Privacy Policy of METEOR FINANZAS SL

Effective: December 13, 2025

This Privacy Policy applies to the use of the website WWW.METEORDIENST.COM and the services provided by METEOR FINANZAS SL.

Privacy Policy of the METEORDIENST.COM Website

Privacy Notice Regarding the Processing of Loan Applications

Definitions According to the GDPR

The privacy policy of this website is based on the terminology used by European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for both the general public and for you as a customer and business partner. To ensure this, we would like to explain the terminology used in advance.

In this Privacy Policy, we use the following terms, among others:

1. a) Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2. b) A data subject is any identified or identifiable natural person whose personal data is processed by the controller. In case of doubt, you are therefore a data subject.
3. c) Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, alignment or combination, restriction, erasure, or destruction.
4. d) Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.
5. e) “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
6. f) “Recipient” means a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, regardless of whether that body is a third party or not. However, public authorities that may receive personal data in the course of a specific inquiry under Union law or the law of the Member States shall not be regarded as recipients.
7. g) A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

(h) Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

Privacy Policy for the METEORDIENST.COM Website

The website WWW.METEORDIENST.COM is provided by METEOR FINANZAS SL.

Our Approach to Data Protection

Data protection law is part of our right to privacy. Especially in our constantly evolving and interconnected world, the importance of these rights must not be underestimated. We place a high priority on data protection law in all its forms and requirements; therefore, we take the protection of your data very seriously and always strive to provide an appropriate level of protection on our website, WWW.METEORDIENST.COM.

You are free to use the website without providing any personal data. However, if you wish to use any of the services (e.g., product inquiries) available through this website, it may be necessary to collect and process your data. Should this be the case and there be no legal basis for such processing, we will always obtain your consent for the respective process.

The processing of your personal data—such as your name, address, email address, or phone number—is always carried out in accordance with the General Data Protection Regulation and in compliance with applicable country-specific data protection regulations. We would like to provide you and the public with clear information about the nature, scope, and purpose of the personal data we collect, use, and process, so that you have a comprehensive understanding of data protection.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most comprehensive protection possible of the personal data processed via this website. Since, despite all technical precautions, absolute protection during data transmission cannot be fully guaranteed, you are free to transmit your personal data by other means, such as by telephone.

Data Protection Details

Data Controller

The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions relating to data protection is:

METEOR FINANZAS SL, Calle Principe De Vergara 58 Ver, 28006 Madrid

Phone number: +34 666 50 93 65

Email address: datosproteccion@meteordienst.com

Website: WWW.METEORDIENST.COM

METEOR FINANZAS SL is represented by Bernd Erich Stotzer. You can contact our Data Protection Officer at datosproteccion@meteordienst.com

Privacy Policy for the METEORDIENST.COM Website

What data and information we collect:

1. a) General data When you visit the website, the website collects a range of general data and information. This general data and information is stored in the server’s log files. The following may be collected:

(1) the types and versions of browsers used,

(2) the operating system used by the accessing system,

(3) the website from which an accessing system reaches our website (so-called referrer),

(4) the subpages of our website accessed via an accessing system,

(5) the date and time of access to the website,

(6) an Internet Protocol address (IP address),

(7) the Internet service provider of the accessing system, and

(8) other similar data and information that serve to prevent threats in the event of attacks on our information technology systems.

We do not draw any conclusions about you from the use of this general data and information. Rather, this information is required to

(1) deliver the content of our website correctly,

(2) optimize the content of our website and the advertising on it,

(3) ensure the continued functionality of our information technology systems and the technology of our website, and

(4) To provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack.

We therefore evaluate this anonymously collected data and information for statistical purposes and to enhance data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from any personal data you have provided.

1. b) Personal Data

Furthermore, when using our website—for example, when submitting a loan application—the following personal data may be collected and processed, naturally with your knowledge and consent:

(1) Personal details such as last name, first name, date of birth, and addresses

(2) Family circumstances, e.g., marital status

(3) Contact information such as telephone number, mobile phone number, and email address

(4) Bank account information

(5) Monthly income

(6) Employment status

(7) Housing status

1. c) Purpose of Processing

The purpose of processing the aforementioned data arises from the context of the visitor’s use of the website. Processing of the data may be necessary for the following reasons:

(1) To provide the online service, its functions, and content

(2) To respond to contact requests and communicate with users

(3) To provide contractual services (e.g., preparing financing options)

(4) Security measures

(5) Audience measurement/marketing

(6) Maintenance of general business operations (administration, financial accounting, office organization, data archiving).

