Data protection information
On this page you will find our privacy policy.
A. General information and contact details
As a securities institution, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
Personal data is data with which you can be personally identified or made identifiable. This data protection information explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
Status of the data protection information
Status: 01/2025
Against the background of constant technical change and the ongoing development and improvement of our processes, this information is regularly adapted. We therefore recommend that you review our information and notes on data processing at regular intervals. You can access the current privacy policy at any time on the website at www.dje.de and www.solidvest.de. You can find the latest data protection information on our website at: https:<u> //www.dje.de/datenschutzhinweise/</u>
Controller (for data processing)
DJE Kapital AG
Pullacher Street 24
82049 Pullach
Phone: +49 89 790453-0
E-mail: info@dje.de
Represented by the Management Board: Dr. Jens Ehrhardt (Chairman), Dr. Jan Ehrhardt (Deputy Chairman), Peter Schmitz, Thorsten Schrieber
Scope of application
This data protection information clarifies the nature, scope and purpose of the processing of personal data by the controller, which is represented by the management.
The legal basis of data protection in relation to the territorial scope of application in Germany can be found in particular in the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-new) and the Telecommunications Telemedia Data Protection Act (TDDDG).
Handling of personal data
Personal data is information that relates to an identified or identifiable natural person (data subject).
The processing of such data is only lawful if at least one of the following conditions is met:
the data subject has consented to the processing of personal data relating to him or her for one or more purposes (e.g. declaration of consent for advertising communication),
the processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract (e.g. concluded contract, performance of services, provision of products),
processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. disclosure of data to authorities),
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and such interests are not overridden by the interests of the data subject (e.g. disclosure of data to debt collection agencies and lawyers, video surveillance).
Description of the groups of origin
If we have not received the data directly from you, we will receive your personal data (first name, surname, telephone number, mobile number, e-mail address and your message) from intermediaries, tipsters or other financial institutions for the purpose of establishing contact and initiating a contract in accordance with Art. 6 para. 1 lit. b GDPR.
Transfer of personal data to a third country
As a rule, personal data is not transferred to a third country. Should this nevertheless be the case, the data transfer is regulated on the basis of an adequacy decision (e.g. Canada), by consent, binding corporate rules or EU standard data protection clauses with suitable technical and organizational measures (so-called "supplementary measures").
Standard periods for the erasure of personal data
The deletion of personal data takes place after the expiry of the statutory and contractual retention periods in accordance with Section 257 of the German Commercial Code and Section 147 of the German Fiscal Code. We are obliged to carry out this type of data processing in accordance with Art. 6 para. 1 lit. c GDPR.
If personal data is not subject to any retention periods, it will be deleted as soon as the stated purposes no longer apply. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.
Data protection officer
We have appointed a data protection officer who works for the company in accordance with Art. 37 et seq. GDPR is active:
Carolin Bauer
aigner business solutions GmbH
Goldener Steig 42
94116 Hutthurm
Phone: +49 8505 91927-0
E-Mail: Datenschutz@dje.de
Website: https: //www.aigner-business-solutions.com
B. Rights of the data subjects
In the following, we would like to inform you about your rights under the GDPR:
Right to information
You have the right to request information from the controller as to whether and which of your personal data is being processed.
For this purpose, the controller shall provide an overview of the processing purposes, the categories of personal data processed and the respective recipients or categories of recipients in accordance with Art. 15 GDPR.
Rights to rectification, erasure and restriction of processing
In accordance with Art. 16 GDPR, you have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.
In accordance with Art. 17 GDPR, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay, unless there is another legal requirement to the contrary.
In accordance with Art. 18 GDPR, you have the right to request the restriction of processing if
the accuracy of the personal data is contested,
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims,
you object to the processing pursuant to Art. 21 GDPR.
Right of withdrawal
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to object
In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling insofar as it is associated with direct advertising. If you object, your personal data will no longer be processed for direct marketing purposes (Art. 21 (2) GDPR).
Right to data portability
You have the right to have data that the controller processes automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.
Automated decisions in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
C. Data processing when visiting our website
1. data protection at a glance
General information
The following information provides an overview of how your personal data is processed when you visit this website. Personal data is all data with which you can be personally identified.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator's contact details in the "General information" section.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.
What rights do you have with regard to your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time if you have any further questions on the subject of data protection.
2 General notes and mandatory information
Data protection
The controller takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Our host(s) will only process your data to the extent that this is necessary to fulfill its performance obligations and follow our instructions with regard to this data.
We use the following host(s):
maxcluster GmbH
Lise-Meitner-Str. 1b
D-33104 PaderbornOrder processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Note on data transfer to the USA
Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
Forwarding to third-party websites
We have included links to the websites of third parties. If you click on these links, data will be transmitted to the operator of the website. This privacy policy does not regulate the collection, transfer or handling of personal data by third parties. Please check the privacy policy of the responsible party.
Declaration of consent according to §25 Abs. 1 TDDDG
Depending on your consent, we use various tools on our website that process your data. If we base data processing on your declaration of consent in accordance with Art. 6 para. 1 lit. a GDPR and inform you in our privacy policy about the purpose and mode of action of the declaration of consent, your consent also applies within the meaning of §25 para. 1 TDDDG.
Please refer to the privacy policy to find out which cookies, plug-ins and other data processing tools are used.
SSL and TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
3. data collection on this website
Cookies
Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this privacy policy.
Consent with Cookiebot at UserCentrics
Our website uses Cookiebot's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is UserCentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as "Cookiebot").
When you enter our website, a connection is established to Cookiebot's servers to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.
Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Necessary cookies
Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
3a. Cookies used
Data collection on this website - continued
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address
This data is not merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.
Request by e-mail or telephone
If you contact us by email, telephone or fax, we will store and process your request, including all resulting personal data (name, request) for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).
The data you send to us via contact requests will remain with us until you request us to delete it or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Contact form
If you send us inquiries via the contact form, the contact details you provide and the content of your inquiry will be stored by us for processing. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is necessary for the performance of a contract or for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).
The data you provide will remain with us until the purpose for data storage no longer applies or you request us to delete it. Statutory provisions, in particular retention obligations, remain unaffected.
Newsletter and information material
To receive the newsletter offered on our website and information about our services and offers (e.g. portfolio paper), you can register using our forms. By registering, you declare your consent within the meaning of Art. 6 para. 1 lit. a GDPR and Section 7 para. 2 no. 3 UWG, which entitles us to use your personal data for advertising purposes in our newsletter and for analysis purposes by evaluating click rates. For this purpose, we process your title, your first and last name, your e-mail address and the data on click behavior. If you give us your consent, we will send you our portfolio once by post. We will process your address for this purpose.
We use the so-called double opt-in procedure to prove that the declaration of consent has been given correctly. In this case, a confirmation e-mail will first be sent to the e-mail address you have provided, requesting confirmation. The registration only becomes effective when you click on the activation link contained in the confirmation e-mail.
We use HubSpot to send and evaluate our newsletter. Your data will therefore be transmitted to the service provider. HubSpot is prohibited from using your data for purposes other than those stated. HubSpot is not permitted to pass on or sell your data. HubSpot is a software provider that has been carefully selected in accordance with the requirements of the GDPR and the BDSG.
Your consent is voluntary. You can revoke your consent to the storage of the data and its use for sending the newsletter at any time with effect for the future, e.g. via the unsubscribe link in the newsletter. Please note that if you do not give your consent or revoke it before the information material is sent, we will not be able to send you the information material.
Even after you have withdrawn your consent, you may be contacted again for advertising purposes or you may receive a newsletter or information material in the next 10 days. The reason for this is that our company plans advertising campaigns over a longer period of time and the selection of the persons to be contacted may have already taken place before your withdrawal of consent is received. Please also note that you will still receive the information material if your revocation is received after we have sent it.
4 Plugins and tools
CookieBot
We use CookieBot on our website. You can find more information in the "Cookies" section.
YouTube with enhanced data protection
This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
When you load a YouTube video, connections to Google Fonts and other Google services are also established. You can find more details in the following information.
We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize surfing on YouTube. Ads that are played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used for recognition. Details on the extended data protection mode can be found here: https: //support.google.com/youtube/answer/171780.
After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Further information about data protection at YouTube can be found in their privacy policy at: https: //policies.google.com/privacy?hl=de.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/5780.
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The
website operator has a legitimate interest in the quick and easy integration and management of various tools on its website.
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Consent can be revoked at any time. Data transfer to the USA is based on the EU-US Data Privacy Framework.
Google Fonts
This website uses Google Fonts, which are provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.For this purpose, the browser you are using must connect to Google's servers. This informs Google that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Consent can be revoked at any time. Data transfer to the USA is based on the EU-US Data Privacy Framework.
If your browser does not support Google Fonts, a standard font will be used by your computer.
Further information on Google Fonts can be found at developers.google.com/fonts/faq and in Google's privacy policy: policies.google.com/privacy.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/5780.
Google Analytics
This website uses functions of the web analysis service Google Analytics, which is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a user ID. Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG.
Consent can be revoked at any time. Data transfer to the USA is based on the EU-US Data Privacy Framework.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/5780.
Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in the
Google's privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. Consent can be revoked at any time.
Consent can be revoked at any time. Data transfer to the USA is based on the EU-US Data Privacy Framework.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/5780.
Details can be found here:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken.
We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. Consent can be revoked at any time.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/5780.
Consent can be revoked at any time. Data transfer to the USA is based on the EU-US Data Privacy Framework.
You can find more information about Google Conversion Tracking in the privacy policy of
Google: https: //policies.google.com/privacy?hl=de.
Google DoubleClick
This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter "DoubleClick").
DoubleClick is used to show you interest-based advertisements throughout the Google advertising network. With the help of DoubleClick, the advertisements can be targeted to the interests of the respective viewer. For example, our advertising can be displayed in Google search results or in advertising banners linked to DoubleClick.
In order to be able to display interest-based advertising to users, DoubleClick must recognize the respective
DoubleClick must be able to recognize the respective viewer and assign the websites visited, clicks and other information on user behavior. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the user concerned.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. Consent can be revoked at any time with effect for the future.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/5780.
Consent can be revoked at any time. Data transfer to the USA is based on the EU-US Data Privacy Framework.
For more information on how to object to the advertisements displayed by Google, please see the following links:
https://policies.google.com/technologies/ads and
https://adssettings.google.com/authenticated.
Meta Pixel (formerly Facebook Pixel)
This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time with effect for the future.
We use the advanced matching function within the meta pixel.
Advanced matching allows us to transmit various types of data (e.g. place of residence, federal state, zip code, hashed email addresses, names, gender, date of birth or telephone number) of our customers and interested parties that we collect via our website to Meta (Facebook). This activation allows us to tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. In addition, the extended matching improves the allocation of website conversions and expands Custom Audiences.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook's privacy policy: https: //de-de.facebook.com/about/privacy/.
You can also deactivate the remarketing function "Custom Audiences" in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http: //www.youronlinechoices.com/de/praferenzmanagement/.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/4452.
