Data Policy

1. Subject of this Privacy Policy

Thank you for your interest in our web presence, and in the services offered on our website. The protection of your personal data (hereinafter referred to simply as “data”) is a central and very important concern to our company. Therefore, in the following document we will provide you with full information on how your data is collected when you visit our website and use the services offered there, and how we then use or process this data. We will also provide information on the additional protective measures we have taken from both an organizational and technical standpoint. Generally, you can use our website without entering your personal data. It informs you, as the visitor to this page, about the products and services of Tink Germany GmbH (also referred to as Tink Germany), Gottfried-Keller-Strasse 33, 81245 Munich, Germany. Separate privacy policies apply to the use of our products, and are expressly referred to where applicable.

2. Controller 

Controller in the sense of the General Data Protection Regulation (GDPR) is Tink Germany GmbH, Gottfried-Keller-Str. 33 81245 Munich. Please see our Legal Notice. For questions or remarks on this Privacy Policy or for general questions on data protection, please contact our data protection team or Data Protection Officer at the following e-mail address: or via our mailing address by adding “(personally) c/o the Data Protection Officer”.

3. Collection and use of your data

The scope and manner with which we collect and use your data will depend on whether you use our website only to access information or whether you make use of the services we offer:

3.1 Informational use

If you use our website under only for informational purposes, we collect and use the data transmitted automatically to us by your web browser, such as:

  • the date and time at which you accessed one of our websites
  • your browser type
  • your browser settings
  • the operating system you use
  • the last page you visited
  • the transmitted quantity of data and access status (file transmitted, file not found, etc.)
  • as well as your IP address

For security purposes (e.g. identification of and defence against DDoS attacks) we store so-called log files, which contain your IP address, a time stamp (date and time of access), the requested URL and the web server used. The log files are stored for a period of up to 7 days and will then be deleted or anonymized, so that it is no longer possible to relate this data to an individual user. The processing of this data serves our legitimate interest in ensuring the trouble-free operation of our website. Legal basis for data processing is Art. 6 para. 1 lit. f GDPR.

3.2 Contact

Our website includes a contact form you can use to inform us of your interest in our products as a provider/retailer of goods and services online. We use the data transmitted via this form (name, company, e-mail) only for the purpose of contacting you individually and for our further communication with you. If you contact us via e-mail or using the contact form, the information you have provided is saved for the purpose of processing your inquiry and for any follow-up questions. The information you have provided may be saved in a customer relationship management system (“CRM system”) or comparable inquiry organization. To process and answer your questions and messages as quickly as possible, we have linked our contact form and our email programme to our customer relationship management tool “HubSpot” from HubSpot Ireland Limited (Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Irland). Data transmitted when filling out the form is transferred to HubSpot and saved on HubSpot servers. We use a cloud-based service from HubSpot Inc., headquartered in the USA, to manage customer data and customer contacts. The HubSpot privacy policy is available at You can object to the use of HubSpot for your personal data at any time, e.g. via e-mail, letter or fax, with future effect. The legal basis for processing your data, which is transmitted if you contact us using the contact form or by e-mail, is our legitimate interest (facilitating contact) (Art. 6 para. 1 lit. f GDPR) and, if you are or would like to become our customer, initiating or fulfilling a contract (Art. 6 para. 1 lit. b GDPR). Your personal data will be deleted once it is no longer necessary in relation to the purposes for which they were collected or otherwise processed. For personal data transmitted via the contact form or by e-mail, this is the case once our conversation with you has ended. The conversation has ended once circumstances indicate that the matter in question has been clarified between us and you. We review the necessity every two years; furthermore, statutory retention obligations apply. You have the right to object to the processing of your personal data in the context of your contact via the contact form or by e-mail within the framework of the statutory provisions at any time with future effect. In such cases, we will no longer be able to continue our conversation with you. All personal data saved in the process of making contact with you will be deleted in this case, unless statutory retention periods apply.

3.3 Google reCAPTCHA

On our website, we use the reCAPTCHA of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The reCAPTCHA function serves the purpose to verify whether data on our website is input by a natural person or improperly by machine and automated processing. The IP address and any other data required by Google for the reCAPTCHA function (e.g. language, time zone, length of stay on the website) are sent to Google and may also be transferred to Google’s servers in the US. Legal basis for data processing is Art. 6 para. 1 lit. f GDPR (legitimate interest of Tink Germany in avoiding misuse and spam). Further information on Google reCAPTCHA and the Google privacy policy can be found at: You can prevent the processing of this data by deactivating the execution of Javascript in your browser or by installing a Javascript blocker. Please note, however, that this may limit the functionality of the website.

