Information pursuant to Art. 13 of the EU General Data Protection Regulation

The protection of your privacy is very important to us. Tapline UG (hereinafter also “we”, “us”, “Tapline”) attaches great importance to the protection and confidentiality of your data. The collection and use of your personal data is carried out exclusively within the framework of the legal provisions, in particular the applicable data protection law (including the EU General Data Protection Regulation (“GDPR”), the Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”) and the Telecommunications Telemedia Data Protection Act (Telekommunikationsdatenschutzgesetz, “TTDSG”). 

In this Privacy Policy, we explain how we handle personal data that is processed by users of our services. This relates on the one hand to the processing of data when visiting our website www.tapline.io (hereinafter “Website”) (see I. below) and on the other hand to the processing of personal data when using the Tapline Online Platform, we offer for the sale of receivables (hereinafter “Platform”) (see II. below). 

On the Platform, companies that have concluded subscription agreements with their customers for the regular delivery of goods or the provision of services (hereinafter “Subscription Agreements”) and who wish to sell and assign the receivables existing and arising in the future from these Subscription Agreements for own refinancing purposes (such companies hereinafter referred to as “Seller” or “Sellers”) can publish sales requests for the sale and assignment of designated subscription receivables for the purpose of obtaining non-legally binding purchase bids of a prospective purchaser.

You can access this Privacy Policy at any time on our website www.tapline.io via the link “     Privacy Policy“.

 

In detail, you will find the following chapters in the data protection information:

  • General notes on data processing when using our services (see I.)
  • Privacy notice for sellers (see II.)
  • Changes to this Privacy Policy information (see III.)

 

 

1. General notes on data processing when using our services

 

1. Name and contact information of the controller

 

In your case Tapline will decide as “Controller” within the meaning of the GDPR for what and how your personal data is used in accordance with this Privacy Notice.

 

Tapline UG

c/o Antler Innovation GmbH

Novalisstraße 10

10115 Berlin

 

E-Mail: [email protected]ne.io

 

2. Informational use of our Website

 

In the case of merely informational use of our Website, i.e. if you do not otherwise submit information to us, we only collect the personal data that your browser transmits to our server.

  1. a) Categories of collected personal data

 

  • Information about the type of browser and the version used
  • The user’s operating system and its interface
  • The user’s Internet service provider
  • The IP address of the user
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites that are accessed by the user’s system via our website
  • Amount of data transferred
  • Access status/HTTP status code

 

  1. b) Purposes of data processing and legal basis, storage 

The storage of the aforementioned data is necessary for technical reasons to provide a functional Website and to ensure system security. This also applies to the storage of your IP address, which necessarily takes place and, under further conditions, can at least theoretically enable an identification of your person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our Website purely statistically and without any identification of your person. This data is not merged with other data sources, nor is the data evaluated for marketing purposes.

The access data collected in connection with the use of our Website is only stored for the period of time for which this data is required to achieve the above-mentioned purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.

Insofar as you visit our Website to obtain information about our services or to use them, the basis for the temporary storage and processing of the access data is Art. 6(1) b) GDPR (legal basis), which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6(1) f) GDPR serves as the legal basis for the temporary storage of the technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly Website and to ensure the security of our systems.

 

3. Legal basis for processing personal data and storage period 

 

If you have consented to the processing of your personal data within the meaning of Art. 4 No. 1 GDPR by us, Art. 6(1) a) GDPR serves as the legal basis for the processing. The processing of personal data, which we need to fulfill contractual or pre-contractual obligations, is based on Art. 6(1) b) GDPR. If the processing is necessary to safeguard our legitimate interests or those of a third party and the interests or fundamental rights and freedoms of the data subject do not override these, we use Art. 6(1) f) GDPR as the legal basis for the processing of personal data. For the processing operations carried out by us, we indicate in this Privacy Policy the applicable legal basis in each case. A processing operation may also be based on several legal bases. Unless otherwise stated in this privacy policy, your data will only be stored on servers within the European Economic Area (EEA).