Cookies

This website operates, among other things, through the use of cookies. Cookies are text files that are placed and stored on your computer system via your web browser. Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that allows websites and servers to associate the specific web browser in which the cookie was stored. This enables the websites and servers you visit to distinguish your individual browser from other web browsers that contain different cookies. A specific web browser can be recognized and identified via the unique cookie ID. The use of cookies allows us to provide you with a user-friendly service that would not be possible without the use of cookies. Cookies allow the information and content on this website to be tailored to your preferences. Cookies enable the website to recognize you. These are small files that are stored on your device when you visit a website. With their help, your web browser remembers that you have visited this website before. The purpose of this recognition is to make it easier for users to navigate the website. For example, when you use this website, you do not have to re-enter your login credentials every time you visit the site, as this information is retrieved by the website and the cookie stored on your computer system. You can prevent this website from setting cookies at any time by adjusting the settings in your web browser, thereby permanently objecting to the use of cookies. Furthermore, cookies that have already been set can be deleted at any time via your web browser or other software programs. This is possible in all common web browsers. If you disable cookies in your web browser, you may not be able to use all features of the website to their full extent. You can view your consent regarding the use of cookies and third-party scripts here at any time and revise your consent:

Contact Options via the Website

In accordance with legal requirements, the website contains information that enables you to quickly contact our company electronically and communicate directly with us, including a general email address. If you contact us via email or through our contact form, the personal data you provide will be automatically stored. Such personal data, which you provide on a voluntary basis, is stored for the purpose of processing your inquiry or contacting you. This personal data will not be disclosed to third parties.

Deletion and Blocking of Personal Data

Your personal data will be processed only for the period necessary to achieve the purpose of storage, or to the extent provided for by European legislative bodies or other legislative bodies in laws or regulations to which the data controller is subject.

In this regard, for example, there is a legally prescribed retention period of 10 years pursuant to Sections 147(1) AO, §§ 257(1) Nos. 1 and 4, (4) of the Spanish Commercial Code (HGB) for books, records, management reports, accounting documents, ledgers, or documents relevant for taxation, and a 6-year retention period pursuant to § 257(1) Nos. 2 and 3, (4) of the Spanish Commercial Code (HGB) for business correspondence.

If the purpose of storage no longer applies or if a retention period prescribed by European directives and regulations or by another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

Your Rights as a Data Subject

1. a) Right to Confirmation You have the right to request confirmation as to whether your personal data is being processed. If you wish to exercise this right to confirmation, you may contact the data protection officer listed below at any time.
2. b) Right of access You have the right to obtain, free of charge, information about your stored personal data (e.g., the purpose of processing or the categories of data being processed) and a copy of this information at any time. You also have the right to know whether your personal data has been transferred to a third country or to an international organization. If this is the case, you are also entitled to receive information about the appropriate safeguards in connection with the transfer. If you wish to exercise this right of access, you may contact the data protection contact person listed below at any time.
3. c) Right to Rectification You have the right to request the immediate rectification of any inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data—including by means of a supplementary statement. If you wish to exercise this right to rectification, you may contact the data protection officer listed below at any time.
4. d) Right to erasure (right to be forgotten) You have the right to request that your personal data be erased without delay. We are also obligated to erase personal data without delay if there is a reason that does not justify the processing of the data (e.g., personal data was collected or otherwise processed for purposes for which it is no longer necessary) .If any of the above reasons apply and you wish to request the erasure of your stored personal data, you may contact the data protection officer listed below at any time. If your personal data has been made public and we are obligated to delete it, we will take appropriate measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers processing your personal data that you have requested us to delete all links to such personal data or copies or replicas of such personal data.
5. e) Right to restriction of processing You have the right to request the restriction of processing if any of the following conditions apply:

You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data. The processing is unlawful, you object to the erasure of the personal data, and instead request the restriction of the use of the personal data. We no longer need the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims. You have objected to the processing pursuant to Art. 21(1) of the GDPR, and it has not yet been determined whether our legitimate grounds override your legitimate grounds.

 If any of the above conditions apply and you wish to request the restriction of your personal data stored with us, you may contact the data protection officer listed below at any time. We will notify you of any correction or deletion of your personal data or any restriction on processing, unless this proves impossible or involves a disproportionate effort. We will inform you of the recipients if you request it.

1. f) Right to data portability You have the right to receive the personal data concerning you that you have provided in a structured, commonly used, and machine-readable format. To exercise your right to data portability, you may contact the data protection officer listed below at any time.
2. g) Right to object You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out pursuant to Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing. To exercise your right to object, you may contact the data protection contact person listed below directly.
3. h) Right to withdraw consent under data protection law You have the right to withdraw your consent to the processing of personal data at any time. If you wish to withdraw your consent, you may contact the following entity at any time:

METEOR FINANZAS SL

Calle Principe De Vergara 58 Ver

28006 Madrid

Phone number: +34 666 50 93 65

Email address: datosproteccion@meteordienst.com

Website: WWW.METEORDIENST.COM

 

Use of Google’s Marketing Platform and Cloud Services

Limited Use of Google Analytics

Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To optimize, analyze, and ensure the economic operation of our online offering, we use Google Analytics in our own interest pursuant to Art. 6(1)(f) of the GDPR, but only in a very limited form. In this context, data is collected only in anonymized form for statistical purposes. Google itself does not set any cookies, and no data is used for advertising purposes. As a rule, Google truncates the user’s IP address within the EU or the EEA (IP anonymization enabled). In specific cases, personal data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA, in the course of use. There is no adequacy decision by the European Commission. Data is transferred on the basis of the EU Standard Contractual Clauses.