HubSpot
We use Hubspot Forms, Hubspot Analytics, Usemessages from Hubspot and Hubspot CRM (from now on all services are referred to as "Hubspot") associated services on this website for sending newsletters, analyzing usage and collecting customer contact data from potential customers.
HubSpot is a software company from the USA (Hubspot Inc. 25 Street, Cambridge, MA 02141 USA) with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
Among other things, Hubspot enables us to manage existing and potential customers and customer contacts. With the help of Hubspot, we are able to record, sort, contact and analyze customer interactions via e-mail, social media or telephone across various channels. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). Hubspot also enables us to record and analyze the user behavior of our contacts on our website.
The use of Hubspot CRM and Forms is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible, as well as in providing a registration form for the use of newsletters on its website.
The use of Hubspot Analytics, user messages from Hubspot, as well as data processing in the context of data processing for the sending of newsletters is carried out exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time with effect for the future.
Details can be found in Hubspot's privacy policy:
https://legal.hubspot.com/de/privacy-policy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https: //www.hubspot.de/data-privacy/privacy-shield.
The company is also certified in accordance with the "EU-US Data Privacy Framework" (DPF). This agreement is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/5812.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
SalesViewer
We have integrated SalesViewer on this website. The provider is SalesViewer / SalesViewer GmbH, Hueststr. 30, 44787 Bochum (hereinafter referred to as "SalesViewer").
SalesViewer enables us to record visits to our website by members of other companies. For this purpose, the IP address of the website visitor is compared with the company IP addresses stored in the SalesViewer company database. If this is the IP address of a company, this visit and the user behavior of the visitor are recorded. IP addresses that are not in the SalesViewer database are deleted immediately so that website visits by private individuals are no longer recorded by SalesViewer.
SalesViewer offers an opt-out procedure to improve data protection. Further details can be found at the following link of the provider:
https://www.salesviewer.com/de/opt-out/.SalesViewer is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in recording company visits to our website and their user behavior.
Further details can be found in the provider's privacy policy: https://www.salesviewer.com/de/plattform/datenschutz/.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
LinkedIn
This website uses the Insight tag (LinkedIn Ads and LinkedIn Analytics) from LinkedIn. The provider of this service is LinkedIn Ireland
Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data processing by LinkedIn Insight Tag With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that we can use to display targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.
LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access).
browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator.
LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes.
Details can be found in LinkedIn's privacy policy at
https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis
Insofar as consent has been obtained, the use of the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https: //www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/5448.^
Microsoft Advertising / Bing Ads
The website operator uses Bing Ads, hereinafter referred to as Microsoft Advertising. Microsoft Advertising is an online advertising program of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft Advertising enables us to display advertisements in the Bing search engine or on third-party websites when the user enters certain search terms in Bing (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Microsoft (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
We use universal event tracking (UET) from Microsoft Advertising on this site. Pseudonymized data is collected to track the actions you take on our websites after you have clicked on a Microsoft Advertising ad. UET collects your IP address (anonymized), device identifiers, information about device and browser settings, Microsoft Click ID (stored in cookie), time spent on the website, which areas of the website were accessed, which ad brought you to the website and which keyword you clicked on.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https: //learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https: //www.dataprivacyframework.gov/participant/6474.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Objection to the use of LinkedIn Insight Tag
You can object to the analysis of user behavior and targeted advertising by LinkedIn at the following link: https: //www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
JSDelivr.com
We use JSDelivr on our website from the Polish software manufacturer ProspectOne, Królewska 65A/1, 30081, Kralów, Poland.
This service is used to ensure that our website is displayed quickly and flawlessly on different devices, even when our website is very busy.
By using the open source solution, JavaScript libraries can be hosted by npm, Github and similar servers. In order to provide these services, your browser can send personal data, such as IP address, preferred language, browser type, browser version, loading website, time and date of loading to jsdelivr.com so that the correct display of the website can be provided for your browser.
JSDelivr.com is used exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time with effect for the future.
Legal basis
If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. service is based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time.
Highcharts
On our website, we use the "Highcharts Cloud" service of the provider Highcharts AS, Sentrumsgata 44, 6893 VIK I SOGN, Norway.
This service enables us to display the current prices of various funds and investment options on our website.
In order to be able to display the data relevant to the respective site visitor, the user's country and the type of investment profile are requested from the website visitor. This information is required in order to be able to provide the desired information for the respective visitor. If this data processing is not desired, this function cannot be used.
This data processing takes place on the basis of the legitimate interest in the presentation of current stock market information for our customers and interested parties, within the meaning of Art. 6 para. 1 lit. f GDPR.
Further information can be found in the provider's privacy policy: https: //www.highcharts.com/blog/privacy/.
Anevis Solutions
We use the services of anevis solutions GmbH, Friedrich-Bergius-Ring 15, 97076 Würzburg, Germany, to provide graphic content on our website.
In order to ensure the correct display of the respective media on different devices and in different browsers, Anevis Solutions retrieves server log files to provide the correct and optimal version. (See section Server log files).
This data processing takes place on the basis of the legitimate interest in the presentation of current stock exchange information for our customers and interested parties, within the meaning of Art. 6 para. 1 lit. f GDPR.
Further information can be found in the provider's privacy policy: https: //www.anevis-solutions.com/de/datenschutzerklaerung/
5. data protection information social media
We use business accounts on Facebook, Instagram, LinkedIn and Xing. When you visit our social media presence, you have the opportunity to react to our posts, comment on them and send us messages. Your visit to our social media profiles initiates a variety of data processing operations on your personal data. We would like to inform you about your rights regarding this data processing of your personal data.
