GSCF Acquires IBM Deutschland Kreditbank GmbH

  1. Home
  2. |
  3. Privacy Notice

Privacy Notice

Last Updated: January 2025

This Privacy Notice has been prepared to inform you of how we process Personal Data (as defined below) which is collected via GSCF Website (“Website”), social media pages, by telephone and / or our services, as well as in the course of discussions, negotiations, and the making and performing of commercial contracts between you or the company you represent and us (hereinafter referred to as “Commercial Activity”), as well as to provide you with other legally mandatory information which may be of interest to you, as a Data Subject (as defined below).

Please note that some sections of the Website or social media pages where we process your Personal Data may include the link to more specific privacy notices, which we would kindly ask you to consult as they contain important information on how we process the Personal Data that we collect in those sections. More specific privacy notices may also be provided to you in the context of specific activities that we perform. 

  1. Who are we?

Peridot Global Holdings Limited and all its direct and indirect subsidiaries (in this Privacy Notice referred to as the “GSCF” or “we”) are the entities responsible for the processing activities that are described in this Privacy Notice. In particular, please note the following in order to identify the specific GSCF entity that is responsible for the processing of your Personal Data: 

  • In case you or the company you represent contacts a GSCF entity, negotiates or has entered into a Commercial Activity with a GSCF entity, such GSCF entity acts as a Data Controller in relation to your Personal Data. 
  • In case you interact with our Website and / or social media pages, the GSCF entity which acts as a Data Controller in relation to your Personal Data collected via the Website and / or our social media pages is Peridot Global Holdings Limited.

If you are not sure which GSCF entity acts as a Data Controller in relation to your Personal Data or for any questions regarding the processing of your Personal Data by us, please contact us and / or our Data Protection Officer by using the relevant contact details provided at the end of this Privacy Notice.

At the end of this document, you will find definitions of the capitalized terms used in this Privacy Notice, but not defined when first used in the text. 

2. What data we collect and process?

When you visit our Website or social media pages, call us or interact with our services or when we negotiate or carry out Commercial Activities with you or the company you represent, we may collect the following personal information (which will be referred collectively in this Privacy Policy as “Personal Data”):

  • Name, contact details and other Personal Data: We may process Personal Data related to you, including, e.g., your name, surname, contact details, job title and (where needed to enter into and administer Commercial Activities with you or the company you represent) passport copy, place of residence, copy of the power of attorney.

Where applicable and to the extent permitted by the applicable law, additional information related to you (as a beneficial owner / shareholder / officer / director of your company) may also be processed by us, including Sensitive Data (e.g., such as information on political exposure or information that may be returned by government sanction list checks), in order to perform compliance checks and researches related to your company (e.g., anti-money laundering and sanctions checks). 

We also process any additional data that you provide to us when you interact with us and / or our services, e.g. when you fill out the forms made available in the “Contact” / “Request More Information” or similar areas of the Website, when you reach out to us by email, telephone or via social media or when you make a request and interact with our support services. 

  • Other person’s Personal Data:

Please note that when you provide Personal Data pertaining to other persons to us, you represent to us that you are duly authorised by those persons to share their information with us (for instance, because you have obtained consent from them). This also means that you may be held responsible for any complaints or claims brought against us, where the use of those Personal Data was not duly authorised.

  • Browsing Data and other information that is collected when you interact with our services:

The Website’s operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While we do not collect this information in order to link it to specific users, it may still be possible to identify those users either directly via that information, or in combination with other data otherwise – as such, this information must also be considered Personal Data. This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.

If you have access to our software technology servicing platform (“Platform”), please note that we also collect logs information (e.g., on the actions performed via the platform, log-in and log-out information) for the purpose of performing support / troubleshooting activities on the Platform and to have an overall understanding on the functioning of the Platform for development / system improvement purposes. 

  • Cookies:

When you browse the Website some information pertaining to you is collected by means of Cookies and other tracking technologies that are on your browser or device. For more information on the use of Cookies, please consult the Cookies Policy published on the Website. 

3. Where we collect your Personal Data?

The data may be collected:

  • directly from you (e.g., when you interact with us via email / telephone and other communication tools), when you complete the online forms available on the Website, when you share your contact details with us in the context of events);
  • automatically for your device / browser (e.g., when you browse the Website); 
  • from your company and its affiliates;
  • from databases and online platforms (e.g. platform used to perform compliance checks, LinkedIn, ZoomInfo);
  • from third parties such as stakeholders involved in the provision of financial services (e.g. vendors, buyers, funders) or other third parties that may share your Personal Data with us (e.g., in case you or the company you represent is referred to us by our existing clients / business partners for the development of new business opportunities).

