Legal information

AGB

Privacy Policy

Order data processing

Imprint

Account onboarding

Commitly GmbH Privacy Policy

Personal rights in connection with data protection are important to COMMITLY. Therefore, we place a high value on the confidentiality of your personal information. We have written this policy to explain what information we collect, how we use it and what choices you have.

Please take sufficient time to familiarise yourself with our privacy practices and contact us if you have any questions.

A. Definitions

  1. "We" or "Commitly" is Commitly GmbH, FN 476463 g, Commercial Register Court Wiener Neustadt, with its registered office at Dr. Clemens Pirquet-Strasse 43, 2380 Perchtoldsdorf, (″Commitly″).
  2. "You" or "User" is a natural person who creates a user account with Commitly for the use of the Commitly platform as a consumer and/or submits a corresponding request to Commitly.
  3. The "Commitly Website" is the website created by Commitly and used for marketing purposes.
  4. The "Commitly Platform" is a software application created and offered by Commitly. You can use the Commitly platform by accessing the corresponding website (web application).
  5. "Privacy Policy" means this policy which provides you with guidance on what data is collected from you by Commitly and how it is processed. When you create a user account, you will be notified of the Privacy Policy. We reserve the right to amend the above privacy policy at any time in compliance with current legal requirements. You will be notified of any updates by e-mail to your registered e-mail address. This notice will also inform you of your right to object (which you can exercise immediately by deleting your account) and the consequences of objecting. If the updated Privacy Policy is the reason why you no longer wish to use Commitly, you may delete your user account at any time until the update comes into effect. This will terminate the user relationship with Commitly.
  6. "Personal data" means the data of an individual which personally identifies him or her, such as his or her name, e-mail address or telephone number, or any other non-public data in this context.
  7. "Service Providers" means providers of software or remote communications-based services and companies used by Commitly to process payments or provide technical services.
  8. "Anonymous data" is data that is not related to personal data. Anonymous data can no longer identify an individual person.

B. General

  1. Commitly GmbH, FN 476463 g, Commercial Register Court Wiener Neustadt, Dr. Clemens Pirquet-Strasse 43, 2380 Perchtoldsdorf, (″Commitly″) offers you the possibility to unlock data on incoming and outgoing payments from bank and credit card accounts as well as other payment services for viewing and to analyse and evaluate them according to certain criteria, as well as to be informed about movements in your accounts through a notification function.
  2. Commitly collects, uses and processes your personal data exclusively within the framework of the provisions of Austrian data protection law. In the following, we inform you about the type, scope and purpose of the collection and use of personal data. You can access this information at any time on our website Commitly.com.

C. Data protection principles

  1. We undertake to treat all personal data of yours that is forwarded to us in accordance with the applicable Austrian data protection laws. This means in particular that we will not pass them on to third parties. We also undertake to collect, record, store, modify, block or delete personal data protected by the Federal Data Protection Act only for the purpose of lawfully fulfilling our tasks. The data will not be used for purposes other than the legitimate fulfilment of tasks.
  2. Our technical infrastructure reliably prevents unauthorised third parties from viewing and changing the data stored with us (data security and integrity). In doing so, we ensure through the selection of the location of our data centre that European law is adhered to by our service providers.
  3. The data we collect is either provided by you when you use the Commitly platform or make use of functions and services, or is generated during use. User data is always necessary to ensure that the Commitly platform can be used as intended.
  4. The data created by you when using the Commitly platform and services and/or functions within the Commitly platform, in particular via the login (if you select this) and the application, are stored on dedicated servers in the highly secure data center of Amazon Web Services (AWS) in Frankfurt, but are not used or processed in any other way by the server service provider.

