Sichern Sie sich optimal strukturiertes Fremdkapital und minimieren Sie die Verwässerung Ihrer Anteile. Isarlend ist Ihr spezialisierter und unabhängiger Beratungspartner für komplexe Unternehmensfinanzierungen, Venture Debt Transaktionen und Growth Finance für Technologieunternehmen und Scale-ups.
Preamble
isarlend GmbH, operator of the liquidity platform fulfin ("fulfin", "we" or "us"), takes the protection of your personal data very seriously. This privacy policy informs you about our data protection practices within the framework of the General Data Protection Regulation (EU Regulation 2016/679; hereinafter "GDPR"). The GDPR obligates us to take additional measures to ensure the protection of your personal data ("data subject") when processing it. This includes, but is not limited to, the obligation to transparently inform you about the nature, scope, purpose, duration, and legal basis of the processing (Articles 13 and 14 GDPR). This privacy policy describes how fulfin processes your personal data.
Conceptual understanding
This privacy policy is based on the basic definitions of the General Data Protection Regulation (Article 4 GDPR). Here is an overview of some important terms:
Personal data: This refers to any information that can be used to identify an individual, directly or indirectly. This includes details such as a name, identification number, online identifiers, location data, and information related to an individual's physical, physiological, genetic, mental, economic, cultural, or social identity. Information linked to other data or additional knowledge may also be considered personal data. Photos, videos, and audio recordings may also contain personal data.
Processing: This includes any activity performed on personal data, whether automated or manual. Processing includes collecting, recording, organizing, storing, adapting, retrieving, consulting, using, disclosing, aligning, combining, restricting, erasing, or destroying personal data. This also includes changing the purpose of the data originally collected.
Processor: This refers to a person or organization that processes personal data on behalf of the controller and in accordance with the controller's instructions. IT service providers are a common example of a processor. Under data protection law, processors are not considered third parties.
Controller: This refers to the organization (or individual) that decides how and why personal data is processed. In our case, isarlend GmbH acts as the controller of your personal data.
Third party: This refers to any person or organization other than you (the data subject), the controller, the processor, and any other person authorized to process personal data under the direct authority of the controller or processor. This may also include other affiliated companies.
Consent: This means your voluntary, informed, and unambiguous consent to the processing of your personal data. You can give your consent through a statement or a clear affirmative action.
1. General information
The company isarlend GmbH is the data controller responsible for collecting and processing your personal data. Below you will find the controller's contact details.
Company: isarlend GmbH
Address: Machtlfinger Straße 9, 81378 Munich
Name of the data protection officer: Mr. Peer Simon
Email: datenschutz@isarlend.com
Telephone number: 089 215375920
2. Data collection
We take your privacy seriously and only collect the data we need to provide our services. What information do we collect and how do we use it? Personal data is only collected if you provide it to us yourself. Apart from that, no personal data is collected. Any further processing of your personal data will only be carried out with your express consent. Here is an overview of the information we collect and its origin:
2.1 Registration via website
Our website https://www.fulfin.com/ offers optional user registration to use our services online. The data you provide in this registration form will only be used for the specific service you have registered for. Basic information must be completed for successful registration. We will use your registered email address to notify you of important changes to our services or offers.
2.2 Website log files
When you visit our websites, your browser transmits certain data to our web server for technical reasons. During an ongoing connection for communication between your internet browser and our web server, the following data is transmitted:
For technical security reasons, particularly to prevent attacks on our web server, we store this data for a short time. It is not possible to determine the identity of individual persons based on this data. After 30 days at the latest, the data is anonymized by shortening the IP address at the domain level, so that a connection to the individual user can no longer be established. The anonymized data is also processed for statistical purposes. We do not compare this data with data in other databases and do not forward it, even in part, to third parties.
2.3 Loan application form
Data affected:
Contact details (last name, first name, email address, telephone number)
Company-related data (company address, commercial register number, financial accounting data)
Financial information via a secure PSD2 connection (bank account details, transactions)
Marketing information (optional)
Purpose of processing: Carrying out the review and approval process for loan applications
Legal basis: Contractual necessity (Art. 6 (1) (b) GDPR), if necessary, consent for optional additional information (Art. 6 (1) (a) GDPR)
Categories of recipients:
Public authorities in the case of overriding legislation
External service providers, including but not limited to data processing, identity verification and credit checks (Creditreform, fino, IDnow, SCHUFA)
Other external bodies, provided that the data subject has given his or her consent or if transmission is permissible due to an overriding interest
Transfers to third countries: None
Duration of data storage: The user account and all associated data can be deleted by sending a corresponding message to our email address (see legal notice).