All these communication options may be used to disclose (inadvertently or not) Personal Data that is not strictly necessary for the purpose of the existing or future Commercial Activity (e.g., Sensitive Data, other person’s Personal Data). Therefore, when you contact us, please only disclose the Personal Data that you believe is strictly necessary for us to address your request.

Please also note that the third parties listed above may act as autonomous Data Controllers and therefore have their own policy on how they process Personal Data of its users / Data Subjects with which they interact (as further indicated below in Sections “Social Media Networks” and “What is not covered by the privacy notice?” of this Privacy Notice). 

4. Why we use your Personal Data?

Your Personal Data will be processed by us for the following purposes:

  1. Providing you our products and services – To enter into and administer the Commercial Activity, to carry out activities that are related or consequent to the execution of our contractual relationship with you or the company you represent (e.g., make communications related to the performance of such contractual relationship and perform any related administrative activity). 
  2. Responding to your inquiries / support requests – To respond to your inquiries, requests for information on our products and services (e.g., to respond to requests for information or contact transmitted via the “Contact” / “Request More Information” areas of the Website), as well as support / assistance requests in connection with the Commercial Activity you have engaged with us; 
  3. Complying with legal obligations – To comply with legal obligations that require us to collect and/or further process certain types of Personal Data, including tax and anti-money laundering legislation as well as the obligation to disclose certain Personal Data to local public authorities, as required by the applicable legislation to which GSCF is subject;
  4. Protecting our interests and your interests – To prevent or detect any abuse against us or any fraudulent activity and to protect our interests and those of other parties more broadly, in the context of the establishment, exercise or defence of legal claims related to your legal relationship with us as well as in out-of-court and pre-litigation stage; 
  5. Sending you communications on our products / services – To contact you or the company you represent in order to promote our products / services that may be of interest to you or the company you represent, via email, phone, or online chats (e.g., LinkedIn), and other distance communication tools. We may also reach out to you in order to carry out market research activities, to ask you to participate in surveys (e.g., on the quality of our products and services) as well as to invite you to initiatives that we may launch;
  6. Improving our services and products and developing new solutions – To improve our services (e.g., on the basis of the feedback you share with us, troubleshooting activities that you may have requested, logs information on your use of the Platform), including by anonymising Personal Data prior to using such data for the purpose of improving our products and developing new technological solutions / functionalities;
  7. Mergers and acquisitions – To perform corporate transactions that we may intend to carry out, such as a merger or acquisition or a sale or transfer of all or a portion of our assets or business, including the related due diligence process.

5. The legal bases for processing your Personal Data

The legal bases for the processing of your Personal Data are the following: 

  • For the purposes described in a) (Providing you our products and services) and b) (Responding to your inquiries / support requests) above, GSCF needs to process your Personal Data as needed for the provision of our services to you and in order to address your requests / inquiries;
  • For the purposes described in c) above (Complying with legal obligations), GSCF needs to process your Personal Data to comply with the legal obligations to which GSCF is subject. This processing might furthermore be specifically authorised by the competent supervisory authority or the applicable law;
  • For purpose d) above (Protecting our interests and your interests), GSCF needs to process your Personal Data in order to comply with the applicable legal obligations or to protect its legitimate interests in safeguarding the integrity of GSCF’s assets and of the persons who perform their duties towards GSCF, as well as for the establishment, exercise or defence of legal claims; 
  • For purpose e) above (Sending you communications on our products / services) and excluding the case where the activity can be considered as execution of a pre-contractual step or a response to a specific request you have made, our communication with you is based on the legitimate interest of GSCF to promote our products and services, unless consent is required for such communications by the applicable data protection legislation (in which case we rely on your consent);
  • Purpose f) above (Improving our services and products and developing new solutions) is based on the pursuit of the legitimate interest of GSCF in improving its services and develop new solutions and functionalities;
  • Purpose g) above (Mergers and acquisitions) is based on the pursuit of the legitimate interest of GSCF in the management of such corporate transactions.

