Privacy and legal
As an asset management company, we take the protection of your personal data very serious. We treat your personal data confidentially and according to the legal data protection regulations as well as in accordance with this data protection declaration. While using our services or submit documents to us various personal data will be stored and raised. Personal data include all information that can be used to identify you personally. This data protection declaration explains what data we collect and for which purposes we may use it. It explains also how and for what purpose this is done. Because of constant technological change this declaration is regularly adjusted. Therefore, we recommend to take note of our information at regular intervals. You will find the latest data protection declaration on our website www.dje.de and www.solidvest.de,where you can print it at any time. We will inform you about fundamental changes on our website as well as by e-mail or post.
1. Responsibility for data processing
DJE Kapital AG
Pullacher Straße 24
Tel.: +49 89 790453-0
Fax: +49 89 790453-185
Pbagnpg details of our data protection officer:Sebastian Feik, Dipl.-WJur. (FH)
Dellbrücker Straße 116
51469 Bergisch Gladbach
Phone: +49 2202 28 941 - 0
fax: +49 2202 28 941 - 47
E-Mail : Qngrafpuhgmemail@example.com
II Data processing in the use of our services or with regard to our suppliers
If you are a customer, supplier or interested party with whom we conclude or prepare a contract, we will use the following ways to access your personal data:
1. Processing of personal data from the following sources and data
We process personal data, which we collect within the scope of our business relationship from our customers or suppliers. This is the case when you contact us, e.g. as an interested party, applicant, supplier or customer and especially if you are interested in our products and complete online contract sections, register for online services or contact us by e-mail, telephone, application and to use our products and services within an active business relationship. In all these cases we collect, store, use, transmit or delete personal data. In addition, we process - as far as necessary for the provision of our services required - personal data that we receive from other companies, DJE Investment S.A, DJE Finanz AG Swiss or by other third parties / other service providers as permitted (e.g. for the execution of orders, for the fulfilment of contracts or due to a consent given by you). In addition we are allowed to process personal data that we obtain from permissible public domains (e.g. land register, commercial register, Bundesanzeiger). Where necessary and lawful we will also collect personal data of persons who have no direct contact with us and belong, for example, to one of the following groups of persons:
- family members,
- legal representatives (authorized representatives),
- Beneficiaries of our customers,
- the beneficial owners of our customers,
- representatives of legal entities,
- employees of service providers or trading partners.
a. When concluding and using products / services personal data are collected, processed and stored.
We process the following personal data:
- Identity information (e.g. first and last name, identity card or passport number, nationality, place and date of birth, gender, photo, IP address)
- contact information (address, e-mail address and telephone number)
- tax information (tax identification number, tax status)
- bank, financial and transaction data (e.g. bank account details (IBAN),
- money transfers from and to your account / deposit, assets,
- notified investor profile, financial expenses
- within the securities business: information regarding knowledge and/or experience with securities (MiFID status), investment behavior/strategy (period, scope, frequency of the customer's transactions with financial instruments, risk tolerance of the customer), information on training and occupation (e.g. level of education, job, name of employer) earnings, financial situation (assets, liabilities, income, e.g. from employment / self-employment / business; expenses), foreseeable changes in the financial circumstances
(e.g. retirement age), concrete objectives/essential concerns in the future (e.g. planned purchases, repayment of liabilities), marital status and family situation, tax information (e.g.
information on church tax liability), documentation data (e.g. declarations of suitability)
- in the management of interest rates, currencies and liquidity: information regarding
knowledge and / or experience with interest/currency products / investment (MiFID status), investment behavior/strategy (period, the volume and frequency of the client's financial transactions, customer's willingness to take risks), profession, financial situation
(assets, liabilities, income, e.g. from dependent/self-employed persons labor / business; expenditure), foreseeable changes of the financial circumstances (e.g. retirement age), specific objectives / major concerns in the future (e.g. planned purchases, repayment of liabilities), tax information (e.g. church tax liability), documentation data (e.g. consultation minutes)
- Customer contact information during the start of the business relationship and during the business relationship, in particular regarding personal, telephone or written contacts, by you or initiated by DJE Kapital AG, further person-related data, e.g. information on contact channel, date, occasion and result, (electronic) copies of correspondence and information
regarding participation in direct marketing activities and information of your wishes expressed by you.
