Privacy

Your data belongs to you

Parqet never finances itself through your personal data. Data we store is the necessary data to enable this product for you and is treated with care and the most modern standards — all in Germany 🇩🇪. On this page your questions about data in Parqet are answered.

🔐

Zero-Click Import

PDF import without personal data

Broker settlement PDFs contain personal user data, which is why they are particularly sensitive. During import, only the necessary information such as asset, purchase date or purchase price is read. Personal data is never stored.

🙈
100% Anonymous
Parqet activities and all other portfolio data contain no personal data whatsoever.
🙅‍♂️
No financing through personal data
We finance ourselves through the sale of our products. Personal data is therefore of no interest to us.

Parqet reads the following data from imported PDFs and CSV files:

  • Type (Sell, Buy, Dividend)
  • Date
  • Broker Name
  • Security Identification (ISIN, WKN, Name)
  • Shares
  • Price
  • Taxes & Fees
  • Currency and exchange rates

From this anonymous data, Parqet creates an activity for your portfolio which forms the basis for your portfolio performance calculations.

  • Apple

    Stock

    100,00 EUR

    2x 50,00 EUR

Portfolios are anonymous

Separated data storage

It's about 3 data sets: Portfolio data, login data, and payment data.

Portfolio Data
Your portfolio data is 100% anonymized and stored in Germany. The Parqet portfolio database contains not a single email address, payment data, or other personal data.
Login Data
Account authentication runs through one of the best providers in the world: Supabase. Emails and passwords are secured with industry-leading security standards at Supabase and stored in Germany. Parqet can never view your password.
Payment Data
When subscribing, payment data is required and here too Parqet uses the world's leading provider: Stripe. Security and convenience at its finest. Payment is handled entirely by the provider and Parqet can never view your payment data.

Ethical and technical:

Clear standards with maximum transparency

As an open startup, we create clarity about what information is used and how.

100% anonymized
Our portfolio database contains no personal data. No name, no email, no IBAN. Even with access to the complete database, no person is identifiable because we simply don't store this data.
Maximum transparency
We answer every question or comment about our data protection. We always want to improve and have no interest in financing ourselves with personal data. We hold nothing back. Still have questions? Ask us!
Always open to your feedback
Do you feel uncomfortable with a privacy aspect in our products? Let us know. We constantly want to improve and welcome any idea to make your data even more secure.
Databases in Germany 🇩🇪
We ensure that all data, including data at service providers for authentication and payment processing, is stored in databases in Germany.
No Google Analytics on our websites
A website's success doesn't have to be measured with personal data. We chose against Google Analytics and for a paid, privacy-friendly alternative that doesn't collect personal data: Plausible. To make transparency even greater, our statistics are public on our Open Startup page.
No dark patterns
As a self-funded company, we need to be particularly resource-efficient with our means. To evaluate our various marketing activities (and not burn money that would then be missing in the product), we ask users on the Basic plan for their consent to set a cookie. Declining the cookie is just as easy as accepting it. As a Parqet subscriber, we automatically decline this cookie for you.

All the details

Privacy Policy Parqet Fintech GmbH

We – Parqet Fintech GmbH ("Parqet" or "we") – would like to inform you about how we process your personal data in accordance with the General Data Protection Regulation ("GDPR").

Our privacy policy is structured in a modular way. It consists of general information for any processing of personal data and processing situations (I.) and specific information, the content of which relates only to the processing situation indicated there (II. ff.). To find the parts relevant to you, please refer to the following structure:

  1. General Information
  2. Supplementary Information for Data Processing When Visiting the Website
  3. Supplementary Information for Registered Users
  4. Supplementary Information for Communication with Us
  5. Supplementary Information for Contractual Partners
  6. Supplementary Information for Applicants

I. General Information

1. Data Protection Controller

The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is

Parqet Fintech GmbH Ballindamm 27 20095 Hamburg, Germany Email: support@parqet.com Website: www.parqet.com

2. Legal Basis for Processing Personal Data

We process some of your personal data on the basis of the following legal grounds:

Insofar as we obtain consent from the data subject for certain purposes, Art. 6 para. 1 sentence 1 lit. a GDPR is the legal basis.

b) Fulfillment of Contractual Obligations

Insofar as the processing is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing is necessary for compliance with a legal obligation to which we are subject, Art. 6 para. 1 sentence 1 lit. c GDPR is the legal basis.

d) Safeguarding Legitimate Interests

Insofar as processing is necessary to protect our legitimate interests or those of a third party and your interests, fundamental rights and freedoms do not override the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR is the legal basis.

