Data protection provisions and consent under data protection law
Billie GmbH (hereinafter referred to as Billie or we) offers companies the opportunity to pre-finance trade receivables from deliveries and services to other companies (hereinafter referred to as Factoring Service) on its online platform at "www.billie.io" (hereinafter referred to as platform).
In order for you and the company you represent to be able to use our Factoring Service, we must collect, process and store personal data.
The transparent and protected handling of your data is our top priority. These data protection provisions therefore explain in detail which personal data we collect, process and store.
Section 1 states our data protection principles and general information. Sections 2-5 explain the details of the collection, processing and storage of your data on our platform. Section 6 contains your rights to revocation, information and deletion of your personal data as well as a corresponding contact address. Section 7 regulates the modalities for changing these data protection provisions.
These data protection provisions contain so-called data protection consents that you provide as a managing director, board member, authorized signatory (Prokurist) or authorized representative of a company (hereinafter referred to as Company Representative), as a sole trader or as a freelancer (Freiberufler). These two consents are marked separately in sections 2.4 and 2.6. Sole traders and freelancers provide both consents when registering on our platform, whereas Company Representatives only provide the first consent under section 2.4.
Data protection principles and general information
1.1 Data protection principles
As part of using our Factoring Service, you provide us with data about you and your company. This is necessary so that we can offer you the best possible conditions and exclude cases of fraud. We are aware that the data we collect from you and your company is strictly confidential. For this reason, the protection and security of your data is a top priority for us.
To ensure a high level of protection and security, our employees adhere to the following data protection principles at all times:
We do not sell personal data to third parties.
We are transparent about how we use collected data.
We do not store personal data that we do not need.
We delete personal data immediately upon request (unless we are required by law to retain it).
We use appropriate technical and organizational security measures to ensure data security, in particular to protect your personal data against risks during data transmissions and against unauthorized third parties gaining knowledge thereof. To this end, we use secure encryption methods and regularly review the technical and organizational security measures we have taken in order to improve them on an ongoing basis.
We store personal data only on servers located within the European Economic Area (EEA). In some cases, however, it may be necessary for us to transfer data to servers located outside the EEA. This will only be done if such a transfer is permitted under European law and it is ensured that your personal data is adequately protected.
1.2 Responsible party
The responsible party for the data processing described here is Billie GmbH, with a registered office at Charlottenstraße 4, 10969 Berlin.
The contact point for rights and obligations as well as information about data processing is Billie GmbH, Charlottenstraße 4, 10969 Berlin, email: firstname.lastname@example.org.
1.3 Right of information and complaint
You have a right to information about the data stored about you in accordance with Sec.15 GDPR, to deletion in accordance with Sec. 17 GDPR and to correction of data in accordance with Sec.16 GDPR. Submit your legal request in writing or by e-mail using the contact details provided here.
In addition, you have a general right of complaint. The competent supervisory authority for complaints regarding data processing is the Berlin State Data Protection Commissioner.
1.4 Right of revocation for consents
If the data processing is based on consent, this consent can be revoked at any time with effect for the future. Submit your revocation in writing or by email using the contact details provided here.
After revocation of the data protection consent, we will stop any further processing and use of your personal data and delete or block them, unless we are obliged to further processing, in particular further storage, due to legal provisions.
2. Data collection, data processing and data storage
2.1 Use of the platform (without registration)
Each time you visit our platform, your internet browser regularly and automatically sends non-personal data (including the date and time of the request, the access status, the amount of data transferred), which we store in a log file. This data is processed and stored exclusively for technical reasons to ensure trouble-free operation of the website and to improve our offer. These evaluations do not allow us to draw any inference to you or your company.
2.2 Contacting Billie via callback function
If you want to learn more about our products, you can arrange for us to give you a call on our website. In doing so, you provide us with your contact information (name, email address, phone number) as well as data about your availability. In order to offer this functionality, we use the services of Calendly, LLC, 271 17th St NW, Atlanta, GA 30363, USA (hereinafter Calendly). The data you provide will be transmitted to Calendly for the purpose of arranging an appointment and processed there.
By using this function, you provide your consent to the processing of your data to the aforementioned extent (Sec. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time with effect for the future.
If you do not consent to being contacted by Billie using the services of Calendly, you can alternatively contact us by email at email@example.com and arrange for us to give you a call by stating your contact details.
