1. General
This Privacy Policy informs you about the nature, scope, and purpose of the processing of your personal data by the controller under data protection law pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR).
The definitions of the GDPR, in particular those set out in Article 4, apply.
1.1 Controller
The controller under data protection law is:
finbyte GmbH (“finbyte”, “we”)
Rosenstraße 2
10178 Berlin
E-Mail: [email protected]
1.2 Data Protection Officer
You can contact the appointed Data Protection Officer as follows:
Intelliant GmbH
Reinhardtstr. 25
10117 Berlin
Email: [email protected]
2. Details of Data Processing
2.1 Operation and Functions of the Website
When you visit our website, we process personal data as follows:
We use third-party services for this purpose. These services also include the use of cookies.
Specific information about the individual cookies and individual settings options can be found under “Manage preferences” in our consent management tool.
In the consent management tool, you can consent to processing activities and object to processing activities based on legitimate interest. You can also adjust your preferences at a later time or withdraw your consent with effect for the future. Please note that without your consent, certain website functions may only be available to a limited extent.
2.1.1 Provision of Website Content
| Processing | Provision of website content |
|---|---|
| Purpose | Establishing the technical connection between the visitor’s device and our website Conducting the session Maintaining and improving the functionality of the website Maintaining and improving the information security and data security (confidentiality, availability, and integrity) of the website, including data storage in log files |
| Categories of data processed | IP address of the accessing system Browser type and version used by the device Internet service provider of the accessing system Date, time, and success of access |
| Categories of recipients | Web hosting – DigitalOcean, LLC Note: Google Tag Manager (Google Inc.) – no processing of personal data |
| Third-country data transfer | |
| Storage period or criteria for determining the storage period | Session: data is deleted when the respective session ends Log files: data is deleted after 7 days or anonymised |
| Legal basis | Article 6(1)(f) GDPR (legitimate interests) |
2.1.2 Website Optimisation, Reach Analysis, and Social Media Integration
We process personal data of website visitors for the purposes of website optimization and reach analysis, as well as for the integration of marketing and social media functionalities. Detailed information on these data processing activities can be found in the consent management tool under “Manage preferences”.
The legal basis for processing for these purposes is Article 6(1)(a) GDPR – consent. Consent to this processing may be withdrawn at any time during the browser session in which these settings are used.
2.2 Contact
You can contact us via the contact form on our website.
| Processing | Contact |
|---|---|
| Purpose | Contacting finbyte Responding to inquiries by finbyte |
| Categories of data processed | Basic personal data (name, email address) Company Contact details (telephone number) (optional) Message content (optional) IP address, log data, and tracking |
| Categories of recipients | Form provider – integration of SendGrid (Twilio Inc.) |
| Third-country data transfer | |
| Storage period or criteria for determining the storage period | 3 months after receipt/response to the contact inquiry |
| Legal basis | Article 6(1)(a) GDPR (consent) |
2.3 Application Process
Open job vacancies at finbyte can be viewed on our website, and the application process can be initiated by providing personal data and application documents. This is made possible by the provider Lever.
| Processing | Application process at finbyte |
|---|---|
| Purpose | Providing a secure application portal Finding and hiring future employees Filling open positions at finbyte Conducting the application process Communication as part of the application process |
| Categories of data processed | Basic personal data (name, email address) Contact details (telephone number) CV data, including education and career data (optional) Current employer (optional) Cover letter, individual information (optional) Information about LinkedIn profile (optional) |
| Categories of recipients | Applicant management — Lever, Inc. Communication – Google, Inc. (Google Mail) |
| Third-country data transfer | US (applicant management) – in accordance with appropriate safeguards pursuant to Article 46 GDPR US (communication) – in accordance with appropriate safeguards pursuant to Article 46 GDPR |
| Storage period or criteria for determining the storage period | Up to 6 months after completion of the application process in the event of rejection, unless other statutory storage requirements apply (for example claims under the German General Equal Treatment Act (AGG)) Extension of storage with consent (talent pool for 6 months) If a contract is concluded, the data will be stored and further managed in personnel data management |
| Legal basis | Article 6(1)(a) GDPR (consent) Article 6(1)(b) GDPR (steps prior to entering into a contract or performance of a contract) |
We ask for your understanding that, for data protection reasons, we cannot process applications received outside the application portal.
Under European data protection law, we are obliged to inform you that withholding personal data in your application may put you at a disadvantage compared with other applicants applying for the same position.
In individual cases, we would like to record job interviews.
| Processing | Recording of job interviews |
|---|---|
| Purpose | Improving the recruitment process Improving the flow of applicant information for better assessment |
| Categories of data processed | Video recording of the job interview |
| Categories of recipients | Google Meet recording – Google, Inc. (Google Workspace) |
| Third-country data transfer | US (Google Workspace) – in accordance with appropriate safeguards pursuant to Article 46 GDPR |
| Storage period or criteria for determining the storage period | Up to 6 months |
| Legal basis | Article 6(1)(a) GDPR (consent) |
Consent to the recording of the interview is voluntary and can be withdrawn at any time informally by email. In the event of withdrawal, the recording will be deleted immediately.
3. Rights of the Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR. You therefore have the following rights vis-à-vis the controller:
3.1 Right of Access
Pursuant to Article 15 GDPR, you have the right to request confirmation from us as to whether we process personal data concerning you. If this is the case, you may request information from us about the following: purposes of processing; categories of personal data processed; recipients or categories of recipients to whom your data has been or will be disclosed; planned storage period or, if specific information is not possible, criteria used to determine the storage period; existence of a right to rectification, erasure, restriction of processing, or objection; existence of a right to lodge a complaint with a supervisory authority; source of your data, where it was not collected from us; existence of automated decision-making, including profiling, and, where applicable, meaningful information about the details thereof; transfer of personal data to a third country or an international organisation; appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
3.2 Right to Rectification
Pursuant to Article 16 GDPR, you have the right to request the immediate rectification or completion of your personal data stored by us.
3.3 Right to Restriction of Processing
Pursuant to Article 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer need the data but you require it for the establishment, exercise, or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR.
3.4 Right to Erasure
Pursuant to Article 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims.
3.5 Right to Notification
If you have exercised your right to rectification, erasure, or restriction of processing against the controller, we are obliged pursuant to Article 19 GDPR to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
3.6 Right to Data Portability
Pursuant to Article 20 GDPR, you have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller.
3.7 Right to Object
Pursuant to Article 21 GDPR, you have the right to withdraw your consent once given at any time. We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
3.8 Right to Withdraw Consent under Data Protection Law
Pursuant to Article 7(3) GDPR, you have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
3.9 Right to Lodge a Complaint with a Supervisory Authority
Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your usual place of residence, your place of work, or the place of the alleged infringement. For finbyte, the Berlin Commissioner for Data Protection and Freedom of Information is responsible.
4. Validity and Changes to this Privacy Policy
This Privacy Policy applies in its current version. The current Privacy Policy can be accessed and printed at any time on the website at https://finbyte.com/privacy-policy.
Last updated: May 2026