You are not obliged to provide us with your personal data. However, it may be necessary to do so for the individual functionality of our social media presence. We process your data for customer-oriented company presentation, for market-effective external presentation and for communication with the users of our social media presence. These data transfers and processing are carried out through your voluntary use of the platforms in accordance with Art. 6 para. 1 lit. a, Art. 49 para. 1 lit. a GDPR.
If you contact us via one of our social media channels, the data you provide will only be used for the purpose of contacting you. The legal basis for this form of data processing is Art. 6 para. 1 lit. a GDPR, your consent to contact us via the respective social media channel, if applicable Art. 6 para. 1 lit. b GDPR in the case of initiation or execution of contracts, §26 BDSG for employment-related contacts and Art. 6 para. 1 lit, f GDPR in the case of an overriding, legitimate interest in effective public relations work.
We would like to point out that the platform operators use web tracking and profiling systems that create extensive profiles about the users of these platforms. However, we have no influence over these systems. When you visit our social media pages, your personal data is not only collected, used and stored by us, but also by the social media operators. This happens even if you yourself do not have a profile on the respective social network. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the social media, please refer to their privacy policies:
Facebook.com https://de-de.facebook.com/privacy/explanation
Instagram.com https://privacycenter.instagram.com/policy/
LinkedIn.com https://de.linkedin.com/legal/privacy-policy
Apple Podcast https://www.apple.com/de/legal/privacy/data/de/apple-podcasts/
Google Podcast https://policies.google.com/privacy?hl=en
Anchor.fm https://www.spotify.com/de/privacy
Information on data transfer to a third country
The headquarters of the providers of LinkedIn, Facebook, YouTube, Apple Podcast, Google Podcast, Spotify, Anchor.fm and Instagram are located in the USA. This means that all your data is transferred to an insecure third country where there is no protection of your personal data comparable to the standard within the European Union. Xing has its headquarters in Germany. According to the provider, data may nevertheless be transferred to insecure third countries when using the platform.
The data transfer takes place on the basis of consent in accordance with Art. 6 para. 1 lit. a, Art. 49 para. 1 lit. a GDPR, unless the respective provider is certified under the EU-US Data Privacy Framework.
D. For our customers and those interested in our products and services
If you are interested in our products and services, we process your personal data in order to provide you with a quote. We also process your personal data when you conclude contracts with us for the use of our products and services. We would like to inform you about this below:
Categories of data concerned
We process the following personal data:
Identity information (e.g. first and last name, identity card or passport number, nationality, place and date of birth, gender, photograph, IP address)
Contact information (address, e-mail address and telephone number)
Tax information (tax identification number, tax status)
Bank, financial and transaction data (e.g. bank details (IBAN))
Money transfers from and to your account/deposit
assets
notified investor profile, investment behavior
Financial situation (income and expenditure)
Client contact information in the context of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or by DJE Kapital AG, further personal data, e.g. information on contact channel, date, occasion and result, (electronic) copies of correspondence and information on participation in direct marketing measures as well as information on your wishes that you have expressed to us.
Audiovisual data (information from the video legitimation procedure, recordings of calls)
In the securities business:
Information on knowledge and / or experience with securities (MiFID status)
Investment behavior/strategy (period, scope, frequency of the customer's transactions with financial instruments, customer's risk appetite)
Information on education and occupation (e.g. level of education, occupation, name of employer)
Income (e.g. earnings)
financial situation
Assets, liabilities, income, e.g. from employment/self-employment/business; expenses
Foreseeable changes in financial circumstances (e.g. retirement age)
Specific goals / major concerns for the future (e.g. planned purchases, repayment of liabilities)
Marital status, matrimonial property regime and maintenance obligations
Tax information (e.g. information on church tax liability), documentation data (e.g. declarations of suitability)
In interest, currency and liquidity management:
Information on knowledge and / or experience with interest rate / currency products / investments
MiFID client classification
Investment behavior/strategy (period, scope, frequency of the customer's transactions with financial instruments, customer's risk appetite)
Education, professional qualifications, profession practiced, position in the company, industry affiliation
financial situation
(assets, liabilities, income, e.g. from employment/self-employment/business; expenses)
Foreseeable changes in financial circumstances (e.g. retirement age)
specific goals / significant concerns in the future (e.g. planned purchases, repayment of liabilities)
tax information (e.g. church tax liability), documentation data (e.g. consultation minutes)
Processing of personal data of children
If requested by customers, we also collect personal data from children. In doing so, we ensure that the holders of parental responsibility consent to the processing of personal data or, in certain cases, agree to the child's consent.
Special categories of personal data
We only process personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data relating to sex life or sexual orientation if we are legally entitled to do so.
Purposes and legal bases
Contract initiation and execution in accordance with Art. 6 para. 1 lit. b GDPR
If you make use of our products and services, we provide you with our financial services or you make specific inquiries in this regard, we process your data in the context of contract initiation or contract performance. The purposes of data processing depend primarily on the specific product and may include needs analyses, advice, asset management and support as well as the execution of transactions. The processing of your data is necessary if, for example, it is used for invoicing in the context of contract processing or to be able to send you an offer that you have requested.
Consent pursuant to Art. 6 para. 1 lit. a GDPR and Art. 9 para. 2 lit. a GDPR
If you have given us your consent to process personal data for specific purposes (e.g. transfer of data within the association / group or to use your data for specific advertising purposes), this processing is lawful on the basis of your consent. Data processing for the purpose of contacting us is based on your voluntarily given consent, for example if you use the contact form or newsletter registration on our websites www.dje.de and www.solidvest.de or send us a business card. You can withdraw your consent at any time. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. If we wish to use your personal data for purposes other than those mentioned above, we will inform you accordingly and, if necessary, obtain your consent.