2.3 Registering and creating a Billie account
When you register your business on our platform and create a Billie account for your business, we collect, among other things, the following personal data: Identity details (gender, name, maiden name, date of birth, place of birth, country of birth), identity document details (ID card, passport, registration certificate) if applicable, address and contact details (business address, residential address, telephone numbers, email address), bank details (account holder, account number, bank code, BIC, IBAN).
A username and password are created for the Billie account. The Billie account enables process handling and access to data and documents. Your personal data as well as usage times (login) are stored for this purpose. This data is necessary for use (Art. 6 para. 1 sentence 1 lit. b) GDPR) and is stored for 10 years.
2.4 Queries on creditworthiness
We are free to transfer the collected data to providers of rating and information services (hereinafter referred to as third-party providers) in order to obtain further information about your company, such as the authorized representatives, beneficial owners and affiliates, as well as data on payment history and credit default risk. Our main providers of rating and credit reporting services are listed below:
Creditreform Berlin Wolfram KG, Karl-Heinrich-Ulrichs-Strasse 1, 10787 Berlin
Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden (hereinafter SCHUFA)
Euler Hermes Germany, Friedensallee 254, 22763 Hamburg.
The following information on creditworthiness may be obtained: Information on the probability of default using information on the person's previous payment history based on mathematical-statistical methods using address data, as well as negative characteristics such as ongoing collection or insolvency proceedings, the submission of an affidavit, an above-average risk of default on receivables or similar.
Data protection consent: If you use Billie's services as a business representative, sole trader or freelancer, you consent to Billie transmitting personal data to one or more third-party providers, to the third-party providers in turn transmitting to Billie personal data about you as well as information about your past payment history and to assess your personal insolvency risk, and to Billie processing and storing this data for the purpose of rating your business.
The processing is based on Sec. 6 (1) sentence 1 lit. f) GDPR due to the legitimate interest in securing an advance payment or granting of credit. We store the information we receive for a period of 10 years.
You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Sec. 6 (1) lit. f) of the GDPR (data processing on the basis of a balancing of interests). You can file your objection in writing or by email using the contact details provided here.
If you file an objection, we will cancel any further processing and use of your personal data and delete or block it, unless we are obliged by law to continue processing, in particular to storing it.
2.5 Establishment of identity
In order to comply with our anti-money-laundering obligations, we may need to verify your identity.
The identity verification will be carried out by our contractual partner, Deutsche Post Ident GmbH. To carry out the identity verification procedure, you will be redirected to the POSTID portal of Deutsche Post Ident GmbH and must register there with your original data. By agreeing to the terms and conditions and data protection information of Deutsche Post Ident GmbH, you consent to the collection and storage of your personal data for processing on our platform and for subsequent identifications. Detailed information on this can be found at: https://www.deutschepost.de/de/p/postid/faq.html. After successful identification, Billie electronically receives all verified data, which must be recorded and stored as proof of proper identification in accordance with Sec. 8 of the German Money Laundering Act (GWG).
The identity and the reliability under anti-money laundering law can alternatively be verified by Deutsche Post AG by means of the PostIdent procedure. In this process, the above-mentioned identity information is collected and verified by a Deutsche Post employee at a post office branch. Once the identity has been successfully established, Billie receives all verified data from Deutsche Post AG, which must be recorded and retained as proof of proper identification in accordance with Sec. 8 of the German Money Laundering Act (GWG).
If you are acting as a Company Representative, your identity can also be verified by providing us with a copy or numbers of your ID card or passport.
Also for reasons of money laundering prevention, an additional check is carried out to determine whether you or other persons associated with the company are a so-called politically exposed person and whether extended identification obligations exist in this context or whether you are listed on a sanctions list.
For the purpose of this check, we receive information about the beneficial owners and authorized representatives of your company from third-party providers. The verification takes place when the business relationship is established and on a regular basis thereafter.
The processing is carried out in accordance with the German Money Laundering Act as amended. The data is stored until 5 years after the end of the fiscal year in which the business relationship ends.
