity to these ToU. Where the context requires, the words ”User” and “you” shall also include such entity.

CrossLend makes certain areas of the CrossLend Website available in its sole discretion to:

• qualified investors (as defined in the Prospectus Regulation (EU) 2017/1129) (“Investors”);

• institutions such as banks, marketplace lenders or other loan originators (“Originators”); and

• other relevant parties.

1. General

1.1 The use of the CrossLend Website shall only be permitted on the basis of the ToU, and in CrossLend’s sole discretion.

1.2 CrossLend reserves the right to amend these ToU. Such amendments shall be considered accepted by the User if no objection is made in writing to CrossLend within one week of the User’s receipt of the amendment notification. CrossLend will specifically point out this consequence in the amendment notification.

1.3 CrossLend also provides the CrossLend Marketplace service, which is governed by separate terms of use.

2. Services for Users

2.1 The CrossLend Website provides Users with the opportunity to learn more about CrossLend’s products, and to access information and notifications about the opportunities represented by those products.

2.2 CrossLend may collect, process and use information about each User. For more information, please see our Privacy Policy

2.3 CrossLend does not perform any investment advisory services. In particular, no investment recommendations are made nor is tax or legal advice provided. For more information, see the section entitled Disclaimer below.

3. Registration for the CrossLend Website

3.1 A registration as a User is required to access certain areas of the CrossLend Website.

3.2 The registration requires all requested data to be provided completely and truthfully. Moreover, the User is required to keep their registration data updated at all times.

3.3 Upon a successful registration, CrossLend will send a confirmation email to the User. By clicking on the link contained in that email and creating the first personal password, the User’s account with the CrossLend Website will be activated. As set out in our Privacy Policy, the User’s email address for communication between that User and CrossLend will be confirmed. Users are hereby expressly informed that, in principle, the possibility of third parties being able to view, read, manipulate or delete electronically transmitted data cannot be excluded. Accordingly, CrossLend accepts no liability for the security of the data to be so transmitted. Under their CrossLend accounts, Users may access and change their information and, where relevant, have access to information on the status of their subscribed securities.

4. General duties of Users

4.1 A CrossLend account shall only be used by its registered User.

4.2 The User is obliged to keep the password(s) of their CrossLend account secret and to carefully safeguard the access to their CrossLend account (“confidentiality obligation”). The User will ensure that no third party gains knowledge of their password(s). To prevent misuse, passwords should not be stored electronically (unless encrypted) nor be otherwise put in writing. The User shall immediately change their password if third parties become aware of it, or if the User suspects that third parties have gained access to it. The User is hereby recommended to regularly change their password(s) for security reasons. Users shall be liable to CrossLend and/or other Users for damages resulting from breaches of their confidentiality obligations.

4.3 The User is obliged to immediately inform CrossLend of any evidence of misuse of their account, of any actual or suspected violation of these ToU by third parties, or of any other misuse of the CrossLend Website in general.

4.4 It is prohibited for the User to use the CrossLend Website in an unlawful manner, in violation of the ToU, or in any other abusive way, such as impairing or disturbing the functionality of the CrossLend Website (e.g. by violating the system integrity). No User may transfer their CrossLend account to third parties or otherwise provide access to their CrossLend account to third parties.

5. Availability

To the extent it is technically feasible and commercially reasonable, CrossLend will endeavour to offer an unrestricted availability of the CrossLend Website. However, CrossLend does not guarantee the latter. In particular, maintenance works, security and capacity reasons, technical circumstances as well as events outside of CrossLend’s control may lead to temporary inaccessibility to the CrossLend Website.

6. Intellectual property and permitted use of the CrossLend Website

6.1 The data and material, including trademarks, service marks, pictures, graphics, illustrations, designs, symbols, photos, texts and other images (hereinafter in this clause 6.1 referred to as “Content”) on the CrossLend Website are protected by copyright law, trademark law, data protection law and/or other laws of intellectual property. Any use and/or copy of the Content outside of the CrossLend Website without the prior written consent of CrossLend constitutes a violation of the ToU and is prohibited.

6.2 Subject to the Privacy Policy, you grant us a non-exclusive, worldwide, royalty-free, irrevocable license to use, copy, distribute, publish and transmit in any manner any data you upload or submit to the CrossLend Website (“User Content”).

6.3 The use of systems or software for the extraction of Content from the CrossLend Website, in particular for commercial purposes, is prohibited.