3.4 Use of services / registration on our website

3.4.1 Registration

When you register to use our personalized services, we collect some personal data such as your name, address, and contact and communication data like your telephone number and e-mail address. If you are registered on our website, you can access content and services we offer only to registered users. Registered users can also change or delete the data they provided during registration if necessary at any time. We process your personal data for the following purposes:

a) processing your name and contact information to check your identity, for customer management in the customer menu, and to maintain correspondence with you, in particular to provide customer support;

b) processing your invoice information to complete and bill transactions;

c) processing device and usage data to operate and improve our website and to ensure the security and functionality of our website;

d) to display personalized advertisements to you and to send you marketing notifications about us, our products and our services; and

e) to fulfill our legal obligations under applicable law.

In cases a) and b) data is processed for the purpose of initiating or performing a contract (Art. 6 para. 1 lit. b GDPR), in case c) and d) for the purposes of our legitimate interests (Art. 6 para. 1 lit. f GDPR) and in case e) for compliance with a legal obligation (Art. 6 para. 1 lit. c GDPR).

Tink Germany is a Tink group company. For internal administrative purposes (sales planning and control) and in order to provide customers with the best possible advice on the product portfolio of Tink group, customer data (e.g. name, function and contact details of contact persons in the company, contract data) is transferred to Tink AB, Vasagatan 11, SE-111 20 Stockholm, Sweden (“Tink”). Legal basis for data processing is Art. 6 para. 1 lit. f GDPR. A processing of personal data based on Art. 6 para. 1 lit. f GDPR can be objected to within the framework of the legal provisions.

Your personal data will be deleted once it is no longer necessary for the performance of a contract, e.g. at the end of the customer relationship. Furthermore, statutory retention obligations apply for business communications and invoicing data, i.e. this data will be deleted after the end of statutory terms. Your personal data must be processed in cases a) and b) for the purpose of performing the contract and for invoicing purposes.

3.4.2 Login with Google  If you register as a merchant under you can also use the login functionality via Google (“login with Google”). For this purpose, you need an account with Google Inc., 1600 Amphitheatre Parkway Mountain View, California 94043, USA. You can find more information on how Google processes personal data in Google’s privacy policy which is accessible under

3.5 Consent under data protection law

In addition to offering the services you request, we would like to customize our website to your specific interests – only, of course, if you explicitly agree for us to do so at a separate place. For this purpose, it is necessary from a technical standpoint that we combine the data collected on you and the data you enter into a usage profile, which we then evaluate for the aforementioned purposes. This evaluation is only carried out internally and only for the aforementioned purposes. You can provide your consent separately. You can then revoke this consent at any time with future effect.


We offer the option of creating a test API key on our website. The data entered into the form for this purpose (in particular, your name and e-mail address) is used only for the purpose of registering for the API to use it with our test bank and for developer support. Legal basis for the processing of data is Art. 6 para. 1 lit. f GDPR. Your personal data will be deleted once it is no longer required to provide the test API key. You can object to the processing of your personal data within the framework of the statutory provisions at any time with future effect. In this case, however, the API key will no longer be available to you.

3.7 Newsletter 

If you wish to subscribe to the newsletter we offer, we will require a valid e-mail address from you, as well as your name. In addition to the first white paper, we will send you further newsletters with  information of Tink Germany and Tink in the area of open banking appropriate for your industry / your company (approx. once per month). To ensure you are the owner of the provided e-mail address or that the owner of that address agrees to receive the newsletter, after the first step of registration we will send an automated e-mail to the provided e-mail address (double opt in process). Only after the newsletter registration is confirmed via a link in the confirmation e-mail will we include the given e-mail address in our distribution list. We will not collect any further data beyond the e-mail address, name and confirmation of registration. Your data is processed only for the purpose of sending you the newsletter to which you have subscribed. The legal basis for this processing is Art. 6 para. 1 lit. a GDPR (consent). You granted us your consent when you ordered the newsletter. Conditional upon your request to delete it, data used to send the newsletter will be saved for as long as we need it to send the newsletter. Therefore, data will be deleted when you unsubscribe from the newsletter, or when we receive more than two (2) notifications that a newsletter cannot be delivered, or when we cease delivery of the newsletter to which you have subscribed generally. You can revoke your consent to save your data and to use it to send you the newsletter at any time with future effect, e.g. via e-mail to [] or by clicking the unsubscribe link provided in every newsletter.