3. Storage Duration and Deletion of Personal Data

Personal data will be deleted or blocked as soon as no purpose provides a legal basis for processing.

4. Recipients of Personal Data

Internally, only those departments process personal data that need it to fulfill their processing purposes. This also applies to the processors, service providers and vicarious agents we use. All departments and persons who work with personal data are bound by data secrecy and are informed about the sensitive handling of such data.

Personal data will only be passed on to third parties if this is in accordance with data protection regulations. In particular, persons engaged in the conduct of our business operations (e.g. banks, tax advisors, service providers for IT services) as well as government agencies/authorities may receive your personal data insofar as this is necessary to fulfill a legal obligation.

5. Data Processing in Third Countries

Some of our services require the processing of personal data in countries outside the EU/EEA ("third countries") by our processors. Insofar as personal data is processed and there is no level of data protection corresponding to the European standard in the country, which has been confirmed by an adequacy decision pursuant to Art. 45 para. 3 GDPR by the EU Commission, we have concluded EU standard contractual clauses with the affected processors to establish appropriate safeguards within the meaning of Art. 46 GDPR. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914.

Where third country processing takes place, we will indicate this below.

6. Data Subject Rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the controller:

a) Right of Access

You have the right under Art. 15 GDPR to request information about the personal data we process. In particular, you may request:

  • Information about the purposes of processing,
  • The category of data,
  • The categories of recipients to whom your data has been or will be disclosed, as well as information on whether personal data is transferred to a third country or to an international organization (in this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR),
  • The planned storage duration,
  • The existence of a right to rectification, erasure, restriction of processing or objection,
  • The existence of a right of complaint, the origin of your data if it was not collected by us,
  • As well as information about the existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

b) Right to Rectification

You have the right under Art. 16 GDPR to rectification and/or completion of your personal data if it is inaccurate or incomplete. We must carry out the rectification without delay.

c) Right to Restriction of Processing

You have the right under Art. 18 GDPR to request the restriction of the processing of your data insofar as the accuracy of the data is disputed by you or the processing is unlawful.

If the restriction of processing has been restricted, you will be informed by us before the restriction is lifted.

d) Right to Erasure

You have the right under Art. 17 GDPR to erasure of your personal data, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

e) Right to Notification

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data has been disclosed of the rectification, erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort.

f) Right to Data Portability

You have the right under Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller.

g) Right to Object

You have the right under Art. 21 GDPR to object to processing if the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR.

You have the right under Art. 7 para. 3 GDPR to withdraw your consent to data protection at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

i) Right to Lodge a Complaint with a Supervisory Authority

You have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

II. Supplementary Information for Data Processing When Visiting the Website

We are responsible for our website www.parqet.com and its subpages ("Website"). Personal data is processed through the use of our website. Below we inform you in detail about the data processing that takes place.

1. Provision of the Website and Creation of Log Files

When you access our website, we automatically collect data and information from the user's device (so-called log files).

a) Processor

To provide our website, we use the processors Vercel Inc. (440 N Barranca Ave #4133 Covina, CA 91723, USA) and Render Services Inc. (525 Brannan Street Ste 300 San Francisco, CA 94107, USA), with whom we have concluded a data processing agreement and who process personal data exclusively on our behalf. No third country processing of personal data takes place through them.

