Privacy Policy for the SCANDIC PAY Crowdfunding Platform

Status: June 2025

The security of your data is a top priority at SCANDIC PAY. This privacy policy informs you about how we collect, process, and protect your personal data. It complies with the current legal requirements of the Federal Republic of Germany, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), as of June 2025.

I. Name and Address of the Controller

The controller responsible for data processing within the meaning of the GDPR and other data protection regulations is:

SCANDIC PAY – A business unit of
LEGIER Beteiligungs mbH
Kurfürstendamm 195
DE 10707 Berlin
Federal Republic of Germany
Phone: +49 30 232 574 - 470
Phone: +49 30 232 574 - 477
Fax: +49 30 232 574 - 471
Email: Info@ScandicPay.de

SCANDIC PAY is a brand of LEGIER Beteiligungs mbH, along with other brands including, among others: SCANDIC TRUST, SCANDIC ESTATE, and SCANDIC TRADE.

II. Contact Details of the Data Protection Officer

Our data protection officer is available for questions about data protection:

Lawyer Thilo Herges
Hohenzollerndamm 27a
10713 Berlin
Germany

Contact:
Phone: +49 (0) 232 57 44 77
Email: Datenschutz@ScandicPay.de

III. General Information About Data Processing

1. Scope of Personal Data Processing

We process your personal data only to the extent necessary to provide our crowdfunding platform, deliver our services, and fulfill legal obligations. Processing generally takes place only with your consent unless legal provisions require processing without prior consent.

2. Legal Bases for Processing

The processing of your data is based on the following legal grounds under the GDPR:

  • Consent: Art. 6(1)(a) GDPR – when you have given your consent.
  • Contract Performance: Art. 6(1)(b) GDPR – for fulfilling a contract with you or pre-contractual measures.
  • Legal Obligation: Art. 6(1)(c) GDPR – where required by law.
  • Vital Interests: Art. 6(1)(d) GDPR – to protect life-critical interests.
  • Legitimate Interests: Art. 6(1)(f) GDPR – where our legitimate interests or those of a third party prevail, unless your interests outweigh them.

3. Data Deletion and Retention Periods

Your data is erased or blocked once the storage purpose ceases. Extended retention may occur to meet legal obligations (e.g., retention periods).

IV. Your Rights as the Data Subject

You have the following rights under the GDPR:

  1. Right of Access (Art. 15 GDPR): Request information about your data processing.
  2. Right to Rectification (Art. 16 GDPR): Request correction of inaccurate data.
  3. Right to Erasure (“Right to be Forgotten”) (Art. 17 GDPR): Request deletion unless retention is legally required.
  4. Right to Restriction (Art. 18 GDPR): Request processing restrictions in certain cases.
  5. Right to Data Portability (Art. 20 GDPR): Receive your data in a machine-readable format.
  6. Right to Object (Art. 21 GDPR): Object to processing on grounds of legitimate interests.
  7. Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw consent at any time; past processing remains lawful.
  8. Right to Lodge a Complaint (Art. 77 GDPR): File a complaint with a supervisory authority (e.g., your local data protection authority).

Contact us via the details above to exercise your rights.

V. Website Provision and Log Files

1. Scope of Data Processing

When you visit our website, we automatically collect the following data:

  • Browser type and version
  • Operating system
  • Internet service provider
  • IP address
  • Date and time of access
  • Referrer and target webpages

These data are stored in log files but are not linked to other personal data.

2. Purpose

The data storage ensures technical provision, functionality, and optimization of our website.

3. Legal Basis

Art. 6(1)(f) GDPR – legitimate interest in technical functionality.

4. Retention Period

Data is deleted after the session ends; log files are deleted within 7 days unless further storage is required (IP addresses then anonymized).

5. Objecting

No objection possible as data is essential for website operation.

VI. Use of Cookies

1. Scope of Data Processing

Our website uses cookies—small text files on your device—to enable:

  • Technically necessary cookies: language settings, login info.
  • Analytics cookies: pseudonymized data such as search terms, page views, usage behavior.

2. Purpose

Necessary cookies ensure functionality; analytics cookies help improve our offering.

3. Legal Basis

  • Necessary cookies: Art. 6(1)(f) GDPR (legitimate interest).
  • Analytics cookies: Art. 6(1)(a) GDPR (consent).

4. Retention

Cookies remain until manually deleted; Safari retains up to 7 days.

5. Objection

You can disable or delete cookies in your browser settings, but this may limit site functionality.

