BACK

Privacy Policy

(Last updated: 05/06/25)

Done!Financials GmbH (hereinafter "Done!Financials") is pleased that you are visiting our website https://www.donefinancials.com (hereinafter "Website"). Our principle is to collect only what we need and to process this information solely to provide you with the service you expect.

1. Data Controller

The data controller for the processing of personal data on our website within the meaning of the General Data Protection Regulation (hereinafter: "GDPR") is:

Done!Financials GmbH

Kienberger Allee 4,

12529 Schönefeld

Email: hello@donefinancials.com

2. Data Protection Officer

Our appointed Data Protection Officer is:

Kertos GmbH

Briennerstraße 41

80333 Munich

Germany

Email: dsb@kertos.io

3. What are personal data?

Personal data are all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address or IP address. Information for which we cannot (or only with disproportionate effort) establish a reference to your person, e.g., through anonymization of the information, is not personal data. The processing of personal data (e.g., collecting, querying, using, storing or transmitting) always requires a legal basis such as your consent.

4. Data processing on our website

Provision and use of the website

a. Scope and purpose of data processing

We collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services or information.

When you access and use our website, we collect personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.

The following information is collected without your intervention and stored until automatic deletion:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process the aforementioned data for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring the comfortable use of our website
  • For IT security purposes
b. Legal basis

Art. 6 para. 1 lit. f GDPR serves as the legal basis. The processing of the aforementioned data is necessary for the provision of a website and to enable secure and comfortable use and thus serves to protect a legitimate interest of our company.

c. Storage duration and data deletion

As soon as the aforementioned data is no longer required for the display of the website, it is deleted (at the latest after 30 days). The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. The user therefore has no possibility to object. Further storage takes place in individual cases if this is legally required.

d. Third parties

Webflow

We use the service Webflow on our website, which is provided by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. Webflow is a website builder and hosting platform. The following data is transmitted to Webflow when using our website:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL (the previously visited page)
  • Date and time of the server request
  • Device type and settings

The purpose of Webflow is to host, operate, and ensure the functionality of our website. The service helps us offer a user-friendly and responsive website. The information is stored and processed on Webflow servers in the USA.

There is no adequacy decision by the EU Commission for data transfers to the USA. However, Webflow has committed to the EU-US Data Privacy Framework, which ensures an adequate level of protection for personal data. The data transfer is based on standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR.

The processing of data is based on Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the efficient and secure provision of our website.

The data is stored for the period necessary to fulfill the purpose of the processing or as long as legal retention periods exist.

You have the right to access, rectify, erase, and restrict the processing of personal data. You can also object to the processing and assert your right to data portability.

For more information on Webflow's privacy policy, please visit: https://webflow.com/legal/privacy

Amazon Cloud Front

We use the service Amazon CloudFront on our website, which is provided by Amazon Web Services, Inc. (AWS). The following data is transmitted to AWS when using our website:

  • IP address
  • Date and time of the request
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Website from which the request comes (referrer)
  • Browser and operating system
  • Language and version of the browser software

The purpose of Amazon CloudFront is to accelerate and optimize the delivery of content on our website. The service acts as a Content Delivery Network (CDN) and helps to reduce the loading times of our website and ensure availability in case of high data traffic. The information is generally forwarded to AWS servers worldwide and temporarily stored there.

For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-US Data Privacy Framework. AWS is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR. The data is stored for a limited period after the transfer, which is necessary for the purposes of the CDN.

Due to the improvement of website performance and ensuring the provision of the website, we have a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information on AWS and Amazon CloudFront's privacy policy, please visit: https://aws.amazon.com/de/privacy/

Google - Fonts

To display the contents of our website, we use "Google Fonts," which is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google").

To integrate Google Fonts, the fonts are loaded from a Google server. This usually involves the transmission of the following data:

  • IP address
  • Referrer URL
  • Operating system
  • Browser type
  • Screen resolution
  • Browser language setting

Your data is generally transferred to a Google server in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis of Article 45 GDPR. We point out that Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.

For more information on Google's privacy policy, please visit: https://policies.google.com/privacy.

5. International Data Transfer

We primarily process your data within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers may be located outside the EEA in so-called "third countries." The General Data Protection Regulation imposes strict requirements on the transfer of personal data to third countries. All our data recipients must meet these requirements. Before we transfer your data to a service provider in a third country, each service provider is first checked for their level of data protection. A service provider is only selected if they can demonstrate an adequate level of data protection outside the EEA. Regardless of whether our service providers are located within the EEA or in third countries, each service provider must enter into a data processing agreement with us. Additional requirements must be met for service providers outside the EEA. According to Art. 44 et seq. GDPR, personal data can be transferred to service providers that meet at least one of the following conditions:

•The European Commission has determined that the third country guarantees an adequate level of protection (e.g., USA and UK).

•Standard contractual clauses have been included in our contract with the data recipient (including any additional measures, if necessary).

•Further appropriate safeguards pursuant to Art. 46 GDPR are provided (e.g., Binding Corporate Rules).