Furthermore, we use Google Fonts and Google ReCaptcha on our website. These are the "Google Fonts" from Google Inc. as well as a test designed to exclude robot programs (bots) from using the website. For the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. When visiting our website, fonts are loaded via a Google server through Google Fonts and any bots are excluded via Google ReCaptcha. Through these external calls, data such as the user's IP address is transmitted to Google servers, including in the USA. The legal basis for data processing with Google Fonts and Google ReCaptcha is our overriding legitimate interest in the appealing presentation, security and simple functionality of our website pursuant to Art. 6 para. 1 lit. f) GDPR. Google processes the data in the USA on the basis of EU standard contractual clauses and thus offers sufficient guarantees within the meaning of Art. 46 para. 1, para. 2 lit. c) GDPR. For more information on data use by Google, settings and objection options, please visit Google's websites.

b) Processed Information & Duration of Processing

The following information is processed when visiting websites:

  • Information about the browser type and version used
  • The operating system of the device
  • The user's internet service provider
  • Date and time of access

The log files are deleted within 14 days at the latest.

The data is needed to display the website on the user's device, its functionality and to analyze any malfunctions. In addition, the data serves to optimize the website and to ensure the security of our information technology systems.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The collection of log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

2. Use of Mandatory Cookies

We use cookies on our website. These are text files that are stored in or by the internet browser on the user's device system when visiting a website.

a) Processed Information & Duration of Processing

Each cookie contains a characteristic string that allows the browser to be uniquely identified the next time the website is accessed and thus the respective user device.

The mandatory cookies are deleted at the following time intervals:

  • 60 days

Some functions of our website cannot take place without the use of cookies. For example, it may be necessary to use so-called counting cookies to prevent overloading of the website. Session cookies may also be required to retain the selected language setting of the website for future visits. In addition, mandatory cookies also serve to ensure that our system recognizes whether the user has consented to the placement of cookies in their browser or has restricted them (so-called opt-out cookies). These technically necessary cookies are not used to determine the identity of the user or to create user profiles.

The legal basis for storing mandatory cookies is § 25 para. 2 no. 2 TTDSG (German Telecommunications Telemedia Data Protection Act).

The legal basis for processing the resulting personal data is Art. 6 para. 1 sentence 1 lit. f GDPR.

The use of these cookies is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

3. Online Presence on Social Media

We maintain online presences within social networks and platforms in order to communicate with customers, prospective customers and users active there and to inform them about our services.

We have set a link to the YouTube page operated by Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland ("YouTube").

No further data exchange with YouTube takes place on our site.

When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply. Unless otherwise stated in our privacy policy, we process user data if they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages.

III. Supplementary Information for Registered Users

We are responsible for the services available through our web app and our app (hereinafter collectively: "App"). Personal data is processed through the use of these services. Below we inform you in detail about the data processing that takes place.

1. Registration and Profile

Prior registration is required to use our services. In principle, any adult person can register. The following personal data is processed:

  • Name/First name
  • Email address

When using paid services, the following data is additionally processed:

  • Billing data

The purpose of the processing is to provide our contractually owed services to participants. The legal basis for processing is the user agreement; Art. 6 para. 1 sentence 1 lit. b GDPR. The data is processed for the duration of the user agreement, unless there is a purpose and legal basis for storage beyond that. These include statutory retention periods (Art. 6 para. 1 sentence 1 lit. c GDPR) as well as storage for asserting or defending civil claims based on overriding legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

We do not store personal portfolio data (custody account numbers, IBAN, etc.) of our users. To distinguish sub-accounts, we only store the last four digits of a custody account number so they can be assigned. The complete custody account number is not stored.

We use fully anonymized and aggregated data to provide features such as community comparisons, cohort analyses, Parqet Insights and Parqet Wrapped. In addition, we use this data for market analyses and studies, which we may also share with selected partners (e.g. ETF providers or financial institutions) – always without personal reference and without conclusions about individual users.

In accordance with our commitment to transparency, all financial and portfolio data is fully anonymized before such further processing. This anonymized data is used not only to provide the aforementioned features, but also to create market analyses and trend observations, for example on popular ETFs or changing investment behavior. Such analyses may be shared with selected partners, such as ETF providers, while always maintaining data protection compliance and the goal of making the financial market more understandable, without establishing any personal reference.