Full Use of Google Analytics

Furthermore, with the user’s consent (Art. 6(1)(a)), we also use the full range of features offered by Google Analytics. In some cases, Google Analytics uses cookies containing information about users’ use of the online service for the purpose of analysis. Google creates reports on our behalf regarding the use of our online service. For this purpose and for other services on our behalf, information about users’ activities within our service is collected. This information may also be used to create pseudonymous user profiles. We use Google Analytics to ensure that ads placed by Google’s advertising services (and its partners) are shown only to users who exhibit certain characteristics (interest in specific topics or products) (so-called remarketing). By using “Remarketing Audiences,” we ensure that the corresponding advertisements are not intrusive and align with the user’s potential interests. Users can prevent the collection and processing of their data by downloading and installing the browser plugin available at this link: https://tools.google.com/dlpage/gaoptout?hl=de. The storage of cookies can also be prevented by adjusting the settings in their respective browsers or by withdrawing consent in our Consent Manager. At the beginning of this privacy policy, you can adjust your consents by opening the Consent Manager and making the appropriate settings. For further information on settings and opt-out options, as well as on data collection by Google, please visit Google directly: https://www.google.com/intl/de/policies/privacy/partners, https://www.google.com/policies/technologies/ads. You can also view and edit your ad settings here: https://adssettings.google.com/authenticated.

Google Signals

With the user’s separate consent pursuant to Article 6(1)(a), we use Google Signals, which enables Google Analytics to measure cross-device interactions with our content.

Use of Google’s Remarketing and Marketing Services

Below, we explain when we use marketing services. This applies only if the remarketing feature is enabled in Analytics or if one of the following sections (AdWords, DoubleClick) applies. With the user’s consent pursuant to Art. 6(1)(a) of the GDPR, we use the marketing and remarketing services (hereinafter “Google Marketing Services”) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In certain cases, personal data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA, in connection with the use of these services. There is no adequacy decision by the European Commission. Data is transferred based on the EU Standard Contractual Clauses. We use Google Marketing Services to display advertisements for our website and on our website in a more targeted manner, with the aim of presenting users primarily with those ads in which they have a potential interest. For example, when ads are displayed for products in which the user has shown interest on previous pages, this is referred to as “remarketing.” On all websites (ours and others) where Google Marketing Services are enabled, a Google code is executed immediately upon loading the page, and so-called. (Re)marketing tags (invisible graphics or code, also known as “web beacons”) are embedded in the website. This results in an individual cookie (or comparable technology) being stored on the user’s devices. These may be set by various domains, including doubleclick.net, googlesyndication.com, admeld.com, google.com, invitemedia.com, or googleadservices.com. The stored file contains data on the websites visited by the user and the offers in which they have shown interest. Additionally, technical information regarding the operating system, the browser used, the duration of the visit, referring websites, and the use of the online service is stored. As a rule, Google truncates the user’s IP address within the EU or the EEA (IP anonymization enabled). The IP address is not merged with other user data. Google may also combine user information with information from other sources. Consequently, ads may appear on our website that correspond to the user’s interest profile. Within the scope of Google Marketing Services, all user data is processed pseudonymously. Therefore, the storage does not include the user’s name or email address.  All relevant data is stored solely as a user profile based on cookies. Ads are therefore not personalized but are based exclusively on cookies. If the user has granted Google permission, the data may also be processed without pseudonymization. Third-party ads are integrated, for example, using Google’s “DoubleClick” or “AdSense.” Both programs use cookies that enable Google and its partner websites to display ads based on users’ website visits on the internet. You can disable interest-based advertising through Google Marketing Services by using the settings and opt-out options provided by Google: https://www.google.com/ads/preferences. At the beginning of this privacy policy, you can adjust your consent by opening the Consent Manager and making the appropriate settings. Google’s overview page: https://www.google.com/policies/technologies/ads provides you with further information on data usage for marketing purposes. You can find Google’s privacy policy at: https://www.google.com/policies/privacy.

Google Tag Manager

In our legitimate interest pursuant to Article 6(1)(f) of the GDPR, we use the “Google Tag Manager” service to manage and operate the website content. This is a tag management service provided on a cookie-free domain that supports us in consent management as well as in integrating various third-party providers. This service is essential for the operation of the site.

