Privacy Policy

I.    Name and address of the responsible party

The responsible party in terms of the General Data Protection Regulation and other national data protection acts of the member state as well as other statutory regulations regarding data protection is:

firstwire GmbH
Carlswerkstr. 13d
51063 Köln/Germany
Managing Director: Michael Dreiner
Tel.: +49 (0) 221 677 78 85 - 0
Fax: +49 (0) 221 677 78 85 - 9
E-Mail: datenschutz@firstwire.market

II.    General data processing

1.    Extent of processing personal data

Principally, we process personal data of our users only when it is a requirement for providing a functioning website along with our contents and services. The processing of personal data of our users takes place periodically and exclusively after the consent of the user. An exemption is in force for such cases, where a prior obtaining of a consent is not possible for actual reasons and where the processing of the data is permitted by law.

2.    Legal basis for processing personal data

When we obtain a consent from the person in question to process their personal data, art. 6 par. 1 lit. a European General Data Protection Regulation (GDPR) serves as the legal basis.
In terms of processing personal data, which are necessary to fulfill a contract, whose signatory party is the person in question, art. 6 par.1 lit. b GDPR serves as the legal basis. This applies also to processes, that are necessary to execute pre-contractual measures. As far as processing of personal data is necessary to execute legal obligations, art. 6 par.1 lt. c serves as the legal basis.

In case that vital interests of the person in question or any natural person require to process personal data, art. 6 par. 1 lit. d GDPR serves as the legal basis.

As far as the processing is necessary to protect a legitimate interest of our company or of a third party and the interests, civil rights and fundamental liberties of the person in question outweigh the first-mentioned interest, art. 6 par. 1 lit. f GDPR serves as the legal basis for processing.

3.    Data erasure and length of storage

The personal data of the person in question will be erased or restricted, as far as the purpose of the storage lapses. A storage can take place further, if it is required by the European or national legislator in European legal regulations, laws or other regulations, the person responsible is subject to. A restriction or erasure of data takes place even if a deadline prescribed by the mentioned norms expires, unless there is a requirement to save data for a contract closing or a fulfillment of a contract.

III.    Provision of the website and the creation of Logfiles

1.    Description and extend of data processing 

With every view of our website, our system automatically collects data and information of the computer system of the viewing device.
The following data will be collected:


(1)    Information about the type of browser and the used version
(2)    The operating system of the user
(3)    The internet service provider of the user
(4)    The IP address of the user
(5)    Date and time of day of the access to the website
(6)    Websites, from which the user is forwarded to our website
(7)    Websites that are viewed by the system of the user via our website


The data will be stored in the logfiles of our system as well. A storage of these data, along with other personal data, does not take place.

2.    Legal basis for processing data 

Legal basis for the temporary storage of data and the logfiles is art. 6 par. 1 lit.f GDPR.

3.    Purpose of processing data

The temporary storage of the IP address by the system is necessary to enable a distribution from the website to the computer of the user. For this purpose, the IP address from the user needs to be stored.

The storage in logfiles takes place, to ensure operability of the website. Furthermore, the data serve us for optimization of our website and for securing safety of our information technology systems. An analysis of data for marketing purposes does not take place.

In these purposes lays our legitimate interest for data processing in accordance with art. 6 par. 1 lit. f GDPR.

4.    Length of storage

The data will be erased, once they are obsolete for the achievement of the purpose of their collection. In case of the collection of data to provide the website, it is the case when the respective session is over.
In case of storage of data in logfiles, it is the case after no later than seven days. In this case, the IP addresses of the users will be erased, or defamiliarized, so that an attribution of the viewing Client is not possible anymore.

5.    Possibility to withdraw 

The collection of data in displaying the website and the storage of data in logfiles is necessary to operate the website. Hence, there exists no possibility to withdraw from that, on behalf of the customer.

IV.    Usage of cookies 

a) Description and extent of the data processing

Our website uses cookies. Cookies are text files, which are stored in the internet browser resp. the internet browser on the computer system. If a user is viewing a website, a cookie can be stored on the operating system of the user. This cookie contains a character sequence, that enables a definite identification of the browser when viewing the website again.