2.6 Electronic bank statement
In order to use our Factoring Services, it is required for you to provide us with data on your company's payment history in the form of an electronic account statement. Through the electronic bank statement, your payment history, i.e. the data of incoming and outgoing payments on your bank account, is made available to us on a daily basis. We process and store this data for the purpose of carrying out the rating and to ensure that the factoring contracts are processed properly. We would like to point out that in individual cases the payment history may contain sensitive information (e.g. transfers to political parties or associations), especially if you do not use your business account exclusively for business purposes. We will not take such sensitive data into account and, in particular, will not use it for rating purposes.
Electronic account statements are transmitted by our two service partners, figo GmbH and eurodata AG. In order to enable the transmission by figo GmbH, you have to enter the access data to your online bank account on our website. We do not store this data at any time, but forward it exclusively to figo GmbH. The exchange of data between Billie and figo GmbH is controlled by means of keys: Billie uses a public key with which the transmitted data cannot be decrypted. For decryption, a corresponding private key is required, which is only available to figo GmbH (asymmetric encryption system). This encryption ensures (i) that Billie cannot view the access data to the customers' online bank account at any time, (ii) that no decryption of the access data is possible in the event of (unauthorized) access to Billie's database, and (iii) that even in the event of data theft from the Billie system, the access data to the customers' bank accounts cannot be used by an external attacker.
Privacy Consent: In the event that you use Factoring Services from Billie as a sole trader or freelancer, you consent to your payment history, i.e. data on incoming and outgoing payments, being transmitted to Billie by your bank via the aforementioned service partners. Billie may collect, process and store this data for risk assessment and scoring purposes and for the execution of factoring contracts.
The aforementioned consents apply to the initial query of payment history and to all future update processes for the duration of the contractual relationship existing between Billie and you.
The collection of this data is necessary for the provision of services (Sec. 6 para. 1 sentence 1 lit. b) GDPR) and is also carried out in the legitimate interest of Billie (Sec. 6 para. 1 sentence 1 lit. f) GDPR), which is to secure advance performance or the granting of credit. The data will be stored for 10 years.
You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests). You can file an objection in writing or by email using the contact details provided here.
If you file an objection, we will end any further processing and use of your personal data and delete or block it, unless we are obliged by law to continue processing, in particular to storing it.
For the rating, we process and store both the data that we have received directly from you and the data that has been transmitted to us by third-party providers.
In order to be able to pre-finance the invoices and offer you the best possible conditions, we create a rating for you, your company and your debtor. To do this, we use the data we have collected, including the data we have received from third-party providers or public sources. Using mathematical-statistical methods, we determine the probability of default of the company, sole trader or freelancer.
The resulting score, on the basis of which we calculate our factoring fee, is stored by us for 10 years. The use of data is based on Sec. 6 (1) sentence 1 lit. b) and f) GDPR, since Billie has an overriding legitimate interest in obtaining certainty about the probability of default. The data collected as part of the registration process and the creditworthiness information are pseudonymized and then used to improve the rating model for the probability of default; this processing is based on Sec. 6 (1) sentence 1 lit. f) GDPR because of an overriding legitimate interest in using pseudonymized data for our own business purposes.
Note on automated decisions in the context of rating:
We also use automated decisions to establish and execute business relationships. This enables us to offer you fully digitized Factoring Services . The rating is used to prepare an offer and is used to assess the probability of default. The score values calculated do not only support our decision-making when concluding product deals, but are also incorporated into ongoing risk management. We also use automated decision-making on the basis of legal and regulatory requirements, typically to combat money laundering or the financing of terrorism, or to combat asset endangering crimes. In this context, various data evaluations (e.g., in payment transactions) are carried out. These measures also serve to protect you. If a negative decision is made against you as a sole trader or freelancer on the basis of the rating, these reasons will be explained upon request to the contact details provided here.
You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests). You can file your objection in writing or by e-mail using the contact details provided here.
If you file an objection, we will discontinue any further processing and use of your personal data and delete or block it, unless we are obliged by law to continue processing, in particular to continue storing it.
2.8 Financing of invoices
If you upload an invoice for financing on our platform, we collect the invoice data listed thereon (e.g., the invoice number, the invoice and due date, and the invoice amount) as well as the invoice recipient's original data and contact data.
The collection of this data is necessary for the provision of services (Sec. 6 (1) sentence 1 lit. b) GDPR), it is stored for 10 years.
2.9 Data transmission to third parties
2.9.1 Data transmission to Schufa
We are obligated to transmit selected information regarding our Factoring Service to SCHUFA.