Tag Manager Server

In addition, we use Google’s “Tag Manager Server,” which enables us to consolidate external data communications. This service is operated on European Google Cloud servers, primarily located in Spanishy. We use this cloud server provider to fulfill our contractual obligations to our potential and existing customers (Art. 6(1)(b) GDPR) and to ensure the secure, fast, and efficient delivery of our online services by a professional provider (Art. 6(1)(f) GDPR). Our hosting provider will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data. For more information on data processing, please visit: https://cloud.google.com/terms/data-processing-terms?hl=de.

Google Maps

Embedded maps are provided by “Google Maps,” Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Maps services with the user’s consent in accordance with Article 6(1)(a) of the GDPR. You can view the privacy policy here: https://www.google.com/policies/privacy/; the opt-out method can be found here: https://www.google.com/settings/ads/.

Integration and Use of Facebook Marketing Services

With the user’s consent pursuant to Article 6(1)(a) of the GDPR, we use the so-called “Facebook Pixel” for our online offering, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). We use the Facebook Pixel to display the advertisements we place only to those Facebook users who have also shown an interest in our online offering, specific products, or topics. In addition, we use the Facebook Pixel to ensure that our advertisements on Facebook correspond to the potential interests of users and do not appear intrusive. The Facebook Pixel allows us to measure the effectiveness of our Facebook ads and generate statistics on how many users visit our website via an ad. When one of our webpages is accessed, the Facebook Pixel is automatically integrated into the page, and a cookie may be stored on the user’s device. If the user is logged into Facebook at that time or logs in later, the visit to our online offering is also recorded in the corresponding Facebook profile. The collected data is anonymized and does not allow us to draw any conclusions about the user’s identity. Facebook itself, however, stores and processes the data, and thus, due to the connection to the respective Facebook profile, Facebook’s own use of the data for advertising or market research purposes is also possible. Should it be necessary for us to synchronize the data with Facebook, it is first encrypted within the browser and only then sent by us to Facebook via a secure connection. The scope and processing of data are set forth in Facebook’s Data Policy. You can also find basic information about Facebook ads at: https://www.facebook.com/policy.php. For more information about the Facebook Pixel and how it works, please visit Facebook’s Help Center: https://www.facebook.com/business/help/, https://www.facebook.com/policy.php. You may object to data collection via the Facebook Pixel and to the use of your data for displaying Facebook ads. To do so, visit the page set up by Facebook and follow the instructions regarding settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. All settings are platform-independent, so they apply to all devices (such as mobile or desktop devices). You can view and change whether the collection of your data via the Facebook Pixel is enabled on our website in our Consent Manager. Furthermore, you can object to the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative’s opt-out page at https://optout.networkadvertising.org, the European website at https://www.youronlinechoices.com/uk/your-ad-choices, and the U.S. website at https://www.aboutads.info/choices. At the beginning of this privacy policy, you can adjust your consent settings by opening the Consent Manager and making the appropriate selections.

Mouseflow

With your consent pursuant to Article 6(1)(a) of the GDPR, we use the service Mouseflow, ApS (Flaesketorvet 68, 1711 Copenhagen V, Denmark). This allows us to create so-called heatmaps and session recordings. Mouseflow enables us to track mouse cursor movements on our websites. In addition to information about which windows or buttons the user clicks and how far they scroll through the text, technical data such as information about the operating system, browser, and similar details may also be collected and processed. User profiles are created temporarily for this purpose. In addition, we can use this program to gather direct feedback from website visitors. This direct interaction can be used to improve user-friendliness and usability. Privacy Policy: https://mouseflow.com/privacy/. You can view and change your consent in our Consent Manager.

Information about Firstlead GmbH / ADCELL Affiliate Program

This website collaborates with Firstlead GmbH and the “ADCELL” brand on the basis of legitimate interest (Art. 6(1)(f) GDPR). As soon as a visitor clicks on an advertisement containing the affiliate link, we set a cookie ourselves. We do not use tracking pixels for this purpose. This means that no data is retrieved from ADCELL’s server, and we therefore do not receive any further information. The ADCELL cookie is generally stored only as a session cookie. If the user has given consent, a “persistent cookie” is stored. The cookie allows us to determine the origin of orders. Should a measurable event occur on the site that we report to ADCELL via an affiliate program, the information from the cookie is transmitted via our servers to Firstlead GmbH / ADCELL and stored there. Firstlead GmbH / ADCELL may, under certain circumstances, pass this (pseudonymized) information on to contractual partners, but has no access to personal information, as data transmission takes place exclusively via our servers.

Social Media Presence

With your consent pursuant to Article 6(1)(a) of the GDPR, we maintain a presence on social media networks and platforms. We use these platforms to communicate with customers, prospective customers, and users, as well as to provide information about our services. When accessing the respective networks and platforms, the terms of service and data processing policies of the respective operators apply. Unless this privacy policy specifies otherwise regarding further processing of the data, the data of users who communicate with us or interact with our content will be processed.

