CRX Markets AG, Landsberger Str. 93, 80339 Munich, Germany (hereafter “CRX Markets” or “we”) operates the online domain www.crxmarkets.com and related pages (e.g. www.crxmarkets.de) and offers corporates the opportunity to optimize cash flow by trading receivables and payables through our global working capital finance marketplace (hereafter CRX Marketplace). To be able to offer these services, we need to collect, process, and store personal, and non-personal data. For us, the transparent and secure use of such sensitive data is an important objective. The following privacy policy lists all forms of data collection, processing, and storage by CRX Markets. This privacy policy applies to all websites of CRX Markets, as well as to the CRX Marketplace and is accessible directly from all pages through a link in the footer.
General
The following gives a simple overview of what happens to your personal information when you visit our website and use our CRX Marketplace. Personal information is any data by which you can be personally identified.
CRX Markets takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens. Detailed information about data protection can be found below.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Who is responsible for the data collection on this website?
The data collected on this website is processed by CRX Markets. Our contact details can be found in the website’s legal notice.
How do we collect your data?
Some data is collected when you provide it to us. This could, for example, be data you enter on a contact form or by registering for or logging in to the CRX Marketplace.
Other data is collected automatically by our IT systems when you visit the website. These data are primarily technical data, such as information about the browser and operating system you are using or at what time you accessed the page. This data is collected automatically as soon as you access our website or the CRX Marketplace.
What do we use your data for?
All data entered in the CRX Marketplace is exclusively used to provide our contractual services. Part of the data collected on this website ensures the proper functioning of the website and the CRX Marketplace. Other data can be used to analyze how visitors use the website or the CRX Marketplace, which helps us further improve these services.
What rights do you have regarding your data?
You always have the right to request information, at no charge, about your stored data, its origin, its recipients, and the purpose of its collection. You also have the right to request that it be corrected, blocked, or deleted. If you have given your consent to data processing, you can revoke this consent at any time. In addition, you have the right to demand, under certain circumstances, the restriction of the processing of your personal data.
You can contact us at any time using the address given in the legal notice if you want to use any of your stated rights or have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities. Please see the section “Right to File Complaints with Regulatory Authorities” below for details.
Analytics and third-party tools
When visiting our website and the CRX Marketplace, statistical analyses may be made of your surfing behavior. This happens primarily by using cookies and analytics applications. The analysis of your surfing behavior occurs on an anonymous basis, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following chapter “Analytics and Advertising”.
External hosting
This website and the CRX Marketplace are hosted by external service providers (“Providers”). The personal data collected on this website and on the CRX Marketplace are stored on servers of Providers within Germany. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by the website. The Providers are used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR).
Our Providers will only process your data to the extent necessary to fulfill their service obligations and will follow our instructions regarding this data.
We use the following Providers:
• FastComet Inc.
• Amazon Web Services, Inc.
Data Processing Addendum
To guarantee that data processing complies with the GDPR, we have concluded a data processing addendum with these two Providers.
Notice concerning the party responsible
The party responsible for processing data on this website and the CRX Marketplace is:
CRX Markets AG
Landsberger Str. 93
80339 München
E-Mail:
Phone: +49 89 255 52 46 82
Storage period
Unless we specified a concrete period within this privacy policy, your personal data will remain with us until the purpose for which it was collected ceases to apply. If you assert a justified request for deletion or revoke your consent to data processing, your personal data will be deleted, unless we have other legally permissible reasons for storing them (e.g. tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons have ceased to apply.
