de en

Competencies

Close up of investor hand analyzing stock market charts on digital tablet

About us

Sopra employee sitting on a sofa with a laptop and smiling

Career

Two Sopra employees working at a laptop

News & Events

Contact

Home

Privacy Policy

Privacy Policy

of Sopra Financial Technology GmbH

Privacy policy

Sopra Financial Technology GmbH is pleased to welcome you to our website (hereinafter also referred to as "website"). Thank you for your interest and we want to make your visit to our website as pleasant as possible. For us, this includes responsible handling of your data in accordance with the legal requirements in Germany.

Insofar as we refer to the General Data Protection Regulation (GDPR) below, you can find further information on this on the following page.

We are the "controller" within the meaning of Art. 4 No. 7 GDPR for the processing of your personal data on this website:

You can reach us as follows:

Sopra Financial Technology GmbH
Frankenstrasse 146
90461 Nuremberg
Phone: 0911-9291-0
E-mail address: info@sopra-ft.com

You can reach our company data protection officer at

Sopra Financial Technology GmbH
Data Protection Officer
personal/confidential
Frankenstrasse 146
90461 Nuremberg
Phone: 0911-9291-0
E-mail address: datenschutz@sopra-ft.com

 

The data protection notice applies to the website offered by Sopra Financial Technology GmbH. If offers from other providers ("third-party offers") are accessible from our website, our data protection notice does not apply to these third-party offers. In this case, we are also not responsible for the processing of your personal data in the context of such third-party offers within the meaning of Art. 4 No. 7 GDPR.


Data protection information for applicants

Please note that separate data protection information applies to our online application process. These can be found in the following document:

Data protection information for applicants


Security

In order to guarantee the confidentiality of communication with you, we use SSL encryption. According to the current state of knowledge, the 256-bit encryption possible with this is to be regarded as secure. All browsers of the latest generation achieve this level of security. If necessary, you should update the browser on your PC.

The employees of the cooperative financial group of the Sparda banks and those of Sopra Financial Technology GmbH are obliged to maintain the confidentiality of personal data in accordance with Art. 5 para. 1 lit. f, Art. 32 para. 4 of the General Data Protection Regulation (GDPR).

Data processing and our technical security precautions are continuously adapted to current circumstances and requirements and in line with the state of the art. Both are subject to review by our internal audit department and the data protection officer.


Contact and communication

On some pages you can enter personal data in input fields for the purpose of corresponding with us.

This data will only be processed for this correspondence with you and for the purpose for which you have provided us with the data in the context of this communication, e.g. to process your inquiries or to contact you at your request. In this case, the processing of personal data is carried out with your consent and is then permissible in accordance with Art. 6 para.1 lit. a GDPR. We delete your data in this regard when the purpose for which you have provided us with your data has been fulfilled or completed and we are not entitled or obliged to continue storing it for legal reasons.

However, your first contact via e-mail (as shown above) may result in your message being sent to us unencrypted. If you wish to encrypt your e-mail, you can use the registration form on this page.


1. Processing of data with and without personal reference

1.1 Surfing on our website

In principle, you can visit our website without telling us who you are. We then only learn your IP address, the name of the website or file accessed and the time of access or retrieval, the amount of data transferred and whether the access or retrieval was successful.

The data is used exclusively for the administration and optimization of the website.

The IP address can be personal data because, under certain conditions, it is possible to use it to find out the identity of the owner of the Internet access used by providing information from the respective Internet provider.

We only analyze the IP address in the event of attacks on our Internet infrastructure. In this case, we have a legitimate interest within the meaning of Art. 6 para.1 lit. f GDPR in processing the IP address. This legitimate interest arises from the need to defend against the attack on the Internet infrastructure, to determine the origin of the attack in order to be able to take criminal and civil action against the person responsible and to effectively prevent further attacks.

The IP address will be deleted if we can rule out that it has not been used to attack our Internet infrastructure.


1.2 Use of cookies

Cookies are also used on our website. Cookies are small data packages that are stored on your computer's hard disk via the browser. They are used to control the Internet connection during your visit or during a subsequent visit to our website and thus make your visit more convenient.

Some browsers already allow cookies by default. If you do not want this, you can change your browser settings. Please refer to the information provided by the browser manufacturer to find out how to do this. If you decide against cookies, it is possible that parts of our website cannot be used.