Use of the Email and Newsletter Service

When you subscribe to our company’s newsletter, the data entered in the respective form is transmitted to the data controller. Registration and subscription to our newsletter are carried out using a so-called double opt-in procedure. This means that after registering with METEORDIENST.COM, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else’s email address. When subscribing to the newsletter, the user’s IP address as well as the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the data subject.

Data will not be disclosed to third parties. An exception applies if there is a legal obligation to disclose the data. The data will be used exclusively for sending the newsletter and transactional emails. The data subject may cancel their subscription to the newsletter at any time. Likewise, consent to the storage of personal data may be revoked at any time. For this purpose, a corresponding link is included in every newsletter. The legal basis for processing the data following the user’s subscription to the newsletter is Article 6(1)(a) of the GDPR, provided the user has given consent. The legal basis for sending the newsletter following the sale of goods or services is Section 7(3) of the UWG.

Use of rapidmail

We use rapidmail to send newsletters and transactional emails. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Spanishy. rapidmail is used, among other things, to organize and analyze the sending of newsletters and transactional emails. The data you provide for the purpose of subscribing to the newsletter is stored on rapidmail’s servers in Spanishy. If you do not wish to have your data analyzed by rapidmail, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. For analysis purposes, emails sent via rapidmail contain a so-called tracking pixel that connects to rapidmail’s servers when the email is opened. This allows us to determine whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links, which allow us to count your clicks.

Legal basis: The legal basis for data processing is Article 6(1)(a) of the GDPR.

Recipient: The recipient of the data is rapidmail GmbH. We have entered into a data processing agreement with rapidmail, under which we require rapidmail to protect our customers’ data and not to disclose it to third parties.

Transfer to third countries: Data is not transferred to third countries.

Duration: The data you have provided to us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from rapidmail’s servers after you unsubscribe. Data stored by us for other purposes (e.g., email addresses, etc., for the member area) remains unaffected by this.

Right to Withdraw Consent: You have the right to withdraw your consent to data processing at any time with future effect. The lawfulness of data processing operations that have already taken place remains unaffected by the withdrawal.

Further privacy information: For more details, please refer to rapidmail’s data security information at: https://www.rapidmail.de/datensicherheit.

For further information on data protection at rapidmail, please visit the following link: https://www.rapidmail.de/wissen-und-hilfe.

Use of the WhatsApp Instant Messaging Service

With the user’s consent pursuant to Art. 6(1)(a) of the GDPR, we use WhatsApp Business, among other tools, to communicate with our customers. This service is operated by the verified WhatsApp Solution Provider 360dialog, Torstraße 61, 10119 Berlin, via the service provider SLACE GmbH, Ackerstraße 3e, 10115 Berlin. We use the instant messaging service to make customer communication more efficient for those interested in our online offerings and to enable a fast processing workflow.

The only mandatory information required for communication via WhatsApp is your phone number. After our confirmation, your phone number will be forwarded to our service provider SLACE GmbH for the purpose of sending messages, where it will be processed and stored. The legal basis is Art. 6(1)(a) GDPR. Before using the WhatsApp service, the customer gives their consent and confirms the privacy policy. Opting out is possible via a word or command, and the customer may request the deletion of their data.

Communication via WhatsApp Business uses end-to-end encryption, which prevents WhatsApp or any third parties from accessing the content of communications (e.g., messages, photos, videos). The use of the On-Premise API via 360dialog ensures that customer communication via WhatsApp Business complies with legal and data protection requirements. The 360dialog hosting servers, on which encryption and decryption take place, are located in certified data centers within the EU. Therefore, no data is transferred to third countries.

Data is not transferred to third parties. An exception applies if there is a legal obligation to transfer the data.

To ensure the processing of your data complies with data protection regulations, we have entered into a data processing agreement with 360dialog upon installation of the on-premises API.

Disclosure to Third Parties

We will only disclose data to the relevant authorities if required by law.

Legal Basis for Processing

The legal basis for the processing operations described above is Article 6(1)(a) of the GDPR, under which your consent is obtained for a specific processing purpose. If the processing of personal data is necessary, for example, to fulfill a contract with you, such processing is justified under Article 6(1)(b) of the GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as in cases of inquiries regarding our services. In the event of a legal obligation requiring the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) of the GDPR. It may occur that the processing of personal data is necessary to protect vital interests or the interests of another natural person. Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, provided that the processing is necessary to safeguard a legitimate interest of our company or a third party, unless your interests, fundamental rights, and freedoms take precedence. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. Such a case exists, for example, if you are a customer of our company (Recital 47, Sentence 2 of the GDPR).