Data transfer to the USA
Our website and the CRX Marketplace include tools from companies based in the USA. If these tools are active, your personal data may be transferred to US servers of these companies. US companies are obliged to release personal data to security authorities without you as the person concerned being able to take legal action against this. Therefore, it cannot be excluded that US authorities (e.g. secret services) may process, evaluate, and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your expressed consent. Once given, you may revoke your consent at any time with future effect. An informal email to the e-mail address given in the legal notice making such a request is sufficient. The data processed before we received your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The data subject shall be entitled to appeal to the competent regulatory authority, in particular in the Member State of his or her habitual residence, place of work or place of the suspected infringement. For CRX Markets the competent regulatory authority for matters related to data protection legislation is the Data Protection Officer of the German State of Bavaria. A list of data protection officers and their contact details can be found here. The right of complaint is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contractual obligation automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This website and the CRX Marketplace use SSL or TLS encryption for security reasons and for reason of protection of the transmission of confidential content, such as logging into the CRX Marketplace or inquiries you send to us as site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion and correction
As permitted by law, you have the right to be provided with information free of charge at any time about any of your personal data that is stored as well as its origin, the recipient, and the purpose for which it has been processed. You also may have the right to have this data corrected, blocked, or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Right to limit processing
You have the right to request that the processing of your personal data is restricted. To do so, you can contact us at any time at the address given in the legal notice. The right to restrict processing exists in the following cases:
• If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to demand the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you can demand the restriction of the data processing instead of its deletion. If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
• If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.
Opposition to promotional emails
We hereby expressly prohibit the use of our contact data published in the website’s legal notice for the purpose of sending promotional and informational materials not expressly requested. CRX Markets reserves the right to take specific legal action if unsolicited advertising material is received.
Statutory data protection officer
We have appointed a data protection officer for our company who can be contacted as follows:
CRX Markets AG
Data Protection Officer
Landsberger Str. 93
80339 München
Telefon: +49 89 255 52 46 82
E-Mail:
The CRX Marketplace collects, processes, and stores different personal and non-personal data during the registration process for the provision and delivery of our services and to comply with statutory and regulatory requirements. This comprises, for example, the name, email address, as well as commercial address and phone numbers.
The protection of this sensitive information is of highest priority to us. All data is collected exclusively to comply with contractual and regulatory requirements and will not be used for any other purposes or forwarded to third parties. Consent to collect, process and store personal information to create user accounts is given to CRX Markets by duly authorized representatives of your company, who execute the CRX Marketplace access agreement. All users agree separately to data processing when logging in to the CRX Marketplace. Using the CRX Marketplace without data processing is technically not possible. All personal data in the CRX Marketplace is viewable only by the relevant users and is processed for using the CRX Marketplace until objection. The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contractual obligation or for measures preliminary to a contract.
CRX Markets is legally required to screen corporates and financing partners according to the German Money Laundering Act (Geldwäschegesetz). For this purpose, a Know Your Customer (KYC) questionnaire must be completed by the respective company that wants to use the CRX Marketplace. By signing the KYC questionnaire, CRX Markets is authorized to investigate and verify the information contained in this questionnaire, as well as other documents, materials and information that are provided during the KYC process. Consent to collect, process and store (personal) data that are collected during the KYC process, as well as forwarding it to relevant financing partners, but exclusively for purposes of their own KYC screening, is granted by signing the KYC questionnaire. Financing partners in this context are exclusively banks and investors which are connected to the CRX Marketplace as such.
Furthermore, it is confirmed to CRX Markets in the KYC questionnaire that each identified beneficial owner and/or each member of the representative body of the company agrees with the collection, processing, storage and forwarding of their personal information which is included in the collected KYC data. This personal data will be exclusively collected during the KYC screening and will not be visible anywhere in the CRX Marketplace.
If agreed upon with the buyer, CRX Markets will approach new suppliers and handle supplier requests concerning the Supply Chain Finance program on behalf of the buyer. This comprises providing more information and legal documents, demonstrating the portal functionalities, and answering contractual questions. For this purpose, the buyer will provide CRX Markets with contact details of suppliers selected to take part in the program (Art. 6 (1) (b), (f) GDPR). CRX Markets processes this data for the only purpose of initially contacting the supplier via email or in another electronic way. After the signing of contracts, CRX Markets will store these contact details of suppliers for performance of a contract (Art. 6 (1) (b) GDPR) or else delete them.
