Data protection

Data protection information (as of October 2023)

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Hannover Finanz GmbH
Managing Directors: Goetz Hertz-Eichenrode und Robert Pauli
Günther-Wagner-Allee 13
30177 Hannover
Telephone: +49 511 28007-0
Telefax: +49 511 28007-37

Name and address of the data protection officer

The data protection officer of the controller is:
Christopher Schewior (Data Protection Officer (TÜV))


1. General information on data protection for the processing of personal data at Hannover Finanz GmbH
1.1  Type of personal data processing

As a matter of principle, we only process personal data to the extent necessary for the agreed service and to provide a functional website and our content. The processing of personal data can be carried out with your consent. If we do not consider a declaration of consent, the processing of data in our company is permitted by law.

When you contact us, we may collect the following information in specific individual cases:

  • Title, first name, surname, gender
  • Address
  • E-mail address
  • Phone number
  • Website usage data, such as web pages visited, interest in content, access times
  • Meta and communication data, such as device information, IP addresses
  • Information that is necessary for the assertion and defence of your rights in the context of contract processing in order to be able to identify you as our contractual partner and contact person
  • For the settlement of any liability claims and the assertion of any claims against you
  • For direct advertising and marketing
  • For the administration of contractual partner data of the contract history

Further details or additions to the personal data processing can be found in the respective contract documents and/or the following information.

1.2 Collection and storage of personal data and the nature and purpose of its use
1.2.1 Purposes for the fulfilment of a contract or pre-contractual measures
Art. 6 para. 1 sentence 1 lit. b GDPR

Personal data is processed at your request for the fulfilment of our contracts with you and the execution of your orders as well as for the implementation of measures and activities in the context of pre-contractual relationships by interested parties. This data is essentially collected:

  • to be able to identify you as our contractual partner
  • to be able to advise you appropriately
  • for correspondence with you
  • for invoicing purposes
  • to process any existing liability claims and to assert any claims against you
  • for measures to control and optimise business processes
  • for the verifiability of transactions and orders
  • for the fulfilment of general duties of care
1.2.2 Purposes within the scope of a legitimate interest of us or third parties
Art. 6 para. 1 sentence 1 lit. f GDPR

Beyond the actual fulfilment of the contract or pre-contract, we may process your personal data if it is necessary to protect our legitimate interests or those of third parties, in particular for the purposes of for advertising, provided you have not objected to the use of your datato send newsletters, insofar as we have informed you of this when concluding the contract and you have not objected to the use of your data:

  • for testing and optimising procedures
  • to send newsletters, insofar as we informed you of this when the contract was concluded and you have not objected to the use of your data
  • for the further development of services and existing systems and processes
  • for the assertion of legal claims and defence in legal disputes
  • for the limited storage of data if deletion is not possible or only possible with disproportionately high effort due to the special type of storage
  • for building and plant security through access controls and video surveillance
  • for internal and external investigations, for security checks.
1.2.3 Purposes for the fulfilment of legal requirements Art. 6 para. 1 sentence 1 lit. c GDPR  or in the public interest Art. 6 para. 1 sentence 1 lit. e GDPR

Like everyone involved in business, we are also subject to a variety of legal obligations. These are primarily legal requirements such as compliance with tax and regulatory requirements. In addition, the disclosure of personal data may become necessary in the context of official and/or judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.

1.3 The categories of data processed by us, if we do not receive data directly from you, and their origin

Insofar as this is necessary for the provision of our services, we process personal data legitimately received from other companies or other third parties. We may process personal data that we have legitimately collected from publicly accessible sources such as telephone directories, commercial and association registers, population registers, debtor directories, land registers, the Internet and other media. Relevant personal data categories may include in particular:

  • Personal data, name, profession, industry and comparable data
  • Contact details, address, email address, telephone number and similar data
  • Data about your use of the telemedia offered by us, such as the time of accessing our websites
  • Meta and communication data, for example device information, IP addresses
1.4 Recipients or categories of recipients of your data

Your personal data will only be transferred to third parties if

  • You have given us your consent to transfer your data to third parties;
  • this is necessary pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you;
  • this is necessary to fulfil legal requirements according to which we are obliged to provide information, report or pass on data
  • external service companies process data on our behalf as processors or function providers, such as external data centres, support and maintenance of EDP/IT applications, marketing agencies, website management, auditing services, credit institutions, printers or companies for data disposal.

We will not pass on your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards as ours. The data passed on may only be used by the third party for the stated purposes for which it was transmitted to them.

1.5   Duration of the storage of your data

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract as part of pre-contractual negotiations and the fulfilment of a contract.