D. Data provided by you

  1. When you log in, for example by registering and then logging in, you leave behind basic data (including information on how you found us on the Internet) that is transmitted to us. This data is specified by the registration form and is collected, stored and used exclusively for the use of the Commitly platform and its services. We may use this registration data to inform you about changes, additions or new versions of the Commitly platform and information provided via the website as well as, for example, news about the website/application.
  2. Registration for a newsletter can be done either via a login or by registering with an e-mail address. In the case of the e-mail address, no further information is required. However, you are free to provide further information of your own accord when registering for the newsletter. By registering for the newsletter, you as the subscriber expressly agree that the registration confirmation and the newsletter will be sent to the e-mail address provided.
  3. Within the scope of the newsletter subscription as well as within the scope of the registration, we are also entitled to inform you about changes, additions or new versions of the website or the Commitly app and the functions offered via it and information made available via the website as well as e.g. news about the available banks.
  4. As part of and to enable the use of the Commitly platform or the provision of the functions specified in the user agreement, Commitly collects various types of data, some of which are provided by you and some of which are necessary for the use of the Commitly platform and the associated provision of services or are generated by the use.

E. Use of the Commitly platform or services/services

COMMITLY uses analytics services to help us better understand how you use our website and applications. This helps us to develop the COMMITLY experience and gradually improve our communication with you.

  1. In order to improve the quality and security of our service, we store for statistical purposes the data on individual access to the pages of the Commitly platform that your browser/application transmits whenever you visit the website/use the app. These server logs contain data such as your web request/usage call, your IP address, browser type, browser language, date and time of your request and one or more cookies that can uniquely identify your browser as well as general information, for example when errors occur, and information from security events (change of password, password recovery, change of e-mail address), as these are required for use. The IP address is stored in a shortened form in accordance with data protection regulations.
  2. When you visit our website and as part of the service delivery process, the website sends one or more cookies - small files containing a string of characters - to your computer or other device, which uniquely identifies the browser. We use cookies to improve the quality of the website, including to store user preferences and track user trends, and to measure how you found our website and services on the internet. We may place one or more cookies in your browser when you visit the website or sub-pages. You can set your browser to notify you when a cookie is sent. This opens up the possibility of either accepting or rejecting a cookie. The data we collect and analyse is used to improve services and the website, to personalise the web experience, and to enable easy login when login cookies are set permanently.
  3. We use third-party services to assess the effectiveness of the Commitly Platform and the Services and to determine how you use the Commitly Platform and/or the Services. To do this, we may use web beacons on the Commitly Platform pages that the third parties provide to Commitly for this purpose. The information we collect includes the pages visited, navigation patterns and similar data. This statistically collected data enables us to find out which services within the Commitly platform are of most interest to users and which offers users prefer to view. Although the provider logs the data originating from our website on our behalf, we have control over how this data can or cannot be used. Although the cookie itself does not contain any personal data, if you provide personal data (such as your user ID) when visiting the website and do not delete the cookie from your browser after providing this data, the provider records the non-personal data stored in the cookie (such as the number of visits) and stores it anonymously.

F. Our services

Registration - User account ("Account")

  1. In order to use our services, you must first register with us on the platform. To do this, you must open an account and enter your email address and a password. You complete the registration by entering your personal data, such as name and first name. We store this data for the duration of the platform contract under assignment to your account.
  2. In order to make the best possible use of the services offered by Commitly, you can add further personal details to your profile information on the platform at any time in the electronic forms provided for your account. We will also store this data for the duration of the platform contract.

Registration to retrieve account data ("bank details")

  1. In order to activate one or more bank, credit card and/or payment service accounts of your company on the platform, we collect and process the following additional personal data: Account number and bank code or IBAN and BIC, user ID / login and PIN or password ("Access Data").
  2. Commitly does not at any time store the access data entered by you for the purpose of the account connection.
  3. Of course, you can remove the linked bank, credit card and/or payment service accounts at any time.

Provision and use of your account data ("synchronisation")

  1. As part of the synchronisation, data on account balances, incoming and outgoing payments of your company ("Transactions") of your bank, credit card and/or payment service accounts activated by you on the Platform will be transmitted to us by the respective account-holding institutions.
  2. These transactions
  • we store during the term of the platform contract existing with you,
  • We use and process the data in order to present it to you in overviews for your information within the framework of planning - including analyses and evaluations - in your password-protected user area on the platform,
  • We use and process your personal data to keep you informed about movements in your activated accounts via notifications.

