Data protection
On this page you will find our privacy policy.
If you are interested in our products and services, we process your personal data in order to provide you with a quote. We also process your personal data when you conclude contracts with us for the use of our products and services. We would like to inform you about this below:
Categories of data concerned
We process the following personal data:
Identity information (e.g. first and last name, identity card or passport number, nationality, place and date of birth, gender, photograph, IP address)
Contact information (address, e-mail address and telephone number)
Tax information (tax identification number, tax status)
Bank, financial and transaction data (e.g. bank details (IBAN))
Money transfers from and to your account/deposit
assets
notified investor profile, investment behavior
Financial situation (income and expenditure)
Client contact information in the context of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or by DJE Kapital AG, further personal data, e.g. information on contact channel, date, occasion and result, (electronic) copies of correspondence and information on participation in direct marketing measures as well as information on your wishes that you have expressed to us.
Audiovisual data (information from the video legitimation procedure, recordings of calls)
In the securities business:
Information on knowledge and / or experience with securities (MiFID status)
Investment behavior/strategy (period, scope, frequency of the customer's transactions with financial instruments, customer's risk appetite)
Information on education and occupation (e.g. level of education, occupation, name of employer)
Income (e.g. earnings)
financial situation
Assets, liabilities, income, e.g. from employment/self-employment/business; expenses
Foreseeable changes in financial circumstances (e.g. retirement age)
Specific goals / major concerns for the future (e.g. planned purchases, repayment of liabilities)
Marital status, matrimonial property regime and maintenance obligations
Tax information (e.g. information on church tax liability), documentation data (e.g. declarations of suitability)
In interest, currency and liquidity management:
Information on knowledge and / or experience with interest rate / currency products / investments
MiFID client classification
Investment behavior/strategy (period, scope, frequency of the customer's transactions with financial instruments, customer's risk appetite)
Education, professional qualifications, profession practiced, position in the company, industry affiliation
financial situation
(assets, liabilities, income, e.g. from employment/self-employment/business; expenses)
Foreseeable changes in financial circumstances (e.g. retirement age)
specific goals / significant concerns in the future (e.g. planned purchases, repayment of liabilities)
tax information (e.g. church tax liability), documentation data (e.g. consultation minutes)
Processing of personal data of children
If requested by customers, we also collect personal data from children. In doing so, we ensure that the holders of parental responsibility consent to the processing of personal data or, in certain cases, agree to the child's consent.
Special categories of personal data
We only process personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data relating to sex life or sexual orientation if we are legally entitled to do so.
Purposes and legal bases
Contract initiation and execution in accordance with Art. 6 para. 1 lit. b GDPR
If you make use of our products and services, we provide you with our financial services or you make specific inquiries in this regard, we process your data in the context of contract initiation or contract performance. The purposes of data processing depend primarily on the specific product and may include needs analyses, advice, asset management and support as well as the execution of transactions. The processing of your data is necessary if, for example, it is used for invoicing in the context of contract processing or to be able to send you an offer that you have requested.
Consent pursuant to Art. 6 para. 1 lit. a GDPR and Art. 9 para. 2 lit. a GDPR
If you have given us your consent to process personal data for specific purposes (e.g. transfer of data within the association / group or to use your data for specific advertising purposes), this processing is lawful on the basis of your consent. Data processing for the purpose of contacting us is based on your voluntarily given consent, for example if you use the contact form or newsletter registration on our websites www.dje.de and www.solidvest.de or send us a business card. You can withdraw your consent at any time. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. If we wish to use your personal data for purposes other than those mentioned above, we will inform you accordingly and, if necessary, obtain your consent.
Legal obligations pursuant to Art. 6 para. 1 lit. c GDPR
As a financial services institution, we are subject to various legal obligations, i.e. legal requirements (e.g. EU Financial Markets Directive and Regulation, Securities Institutions Act, Money Laundering Act, Securities Trading Act, tax laws; distance selling law, general civil law obligations) and banking supervisory requirements (e.g. European supervision, Deutsche Bundesbank and the Federal Financial Supervisory Authority (BaFin)). The purposes of processing include, among other things, the obligations arising from the German Securities Supervision Act (WpIG) to record the knowledge and experience of the respective client with investment services and financial instruments, the financial circumstances and investment objectives of the client, identity and age verification, fraud and money laundering prevention, compliance with sanction and embargo regulations, to respond to official inquiries from a competent government agency or judicial authority, the fulfillment of tax control and reporting obligations and the assessment and management of risks of DJE Kapital AG.
Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR
We may also process your personal data in our legitimate interest. This consists, for example, in being able to process your inquiries to us. In contrast, your rights and freedoms are not to be regarded as predominant, as the request was made by you. We also pursue our legitimate interests when we transfer your data to a lawyer or debt collection agency in order to recover outstanding debts or enforce our rights. In contrast, your rights and freedoms are not to be regarded as overriding, as it is the reasonable expectation of a data subject that lawyers or debt collection agencies will also be used in the event of legal or debt collection disputes.
In addition, we process your data, where necessary, beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties, e.g. in the following cases:
Examination and optimization of procedures for needs analysis and direct customer approach; incl. customer segmentation and calculation of probabilities of conclusion
Advertising or market and opinion research, provided you consent to the use of your data
Assertion of legal claims and defense in legal disputes
Ensuring the IT security and IT operations of DJE Kapital AG
Prevention of criminal offenses, in particular fraud prevention
Measures for building and system security (e.g. access controls)
Other measures to safeguard domiciliary rights
Measures for business management and further development of services and products
Origin of your personal data
In principle, we collect data from you personally. In some cases, we also receive your data from third parties. For example, if you are supported by an intermediary or tipster, your personal data will be transmitted to us by your advisor as part of the application process. We may also receive your data from banks, financial portals, Deutsche Post AG (POSTIDENT) and service providers for risk assessments in accordance with the GwG. Furthermore, in some cases we obtain information from various public registers.
Recipients of your personal data
Within DJE Kapital AG, those departments that need your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain banking secrecy and comply with our written instructions under data protection law. We may only pass on information about you if this is required by law, if you have given your consent or if processors commissioned by us guarantee compliance with the requirements of the GDPR or the BDSG in the same way. Under these conditions, recipients of personal data may be, for example
Public bodies and institutions (e.g. Deutsche Bundesbank, Federal Financial Supervisory Authority (BaFin), European Supervisory Authority, tax authorities, Federal Central Tax Office) in the event of a legal or official obligation.
Other credit and financial services institutions, comparable institutions and processors to whom we transfer personal data in order to conduct the business relationship with you. These companies are also legally or contractually obliged to handle personal data with the necessary care. In particular, we work with IT service providers, financial service providers and custodian banks.
Intermediaries, tipsters and service providers who support us in the following activities:
Support / maintenance of EDP/IT applications
archiving
Document processing
Call center services
Compliance services
controlling
Data screening for anti-money laundering purposes
Data destruction
Purchasing / Procurement
Space management
Real estate appraisals
Credit processing service
Collateral management
Collection
Customer administration and support
Lettershops
marketing
Dispatch of customer gifts
Media technology
Reporting
research
Risk controlling
Expense accounting
Telephony
Video legitimation
Website management
Securities services
Share register
Fund administration
Auditing services
Payment transactions
Members of certain regulated professions such as lawyers, notaries or auditors
Other data recipients may be those bodies for which you have given your consent to the transfer of data or for which you have released us in accordance with an agreement or consent.
Digital application route
We process your personal data in digital form (digital application process) as part of the preparatory activities and when opening a custody account and the associated data exchange with the custodian bank.
We generally collect the information directly from you or receive it from your adviser.
This includes the following information:
Personal master data: First name, surname, date of birth, place of birth, nationality
Address data: Address
Contact details: Telephone number, cell phone number, e-mail address
Asset data: Deposit balance, asset overviews
Contract data: Transaction data, information on the asset management contract
We do not process special categories of personal data in accordance with Art. 9 GDPR.
We use a service provider with whom we have concluded an agreement on order processing in accordance with Art. 28 GDPR for the processing of a digital application process and the associated faster account opening.
A contractual relationship is also possible without the use of the digital application route. However, even with analog processing, data transmission of your personal data is necessary for the fulfillment of the contract.