2.4 Newsletter
When you sign up for our newsletter, you provide us with your email address and, optionally, additional information. We use this data exclusively to send the newsletter. We store the data you provide in your newsletter registration until you cancel your subscription. You can unsubscribe at any time using the link provided in the newsletter or by notifying us accordingly. By unsubscribing, you revoke the use of your email address.
We use your email address, which we receive in connection with the sale of a product or service, exclusively for direct advertising in the form of our newsletter for similar products or services, unless you have objected to the use of your email address. You can object to the use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates. You can communicate your objection (and thus unsubscribe from our newsletter) by sending a corresponding message to our email address (see Legal Notice).
2.5 Cookies and Cookiebot
Our website uses cookies to store the settings required to display the content of this website (cookies are data files sent from the web server to the user's browser and stored there for later retrieval). Our cookies do not store any personal data. You can generally prevent the use of cookies by instructing your browser to refuse cookies.
To obtain and manage the consent of our website visitors to data processing, we use the consent management tool "Cookiebot." It collects data generated by end users who use our website. When an end user provides consent via the Cookie Consent Tool, the following data is automatically logged in Cookiebot: the end user's anonymized IP address (the last three digits are set to 0), the date and time of consent, the end user's browser user agent, the URL from which the consent was sent, an anonymous, random, and encrypted key, and the end user's consent status, which serves as proof of consent.
The key and consent status are also stored in the end user's "CookieConsent" cookie. This allows the website to automatically read and honor the end user's consent for all subsequent page requests and future end user sessions for up to 12 months. The key is used to ensure proof of consent and provide an option to verify that the consent status stored in the end user's browser is unchanged from the original consent.
2.6 Applications via the careers page or LinkedIn
This section explains how we collect, use, and store your personal information when you apply for a job with us.
We collect the personal data you provide to us as part of your application. This may include:
Contact and communication data (e.g. name, email address, telephone number)
Application documents (e.g. CV, cover letter, references)
Notes taken during interviews
We use your data to assess your suitability for a position and make informed hiring decisions. The legal basis for this processing is:
Section 26 BDSG (Initiation of an employment relationship) under German law
Art. 6 (1) (b) GDPR (General contract negotiations)
We may also obtain your consent to use your data for other purposes, such as adding you to our applicant pool. You can revoke your consent at any time. Only fulfin employees involved in the recruitment process have access to your application data.
Application via the website
You can apply via the careers page on the fulfin website, which integrates the Personio HR system. Further information can be found in Personio's legal notice at https://www.personio.com/legal-notice/ and their privacy policy at https://www.personio.com/privacy-policy/ .
Application via LinkedIn
You also have the option of applying via LinkedIn. Clicking the "Apply via LinkedIn" button will establish a connection to LinkedIn's servers. The address of LinkedIn Corporation is 2029 Stierlin Court, Mountain View, California 94043, USA. We do not control the data collection and processing by LinkedIn and do not have complete information about the scope of data collection, the purposes of processing, or the retention periods. Further details can be found in LinkedIn's privacy policy at http://www.linkedin.com/legal/privacy-policy . If you confirm that LinkedIn should transmit your data to us, LinkedIn will provide us with the information you have stored on their platform. This data is then transferred to our HR system Personio.
What happens to your data after the application process?
If you are hired: We store your data in our HR system to manage your employment.
If you are not hired: We may retain your data for up to 6 months based on our legitimate interests (e.g., legal disputes) in accordance with Art. 6 (1) (f) GDPR. After that, your data will be deleted.
We offer interested candidates an applicant pool. Joining is entirely voluntary and separate from your current application. We will only add you to the pool with your express consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time, and your data will be deleted unless legally required. Data in the applicant pool is deleted after two years.
2.7 Social media pages
We do not integrate social media plugins on our website. The icons for social media platforms such as Facebook, LinkedIn, YouTube, or X (formerly Twitter) that you see on our website are merely hyperlinks that take you to our company and employee profile pages on the respective social media platforms. This means that we do not transmit or collect any of your personal data to these social media platforms via our website.
2.8 YouTube
We use the YouTube video embedding feature provided by Google Ireland Limited ("Google") on our website based on consent. This feature typically displays videos stored on YouTube in an iFrame on the website. The "Enhanced Privacy Mode" option is enabled. This means that YouTube does not store any information about website visitors. Only when you decide to watch a video is information about it transmitted to YouTube and stored there. Your data may be transferred to the USA. You have the option to revoke your consent at any time.
2.9 Communication by email, telephone or fax
If you contact us by email, phone, or fax, we will store your inquiry and the associated personal data (name, phone number, inquiry details) and use them for the intended purposes to effectively process your inquiry. We will not share this information for any other purpose without your permission.