3.8 Application process

When you apply for a job at our company, we process

  • Name, surname
  • Contact details (address, telephone number, email address)
  • Other information you provide to us in the context of your application (in particular, your CV and the information contained therein,  application photo, copies of apprenticeships certificates or job references)

for the purposes of carrying out the application process. Legal basis is sect. 26 para. 1 German Federal Data Protecion Act (BDSG). The provision of this data is required to process your application, otherwise we could not consider your application.

The data provided to us will be stored for up to six months, beginning with the end of the application process. In case of an employment with the company, the data will be stored for its duration and, moreover, within applicable statutory retention periods. 

4. Duration of storage for personal data or criteria for determining this duration

We adhere to the basic principle of data minimization. Therefore, we save your personal data only as long as necessary to achieve the purposes indicated here, or as provided in the diverse statutory retention periods, e.g. according to commercial law (6 or 8 years) or also according to tax law (10 years). After the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or after these terms expire, the relevant data is routinely blocked or deleted according with statutory provisions.

5. Use of cookies

We use so-called cookies or other technologies such as web beacons (collectively referred to as “cookies”) to optimize our website. There are two types of cookies:

  • Session cookies, i.e. small text files sent by a specific server when you visit a website and saved in the buffer memory on your hard drive. This file as such contains a so-called session ID, which allows us to classify various inquiries made by your browser to the overall session. This allows us to recognize your computer when you return to our website. These cookies are deleted after you close your browser. They are used, for instance, to allow you to use the shopping cart function across multiple pages.
  • Persistent cookies (these are also small text files saved on your device) which remain on your device and allow us to recognize your browser the next time you visit. These cookies are saved on your hard drive and automatically deleted after the specified time. They have terms ranging from 1 month to 10 years. These cookies help us make our services more user-friendly, effective, and secure, and allow us to show information on the page that is specially tailored to your interests.

In the following, we would like to inform you about which cookies we use for which purpose and on which legal bases, Furthermore, we would like to inform you about your opt-out options.

Please note that for individual cookies, we also collect your consent to the transfer of your data to third countries (e.g. USA), where the level of protection for personal data may not be equivalent to that in the EU.

Further information can also be found via the Usercentrics Consent Management Platform integrated on our website, which allows you to make and change settings regarding the use of cookies on our website. 

5.1 Essential Cookies

Essential cookies (also called technical necessary cookies) are cookies which are necessary for the functioning of our website, e.g. login cookies, shopping cart cookies, cookies of the Usercentrics Consent Management Platform which are used for the administration of your cookie settings as well as the Google Tag Manager Cookies which we use to integrate and administer the cookies used on our website. 

5.2 Statistic Cookies 

Statistic Cookies help us to optimize our website and to provide you with the best possible information.  When a cookie is activated, it is assigned an identification number. Your personal data is not associated with this identification number. Your name, IP address, or similar data that would make it possible to associate the cookie with your person are not stored in the cookie. Based on the cookie technology we only receive pseudonymized information, such as information on which pages of our website you have visited, which products you have viewed, etc. Legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR (consent). 

5.2.1 Use of Google Analytics

We use Google Analytics, a web analytics service of Google Inc. (“Google”). Google Analytics uses “cookies,” text files saved on your computer which allow us to analyze your use of the website. Information generated by the cookie on page visitors’ use of this website is typically transmitted to a Google server in the USA and saved there. We have activated IP anonymization on this website (anonymizeIp). However, Google abbreviates your IP address within a member state of the European Union or in another contracting state to the Agreement on the European Economic Area in advance. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information on our behalf to evaluate your use of the website, assemble reports on website activities, and provide us with further services related to website usage and internet usage. The IP address transmitted by your browser in the course of Google Analytics is not combined with other information from Google. You can prevent cookies from being saved by changing your browser software settings; however, if you do so we would like to inform you that you may not be able to use all the functions of our website in full. You can also prevent transmission of the data generated by the cookie regarding your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: As an alternative to the browser plug-in or on browsers on mobile devices, you can click the following link to set an opt-out cookie that will prevent Google Analytics from recording data within this website in the future (this opt-out cookie will only function in this browser and for this domain. If you delete the cookies in your browser, you will have to click this link once again): [Deactivate Google Analytics] or use the privacy settings via the Usercentrics Consent Management Platform.

5.2.2 Google Maps

This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data on how visitors use its map functions. Further information on data processing by Google is available in the Google Privacy Policy. You can change your personal data privacy settings in the data privacy center there. Detailed instructions on how to manage your data in conjunction with Google products is available here.

5.3 Marketing Cookies

Marketing Cookies help us to carry out online marketing activities. They also serve the purpose to measure marketing campaigns on external websites as well as to optimize our marketing measures.  Legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR (consent). 