We use cookies to construct a user friendly website. Several elements of our website require that the viewing browser can be identified, also after a change of websites.

In the cookies the following data are stored and transferred:

(1)    Language setting
(2)    Login information
(3)    Olark services

In addition, we use cookies on our website, which enable an analysis of the surfing behaviour of the users.

Hereby the following data can be transferred:

(1)    Frequency of website views 
(2)    Utilisation of website functions

The data collected are pseudonymised through technical arrangements. Hence, an attribution of the data to the viewing user is no longer possible. The data will not be stored along with personal data of the users.

While viewing our website, users are informed about the use of cookies for analysis purposes by an information banner and are directed to this data security policy. In this context there occurs also a reference about how the storage of cookies in the browser settings can be prevented.

While viewing our website, the user is informed about the use of cookies for analysis purposes and his consent to process the personal data relating to this context. In this context, there occurs also a reference about the data security policy.

b) Legal basis for processing data

The legal basis for processing personal data using cookies is art. 6, par. 1 lit. f GDPR

c) Purpose of processing data

The purpose of using technical necessary cookies, is to simplify the use of the website for users. Several functions of our website cannot be provided without using cookies. For these functions it is essential that the browser is recognized after a change of website page.

We need cookies for the following applications:

(1)    Adoption of language settings
(2)    Login information (Email address and password)

The user data collected by technical required cookies are not used to build a user profile.

The use of analysis cookies takes place for the purpose to improve our website and its contents. Through the analysis cookies we get to know, how our website is used and are able to optimize our services.

For these purposes lays our legitimate interest to process personal data in accordance with art. 6 par. 1 lit f GDPR.

e) Length of storage and deletion

Cookies are stored on the computer of the user and are transferred from this computer to our website. Hence, users have the entire control about the use of cookies. Through a change in the settings of your internet browser you can de-activate or limit the transfer of cookies. Stored cookies can be erased any time. This can take place automatically. If cookies are deactivated for our website, you may not be able to use all functions of the website to their full extent.

V.    Olark

a) description and extent of data processing

The user can use a live chat tool from Olark by Hablam Inc., 245 Romana St. Palo Alto, CA 94301 both on the website and on the protected area. In terms of firstwire, Olark is a third-party supplier.

The tool enables the user to chat directly to employees of firstwire and to get answers to questions.


Through the use, personal data is collected by firstwire. This contains information about name and E-Mail address of the user, including the user-related technical information like, type of browser, screen size and the used operating system, the IP address of the used device, which sub-pages at firstwire.market have been viewed, as well point of time and length of the visit.

Data is transferred through the use of Olark, it is collected, processed and used there. The details regarding dealing with your personal data through Olark and your rights hereof, can be extracted from the references in the data security policy from Olark.
With the consent to this data security policy agreement, the user declares, that he read the data security policy agreement regarding its use, understood it and gave his consent before using the live chat tool.
The use of the chat tool is neither for the usage of the website, nor the protected area required.

b) Legal basis for data processing

The legal basis for the data processing after opening the Olark link complies with the use of Olark applied regulations at https://www.olark.com/privacy-policy.

c) Purpose of data processing

The collection of data serves to provide the use of the electronic communication service Olark.

d) Length of storage

The data collected by using Olark are stored for a period of 7 days.

e) Possibility to withdraw

The use of Olark can be ended anytime on behalf of the user.

VI.    Registration

1.    Description and extent of data processing

On our website, we offer users the possibility to register with addition of personal data. The data are keyed in through an input mask and are transferred to us and stored. A transfer of data to third parties does not take place. The following data are collected in the process of registration:

(1)    First- and surname
(2)    E-mail address
(3)    Phone number
(4)    Company

At the time of the registration, the following data are stored.

(1)    Date and time of day during registration 

As part of the registration progress, a consent of the user to process these data will be obtained.

2.    Legal basis for data processing 

Legal basis for processing data in case of a consent of the user is art. 6 par. 1 lit.f GDPR.