For the processing operations carried out by us, we indicate in this Privacy Policy how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. 

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is provided for by legal regulations to which we are subject as the responsible party (e.g. Section 257 of the German commercial code (Handelsgesetzbuch, “HGB”), Section 147 of the German fiscal code (Abgabenordnung, “AO”). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this. 

 

4. Statement regarding profiling activities 

 

We don’t undertake profiling activities.

 

5. Transfer of personal data to third parties

 

The following categories of recipients, which are usually data processors, may receive access to your personal data:

  • Service providers for the operation of our Website and Platform (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6(1) b) or f) GDPR, insofar as they are not data processors;
  • State agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Art. 6(1) c) GDPR;
  • Persons appointed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities). The legal basis for the disclosure is then Art. 6(1) b) or f) GDPR.

 

In addition, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6(1) a) GDPR.

 

6. Requirements for the transfer of personal data to third countries

 

We may share your personal data with third parties or disclose it to the third parties. These third parties may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is primarily done to fulfill contractual and business obligations and to maintain our business relationship with you. We will inform you about the respective details of the transfer below at the relevant points. The European Commission certifies data protection comparable to the EEA standard in some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de). In other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding corporate rules, so-called standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact us if you would like more information on this.

 

7. Use of Cookies and other tracking technologies

 

Our Website uses cookies and other tracking technologies. Cookies are small text files that are stored locally in the cache of your Internet browser. The technically necessary (essential) cookies enable the recognition of the Internet browser as well as an improvement of the user guidance and secure the basic functionalities on our Website, e.g. by storing user settings. Cookies do not cause any damage to your computer and do not contain viruses.

You can disable cookies in your Internet browser, limit them to certain websites, or set your Internet browser to notify you before a cookie is stored. You can delete the cookies from your computer’s hard drive at any time using the privacy functions of your Internet browser. In these cases, however, our Website might not be displayed and functions might no longer be technically available.

  1. a) Technically necessary cookies

 

In order to obtain and document your consent to the use of technically unnecessary cookies and/or tracking technologies, e.g. to analyze your user behavior, we use the consent management service HubSpot. When you access our Website, a consent cookie is stored locally in your browser’s cache (so-called “local storage”), in which the consents you have given or refused, or the revocation of these consents, are stored. The following data is processed in the process:

  • Information about the device you are using
  • Information about the browser you are using;
  • IP address in anonymized form;
  • Opt-in and opt-out; and
  • Date and time of the declarations.

The legal basis for the use of the cookie consent tool is Art. 6(1) c) GDPR, as we thereby comply with our legal obligation to obtain and record the necessary consent to the use of cookies. Data processed through HubS     pot will be retained by HubS     pot until the next deletion of the browser chronicle, max. 24 months after last website visit     .

The purpose of using other technically necessary cookies is to simplify the use of our Website for users. If personal data is processed using technically necessary cookies, the legal basis is our legitimate interest in accordance with Art. 6(1) f) GDPR. Some functions of our Website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. These purposes are the basis of our legitimate interest in the processing of personal data pursuant to Art. 6(1) f) GDPR. The user data collected through technically necessary cookies are not used to create user profiles. The described technically necessary cookies are usually deleted when your browser session expires. 