- Audiovisual data (information from the video legitimation procedure, records of calls).
As far as requested by the customers we also collect personal data of children. In this respect we ensure that the persons in charge of the parental responsibility agree to the processing of personal data or in certain cases, agree to the consent of the child.
Personal data concerning racial or ethnic origin, to political beliefs, religious or philosophical opinions, on trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data concerning sexual life or sexual orientation
are not processed by us as a matter of principle (unless it is not, for example
for the payment of church tax or by order of the supervisory authorities).
b. When visiting the websites www.dje.de and www.solidvest.de: When visiting our websites your browser automatically sends information to the server of our websites. This information is temporarily stored in a so-called log file. The following information is stored until automatic deletion:
- IP address of the requesting computer (or terminal device)
- date and time of access
- name and URL of the retrieved file
- website from which the access is made
- the browser used and, if applicable, the operating system of your computer
While visiting the websites www.dje.de and www.solidvest.de so-called cookies are used. Cookies are small texts, which are stored by providers of web pages saved on your computer or mobile device. The purpose of a cookie is to simplify your visit to our websites: A cookie enables us to provide our services individually. The cookies used are not intended to collect personal data.
Cookies do not cause any damage to your end devices, do not contain any viruses, Trojans or other malicious software. Before storing each data is encrypted by changing the IP address. We use so-called "session cookies" to recognize if you already visited certain pages of our websites. These are terminated after a certain period after leaving the webpage.
Beyond that we also use temporary solutions to optimize user-friendliness cookies, which are set for a certain fixed period of time on your computer or end device. In the event that you
visit our websites again to make use of our services it is automatically recognized that you have already been with us and which settings you already made so that you do not have to enter them again. On the other hand we need cookies for analysis tools like "Google Analytics" (see below).
solidvest.de use Google Analytics, a web analysis service of the
Google Inc. https://www.google.de/intl/de/about/) (1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics
creates pseudonymised user profiles and uses so-called "cookies", text files that are saved on your computer and that enable the analysis of your use of the websites. The information provided by cookies regarding the use of the browser type of the above-mentioned websites
- operating system used
- referrer URL (the previously visited page)
- host name of the accessing computer or terminal device (IP address)
- time of the server request
are usually transmitted to a Google server in the USA and saved there. In case of activation of IP anonymization on this website, your IP address will be used by Google in abbreviated form within Member States of the European Union or in other contracting states of the agreement on the European Economic Area. Only in exceptional cases the full IP address is sent to Google in the USA and shortened there. On behalf of the operator of these websites, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide further services to the website operator in connection with website and internet use. The data collected within the scope of Google Analytics by your
IP address transmitted by the browser is not combined with other data from Google.
You can prevent the storage of cookies by settings of your browser software; we would like to point out, however, that in this case you may not be able to use all functions of these websites to the full extent. In addition, you can prevent the collecting of data generated by the cookie and related to your use of the websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout).
d. Supplier data
We collect personal data from our suppliers in the course of our business relationship in order to ensure a smooth business relationship. We collect information about our contacts within the organization such as names, telephone numbers and e-mail addresses. We also collect bank details to enable us to make payments to our suppliers.
2.What do we process your data for (purpose of processing) and on which legal basis?