The personal data collected by us for the contractual relationship will be stored for 3 years after the end of the calendar year in which the (pre)contractual relationship was terminated until the expiry of the statutory retention obligation and then deleted, unless a) we are obliged to store it for a longer period in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations or b) you have consented to further storage in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Furthermore, special statutory provisions may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation periods or other retention and documentation obligations under regulatory and procedural law. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data is no longer required for the fulfilment of contractual or legal obligations and rights, it is regularly deleted, unless its – temporary – further processing is necessary for the fulfilment of the above-mentioned purposes for an overriding legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organisational measures, as well as for the management of contractual partner data in a history.

1.6 Processing of your data in a third country

Data is transferred to bodies in third countries outside the European Union (EU) or the European Economic Area (EEA) if it is necessary for the performance of a contract with you, if it is required by law, such as due to reporting obligations under tax law, or if you have given us your consent.

Data may also be transferred to a third country in connection with the involvement of service providers as part of order processing. If there is no decision by the EU Commission on an appropriate level of data protection in the country in question, we ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection regulations by means of appropriate contracts. We will provide you with the relevant detailed information on request.

2.  Data processing on the website of Hannover Finanz GmbH
2.1 Provision of the website using functional cookies

We use functional cookies on our website.

Cookies are small text files that are stored in your Internet browser or by the Internet browser on your computer system. Cookies are downloaded when you call up a page.

Functional cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use functional cookies to make our website user-friendly and to ensure that it functions properly (technically necessary cookies).

Temporary cookies, session cookies or transient cookies are cookies that are deleted after a user leaves the website and closes their browser. A login status, for example, can be stored in such a cookie. Permanent or persistent cookies are cookies that remain stored even after the browser has been closed. In addition, these cookies can be used to store user interests, which are then used for reach measurement or marketing purposes, for example. We do not use this type of cookie. We only use functional cookies.

Some elements of the website require the browser from which you access our website to be able to identify you even after a page change.

Each time our website is accessed, our system or the system of our hosting provider therefore automatically collects the following data and information from the computer system of the accessing computer:

  • Information about the browser type and version used, the operating system of your computer and the name of your access provider
  • The IP address of the requesting computer
  • Date and time of access
  • Access status (HTTP status)
  • Time zone difference to GMT
  • Websites from which the user’s system accesses our website
  • Websites that are accessed by the user’s system via our website

The data is stored in the server’s log files. We do not use the data for the purpose of drawing conclusions about your person. The aforementioned data is processed by our company for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring convenient use of our website
  • Analysing system security and stability
  • For other administrative purposes

The legal basis for the storage of the data is Art. 6 para. 1 lit. f GDPR.

The aforementioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

The data is stored temporarily and deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data is stored in log files, this is the case after 3 days at the latest. Storage beyond this is possible for a maximum of 30 days in the event of an error message. Error logs, which record incorrect page views, are deleted after 7 days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the website accessed.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object. Please note that you have no influence on the use of necessary function cookies.

2.2 Cookie consent with Borlabs

This website uses the cookie consent technology of Borlabs GmbH (Hamburger Str. 11, 22083 Hamburg, Germany, hereinafter referred to as Borlabs) to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The WordPress cookie from Borlabs allows visitors to the website to select which cookies they wish to consent to via a checkbox or switch button for each cookie and cookie group (opt-in).

When you visit our website, the following personal data is transferred to Borlabs:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your end device
  • Time of your visit to the website

In addition, Borlabs stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Borlabs cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Borlabs is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR. The user can prevent or end the installation of cookies and their storage, and thus their cookie consent, at any time by changing their browser settings.

Further information about Borlabs can be found at and

2.3 Matomo 

Our website uses the web analysis service Matomo, a service provided by ‘InnoCraft Ltd’, a company based at 7 Waterloo Quay, PO625 Wellington, New Zealand. As InnoCraft is based outside the EU, InnoCraft has appointed a representative in the EU: ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg, Germany (

Matomo uses ‘cookies’, which make it possible to analyse the use of the website. For this purpose, the usage information collected in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transmit any data to servers that are outside our control. Your IP address is immediately anonymised during this process so that you as a user are not identifiable to us. The information collected about your use of this website is not passed on to third parties.

We use the data collected for statistical analysis of user behaviour in order to optimise the functionality and stability of the website and for marketing purposes.

The legal basis for the use of Matomo is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR.

Further information on Matomo and the option to withdraw your consent can be found here:  [borlabs-cookie type=”btn-cookie-preference” title=”Einwilligungen überprüfen oder widerrufen” element=”link”/]

2.4 E-Mail-Kontakt

On our website, you have the option of contacting us via the e-mail addresses provided. The user’s details may be stored in a customer relationship management system (‘CRM system’) or a comparable system. Our email procedure offers transport encryption of communication. With transport encryption, emails are encrypted on their way from the sender’s client computer to the sender’s email server, from there to the recipient’s email server and to the recipient’s client computer. They are also encrypted on the client computers and on the mail servers.

In the event of e-mail contact, the user’s personal data transmitted with the e-mail is stored.