3.    Purpose of data processing

A registration of the user is necessary to keep available certain contents and services.

demo.firstwire.market:
The registration is necessary to display the entire functionality of the website (E-Mail notifications). Registrations enable firstwire to verify the identity of the users and when necessary to exclude users. After the registration of the user, either follows i) the erasure of the data from demo.firstwire.market if the user does not obtain access to firstwire, or ii) the anonymization of personal data like first- and surname and company. The email address and phone longer remain, in addition to date and time of the day and last login (Date and time of the day). After the user tested the system (usu. 30 days or longer as requested from the customer or firstwire), the data including email address, phone number, company (anonymized), first- and surname (anonymized) as well as the last activities, date of the registration and the last login at demo.firstwire.market are erased.

firstwire.market
The registration is necessary to display the entire functionality of the website (E-Mail notifications). After the user has been accepted at firstwire.market, a user account is created by firstwire. If the user wants to erase his access, a written inquiry has to be made to firstwire (e.g. via E-Mail to clientservices@firstwire.market). Thereafter, the deposited account information including, email address, phone number, gender, company, first- and surname as well as the activities, date of the last registration and the last login on firstwire.market, are erased. Both the Data Security Policy and the terms of use need an explicit consent.

4.    Length of storage

The data are erased, as soon as they are a no longer necessary to their purpose of collection.
This is the case for the collected data during the process of registration, if the registration on our website is abolished or altered.

5.    Possibility to withdraw

As a user you have at any time the possibility to withdraw registration. The data, which are stored about you, can be altered anytime.

Anytime, the users can make a written application to  clientservices@firstwire.market or to the above mentioned address for erasure of their account and/or for alteration of their data.

VII.    Contact form and email contact

1.    Description and extent of data processing

At our website exists a contact form, which can be used for electronic contacting. If a user takes advantage of this possibility, the data keyed in the input mask are transferred to us and stored. These data are:

(1)    First- and surname
(1)    Email address
(2)    Subject
(3)    Content of the message

At the time of the sending of the message, the following data are stored:

(1)    The IP address
(2)    Date and time of the day of the registration

For processing data in the context of the process of sending, your consent is obtained and referenced to this Data Security Policy.

Alternatively, a contacting via the provided E-mail address is possible. In this case, the personal data of the user transferred via E-mail are stored.

Alternatively, a contacting is possible via a set up call-back.

(1)    First- and surname
(2)    Email address
(3)    Phone number
(4)    Subject
(5)    Date and time of the day of the wished call-back

In this context, a transfer of data to third parties does not take place. The data are exclusively used for processing the conversation.

2.    Legal basis for data processing

The legal basis for data processing in case of a consent of the customer is art. 6 par. 1 lit. a GDPR. The legal basis for the processing of data, transferred as part of an E-Mail is art. 5 par. 1 lit. f GDPR. If the E-Mail contact is targeting a contract closing, art. 6, par. 1 lit. b is an additional legal basis for the processing. 

3.    Purpose of data processing

The processing of personal data from the input mask serves exclusively to handle the contacting. In case of a contacting via E-mail, here lays the required justified interest to process the data. The other personal data, processed during the process of sending, serve to prevent an abuse of the contact form and to secure safety of our information technology systems.

4.    Length of storage

The data are erased, as long as they are no longer necessary to their purpose of collection. This applies to personal data from the input mask from the contact form and to the data send via E-Mail, as long as the certain conversation with the user is ended. The conversation is ended, if it arises from the circumstances, that the affected issue is completely clarified. The additional data, collected during the procedure of the sending, are erased after a period of maximum 7 days.

5.    Possibility to withdraw

Anytime, the user has the possibility to withdraw his consent for processing the personal data. If the user contacts us via E-Mail, he is able to withdraw the storage of his personal data anytime. In this case, the conversation cannot be continued.

Anytime, the users can withdraw their consent for the storage via E-Mail to clientservices@firstwire.market.

All personal data, collected as a part of the contacting are erased in this case.

VIII.    Rights of the person in question

If personal data from you are processed, you are the person in question for the purpose of GDPR and the following rights appertain to you:

1.    Right to information

You can require a confirmation from the person in authority, if personal data, which are affecting you, are processed by us.