6.4 CrossLend may offer, from time to time, shareable web applications or components which can be embedded on external web pages (“CrossLend Widgets”). CrossLend grants to you a limited, non-exclusive, non-transferable, non-sublicensable, revocable right during the term of these ToU to reproduce and display the CrossLend Widgets on any website controlled by you, provided always that:

(a) you shall display the CrossLend Widgets in the form made available by CrossLend, without alteration; and

(b) in the event that you receive information about visitors to your site, your use of such information must comply with your privacy policy and all applicable data protection and other laws and regulations.

7. Data protection

CrossLend shall process Users’ data as required for the performance of its services under these ToU, or where a User has granted their consent or where a legal basis otherwise applies. Information about the scope of the collection, processing and use of personal data by CrossLend can be found in CrossLend’s Privacy Policy, which may be retrieved and printed at all times from: https://crosslend.com/terms-of-use/#privacy-policy. The User may at any time opt out from the processing and use of their personal data for advertising purposes (please see our Privacy Policy).

8. Contractual term and termination of the ToU

8.1 Unless terminated, the ToU shall remain in full force and effect for an undetermined term.

8.2 Both the User and CrossLend may terminate this contract at any time by serving a written notice of termination (e.g. via email, fax or letter) to the other party 2 weeks prior to the end of the month.

8.3 The right of termination with cause remains unaffected.

9. Liability; Indemnification

In this clause 9, references to “CrossLend” shall include CrossLend, its affiliates, and its and its affiliates’ officers, directors, employees, agents, shareholders, assigns and successors.

9.1 CrossLend shall only be liable for damages resulting from willful misconduct or gross negligence, death or personal injury caused by CrossLend’s negligence, or fraud or fraudulent misrepresentation.

9.2 Subject to clause 9.1, CrossLend will not be liable whether based on a claim in contract, tort (including negligence), breach of statutory duty or otherwise arising out of or in relation to these ToU for any loss of profits, loss of business, loss of revenue, anticipated savings, goodwill or any indirect or consequential damages even if foreseeable and even if CrossLend has been advised of the possibility of such losses.

9.3 Subject to clause 9.1, CrossLend shall not be liable for damages resulting from events outside of CrossLend’s control including where such damages could not have been prevented by mitigation by or on CrossLend’s behalf.

9.4 Subject to clause 9.1, CrossLend shall not be liable for any failures or disturbances in the technical infrastructure of the CrossLend Website that are outside its control.

9.5 CrossLend does not have control over the information and services provided by third parties. CrossLend shall not be liable for any information or acts of third parties and shall not be liable for any damages resulting therefrom.

9.6 You shall indemnify and hold CrossLend harmless from any claim or demand (including but not limited to reasonable attorney fees and costs of investigation) made by a third party due to or arising out of or related to your use of the CrossLend Website, the CrossLend Widgets, your User Content, your violation of these ToU or your violation of any laws, regulations, or third party rights.

10. Disclaimer

Only those investors who are classified as “qualified investors” (as defined in the Prospectus Regulation (EU) 2017/1129) may access the CrossLend Website.

The content of the CrossLend Website is intended solely for information purposes.

Any investment report or other similar report or factsheet depicts an analysis of selected time periods. It is not to be construed, under any circumstances, by implication or otherwise, as a prediction of future portfolio performance, default rates or distribution figures. Past performance may not be indicative of future results. The content may no longer be reflective of current positions given a variety of factors, including changing market conditions.

ALL INFORMATION IS PROVIDED ON AN “AS IS” BASIS WITHOUT GUARANTEE, REPRESENTATION OR WARRANTY OF ANY KIND (WHETHER EXPRESS OR IMPLIED). CROSSLEND DISCLAIMS LIABILITY FOR ANY INFORMATION NOT BEING COMPLETE, ACCURATE, SUITABLE OR RELEVANT FOR YOU. Some information is provided by third parties. While the information provided is believed to be accurate, it may include errors or inaccuracies.

No information provided by CrossLend forms a fiduciary relationship between it and the recipient, nor does it constitute advice. No information should be construed as an offer, or a solicitation of an offer, to sell, buy or subscribe to Notes or any other form of financial instrument, nor as an invitation or inducement to engage in investment activity (unless expressly provided otherwise).

Investments in Notes are subject to risks, which can be found in the Private Placement Memorandum. Prospective investors should carefully consider those risks, and the content of all offering documents, in consultation with their financial, legal and tax advisors.

11. Confidentiality

11.1 Each User agrees:

(a) to keep all information in password-protected areas of the CrossLend Website strictly confidential (“Confidential Information”);

(b) not to use any Confidential Information for purposes other than for its evaluation of its business collaboration with CrossLend; and

(c) not to disclose any Confidential Information to third parties, with the exception of such third parties who need this information in order to carry on negotiations or evaluation of the business collaboration.