 

  1. b) Technically unnecessary cookies and other tracking technologies

 

We also use cookies and other tracking technologies on our Website and Platform that are technically not necessary. The processing in connection with technically unnecessary cookies and other tracking technologies is carried out on the basis of your consent pursuant to Art. 6 (1) a) GDPR (legal basis). You can revoke the consent you have given us at any time, e.g. by deactivating the cookie-based tools/ tracking technologies listed in detail in the following overview:

 

Name Purpose Storage duration
Google Analytics Google Analytics is a web analytics service offered by Google that tracks and reports website traffic 14 days
Hotjar Hotjar provides insights into website traffic and provides feedback forms 14 days
Amplitude Amplitude provides insights into the user behaviour regarding the use of our Platform 14 days
AWS Cognito AWS Cognito enable authentication of users on our Platform 14 days
HubSpot HubSpot is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing; we also use HubSpot to save      the consent to set technically unnecessary cookies Storage until the next deletion of the browser chronicle, max. 24 months after last website visit
HubBot HubBot is a function of HubSpot and provides a chat function and analytics to improve the site experience Session

 

8. Details on the use of cookies and other technologies for web analysis and advertising purposes

 

  1. a) Google Analytics

If you have given your consent, this Website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Analytics uses cookies that enable an analysis of your use of our Website. The information collected by means of the cookies about your use of this Website is generally transferred to a Google server in the USA and stored there. Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your Website visit, your user behavior is recorded in the form of “events”. Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links 
  • internal search queries
  • interaction with videos
  • file downloads
  • seen / clicked ads
  • language settings

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this Website)

On behalf of the operator of this Website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our Website.

Recipients of the data are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

The data sent by us and linked to cookies are automatically deleted after two months. The deletion of data whose retention period has been reached occurs automatically once a month.

The legal basis for this data processing is your consent pursuant to Art. 6(1) a) GDPR and/or Art.49a GDPR.

You can revoke your consent at any time with effect for the future by accessing the cookie settings [LINK TO CONSENT TOOL SETTINGS HERE] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the Website (including your IP address) to Google and the processing of this data by Google, by

  1. not giving your consent to the setting of the cookie or
  2. downloading and installing the browser add-on to disable Google Analytics HERE.

For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ 

and at https://policies.google.com/?hl=en.

  1. b) Hotjar

We use the service Hotjar, provided by the third-party provider Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.

Hotjar can be used to track movements on our Website (so-called heat maps). This makes it possible to see how users move around the website and which buttons users click on and how often. In addition, technical data such as the selected language, system, screen resolution and browser type are recorded. In this way, anonymized profiles of users can be created, at least temporarily, during their visit to our website. Furthermore, Hotjar can also collect feedback directly from the users of the website. This provides us with valuable information to make our websites even faster and more customer-friendly.

For further details check www.hotjar.com/privacy  

You can use this link to opt out of tracking by Hotjar: www.hotjar.com/opt-out

 

  1. c) Amplitude

We use the service Amplitude of Amplitude, Inc., 201 Third Street, Suite 200 San Francisco, CA 94103, USA. Amplitude is a cloud-based product-analytics platform that helps customers build better products. It aims to provide access to the ‘behavioural layer’ of user data, which exists as an intermediate level between raw data and dashboards. Amplitude offers the ability to zoom in on individual data points to view the behavioral data, users and actions behind each point on a graph.

For further details check https://amplitude.com/privacy  

 

  1. d) AWS Cognito

We use the technologies of Amazon Cognito. Amazon Cognito is an Amazon Web Services product, provided by the third-party provider Amazon EMEA SARL, rue Père Conrad 20 1353 Luxembourg, Luxembourg, Europe. AWS controls user authentication and access for mobile applications on Internet-connected devices. The service saves and synchronizes end-user data, which            enables simple, secure user authentication, authorization and user management for web and mobile apps. With Cognito, a user or visitor can sign in with a username and password through Amazon, or through a third party like Facebook, Google or Apple.

For further details check: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation1.pdf 

 

9. Special notes on data processing in the context of inquiries

 

  1. a) Contact via e-mail or contact form

If you contact us via an e-mail address provided on our Website or via the contact form provided on our Website, the personal data transmitted by you with this email or the contact form will be stored. 

The legal basis for processing the data transmitted in the course of sending an e-mail or using the contact form is Art. 6(1) f) GDPR. Our legitimate interest is to answer your contact request. If the contact is aimed at the conclusion or execution of a contract (e.g. Platform Usage Agreement), the additional legal basis for the processing is Art. 6(1) b) GDPR.