We process the above-mentioned personal data in accordance with the provisions of the EU basic data protection regulation (DSGVO) and the Federal Data Protection Act (BDSG):
a. To fulfil contractual obligations (Art. 6 para. 1 lit. b DSGVO)
Personal data are processed in order to provide financial services within the framework of the execution of our contracts with our customers or to carry out pre-contractual measures, which will be made on your request. The purposes of the data processing are based primarily on the specific product (see point 1) and can, among other things, provide analyses of demand, advice, asset management and support and the execution of transactions. With regard to our suppliers we process personal data of persons within the organization of our suppliers in order to be able to take advantage of their services. In addition we store financial data to secure the payment of provided services.
b. Within the framework of the balancing of interests (Art. 6 (1) (f) DSGVO)
If necessary, we will process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Examples:
- testing and optimization of procedures to analyze the demand and to address customers directly; incl. customer segmentation and calculation of closing probabilities
- advertising or market and opinion research, if you agree to the use of your data
- assertion of legal claims and defense of legal disputes
- ensuring the IT security and IT operation of DJE Kapital AG
- prevention of criminal offences, in particular fraud prevention
- video surveillance to ensure domiciliary rights to collect evidence in cases of robbery and fraud
- measures for building and plant safety (e.g. access controls)
- other measures to secure the right to the house
- measures for business management and further development of services and products
with regard to the websites offered:
- To ensure the smooth connection of the
Websites www.dje.de and www.solidvest.de
- ensuring a comfortable use of our websites
- evaluation of system safety and stability, and
- for other administrative purposes
With regard to cookies:
With the help of cookies we want to analyze the usage of our websites www.dje.de and www.solidvest.de in order to optimize the handling, for statistical matters and to improve our services for you.
With regard to Google Analytics:
With the tracking systems used we want to ensure that the design of our websites meet the needs as well as to ensure the continuous optimization of our websites and for statistical analysis
With regard to Google DoubleClick remarketing:
With regard to Google Conversion Tracking:
We also use so-called conversion tracking when using the Google AdWords service. When you click on an ad placed by Google a cookie for conversion tracking is placed on your computer/end device. These cookies lose their validity after 30 days, do not contain any personal data and therefore do not serve for personal identification. The information collected via the conversion cookie is used to generate conversion statistics for AdWords customers who choose conversion tracking. User data is processed pseudonymously as part of the Google marketing services. This means that Google does not, for example, save and process the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google's point of view, the ads are not managed and displayed for a specifically identified person but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly permitted Google to process the data without pseudonymisation. The information collected by Google's branding services about users is transmitted to Google and stored on Google's servers in the USA.
You can also place interest-based ads on Google and interest-based Google Ads on the web (within the Google display network) in your browser by going to https://adssettings.google.de activate the "Off" button or deactivate via http://www.aboutads.info/choices. Further information on your options in this regard and data protection at Google can be found at https://www.google.de/intl/de/policies/privacy/?fg=1.
We use Hotjar, a web analytics service provided by Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta ("Hotjar"), to better understand user behavior, to better understand the needs of our users and to optimize our services and user experience.
Site visitors are assigned a unique User ID (UUID) so that Hotjar can recognize returning visitors without having to rely on personal information such as IP address. Hotjar stores this data in a pseudonymous user profile. When data is recorded, Hotjar automatically blocks keystroke data in password fields and credit card numbers in an input field so that they never reach our servers. Neither Hotjar nor we will use this information to identify individual users, nor will the data be merged with other data about individual users.
You can object to the creation of user profiles, the storage of data about your use of our site by Hotjar and the use of tracking cookies by Hotjar on other sites at any time using the following link https://www.hotjar.com/opt-out. You will find further information: https://www.hotjar.com/privacy.
With regard to Facebook pixel:
Within our internet presence we use the "Facebook pixel" of the social network "Facebook", 1601 South California Avenue, Palo Alto, CA 94304, USA. So-called counting pixels are integrated on our pages. When you visit our pages the pixel-code establishes a direct connection between your browser and the Facebook server. Facebook thereby receives information from your browser that our page has been called up from your end device. If you are a Facebook user, Facebook can use this to assign your visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. We can only choose which segments of Facebook users (such as age, interests) our advertising is to be displayed to. By calling up the pixel from your browser, Facebook can also recognize whether a Facebook advertisement was successful, e.g. whether it led to an online contract being concluded.
This allows us to monitor the effectiveness of Facebook ads for statistical and market research purposes. Please click here if you do not wish to collect data via Facebook pixels: https://www.facebook.com/settings?tab=ads#_=_. Alternatively, you can deactivate the Facebook pixel on the Digital Advertising Alliance page by clicking on the following link: http://www.aboutads.info/ choices/.