11.2 The confidentiality obligations set out in this clause 11 shall remain binding for a period of 3 years from the date of termination of these ToU in accordance with clause 8.

11.3 In the event of breach of this clause 11, CrossLend will be entitled to receive compensation for all loss or damage suffered by it. Nothing in these ToU is intended to limit any remedy of CrossLend. CrossLend shall have the right to apply to any court of competent jurisdiction for an order restraining any breach or threatened breach of this clause 11, or for any other relief appropriate under the law of the applicable jurisdiction.

12. General provisions

12.1 Place of performance of the services is the place of business of CrossLend.

12.2 These ToU shall be governed by, and be construed in accordance with, the laws of the Federal Republic of Germany without regard to the rules of private international law and the UN Convention on the Sale of Goods. The District Court of Berlin shall have exclusive jurisdiction over all disputes arising from or in connection with these ToU.

12.3 Should one or more provisions of the conditions hereof be or become invalid in whole or in part, the validity of the remaining provisions shall not be affected. The Parties undertake to agree on an effective substitute provision as close as possible to the ineffective provision or the intended purpose of the ineffective provision. The same shall apply to gaps in the contract.

Privacy Policy– CrossLend Website

As of 1 February 2020

CrossLend GmbH, Französische Straße 20, 10117 Berlin (“CrossLend” or “we”) owns and operates the website located at https://crosslend.com (the “CrossLend Website”). This Privacy Policy applies to the CrossLend Website.

Each visitor to and user of the CrossLend Website is referred to as a “User” (collectively “Users”) or “you” in this Privacy Policy.
This Privacy Policy provides an overview of the kind of personal data we collect, the manner in which this data is used or transmitted and the way in which you may obtain information about the data you have provided to us.

Maintaining the privacy of your data is a top priority at CrossLend. To that end, CrossLend has established standards of data privacy protection for all Users of the CrossLend Website consistent with the applicable statutory requirements of the Federal Republic of Germany and the European Union. One of our main concerns in this regard is allowing you to determine to what extent CrossLend processes your data and to decide the way in which you will share your personal data with us.

1. Controller

As controller, CrossLend is responsible for the processing and use of your personal data. If you wish to partially or fully opt out of the collection, processing or use of your data pursuant to this Privacy Policy, you may send an opt-out notice by letter or email to us at:

CrossLend GmbH

Französische Straße 20

10117 Berlin
privacy@crosslend.com

Our Data Protection Officer can be contacted as follows:
ISiCO Datenschutz GmbH
Am Hamburger Bahnhof 4
10557 Berlin, Germany
privacy@crosslend.com

2. Collection, Processing and Use of Personal Data

In order to provide our services to you, it is necessary for us to collect, process and use your personal data as specified below.

2.1 Personal data

Personal data shall mean any information concerning the personal or material circumstances of an identified or identifiable natural person. This includes, in particular, information which can be traced back to your identity, such as your name, telephone number, mailing address or email address. Statistical data collected when you visit the CrossLend Website and which cannot be directly linked to your identity is, for instance, not considered/classified as personal data.

2.2 Collection, Processing and Use of your Personal Data

Maintaining the privacy of your data is one of our top priorities. As a result, we strictly adhere to applicable legal requirements when collecting, processing and using your personal data. We collect, store and process your data to offer you a better user experience on the CrossLend Website, and to provide you with the technical services that, among other things, enable investments in Notes. We may additionally use your data for the purpose of keeping you informed via engaging, relevant newsletters – which you may opt to receive – for our own marketing purposes. We also collect, process and use your personal data to verify your identity and for fraud prevention.

2.2.1. Visiting the CrossLend Website

Every time the CrossLend Website is accessed, we collect the access data which your browser or other client software automatically transmits to make your visit to the CrossLend Website possible. This access data comprises in particular:

• IP address of enquiring device or service
• Date and time of enquiry
• Address of the website or service called up and of the website or service enquiring
• Information on the browser and operating system used, including HTTP headers and other meta data
• Online identifiers (e.g. device identifiers, session IDs)

The processing of this access data is necessary to make your visit to the CrossLend Website possible and to ensure the permanent functionality and security of our systems. The access data is saved for the foregoing purposes in internal logfiles, in order to develop the CrossLend Website further according to the usage patterns of our visitors (e.g. if our websites are increasingly accessed on mobile rather than desktop devices) and to manage the CrossLend Website in a general way. The legal basis is Art. 6 (1) lit. f of the GDPR. The information saved in the logfiles allows no direct conclusion to be drawn about you as a person – in particular, we only save IP addresses in an anonymised form.