Legal obligations pursuant to Art. 6 para. 1 lit. c GDPR
As a financial services institution, we are subject to various legal obligations, i.e. legal requirements (e.g. EU Financial Markets Directive and Regulation, Securities Institutions Act, Money Laundering Act, Securities Trading Act, tax laws; distance selling law, general civil law obligations) and banking supervisory requirements (e.g. European supervision, Deutsche Bundesbank and the Federal Financial Supervisory Authority (BaFin)). The purposes of processing include, among other things, the obligations arising from the German Securities Supervision Act (WpIG) to record the knowledge and experience of the respective client with investment services and financial instruments, the financial circumstances and investment objectives of the client, identity and age verification, fraud and money laundering prevention, compliance with sanction and embargo regulations, to respond to official inquiries from a competent government agency or judicial authority, the fulfillment of tax control and reporting obligations and the assessment and management of risks of DJE Kapital AG.
Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR
We may also process your personal data in our legitimate interest. This consists, for example, in being able to process your inquiries to us. In contrast, your rights and freedoms are not to be regarded as predominant, as the request was made by you. We also pursue our legitimate interests when we transfer your data to a lawyer or debt collection agency in order to recover outstanding debts or enforce our rights. In contrast, your rights and freedoms are not to be regarded as overriding, as it is the reasonable expectation of a data subject that lawyers or debt collection agencies will also be used in the event of legal or debt collection disputes.
In addition, we process your data, where necessary, beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties, e.g. in the following cases:
Examination and optimization of procedures for needs analysis and direct customer approach; incl. customer segmentation and calculation of probabilities of conclusion
Advertising or market and opinion research, provided you consent to the use of your data
Assertion of legal claims and defense in legal disputes
Ensuring the IT security and IT operations of DJE Kapital AG
Prevention of criminal offenses, in particular fraud prevention
Measures for building and system security (e.g. access controls)
Other measures to safeguard domiciliary rights
Measures for business management and further development of services and products
Origin of your personal data
In principle, we collect data from you personally. In some cases, we also receive your data from third parties. For example, if you are supported by an intermediary or tipster, your personal data will be transmitted to us by your advisor as part of the application process. We may also receive your data from banks, financial portals, Deutsche Post AG (POSTIDENT) and service providers for risk assessments in accordance with the GwG. Furthermore, in some cases we obtain information from various public registers.
Recipients of your personal data
Within DJE Kapital AG, those departments that need your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain banking secrecy and comply with our written instructions under data protection law. We may only pass on information about you if this is required by law, if you have given your consent or if processors commissioned by us guarantee compliance with the requirements of the GDPR or the BDSG in the same way. Under these conditions, recipients of personal data may be, for example
Public bodies and institutions (e.g. Deutsche Bundesbank, Federal Financial Supervisory Authority (BaFin), European Supervisory Authority, tax authorities, Federal Central Tax Office) in the event of a legal or official obligation.
Other credit and financial services institutions, comparable institutions and processors to whom we transfer personal data in order to conduct the business relationship with you. These companies are also legally or contractually obliged to handle personal data with the necessary care. In particular, we work with IT service providers, financial service providers and custodian banks.
Intermediaries, tipsters and service providers who support us in the following activities:
Support / maintenance of EDP/IT applications
archiving
Document processing
Call center services
Compliance services
controlling
Data screening for anti-money laundering purposes
Data destruction
Purchasing / Procurement
Space management
Real estate appraisals
Credit processing service
Collateral management
Collection
Customer administration and support
Lettershops
marketing
Dispatch of customer gifts
Media technology
Reporting
research
Risk controlling
Expense accounting
Telephony
Video legitimation
Website management
Securities services
Share register
Fund administration
Auditing services
Payment transactions
Members of certain regulated professions such as lawyers, notaries or auditors
Other data recipients may be those bodies for which you have given your consent to the transfer of data or for which you have released us in accordance with an agreement or consent.
Digital application route
We process your personal data in digital form (digital application process) as part of the preparatory activities and when opening a custody account and the associated data exchange with the custodian bank.
We generally collect the information directly from you or receive it from your adviser.
This includes the following information:
Personal master data: First name, surname, date of birth, place of birth, nationality
Address data: Address
Contact details: Telephone number, cell phone number, e-mail address
Asset data: Deposit balance, asset overviews
Contract data: Transaction data, information on the asset management contract
We do not process special categories of personal data in accordance with Art. 9 GDPR.
We use a service provider with whom we have concluded an agreement on order processing in accordance with Art. 28 GDPR for the processing of a digital application process and the associated faster account opening.
A contractual relationship is also possible without the use of the digital application route. However, even with analog processing, data transmission of your personal data is necessary for the fulfillment of the contract.
Transmission to third countries
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment and securities orders) or is required by law (e.g. reporting obligations under tax law), if you have given us your consent or as part of order processing. If service providers are used in a third country, they are obliged to comply with the level of data protection in Europe in addition to written instructions by agreeing the EU standard contractual clauses. If you require a printout of these provisions or information on their availability, you can contact us in writing using the contact details provided.
Obligation to provide your personal data
As part of our business relationship, you must provide the personal data that is required for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it. In particular, we are obliged under money laundering regulations to identify you before establishing the business relationship, for example by means of your identity card, and to collect and record your name, place of birth, date of birth, nationality, home address and ID card details. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with Section 11 (6) of the German Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.