No evaluation takes place and is deleted at the end of the session.


1.3 Consent management

 The following personal data is stored in this context:

  • Date and time of the visit
  • Browser information
  • Information on consents
  • Information about the end device
  • IP address of the requesting device

The processing of the above data is carried out on the basis of Art. 6 para. 1 lit. c GDPR i.V.m. Section 25 para. 1 TTDSG. The purpose of data processing is to offer visitors to our website the opportunity to consent to the use of cookies. The documentation of such consent is required in accordance with the accountability obligation under Art. 5 para. 2 GDPR and is necessary to ensure the revocation of consent and to control the setting of cookies.

We delete your personal data when it is no longer required to achieve the purpose for which it was processed. This is usually the case after three years, starting at the end of the year in which the data was collected.


1.4 Use of Matomo

We use the web analysis service "Matomo", from the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, on our website. Matomo uses cookies to analyze our website.

The following data is stored when individual pages of our website are accessed:

  • Two bytes of the IP address of the user's accessing system
  • the website accessed
  • The website from which you accessed our website (referrer URL)
  • Subordinate pages that you access on the website
  • Duration of your visit to the website
  • Time and frequency of access to the website

Matomo provides us with information on how many users have visited the website, which posts are clicked on most frequently and at which point they are most likely to leave.

The information generated by the cookies is transferred to a Matomo server and stored there. Your IP address is partially masked during this process so that you as a user remain anonymous to us. The data is not passed on to third parties.

The legal basis for the use of Matomo is your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. Section 25 para. 1 TTDSG. The processing of your personal data enables us to analyze your website usage. This enables us to continuously optimize our website offering for you.

The aforementioned personal data will be deleted as soon as they are no longer required to achieve the purpose of processing. In our case, the deletion takes place after you have revoked your consent or automatically 744 days after its collection.

You can revoke your consent to the processing of your data at any time in accordance with Art. 7 GDPR. You can inform us of your revocation at any time in text form to datenschutz@sopra-ft.com . This does not affect the lawfulness of the processing carried out up to that point on the basis of your consent.

 

1.5 LinkedIn Pixel

We use LinkedIn Pixel, a service provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. LinkedIn uses cookies to collect information about your user behavior on our platform and to analyze for us. it Thereby the following personal data are processed:

  • Advertisements and articles viewed
  • Advertising ID and device ID
  • IP address
  • Information about the browser, device and operating system
  • Websites visited
  • Search terms used

In this context, personal data is transmitted to the LinkedIn Corporation in the USA. Since LinkedIn is a certified participant in the EU-US privacy framework, an appropriate level of data protection is guaranteed.

The legal basis for the data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. We use these for conversion, marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and user-friendliness and to make it more interesting for you as a user.

The corresponding data is stored for as long as is necessary to achieve the purpose. Deletion takes place after consent has been revoked. The cookies set are stored for a maximum of 180 days.

You can revoke your consent to the processing of your data at any time in accordance with Art. 7 (3) GDPR. You can notify us of your revocation in text form at any time to datenschutz@sopra-ft.com. The legality of the processing carried out on the basis of the consent up to that point is not affected by this.

 

1.6 Newsletter

You have the option of subscribing to our free newsletter on our website. In order to send this to you, we collect the following personal data when you register:

  • Salutation
  • First and last name
  • E-mail address
  • Optional: Company name

We also record your IP address and the date and time of registration. No other data is processed. We obtain your consent to process this data during the registration process.

The legal basis for the processing of your personal data after registration for the newsletter is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The processing of your master data serves the sole purpose of sending you the newsletter. We check whether the e-mail address you have provided belongs to you and whether you have consented to receiving the newsletter.

Your IP address and the date and time of registration are processed for security purposes in order to prevent misuse of your data by third parties.

The personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, e.g. after you unsubscribe from the newsletter. Your master data will be deleted immediately, while the other data, such as your IP address and the registration date, will be deleted after a specified deletion cycle of 30 days.

You can revoke your consent to data processing and the subscription to the newsletter at any time in accordance with Art. 7 GDPR. You can do this via the unsubscribe button in the newsletter. The processing carried out until the revocation remains lawful. After revocation, your personal data will no longer be processed and will be deleted.