2.2.2 Registration with the CrossLend Website

Some Users may be given the possibility of registering for protected areas of the CrossLend Website. These Users will be required to provide certain information to CrossLend. We have highlighted with an identification mark the compulsory information which such Users are required to provide for registration. Without this data a registration is not possible:

• Name of company
• First name and last name of the respective authorised person to represent the company
• Email address and mobile phone number of the respective authorised person to represent the company

This personal data is stored in order to set up your account and to enable you to gain access to these authorisation required areas. You agree to treat your log in information as confidential and not to share this information with third parties. You may amend your log in details at any time in your user profile. The legal basis for this processing is Art. 6 (1) lit. b of the GDPR.

2.2.3. Newsletters

You have the possibility of subscribing to our Newsletter, in which we tell you the latest news about our products and campaigns.

For Newsletter subscriptions we use the so-called double opt-in procedure i.e. we shall only send you the Newsletter by email if you confirm, by clicking a link in our registration email, that you are the holder of the email address provided. Should you confirm your email address, we shall store your email address, the time of registration and the IP address used for the registration for such time until you cancel the Newsletter. This storage serves only the purpose of sending you the Newsletter and providing you with your registration. You can cancel the Newsletter at any time. A link to this effect is placed in every Newsletter. A message to the contact details given above or in the Newsletter (e.g. by email or letter) is likewise sufficient for this. The legal basis is Art. 6 (1) lit. a of the GDPR.

In our Newsletter we use various established technologies to measure user interactions (e.g. opening of the email, links clicked). We use this data in a pseudonymised form for general statistical evaluations and to optimise and develop further our contacts and customer communication. This is done with the aid of graphics which are embedded in the Newsletter (so-called pixels). This data is collected in a pseudonymised way. The legal basis for this is Art. 6 (1) lit. a of the GDPR. In our Newsletter, we aim to share with our customers those topics which are of the most relevance to them. If you do not wish for your user patterns to be analysed, you can cancel the Newsletter or disable graphics in your email program in a standard way.

Unsubscribing from the Newsletter is possible at any time e.g. via the unsubscribe link at the bottom of every Newsletter. Alternatively you can direct your request to unsubscribe at any time to the contact details set out above.

2.2.4. Market and Opinion Research

To improve our services, we may ask you to provide your data for general market and opinion research. We will use your data only for statistical purposes in an anonymised form. Your responses to survey questions will not be published or disclosed to third parties without your consent. We will not store your responses to our surveys in combination with your email address or other personal data.

You may withdraw your consent for the use of your personal data for general market and opinion research at any time without incurring any costs other than the transmission costs at standard rates.

This processing is based on your explicit consent, pursuant to Art. 6 (1) lit. a of the GDPR.

3. Measuring user activity with Matomo

The CrossLend Website uses Matomo (formerly Piwik), an open source software program. for the statistical analysis of user activity. The use of cookies is disabled. It is not possible to identify a specific person from data generated through Matomo, as your IP address is anonymised immediately after processing and before storage. Since the use of Matomo is conducted by CrossLend itself, the anonymisation of your IP address can be ensured.

The legal basis for processing is Art. 6 para. 1 lit. f) GDPR, namely our legitimate interest in providing and evaluating our services. Your data will only be stored until the processing purpose is fulfilled.

4. Security

CrossLend has taken numerous security precautions to reasonably and adequately protect your personal data. Physical, technical and procedural protections are in place to secure our databases and to limit access to the information only to authorised persons complying with this Privacy Policy. Sensitive data is sent to CrossLend exclusively using encrypted transmission (SSL/TLS technology). CrossLend performs regular security checks on its system to shore up potential weak spots and ward off attacks.

You should never share your login credentials with third parties and you should change them regularly. Every time you leave the CrossLend Website, you should log out of your session and close your browser window to prevent unauthorised users from accessing your account.

5. Right of Access to Information

You have the right at any time to require us to provide information about the processing of your personal data (right of access). When providing you with this information, we shall explain the data processing and supply an overview of the data relating to you which has been stored. Should data stored with us be inaccurate or no longer up-to-date, you enjoy the right to have this data corrected (right to rectification). You can also require the erasure of your data (right to erasure or right to be forgotten). Should the erasure not be possible due to other legal regulations, the data processing will be restricted so that your data is only available to serve the purposes required under those other legal regulations. You can also have the processing of your data restricted if you believe that the data which we have stored is not correct (right to restriction of processing). You also have the right of data portability, which means that we can send you at your request a digital copy of the personal data which you have provided to us.