The processing of the transmitted personal data serves us solely to process the contact request. The data will be deleted within a reasonable period of time as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of a contact request, this is the case when the respective conversation with you has ended, unless contractual or legal obligations prevent deletion. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The deletion takes place no later than three years after the end of the year in which the conversation with you ended.

 

  1. b) Live-Chat (“HubBot”)

Tapline uses the chat service of HubBot by HubSpot, 25 First Street, 2nd Floor Cambridge, MA 02141 United States     . We use HubBot to create a chatflow with a bot in order to connect with our Website visitors. The bot appears as a chat widget on our website pages where you can start a conversation. You can use the live chat like a contact form to chat with our staff in near real time. When you call up the chat function and enter your name and email address, the following data is automatically collected:

  • Date and time of the call;
  • Browser type/version;
  • IP address;
  • Operating system used;
  • URL of the visited website;
  • Amount of data sent; and
  • First name, last name, and email address.

 

Once you have entered your request in the topic field, we store this content and further chat history. Further information on data protection is available in HubBot’s Privacy Policy at https://legal.hubspot.com/privacy-policy     

The legal basis for data processing is Art. 6(1) f) GDPR. Our legitimate interest is to provide you with a quick and efficient way to contact us via our website and to process the request from you and to collect information about you (e.g., name) and your company (e.g., company name, financial and accounting data). The processing of the automatically collected data serves at the same time to maintain and ensure the functionality of our information technology systems. If contacting us via the live chat simultaneously serves to conclude a contract with us, Art. 6(1) b) GDPR is a further legal basis for data processing.

The processing of data from the live chat serves the purpose of offering you an additional, fast and direct contact option to us as well as to answer questions and concerns directly and thus to further improve our customer service.

We store the live chat history for the duration of three (3) years. Afterwards, the live chat data will be deleted immediately.

 

10. Security

 

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. All our employees who may come into contact with personal data are obligated in writing to comply with data protection regulations and have been instructed about the legal requirements.

 

11. Your rights as a data subject

 

As a data subject you have the following rights pursuant to Art. 15 ff. GDPR:

  1. a) Obtain appropriate information about the data processed and the categories of personal data, the purposes of the processing, the recipients or categories of recipients to whom your personal data have been or will be disclosed, the envisaged period of storage, the existence of the right to rectify, erase, restrict or object to data processing, the right to lodge a complaint with a supervisory authority, the source of your personal data in case they were not collected through us, and if automated decision-making or profiling is used and in such cases meaningful information about it, 
  2. b) Request the rectification, amendment or deletion of false personal data or where wrongfully processed,
  3. c) Demand the restriction of the processing of your personal data, 
  4. d) Under certain circumstances, object to the processing of your personal data or revoke a prior granted consent to such processing,
  5. e) Request a copy of all your personal data processed by us in a structured, commonly used and machine-readable format or request the transmission of the data to another controller, and
  6. f) Lodge a complaint with the responsible supervisory authority. You can exercise this right before a supervisory authority in the Member State of your residence, place of work or the place of the alleged infringement. The competent supervisory authority for Tapline is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Alt-Moabit 59-61

10555 Berlin

Germany

Tel.: +49 30 13889-0

Fax: +49 30 2155050

E-Mail: [email protected]

 

  1. g) In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data, which is carried out either in the public interest or to protect our legitimate interest, at any time, for reasons arising from your particular situation.

 

We will then stop processing your personal data unless we can demonstrate compelling legitimate grounds for processing your personal data that outweigh your interests, rights and freedoms, or this data processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for direct marketing purposes, we will stop this data processing in any case.

 

If you wish to exercise the aforementioned rights, please contact us via e-mail to [email protected] or via the contact details provided above.