Our legitimate interest

If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees, shareholders, and customers.

Retention Period and Data Deletion

The criterion for the retention period of personal data is the applicable statutory retention period. Once this period has expired, the relevant data is routinely deleted, provided it is no longer necessary for the performance or initiation of a contract. Data not subject to a statutory retention period is deleted as soon as it is no longer necessary for its intended purpose. If deletion is not possible due to a legally permissible purpose or other provisions, processing of the data is restricted. Blocking the data thus prevents its processing for other purposes. Retention is carried out in accordance with Section 257(1) of the Spanish Commercial Code (HGB) (for commercial ledgers, inventories, opening balance sheets, annual financial statements, business correspondence, accounting documents, etc.) for 6 years, as well as in accordance with Section 147(1) of the Spanish Fiscal Code (AO) (for books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.) for 10 years. Data collected via Google Analytics is fully anonymized after 50 months. Data collected via Facebook Pixel and ADCELL is stored indefinitely. Data collected via Mouseflow is deleted after 6 months.

The criterion for the duration of storage of personal data is the applicable statutory retention period. Once this period has expired, the relevant data is routinely deleted, provided it is no longer required for the performance or initiation of a contract.

Legal or contractual requirements for the provision of personal data

We inform you that the provision of personal data is in part required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contractual partner). Furthermore, it may be necessary for the conclusion of a contract that you provide us with personal data, which we must subsequently process. For example, you are obligated to provide us with personal data if our company enters into a contract with you. Failure to provide the personal data would result in the contract not being able to be concluded.

Before providing your personal data, you may contact us. We will then explain to you, on a case-by-case basis, whether the provision of your personal data is required by law or contract, or is necessary for the conclusion of the contract; whether there is an obligation to provide the personal data; and what the consequences would be if you do not provide the personal data.

Supervisory Authority and Complaints

If you wish to contact a public authority regarding your questions about data protection, you may direct your concerns and inquiries to the Madrid Data Protection Commissioner:

The State Data Protection Commissioner of Madrid

Calle Jorge Juan, 6

28001 Madrid

Phone: +34 901 100 099 

Fax: +34 91 266 35 17

www.aepd.es

Email: internacional@aepd.es

Website: www.aepd.es

Contact

If you have any questions regarding data protection and how your data is handled on our website and by our company, please feel free to contact us at any time.

METEOR FINANZAS SL

Calle Principe De Vergara 58 Ver

28006 Madrid

Phone number: +34 666 50 93 65

Email address: datosproteccion@meteordienst.com

Website: WWW.METEORDIENST.COM

Privacy Notice Regarding the Processing of Loan Inquiries

In order to fulfill our contractual obligations, we process your personal data. This primarily includes information that allows us to identify you, such as your name, phone number, address, or email address. As a broker, we are part of a sales network that enables us to provide you with comprehensive service. Our primary responsibility is customer service. We are responsible for this activity and the associated data processing. This privacy notice applies to the processing of your personal data in the context of loan brokerage.

In addition, our guidelines regarding the handling of your data when visiting our website apply; these can be found in our general privacy policy.

Who is responsible for data processing, and who can I contact?

The controller within the meaning of Article 4(7) of the GDPR is

METEOR FINANZAS SL

The representative: Bernd Erich STOTZER

Calle Principe De Vergara 58 Ver

28006 Madrid

Phone: +34 666 50 93 65

Email: info@meteordienst.com

What is the purpose of the data processing, and on what legal basis is it carried out?

We process your personal data in compliance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and all other applicable laws in their currently valid versions. Data processing is necessary so that we can fulfill our obligations under the loan brokerage agreement and so that you can use our services. In doing so, we process the data you have provided to us. In individual cases, we may also lawfully process your personal data from publicly accessible sources (e.g., the internet, commercial registers, association registers). We also process data that is lawfully transmitted to us by cooperation and product partners (e.g., brokers, platform operators, banks) or by other third parties (e.g., Schufa). The processing of your data is based on the consent you have provided. The legal basis for the processing is then Article 6(1)(a) of the GDPR. The processing of your data also serves to fulfill our contractual obligations under the loan brokerage agreement or to carry out pre-contractual measures (e.g., needs analysis, preparation of documents). The specific purpose of the processing arises from the tasks we undertake on your behalf. As part of our collaboration, you must provide us with the personal data necessary for the initiation and performance of our services, as we would otherwise be unable to act on your behalf. The legal basis for this processing is Article 6(1)(b) of the GDPR. We are also required by law (e.g., the Spanish Money Laundering Act (AML), the Spanish Fiscal Code (NIF), the Spanish Commercial Code, and the Spanish Trade Regulation Act ) to process your personal data. The legal basis for this data processing is Article 6(1)(c) of the GDPR. We also process your data to protect our legitimate interests or the legitimate interests of third parties (e.g., platform operators, banks). Such processing is necessary, for example, for risk and business management, the optimization of our business processes, the further development of our services, to improve our service quality, for customer and partner retention, to prevent and investigate criminal offenses, to assert our legal claims, to ensure the security of our IT systems, or to obtain credit reports. The legal basis for the processing is Article 6(1)(f) of the GDPR. There may be instances where we wish to process your personal data for a purpose other than those listed above. In such cases, we will notify you separately before processing your data and obtain your consent.