To exercise your rights as set out here, you can communicate with us at the above contact details. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.

You also have the right to object to the data processing based on Art. 6 (1) lit. e or f of the GDPR. Finally, you have the right to complain to data protection supervisory authorities. You can exercise this right at a supervisory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Berlin, the competent regulatory authority is: Data Protection and Freedom of Information Officer, Friedrichstrasse 219, 10969 Berlin.

6. Right to withdraw consent and object to processing activities

Under Article 7 (3) of the GDPR you have the right at any time to withdraw your consent which you have given previously for the processing of your data. This will mean that CrossLend will no longer process your data based on that previous consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Insofar as we process your data on the basis of legitimate interests under Art. 6 (1) lit. f of the GDPR, you have the right under Art. 21 of the GDPR to object to the processing of your data and to mention grounds relating to your particular situation that in your opinion speak in favour of prevailing legitimate interests. Where personal data is processed for direct marketing purposes, you have a general right of objection which will also be implemented by us without your stating reasons.

7. Accessing the Privacy Policy

We occasionally update this Privacy Policy, for instance when we revise our websites or statutory or official regulations change.
You may access and print this Privacy Policy from any of the websites and products which are operated by CrossLend. You may print or download this document by using your browser’s standard features (in most cases: File/Save as). To open this PDF file, you will need Adobe Reader (www.adobe.com) or a similar program designed to open PDF files.

Information regarding data processing of applications

This information shall give you an overview about the processing of your personal data when you apply for a job at CrossLend.

June 2018

1.Controller

Controller according to the General Data Protection Regulation EU (2016/679) (“GDPR”) and other data privacy rules is:

CrossLend GmbH („CrossLend“)
Französische Straße 20,
10117 Berlin Germany
Phone: +49 30 208 488 100

Email: business@crosslend.com

2. Processing of Personal Data

According to Article 4 lit 1 GDPR personal data is information relating to an identified or identifiable natural person, e.g. name, email address, IP address.

For the application process we are processing the data that you make available to us. This includes the following data:

  • name
  • address
  • email address
  • application documents (CV, engagement letter, etc)
  • position
  • interview notes
  • IP address, when you apply through the online application form

Furthermore, we process the data that you make available to us when you contact us during the application process.

We may use other sources to process data from you, e.g. recruiter, websites or other public available data such as your profiles on professional social networking platforms, such as LinkedIn or Xing.

3. Purpose and legal basis

We process your personal data for the purpose of the selection of job applicants.

The legal basis for data processing is Section 26 Federal Data Protection Act (BDSG) in conjunction with Article 6 para. 1 lit. b General Data Protection Regulation (GDPR) and Art. 88 GDPR. The legal basis for the processing of information that you have given us voluntarily is Section 26 para 2 BDSG in conjunction with Art. 6 para 1 lit. a GDPR and Art. 88 GDPR, your consent. The legal basis for the use of the data from public available sources is Art. 6 para 1 lit f GDPR in conjunction with Section 9 para 2 lit e GDPR. The legitimate interest is to receive an overview of your background.

We will process the data for the assessment of your application and the performance of the employment contract according to Section 26 BDSG in conjunction with Art. 6 para 1 lit b GDPR.

If you are interested in other positions within CrossLend or would like us to store your data for future positions, the legal basis for processing your data is Section 26 para 2 BDSG in conjunction with Art. 6 para 1 lit a GDPR and Art 88 GDPR.

The processing of your personal data may be necessary for the defence against claims from the application process. Legal basis is Art. 6 para 1 lit f GDPR. The legitimate interest is the burden of proof in a procedure.

4. Recipients, categories of recipients

Within CrossLend only those employees have access to your data who are in charge of the application procedure.

We may disclose your personal data also to authorities and/or law enforcement authorities when necessary for the above purposes, when required by law or when necessary to protect our legitimate interests in accordance with applicable law.

5. Retention period

Applicant data will be deleted six months after the end of the specific application procedure. In case of expressed interest also in other positions, the data we will store your application data with your consent (which can be revoked at any time).

We may be required to store the data for a longer period if there is a longer legal retention period.

If you start working for us, we will store the data for the duration of the employment relationship. The data processing for the purpose of the employment relationship is subject to another information that you will receive separately.