VII. Newsletter

1. Scope of Data Processing

When subscribing to our newsletter, we collect:

  • Email address
  • Name, first name
  • IP address
  • Date/time of registration
  • Country of residence

2. Purpose

To send the newsletter and prevent misuse.

3. Legal Basis

Art. 6(1)(a) GDPR – consent.

4. Retention

Data is deleted once subscription ends; other data after 7 days.

5. Objection

You can unsubscribe anytime via the link in the newsletter.

VIII. Email Contact

1. Scope of Data Processing

When you contact us by email, we store the data provided.

2. Purpose

To handle your inquiry and possibly fulfill contracts.

3. Legal Basis

  • Art. 6(1)(f) GDPR (legitimate interest)
  • Art. 6(1)(b) GDPR (contract performance, if applicable)
  • Art. 6(1)(c) GDPR (legal retention obligations)

4. Retention

Data is deleted when the purpose ceases and no retention obligations exist.

5. Objection

Object by email to service@ScandicPay.de.

IX. Email Applications

1. Scope of Data Processing

When you apply via email, we record your email address and transmitted data.

2. Purpose

To process your application.

3. Legal Basis

  • Art. 6(1)(a) GDPR (consent)
  • Art. 6(1)(b) GDPR (pre-contractual measures)

4. Retention

Data is deleted after the application process unless legal deadlines require otherwise.

5. Objection

Object by email to service@ScandicPay.de; this may prevent your application.

X. Social Networks

We maintain presence on:

  • Instagram (Meta Platforms Ireland Ltd.)
  • X (Twitter International Company)
  • YouTube (YouTube LLC)

1. Scope of Data Processing

Your interactions (comments, likes) may become public personal data. We have limited control over processing by these platforms.

2. Purpose

Information and communication with users.

3. Legal Basis

Art. 6(1)(a) GDPR (consent).

4. Retention

Data is not stored in our systems.

5. Objection

Object by email to service@ScandicPay.de. See also the privacy policies of the respective platforms.

XI. Professional Networks

We maintain presence on:

  • LinkedIn (LinkedIn Ireland Unlimited Company)
  • XING (XING SE)

1. Scope of Data Processing

Your interactions may make personal data public.

2. Purpose

Applications, information, and active sourcing.

3. Legal Basis

Art. 6(1)(f) GDPR (legitimate interest).

4. Retention

Until withdrawal or expiration of legal deadlines.

5. Objection

Object by email to service@ScandicPay.de.

XII. Hosting

Our website is hosted by Amazon Web Services. Server log data (e.g., IP, browser type) is collected.
Legal basis: Art. 6(1)(f) GDPR.
Location: Germany.

XIII. Geotargeting

We use IP addresses and postal codes for regional offers.
Legal basis: Art. 6(1)(f) GDPR.
Objection: Use VPN or disable location in your browser.

XIV. Registration

1. Scope of Data Processing

When registering we collect:

  • Email address, name, first name
  • Address, country of residence, tax residency
  • Phone number, bank details, tax number
  • PEP status, US tax obligation

2. Purpose

Contract fulfillment and anti‑money‑laundering identification.

3. Legal Basis

  • Art. 6(1)(a) GDPR (consent).
  • Art. 6(1)(b) GDPR (contract performance).

4. Retention

Until purpose ends or legal retention periods expire.

5. Objection

Request deletion by email to service@ScandicPay.de, unless legal obligations apply.

XV. Anti‑Money‑Laundering

1. Due Diligence Obligations

We process data (e.g., name, date of birth, ID info) for identity verification with third parties (Onfido, Deutsche Post AG, etc.).
Legal basis: Art. 6(1)(c) GDPR (EU Anti‑Money‑Laundering Regulation).

2. Simplified Due Diligence

For Germany/Austria: Data matching with SCHUFA or Crif.
Legal basis: Art. 6(1)(c) GDPR.

3. Retention

Until purpose ends, respecting legal periods.
Objection: Email service@ScandicPay.de.

XVI. Explanation of Laws Used

  • General Data Protection Regulation (GDPR): EU regulation on data protection. Available via EUR‑Lex.
  • Federal Data Protection Act (BDSG): Supplements GDPR in Germany. Available via official legal portal.
  • EU Anti‑Money‑Laundering Regulation (Directive (EU) 2015/849): Regulates due diligence to prevent money laundering. Available via EUR‑Lex.

These laws form the basis of our data processing and are aligned with current regulations as of June 2025.

Accessibility
ScandicPay by Legier
ScandicEstate by Legier
ScandicTrade by Legier