Where the Personal Data that we collect is needed to meet our legal or regulatory obligations or to engage in a Commercial Activity with you or the company you represent (or to otherwise fulfil a request that you have made), if you do not provide your Personal Data when requested, we may not be able to provide (or continue to provide) our products or services to you. 

6. With whom do we share your Personal Data?

Your Personal Data may be shared with:

  1. Persons authorised by GSCF to process Personal Data, subject to confidentiality obligations, including system administrators, who may have access to your Personal Data during the performance of their duties;
  2. Stakeholders (e.g. vendors, buyers, funders) who may be involved in the provision of the services by GSCF to you or the company you represent.
  3. Consultants, social security and welfare organizations, trade unions, credit institutions, and other third parties which may be engaged for accounting, administrative and technical maintenance purposes;
  4. Public authorities, bodies or entities to which Personal Data must be communicated under the applicable law or under binding orders from competent authorities; 
  5. Other companies within GSCF group, which are entrusted with specific activities in connection with the performance of the Commercial Activity and / or as needed for internal administrative and organizational purposes;
  6. Third parties that may be involved during a merger, acquisition, joint venture, or divestiture in connection with the consideration, negotiation, or completion of a corporate transaction, such as a merger or acquisition or a sale or transfer of all or a portion of our assets or business, including during any due diligence process.

7. Where are your Personal Data? 

Your Personal Data may be transferred to different countries for the purposes identified above (see Section on “Why Do We Use Your Personal Data?”), both to other GSCF entities and to third parties (see the Recipients listed above in Section on “With Whom Do We Share Your Personal Data?”). Transfers of your Personal Data to such recipients may be based on an adequacy decision, the Standard Contractual Clauses approved by the European Commission or any other lawful transfer mechanism. 

For more information about these transfers and safeguards implemented, please contact us using the relevant email address provided at the end of this Privacy Notice.

8. Data Retention: How long we store your Personal Data?

Personal Data processed for the purposes indicated above will be kept for the period deemed strictly necessary to fulfil such purposes. 

Personal Data processed in compliance with the legal obligations to which we are subject will be kept for the period required by law.Personal Data processed to protect our interests and those of third parties is kept until the time provided for by applicable law to protect our interests (including any statutory periods applicable to potential claims related to the Commercial Activity). Personal Data processed on the basis of your consent is kept until your consent is withdrawn, unless a shorter retention period is applied in accordance with the GSCF’s policies and applicable legislation. 

For more information on our retention policy, please contact us using the relevant email address provided at the end of this Privacy Notice.

9. How can you control your Personal Data? Your data protection rights?

As a Data Subject, you are entitled to exercise the following rights, at any time: 

  1. Access your Personal Data being processed by GSCF (and / or obtain a copy of such Personal Data), as well as information on the processing of your Personal Data;
  2. Correct or update your Personal Data being processed by GSCF, where it may be inaccurate or incomplete;
  3. Request the deletion of your Personal Data being processed by GSCF, where you feel that the processing is unnecessary or otherwise unlawful;
  4. Request the restriction of the processing of your Personal Data, where you feel that the Personal Data processed is inaccurate, or that the processing is unnecessary or unlawful, as well as where you have objected to the processing;
  5. Exercise your right to data portability – the right to obtain a copy of the Personal Data you provided to GSCF in a structured, commonly used and machine-readable format, as well as to request the transmission of such Personal Data to another Data Controller;
  6. Object to the processing of your Personal Data, based on relevant grounds related to your particular situation, which you believe must prevent GSCF from processing your Personal Data for a given purpose.

You can also withdraw your consent to processing, where your consent serves as the legal basis for processing (by contacting us using the email address identified below or by selecting the appropriate “Unsubscribe” link included at the bottom of the promotional e-mail message received). This will not affect the lawfulness of processing carried out prior to the withdrawal of your consent or processing performed on other legal bases.

You can exercise any of the rights listed above by writing to the relevant email address provided at the following of this Privacy Notice.

10. Rights of California Residents

Residents of the State of California in the United States of America have the right to request information from GSCF regarding other companies to whom GSCF has disclosed certain categories of information during the preceding year for the other companies’ direct marketing purposes. 