6. Third-party processors

In some cases, we may need to share some of your data we process through the application process with places and people outside our company. As part of the processing, your personal data will be transmitted to our external service provider (known as a “Processor”) Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

Service providers working on our behalf sometimes process data for us. If this is the case, we conclude so-called data processing agreements with those service providers, by which we oblige a service provider to carry out the processing of the data carefully and in accordance with our instructions. As a result, service providers must process the data according to our specifications and on our behalf, which is why they are referred to as a Processor.

Your personal data will not be transmitted by CrossLend GmbH to third countries.

7. Obligation to provide personal data

Without entering data, an application is not possible. You are not legally or contractually obliged to submit your information to us. However, since we need information about you in our application process, the possible consequence of not providing such information is that we cannot adequately consider you as an applicant.

8. Rights of the data subject

As a data subject you have several rights. For assertion of rights you can contact us:

CrossLend GmbH („CrossLend“)

Französische Straße 20,

10117 Berlin Germany

Phone: +49 30 208 488 100

Email: business@crosslend.com

a. Access, rectification, erasure

In accordance with Art. 15 GDPR, you may at any time obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to personal data. Information is provided free of charge.

If your personal data is incorrect or incomplete, you have the right to correct and amend it (Art. 16 GDPR).

You can request the erasure of your personal data at any time, unless we are legally obliged or entitled to further processing of your data (Art. 17 GDPR).

If the legal requirements are met, you can demand a restriction on the processing of your personal data (Art. 18 GDPR).

b. Right to object

You can object to data processing in accordance with Art. 21 GDPR. We will then stop processing your data. This is not the case if we can prove compelling reasons worthy of protection, which outweigh your rights.

c. Right to data portability

Upon request, we will provide you with your personal data transmitted by you in a standard machine-readable data format (Art. 20 GDPR).

d. Right to withdraw consent

If you have given us your consent to process personal data, you can withdraw it at any time with future effect without affecting the legality of the processing carried out on the basis of the consent until withdrawal. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR was valid, i.e. before 25 May 2018.

e. Right to lodge a complaint

You have the right under Article 77 GDPR to lodge a complaint with the supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.

9. Automated decision making

In principle, we do not use automated decision making for the establishment, execution and termination of business relationships. If we use automated decision making, we will inform you separately.

Feedback

We strongly encourage you to give us feedback. In particular, should you be dissatisfied at any time with the service that you receive, do not hesitate to make this known to us. Should you wish to provide us with feedback regarding anything, please write to us at: contact@crosslend.com

Should you find you need to complain, we are sorry you feel the need to raise a complaint and we will thoroughly investigate it. We have outlined a summary of our complaints procedure below.

Complaints

If you are unsatisfied with one of our products or services, you can send an email from your registered email address to complaints@crosslend.com

or address your complaint via post to: CrossLend GmbH, Französische Straße 20, 10117 Berlin, Germany

When raising a complaint, please always include:

• The name of the organisation filing the complaint, contact name, email and address

• The product or service that you are unhappy with

• A full description of your complaint and the date(s) that the complaint occurred

• Your preferred outcome

• You can also include any supporting documentation you have in relation to your complaint (i.e. emails, screenshots, etc.)

If the complaint is presented by a representative on your behalf, it must also be accompanied by a special notarized power of attorney form.

We will contact you via email to confirm that we have received your complaint no more than 3 days after receipt of the complaint, and we will then begin our investigation. In case we need more information from you, our Complaints Management Department will reach out to you directly via email.

Once our Complaints Management Department has investigated your concerns and reached a conclusion, we will provide you with our final decision via email or post no more than 14 days from the date of receiving the complaint. If we require a longer time period to reach a conclusion, we will send you a letter outlining the reasons for delay.

Hinweis zur Datenverarbeitung von Bewerbungen

Dieser Hinweis gibt Ihnen einen Überblick über die Verarbeitung Ihrer personenbezogenen Daten, wenn Sie sich für eine Position bei CrossLend bewerben.

Juni 2018

1. Verantwortlicher

Verantwortlicher im Sinne der Datenschutz-Grundverordnung EU (2016/679) („ DSGVO“) und anderer Datenschutzbestimmungen ist:

CrossLend GmbH („CrossLend“)

Französische Straße 20,

10117 Berlin Deutschland

Tel.: +49 30 208 488 100

Email: privacy@crosslend.com

2. Verarbeitung personenbezogener Daten

Gemäß Artikel 4 Abs. 1 DSGVO sind personenbezogene Daten alle Informationen, die sich auf eine identifizierte oder identifizierbare natürliche Person beziehen, z.B. Namen, Email-Adresse, IP-Adresse.