2. Processor

To provide our services and services, we use the services of our processor Supabase, Inc., a Delaware corporation, 970 Toa Payoh North #07-04, Singapore 318992, Singapore, with whom we have concluded a data processing agreement ("DPA" = Data Protection Agreement). The data processing agreement concluded with Supabase includes the EU Standard Contractual Clauses ("SCC") and thus offers sufficient guarantees within the meaning of Art. 46 ff. GDPR. The DPA together with the SCC can be found here: https://supabase.com/legal/dpa

3. Analysis

a) Affiliate Program/Partner Program

We operate an affiliate program (partner program) in which selected partners receive compensation for referred users. To implement this partner program, we use Rewardful.

b) Google Ads, Google Conversion Linker, Google Tag Manager and Meta Pixel

To measure the success of our marketing campaigns, we use Google Ads, Google Conversion Tracking, Meta Pixel and Google Tag Manager. This enables us to better evaluate individual marketing campaigns. The Google Tag Manager is only a container that does not collect any personal data itself. After active consent from the user, Meta Pixel, Google Ads and Google Conversion Linker are integrated into this container. As a Parqet subscriber, Meta Pixel, Google Ads, as well as the Google Conversion Linker are automatically rejected.

The analysis does not include the personal data of the workshop representatives named in Section III. 1. a). The legal basis for the processing is our overriding legitimate interests in a functioning business operation; Art. 6 para. 1 sentence 1 lit. f GDPR. We process personal data until the purpose of the processing no longer applies. This is the case when a user logs out of their account.

4. Payment Service Provider

For processing payments initiated through our website, we use the payment service provider "Stripe" (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). When Stripe provides services as a payment service provider (PSP – Payment Service Provider), Stripe itself is the controller within the meaning of the GDPR. Payment processing via credit card is handled directly by Stripe. We do not process this data for our own purposes.

If necessary, the exchange of data related to your respective booking may also be necessary for processing payment processing differences between us and Stripe. These data transfers are made on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Please note that Stripe, as a financial service provider and controller with respect to the processing of financial transaction data, may also pass on your personal data to credit agencies as well as affiliated companies and subcontractors, insofar as this is necessary to fulfill contractual obligations or on the basis of a legitimate interest or the data is processed on behalf. It is not excluded that Stripe may also transfer personal information to affiliated companies outside the EU or the EEA (e.g. in the USA).

Your data is transmitted to Stripe in encrypted form and processed exclusively by Stripe for the purpose of payment processing. Stripe is legally obliged to process and verify this data.

For more information on data protection in connection with this payment service provider, please refer to Stripe's privacy policy: https://stripe.com/privacy

In the event that you pay for goods or services, we also pass on your data to our service providers in the areas of banking, taxes & tax consulting as well as – within the scope of legal requirements – to the tax authorities.

5. Use of the Automatic Broker Synchronization Function (Autosync)

Parqet enables registered users to optionally synchronize their transactions and broker activities directly with their Parqet account. This service, hereinafter referred to as "Autosync", requires users to enter their access data in a dedicated input field. The data processing process within the scope of Autosync serves exclusively to optimize the user experience within the Parqet platform.

a) Local Autosync

On mobile devices (iOS/Android), Parqet provides users with a local Autosync function via dedicated applications installed only locally on the devices, to enable a direct connection between the user's device and the respective broker. The user's access data is processed exclusively locally on the user's device and is never transmitted to Parqet. Parqet therefore has no possibility of accessing the customer's access data or accessing their account with the respective broker at any time. The data query from the broker is not carried out by Parqet, but directly by the user via the user's device.

Within the connection between broker and user, links to transaction statements (e.g. PDF documents) are sent to Parqet. Additionally, information about the activities of the clearing account is transmitted. This information is used exclusively to store the corresponding transactions anonymously at Parqet. Parqet therefore does not store any personal data.

IV. Supplementary Information for Communication with Us

The following information applies to any communication with us.

If the communication takes place within a client relationship or another contractual relationship, the data processing is also governed by the supplementary information under IV. or V.