Use of the COMMITLY "account", the "COMMITLY card"

  1. When using the COMMITLY account, the account is opened and payments are processed via our partner Swan SAS.
  2. The data protection provisions and regulatory requirements of our payment service provider also apply to these services.
  3. Personal data is processed for purposes including identity verification, account opening, transaction processing and fraud prevention.

G. Commissioned data processing

COMMITLY uses third-party providers to provide you with the services of the COMMITLY platform. Further information can be found in our agreement on order processing in accordance with Art. 28 GDPR, which is concluded between the Commitly customer (controller or client) and Commitly GmbH (processor or contractor).

BANKSapi Technology GmbH (account information service)

We use BANKSapi Technology GmbH, Maximilianstraße 13, 80539 Munich for the connection of bank accounts and for the provision of account information services. BANKSapi is a regulated service provider for account information in accordance with Section 34 of the German Banking Act (KWG) within the meaning of the PSD2 Directive. BANKSapi processes personal data exclusively in accordance with Commitly's instructions and is subject to German data protection law. A corresponding contract for order processing in accordance with Art. 28 GDPR has been concluded.

https://www.banksapi.de/datenschutz/

finAPI GmbH (account information service)

The provision of the transaction data within the scope of the account information service is carried out by the external interface provider finAPI GmbH ("finAPI"), Ainmillerstraße 11, 80801 Munich, which processes the data under the supervision and exclusively according to the instructions of Commitly. finAPI, as a German company, is bound by German data protection law. The access data to accounts & cards are additionally stored encrypted at finAPI. Commitly has no access to this access data. A corresponding contract on the processing of personal data on behalf has been concluded between finAPI and Commitly.

https://www.finapi.io/

Monite GmbH (invoice & expense management)

We use Monite GmbH, Dircksenstraße 3, 10179 Berlin, Germany, to integrate functions for invoicing, expense management and document entry. Monite provides a platform via an API that can be used to automate certain financial processes. The processing of personal data is carried out exclusively on behalf of Commitly and is subject to the GDPR.

https://monite.com/data-privacy/

Swan SAS (Embedded Finance / Payment Infrastructure)

For the technical provision of business accounts and the execution of SEPA payments, we use Swan SAS, 95 Avenue du Président Wilson, 93100 Montreuil, France, registration number 86245. Swan is an e-money institution regulated under French law and is fully subject to the General Data Protection Regulation. The processing is carried out exclusively on the basis of order processing in accordance with Art. 28 GDPR.

https://www.swan.io/privacy-policy

Chargebee (subscription management)

Parts of your personal data (name of your company, first and last name) are used to identify you and your company and to check the payment methods offered. As part of the registration process, your first name and surname are passed on to the service provider ChargeBee (Chargebee Inc., 340 S Lemon Avenue, #1537, Walnut, California 91789, USA). In addition, your payment data such as credit card and bank data (depending on the payment method selected by you) are collected, used and processed for the purpose of payment processing as well as passed on to payment service providers and the credit card company or bank specified by you in each case and used and processed by them. Commitly does not store any credit card data in connection with a transaction at any time.

https://www.chargebee.com/

Braintree Payment (payment processing)

Commitly uses Braintreee Payments ("Braintree") as its payment gateway. Braintree is a service of PayPal (Europe) S.à r.l. et Cie, S.C.A.. Braintree is used exclusively to process payments between Commitly and its users. For this purpose, the credit card data recorded in Chargebee is transmitted to Braintree for further processing.

https://www.braintreepayments.com/at/legal

GoCardless Ltd (direct debit & payment management)

GoCardless Ltd, 65 Portland Place, London W1B 1NB, United Kingdom.