 

2. Additional privacy information for Sellers

Companies that wish to use our Platform to sell and assign the receivables of their Subscription Agreements (such companies referred to as “Seller” or “Sellers”) must register on our Platform and conclude a Platform Usage Agreement with us. As part of the registration process, Sellers must provide us with various data about their company, their business, and the Subscription Agreements they have concluded with their customers (see sections 3.3. and 3.4 of the Platform Usage Agreement). Even after completing the registration process and during the use of the Platform, Sellers must continuously update this data. We need this data to verify that the Seller’s company, their business, and the Seller’s Subscription Agreements meet the requirements agreed in the Platform Usage Agreement for publishing the Seller’s request to sell and assign the receivables under those Subscription Agreements to the potential purchasers on our Platform. Most of this data consists of non-personal financial, accounting and other business data that the potential purchaser needs to (i) evaluate the receivables under the respective Subscription Agreements, (ii) decide whether and in what amount to make an offer to purchase and (iii) to enter into a valid purchase agreement with the Seller (hereinafter “Receivables Purchase Agreement”). However, some of the data provided to us by the Seller may contain information that relates to identified or identifiable natural persons. Please note the following in this regard:

 

  1. Registration Process

When registering, a Seller must provide the following data:

  1. a) Access Data

The first step in the registration process is to create a User Account for our Platform. This requires the following data from the Seller (“Access Data”):

  • email address of contact person / representative
  • password

 

To confirm the provided e-mail address, we store the e-mail address and password immediately during the registration process in order to be able to send you a confirmation e-mail as part of a double opt-in procedure. By clicking on the link listed in the e-mail, you confirm that your e-mail address is correct. Apart from the e-mail address and your password, the Company Data listed below will only be stored by us if you click on the link in the confirmation e-mail during the ongoing registration process.

The legal basis for this data processing is our legitimate interest in verifying the e-mail address provided by you (Art. 6(1) f) GDPR).

After verification of the e-mail address, the e-mail address and the password will be stored by us as the Seller’s Access Data to the Platform. The Seller may change the Access data after the conclusion of the Platform Usage Agreement. The Access Data will be deleted as soon as we are no longer contractually required to provide the Seller access to our Platform. 

If the provided email address relates to a contact person / representative that is the contracting party of the Platform Usage Agreement (e.g. if the Seller acts as sole proprietor), the legal basis for the processing of the Access Data is Art. 6 (1) b) GDPR, as this is necessary for the performance of the Platform Usage Agreement with the Seller. If the email address relates to a contact person / representative that is an employee or other representative of the Seller, the legal basis for the processing of the Access Data is our legitimate interest in processing the Access Data for the purpose of the conclusion and performance of the Platform Usage Agreement with the Seller (Art. 6(1) f) GDPR). 

  1. b) Company Data 

In the further registration process, the following data related to the company and business of the Seller must be provided:

Company/Company name/designation of the Seller, commercial register number, business address, VAT identification number, telephone number, telefax number, email address, IBAN/BIC/name of the bank account to be used in relation to the Platform and to be used for payments in case that a Receivables Purchase Agreement between Seller and a purchaser will be concluded (hereinafter: “Bank Account”), first names/surnames of all of the Seller’s legal representatives, place/date of birth/nationality/residential address of all of the Seller´s legal representatives (“Company Data”). 

Regarding any personal data contained in the Company Data, the following applies: 

If the Company Data relates to you as the contracting party of the Platform Usage Agreement (e.g. if you are sole proprietor) the legal basis for the processing is Art. 6 (1) b) GDPR, as this is necessary for the performance of the Platform Usage Agreement with you as the Seller. If the personal data relates to you as an employee or other representative of the Seller the legal basis for the processing of the Company Data is our legitimate interest in processing the Company Data for the purpose of the conclusion and performance of the Platform Usage Agreement with the Seller (Art. 6(1) f) GDPR). 