Für das Bewerbungsverfahren verarbeiten wir die von Ihnen uns zur Verfügung gestellten Daten. Dies beinhaltet die folgenden Daten:

  • Name
  • Adresse
  • Email-Adresse
  • Bewerbungsunterlagen (Lebenslauf, Bewerbunsschreiben, etc.)
  • Position
  • Notizen von Bewerbungsgesprächen
  • IP-Adresse, falls Sie das Online Bewerbungsformular für Ihre Bewerbung benutzen.

Weiterhin verarbeiten wir die Daten, die Sie uns während des Bewerbungsverfahrens zur Verfügung stellen.

Wir können auch andere Quellen verwenden, um Daten von Ihnen zu verarbeiten, z.B. Personalvermittler, Websites oder andere öffentlich zugängliche Daten, wie Ihre Profile auf den Plattformen von professionellen sozialen Netzwerken, wie z.B. LinkedIn oder Xing.

3. Zweck und Rechtsgrundlage

Wir verarbeiten Ihre personenbezogenen Daten, um eine Auswahl unter den Bewerbern für eine Position zu treffen.

Die Rechtsgrundlage für die Datenverarbeitung ist § 26, Bundesdatenschutzgesetz (BDSG) in Verbindung mit Artikel 6 Abs. 1 lit. b Datenschutz-Grundverordnung (DSGVO) und Art. 88 DSGVO. Die Rechtsgrundlage für die Verarbeitung der Daten, die Sie uns freiwillig zur Verfügung stellen ist § 26 Abs. 2 BDSG in Verbindung mit Art. 6 Abs.1 lit. a DSGVO. Die Rechtsgrundlage für die Verwendung von Daten aus öffentlich zugänglichen Quellen ist Art. 6 Abs.1 lit. f DSGVO in Verbindung mit § 9 Abs. 2 lit. e DSGVO. Das berechtigte Interesse ist darin begründet einen Überblick über Ihren Hintergrund zu erhalten.

Wir werden die Daten für die Beurteilung Ihrer Bewerbung und die Durchführung des Arbeitsvertrages gemäß § 26 BDSG in Verbindung mit Art. 6 Abs. 1 lit. b DSGVO verarbeiten.

Falls Sie an anderen Positionen bei CrossLend interessiert sind oder Sie es wünschen, dass wir Ihre Daten für zukünftige Positionen speichern, ist die Rechtsgrundlage für die Verarbeitung Ihrer Daten § 26 Abs. 2 BDSG in Verbindung mit Art. 6 Abs.1 lit. a DSGVO und Art. 88 DSGVO.

Die Verarbeitung Ihrer personenbezogenen Daten kann für die Verteidigung gegen Klagen aufgrund des Bewerbungsverfahrens notwendig sein. Die Rechtsgrundlage ist Art. 6 Abs. 1 lit. f DSGVO. Das berechtigte Interesse ist darin begründet den Beweis in einem Verfahren führen zu können.

4. Empfänger, Kategorien von Empfängern

Innerhalb CrossLends haben nur die Mitarbeiter Zugang zu Ihren Daten, die mit dem Bewerbungsverfahren beauftragt sind.

Wir geben Ihre personenbezogenen Daten auch an Behörden bzw. Strafverfolgungsbehörden weiter, insoweit dies für die vorgenannten Zwecke notwendig, gesetzlich vorgeschrieben oder zum Schutz unserer berechtigten Interessen nach geltendem Recht erforderlich ist.

5. Aufbewahrungsfrist

Bewerberdaten werden sechs Monate nach dem betreffenden Bewerbungsverfahren gelöscht. Falls auch Interesse an anderen Positionen besteht, speichern wir Ihre Bewerberdaten mit Ihrer Zustimmung (ein Widerruf ist jederzeit möglich).

Es kann sein, dass wir die Daten für einen längeren Zeitraum aufbewahren müssen, falls eine längere Aufbewahrungsfrist gesetzlich vorgeschrieben ist.

Im Falle einer Einstellung werden wir die Daten für die Dauer des Arbeitsverhältnisses speichern. Die Datenverarbeitung für das Arbeitsverhältnis ist Gegenstand eines anderen Hinweises, den Sie separat erhalten werden.

6. Empfänger Ihrer personenbezogenen Daten

In bestimmten Fällen müssen wir einen Teil Ihrer Daten, die wir im Rahmen des Bewerbungsverfahrens verarbeiten, an Stellen und Personen außerhalb unseres Unternehmens weitergeben. Im Rahmen der Verarbeitung werden Ihre personenbezogenen Daten an unseren externen Dienstleister (sog. Auftragsverarbeiter) Personio GmbH, Rundfunkplatz 4, 80335 München, Deutschland, übermittelt.