CRX Markets collects, processes, and stores data provided in the application process to review the applicant’s suitability for this position (or in some cases other relevant positions) and to conduct the recruiting process. Legal basis for the processing of such personal data in this application process is primarily § 26 of the German Data Protection Law (Bundesdatenschutzgesetz) in the newest version as of May 25, 2018. This section states that the processing of personal data is lawful, if required for making a decision regarding the employment relationship. If data needs to be stored after coming to a decision in the application process, e.g. for the purpose of prosecution, the sole purpose of such data processing is as laid down in Art. 6 GDPR, especially to exercise legitimate interests in line with Art. 6 (1) (f) GDPR. The interest of CRX Markets is the enforcement or defense of rights.
The Human Resources (HR) department will only share application data with CRX Markets’ hiring managers directly involved in filling the vacancy. To be compliant with statutory law (§ 61,1 Arbeitsgerichtsgesetz (ArbGG) in conjunction with § 15 AGG) and contractual agreements (Art. 6 (1) (f) GDPR), we must store complete application data for a certain period and will delete it afterwards. Contact details (i.e. name and email address) will be kept in our talent pool in order to inform the applicant about future job openings until revocation of consent via email to recruiting@crxmarkets.com.
Personal data of rejected applicants will be deleted on a yearly basis. The purpose of data storage during this period is the enforcement or defense of rights. In case the applicant has granted consent to store all their application documents to be considered for future openings, personal data will be stored until revocation of consent. If an applicant is hired, personal data will be transferred from the applicant database to the personnel records.
All application data will be reviewed by the Human Resources department and then forwarded internally to CRX Markets’ hiring manager directly involved in filling the vacancy. Generally, access to applicants’ data is restricted to hiring managers who need to review it for the proper execution of the application process.
All rights of the data subject as listed in the Chapter “Data Collection by CRX Markets” apply to all personal data that is processed during the application process. In particular, all applicants can make use of their right of objection at any time without providing any reasoning and change or fully revoke their consent for the future. To do this, an informal email making such a request to recruiting@crxmarkets.com will suffice.
To conduct marketing and sales (incl. after-sales) activities, CRX Markets collects, processes, and stores personal data of existing and potential customers. Data collection is conducted either directly through the relevant contact person of a company (e.g. by exchanging business cards at trade fairs or other business events or by entering the data in contact forms on our websites or on social media), or indirectly by means of internet research, business websites (LinkedIn, Bloomberg etc.) or through external service providers. All collected business contact data will be used for the sole purpose of initially contacting the potential customer and providing direct marketing materials of CRX Markets’ products and services in line with Art. 6 (1) (f) & Rec. 47 GDPR.
All rights of the data subject as listed in Chapter “Data Collection by CRX Markets” apply to all personal data that is processed during marketing and sales activities. In particular, all data subjects can make use of their right of objection at any time without providing any reasoning and change or fully revoke their consent for the future. To do this, an informal email making such a request to sales@crxmarkets.com will suffice.
To facilitate handling of contact details of customers, CRX Markets uses a CRM tool to store all contact details. Currently, we use the CRM tool of the Zoho Corporation (Zoho Corp., 4141 Hacienda Drive, Pleasanton, California 94588, USA). We have entered into a so-called data processing agreement with the service provider which ensures that all data processing is conducted in compliance with GDPR requirements.
Cookies
Some of our web pages and the CRX Marketplace use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies are small text files that are stored on your computer and saved by your browser. Cookies help us make our website more user-friendly, efficient, and secure. Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you visit the site the next time.
You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of the CRX website and CRX Marketplace.
Cookies which are necessary to allow electronic communication or to provide certain functions you wish to use are stored pursuant to Art. 6 (1) (f) GDPR. CRX Markets has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. Other cookies (such as those used to analyze your surfing behavior), will be treated separately in this privacy policy. For cookies for which you have granted your consent for storage, the storage is exclusively based on this consent (Art. 6 (1) (a) GDPR); the consent can be revoked at any time.
Server log files
CRX Markets automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. Furthermore, CRX Markets has a legitimate interest in the technically error-free display and optimization of its website and of the CRX Marketplace – for this purpose, the server log files must be recorded.
Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information with any third parties without your permission.