The respective Company Data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Personal data in the Company Data is therefore in most cases deleted when the data is no longer required for the execution of the Platform Usage Agreement; in general, we will delete such data after three (3) years. However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is provided for by legal regulations to which we are subject as the responsible party (e.g. Section 257 of the German commercial code (Handelsgesetzbuch, “HGB”), Section 147 of the German fiscal code (Abgabenordnung, “AO”). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

  1. KYC (“Know Your Customer”) and KYB (“Know Your Business”) Verification

For security reasons, we use a KYC (“Know Your Customer”) and KYB (“Know Your Business”) process as part of the registration process. The KYC process serves to verify the identity of the Seller (e.g., if you are sole proprietor) or of the contact person / representative of the Seller that handles the registration. The KYB process serves to verify the company of the Seller. KYC and KYB processes are performed to prevent misuse and fraudulent actions and thus help us to increase the security of and trust in the Platform. In addition, we have to comply with legal obligations that are intended to fight money laundering (Anti-Money-Laundering Laws), terrorist financing and tax crimes. For this purpose, the following data is transferred to the service provider Sum and Substance Ltd (UK), 30 St. Mary Axe, London, England, EC3A 8BF (“sumsub”) commissioned by us to perform the KYC and KYB process:

  • copies of valid official photo IDs of all legal representatives of the Seller (e.g.: passport, ID card);
  • address proof of all legal representatives of the Seller;
  • a list of all authorised signatories of the Seller;
  • proof for the existence of the Bank Account (e.g. current confirmation of the credit institution holding the account, copy of current account statements);
  • current extract from the applicable Commercial Register, the Partnership Register or any other public register where the Seller is incorporated, as well as a list of its shareholders; and
  • any reasonable proof required by Tapline in order to fulfil legal requirements due to Anti-Money-Laundering Laws (AML) and the Know Your Business (KYB) processes/requirements of Tapline.

 

The transfer and processing of this data to and by sumsub is based on your consent (Art. 6(1) a) GDPR) and, as insofar as the transfer and processing is necessary for the fulfillment of a legal obligation (e.g., Anti-Money-Laundering Laws), the legal basis is Art. 6(1) c) GDPR. In addition, the transfer and processing to and by sumsub is also based on Art. 6(1) f) GDPR; our legitimate interest here is to ensure to prevent misuse and fraudulent actions and thus help us to increase the security of and trust in the Platform. 

For further details on the data processing by sumsub please check:

https://sumsub.com/data-protection-policy/ 

After successful verification by Sumsub, only the KYC and KYB status is transmitted to us and stored in our database.

 

  1. Subscription Agreement Data

Either through a software interface between Seller’s preferred subscription software or manually the Seller has to provide us with certain contract data on the Subscription Agreements including subscription ID, subscription product, subscription start date, subscription end date, subscription current start date, subscription current term end, subscription cancel date, subscription status, subscription billing cycle, next payment date, subscription payment method, subscription payment currency, subscription base currency, subscription fixed amount, free trial start date, free trial end date, amount of unpaid invoices, total due amount, unpaid amount due since date, subscription customer ID, subscription customer name, subscription customer address, subscription customer email address (“Subscription Agreement Data”).

Regarding any personal data of the Seller’s subscription customers contained in the Subscription Agreement Data (subscription customer ID, subscription customer name, subscription customer address, subscription customer email address, etc.) the following applies:

The legal basis for the processing of the personal data of the subscription customer is our legitimate interest in processing this data for the purpose of assisting the preparation, conclusion and execution of the Receivables Purchase Agreement between the Seller and the purchaser on our Platform as contractually agreed between us and the Seller in the Platform Usage Agreement (Art. 6(1) f) GDPR). In addition, if Seller’s subscription customers have consented to the processing of their personal data by us, Art. 6(1) a) GDPR serves as the legal basis for the processing.