What data is processed?

In order to fulfill the obligations we have undertaken toward you under the loan brokerage agreement, we collect and store the following data from you: Personal information: Name, address, date of birth, phone number, fax number, email address, marital status, occupation, property details, company, income, revenue, and tax data, other personal or financial circumstances, pension preferences, bank account details, etc. Contract master data: Application data (data provided by you when applying to enter into a contract), contract data for a specific contract (such as contract number, financing amount, term, premium, risk/contract changes, investment amounts, loan amounts, and performance data), data regarding the property (e.g., location and value of a real estate property) or the financed item (e.g., make and license plate number for auto financing), etc. You primarily provide this data to us yourself. In some cases, we also receive the data from cooperation and product partners (e.g., real estate agents, insurance brokers, etc.) with whom you are already in contact.

Is there an obligation to provide this information?

Providing personal data is voluntary. You are under no legal or contractual obligation to provide us with your data. However, in order for us to fulfill our obligations under the loan brokerage agreement, the processing of your personal and contractual master data is absolutely necessary. Otherwise, we will be unable to act on your behalf.

To whom do we disclose your data?

Due to the complexity of loan brokerage, we may, in specific cases, rely on cooperation partners, pooling companies, and external specialists to fulfill our contractual obligations. Your data is shared to fulfill our obligations under the concluded contract in accordance with Article 6(1)(b) of the GDPR, as well as based on the consent you have provided under Article 6(1)(a) of the GDPR. Your personal and contractual master data may be shared with the following recipients: Employees of our company: They are obligated to maintain data confidentiality, even after the termination of their employment relationship. Sub-brokers, cooperation partners, and network partners: We transfer your data to partners to fulfill our obligations under the loan brokerage agreement with you or to ensure continuity of service in the event that we are no longer able to provide your service. Depending on the product requested, the scope of our mandate, and the situation you have described, we may engage different partners. All sub-brokers and cooperation partners are bound by a separate confidentiality agreement.

Product Providers

These primarily include banks, building societies, and insurance companies. These companies receive your personal data to the extent necessary to prepare a quote for you, to prepare for the conclusion of a financing agreement, or to execute the financing agreement.

Depending on the specific case, your personal data may be transferred to the recipients listed here as examples. However, the mere mention of a potential recipient does not imply that your data will actually be transferred to that recipient in a specific case.

Service Providers

These include, for example, service companies, technical service providers, or partners in business consulting professions. These external service providers assist us, for instance, in selecting the appropriate product from the market offerings. In doing so, we use platforms for brokerage services that enable easy connection to our cooperation and product partners, allowing us to provide you with faster product recommendations. In this case, your data is stored by the platform in accordance with the highest security standards and in strict confidence. External service providers are also required to maintain data confidentiality.

Depending on the specific case, your personal data may be transferred to the recipients listed here as examples. However, the mere mention of a potential recipient does not imply that your data will actually be transferred to that recipient in a specific case.

Is your personal data transferred abroad?

As a general rule, we do not transfer data abroad. However, should it become necessary to transfer data abroad in specific cases, we work exclusively with partners and service providers who process data within the European Economic Area (EEA). In the exceptional event that your data is processed outside the European Economic Area when using service providers, we have entered into special agreements with the service providers that comply with the requirements of the European Commission’s Standard Contractual Clauses, or the processing of the data takes place in countries that guarantee an adequate level of data protection pursuant to an adequacy decision by the European Union.

Is your data processed for marketing purposes?

If you have given us your consent to do so in the loan brokerage agreement, we will use your data to send you additional offers and information about products that are not part of the loan brokerage agreement. Depending on your consent, we will therefore share your contact information (last name, first name, email address, and phone number) and your product interests with one of our partners for the purpose of advising you on other products, such as insurance. You may revoke this consent at any time. To do so, you may use the contact options listed above. If you withdraw your consent, your data will no longer be processed on the basis of that consent. The lawfulness of data processing carried out on the basis of your consent prior to withdrawal remains unaffected by the withdrawal.

When will the data be deleted?

