Privacy Policy

The controller for personal data processed in connection with Fundivo is the operator named in the legal notice.

The controller's contact details are listed in the legal notice and in the contact details section on this page.

This privacy policy explains under Article 13 GDPR which personal data we process when you visit Fundivo, browse content, use comparison, filtering or search features, click external provider or affiliate links, contact us by email, use the protected admin area, or give consent for optional analytics.

The data we process may include IP addresses, referrer data, browser and device data, page paths, session identifiers, consent information, login and security data, communication content and other online identifiers.

When you visit the website, we process technically necessary connection and access data. This typically includes the IP address, date and time of access, requested URL, referrer, browser type, operating system, response status and transferred data volume.

We process this data to deliver the website, ensure stability and security, resolve technical issues and detect misuse. The legal basis is Article 6(1)(f) GDPR; where information is stored or read from your terminal equipment, Section 25(2) No. 2 TDDDG applies.

Fundivo is delivered via Netlify. We use Supabase for data storage, authentication, protected admin functions and internal reporting. Both services process the data required for delivery, operations, security and maintenance as technical service providers or processors.

If you use the admin area, we process login data, session information, security metadata and changes to content or firm data. This is done for access control, content administration, documentation of administrative actions and protection of internal areas. The legal basis is Article 6(1)(f) GDPR and, where a contractual relationship applies, also Article 6(1)(b) GDPR.

Without prior consent we only use technically necessary storage and access technologies, for example for language settings, the admin login, required security functions and the technical comparison list. Optional analytics or marketing technologies are used only after active consent.

Any storage or access of non-essential information on your terminal equipment is based on consent under Section 25(1) TDDDG. Where necessary, essential storage is based on Section 25(2) No. 2 TDDDG together with Article 6(1)(f) GDPR.

We process analytics and usage data only if you have previously consented. Before consent, no optional analytics events are sent, no analytics session key is stored in session storage and no reporting for public traffic is created.

After consent, we may process page views, navigation patterns, comparison behaviour, filter and sort actions, surface and CTA usage, clicks on external provider or affiliate links, technical surface information, device type, language, country and referrer data. The legal basis is Article 6(1)(a) GDPR together with your consent and Section 25(1) TDDDG. You can withdraw consent at any time with future effect.

When you click an external provider or affiliate link, you leave Fundivo or connect directly to the target provider. Depending on the provider, the click may trigger its own data processing.

Any click measurement by Fundivo takes place only after you have given analytics consent. In that case, in particular the IP address, click time, browser data, referrer, target URL and the previously visited page may be processed. The link itself continues to work without analytics consent.

Recipients of personal data are only those entities that need the data to fulfil the relevant purpose. This may include hosting providers, database and authentication providers, email providers, consent and security services and, in the case of a click, the relevant third-party provider or its tracking infrastructure.

Further disclosure takes place only where we are legally required to do so or where it is necessary to assert, exercise or defend legal claims.

If service providers or their subprocessors process data outside the European Union or the European Economic Area, or access it from there, this only takes place under the conditions of Articles 44 et seq. GDPR.

Where required, we rely in particular on adequacy decisions of the European Commission or suitable safeguards such as the EU Standard Contractual Clauses and assess whether additional technical or organisational measures are needed.

We store personal data only for as long as required for the relevant purpose or as long as statutory retention obligations apply. Server and access data, raw analytics data, rollups, admin logs and communication data are deleted, anonymised or retained under our retention concept once the purpose has ended, where necessary.

Information stored locally in your browser, for example language settings, consent status or the comparison list, remains stored until you delete it, your browser removes it, the underlying storage expires or you withdraw your consent. Email correspondence is deleted once handling has been completed and no retention or defence interests remain.

If you contact us by email, we process the data you provide, in particular your email address, the content of your message and the associated communication metadata, to handle your request.

The legal basis is Article 6(1)(f) GDPR. If your request relates to a contract, Article 6(1)(b) GDPR applies additionally.

Subject to the statutory requirements, you have the right to access your personal data (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR) and data portability (Article 20 GDPR).

You also have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). Our lead authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia: https://www.ldi.nrw.de/kontakt.

You may withdraw any consent you have given at any time with future effect. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Where the website provides privacy settings or consent controls, you can review and change your choices there. Alternatively, you may contact us by email to withdraw or limit analytics consent or any other optional processing.

We do not currently use automated decision-making within the meaning of Article 22 GDPR in connection with your use of Fundivo.