3. Analysis tools
3.1 etracker
To tailor our website to meet your needs, we use the etracker tool. This is a web analytics service. To record and analyze the use of our website, usage information is transmitted to our server and stored for analysis purposes. Your IP address is processed only in abbreviated form for this purpose and thus anonymized. If you wish to prevent processing for analysis purposes, you can withdraw your consent at any time with a click. In this case, an opt-out cookie without usage data is stored in your browser, meaning etracker no longer collects session data. Please note: If you delete your cookies, the opt-out cookie will also be deleted and you may need to reactivate it. Please let us know if you do not want your visit to be recorded: marketing@isarlend.com.
3.2 Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited ("Google") based on the consent of website visitors. Google Analytics uses so-called "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually also transferred to a Google server in the USA and stored there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. We would like to point out that this website only uses Google Analytics with prior consent and in abbreviated form of the IP addresses to exclude direct personal reference. The latest version of Google Analytics does not store individual IP addresses. It can use these for rough location data (country), but discards them immediately, especially for users in the EU. All data collection and processing for users in the EU takes place on servers within the EU. While IP addresses are used for approximate location data, Google Analytics 4 provides controls to opt out of the collection of more precise location data.
3.3 Google Ads Conversion Tracking
This website uses Google Ads Conversion Tracking, a web analytics service provided by Google Ireland Limited ("Google") based on the consent of website visitors. Google Ads Conversion Tracking uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the data on Google's behalf.
3.4 Google Tag Manager
We use Google Tag Manager from Google LLC ("Google") on our website, which can be used to integrate and manage various tools and applications on the website. Google Tag Manager collects and transmits data only to the associated tools without accessing the data itself. Therefore, if you have consented to the use of a specific tool associated with Google Tag Manager, that tool will be used, and data may be transferred to Google's servers, including those in the USA as a third country. If you have not consented to the use of a tool, Google Tag Manager will not be used.
4. Data processing
To ensure a responsible lending process, we conduct several essential checks to comply with legal requirements. This includes processing your data for credit checks, identity verification, and to prevent fraud or money laundering. Pursuant to Art. 6 (1) (s) 1 GDPR, fulfin only processes your personal data if there is a lawful basis for doing so. Here is an overview of the legal grounds we rely on:
Consent: You have clearly consented to the processing of your data for a specific purpose (e.g., reviewing credit applications).
Contractual necessity: Your data is required to fulfill our obligations under a contract with you (e.g. processing submitted credit applications).
Legal obligation: We are legally obliged to process your data (e.g. tax regulations).
Vital interests: Processing is necessary to protect your well-being or that of another person (e.g. fraud prevention).
Legitimate interests: We have a legitimate business reason to process your data, which is balanced against your data protection rights (e.g. improving our services and product offerings).
We will always state the relevant legal basis for processing your data in each specific situation.
5. Data retention and storage
We delete your personal data when it is no longer needed. We take data retention seriously and only keep your information for as long as necessary. Here's how it works:
Purpose-bound: We delete your data when we no longer need it for its original purpose. This may be after processing your loan application, fulfilling your contract, or responding to your inquiry.
Objection: We will delete your data if you object to its use. You have the right to object to the use of your data, and if you do so, we will delete it unless there is a legal reason to retain it (see below).
Exceptions: There are situations in which we may need to retain your data even after the original purpose has expired. These include:
Legal requirements: German laws such as the Commercial Code, the Tax Code, the Banking Act, and the Money Laundering Act require us to retain certain data for specific periods (usually 2-10 years).
Evidence retention: We may need to retain your data for legal purposes. Depending on the case, this may be for 3 years (standard) or up to 10 years (in special circumstances).
We strive to be transparent about how we handle your data. Further details on retention periods and your rights can be found in this privacy policy.
6. Data security
We take the security of your data seriously and implement appropriate technical and organizational measures to protect it. At fulfin, the protection of your personal data is our top priority. We understand the sensitivity of the information you entrust to us and have established comprehensive protocols to ensure its security.
Personal data is used to assess creditworthiness, ensure IT security, improve services, and handle legal matters. This includes exchanging information with credit reference agencies (e.g., SCHUFA) to assess credit risk and default, ensure the security of our IT infrastructure against threats, improve our service offerings, and address legal challenges. Each of these processes is designed to balance business efficiency with strict data protection standards.
To protect the transmission of confidential content, such as loan applications or financial data, fulfin uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption on its website. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and a lock symbol appears. This encryption ensures that data transmitted between you and us is secure and cannot be read by unauthorized third parties.
fulfin also complies with GDPR regulations by conducting document exchanges via fully secured platforms to prevent fraud and unauthorized access. GDPR compliance not only fulfills legal requirements but also underscores our commitment to protecting your privacy and data rights. Our platform avoids the use of insecure communication channels, such as email, for sensitive documents, significantly reducing the risk of data breaches.
These measures protect against accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties. We consider the state of the art, implementation costs, and the nature, scope, and purpose of data processing when implementing these security measures. This thorough assessment ensures that our security practices are both effective and efficient, and tailored to the specific needs of our business processes.