Deletion periods
We process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is intended to last for several years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is required for the following purposes:
Compliance with retention periods under commercial and tax law for the fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR): These include the German Commercial Code, the German Fiscal Code, the German Money Laundering Act and the German Securities Trading Act. The retention and documentation periods specified there are two to ten years.
Preservation of evidence within the framework of the statute of limitations in the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR). According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years. A retention period of six months applies to applicants without subsequent conclusion of a contract. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that their data will be retained for a certain period of time to preserve evidence in the event of any disputes. Data processing is strictly earmarked.
Defense and prosecution of rights and claims in the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR): In order to pursue and defend our rights and claims, it may be necessary to continue to store your personal data in the event of a dispute. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that their data will be retained for a certain period of time to preserve evidence in the event of a dispute. Data processing is strictly earmarked.
Preservation of backups: In our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in protecting our business processes and ensuring data protection and information security, we create backup copies at regular intervals. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that backup copies will be made. Data processing is strictly earmarked.
As soon as none of the above-mentioned purposes for further processing of your data apply, we will delete your data.
Data exchange with your advisor (tipster)
In cases where you are referred to us for our services/products by your advisor, our tipster, we may exchange personal data with your advisor. This concerns the following data from you
Name
your address
contact details
securities account balance
Asset overviews
Transaction data
Information on the asset management agreement
We receive your data from the tipster by way of contract initiation in accordance with Art. 6 para. 1 lit. b GDPR when we receive your application to conclude a contract.
If you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will also transmit your data to the tipster so that he can provide you with high-quality support and we can settle accounts with the tipster via his commission. Consent is voluntary and can be revoked at any time with effect for the future. You will not suffer any disadvantages if you do not give your consent or revoke your consent at a later date. However, if you do not give your consent or withdraw your consent, the support provided by your advisor may be impaired because we will then no longer be able to send him any further information.
E. Webinars and video conferencing systems
Data processing
Among other things, we use online conferencing tools to communicate and conduct informative webinars with our customers. The individual tools we use are listed below. If you communicate with us by video or audio conference via the Internet or take advantage of one of our webinar offers online, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other "context information" in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that is required to process the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or provided in any other way within the tool, this is also stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company and to conduct webinars and information events (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected by this.
We have no influence on the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conferencing tools:
Zoom
We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom's privacy policy: https: //zoom.us/de-de/privacy.html.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https: //zoom.us/de-de/privacy.html.
GoToWebinar
We use GoToWebinar. The provider is LogMeIn, Inc, 320 Summer Street Boston, MA 02210, USA. Details on data processing can be found in GoToMeeting's privacy policy: www.goto.com/de/company/legal/privacy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https: //logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf
F. Advertising communication
We would like to contact you with information about our company's offers and services, in particular about webinars, customer satisfaction surveys, promotions, events and functions of our company for advertising purposes.
Legal basis for data processing
The legal basis for this is either your consent within the meaning of Art. 6 para. 1 lit. a GDPR, Section 7 UWG or our legitimate interest in direct advertising in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 UWG.
Purposes of the processing of your data
Data processing for these purposes includes the processing of your lawfully stored data in connection with the respective information on your financial circumstances, your risk appetite and custody account data for individualized advertising and market research, statistics and analyses. It also includes the use of this data to uniquely identify you in order to offer you the best possible services and customer experience and to avoid any inconsistencies in connection with the above-mentioned purposes of advertising communication.
For this purpose, automated processes are used to match and merge data in order to identify potential matches in two or more data sets from different sources and systems with the aim of generating a unique, correct and always up-to-date customer master data set.
Advertising communication based on your consent
If you give us your consent, we base the above-mentioned data processing on your consent in accordance with Art. 6 para. 1 lit. a GDPR/§ 7 UWG. The following provisions apply to data processing in the context of the submission of this declaration of consent:
Contact channels
In order to comply with your personal rights to the greatest possible extent, we offer you the choice between different communication channels (telephone, e-mail, post, mobile phone/SMS) wherever possible. We will therefore only use those channels to which you have consented.
Processing of data for verification purposes
For verification purposes and in order to comply with our accountability obligations under Art. 5 GDPR, we will store your declaration of consent and the personal data contained therein in our company until the purpose of storage no longer applies. Accordingly, your declaration of consent will be deleted 5 years after revocation of your advertising consent in accordance with data protection regulations.
Consequences of non-submission and revocation
Your consent is always voluntary. You are free at any time to revoke a declaration of consent once given with effect for the future or not to submit a declaration of consent offered. This procedure has no negative consequences for you. Please note, however, that if you withdraw your consent or do not provide it, we will no longer be able to provide you with information and offers from our company.
Promotional communication and competitions or events
If you have provided us with personal data as part of a competition or event, we will only process it for the purpose of advertising communication if you have given us your express and voluntary consent to do so in accordance with Art. 6 para. 1 lit. a GDPR.
Advertising communication based on our legitimate interest
In some cases, we also process your personal data for the above-mentioned purposes on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in non-harassing direct advertising and your rights and freedoms are not to be regarded as predominant in comparison.
If we send you advertising via electronic mail (e-mail), we only use e-mail addresses that we have collected as part of a sale of goods or services, only send direct advertising for our own similar goods or services and only use your e-mail address as long as you have not objected to the sending of direct advertising.
If we send you direct advertising by post on the basis of our legitimate interest, we will use your data for this purpose until you have objected to this form of direct advertising.
In the case of this form of direct marketing, you have the right to object at any time in accordance with Art. 21 (2) GDPR, which can be exercised without giving reasons.