We use GoCardless to process SEPA direct debits and payment mandates within the COMMITLY platform. Personal data (e.g. name, IBAN, mandate reference) is transmitted to GoCardless on behalf of COMMITLY and processed there. GoCardless hosts data in the EU (data center Dublin, Ireland) and uses EU standard contractual clauses to secure data transfers to third countries. Processing is carried out exclusively on the basis of our instructions and in accordance with Art. 28 GDPR. Further information:

https://gocardless.com/privacy/

Intercom (Customer Experience)

We use third party services to help us better understand how you use Commitly. Specifically, we submit some of your information (such as your email address and the date you registered) to Intercom, Inc ("Intercom") and use Intercom when you visit our website or use our product to collect data for analytics purposes. Intercom analyses your use of our website and/or product and tracks the development of our customer relationship so that we can improve our service to you. We also use Intercom as a medium for communication, either by email or in the form of messages within our product(s). We also use Intercom to provide you with a help section.

https://intercom.io/

Mailchimp (Newsletter Management)

When sending our newsletter to registered interested parties and when sending transactional emails to users, we use Mailchimp (a brand of The Rocket Science Group, LLCm, Georgia, USA) as part of commissioned data processing. Mailchimp has been carefully selected by us as a specialised service provider and is regularly audited by us to ensure that your privacy is protected. Mailchimp will only process your personal data on our behalf and on our instructions and may only use your personal data for the purposes specified by us. Compliance with these data protection provisions and the necessary security measures is guaranteed at all times.

https://mailchimp.com

Pipedrive Ireland Limited (CRM Management)

Pipedrive Ireland Limited, 4th Floor, 7-8 Wilton Terrace, Dublin 2, Ireland.

Pipedrive provides us with a CRM platform that we use to manage customer data and map sales processes. Personal data (e.g. name, e-mail, contact history) is transmitted to Pipedrive and processed there on behalf of COMMITLY. Pipedrive uses standard contractual clauses to secure EU data transfers. Further information can be found in the Pipedrive privacy policy:

https://www.pipedrive.com/en/privacy

GetStream.io (in-app messaging & activity feeds)

GetStream.io Inc, 548 Market St PMB 62437, San Francisco, CA 94104, USA.

We use GetStream.io for the processing of in-app messages and activity feeds in the COMMITLY platform. Personal data (e.g. user IDs, message content, timestamps) is transmitted to GetStream.io on behalf of COMMITLY and processed there. GetStream.io hosts data in the EU (data center Dublin, Ireland) and uses EU standard contractual clauses to secure data transfers to third countries. Processing is carried out exclusively on the basis of our instructions and in accordance with Art. 28 GDPR. Further information can be found at:

https://getstream.io/legal/privacy/

Flatfile, Inc. (data import & preparation)

Flatfile, Inc., 1550 Wewatta Street / Suite 200, Denver, CO, USA

We use Flatfile to securely capture, validate, normalize and prepare customer ERP data imports (e.g. CSV/Excel imports, field mappings and validation rules). As part of these services, personal data (e.g. names, e-mail addresses, company data, account information contained in uploaded files and transaction data) may be processed by Flatfile in exceptional cases. Flatfile processes this data exclusively in accordance with our instructions and acts as a processor within the meaning of Art. 28 GDPR. Flatfile operates its services on Amazon Web Services (AWS) and offers customer-side options for regional hosting configurations (including EU regions); the specific hosting region results from the configuration agreed between Commitly and Flatfile. Further details on data protection, security measures and data processing at Flatfile can be found here:
https://flatfile.com/privacy/

H. Use of tracking tools

  1. In order to make visiting the Commitly website and the Commitly platform attractive and to make the use of certain functions more user-friendly, effective and secure, we use so-called cookies on various pages. These are small text files that are stored on your end device assigned to the browser used by you and through which certain information flows to the body that sets the cookie (in this case us). Cookies cannot execute programs or transmit viruses to your end device.
  2. Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit to our website. In addition, we use cookies that remain stored on your terminal device after the end of your visit to our website until you delete them. These cookies enable us to recognise your browser on your next visit.
  3. You can also set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, however, the functionality of our website may be limited.

Google Analytics

  1. Our website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
  2. The information generated by the cookie about your use of our website will be transmitted to and stored by Google on servers in the United States. As this website uses Google Analytics with the extension "_anonymizeIp()", your IP address will, however, be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, so that a direct personal reference can be excluded. Only in exceptional cases will the full IP address be transmitted to a server by Google in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
  3. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
  4. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.3.
  5. Google Analytics is used in accordance with the conditions agreed with Google by the German data protection authorities. Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Google's Terms of Use:

http://www.google.com/analytics/terms/de.html

Google privacy overview:

http://www.google.com/intl/de/analytics/learn/privacy.html

Privacy policy of Google:

http://www.google.de/intl/de/policies/privacy.

