Privacy Policy

Preface

CRX Markets AG, Landsberger Str. 191, 80687 Munich, Germany (hereafter CRX Markets or we) operates the online domain www.crxmarkets.com and offers enterprises the opportunity to finance receivables and payables on our supply chain finance portal, accessible at https://scf.crxmarkets.com/ (hereafter CRX-Portal). To be able to offer these services, we need to collect, process and store personal and non-personal data. For us, the transparent and secure use of such sensitive data is an important objective. The following privacy statements list all forms of data collection, processing and storage by CRX Markets. These privacy statements apply to all websites of CRX Markets, as well as on the CRX-Portal and are accessible directly from all sites through a link in the footer.

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website and use our CRX-Portal. Personal information is any data by which you could be personally identified.

CRX Markets takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens. Detailed information on the subject of data protection can be found below.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Data collection by CRX Markets

Who is responsible for the data collection on this website?
The data collected on this website are processed by CRX Markets. Our contact details can be found in the website’s legal notice.

How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form or by logging into the CRX-Portal.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or at what time you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?
All data entered in the CRX-Portal is exclusively used to provide our contractual services. Part of the data collected on this website ensures the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following statements.

2. General information and mandatory information

Notice concerning the party responsible

The party responsible for processing data on this website and the CRX-Portal is:

CRX Markets AG
Landsberger Str. 191
80687 München
Phone: +49 89 579 497 50
Email: regulation@crxmarkets.com

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your expressed consent. Once given, you may revoke your consent at any time with future effect. An informal email making such request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state of Bavaria in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator or logging into the CRX-Portal. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. CRX Markets reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company who can be contacted as follows.

CRX Markets AG
Data Protection Officer
Landsberger Str. 191
80687 München
Phone: +49 89 579 497 50
Email: regulation@crxmarkets.com

4. Data collection on the CRX-Portal

The CRX-Portal collects, processes and stores different personal and non-personal data during the registration process for the provision and delivery of our services and to comply with statutory and regulatory requirements. This comprises of, for example, the name, email address, as well as commercial address and phone numbers.

The protection of this sensitive information is of highest priority to us. All data is collected exclusively to comply with contractual and regulatory requirements and will not be used for any other purposes or forwarded to third parties. Consent to collect, process and store personal information to create user accounts is given to CRX Markets by duly authorized representatives of your company who execute the CRX-Portal access agreement.

All personal data in the CRX-Portal is viewable only by CRX admin users, but not by portal users of a third party (e.g. investors), it is processed for using the CRX-Portal until objection. The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

CRX Markets is legally required to screen buyers, suppliers and investors according to the German Money Laundering Act (Geldwäschegesetz). For this purpose, a Know Your Customer (KYC) questionnaire must be completed by the respective company who wants to use the CRX-Portal. By signing the KYC questionnaire, CRX Markets is authorized to investigate and verify the information contained in this questionnaire, as well as other documents, materials and information that are provided during the KYC process. Consent to collect, process and store (personal) data that are processed during the KYC process, as well as forwarding it to relevant financing partners, but exclusively for purposes of their own KYC screening, is granted by signing the KYC questionnaire. Financing partners in this context are exclusively banks and investors which are connected to the CRX-Portal as such.

Furthermore, it is confirmed to CRX Markets in the KYC questionnaire that each identified beneficial owner and/or each member of the representative body of the company agrees with the collection, processing, storage and forwarding of their personal information which is included in the collected KYC data. This personal data will be exclusively collected during the KYC screening and will not be visible anywhere in the CRX-Portal.

If agreed upon with the Buyer, CRX Market will approach new suppliers and handle supplier requests concerning the Supply Chain Finance program on behalf of the Buyer. This comprises of providing more information and legal documents, demonstrating the portal functionalities and answering contractual questions. For this purpose, the Buyer will provide CRX Markets with contact details of Suppliers selected to take part in the program (Art. 6 (1) (b) & (f) GDPR). CRX Markets processes these data for the only purpose of initially contacting the Supplier via email or in another electronic way. After the signing of contracts, CRX Markets will store these contact details of Suppliers for performance of a contract (Art. 6 (1) (b) GDPR) or will delete data at the end of each year.