This data is regularly:

  • e-mail address
  • first name, surname
  • postal address

The following data is also stored when the message is sent:

  • IP address of the user
  • Date and time of registration

The data is used exclusively for processing the conversation. The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing may be Art. 6 para. 1 lit. b GDPR.

The processing of personal data serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serves to prevent misuse of the email procedure and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no longer any statutory or contractual retention obligations.

If the user contacts us by email, they can object to the storage of their personal data at any time at the email address they used to contact us and/or at the email address, which is used for further communication by our company. In such a case, the conversation cannot be continued.

All personal data stored in the course of making contact will be deleted if the requirements are met in this case.

2.5 LinkedIn company page

When you visit our LinkedIn company page, we are jointly responsible with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ( for the processing of your personal data.

We operate our LinkedIn page for information and communication with you as a user and interested party of our offer or as a potential employee/applicant. In accordance with LinkedIn´s terms of use ,

which every user has agreed to when creating a LinkedIn profile, we can identify subscribers to the page and view their profiles and other information shared by them. For example, your LinkedIn name and profile picture are visible to us (and other LinkedIn users) when you visit our site or comment on our posts. We therefore only collect the personal data that has obviously become part of our LinkedIn page through your involvement. We have no interest in collecting and further processing your individual personal data for marketing purposes. Accordingly, we use the data at most to customise and improve our offering.

LinkedIn uses cookies to store and further process this information, i.e. small text files that are stored on the user’s various end devices. According to LinkedIn, the cookies used by LinkedIn are used for authentication, security, preferences, functions and services, personalised advertising, analysis and research. You can view details of the cookies used by LinkedIn here:

LinkedIn’s privacy policy contains further information on data processing.

The operation of the LinkedIn page, including the processing of users’ personal data, is based on Art. 6 para. 1 lit. f) GDPR for the implementation of our legitimate interests in an information and interaction opportunity via LinkedIn for and with our users and visitors. Further legal bases for data processing may arise in individual cases from Art. 6 para. 1 lit. a), b), c) GDPR.

We delete personal data if the purpose of the data processing has been achieved and there are no other legal reasons against deleting the data. We always delete private messages in our LinkedIn account manually after three months.

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA:

3. Data protection information for applicants
3.1 Type, purposes and scope of personal data processing

If you apply to Hannover Finanz GmbH, the following information may be processed in a specific individual case:

  • Surname, first name
  • Date of birth
  • Place of birth
  • Address/private telephone
  • Private e-mail
  • Tax number/Finance office
  • National insurance number
  • Health insurance number
  • Gender/marital status/children/religion
  • Bank details
  • Remuneration
  • Personnel number
  • Illnesses/severe disability/pregnancy
  • Meta and communication data, such as IP address
  • Working hours
  • Photos
  • Curriculum vitae/certificates/references/previous employers
  • Connection data
  • Credit card/ID card data
 3.2 Legal bases and purposes of personal data processing

The personal data may be processed in response to your request via an unsolicited application, for the decision on the establishment of an employment relationship, if necessary, or for the purpose of fulfilling legal obligations to which the company is subject.

The legal basis for the processing of personal data for the aforementioned purposes is Section 26 (1) BDSG in conjunction with Art. 88 GDPR.

Insofar as special categories of personal data are processed, the processing of this data is based on the exercise of rights or the fulfilment of legal obligations under labour law, tax law and social security law.

The legal basis for the aforementioned purposes for processing special personal data is Section 26 (1), (3) BDSG in conjunction with Art. 9 (2) lit. b), h) GDPR.

3.3 Storage period

Your data will not be stored for longer than is necessary to achieve the aforementioned purposes and the statutory retention rights and retention obligations under civil and labour law; namely for six months after the end of an application procedure in the event of non-employment and for a period of three years after the commencement of pre-contractual negotiations in the context of the possible establishment of an employment relationship in the event of non-employment, and for a longer period if this is necessary due to further statutory retention obligations or to safeguard the legitimate interests of Hannover Finanz GmbH for the proof, assertion and defence of legal claims.

3.4 Data transfer to third parties

Personal data will not be transferred to third parties for purposes other than those mentioned above. Insofar as this is necessary for the possible processing of an employment contract and for the establishment, implementation and termination of an employment relationship, personal data will be passed on to third parties, about which you will then be informed at the time of further processing.

Information on personal data processing when using the website and the e-mail procedure of Hannover Finanz GmbH can be found in the website’s privacy policy.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you may have the following rights vis-à-vis the controller, i.e. vis-à-vis our company, after a review of the specific individual case.

You have the right to

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
  • in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
  • in accordance with Art. 7 para. 3 GDPR, to revoke any consent you may have given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
  • to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

Your right to object in accordance with Art. 21 GDPR

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR (data processing on the basis of a balancing of interests) or Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest), you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling insofar as it is associated with such direct advertising. We will honour this objection with effect for the future.

Your data will no longer be processed for direct marketing purposes if you object to processing for these purposes.

If you wish to exercise your right of cancellation or objection, simply send an informal email to