5.3.1 Google Adwords

Our website uses Google conversion tracking. If you accessed our website via an ad displayed by Google, Google Adwords will save a cookie on your computer. The conversion tracking cookie will be saved when a user clicks an ad displayed by Google. These cookies become invalid after 30 days and are not used to personally identify users. If the user visits certain pages on our website and the cookie has not yet expired, we and Google can see that the user clicked the ad and was transferred to this page. Each Google AdWords customer receives a unique cookie. Therefore, cookies cannot be tracked via the websites of AdWords customers. The information obtained through the conversion cookies is used to prepare conversion statistics for AdWords customers who have decided to use conversion tracking. Customers receive the total number of users who clicked on their ad and were transferred to a page with a conversion tracking tag. However, they do not receive information that can be used to personally identify users. If you do not want to take part in tracking, you can refuse to allow the cookie required for this purpose to be saved – for instance by deactivating browser settings that generally allow cookies to be saved, or setting your browser to block cookies from the domain “” Please note that you may not delete opt-out cookies if you do not want measured data to be recorded. If you have deleted all the cookies in your browser, you must re-set the specific opt-out cookie.

5.3.2 HubSpot

FinTecSystems GmbH uses HubSpot for its online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.  These include, among other things:

  • E-mail marketing (newsletters and automated mailings, e.g. to provide downloads)
  • Social Media Publishing & Reporting
  • Reporting (e.g. traffic sources, access, etc. …)
  • Contact management (e.g. user segmentation & CRM)
  • Landing Pages and Contact Forms

Our registration service allows users of our website to learn more about our company, download content and provide their contact information and other demographic information. This information and the contents of our website are stored on the servers of our software partner HubSpot. They can be used by us to contact users of our website and to determine which services of our company are of interest to them. All information collected by us is subject to this data protection provision. We use all information collected exclusively to optimize our marketing activities. HubSpot is a software company based in the USA with an office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telefon: +353 1 5187500. We have concluded a data processing agreement with Hubspot in accordance with the requirements of the GDPR which also includes the so-called EU Standard Contractual Clauses. Furthermore, HubSpot is subject to the TRUSTe ‘s Privacy Seal and the “U.S. – Swiss Safe Harbor” Framework. More information about HubSpot’s privacy policy » More information from HubSpot on EU data protection rules » More information about the cookies used by HubSpot can be found here & here » If you generally do not want HubSpot to record your data, you can prevent cookies from being saved at any time by changing your browser settings.

5.3.3 LinkedIn Ads and LinkedIn Analytics

We use LinkedIn Ads and LinkedIn Analytics of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website. The cookies used insofar serve the purpose of placing advertisements on LinkedIn, of targeting visitors of our website with advertisements on LinkedIn (so-called remarketing / retargeting) and of measuring the success of marketing campaigns on LinkedIn (so-called conversion tracking).  Further information can be found in LinkedIn’s privacy policy at In case you are a LinkedIn member, you can adjust your general settings for advertisements under Furthermore, you can object to targeted advertising by LinkedIn under, independent of whether you are a LinkedIn member or not.  5.4 Cookie settings / opt – out options In addition to the individual settings / opt- out options mentioned above you can use the Usercentrics Consent Management Platform integrated on our website to make and/or change the settings for the use of cookies on our website at any time (give consent and/or revoke consent with future effect). The Usercentrics Management Platform is accessible via the link / button “cookie settings” contained in our cookie banner or via the fingerprint shaped symbol displayed at the bottom of our website.  Furthermore, you can change your browser settings so that you are informed when cookies are saved and can decide in each individual instance whether you want to exclude the acceptance of cookies for certain cases or in general, or whether you want to disable cookies entirely. This may, however, restrict the proper function of our website.

6. Social Media-Plugins

Twitter button

Our website uses buttons from the social media network Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Bookmarks are designated with a Twitter logo (stylized blue bird). When you click this logo, you can share a post or page of this website on Twitter, or follow the provider on Twitter. If a user accesses a page on this website that contains such a button, their browser forms a direct connection with Twitter servers. Twitter transmits the content of the Twitter buttons directly to the user’s browser. We have no influence over the scope of data Twitter collects using this plugin. If you are logged in to Twitter, Twitter can associate your visit with your account. For the purpose and scope of data collection and the further processing and use of this data by Twitter, as well as your rights and setting options you can use to protect your privacy in this respect, please see the Twitter Data Privacy Policy at If you do not want Twitter to collect data on you through our website, you must log out of Twitter before vising our website and may need to delete any cookies saved by Twitter on your PC.