•In specific exceptional cases under Art. 49 GDPR

6. Cookies

a. Scope and Purpose of Data Processing

We use cookies on our website. Cookies are data sets that are stored on your computer when you visit our website and allow your browser to be reassigned. Cookies store information such as your language settings for the duration of your visit to our website or the inputs you make there.

There are different types of cookies. Session cookies are temporary cookies stored in the user's internet browser until the browser window is closed and the session cookies are deleted. Permanent or persistent cookies are used for repeated visits and are stored in the user's browser for a predefined period. First-party cookies are set by the website visited by the user. Only this website is authorized to read the information from the cookies. Third-party cookies are set by organizations that do not operate the website visited by the user.

Cookies can also be differentiated between technically necessary, functional, and advertising cookies. The former are necessary to ensure basic functions of the website (e.g., storing the language setting). Functional cookies collect information about the user's behavior and whether they receive error messages. Advertising cookies, on the other hand, are used to offer tailored advertising to the user.

b. Legal Basis

The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR due to the described usage purposes, as we have an interest in the user-friendly presentation of our website. If you have given us your consent to use functional and advertising cookies via a notice provided by us on the website ("cookie banner"), the legality of the use is also determined by Art. 6 para. 1 sentence 1 lit. a GDPR.

c. Storage Duration and Data Deletion

Once the data transmitted to us via cookies is no longer required to fulfill the purposes described above, this information will be deleted. Further storage only takes place in individual cases if required by law.

d. Configuration of Browser Settings

Most browsers are set to accept cookies by default. However, you can configure your browser to accept only certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if you disable cookies via your browser settings on our website. You can also delete cookies already stored in your browser or have the storage duration displayed via your browser settings. It is also possible to set your browser to notify you before cookies are stored. Since the functions of different browsers may differ, we ask you to use the respective help menu of your browser for the configuration options.

e. Consent Management

To manage consents for the use of cookies, we use the service Cookiebot by Usercentrics. Cookiebot helps us to store and enforce your preferences regarding the use of cookies on our portal. Your consent data is transmitted to Usercentrics A/S, the operator of Cookiebot. The service provider is based in the EU and complies with the GDPR requirements. For more information on data protection at Cookiebot, visit:https://www.cookiebot.com/de/privacy-policy/.

Data processing is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR, justified by our interest in meeting the legal requirements for consent management.

f. Cookieliste

7. Application via E-Mail

You can send us your application via e-mail. We will collect your e-mail address and the data you provide in the e-mail such as:

  • First name, last name  
  • E-mail address  
  • Date of birth  
  • Address  
  • Residence  
  • Phone number  
  • Photo  

The processing of personal data from your application email is exclusively for the purpose of handling your application.  

The legal basis for processing your data is the initiation of a contract, which is carried out at the request of the person concerned, Art. 6 Para. 1 lit. b GDPR in conjunction with § 26 Para. 1 BDSG. Your personal data will generally be stored with us until your application process is completed. If we cannot consider your application, we will retain your application data for six months after receiving our notification about it. If a legal dispute arises during the application process, we will retain your personal data until the complete conclusion of the legal dispute. If we enter into an employment relationship with you, we will retain your personal application data in your personnel file until the end of this employment relationship.  

You have the opportunity to object to the processing of your personal data at any time. In such a case, the application can no longer be considered. All personal data stored in the course of the electronic application will be deleted in this case.  

8. Data security and safety measures

We commit to treating your personal data confidentially. To prevent manipulation, loss, or misuse of your data stored with us, we take extensive technical and organizational security precautions, which are regularly reviewed and adjusted to technological progress.

However, we point out that due to the structure of the Internet, the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. Especially unencrypted data - e.g. during transmission via e-mail - can be viewed by third parties. We have no technical influence on this. It is your responsibility as a user to protect the data you provide against misuse through encryption or other means.

9. Data storage

The personal data of the affected person will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage can also occur if this is provided for by the European or national legislator in EU regulations, laws, or other regulations to which the controller is subject. Blocking or deletion of the data also occurs if a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is required to conclude or fulfill a contract.

10. Rights of the affected person

Regarding your personal data, you have the following legal rights against us:

Right of access

You have the right to request confirmation of whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and further information, e.g. about the purposes of processing, the recipients, and the planned storage duration or the criteria for determining the duration.

Right to rectification

You have the right to request the correction of inaccurate data without undue delay. Considering the purposes of processing, you have the right to request the completion of incomplete data.

Right to erasure ("right to be forgotten")

You have the right to request deletion when processing is not necessary. This is the case, for example, when your data is no longer needed for the original purposes, when you have withdrawn your data protection consent, or when the data has been unlawfully processed.

Right to restrict processing

You have the right to restrict processing, e.g. if you believe the personal data is inaccurate.

Right to data portability

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.

Right to object

You have the right to object at any time to the processing of certain personal data concerning you for reasons arising from your particular situation. In the case of direct marketing, you as the affected person have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

Right to withdraw your consent under data protection law

You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the legality of the processing carried out up to the point of withdrawal.

Notwithstanding these rights, you have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates data protection regulations.

11. Change history