The BriefingWe are hiring!

Use of the OWWN offer

I. General
We appreciate you visiting our website or using our OWWN App. We respect your privacy. Privacy and data security when using our website and our OWWN App are very important to us. With this privacy policy, we would like to inform you about the extent to which data is collected when you use our website, the OWWN App, and when you use and make use of the services of FiRec GmbH, and for what purposes we use this data. We would also like to inform you about your rights in this regard.


II. Responsible Party
FiRec GmbH
Seelingstraße 47/49
14059 Berlin

Kontakt: hello@owwn.com


III. Data Protection Officer
Christian Schmoll
(dp.institute Data Protection Consulting GmbH)
Kaiserplatz 2
80803 München
E-Mail: schmoll@dp.institute


IV. Visit to our website

1. Nature and purpose of processing
When you access our website, i.e., when you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of browser, the operating system used, the domain name of your Internet service provider, your IP address and the like. This is exclusively information that does not allow any conclusions to be drawn about your person. In particular, they are processed for the following purposes:

- Ensuring that the website connection is established without any problems
- Ensuring the smooth use of our website
- Evaluation of system security and stability for further administrative purposes.

We do not use your data to draw conclusions about your person. Information of this kind is statistically evaluated by us, if necessary, in order to optimize our website and the technology behind it.

2. Legal basis of processing
Processing is carried out pursuant to Art. 6 (1) f) DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

3. Data categories
- IP address data
- Date and time of the request

4. Recipients
Recipients of the data are internal employees of FiRec GmbH who are responsible for the operation and maintenance of our website.

5. Storage periods
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website when the respective session has ended.

6. Legal / Contractual Requirement
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited.

7. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

8. SSL Encryption
This site uses SSL encryption for security reasons. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

9. Use of cookies
This website uses cookies. Cookies are small text files that are stored on your terminal device. These text files can be read by these websites and help to identify you when you visit a website again. Some cookies are used to store preferences and are deleted after the end of the browser session, i.e. after closing the browser, so-called session cookies. Other cookies are used to better adapt the website to user needs and remain on the end device, so-called permanent or persistent cookies. Further information on cookies and on the consent required for their use is available in our cookie banner on our website.
The use of our cookies can be found in our Cookie Policy (available at: https://www.owwn.com/verbraucherinformationen/cookie-policy)


V. Data processing when using the app

1. Responsibility of Solaris.
In the course of opening a user account in our App, you simultaneously open a current account with Solaris SE, Cuvrystraße 53, 10997 Berlin ("Solaris"). Our services and those of Solaris together result in a unified offering for our customers in the form of an integrated platform, where we are responsible in particular for the operation of the App, the further development of the user experience and customer communication, while Solaris is responsible for the execution of the banking services in terms of content. As far as the performance of our contractual and legal obligations in connection with your current account is concerned, we are therefore jointly responsible with Solaris for the processing of your data within the meaning of Art. 26 DSGVO.

For this reason, we have entered into an agreement with Solaris in which we clearly allocate responsibility for the content of the data processing that takes place and our data protection duties in fulfilling your rights as persons affected by the data processing. Accordingly, Solaris is responsible for the content of processing within the scope of all banking processes, and we are responsible for processing within the scope of all other processes. The person responsible for the content in each case generally assumes the data protection obligations associated with this processing. If you contact us or Solaris to assert your data subject rights pursuant to Art.15 et seq. DSGVO, we will handle the communication with you in both cases. Requests that you make to Solaris will be forwarded to.

a. Technical provision

2. Data processing in the context of the use of the App
a. Download of the App
When downloading the app, certain required information is transmitted to the app store you use (e.g. Google Play Store or Apple App Store). These are the following data email address, customer number of your account, time of download, device ID and the username. The provider of the respective app store is responsible for processing this data.

b. Use of the app
When using the app, we automatically collect certain data that is required for the use of the app.

ba. Data categories
- internal device ID
- Version of your operating system
- time of access

bb. Purpose of the data processing
We use this data (but do not store it permanently) to provide you with our services and the related functions of the app.
Furthermore, we use this data to prevent and eliminate misuse and malfunctions.

bc. Legal basis for data processing
The legal basis is the fulfillment of the contract as well as pre-contractual measures (Art. 6 para. 1 lit. b) DSGVO) within the scope of the OWWN Services, as described in our GTC.
Furthermore, data processing is justified on the basis of legitimate interests (Art. 6 para. 1 lit. f) DSGVO). Our legitimate interest is to ensure the functionality and error-free operation of the app and to be able to offer a service that is in line with the market and interests.

c. Creation of a user account and current account and other banking services with Solaris
ca. Data categories
As part of the creation of a user account of the OWWN App and the creation of a current account, we process the following data:
- First name/last name
- Email
- Address
- Password
- Gender
- Date of Birth
- Place of Birth
- Phone Number
- Employment Status
- Professional or personal benefit, if applicable
- Taxable in the United States of America
- Registration address

For legal reasons, it is only possible to proceed with registration if you are not taxpfled in the United States.

cb. Legal basis of the processing
Art. 6 (1) (b) DSGVO, as this data is necessary for the initiation and execution of the contract for OWWN Services and for the contract for the current account and other banking services.

