Menu

Privacy and data Policy

Privacy and data Policy

regarding the Finnoconsult.at website and microsites.

The developer and maintainer of below referred websites, FInno Consult Gmbh (company reg. 426099t at Commercial Court of Vienna; seat: 1030 Wien, Rasumofskygasse 26; hereafter referred to as: FInnoConsult) hereby informs the Users of the data management on above websites as follows, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the General Data Protection Regulation (hereafter referred to as GDPR).

This Privacy policy applies to personal data collected and processed by FinnoConsult. See Who manages ... section for details below.

FInnoConsult is entitled to modify the present Privacy Notice in any time. The present Privacy Notice is published on the FInnoConsult Website. The present Privacy Notice takes into effect by publishing. We encourage you to review it from time to time.

This policy is effective from 25 May, 2018.

Definition of the regulated terms as per GDPR can be found here

Personal data entered onto our website will be processed in accordance with the Austrian Data Protection Act. However, the information offered on our websites may be used without entering any personal data.

Any use of contact data contained within the legal notice by third parties for sending promotional and informational materials that have not been expressly requested is hereby expressly prohibited. The operators of the website expressly reserve the right to instigate legal steps in the event that unsolicited promotional information is sent, e.g. in spam mail.

What personal data do we manage at Finnoconsult website portfolio?

The legal bases for our data processing is the data processing authorization afforded by both § 107 of Austrian Telecommunications Act of 1997 and GDPR referred above, and is specified below, per data categories and by reference to the elements of the above list.

We do not collect any sensitive or special categories of personal data, as defined under the GDPR. Our products and services are not aimed at children.

What are the concerning websites?

There are couple of microsites hosted under Finnoconsult.at domain (hereafter referred to as our websites), such as:

We collect personal data in the following ways:

See exact details below:

FinnoScore registration

FinnoScore analisis of EU banking sector is available for everyone at finnoscore.finnoconsult.at. To gain access to that public data, there is a registration form needed to be filled in with the following details:

SubjectData CategoryData originPurpose of data managementLegal basis of data managementDuration of data management
Registration on finnoscore.finnoconsult.atname*From SubjectElectronic direct marketing content, such as newsletter, sending of an advertisement, or communication in the event of newly publicated finnoscore dataGDPR Article 6 (1) a) ConsentUntil the consent is withdrawn.
email address*From SubjectElectronic direct marketing content, such as newsletter, sending of an advertisement, or communication in the event of newly publicated finnoscore dataGDPR Article 6 (1) a) ConsentUntil the consent is withdrawn.

Request contact via finnoconsult.at website

All visitors are able to reach out our company based on the Imprint page and our colleagues directly.

However, everyone is entitled to reach out to us using our contact form, which collects the following data to be able to reach back.

SubjectData CategoryData originPurpose of data managementLegal basis of data managementDuration of data management
Online Contact form on www.finnoconsult.at to respond a contact requestname*From SubjectOur Legitimate Interests, which we have balanced with the interests of our clients, suppliers and business contactsGDPR Article 6 (1) a) ConsentUntil the consent is withdrawn.
email address*From SubjectOur Legitimate Interests, which we have balanced with the interests of our clients, suppliers and business contactsGDPR Article 6 (1) a) ConsentUntil the consent is withdrawn.

Data security in IT infrastructure

How do we ensure the safety of your data?

We follow strict information security ruleset regarding the provision of safety concerning the data and information under our governance, the knowing and following of which is mandatory for all our staff.

Our staff is regularly trained and coached in matters of data and information security.

Office workstations are password protected, and personal data is stored encrypted.

How we store personal data collected above?

All personal data collected by our websites and listed in section We collect personal data in the following ways are encrypted, using AES-256-CTR algorithm with MD5 hashed and protected keys.

Where do we store the personal data collected above?

We store personal data on our central server, to which only a select and close employee group have access, per strict access control rules. We regularly test and check our IT systems in order to ensure and maintain data and information security.

The central server hosting our websites is served by Hetzner company, on a server located in EU, Germany, in a dedicated and secure container.
(Hetzner Online GmbH, seat: Industriestr. 25, 91710 Gunzenhausen, Deutschland; company reg. HRB 6089 at Registergericht Ansbach)

Finnoscore.finnoconsult.at keeps listed data encrypted inside a password protected database.

The listed Finnoconsult.at contact form details are kept encrypted in a protected Slack
(Slack Technologies Inc.,seat: 500 Howard Street, San Francisco, CA 94105, USA).

Protection against malicious software is provided regarding all of the systems and system elements of the used service providers.

When allocating authorisations to our IT systems, we pay close attention to the protection of data (e.g. passwords, authorisations) affecting these systems.

Who manages your personal data, and who has access to them?

The controller of the personal data specified in the first section, hereto is FinnoConsult, meaning Finno Consult Gmbh

To whom do we forward your personal data?

The data were provided is primarily used within the FinnoConsult company.

Additionally the company responsible for website development might has access to the servers hosting the database Innovációs Tanácsadó Kft (seat: 40/a Buhegy dűlő, Kerekegyhaza, 6041, Hungary; company reg 03-09-117666 at Kecskeméti Törvényszék Cégbírósága).

Beyond, we do not forward, disclose the given data to any 3rd party. We may disclose your personal data if required to do so by law, as emphasised in the first section

Data security in communications

Regarding electronically forwarded messages and data, we conduct ourselves regarding bylaws. In order to comply with the principle of safe transfer of data, we ensure the integrity of both the data of the controller and the user.

The personal information and other data collected are transferred under encryption.

Data security in software development and programming

We separate the development environment from the live one, as well as development data from live data, and we depersonalise personal data in development, where possible.

The checking of sensitive completed code is conducted pursuant to the principles of safe coding, the four eyes principle. The alteration tracking is done via protected Git repository in order to ensure proper traceability.

Physical data security

In order to provide physical data security, we ensure our physical barriers are properly closed and locked, and we keep strict access control regarding our visitors at all times.

Our paper documents containing persona data are stored in a closed locker that is and theft-proof, to which only a select few have authorised access.

The rooms where storage devices are placed in have been made to provide adequate protection against unauthorised access.

What procedure do we follow upon an incident?

Pursuant to applicable law, we report incidents to the supervisory authority within 72 hours of having gained knowledge thereof, and we also keep records of them. In cases regulated by applicable law, we also inform subjects of the incidents, where necessary.

When and how do we amend this notice?

Should the scope of data, or the circumstances of data management be subject to change, this notice shall be amended and published on www.finnoconsult.at within 30 days, as is required by GDPR. Please pay attention to the amendments of this notice, as they contain important information regarding the management of your personal data.

Your rights regarding your personal data

You have a number of rights under data protection law, which have been strengthened under the GDPR policy, mentioning some such as:

If you would like to exercise any of these rights, please use the following contact details:

Email: admin@finnoconsult.at

Further information to be found on Imprint page

If you are concerned about the manner in which we have collected and used your personal data, please contact us using the contact details above – we will do our best to help. If you are unhappy with the manner in which we have handled your personal data you have the right to contact the Austrian Data Protection Authority, dsb, or alternatively you can find your own National Data Protection Authority


This website uses cookies to ensure you get the best experience on our website.Learn more