Processing of data for verification purposes
If this is necessary to pursue our legitimate interests, we will process the declaration of consent or the data stored therein or in this context, insofar as we are authorized to do so. This may also include the disclosure of this information to legal advisors or state authorities in accordance with Art. 6 para. 1 lit. f GDPR.
Direct advertising without personal reference
If contact data is not personally identifiable and the addressee of the direct advertising is not a consumer in accordance with Section 13 of the German Civil Code (BGB), we also use this data in the context of direct advertising by telephone, provided we can assume that the addressee has given their presumed consent. Furthermore, we also collect contact data from third parties for the purposes of advertising communication, insofar as this is permitted by law.
Blacklist/ Robinson list
Contact data of persons who are not registered in a customer account with us and who have exercised their right to object to direct advertising within the meaning of Art. 21 para. 2 GDPR or Section 7 UWG are stored in a blacklist/ Robinson list. The purpose of this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the administration and proper consideration of objections to direct advertising. In contrast, the interests or fundamental rights and freedoms of the data subjects are not to be regarded as overriding, as the data processing is necessary to safeguard the rights and freedoms of the data subjects, since without this list the objections to advertising could not be taken into account when sending advertising.
G. Competition
Purposes of data processing
DJE will process personal data as the organizer of a competition insofar as this is necessary to establish the legal relationship with the participant and for the subsequent implementation and processing of the competition (Art. 6 para. 1 lit. b GDPR). This also includes checking the conditions of participation and determining the winner. The data of the winners will be stored within the statutory retention periods (in particular according to HGB; AO and WpIG) in accordance with Art. 6 para. 1 lit. c GDPR.
DJE will also send all participants the e-mail newsletter with information about DJE offers and services on the basis of their consent in accordance with Art. 6 para. 1 lit. a GDPR. Participation in the competition is not possible without granting this consent. Consent can be revoked at any time with effect for the future.
Should legal disputes arise in the course of the implementation of the competition or beyond, we will retain the data of the participants concerned for as long as we need them to defend our rights in accordance with Art. 6 para. 1 lit. f GDPR.
Categories of data concerned
Data of the competition participants is collected. This is usually the title, name, company to which the participant belongs, email address, telephone number and postal address.
Duration of data storage
Winners' data will be stored in accordance with the statutory retention obligations under Section 257 of the German Commercial Code and Section 147 of the German Fiscal Code. The data of all participants will be processed after completion of the competition until their declaration of consent is revoked and for a further five years to prove that the declaration of consent was given.
Recipients of the data
Data will not be passed on to third parties without your prior consent. DJE uses the services of processors to send the newsletter. In accordance with Art. 28 GDPR, these processors are obliged to process the data only on the instructions of DJE and to treat it confidentially.
Obligation to provide your data
You are not obliged to provide DJE with your data. However, if you do not provide your data and do not give your consent to receive the newsletter, you will not be able to participate in the competition.
H. Business partner
We process the personal data of our business partners.
Data subjects and data
When we process personal data of our business partners, this is primarily data of our business partners' employees or contact persons. We process the data that is necessary to fulfill the purpose. These are in particular
Identity information (e.g. first and last name, gender, company affiliation, job title/professional title)
Contact information (address, e-mail address and telephone number)
Communication data (content and time of communication, details of recipient and sender of communication)
Contract information (contract details, contract content, contract status)
Data processing
On the one hand, this is done in the context of contract initiation and contract fulfillment in accordance with Art. 6 para. 1 lit. b GDPR in order to process existing contracts or to negotiate the conclusion of contracts.
Furthermore, we process your personal data in our legitimate interest to safeguard and pursue our legal claims in accordance with Art. 6 para. 1 lit. f GDPR.
If we are legally obliged to process your personal data, we process your data in accordance with Art. 6 para. 1 lit. c GDPR.
Transfer to third countries
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment and securities orders) or is required by law (e.g. tax reporting obligations), if you have given us your consent or as part of order processing. If service providers are used in a third country, they are obliged to comply with the level of data protection in Europe in addition to written instructions by agreeing the EU standard contractual clauses. If you require a printout of these provisions or information, you can contact us in writing using the contact details provided.
Obligation to provide your personal data
As part of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it.
In particular, we are obliged under money laundering regulations to identify you before establishing the business relationship, for example by means of your identity card, and to collect and record your name, place of birth, date of birth, nationality, residential address and identification data. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with Section 11 (6) of the German Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.
Deletion periods
We process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is intended to last for several years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is required for the following purposes:
Compliance with retention periods under commercial and tax law for the fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR): These include the German Commercial Code, the German Fiscal Code, the German Money Laundering Act and the German Securities Trading Act. The retention and documentation periods specified there are two to ten years.
Preservation of evidence within the framework of the statute of limitations in the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR). According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years. A retention period of six months applies to applicants without subsequent conclusion of a contract. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that their data will be retained for a certain period of time to preserve evidence in the event of any disputes. Data processing is strictly earmarked.
Defense and prosecution of rights and claims in the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR): In order to pursue and defend our rights and claims, it may be necessary to continue to store your personal data in the event of a dispute. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that their data will be retained for a certain period of time to preserve evidence in the event of a dispute. Data processing is strictly earmarked.
Preservation of backups: In our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in protecting our business processes and ensuring data protection and information security, we create backup copies at regular intervals. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that backup copies will be made. Data processing is strictly earmarked.
As soon as none of the above-mentioned purposes for further processing of your data apply, we will delete your data.