Use of Google Remarketing

  1. Our website uses the remarketing function of Google Inc. This function is used to present interest-based advertisements to visitors of the website within the framework of the Google advertising network.
  2. The website visitor's browser stores cookies, i.e. text files that are stored on your computer and enable the visitor to be recognised when they visit websites that belong to Google's advertising network. On these pages can then present the visitor with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function. According to its own information, Google does not collect any personal data during this process.
  3. If you still do not wish to use Google's remarketing function, you can deactivate it in principle by changing the corresponding settings under

http://www.google.com/settings/ads make.

Alternatively, you can disable the use of cookies for interest-based advertising via the ad network initiative by following the instructions at

http://www.networkadvertising.org/managing/opt_out.asp follow

Further information on Google Remarketing and Google's privacy policy can be found at:

http://www.google.com/privacy/ads/

Google Ad Words

  1. As an AdWords customer, we also use Google Conversion Tracking, an analysis service provided by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google Adwords sets a cookie on your computer ("conversion cookie") if you have accessed our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, we and Google will be able to recognise that the user has clicked on the ad and has been redirected to this page . Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad at and were redirected to a page marked with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
  2. If you do not wish to take part in the tracking procedure , you can also refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies . However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "googleadservices.com". You can find out more about Google's privacy policy at

http://www.google.de/policies/privacy/

Sentry

We use the Sentry service (Sentry, 132 Hawthorne St, San Francisco, CA 94107, USA) to improve the technical stability of our services by monitoring system stability and identifying code errors. Sentry serves these purposes alone and does not evaluate data for advertising purposes. For further information, please refer to Sentry's privacy policy:

https://getsentry.com/privacy/

J. Communication

  1. If you send e-mail messages or other communications to us or enter them directly on the website/commitly platform, we as the provider will retain such communications in order to process your request, respond to questions and improve the website, products, features/services and services.
  2. Communication within the Commitly platform takes place exclusively via an encrypted Internet connection and is stored on servers connected to the Internet. In addition, e-mails and, if applicable, push messages are sent directly to the end device as part of the communication.

K. Your rights as a user

  1. You have the right to inquire about the data collected about you at any time and free of charge. You have the right to withdraw your consent to the use of your personal data at any time with effect for the future. For information and revocation, please contact Commitly at support@commitly.com. We will then provide the information without delay.
  2. If you so wish, we will delete your data stored by us in full at your request in accordance with your instructions. However, this may mean that you will no longer be able to use the website and any services and/or functions within the Commitly platform. In this case, you have an extraordinary right of termination for existing contractual relationships, without this giving rise to any claims for compensation against Commitly.
  3. However, in the event of the existence of and for the duration of statutory retention obligations as well as within the scope of data backup, we are entitled to continue to store data including backups and logs that have otherwise been ordered to be deleted and to use and process data to the extent necessary to comply with the statutory obligation.

L. Data security

  1. The data storage and processing of data collected within the scope of services or in any other way is carried out on servers on behalf of Commitly. Within the scope of commissioned data processing, Commitly ensures compliance with data protection regulations and the contents of the data protection declaration by means of suitable technical, organisational and contractual measures.
  2. Commitly takes the necessary security measures to protect data from unauthorised access and to prevent the unauthorised modification, disclosure or destruction of data. This includes internal audits of data collection and data storage and processing practices and security measures, as well as physical security measures to protect against unauthorised access to the systems on which personal data is stored.

M. Contact

For information or explanations regarding the use of your data, please contact:

Commitly GmbH

Dr. Clemens Pirquet-Strasse 43
2380 Perchtoldsdorf

E-mail: support@commitly.com

(Status: 07.09.2025)

COMMITLY Privacy Policy

20250907_Data privacy

 

COMMITLY BLACK FRIDAY