Transmission to third countries
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment and securities orders) or is required by law (e.g. reporting obligations under tax law), if you have given us your consent or as part of order processing. If service providers are used in a third country, they are obliged to comply with the level of data protection in Europe in addition to written instructions by agreeing the EU standard contractual clauses. If you require a printout of these provisions or information on their availability, you can contact us in writing using the contact details provided.
Obligation to provide your personal data
As part of our business relationship, you must provide the personal data that is required for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it. In particular, we are obliged under money laundering regulations to identify you before establishing the business relationship, for example by means of your identity card, and to collect and record your name, place of birth, date of birth, nationality, home address and ID card details. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with Section 11 (6) of the German Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.
Deletion periods
We process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is intended to last for several years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is required for the following purposes:
Compliance with retention periods under commercial and tax law for the fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR): These include the German Commercial Code, the German Fiscal Code, the German Money Laundering Act and the German Securities Trading Act. The retention and documentation periods specified there are two to ten years.
Preservation of evidence within the framework of the statute of limitations in the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR). According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years. A retention period of six months applies to applicants without subsequent conclusion of a contract. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that their data will be retained for a certain period of time to preserve evidence in the event of any disputes. Data processing is strictly earmarked.
Defense and prosecution of rights and claims in the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR): In order to pursue and defend our rights and claims, it may be necessary to continue to store your personal data in the event of a dispute. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that their data will be retained for a certain period of time to preserve evidence in the event of a dispute. Data processing is strictly earmarked.
Preservation of backups: In our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in protecting our business processes and ensuring data protection and information security, we create backup copies at regular intervals. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that backup copies will be made. Data processing is strictly earmarked.
As soon as none of the above-mentioned purposes for further processing of your data apply, we will delete your data.
Data exchange with your advisor (tipster)
In cases where you are referred to us for our services/products by your advisor, our tipster, we may exchange personal data with your advisor. This concerns the following data from you
Name
your address
contact details
securities account balance
Asset overviews
Transaction data
Information on the asset management agreement
We receive your data from the tipster by way of contract initiation in accordance with Art. 6 para. 1 lit. b GDPR when we receive your application to conclude a contract.
If you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will also transmit your data to the tipster so that he can provide you with high-quality support and we can settle accounts with the tipster via his commission. Consent is voluntary and can be revoked at any time with effect for the future. You will not suffer any disadvantages if you do not give your consent or revoke your consent at a later date. However, if you do not give your consent or withdraw your consent, the support provided by your advisor may be impaired because we will then no longer be able to send him any further information.
Data processing
Among other things, we use online conferencing tools to communicate and conduct informative webinars with our customers. The individual tools we use are listed below. If you communicate with us by video or audio conference via the Internet or take advantage of one of our webinar offers online, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other "context information" in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that is required to process the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or provided in any other way within the tool, this is also stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company and to conduct webinars and information events (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected by this.
We have no influence on the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conferencing tools:
Zoom
We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom's privacy policy: https: //zoom.us/de-de/privacy.html.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https: //zoom.us/de-de/privacy.html.
GoToWebinar
We use GoToWebinar. The provider is LogMeIn, Inc, 320 Summer Street Boston, MA 02210, USA. Details on data processing can be found in GoToMeeting's privacy policy: www.goto.com/de/company/legal/privacy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https: //logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf
We would like to contact you with information about our company's offers and services, in particular about webinars, customer satisfaction surveys, promotions, events and functions of our company for advertising purposes.
Legal basis for data processing
The legal basis for this is either your consent within the meaning of Art. 6 para. 1 lit. a GDPR, Section 7 UWG or our legitimate interest in direct advertising in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 UWG.
Purposes of the processing of your data
Data processing for these purposes includes the processing of your lawfully stored data in connection with the respective information on your financial circumstances, your risk appetite and custody account data for individualized advertising and market research, statistics and analyses. It also includes the use of this data to uniquely identify you in order to offer you the best possible services and customer experience and to avoid any inconsistencies in connection with the above-mentioned purposes of advertising communication.
For this purpose, automated processes are used to match and merge data in order to identify potential matches in two or more data sets from different sources and systems with the aim of generating a unique, correct and always up-to-date customer master data set.