If the communication is aimed at an application with us, the data processing is also governed by the supplementary information under VII.

1. Email

You can contact us via email. We would like to point out that there are possibilities for third parties to gain insights into email communication. If it is important to you that the information you provide is not exposed to the risk of illegal access by third parties, a different communication channel is therefore recommended. However, if you contact us via email, we assume that further exchange via this communication channel is also in your interest.

a) Processed Information & Duration of Processing

In addition to your email address, we process the personal data that you provide to us within the email communication.

Personal data is processed exclusively for the purpose of processing the inquiry and in case of follow-up questions.

If the communication is aimed at concluding a contract, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

In all other cases, Art. 6 para. 1 sentence 1 lit. f GDPR is the legal basis. Your interest does not outweigh our interest in answering your inquiry; since you are writing to us, an answer is also in your interest and you are aware that we need to process your personal data to answer your inquiry.

2. Video Telephony

We also use video telephony for communication.

a) Processor

To conduct video telephony, we use the service "Google Meet" from Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) as our processor. We have concluded a data processing agreement with the processor. It is possible that the processor processes personal data in a third country to ensure smooth video telephony. We have therefore concluded EU standard contractual clauses with the processor to establish appropriate safeguards within the meaning of Art. 46 GDPR.

b) Processed Information & Duration of Processing

The following communication data is processed during video telephony:

  • Personal master data (if you provide this yourself)
  • Content of the online meeting (if you appear personally with contributions in word and/or writing)
  • Authentication data
  • Log files, protocol data
  • Metadata (e.g. IP address, time of participation, etc.)
  • Profile data (e.g. your username, if you provide this yourself)

Personal data is deleted as soon as the matter has been clarified with you and there is no other reason for processing.

Personal data is processed exclusively for the purpose of processing the inquiry and in case of follow-up questions.

If the communication is aimed at concluding a contract, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

In all other cases, Art. 6 para. 1 sentence 1 lit. f GDPR is the legal basis. Your interest does not outweigh our interest in answering your inquiry; since you are writing to us, an answer is also in your interest and you are aware that we need to process your personal data to answer your inquiry.

V. Supplementary Information for Contractual Partners

The following information also applies to you if we are in a contractual relationship with each other.

1. Processed Information & Duration of Processing

Which data of yours is processed in detail depends on the tasks within the contractual relationship. We use personal information exclusively for the purpose for which it was provided to us. These are, for example, personal details (name, address and other contact details, birthday and place of birth). In addition, this may also include order data (e.g. payment order), data from the fulfillment of our contractual obligations (e.g. turnover data in payment transactions), information about your financial situation (e.g. creditworthiness data), advertising and sales data as well as other data comparable to the categories mentioned.

Personal data is deleted as soon as the contractual relationship with you has ended and there is no other reason for processing.

2. Purpose of Processing & Legal Basis

Processing is carried out predominantly for the purpose of establishing and implementing the contractual relationship; the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

In addition, we also process your data in part based on our legitimate interest, namely for the purpose of contact and communication management, economic efficiency controls, contract and project management as well as to ensure the operation of information and telecommunications systems. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.

In addition, as a company, we are bound by various legal obligations that must be complied with under applicable laws and regulations. The legal basis for processing to comply with legal requirements and obligations is Art. 6 para. 1 sentence 1 lit. c GDPR. These include tax retention obligations, among others.

VI. Supplementary Information for Applicants

The following information also applies to you if you are applying to us.

1. Processed Information & Duration of Processing

We process the personal data that we receive from you through your application.

Personal data is deleted after six months if no employment relationship is established. If an employment relationship is established, the data will be further processed for this purpose.

2. Purpose of Processing & Legal Basis

We collect and process applicants' personal data for the purpose of processing the application procedure.

The legal basis for processing personal data is § 26 BDSG (German Federal Data Protection Act). If we conclude an employment contract with you, the transmitted data will be further processed for the purpose of processing the employment relationship; the legal basis in this case remains in particular § 26 BDSG.

If no employment contract is concluded, the application documents will be deleted unless deletion is opposed by other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).