Grover is the central contact point for customers.
Solarisbank and Grover must notify each other if they learn about an actual or suspected data protection violation.
Within the respective responsible company, those departments that need access to your data to fulfill our contractual and legal obligations are granted access to your data.
IT service providers, especially software as a service, hosting, storage and cloud computing providers
Logistics service provider
E-mail marketing service providers and customer service providers who, among other things, create offers and invoices for us
Marketing service providers, especially Google Adwords and WhatsApp consulting service providers
Payment service providers and credit institutions for the collection of a charge or the provision of a payment service
Collection agency for the enforcement of claims
Service providers who support us in risk analysis and fraud prevention
Insurance companies and legal service providers
Insofar as processing is necessary to protect legitimate interests, for example when using IT services, our legitimate interest is to outsource functions.
If your contractual partner is Grover Finance I or Grover Finance II, Grover Finance I or Grover Finance II will make your data available to the Grover Group for the purpose of concluding and processing the contractual relationship and for advertising its own offers, provided that there is a legal basis for this.
In addition, your personal data will be passed on or transmitted if required by law (Art. 6 para. 1 sentence 1 lit. c GDPR) or if you have given your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
For the processing of your data we also use service providers located in third countries outside the European Union. These countries may have a different level of data protection than within the European Union. Unless there is a decision by the EU Commission that these third countries generally offer an adequate level of data protection, we have taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. With service providers in third countries we conclude the standard data protection clauses of the European Commission. These provide appropriate guarantees for the protection of your data with service providers in the third country. You can request a copy of these data protection clauses by contacting us at the contact details given above. In addition, we encrypt or pseudonymize personal data before transferring it to a service provider in a third country, provided that this is technically possible and appropriate.
When establishing contractual relationships, we use fully automated decision-making processes in the sense of Art. 22 Para. 1 GDPR, taking into account the creditworthiness data provided by credit agencies and the score value determined by our own analyses for abuse and fraud detection (see above under 2.) This is necessary for the conclusion of the contract in the sense of Art. 22 para. 2 lit. a GDPR: automated decision making allows for greater coherence and fairness, the risk of non-payment due to lack of solvency, abuse or fraud is minimized and we can make decisions within shorter deadlines and increase our efficiency. All this is essential in our mass and time-critical online business. It is therefore possible that we may automatically reject your order based on the determined creditworthiness or the determined probability of abuse or fraud. If you do not agree with our decision, you can inform us in writing or by e-mail to [email protected] A member of staff will then review the decision, taking your point of view into account, and correct it if necessary.
Your data will be processed according to the legal regulations and deleted in accordance with the intended deletion periods.
As far as necessary, we process and store your personal data for the duration of our contractual relationship, which also includes, for example, the initiation and execution of a contract. Please note that our contractual relationship is usually a continuing obligation.
In the case of contractual relationships, but also in the case of other civil law claims, the storage period is also governed by the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.
In addition, we are subject to various storage and documentation regulations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention or documentation specified there are six years for correspondence in connection with the conclusion of a contract and 10 years for accounting records and business letters (§§ 238, 257 para. 1 and 4 HGB, § 147 para. 1 and 3 AO).
Logfiles are deleted in principle after the end of the respective browser session, at the latest after seven days, unless their further storage is exceptionally necessary and lawful. The storage period of cookies depends on the individual case and is usually between twelve and 24 months.
Customer data and your customer account will be deleted five years after the end of your last rental contract or after your last login, whichever comes later.
We usually delete the following customer data within the following shorter periods:
Data on telephone conversations with customers (for example telephone number) will be deleted one year after the last telephone conversation with the customer. If we record a telephone conversation in individual cases, which is only done with the customer's voluntary consent, the recording is automatically deleted after 30 days.
Credit scoring data (see above under 2.) of customers whose order was rejected for reasons of creditworthiness, we delete or anonymize after six months. Otherwise, we delete or anonymize creditworthiness data five years after the end of your last rental agreement or after your last login, whichever comes later.
Data from our own analyses for abuse and fraud detection (see above under 2.) we will delete or anonymize your data five years after the end of your last rental agreement or after your last login, whichever comes later.
You have the right of information (Art. 15 GDPR), the right of correction (Art. 16 GDPR), the right of deletion (Art. 17 GDPR), the right to limit processing (Art. 18 GDPR) and the right of data transferability (Art. 20 GDPR). In the case of the right of information and the right of deletion, the restrictions pursuant to Sections 29 (1) sentence 2, 34 and 35 BDSG apply.
You also have the right to object to data processing by us (Art. 21 GDPR).
Insofar as our processing of your personal data is based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR), you may revoke this consent at any time; the legality of the data processing carried out on the basis of the consent until revocation remains unaffected.
In order to assert all these rights as well as for further questions regarding personal data, you can contact our data protection officer or our contact details mentioned above at any time.
Notwithstanding the above, you have the right to lodge a complaint with a supervisory authority - in particular in the EU member state of your residence, place of work or place of the alleged violation - if you believe that the processing of the personal data you provided violates the GDPR or other applicable data protection laws (Art. 77 GDPR, § 19 BDSG).
22 October 2021