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of Personal Data, as well as rights to know/access, delete, and limit sharing of Personal Data. Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act. To the extent that we collect Personal Data that is subject to the CCPA, that information, our practices, and your rights are described below:

  • You have the right to request access to Personal Data collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect our customers’ Personal Data, we are required to verify your identity before we can act on your request.
  • You have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. To protect our customers’ Personal Data, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
  • GSCF does not sell nor receive any form of remuneration for the transmission of your Personal Data. Where GSCF does disclose your Personal Data to third parties, the disclosure is made for specified purposes directly related to the delivery of a needed service. Our third‐party partners are not permitted to use your Personal Data in any manner other than what is necessary to fulfil the services requested.

If you are a California resident and would like to exercise you rights under the CCPA, please contact us using the email address provided at the end of this Notice or write to us at: Peridot Financing Solutions LLC, Attn: Legal Department, 230 Park Avenue, Suite 1525, New York, NY 10169, United States of America.

11. How can you contact us?

You can contact us by using the following email address: privacy@gscf.com.

In accordance with EU data protection law, we try to reply to all legitimate requests within one month of its receipt (extendable for two further months in case of particular complexity or if you have made a number of requests). In some cases, it is possible that our response may be delayed, limited or excluded based on national legislation.

At any time you can also:

  • Contact our Data Protection Officer (DPO) by writing at dpo@gscf.com
  • Contact the competent Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of your Personal Data carried out in the context of your relationship with us is unlawful.
  • Take appropriate legal action.

12. Social Media Networks

We may from time to time use some social media networks (LinkedIn, Facebook, Instagram and X) for communication purposes and, in particular, to publish content related to the activities carried out and the services offered by us, as well as to interact and communicate with users that share similar interests (e.g., to send you connection requests and to present the services that we offer as described in point e) of section “Why we use your Personal Data?” above).

Please note that each social media network has its own policy on how it processes personal data of its users. We therefore invite you to consult the privacy information made available by social media network when accessing their platforms and interacting with the Company’s official pages. 

13. What is not covered by the privacy notice?

This Privacy Notice explains and covers the processing operations that we carry out as Data Controller over your Personal Data. 

The Privacy Notice does not cover processing activities carried out by parties other than GSCF and in particular does not cover processing carried out by third parties as autonomous Data Controllers, such as other stakeholders (e.g., vendors, buyers, funders) that may be involved in the provision of services by GSCF to you or the company you represent and / or other third parties from which we may receive your Personal Data (e.g., LinkedIn, ZoomInfo). With respect to the scenarios mentioned above (where we do not act as Data Controller), we do not assume any responsibility for the processing of your Personal Data not covered by this Privacy Notice. 

In addition to the above, please note that if you have access to the Platform, this means that you have been identified by your company as one of the users that is allowed to manage and review the development of the relevant financing programs that are serviced by means of the Platform (as part of the Commercial Activity that we deliver to your company or to any other relevant stakeholder that is involved in such financial program/s). In order to enable the activation of your account, we receive your full name, contact details, and job title from your company. Please note that we do not act as Data Controller for the processing of such information (and of other associated information that is collected for the delivery of services and use of the Platform) as we generally service the financing programs on the Platform following the instructions of our clients who act as Data Controllers. At the same time, please also note that some of your Personal Data collected through the Platform (e.g., logs information on the actions performed via the Platform, log-in and log-out information) is collected and processed by us as a Data Controller as described above in this Privacy Notice (in particular, for the purpose of performing support / troubleshooting activities on the Platform and to have an overall understanding on the functioning of the Platform for development / system improvement purposes). 

14. Changes to this privacy notice 

This Privacy Notice is effective as of the date indicated at the beginning of this document. We reserve the right to amend its content, in part or in full, including due to changes in applicable law or in our business. Please visit the Website regularly to make sure that you are aware of the latest version of this Privacy Notice. In the event of material changes to the Privacy Notice, we will notify you of such changes (e.g., by posting a notice or pop up on the Website). 

15. License

The icons illustrated in this Notice are “Data Protection Icons” by Maastricht University European Centre on Privacy and Cybersecurity (ECPCCC BY 4.0.

16. Definitions and interpretation

Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Data Subject: means an identified or identifiable natural person.

Personal Data: means any information relating to an identified or identifiable natural person whether directly or indirectly, as well as any information that is linked or reasonably linkable to a particular individual or household.

Sensitive Data: means Personal Data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Supervisory Authority: means independent public authority responsible for monitoring the application of the data protection laws.

When used herein, the word “including” shall not be exclusive, shall not limit the generality of the words preceding it, and shall mean “including, without limitation”.