If such a processing is existing, you can require to obtain information about:

(1)    The purpose, on which personal data can be processed;
(2)    The categories of personal data, which are processed;
(3)    The recipient e.g. the categories of recipients, towards which the data relating to you got revealed, or will be revealed;
(4)    The planned length of storage of the personal data relating to you, or, if concrete statements regarding that are not possible, criteria for the determination of the length of storage;
(5)    The existence of a right to correct or to erase the personal data relating to you, a right of restriction of processing through the person in authority or a right to withdraw this processing;
(6)    The existence of a right of complaint at a regulating authority;
(7)    All available information about the origin of the data, if the personal data are not collected at the person in question;
(8)    The existence of an automatized decision making including profiling in accordance with art. 22 par. 1 ad 4GDPR and -  at  least in these cases – comprehensive information about the involved logic as well as the scope and the intended consequences of such a processing for the person in question;

You have the right, to require information, if the personal data relating to you are transferred to a third-party country or to an international organization. In this context, you can require to be briefed about the suitable guarantees in accordance with art. 46 GDPR. 

2.    Right to correction 

You have the right of correction and/or completion towards the person in authority, as long as the personal data processes, which are relating to you, are incorrect or incomplete. The person in authority is obliged to do the correction immediately.

3.    Right to restriction the processing 

Under the following requirements, you can require to restrict the processing of data relating to you:

(1)    If you deny the correctness of the personal data relating to you, which enables the person in authority to verify the correctness of the personal data;
(2)    the processing is illegitimate and you decline the erasure of the personal data and instead require a restriction of the use of the personal data;
(3)    the person in authority no longer needs the personal data for the purpose of processing, however you need those data to raise a claim, to execute or to defend titles or
(4)    when you withdraw the processing in accordance with art. 21 par. 1 GDPR, without certainty, whether the justified reasons of the person in authority outweigh yours.

If processing the data relating to you was restricted, these data, apart from your storage – can be only processed with your consent, or to raise a claim, to execute or to defend titles or to protect the rights of another natural or legal person, or for reasons of an important public interest of the union or a member state.
If the restriction of processing was restricted in accordance with the above mentioned requirements, you will be briefed before the restrictions will be overturned. 

4.    Right to erasure

a)    Obligation to erase

You can require to erase the relevant personal data relating to you of the person in authority immediately, and the person in authority is obliged to erase these data immediately, as long as one of the following reasons is accurate:

(1)    The personal data relating to you are no longer necessary for purposes they have been collected or processes in any way.
(2)    You withdraw your consent in accordance with art. 6 par. 1 lit. a or art. 9 par. 2 lit. a GDPR, where processing relied in, and an otherwise legal basis for processing is absent.
(3)    You withdraw processing in accordance with art. 21 par. 1 GDPR and no prior justified reason for processing exist. Or you withdraw processing, in accordance with Art. 21 pat. 2 GDPR.
(4)    The personal data relating to you was processed illegitimate.
(5)    The erasure of the personal data relating to you is necessary to fulfil a legal obligation in accordance with European legislation or the legislation of the member states, is subject to the person in authority.
(6)    The personal data relating to you were collected in terms of offered services of an information society in accordance with art. 8 par. 1 GDPR.  

b)    Information to third parties

As long as the person in authority made the relevant personal data public and as long as he is obliged to the erasure of those, in accordance with art. 17 pat. 1 GDPR, he takes appropriate measures, also in a technical way, with reference to the available technology and the costs of implementing, to inform the person in authority of the data processing, that you as the person in question required the erasure of all links to these personal data or of all copies and replications.

c)    Exceptions

The right to erasure does not exist as long as processing is necessary

(1)    to exercise the right to freedom of expression and information;
(2)    to fulfil a legal obligation, that is subject to processing in accordance with the legislature of the European union or the member states, the person in authority is subject to, requires, or, to exercise a task, that is in the public interest or to exercise public legislature, that was brought forward to the person in authority;
(3)    for reasons of the public interest in regarding public health in accordance with art. 9 par. 2 lit. h and as well as art. 9 par. 3 GDPR;
(4)    on behalf of the public interest arising purposes of archiving, scientific research purposes or for statistical purposes in accordance with art. 89 par. 1 GDPR, as long as the right mentioned in section a) probably rules out the achievement of the goals of processing or impacts them seriously, or
(5)    to enforce, exercise, or defend titles.