Advertising communication based on your consent
If you give us your consent, we base the above-mentioned data processing on your consent in accordance with Art. 6 para. 1 lit. a GDPR/§ 7 UWG. The following provisions apply to data processing in the context of the submission of this declaration of consent:
Contact channels
In order to comply with your personal rights to the greatest possible extent, we offer you the choice between different communication channels (telephone, e-mail, post, mobile phone/SMS) wherever possible. We will therefore only use those channels to which you have consented.
Processing of data for verification purposes
For verification purposes and in order to comply with our accountability obligations under Art. 5 GDPR, we will store your declaration of consent and the personal data contained therein in our company until the purpose of storage no longer applies. Accordingly, your declaration of consent will be deleted 5 years after revocation of your advertising consent in accordance with data protection regulations.
Consequences of non-submission and revocation
Your consent is always voluntary. You are free at any time to revoke a declaration of consent once given with effect for the future or not to submit a declaration of consent offered. This procedure has no negative consequences for you. Please note, however, that if you withdraw your consent or do not provide it, we will no longer be able to provide you with information and offers from our company.
Promotional communication and competitions or events
If you have provided us with personal data as part of a competition or event, we will only process it for the purpose of advertising communication if you have given us your express and voluntary consent to do so in accordance with Art. 6 para. 1 lit. a GDPR.
Advertising communication based on our legitimate interest
In some cases, we also process your personal data for the above-mentioned purposes on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in non-harassing direct advertising and your rights and freedoms are not to be regarded as predominant in comparison.
If we send you advertising via electronic mail (e-mail), we only use e-mail addresses that we have collected as part of a sale of goods or services, only send direct advertising for our own similar goods or services and only use your e-mail address as long as you have not objected to the sending of direct advertising.
If we send you direct advertising by post on the basis of our legitimate interest, we will use your data for this purpose until you have objected to this form of direct advertising.
In the case of this form of direct marketing, you have the right to object at any time in accordance with Art. 21 (2) GDPR, which can be exercised without giving reasons.
Processing of data for verification purposes
If this is necessary to pursue our legitimate interests, we will process the declaration of consent or the data stored therein or in this context, insofar as we are authorized to do so. This may also include the disclosure of this information to legal advisors or state authorities in accordance with Art. 6 para. 1 lit. f GDPR.
Direct advertising without personal reference
If contact data is not personally identifiable and the addressee of the direct advertising is not a consumer in accordance with Section 13 of the German Civil Code (BGB), we also use this data in the context of direct advertising by telephone, provided we can assume that the addressee has given their presumed consent. Furthermore, we also collect contact data from third parties for the purposes of advertising communication, insofar as this is permitted by law.
Blacklist/ Robinson list
Contact data of persons who are not registered in a customer account with us and who have exercised their right to object to direct advertising within the meaning of Art. 21 para. 2 GDPR or Section 7 UWG are stored in a blacklist/ Robinson list. The purpose of this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the administration and proper consideration of objections to direct advertising. In contrast, the interests or fundamental rights and freedoms of the data subjects are not to be regarded as overriding, as the data processing is necessary to safeguard the rights and freedoms of the data subjects, since without this list the objections to advertising could not be taken into account when sending advertising.
Purposes of data processing
DJE will process personal data as the organizer of a competition insofar as this is necessary to establish the legal relationship with the participant and for the subsequent implementation and processing of the competition (Art. 6 para. 1 lit. b GDPR). This also includes checking the conditions of participation and determining the winner. The data of the winners will be stored within the statutory retention periods (in particular according to HGB; AO and WpIG) in accordance with Art. 6 para. 1 lit. c GDPR.
DJE will also send all participants the e-mail newsletter with information about DJE offers and services on the basis of their consent in accordance with Art. 6 para. 1 lit. a GDPR. Participation in the competition is not possible without granting this consent. Consent can be revoked at any time with effect for the future.
Should legal disputes arise in the course of the implementation of the competition or beyond, we will retain the data of the participants concerned for as long as we need them to defend our rights in accordance with Art. 6 para. 1 lit. f GDPR.
Categories of data concerned
Data of the competition participants is collected. This is usually the title, name, company to which the participant belongs, email address, telephone number and postal address.
Duration of data storage
Winners' data will be stored in accordance with the statutory retention obligations under Section 257 of the German Commercial Code and Section 147 of the German Fiscal Code. The data of all participants will be processed after completion of the competition until their declaration of consent is revoked and for a further five years to prove that the declaration of consent was given.