The transfer of data to the USA is permitted under Art. 45 DSGVO, since Facebook Privacy Shield is certified and therefore, according to the implementing decision of the Commission (EU) 2016/1250 (https://eur-lex.europa.eu/legal content/DE/ALL/?uri=CELEX%3A32016D1250) an appropriate level of data protection exists.
The certification can be downloaded from https://www.privacyshield.gov/participantid=
With regard to Facebook Lead Ads:
To generate contact data we use lead ads, an advertising module of Facebook. This data is used exclusively to send the Solidvest newsletter. Users who have registered for our newsletter via a lead ad can unsubscribe or object to the storage and use of the data at any time. Solidvest will only use the generated data which has been confirmed via the double opt-in procedure. Both Facebook and DJE Kapital AG are responsible for processing the data. The data is only transmitted from Facebook to Solidvest/DJE Kapital AG when the user clicks on "Send" within the Lead Ad. The data is processed in accordance with Art. 6 Para. 1 a) DSGVO on the basis of the consent provided in the lead ad form.p
With respect to the use of Microsoft Teams:
5. Privacy notices for online meetings, telephone conferences and webinars via "Microsoft Teams".
We would like to inform you below about the processing of personal data regarding the use of "Microsoft Teams". We are responsible for data processing directly related to the execution of "Online Meetings". If you visit the "Microsoft Teams" website, the provider of "Microsoft Teams" is responsible for data processing. Opening the "Microsoft Teams" website is, however, only necessary in order to download the software for the use of "Microsoft Teams".
If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. These service will also be provided via the "Microsoft Teams" website.
5.1 Scope of data processing
When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting". The following personal data are subject to processing:
User details: e.g. display name, email address if applicable, profile picture (optional), preferred language.
Meeting metadata: e.g., date, time, meeting ID, phone numbers, location.
Text, audio and video data: You may have the option of using the chat function in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time through the "Microsoft Teams" applications.
If we want to record "online meetings", we will transparently inform you in advance and - if necessary - ask for consent. If it is necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will generally not be the case. Automated decision-making within the meaning of Art. 22 DSGVO is not used.
5.2 Purpose and legal basis of data processing
We use "Microsoft Teams" to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Microsoft Teams" is a service provided by Microsoft Corporation.
If personal data of employees is processed by legitimis GmbH, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in connection with the use of "Microsoft Teams", personal data is not required for the establishment, implementation or termination of the employment relationship but is nevertheless an elementary component in the use of "Microsoft Teams", Art. 6 (1) lit. f) DSGVO is the legal basis for data processing. In such cases our interest is in the effective implementation of "online meetings".
The legal basis for data processing when conducting "online meetings" Art. 6 para. 1 lit. b) DSGVO, if the meetings are conducted in the context of contractual relationships.
If a contractual relationship does not exist, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of "online meetings".
5.3 Recipients and disclosure of data
Personal data processed in connection with the participation in "online meetings" will not be passed on to third parties as a matter of principle, unless it is specifically intended to be passed on. Please note that the content of "online meetings" as well as personal meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of "Microsoft Teams" necessarily receives knowledge of the above-mentioned data, provided this is specified in the context of our order processing agreement with "Microsoft Teams".
5.4 Data processing outside the European Union
In principle data processing does not takes place outside the European Union (EU) as we have limited our storage location to data centers in the European Union. However, we cannot exclude the routing of data via Internet servers that are located outside the EU. This may be the case in particular if participants in "Online Meeting" are located in a third country.
However, the data is encrypted during transport via the Internet and thus protected against unauthorized access by third parties.
5.5 Delete of data
As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, we will only delete the data after the respective retention obligation has expired.
In relation to Clarity from Microsoft:
In addition, we use Clarity on our site. A program from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). This is a program designed to provide us with information about the behavior and interactions of users of our site. The legal basis for the processing of personal data is the consent of the user pursuant to Art. 6 para. 1 lit. a DSGVO.