5.    Right to instruction

If you exercised the right to instruction, erasure or restriction of processing towards the person in authority, this person is obliged to make the correction or erasure of the data or the restrictions of processing, to all recipients, where the relevant personal data were published, unless this is unachievable or with disproportionate effort.

Towards the person in authority, you have the right to be briefed about these recipients.

6.    Right of transfer of data

You have the right to receive the relevant personal data relating to you, that was provided to the person in authority, in a structured, on machine-readable format.
Furthermore, you have the right to transfer these data to another person in authority, without being impeded by the person in authority, you provided the personal data, as long as

(1)    Processing is based on a consent in accordance with art. 6 par. 1 lit. a GDPR or art. 9 par. 2 lit. a GDPR or on a contract in accordance with art. 6 par. 1 lit. b GDPR
(2)    Processing takes place along with automatized procedures.

In exercising this right, you have further the right to obtain, that the relevant personal data will be transferred directly form one person in authority to another person in authority, as long as this is feasible. Liberties and rights of other persons are not allowed to be affected negatively.

The right of transfer of data holds not for processing personal data, which are required to exercise a task for the public interest or takes place in exercising public legislature, that was transferred to the person in authority.

7.    Right to withdraw

Anytime, you have the right, for reasons that result from special situations, to withdraw the processing of personal data relating to you, that occurred in accordance with art. 6 par. 1 lit. e or f GDPR; this also applies for profiling based on these regulations.

The person in authority processes the relevant personal data no longer, unless he can prove reasons worth being protected, which outweigh your interest, rights and liberties, or the processing serves to raise of a claim, to exercise or to defend a claim.
If the relevant personal data are processed to operate direct marketing, you have the right at any time, to withdraw the processing of the personal data relating to you for marketing purposes; this also applies for profiling as long as it is connected with direct marketing.
If you withdraw the processing for purposes of direct marketing, the personal data relating to you will be processed no longer. You have the possibility, in context of the use of Services of information societies – regardless of guideline 2002/58/EG – to exercise your right to withdraw through automatized procedures, where technical specifications are used.

8.    Right to withdraw the declaration of consent of the Data Security Policy

Anytime, you have the right to withdraw your declaration of consent to the data Security Policy. Through withdrawing    the declaration of consent, the processing until the withdraw is not affected.

9.    Automatized decision in individual cases including profiling

You have the right not to be exclusively subject to an automatized processing – inclusing profiling – depending decision, that develops legal impact for you or heavily affects you negatively in a similar way. This does not apply if the decision

(1)    is necessary for closing or fulfilling a contract between you and the person in authority,
(2)    is legitimate on the ground of the legislation of the European union or the member states, the person in authority is subject to and the legislation contains appropriate measures to protect their rights and liberties as well as their justified interest or
(3)    which take place with your explicit consent.

Nevertheless, these decisions are not permitted to depend on special categories in accordance with art. 9 par. 1 GDPR, as long as art. 9 par. 2 lit. a or g GDPR does not hold and appropriate measures to protect the rights and liberties as well as their justified interests took place.

Concerning to the cases mentioned in (1) and (3), the person in authority takes appropriate measures, to protect the rights and the liberties as well as their justified interests, wherefore at least the right to obtain the intervention of a person on behalf of the person in authority, to demonstrate the own stance and to refute the decision, belongs to.

10.    Right to complaint at a regulating authority

Regardless of alternative redress procedure in terms of administrative or judicial law, you have the right to complaint at a regulating authority, especially in the member state of your location of residence, your job, or the location of the suspected violation, if you have the view, that the processing of the personal data relating to you violates the GDPR.

The regulating authority, where the complaint was filled, briefs the appellant about the stage and the results of the complaint including the possibility of a judicial redress procedure.