The respective Subscription Agreement Data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Personal data in the Subscription Agreement Data is therefore in most cases deleted when the data is no longer required for the execution of the Platform Usage Agreement; in general, we will delete such data after three (3) years. However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is provided for by legal regulations to which we are subject as the responsible party (e.g. Section 257 of the German commercial code (Handelsgesetzbuch, “HGB”), Section 147 of the German fiscal code (Abgabenordnung, “AO”). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

 

  1. Accounting Data and Bank Account Data

Either through a software interface between Seller’s preferred accounting software or manually the Seller has to provide us with certain accounting data related to Seller’s Subscription Agreements, including income statement, balance sheet and cash flow statement (“Accounting Data”). In addition, the Seller has to provide the following data related to Seller’s Bank Account to the extent the Bank Account Data is used for any transactions related to the Platform and to be used for payments in case that a Receivables Purchase Agreement between Seller and a purchaser will be concluded: account holder name, a list of account holder’s accounts (account number, IBAN), on transactions regarding the Bank Account (date, merchant or counterparty (partner) name, description (info field), amount) and regarding Balances on the Bank Account (current and available) (“Bank Account Data”). We will use the Service Provider Nordigen Solutions Limited, with registered office in Riga, Latvia to access Seller’s Bank Account Data. For further information on how Nordigen Solutions Limited process personal data please check:

https://nordigen.com/en/company/privacy-policy-end-user/

If the Accounting and Bank Account Data relates to you as the contracting party of the Platform Usage Agreement (e.g. if you are sole proprietor) the legal basis for the processing is Art. 6 (1) b) GDPR, as this is necessary for the performance of the Platform Usage Agreement with you as the Seller. If the personal data relates to you as an employee or other representative of the Seller the legal basis for the processing of the Accounting and Bank Account Data is our legitimate interest in processing the Accounting and Bank Account Data for the purpose of the conclusion and performance of the Platform Usage Agreement with the Seller (Art. 6(1) f) GDPR). 

The respective Accounting and Bank Account Data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Personal data in the Accounting and Bank Account Data is therefore in most cases deleted when the data is no longer required for the execution of the Platform Usage Agreement; in general, we will delete such data after three (3) years. However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is provided for by legal regulations to which we are subject as the responsible party (e.g. Section 257 of the German commercial code (Handelsgesetzbuch, “HGB”), Section 147 of the German fiscal code (Abgabenordnung, “AO”). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

 

  1. Transfer of Company Data, Subscription Agreement Data, Accounting Data and Bank Account Data to purchaser

As soon as we publish Seller’s request to sell and assign the receivables under the Subscription Agreements selected by Seller, the potential purchasers will get access to the respective Company Data, Subscription Agreement Data, Accounting Data and Bank Account Data to evaluate Seller’s request. If Seller and Purchaser enter into a Receivables Purchase Agreement, we will use the respective Company Data and Subscription Agreement Data to generate the Receivables Purchase Agreement. 

If the personal data contained in the aforementioned Data relates to you as the contracting party of the Platform Usage Agreement (e.g. if you are sole proprietor) the legal basis for the processing is Art. 6 (1) b) GDPR, as this is necessary for the performance of the Platform Usage Agreement with you as the Seller. If the personal data relates to you as an employee or other representative of the Seller or to you as a subscription customer, the legal basis for the processing of the Accounting and Bank Account Data is our legitimate interest in processing the Data for the purpose of the conclusion and performance of the Platform Usage Agreement with the Seller (Art. 6(1) f) GDPR). 

Regarding the storage and deletion of any Company Data, Subscription Agreement Data, Accounting Data and Bank Account Data we refer to the respective provisions above.

 

3. Changes to this Privacy Notice

In the context of the further development of data protection law as well as technological or organizational changes, our Privacy Notice is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes, in particular on our Website www.tapline.io. You can access the current data protection information on our website under the link “Privacy Policy”.

Get a free report on how much funding you qualify for.

  • Funding amount approved
  • Based on monthly / annual recurring revenue
  • Sent instantly to your inbox