Billie transmits personal data collected within the scope of this contractual relationship to SCHUFA regarding the application, performance and termination of this business relationship as well as data regarding non-contractual behavior or fraudulent behavior. The legal bases for these transfers are Article 6(1)(b) and Article 6(1)(f) GDPR. Transfers based on Article 6(1)(f) GDPR may only be made insofar as this is necessary to protect the legitimate interests of Billie or third parties and does not override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The exchange of data with SCHUFA also serves to fulfill legal obligations to conduct creditworthiness checks on customers (Sec. 505a and 506 of the German Civil Code).
SCHUFA processes the data received and also uses it for the purpose of profiling (scoring) in order to provide its contractual partners in the EEA, Switzerland and, where applicable, other third countries (insofar as there is an adequacy decision on these by the European Commission) with information on, among other things, the assessment of the creditworthiness of natural persons. More detailed information on SCHUFA's activities can be found at https://www.schufa.de/de/datenschutz-dsgvo/.
2.9.2 Data transmission in the context of refinancing
For refinancing purposes, Billie may assign claims against customers to banks or financial institutions. For these assignments, the transmission of personal data collected in the registration process or from third parties may be necessary. This transfer is based on Sec. 6 (1) sentence 1 lit. b) GDPR, as it is required for the provision of services.
3. Sending of advertisements
If you provide your consent to receive information of promotional nature, such as newsletters or text messages, we will use your email address, postal address and telephone number for the purpose of sending you the relevant information.
The data processing and storage by us takes place in Germany and the EU respectively. For this purpose, we use the services of salesforce.com EMEA Limited, Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London, UK ("Salesforce"). Insofar as a data transfer to third countries should be necessary in this context, this will take place on the basis of EU standard contractual clauses in their current form.
You may revoke your consent for the future at any time by using the unsubscribe link in the emails sent to you. Such a revocation does not affect the lawfulness of the data processing up to that point.
3.1 Klarna waitlist
If you have registered for the Klarna waitlist with your name, email address, company name, telephone number and sales information, this data entered by you will only be stored and processed after you provided your consent to the data processing by confirming your email address. We will use this data exclusively for sending information about the Billie integration via Klarna.
4. Web analytics and cookies
In order to make the visit to our website attractive and the use of certain functions more user-friendly, effective and secure, we use so-called cookies on various pages. These are small text files that assign your browser to your end device and transmit corresponding information to us. Cookies cannot execute programs or transfer viruses to your end device.
4.1 Google Analytics
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.3.
Google Analytics is used in accordance with the conditions agreed upon by the German data protection authorities with Google. You can find additional information under the following links:
User Terms: http://www.google.com/analytics/terms/de.html
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
Once you have logged into your account on the platform, Google Analytics will no longer be used.
4.2 Google AdWords
Our website also uses Google Conversion Tracking "Adwords", an analysis service from Google. A cookie is set on your device if you have accessed our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If you visit individual pages of our platform and your cookie has not yet expired, both Google and we can recognize that you clicked on our ad and were redirected to our site. The information obtained with the help of the cookie is used to create conversion statistics. We thus learn the total number of users who clicked on an ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information with which we can identify you personally.
If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this purpose -- for example, via a browser setting that generally deactivates the automatic setting of cookies. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "googleadservices.com".
Our website also uses Segment.io, a service provided by Segment.io, Inc, 109 E 17th St #4503, Cheyenne, WY 82001, USA (hereinafter referred to as Segment) for data analysis, which enables us to collect and analyze the technical usage data generated when using our website and to use it for website optimization. The collected usage data is processed pseudonymously. IP addresses are shortened accordingly after their collection and the data is not used to merge usage profiles with your personal data. The information about the use of our website is usually transferred to a Segment server in the USA and stored there. You can prevent the collection of data for these purposes by deactivating the storage of cookies via your browser settings.
4.4 Custom Facebook audiences
We use Fullstory, a website analytics service provided by Fullstory Inc, 818 Marietta Street, Atlanta, GA 30318, USA. Fullstory records user behavior on our website. The recordings of visitor sessions allow us to analyze them and subsequently improve the website experience for visitors. Fullstory stores and collects data in anonymized form using cookies. Tracking can be deactivated at any time. To do so, please follow the instructions at https://www.fullstory.com/optout.
5. Fraud prevention