Google “+1” button

The “+1” button from the social network Google is integrated on our website; it is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The button is indicated by the symbol “+1.” If you visit one of our pages that contains such a button, your browser creates a direct connection to Google servers. The content of the “+1” button is transmitted directly to your browser by Google and integrated into the website by it. Therefore, we have no influence over the scope of data Google collects using the button. If you are a member of “Google+” and do not want Google to link data collected through our website with your member data saved at Google, you must log out of “Google+” before visiting our website. Please see Google’s Data Privacy Policy at for further information on the purpose and scope of data collected, the further processing and use of the data by Google, and your rights and setting options in this respect to protect your privacy.


This website uses plugins from, which are operated by YouTube, LLC, Cherry Ave., USA – represented by Google Inc. When you access a page of our website containing such a plugin, a connection is formed to YouTube servers and the plugin is displayed on the website through transmission to your browser. Information on which of our pages you visited is transmitted to YouTube servers. If you are logged into YouTube as a member, YouTube can associate this information with your personal user account on this platform. When you use this plugin, for instance by clicking / pressing the Start button on a video or sending a comment, this information is associated with your YouTube user account. You can only prevent this by logging out of your account before you use the plugin. Information on the collection and use of your data by the platform and by plugins is available in the Data Privacy Policy:

XING Share Button

The XING Share Button (Xing AG, Gänsemarkt 6, 20354 Hamburg) is used on our website. When you access this website, your browser creates a brief connection to the servers of XING AG (“XING”) in order to provide the “XING Share Button” functions (in particular calculating/displaying the meter value). XING does not save any personal data regarding your access to this website. In particular, XING does not save IP addresses. Your user behavior is not evaluated using cookies in conjunction with the “XING Share Button.” You can access current data privacy information on the “XING Share Button” and additional information on this website:

LinkedIn Recommend Button

Plugins from the network LinkedIn, by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, (hereinafter referred to as “LinkedIn”) are integrated on this website. You can recognize the LinkedIn plugins by the LinkedIn logo or the “Share button” (“Recommend”) on this website. When you visit this website, the plugin creates a direct connection between your browser and the LinkedIn server. Through this connection, LinkedIn receives the information that you visited this website with your IP address. When you click the LinkedIn “Share Button” while you are logged into your LinkedIn account, you can link the content of this website to your LinkedIn profile. This allows LinkedIn to associate your visit to this website with your user account. If you are a member of LinkedIn and do not want LinkedIn to link data collected through our website with your member data saved at LinkedIn, you must log out of LinkedIn before visiting our website. Information on the collection and use of your data by the platform and by plugins is available in the Data Privacy Policy:

Facebook “Like” / “share” button

Plugins from the social network Facebook (Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland) are integrated on our websites. You can recognize the Facebook plugins by the Facebook logo or “Like” button on our page. An overview of Facebook plugins is available here: If you visit one of our pages that contains such a plugin, your browser creates a direct connection to Facebook servers. The content of the plugin is transmitted directly to your browser by Facebook and integrated into the website by it. Through this connection, Facebook receives the information that you accessed that page of our website. If you are logged into Facebook, Facebook can associate the visit with your Facebook account. If you interact with the plugins, for instance by clicking the “Like” button or leaving a comment, this information is transmitted directly to Facebook by your browser and saved there. Since this transmission is completed directly, we have no knowledge of the transmitted data. Please see Facebook’s Data Privacy Policy at for further information on the purpose and scope of data collected by Facebook, the further processing and use of the data by Facebook, and your rights and setting options in this respect to protect your privacy.

7. Data Security

We use technical and organizational security measures to protect any collected or processed personal data, in particular against accidental or intentional manipulation, loss, destruction, or attack by unauthorized parties. Our security measures are continually improved in accordance with technological development. The verification process, in particular entries of banking data, is encrypted using SSL technology. Special entries, such as your online banking PIN, are also doubly secured via an expanded encryption process. Our systems are hosted in a certified secure computing center in Germany.

8. Your data subject rights

As a data subject you have the right 

    • to obtain confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data (right of access, Art. 15 GDPR),
    • to rectification, erasure or restriction of processing (Artt. 16 – 18 GDPR),
    • to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller  (so-called right to data portability, Art. 20 GDPR),


  • to object, on grounds relating to your particular situation, to processing of your personal data based on point e) or f) of Art. 6 para. 1 GDPR (Art. 21 GDPR)

within the framework of the statutory provisions. For any data subject request please contact our data protection officer under the contact data indicated above (cf. number 2) or under the contact details named in our legal note.  If you consider that the processing of your personal data infringes the regulations of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or the place of the alleged infringement. 

Privacy Policy_website_v2.2en