 

1.7 Survey

As part of our events, you have the opportunity to take part in surveys and receive our evaluation of the survey by agreeing to receive promotional communication in return. We process the following personal data for this purpose:

  • Salutation
  • Name
  • E-mail address
  • Optional: Title

We also record your IP address and the date and time at which you requested the survey results. No other data is processed.

The legal basis for the processing of your personal data after completion of the survey is the contract pursuant to Art. 6 para. 1 lit. b GDPR, through which you receive the survey results and in return agree to be contacted by us for advertising purposes until further notice.

Your IP address and the date and time of registration are processed for security purposes in order to prevent misuse of your data by third parties.

The personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. after the survey result has been sent and you have withdrawn your consent to receive promotional communication. In such a case, your master data will be deleted immediately, while the other data, such as your IP address and the registration date, will be deleted after a specified deletion cycle of 30 days.

 

1.8 Use of a CRM system

In connection with our website, we use a marketing and sales platform that contains a customer relationship management ("CRM") system. The following personal data is processed in connection with the use of the CRM system:

  • Title
  • First name and surname of the customer or contact person or interested party;
  • Company name
  • E-mail address
  • Phone number
  • Subject area

We use the CRM system for the purpose of managing customer data and information on other persons such as contact persons of interested parties. As part of this, a third country transfer to the USA takes place. An appropriate level of data protection is ensured as the service provider of the CRM system is a certified member of the EU-US privacy framework and uses standard contractual clauses.

The processing of customer data in the CRM system is based on the underlying contractual relationship in accordance with Art. 6 para. 1 lit. b GDPR. We process the personal data of other persons, such as contact persons of interested parties, with regard to our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the initiation of a customer relationship.

We delete your personal data when it is no longer required to achieve the purpose for which it was processed. In the case of data processed in the context of an existing contractual relationship, this is usually the case after the expiry of the limitation period, starting at the end of the year in which the contractual relationship is terminated. Once the limitation period has expired, your data will be blocked and deleted after expiry of the statutory retention obligations. With regard to the data of contact persons of interested parties, they will be deleted if you indicate to us that you are not interested in our products.

You can object to the processing of your personal data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR at any time.

 

1.9 Storage

Your data will be stored for as long as is necessary for the provision of our services or for as long as storage is required by law or legal obligations.


1.10 Consent

Any further processing of your personal data will only take place if you have given us your consent and we are therefore authorized to process your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In some areas of our website, you have the option of giving such express consent. In each case, we will inform you of the purpose for which the data will be processed in the event of your consent and how long we will store this personal data.

 

Other processing based on a legitimate interest

If necessary, we process your data beyond the actual fulfillment of a contract concluded with you or a consent given by you to protect the legitimate interests of us or third parties, unless a consideration in individual cases shows that your legitimate fundamental rights and freedoms, which require the protection of personal data, prevail (see Art. 6 para. 1 lit. f GDPR). This may include

  • Assertion of legal claims and defense in legal disputes;
  • Ensuring the bank's IT security and IT operations; preventing and investigating criminal offenses.

 

 


2 Your rights as a user of our website

2.1 Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure. There is also a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).


2.1.1 Revocation of granted consent

You can revoke any express or implied consent given to us at any time with effect for the future.


2.1.2 Information about your right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para. 1 lit. e GDPR (data processing in the public interest) and Article 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR, which we use to assess creditworthiness or for advertising purposes.

  1. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
  2. In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
  3. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.


The objection can be made informally and should preferably be addressed to

Sopra Financial Technology GmbH
Data Protection Officer
personally/confidentially
Frankenstrasse 146
90461 Nuremberg
Phone: 0911-9291-0
E-mail address: datenschutz@sopra-ft.com

2.2 The assertion of all rights mentioned in section 2.1 is generally free of charge for you. However, in the case of manifestly unfounded or - especially in the case of frequent repetition - excessive requests, we may, in accordance with Art. 12 para. 5 GDPR, either

  1. Demand a reasonable fee that takes into account the administrative costs of providing information or notification or implementing the requested measure, or
  2. Refuse to act on the application.


2.3 To exercise your rights, please contact our data protection officer named above. They will also be happy to provide you with further information on data protection.

Status: March 2025