With regard to Hubspot:
We use the following within our Internet presence
the marketing automation software "Hubspot" of the company "Hubspot, Inc", Guild Street, Dublin 1, Ireland (European headquarters). This software enables the tracking of user behavior in marketing mails and our websites.
The following cookies are used and explained below
__hssc: This cookie is used to track sessions. The cookie is used to determine whether the session number and time stamp in the _hstc cookie should be increased. Included parameters: domain, viewCount (number of page views; incremented with each page view in a session) and session start timestamp.
_hssrc:This cookie supports the recognition of new user sessions. It is set to 1 when a user session starts. If the cookie is not set, it is assumed that it is a new session.
_hstc: This is the main cookie used to record visitors. Included parameters: domain, user tokens (hubspotutk, see below), start time stamp (first visit), end time stamp (last visit), current time stamp (this visit) and session number (increments with each subsequent session).
hubspotutk:This cookie supports the tracking of visitors; it is passed on to hubspot when a form is submitted to hubspot.
Responsibility for data processing
1. responsible entity:
DJE Kapital AG Pullacher Straße 24
Phone: +49 89 790453-0
fax: +49 89 790453-599
2. responsible entity:
Caffamaker series 7
Phone: +49 40 202058426
For further information see:https://www.facebook.com/policy
With regard to YouTube, Xing.com, LinkedIn, Twitter, Facebook and "Instagram": On our websites you will find links to YouTube, Xing, LinkedIn, Twitter and Facebook ("social networks"). We do not use social plug-ins of these social networks if you visit our
websites. Only when you click on the symbol or link of a social network, you will be taken to its website. Here data will be collected, processed and used. We have no influence
what data these social networks collect, how they are processed and used. You will find information regarding the purpose and scope of data collection and the further processing in the Data protection documentation of the respective social network on the following websites:
We do not under any circumstances use the data from the cookies or the analysis tools to draw conclusions about your person.
c. On the basis of your consent (Article 6 (1) (a) DS-GVO). If you have given us your approval to process personal data for specific purposes (e.g. transfer of data within the group / corporation or to use your data for specific advertising purposes), the legality of this processing is based on your consent. Data processing for the purpose of contacting us is based on your voluntarily given consent, for example, if you use the contact form on our websites www.dje.de and www.solidvest.de or give us a business card.
Any consent given can be revoked at any time. This also applies to the withdrawal of declarations of consent that were given to us before the EU data protection basic regulation came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing operations that took place before the revocation are not affected hereby. If we wish to use your personal data for purposes other than those mentioned above, we will inform you accordingly and, if necessary, ask for your approval.
d. Legal requirements (Article 6 (1) (c) of the DS-GVO) or in the public interest (Article 6 (1) (e) of the DS-GVO) As a financial services institution we are subject to various legal obligations, i.e. legal requirements (e.g. the German Banking Act, Money Laundering Act, Securities Trading Act, tax laws) as well as banking supervisory requirements (e.g. European supervision, Deutsche Bundesbank and the Federal Financial Supervisory Authority (BaFin)). The purposes of the processing include, among others, the obligations arising from the German Securities Trading Act (WpHG) to record the knowledge and experience of the respective customer with securities services and financial instruments, the financial circumstances and investment objectives of the customer, identity and age verification, fraud and money laundering prevention, compliance with sanction and embargo provisions, to answer official enquiries from a competent governmental or judicial authority, the fulfilment of fiscal and legal control and reporting obligations as well as the assessment and management of risks of DJE Kapital AG.
3. Do you have an obligation to provide data?
Within the framework of our business relationship you must provide us with the personal data required for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will usually have to refuse to conclude the contract or execute the order or we will no longer be able to execute an existing contract and may have to terminate it.
In particular we are obliged under money laundering law to identify you before establishing the business relationship, for example by means of your identity card and to collect and record your name, place and date of birth, nationality, residential address and identification data. To enable us to comply with this legal obligation you must provide us with the necessary information and documents in accordance with Section 11 (6) of the Money Laundering Act and inform us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents we may not enter or continue the requested business relationship.