If you provide your address, it will be automatically completed in order to provide you with a convenient user experience. For this purpose, we use an interface of the Google Places service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 ("Google"). During this process, a connection is established with a Google server and personal data is transmitted to Google, including your address and your IP address. For more information, please refer to Google's privacy policy (https://policies.google.com/privacy?hl=de&gl=de).

The legal basis for the use of Google's service is our legitimate interest pursuant to Art. 6 (1) f) DSGVO in providing you with a convenient user experience.

3. „Know Your Customer“ (KYC) Process
When you open an account, you enter into a contract with Solaris. Due to the Money Laundering Act ("GwG"), the performance of an identification process is required. Your identity must be verified within the scope of an account opening by means of a valid identification document, such as your identity card or passport, and details from the identification document must be stored.

For this purpose, Solaris uses the VideoIdent procedure, which is carried out by reliable service providers.

As part of the VideoIdent process, an audio and video transmission takes place in which your external appearance is compared with your photo on your identification document. In addition, all existing data on your identification document as well as your voice are processed by the VideoIdent service provider. Solaris is responsible for the content of the KYC procedure; you can therefore view more detailed information on the data processing that occurs in the Solaris privacy policy (https://www.solarisbank.com/de/datenschutzhinweise/).

Finally, within 90 days of the completion of the KYC process, you will still need to provide your tax ID for tax purposes. After the 90 days, your account will otherwise be blocked.

The processing in the context of the VideoIdent process and your tax ID is based on Article 6 (1) lit c) DSGVO.

4.
If you refuse to provide Pflicht information as part of the registration process, you can unfortunately not be offered a usage and current account contract for legal reasons. For more information, please refer to Solaris' Customer Information on Data Agreement, which is available at the link below. https://www.solarisgroup.com/customer-information/germany/de-iban/german/20220215-customer-information-on-data-processing-germany-de-iban-german.pdf


5. Push notifications
In the OWWN App you can activate so-called "push notifications". "Push notifications" are messages that appear on your smartphone without opening the app. For this, you need to "allow" (iOS) or "disable" (Android) us to send you notifications. This is possible directly when downloading the app or via the app's settings. These messages are sent solely on the basis of your consent (Art. 6 para. 1 lit. a DSGVO).


6. Use of banking services
Any personal data collected in the course of your use of the Banking Services via our App will pass through our servers or those of our service providers before further processing by Solaris and then, if we provide you with information about these services. Solaris' General Terms and Conditions apply to the Banking Services, as well as its Privacy Policy, all other terms and conditions and other important information. These are available to you at the following link: https://www.owwn.com/en/consumer-information

a. Legal basis
The legal basis for processing within the scope of the App is the fulfillment of our contractual obligations towards you (Art. 6 para. 1 lit. b DSGVO). You can find out the details of the processing of your personal data, in particular which data categories are involved, below and in detail in the privacy policy of Solaris, which is responsible for the content in this respect in accordance with our joint responsibility agreement.

Banking services that require data processing within the scope of our app (legal basis: Art. 6 para. 1 lit. b) or c) DSGVO) include: OWWN Card (MasterCard Debit Card).

You have the option to order a MasterCard Debit Card within the app. This requires the transmission of this order to Solaris. After successful ordering, the app allows you to activate the card and set a PIN code. There is also an option to temporarily block and unblock the card, order a new card and change the PIN code. You can view various information about the card via the app (cardholder name, masked card number, expiration date).

b. Displaying the account balance and bookings
On the main screen of the application we show you your account balance and a chronologically sorted list of your postings. Each item contains the reason for payment, the amount and the date of the respective booking. Tapping on a booking item opens a detailed view, on which additional information is displayed. This can be, for example, the ordering party or beneficiary of a booking, its IBAN, a mandate reference or creditor ID, if applicable. Pending standing orders are also displayed with the option to cancel them. In the event that there is a payment where we or Solaris suspect fraud, you can notify us via an interface whether the booking was legitimate.

c. Virtual account statements
For each completed month, the user has the option to retrieve or share or export an account statement through the app. This will receive the data usually included on a bank statement, which is essentially your account number, the time of the entry and value date, the amount of the entry, the ordering party or beneficiary, and the purpose of the transaction.

d. Making a booking and creating a standing order
You have the option to initiate bookings and standing orders within the app. For this purpose, your name, IBAN, amount and name and IBAN of the beneficiary are processed for each new booking. Optionally, a booking purpose can be added. You still have the option of executing an order immediately, on a specific date or at intervals.

e. User account / settings
You have the option to view and copy IBAN, BIC and the name of the bank. Via the notification settings you can activate or deactivate push notifications to your end device. This also requires additional activation at the system level of your end device. You can also contact support directly via the app, log out of your user account, and change your stored phone number.

f. Apple Pay
Apple, One Apple Park Way, Cupertino, CA 95014, USE (Apple)

Data Processed
Apple does not store original debit cards added to Apple Pay or transaction data that can be used to draw conclusions about you. Further, Apple only stores a portion of the actual card and device account number as well as a card description.