The processing of the data entered in the contact form is based on Art. 6 (1) (a) GDPR, as you confirm your consent to such data processing when sending your request. You can revoke this consent at any time. For this purpose, send an informal notification by e-mail to regulation@crxmarkets.com. The legality of the data processing operations carried out up to revocation remains unaffected.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Inquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your inquiry, including all personal data (e.g. your name), will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent. The processing of this data is based on Art. 6 (1) (b) GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) (f) GDPR).
The data sent to us by you via contact requests will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Functions of the Twitter service have been linked on our website. These features are offered by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter’s privacy policy, please go to https://twitter.com/privacy. Data transmission to the USA is based on the standard contract clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.
Our website uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our webpages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our webpages from your IP address.
If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of the webpages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn. Data transmission to the USA is based on the standard contract clauses of the EU Commission. Further information on this can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy and here: https://de.linkedin.com/legal/l/dpa.
Our website uses features provided by the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behavior evaluated.
For more information about data protection and the XING Share button, please see the XING privacy policy at https://www.xing.com/app/share?op=data_protection.
Our website contains links to Instagram. These features are provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the website, have no knowledge of the content of the transmitted data or its use by Instagram. Data transmission to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https:// www.facebook.com/help/566994660333381.
For more information, please refer to Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
YouTube
Our website uses plugins from YouTube. The site is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our webpages you have visited. YouTube may also store various cookies on your device or use similar recognition technologies (e.g. device fingerprinting). In this way, YouTube may obtain information about visitors to this website. This information is used, among other things, to gather video statistics, improve the user experience, detect and prevent fraud. If you are logged in to your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 (1) (f) GDPR. Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Further information on the handling of user data can be found in the YouTube privacy policy at https://policies.google.com/privacy.
Google Analytics
This website uses Google Analytics, a web analytics service, that is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website visited by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (a) GDPR. The visitor has provided consent to store a cookie at the first visit of the website. This consent can be revoked at any time and the visitor can delete the cookie directly in their browser at any time.
IP anonymization
We have activated the IP anonymization feature on this website. If you are accessing the website from within the European Union or from another country which is party to the Agreement on the European Economic Area, your IP address will be shortened by Google within the European Union / European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Browser plugin
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that by doing so, you may not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Matomo (formerly Piwik)
The CRX Marketplace uses the open-source web analytics service Matomo. Matomo uses technologies that enable the recognition of the user across webpages for the analysis of user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of the CRX Marketplace is stored on our server. The IP address is anonymized before storage. With the help of Matomo, we are able to collect and analyze data about the usage of the CRX Marketplace by the users.
This enables us to find out, among other things, when which pages were accessed and from which regions they were accessed. We also collect various log files (e.g., IP address, referrer, browser, and operating system used) and can measure whether CRX Marketplace users perform certain actions (e.g., clicks, requests for help, etc.). The use of this analysis tool is exclusively based on a consent pursuant to Art. 6 (1) (a) GDPR. This consent can be revoked at any time.
Hosting
We host Matomo exclusively on a dedicated cloud instance within the European Union that meets all GDPR requirements so that all analysis data remains with us and is not shared.
Dealfront
This website uses Dealfront (formerly Leadfeeder), a web analytics service, that is operated by Dealfront Group GmbH, Durlacher Allee 73, 76131 Karlsruhe, Germany. Dealfront collects the behavioral data of all website visitors. This includes pages viewed, visitor source and time spent on the site. The visitor IP address is collected to detect the company who owns the domain and which geographic location the company belongs to.
All data is aggregated on the company level. Furthermore, all data is encrypted on transfer and rest. With the help of Dealfront, we can analyze which companies show interest in our products. The use of this analytics tool is exclusively based on a consent pursuant to Art. 6 (1) (a) GDPR. This consent can be revoked at any time and the visitor can delete the cookie directly in their browser at any time.
Hosting
Dealfront collects data to their Amazon Web Services infrastructure. All data is encrypted on transfer and at rest.
Newsletter data
If you would like to receive one of our newsletters, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not share it with third parties.
We will, therefore, process any data you enter in the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The legality of the data processing operations carried out up to revocation remains unaffected.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription and said data will be deleted upon cancellation of your subscription. Data we have stored for other purposes (e.g. email addresses for the CRX Marketplace) remains unaffected.