4 Who gets your data?
Within DJE Kapital AG, access to your data is granted to those entities that need it to fulfil our contractual and legal obligations. Service providers and agents engaged by us may also receive data for these purposes, provided they maintain banking secrecy and comply with our written data protection instructions. We may only pass on information about you if required by law, if you have given your consent or if processors commissioned by us guarantee compliance with the provisions of the DSGVO or the BDSG. Under these conditions, recipients of personal data can
z. e.g. be:
- Public authorities and institutions (e.g. Deutsche Bundesbank, Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), European Supervisory Authority, financial authorities, Federal Central Tax Office) if there is a statutory or regulatory obligation.
- Other credit and financial services institutions, comparable institutions and processors to whom we transfer personal data in order to carry out the business relationship with you. These companies are also obliged by law or contract to treat personal data with the necessary care. In particular, we work together with IT service providers, financial service providers and custodian banks.
- Service providers who support us, in detail in the following activities: Support / maintenance of EDP / IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data destruction, purchasing / procurement, space management, real estate appraisals, credit processing service, collateral management, collection, customer management, Letter shops, marketing, mailing of customer presentations, media technology, reporting, research, risk controlling, expense accounting, telecommunications, video legitimation, website management, investment services, share register, fund management, auditing services, payment transactions, independent representatives, agents, brokers.
- Members of certain regulated professions such as lawyers, notaries or auditors.
- Other data recipients may be those entities for which you have given your consent to the transfer of data or for which you have given us an exemption in accordance with the agreement or consent.
On this website we use HubSpot for our online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Pbagnpg us: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500.
We use HubSpot for:
- the evaluation of the use of our websites (e.g. accesses, visited pages, length of stay, etc.)
- the dispatch of the newsletter
For more information on the cookies used by HubSpot, please visit https://knowledge.hubspot.com/articles/kcs_article/ reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser
1. Scope of data processing
When using the service, so-called "web beacons" are used and cookies are also set, which are stored on your computer and thus enable us to analyze your use of our website. The following information is recorded:
- IP address
- the geographical location
- type of browser
- duration of the visit
- and the requested page
If you have registered for our newsletter, your e-mail address, your newsletter "Opt-In" and optionally your name will also be stored here. As soon as you have registered yourself the following additional data will be saved:
- name, first name
- phone number
- contract data
- specified expectations
2. Legal basis of the processing
Data processing is based on your consent (Art. 6, Para. 1, lit. a DSGVO).
3. Possibility of objection and removal
If you wish to object to the general collection of data, you can prevent the storage of cookies at any time in your browser settings.
4. Hubspot log files
Every time a website/landing page created with Hubspot is accessed, so-called log files are automatically created at Hubspot. The logfiles can contain the following information: IP address, browser, operating system, internet provider, pages visited, etc.
The collection of data serves to optimize the pages, to ensure the security of the websites and to generate general statistics regarding the use of/with Hubspot created pages. The automatically collected data will be linked to personal data stored at Hubspot. The legal basis for the storage of data in the logfiles is Art. 6, Para. 1, lit. f DSGVO. The data will be deleted after 180 days and during this time only authenticated IT staff of Hub- spot have access to the logfiles.
5. Is data transferred to a third country or to an international organization?
Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary to execute your orders (e.g. payment and securities orders), if it is required by law (e.g. tax reporting obligations), if you have given us your permission or if you have commissioned us to process your orders. Whoever uses the service provider in a third country is obliged to comply with the level of data protection in Europe in addition to written instructions by the agreement of the EU standard contract clauses. If you require a printout of these provisions or information on their availability, you can contact us in writing.
How long will your data be stored?
We process and store your personal data for as long as it is necessary to fulfil our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is set to run for several years. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their - temporary - further processing is necessary for the following purposes:
- Fulfilment of commercial and tax law retention periods: The Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act and the Securities Trading Act must be mentioned. The periods of retention or documentation specified there are two to ten years.
- Preservation of evidence within the framework of the statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years. For applicants without subsequent conclusion of a contract, a retention period of six months applies.