Propose of processing
- Enabling contactless and simplified payment methods.
- Risk of fraud and abuse

Legal Basis
- Fulfillment of contract or performance of pre-contractual measures. (Art. 6 para. 1 p. lit. b DSGVO)
- Legitimate interests: (Art. 6 para. 1p. 1 lit. f DSGVO) The legitimate interest corresponds to the above mentioned purposes.

Privacy notices from Apple
Fore more information, please see Apple's privacy notices: https://support.apple.com/de-de/HT203027


7. User behavior analysis
To improve our products, we analyze your user behavior.

a. Purpose of the processing
We analyze our users' behavior, such as by creating statistical data sets about our customers' usage patterns. We do this for predictive purposes, to improve product development, to find bugs, to understand consumer behavior, and to evaluate our own performance. These data sets help us increase customer value, improve customer satisfaction, and strengthen customer loyalty.

b. Recipients of the data
Recipients of the data are employees of FiRec GmbH.
We also use the following providers to analyze data:

- Y42, Charlottenstraße 4, 10969 Berlin, Germany
- Braze, Inc., New York City, 330 W 34th St 18th floor, New York, NY 10001
- Amplitude, Inc., 631 Howard Street, Floor 5, San Francisco, CA 94105

These vendors act as our processors and therefore process your data according to our instructions. We have entered into an order processing agreement with all providers.

c. Legal basis of the processing
The processing serves the exercise of our legitimate interests pursuant to Art. 6 para.1 lit. f DSGVO in the improvement of our product.

d. Data categories
- Customer identification-related data, such as the customer's gender, nationality, address, etc.
- Activities within the app, such as time spent with the app, preferred features, etc.
- Financial data, such as balances, sub-accounts, number of transactions, etc.


8. Marketing‍
a. Purpose of processing
We send push notifications and emails. These serve to (re)engage our users and contain, for example, reminders to complete certain steps or as information about new features in the OWWN App or contain information about certain events or updates, such as the receipt of money. Data processing also serves to improve our marketing. We want to understand what motivated users to use, OWWN. In addition, we use data to customize OWWN services for the individual user, for example, to customize the feed.Furthermore, we use name and address data to contact our customers by mail, for example, to communicate information about our services.

b. Recipients of the data
Recipients of the data are employees of FiRec GmbH.

c. Data categories
- First name
- Last name
- Address data
- Email address
- Address data
- Telephone number
- Tax number
- Gender of the person
- Nationality
- Behavior within the app

d. Legal basis of the processing
Insofar as you have given your consent, the consent (Art. 6 para. 1 lit. a DSGVO) is the legal basis for the processing. Otherwise, the processing serves the exercise of our legitimate interests pursuant to Art. 6 para.1 lit. f DSGVO in promoting our products and engaging our customers in our product experience.

9 Customer communication
In order to contact and communicate with you, the processing of certain personal data is necessary. We contact you, for example, to notify you about the status of your bookings by push message, to respond to customer or Betroffenen requests or to provide you with information required by law.

a. Legal basis of the processing
The processing is carried out to fulfill our contractual obligations to you (legal basis: Art. 6 para. 1 lit. b) DSGVO) as well as to fulfill legal obligations (legal basis: Art. 6 para. 1 lit. c) DSGVO) and due to our legitimate interest in being able to offer you convenient customer communication (legal basis: Art. 6 para. 1 lit. f) DSGVO).

b. Data categories
- First name/last name
- Customer ID
- Device ID
- If applicable, content of the request and its time
- Contact data (e.g. address, phone number or email address)
- If applicable, whether a message delivered via the app was read.

c. Recipients of the data
The recipients of the data are the employees of FiRec Gmbh.


VI. Newsletter‍
If you register for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for sending the newsletter.

We use the so-called double-opt-in procedure for registration. After registering on our app, you will receive an email with a verification code. You use this in the app to confirm that you are the owner of the email address and want to create a user account on our app. If your confirmation is not received within 24 hours, your registration and the personal data you provided will be automatically deleted.

We store your personal data for as long as you have subscribed to our newsletter. Legal retention obligations and exceptions remain unaffected.