Zur Erklärung:

Dienstleister, die in unserem Auftrag tätig werden, verarbeiten teilweise Daten für uns. Sofern dies der Fall ist, schließen wir mit dem Dienstleister einen sog. Auftragsverarbeitungsvertrag ab, durch den wir den Dienstleister verpflichten, die Verarbeitung der Daten sorgfältig und nach unseren Weisungen vorzunehmen. Hierdurch verarbeiten die Dienstleister die Daten nach unseren Vorgaben und in unserem Auftrag, weswegen sie als Auftragsverarbeiter bezeichnet werden.

Ihre personenbezogenen Daten werden von CrossLend GmbH nicht an Drittländer übermittelt.

7. Verpflichtung personenbezogenen Daten anzugeben

Ohne Angabe von personenbezogenen Daten ist eine Bewerbung nicht möglich. Sie sind nicht gesetzlich oder vertraglich dazu verpflichtet, uns Ihre Daten zu übermitteln. Da wir bei unserem Bewerbungsverfahren jedoch Angaben zu Ihrer Person benötigen, ist die mögliche Folge einer Nichtbereitstellung, dass wir Sie als Bewerber bei uns nicht hinreichend berücksichtigen können.

8. Rechte der betroffenen Person

Als betroffene Person haben Sie verschiedene Rechte. Zur Geltendmachung Ihrer Rechte können Sie uns wie folgt kontaktieren:

CrossLend GmbH („CrossLend“)

Französische Straße 20,

10117 Berlin Deutschland

Tel.: +49 30 208 488 100
Email: privacy@crosslend.com

a. Zugang, Berichtigung, Löschung

Gemäß Art. 15 DSGVO können Sie jederzeit vom Verantwortlichen eine Bestätigung darüber erhalten, ob Sie betreffende personenbezogene Daten verarbeitet werden oder nicht verarbeitet werden und in den Fällen in denen Sie betreffende personenbezogene Daten verarbeitet werden, können Sie jederzeit Zugang zu den personenbezogenen Daten erhalten. Die Auskunft ist kostenfrei.

Falls Ihre personenbezogenen Daten unrichtig oder unvollständig sind, haben Sie das Recht diese zu berichtigen und zu vervollständigen (Art. 16 DSGVO).

Sie können jederzeit die Löschung Ihrer personenbezogenen Daten verlangen, außer wir sind gesetzlich verpflichtet oder berechtigt Ihre Daten weiterhin zu verarbeiten (Art. 17 DSGVO).

Falls die gesetzlichen Voraussetzungen erfüllt sind, können Sie eine Beschränkung der Verarbeitung Ihrer personenbezogenen Daten verlangen (Art. 18 DSGVO).

b. Das Recht Widerspruch einzulegen

Sie haben gemäß Art. 21 GDPR das Recht Widerspruch gegen die Datenverarbeitung einzulegen. Wir werden dann die Verarbeitung Ihrer Daten einstellen. Dies trifft dann nicht zu, falls wir zwingende schutzwürdige Gründe nachweisen können, die gegenüber Ihren Rechten überwiegen.

c. Das Recht auf Datenübertragbarkeit

Auf Anforderung stellen wir Ihnen die von Ihnen übermittelten personenbezogenen Daten in einer standardisierten maschinenlesbaren Form zur Verfügung (Art. 20 DSGVO).

d. Das Recht die Einwilligung zu widerrufen

Falls Sie uns Ihre Zustimmung gegeben haben Ihre personenbezogenen Daten zu verarbeiten, können Sie diese Zustimmung jederzeit mit Wirkung für die Zukunft widerrufen, ohne dass die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung berührt wird. Dies gilt auch für den Widerruf von Zustimmungserklärungen, die uns gegenüber vor dem Inkrafttreten der DSGVO d.h. vor dem 25. Mai 2018 abgegeben wurden.

e. Das Recht Beschwerde einzureichen

Sie haben gemäß Artikel 77 DSGVO das Recht bei einer Aufsichtsbehörde Beschwerde einzureichen, falls Sie der Auffassung sind, dass die Sie betreffende Verarbeitung von Daten gegen die DSGVO verstößt.

9. Automatisierte Entscheidungsfindung

Wir setzen grundsätzlich keine automatisierte Entscheidungsfindung für die Begründung, Durchführung und Beendigung von Geschäftsbeziehungen ein. Sollten wir eine automatisierte Entscheidungsfindung einsetzen, werden wir Sie separat darüber informieren.