7. To what extent is there automated decision making (including profiling)?
We process your data partly automatically with the aim of evaluating certain personal aspects (profiling). We use profiling for example in the following cases:
- We are obliged by law to combat money laundering and fraud. In this context, we also evaluate data (e.g. in payment transactions). These measures also serve your protection.
- In order to be able to inform and give you targeted advice about products, we use evaluation tools where necessary. These enable communication and advertising to be tailored to your needs, including market and opinion research.
III How is your personal data protected?
We take reasonable and appropriate measures to protect the information we store and process from misuse, loss or unauthorized access. To this end we have taken a number of technical and organizational measures and update them on an ongoing basis. If you suspect that your personal information has been misused, lost or accessed by unauthorized persons, please let us know as soon as possible.
IV Your rights
As soon as your personal data is processed, you are a data subject within the meaning of the DSGVO. You are therefore entitled to the following rights against the person responsible (i.e. against us):
Every data subject has the right of access under Article 15 DSGVO, the right of correction under Article 16 DSGVO, the right of deletion under Article 17 DSGVO, the right to restrict processing under Article 18 DSGVO, the right of objection under Article 21 DSGVO and the right of data transferability under Article 20 DSGVO. With regard to the right of information and the right of deletion, the restrictions under Sections 34 and 35 of the Federal Data Protection Act shall apply.
The right of information includes information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing, objection or data transferability, the existence of a right of appeal, the origin of your data, if it has not been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information on the details of such data.
You can request the immediate correction of incorrect data or the completion of your personal data collected by us at any time. You can request the deletion of your personal data stored by us for the following reasons:
- if your personal data are no longer required for the purposes for which they were collected,
- if you withdraw your consent and there is no other legal basis,
- if you object to the processing,
- if your personal data have been processed unlawfully,
- if your personal data must be deleted in order to comply with legal requirements.
Deletion may not take place if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. If this is not the case, we will delete your data upon request. As a rule, we will also assume that it is your wish that we add your name to our list of people who do not wish to be contacted. In this way we minimize the chance that you will be contacted in the future if your details are collected separately under different circumstances.
Under certain circumstances, you can request that we restrict the processing of your personal data. This means that we will only store your data in future and cannot carry out any further processing activities until we have received your data: (i) one of the conditions set out below has been fulfilled, (ii) you give your consent, or (iii) further processing is necessary to assert, exercise or defend legal claims, to protect the rights of others or if it is necessary for the legitimate public interest of the EU or a Member State. In the following circumstances, you may request that we limit the processing of your personal data:
- If you have any dispute about the accuracy of the personal data we process about you we will restrict the processing of your personal data by us until the accuracy of the data has been verified.
- If you object to the processing of your personal data by us for the purposes of our legitimate interests you may request that the data is restricted while we review our reasons for processing your personal data.
- If the processing of your data by us is unlawful, but you prefer to limit the processing by us rather than having the data deleted.
- If there is no longer a need for us to process your personal data, but you need the data here in order to assert, exercise or defend your legal rights.
In addition, you have the right to complain to our data protection officer and to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG). In general you can contact the supervisory authority at your usual place of residence or workplace or of our company headquarters.
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the DSGVO came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. This also applies if we use your data for our direct advertising. Please also see the separate note at the end of this data protection information.
V Your right of objection under Art. 21 DSGVO:
1. Right of objection in individual cases
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data on the basis of Article 6 paragraph 1 letter e DSGVO (data processing in the public interest) and Article 6 paragraph 1 letter f DSGVO (data processing based on a weighing of interests); this also applies to profiling based on this provision within the meaning of Article 4 paragraph 4 DSGVO. If you lodge an objection, we will no longer process your personal data unless we can prove compelling reasons for processing which are worthy of protection and exceed your interests, rights and freedom or unless the processing serves to assert, exercise or defend legal claims.
2. Right to object to the processing of data for advertising purposes
In individual cases we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of your personal data for the purpose of such direct marketing, including profiling, to the extent that it is connected with such direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be submitted informally and should preferably be sent by e-mail to firstname.lastname@example.org.
DJE Kapital AG