Hosting on accredited AWS services and conducting external penetration tests further ensure security. By leveraging the reliability and security of AWS, fulfin benefits from a robust infrastructure that is regularly audited and certified. External penetration tests conducted by independent security experts identify potential vulnerabilities before they can be exploited, allowing us to proactively improve our defenses.
fulfin employs robust technical controls, including encryption and multi-factor authentication, and maintains a comprehensive security program that encompasses organizational policies, training, and incident response procedures. Our encryption protocols protect data at rest and in transit, while multi-factor authentication adds an additional layer of security for access to sensitive systems. We have detailed data protection policies, conduct regular training to inform our staff about security best practices, and have established procedures for responding quickly to security incidents.
7. Data transfer
We take measures to protect your data, even when it is transferred to third parties or to countries outside the European Union (EU) and the European Economic Area (EEA), in accordance with Art. 6 (1) GDPR. These measures include standard contractual clauses approved by the European Commission and, in some cases, transfer impact assessments. In addition, we may obtain your explicit consent for data transfers to certain third countries. This policy does not apply to data transfers to countries classified as secure by the European Commission.
fulfin will only share your personal data with third parties under strict conditions:
With your consent: You have expressly agreed to the transfer of data for a specific purpose.
For our legitimate interests: The sharing is necessary for our legitimate business purposes and does not override your data protection rights.
Legal obligations: We are legally obliged to disclose your data.
Contractual fulfillment: The transfer is necessary to fulfill our contractual obligations with you.
8. Information on other data processing procedures
Here are our partner companies that help us deliver the services you use and need to process your data for this purpose. We share as little information as possible and, wherever possible, encrypt and/or make it impossible for the recipient to identify you (e.g., by using a user ID instead of your name).
Our fronting-issuing bank partners in Europe
Certified and trusted PSD2 connection providers such as Tink AB and fino run GmbH
KYC and AML service providers who support us with identity verification or fraud screening, such as IDnow GmbH
Cloud computing and storage providers such as Amazon Web Services Inc. (AWS)
Our business information and marketing analytics platform provider like Supermetrics Group
Software companies we use to send emails, such as Brevo (Sendinblue GmbH) and Google Mail
Service providers who help us with customer service and operational support
Software for managing sales processes, contract management and other credit operations such as Pipedrive OÜ
Companies that offer benefits or rewards through special programs that you sign up for through our newsletters, e.g. Hood Media GmbH, IBAN FIRST SA and others
People who should represent you, e.g. lawyers
Authorities that detect and combat financial crime, money laundering, terrorism and tax evasion, if required by law or if necessary for other reasons
The police, courts or dispute resolution bodies if we are obliged to do so
Other banks to track money if you have been a victim of fraud or other crimes, or if there is a dispute over a payment
Other third parties, as far as this is necessary to fulfill our legal obligations
9. Knowledge of your data protection rights
We take your data protection rights seriously. You have certain rights regarding the personal information we store. Here's an overview of those rights:
Right to confirmation: You can confirm whether we may process your personal data.
Right to information (Article 15 GDPR): You can request a free copy of the personal information we hold about you, along with details of how we use it.
Right to rectification (Article 16 GDPR): Have inaccurate or incomplete personal data corrected.
Right to erasure (Article 17 GDPR) (“right to be forgotten”): You can request the erasure of your personal data under certain circumstances.
Right to restriction of processing (Art. 18 GDPR): Restrict the processing of your data in certain situations.
Right to data portability (Art. 20 GDPR): You can request your personal data in a portable format so that you can transfer it to another service provider.
Right to object (Article 21 GDPR): Object to the processing of your data for certain reasons, including profiling based on your situation.
Right to withdraw consent: Withdraw your consent to the processing of your data at any time.
Right to complain: File a complaint with a data protection authority if you believe we have not handled your data correctly.
10. Further information and contacts
In addition, you can exercise your rights to rectification or erasure, restriction of processing, objection to processing, and data portability at any time. Here you can contact our data protection officer, Mr. Samarth Mehrotra (Chief Data Officer), by email at datenschutz@isarlend.com or by post at isarlend GmbH, Machtlfinger Straße 9, 81379 Munich, Germany. You also have the right to lodge a complaint with the data protection supervisory authority.
To keep our Privacy Policy current and reflect any necessary changes, we may update it from time to time. We will clearly mark the date of the update on this page. We recommend checking this page regularly to stay informed.
Isarlend
Isarlend ist Ihr unabhängiger Debt Advisor für komplexe Unternehmensfinanzierungen. Wir übersetzen visionäres Wachstum in institutionell belastbare Kapitalstrukturen – für maximalen strategischen Spielraum bei minimaler Verwässerung.