Recipients of the data
Data will not be passed on to third parties without your prior consent. DJE uses the services of processors to send the newsletter. In accordance with Art. 28 GDPR, these processors are obliged to process the data only on the instructions of DJE and to treat it confidentially.
Obligation to provide your data
You are not obliged to provide DJE with your data. However, if you do not provide your data and do not give your consent to receive the newsletter, you will not be able to participate in the competition.
We process the personal data of our business partners.
Data subjects and data
When we process personal data of our business partners, this is primarily data of our business partners' employees or contact persons. We process the data that is necessary to fulfill the purpose. These are in particular
Identity information (e.g. first and last name, gender, company affiliation, job title/professional title)
Contact information (address, e-mail address and telephone number)
Communication data (content and time of communication, details of recipient and sender of communication)
Contract information (contract details, contract content, contract status)
Data processing
On the one hand, this is done in the context of contract initiation and contract fulfillment in accordance with Art. 6 para. 1 lit. b GDPR in order to process existing contracts or to negotiate the conclusion of contracts.
Furthermore, we process your personal data in our legitimate interest to safeguard and pursue our legal claims in accordance with Art. 6 para. 1 lit. f GDPR.
If we are legally obliged to process your personal data, we process your data in accordance with Art. 6 para. 1 lit. c GDPR.
Transfer to third countries
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment and securities orders) or is required by law (e.g. tax reporting obligations), if you have given us your consent or as part of order processing. If service providers are used in a third country, they are obliged to comply with the level of data protection in Europe in addition to written instructions by agreeing the EU standard contractual clauses. If you require a printout of these provisions or information, you can contact us in writing using the contact details provided.
Obligation to provide your personal data
As part of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it.
In particular, we are obliged under money laundering regulations to identify you before establishing the business relationship, for example by means of your identity card, and to collect and record your name, place of birth, date of birth, nationality, residential address and identification data. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with Section 11 (6) of the German Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.
Deletion periods
We process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is intended to last for several years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is required for the following purposes:
Compliance with retention periods under commercial and tax law for the fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR): These include the German Commercial Code, the German Fiscal Code, the German Money Laundering Act and the German Securities Trading Act. The retention and documentation periods specified there are two to ten years.
Preservation of evidence within the framework of the statute of limitations in the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR). According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years. A retention period of six months applies to applicants without subsequent conclusion of a contract. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that their data will be retained for a certain period of time to preserve evidence in the event of any disputes. Data processing is strictly earmarked.
Defense and prosecution of rights and claims in the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR): In order to pursue and defend our rights and claims, it may be necessary to continue to store your personal data in the event of a dispute. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that their data will be retained for a certain period of time to preserve evidence in the event of a dispute. Data processing is strictly earmarked.
Preservation of backups: In our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in protecting our business processes and ensuring data protection and information security, we create backup copies at regular intervals. In contrast, your rights and freedoms are not to be regarded as predominant, as it is the reasonable expectation of a data subject that backup copies will be made. Data processing is strictly earmarked.
As soon as none of the above-mentioned purposes for further processing of your data apply, we will delete your data.
Recipients of the data
Within DJE Kapital AG, those departments that need your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain banking secrecy and comply with our written instructions under data protection law. We may only pass on information about you if this is required by law, if you have given your consent or if processors commissioned by us guarantee compliance with the provisions of the GDPR or the BDSG in particular. Under these conditions, recipients of personal data may be, for example
Public bodies and institutions (e.g. Deutsche Bundesbank, Federal Financial Supervisory Authority (BaFin), European Supervisory Authority, tax authorities, Federal Central Tax Office) in the event of a legal or official obligation.
Other credit and financial services institutions, comparable institutions and processors to whom we transfer personal data in order to conduct the business relationship with you. These companies are also legally or contractually obliged to handle personal data with the necessary care. In particular, we work with IT service providers, financial service providers and custodian banks.