Your personal data will be processed only for the period necessary to achieve the purpose of storage, or to the extent required by European directives and regulations or by other legislation or regulations to which the data controller is subject. In this regard, for example, there is a legally prescribed retention period of 10 years pursuant to Sections 147(1) AO, §§ 257(1) Nos. 1 and 4, (4) of the Spanish Commercial Code (HGB) for books, records, management reports, accounting documents, ledgers, or documents relevant for taxation, and a 6-year retention period pursuant to § 257(1) Nos. 2 and 3, (4) of the Spanish Commercial Code (HGB) for business correspondence. If the purpose of storage no longer applies or if a retention period prescribed by European directives and regulations or by another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

What are your rights regarding data processing?

You have the following rights regarding data processing:

1. a) Right to confirmation: You have the right to request confirmation as to whether your personal data is being processed. If you wish to exercise this right, you may contact the data protection officer listed above at any time.
2. b) Right of access You have the right to obtain, at any time and free of charge, information about your stored personal data (e.g., the purpose of processing or the categories of data being processed) and a copy of this information. You also have the right to know whether your personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to receive information about the appropriate safeguards in connection with the transfer. If you wish to exercise this right to information, you may contact the data protection contact person listed above at any time.
3. c) Right to rectification: You have the right to request the immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data—including by means of a supplementary statement. If you wish to exercise this right to rectification, you may contact the data protection contact person listed above at any time.
4. d) Right to erasure (right to be forgotten): You have the right to request that your personal data be erased without undue delay. We are also obligated to erase personal data without undue delay if there is a reason that does not justify the processing of the data (e.g., personal data was collected or otherwise processed for purposes for which it is no longer necessary). If any of the above reasons apply and you wish to request the erasure of your stored personal data, you may contact the data protection officer listed above at any time. If your personal data has been made public and we are obligated to delete it, we will take appropriate measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers processing your personal data that you have requested us to delete all links to such personal data or copies or replicas of such personal data.
5. e) Right to restriction of processing: You have the right to request the restriction of processing if one of the following conditions applies:

You contest the accuracy of the personal data, for a period during which we are able to verify the accuracy of the personal data. The processing is unlawful, you object to the erasure of the personal data, and instead request the restriction of the use of the personal data. We no longer need the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims. You have objected to the processing pursuant to Art. 21(1) GDPR, and it has not yet been determined whether our legitimate grounds override your legitimate grounds.

If any of the above conditions are met and you wish to request the restriction of your stored personal data, you may contact the data protection officer listed above at any time. We will notify you of any correction or deletion of your personal data or any restriction on processing, unless this proves impossible or involves a disproportionate effort. We will inform you of the recipients if you request it.

1. f) Right to data portability: You have the right to receive the personal data concerning you that you have provided in a structured, commonly used, and machine-readable format. To exercise your right to data portability, you may contact the data protection contact person listed above at any time.
2. g) Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing. To exercise your right to object, you may contact the data protection contact person listed above directly.
3. h) Right to withdraw consent under data protection law: You have the right to withdraw your consent to the processing of personal data at any time. If you wish to withdraw your consent, you may contact the following entity at any time:

METEOR FINANZAS SL

Calle Principe De Vergara 58 Ver

28006 Madrid

Email address: info@meteordienst.com

Phone: +34 666 50 93 65

1. i) Right to lodge a complaint with supervisory authorities (Art. 77 GDPR): If you believe that the processing of personal data violates applicable law, you may lodge a complaint with a supervisory authority in the Member State where you reside, work, or habitually stay, or where a suspected violation of data protection regulations has occurred. The competent authority for our company is The State Data Protection Commissioner of Madrid, Calle Jorge Juan, 6, 28001 Madrid, Tel. +34 901 100 099, Fax: +34 91 266 35 17, Email: internacional@aepd.es, aepd.es.

Can I withdraw the consent I have given?

You may withdraw the consent you have given us at any time by contacting us directly or your contact person, e.g., by email or phone. If you withdraw your consent, your data will no longer be processed on the basis of that consent. The lawfulness of data processing carried out on the basis of your consent up until the time of revocation remains unaffected by the revocation. In individual cases, this may mean that we can no longer provide certain services to you.

Do we use automated individual decision-making or “profiling”?

We may be required by law—for example, to prevent money laundering, terrorist financing, and crimes that endanger assets—to use specific procedures for risk detection. To the extent that there is a legal obligation to provide information, we will inform you separately about automated individual decision-making. If we carry out automated individual decision-making, you have the right to request the intervention of a person from our company, to present your own point of view, and to challenge our decision. This right does not apply if your request has been granted in full. In some cases, automated processing of your personal data takes place with the aim of evaluating your personal circumstances more accurately. This enables us to take your goals and wishes into account more accurately and provide you with offers tailored to your needs.

Updates to the Privacy Policy

We reserve the right to amend this Privacy Policy in the event of changes in the legal landscape or changes to our services or data processing practices. However, this applies exclusively to statements regarding data processing. If user consent is required or if parts of the Privacy Policy contain provisions governing the contractual relationship with users, changes may only be made with the users’ consent.