You can object to the processing of your personal data for the purpose of direct advertising at any time. We will then refrain from further processing for such purposes. You can send us your objection as follows: security@owwn.com.

You can object to receiving such newsletters at any time in the future without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us in any other way.

We also process the personal data and contact details provided by you as part of the newsletter registration in order to inform you directly about our other products and services. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f DSGVO, because advertising related products and services by way of direct advertising represents a legitimate interest for us as the provider of this website, as well as Section 7 para. 2 No. 3 and para. 3 UWG. You will only receive further information about our offers if you have given your prior consent. The legal basis for this data processing is Art. 6 para. 1 lit. a DSGVO.


VII. Data processing through interviews of beta testers
1. Interviews
Data Processing Purpose: We process this data in order to schedule an appointment with you as a beta tester to conduct an interview about the user experience of the OWWN App and OWWN Services.

a. Legal basis for this processing
The legal basis for this processing is the (Art. 6 para. 1 lit. a DSGVO).

b. Data categories
- Name, e-mail address, appointment
- Storage period
In this context, the data are only processed for as long as we need them for the agreement and implementation of the interviews. After that, they will be deleted, provided that there are no legal retention obligations to the contrary.

c. Recipients of the data
The recipients of the data are employees of FiRec GmbH. We also use the service Calendly to arrange appointments. Calendly will act as our order processor and therefore process your data according to our instructions. We have concluded an order processing agreement with Calendly.

Calendly processes your data in the USA. So-called standard contractual clauses according to Art. 46 DSGVO have been concluded as suitable guarantees. Further information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de


2. Conducting the interviews
The purpose of the data processing is to understand how customers like the app and what we could improve.

a. Data Categories
Your information about the usage experience of the OWWN App and OWWN Services.

b. Legal basis
The legal basis for this processing is the (Art. 6 para. 1 lit. a DSGVO).

c. Recipients of the data
Recipients of the data are internal employees of FiRec GmbH. In this context, the data will only be processed as long as we need them for the evaluation of the interviews. After that, they will be deleted, provided that there are no legal retention obligations to the contrary.


VIII. Period of data storage
Unless we state otherwise in this Privacy Policy, we will delete or anonymize your personal data as soon as they are no longer required for the purposes for which we collected or used them in accordance with the above Numbers. Spezifische statements in this privacy policy or legal requirements for the retention and deletion of personal data, in particular those that we must retain for reasons of commercial banking or tax law, remain unaffected.


IX. Order processing
In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are contractually obligated to comply with the data protection provisions pursuant to Art. 28 DSGVO.


X. Your rights
If personal data is processed by you as a user, you are considered a data subject in accordance with the DSGVO. Data subjects are entitled to the following rights vis-à-vis the controller:

Right of access (Art. 15 DSGVO)
You have the right to receive information from us at any time upon request about the personal data processed by us that concerns you within the scope of Art. 15 DSGVO.

Right to rectification or erasure of personal data (Art. 16, 17 DSGVO)
You have the right to demand that we immediately correct the personal data concerning you if it is inaccurate.You have the right to demand that we delete the personal data concerning you under the conditions described in Art. 17 DSGVO. These conditions provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection, or the existence of an erasure pflicht under Union law or the law of the Member State to which we are subject.

Right to restriction of processing (Art. 18 DSGVO)
You have the right to demand that we restrict processing in accordance with Art. 18 DSGVO. This right exists in particular if the accuracy of the personal data is disputed between you and us, for the duration that the verification of the accuracy requires, as well as in the event that you request restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but is required for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between you and us.


Right to notification in connection with the rectification or erasure of your personal data or the restriction of processing (Art. 19 DSGVO) Right to data portability (Art. 20 DSGVO)
You have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 DSGVO.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) DSGVO, in accordance with Article 21 DSGVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

Right to withdraw consent given
The lawfulness of the data processing carried out until the revocation remains unaffected due to the consent valid to date. (Art. 7 para. 3 DSGVO)

Right to lodge a complaint with the supervisory authority (Art. 77 DSGVO)
You also have the right to lodge a complaint with the competent supervisory authority.

Right to complain to an authority pursuant to Art. 13(2)(d)
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data concerning him or her infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Revocation of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.


XI. Automated decision-making / profiling
Unless otherwise stated within this Privacy Policy, we do not use automated decision making or profiling (an automated analysis of your personal circumstances) to subject you to decisions that have legal effect on you or similarly significantly affect you.


XII. Actuality and change of the data protection declaration
This data protection declaration is currently valid and has the status 10/2021. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.
In these cases, we will adapt the data protection declaration and archive the old version. We will gladly provide you with old versions of this data protection declaration on request.


Status of the privacy policy: 27.07.2022

The Briefing
Jobs
We're hiring!
FAQApple PayGoogle Pay
ImprintPress KitConsumer Information

Banking services are provided by our partner Solaris SE