Thank you for your interest in our company, our website and our Application.
The provider responsible for data processing is:
Fairo GmbH, with its seat in Vienna and business address Am Stadtpark 9, A-1030 Vienna, Austria, registered with the commercial register at the commercial court of Vienna under FN 552682v (the “Company” or the “we”).
We process the following categories of personal data for the purposes mentioned below: Personal details that you provide (e.g., name, address, date and place of birth, nationality, e-mail, etc.), identity and travel document data (e.g. specimen signature, ID card data), payment data (e.g., payment data in regards to the created invoices), electronic log and identification data (Application identification confirmation, IP address, cookies, etc.), invoice data (e.g., Tax and social security data (Tax and VAT ID, personal identification number - CNP) Participation, memberships in corporate bodies, powers of representation (e.g. detailed information on the respective role, type of power of representation, voting rights, size of participation, and authorization), as long as these refer to a natural person and other data comparable to the above categories, provided by you through the information or documents provided or created in the Application.
When you choose to connect your Application account with your bank account(s) by accessing the payment services offered by our provider from the Application (“PSD2 Services”), the following data will be processed:
Personal details (Name, internal identification numbers (e.g. customer number, contract partner number))
Financial identification data (e.g. IBAN/BIC, data of credit-, debit- or prepaid-cards (type, holder, issuing organization, validity period, limit))
Payments and clearing data (Details of payer, recipient/beneficiary, transaction amount, transaction currency, IBAN/BIC of payer and recipient account, clearing data, other SWIFT-related data),
We process personal data that we receive from you when you create a user account in the Application, as well as a result of your actions when using the Application, during our business relationship. In addition, we process data that we have permissibly received from our business analysis services provider from publicly accessible sources (e.g., register of companies, register of associations, or media), when creating your user account, or from our customer care services providers and customers. Also, when you connect your Application account with your bank account(s) over the PSD2 Services, we will process the data received from the PSD2 Services provider for the purpose of providing our services through the Application. The processed data categories are the personal details, financial identification data and payments and clearing data described above.
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation as well as any other applicable local law. The GDPR lists various legal bases for permitted data processing. In the following section, we explain on which legal basis of the GDPR and for which purpose we process your data.
"Fulfillment of contractual obligations" is the legal basis for processing activities performed in the context of the conclusion, respectively the execution of the contract between you and the Company, as well as for the performance of pre-contractual measures, in order to allow you to use the Application and for the provision of the services within the scope of the business relationship through the Application. This is applied for the following purposes:
"Compliance with legal obligations" is the legal basis for processing that is necessary to comply with various legal obligations, such as those arising from Austrian legislation such as the Fiscal Code(Bundesbabgabenordnung, BAO), Commercial Code (Unternehmensgesetzbuch, UGB), Industrial Code (Gewerbeordnung, GewO) , etc., or Romanian legislation such as the Fiscal Code and its implementing norms, the Law on the prevention and combating of money laundering and financing of terrorism, etc., as well as on the basis of certain supervisory requirements to which the Company is subject as an Austrian company.
Examples of processing purposes based on a legal obligation:
The purpose is thus the fulfillment of legal obligations.
"Consent" is the legal basis for data processing that applies when you have given us your consent to process your personal data for specific purposes.
Processing will only be carried out in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given can be revoked at any time with effect for the future.
Such processing based on consent is made for the following purposes:
Specific details about the purpose can be found in the text of the consent.
“Legitimate interest” is the legal basis for processing that takes place in the context of a balancing of interests. We will only process your data if your interests or fundamental rights and freedoms do not override our interests.
Examples of processing purposes based on legitimate interests:
The purposes are determined by the business relationship and the provision of services, also in the context of the (pre-contractual) business relationship.
The evaluation of the data for this purpose only takes place as long as you have not objected to it.
Within the Company, your data is received by those departments or employees that need it to fulfill contractual, legal and/or supervisory obligations, as well as legitimate interests or based on your consent. In addition, contractually bound processors (in particular IT and back-office service providers, the group company handling GDPR rights requests for us, located in the European Union and Economic European Area, as well as the customer care services providers located in the European Union) will receive your data.
The companies with which we cooperate for providing you the services in the Application (e.g. PDS2 Services providers), located in the European Union or the United Kingdom, will also receive your data. We share your Tax ID with the business analysis services provider, located in the European Union, which performs customer due diligence for us. These recipients receive your data insofar as they require the data to fulfill their respective service.
All processors are contractually obligated to treat your data confidentially and to process it only in the context of providing the service.
The PSD2 Services and the business analysis services providers, as separate and independent data controllers with respect to any personal data processed (received from us, directly from you or from other sources) will be solely responsible for compliance with the applicable legislation.
In the event of a legal or regulatory obligation, public bodies and institutions, as well as our statement auditors or legal consultants from Austria or Romania may be recipients of your personal data.
Your personal data may also be transferred to third parties acquisitors, insofar the business of the Company would be (totally or partially) transferred and the data subjects’ data would be part of the assets representing the object of the transaction.
Transfer of personal data to third countries only takes place in accordance with the bases of the transfer of the GDPR. We oblige such recipients to comply with European data protection and security standards (e.g. by implementing EU Standard Contractual Clauses).
You are welcome to ask us for specific information.
We store your personal data during the customer business relationship (i.e., for as long as you have a user account in the Application) and for a further 7 years after the end of the entire business relationship in accordance with our retention obligations under applicable laws. After that, the personal data from the customer business relationship will be deleted in accordance with the General Data Protection Regulation unless there is a further legal basis for retention.
We do not use fully automated decision-making pursuant to Article 22 of the GDPR for the establishment and performance of the business relationship, for the processing of personal data referred to herein. Should we use these procedures in the future, we will inform you about this separately, as required under the law.
Within the context of the processing of your personal data, you have the following rights:
We will be happy to help you with any questions, suggestions or complaints you may have about data protection. The above rights may be exercised at any time. For exercising these rights, we encourage you to send a notice in writing, dated and signed or in electronic format, to the address indicated in the beginning of this policy.
If you feel that your right to data protection has been violated, you can also lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at.
Version last updated on 24.11.2021