5. Data collection in recruiting activities

CRX Markets collects, processes and stores data provided in the application process to review the applicant’s suitability for this position (or in some cases other relevant positions) and to conduct the recruiting process. Legal basis for the processing of such personal data in this application process is primarily § 26 of the German Data Protection Law (Bundesdatenschutzgesetz) in the newest version as of May 25, 2018. This paragraph states that the processing of personal data is lawful if required for making a decision regarding the employment relationship. If data needs to be stored after coming to a decision in the application process, e.g. for the purpose of prosecution, the sole purpose of such data processing is as laid down in Art. 6 GDPR, especially to exercise legitimate interests in line with Art. 6 (1) (f) GDPR. The interest of CRX Markets is the enforcement or rejection of rights.

If the application is rejected, personal data will be deleted every year. The purpose of data storage during this period is the enforcement or rejection of rights. In case the applicant has granted consent to storing their data to be considered for future openings, personal data will be stored until revocation of consent. If an applicant is hired, personal data will be transferred from the applicant database to the personnel records.

All application data will be reviewed by the Human Resources department and then forwarded internally to CRX employees directly involved in filling the vacancy. Generally, access to applicants’ data is restricted to employees who need to review it for the proper execution of the application process.

All rights of the data subject as listed in Chapter 2 apply to all personal data that is processed during the application process. Especially, all applicants can make use of their right of objection at any time without providing any reasoning and change or fully revoke their consent for the future. To do this, please write an informal email making such request to recruiting@crxmarkets.com.

6. Data collection in sales activities

To conduct marketing and sales (incl. after-sales) activities, CRX Markets collects, processes and stores personal data of existing and potential customers. Data collection is conducted either directly through the relevant contact person of a company (e.g. by exchanging business cards at trade fairs or other business events), or indirectly by means of internet research, business websites (LinkedIn, Bloomberg etc.) or through external service providers. All collected business contact data will be used for the sole purpose of initially contacting the potential customer and providing direct marketing materials of CRX products and services in line with Art. 6 (1) (f) & Rec. 47 GDPR.

All rights of the data subject as listed in Chapter 2 apply to all personal data that is processed during marketing and sales activities. In particular, all data subjects can make use of their right of objection at any time without providing any reasoning and change or fully revoke their consent for the future. To do this, please write an informal email making such request to sales@crxmarkets.com.

To facilitate handling of contact details of customers, CRX Markets uses a CRM tool to store all contact details. Currently, we use the CRM tool of the Zoho Corporation (Zoho Corp., 4141 Hacienda Drive, Pleasanton, California 94588, USA). We have entered into a so-called data processing agreement with the service provider which ensures that all data processing is conducted in compliance with GDPR requirements.

7. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. CRX Markets has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. Other cookies (such as those used to analyze your surfing behavior) that are also stored, will be treated separately in this privacy policy.

Server log files

CRX Markets automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter into the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

8. Social media

Facebook

Our website includes links to the social network Facebook. This service is provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook links can be recognized by the Facebook logo on our site. When you visit our site and click these links, a direct connection between your browser and the Facebook server is established. This enables Facebook to receive information that you have visited our site from your IP address. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook’s privacy policy at https://de-de.facebook.com/policy.php.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

Twitter

Functions of the Twitter service have been integrated into our website. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter’s privacy policy, please go to https://twitter.com/privacy.
Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.

LinkedIn

Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.

More information can be found in the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy.

XING

Our website uses features provided by the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behavior evaluated.

For more information about data protection and the XING Share button, please see the XING privacy policy at https://www.xing.com/app/share?op=data_protection.

9. Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. CRX Markets has a legitimate interest in analyzing user behavior to optimize both our website and our advertising.

IP anonymization
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics
This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.

Data processing is based on Art. 6 (1) (f) DSGVO. CRX Markets has a legitimate interest in protecting its site from abusive automated crawling and spam.

For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

10. Newsletter

Newsletter data

If you would like to receive one of our newsletters (e.g. in recruiting), we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the CRX-Portal) remain unaffected.

MailChimp

This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service which organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA.

MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.

We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp’s servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.

If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter by contacting regulation@crxmarkets.com.

Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the CRX-Portal) remains unaffected.

For details, see the MailChimp privacy policy at https://mailchimp.com/legal/terms/.

Completion of a data processing agreement
We have entered into a data processing agreement with MailChimp, in which we require MailChimp to protect the data of our customers and not to disclose said data to third parties. This agreement may be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.

11. Plugins and tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.