Recipients of the data
Within DJE Kapital AG, those departments that need your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain banking secrecy and comply with our written instructions under data protection law. We may only pass on information about you if this is required by law, if you have given your consent or if processors commissioned by us guarantee compliance with the provisions of the GDPR or the BDSG in particular. Under these conditions, recipients of personal data may be, for example
Public bodies and institutions (e.g. Deutsche Bundesbank, Federal Financial Supervisory Authority (BaFin), European Supervisory Authority, tax authorities, Federal Central Tax Office) in the event of a legal or official obligation.
Other credit and financial services institutions, comparable institutions and processors to whom we transfer personal data in order to conduct the business relationship with you. These companies are also legally or contractually obliged to handle personal data with the necessary care. In particular, we work with IT service providers, financial service providers and custodian banks.
Intermediaries, tipsters and service providers who support us in the following activities:
Support / maintenance of EDP/IT applications
archiving
Document processing
Call center services
Compliance services
controlling
Data screening for anti-money laundering purposes
Data destruction
Purchasing / Procurement
Space management
Real estate appraisals
Credit processing service
Collateral management
Collection
Customer administration and support
Lettershops
marketing
Dispatch of customer gifts
Media technology
Reporting
research
Risk controlling
Expense accounting
Telephony
Video legitimation
Website management
Securities services
Share register
Fund administration
Auditing services
Payment transactions
Members of certain regulated professions such as lawyers, notaries or auditors
Other data recipients may be those bodies for which you have given your consent to the transfer of data or for which you have released us in accordance with an agreement or consent.
I. Applicants
When you apply for a job with us, we process your personal data as follows:
Purpose and legal basis of data processing
Application procedure
The storage of your data as part of the application process and the associated processing of the data serves to fill a vacancy in our company.
a) Application in response to a specific job advertisement
We publish job vacancies in our company on our homepage and on job portals. If you are interested in such a vacancy, you can apply to us for this specific vacancy. Your application data will then only be used for the application process for this specific position and processed in accordance with Art. 6 para. 1 lit. b GDPR and § 26 BDSG. If your application is not successful, your data will be deleted four months after the end of the application process.
b) Unsolicited application
It is possible for you to send an unsolicited application to our company without reference to a specific job advertisement. These applications will be reviewed. Your application data will then only be used for the application process and processed in accordance with Art. 6 para. 1 lit. b GDPR and § 26 BDSG. If your application is not successful, your data will be deleted four months after the end of the application process.
Applicant pool
If you have given your consent in the context of an application, whether for an advertised position or on your own initiative, in accordance with Art. 6 para. 1 lit. a GDPR, this applies to the inclusion in our applicant pool and the associated longer storage of your documents for up to 1 year. You will only be included in our pool with your data transmitted to us once you have given your consent.
The applicant pool is accessed for the following purpose: A position within our company needs to be filled. The job profile is therefore compared with your data and you are included in the application process. This data processing is carried out on the basis of Section 26 BDSG in conjunction with Art. 88 GDPR for the purpose of establishing an employment relationship.
Verification purposes
Furthermore, we process your data in accordance with Art. 6 para. 1 lit. f GDPR if this is necessary for a legitimate interest and your rights do not outweigh this interest. This applies in particular to the retention of your application documents as evidence in the event of a legal dispute in connection with the application process.
Legal obligations
The processing of your data in our company may also be necessary to fulfill a legal obligation to which we are subject in accordance with Art. 6 para. 1 lit. c GDPR. An example of this is the fulfillment of statutory retention periods.
Description of the processed data
We store and process all data that you transmit to us during the application process. This includes both the data from your application documents and the information that you provide to us in a telephone interview or in a personal interview.
The data processed includes your contact details such as surname, first name, address, telephone number, e-mail address, as well as all data relating to your professional and educational qualifications and degrees.
In addition, special categories of personal data within the meaning of Art. 9 GDPR may also be included in the processing. This may include, in particular, data relating to health, religious or philosophical beliefs, party or trade union membership. In addition, submitted application photos may contain personal data that is covered by the special categories of personal data. For example, information about racial and ethnic origin and health status. The sole purpose of processing this special data is to be able to use your application documents for the purpose of recruitment. Our company will not include this special information in decisions unless there is a legal obligation to do so. If you do not wish this data to be processed, you are free to submit new application documents that have been cleansed of this data. This procedure has no consequences for the prospects of your application.
Forwarding of data
1. data transfer to our company
In some cases, we also receive application documents and other information from recruitment service providers. If necessary, we will process the personal data contained therein in the manner described here as part of our application process.
2 Data transfer by our company
Data may be passed on by our company to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c GDPR (e.g. to authorities, police, etc.). In addition, on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR (e.g. to lawyers, tax consultants, authorities, etc.).
Obligation to transfer the data
You are not obliged to provide us with your data due to legal or contractual provisions. However, the transmission of your data is necessary in order to be considered for a vacant position.
There is no obligation to grant permission for permanent storage. Without this consent, however, we will not be able to consider your data for placement beyond the application process for a specific position or unsolicited application.
Standard deadlines for the deletion of personal data
If processing is based on your consent, we will process your data until you withdraw your consent.
Personal data will be deleted after the statutory and contractual retention periods have expired.
If personal data is not subject to any retention periods, it will be deleted as soon as the stated purposes no longer apply.
If your application is not successful, your data will be deleted four months after the end of the application process.
If you are employed by our company, your application documents will be transferred to your personnel file and are then subject to the corresponding retention periods.
If we are permitted to store and process your data on the basis of a declaration of consent, your data will be stored until you withdraw your consent.
Transfer of personal data to a third country
Personal data is generally not transferred to a third country. Should this still be the case, the data transfer is regulated by an adequacy decision (e.g. Canada), consent, binding corporate rules or concluded EU standard data protection clauses.