Intermediaries, tipsters and service providers who support us in the following activities:
Support / maintenance of EDP/IT applications
archiving
Document processing
Call center services
Compliance services
controlling
Data screening for anti-money laundering purposes
Data destruction
Purchasing / Procurement
Space management
Real estate appraisals
Credit processing service
Collateral management
Collection
Customer administration and support
Lettershops
marketing
Dispatch of customer gifts
Media technology
Reporting
research
Risk controlling
Expense accounting
Telephony
Video legitimation
Website management
Securities services
Share register
Fund administration
Auditing services
Payment transactions
Members of certain regulated professions such as lawyers, notaries or auditors
Other data recipients may be those bodies for which you have given your consent to the transfer of data or for which you have released us in accordance with an agreement or consent.
When you apply for a job with us, we process your personal data as follows:
Purpose and legal basis of data processing
Application procedure
The storage of your data as part of the application process and the associated processing of the data serves to fill a vacancy in our company.
a) Application in response to a specific job advertisement
We publish job vacancies in our company on our homepage and on job portals. If you are interested in such a vacancy, you can apply to us for this specific vacancy. Your application data will then only be used for the application process for this specific position and processed in accordance with Art. 6 para. 1 lit. b GDPR and § 26 BDSG. If your application is not successful, your data will be deleted four months after the end of the application process.
b) Unsolicited application
It is possible for you to send an unsolicited application to our company without reference to a specific job advertisement. These applications will be reviewed. Your application data will then only be used for the application process and processed in accordance with Art. 6 para. 1 lit. b GDPR and § 26 BDSG. If your application is not successful, your data will be deleted four months after the end of the application process.
Applicant pool
If you have given your consent in the context of an application, whether for an advertised position or on your own initiative, in accordance with Art. 6 para. 1 lit. a GDPR, this applies to the inclusion in our applicant pool and the associated longer storage of your documents for up to 1 year. You will only be included in our pool with your data transmitted to us once you have given your consent.
The applicant pool is accessed for the following purpose: A position within our company needs to be filled. The job profile is therefore compared with your data and you are included in the application process. This data processing is carried out on the basis of Section 26 BDSG in conjunction with Art. 88 GDPR for the purpose of establishing an employment relationship.
Verification purposes
Furthermore, we process your data in accordance with Art. 6 para. 1 lit. f GDPR if this is necessary for a legitimate interest and your rights do not outweigh this interest. This applies in particular to the retention of your application documents as evidence in the event of a legal dispute in connection with the application process.
Legal obligations
The processing of your data in our company may also be necessary to fulfill a legal obligation to which we are subject in accordance with Art. 6 para. 1 lit. c GDPR. An example of this is the fulfillment of statutory retention periods.
Description of the processed data
We store and process all data that you transmit to us during the application process. This includes both the data from your application documents and the information that you provide to us in a telephone interview or in a personal interview.
The data processed includes your contact details such as surname, first name, address, telephone number, e-mail address, as well as all data relating to your professional and educational qualifications and degrees.
In addition, special categories of personal data within the meaning of Art. 9 GDPR may also be included in the processing. This may include, in particular, data relating to health, religious or philosophical beliefs, party or trade union membership. In addition, submitted application photos may contain personal data that is covered by the special categories of personal data. For example, information about racial and ethnic origin and health status. The sole purpose of processing this special data is to be able to use your application documents for the purpose of recruitment. Our company will not include this special information in decisions unless there is a legal obligation to do so. If you do not wish this data to be processed, you are free to submit new application documents that have been cleansed of this data. This procedure has no consequences for the prospects of your application.
Forwarding of data
1. data transfer to our company
In some cases, we also receive application documents and other information from recruitment service providers. If necessary, we will process the personal data contained therein in the manner described here as part of our application process.
2 Data transfer by our company
Data may be passed on by our company to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c GDPR (e.g. to authorities, police, etc.). In addition, on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR (e.g. to lawyers, tax consultants, authorities, etc.).
Obligation to transfer the data
You are not obliged to provide us with your data due to legal or contractual provisions. However, the transmission of your data is necessary in order to be considered for a vacant position.
There is no obligation to grant permission for permanent storage. Without this consent, however, we will not be able to consider your data for placement beyond the application process for a specific position or unsolicited application.
Standard deadlines for the deletion of personal data
If processing is based on your consent, we will process your data until you withdraw your consent.
Personal data will be deleted after the statutory and contractual retention periods have expired.
If personal data is not subject to any retention periods, it will be deleted as soon as the stated purposes no longer apply.
If your application is not successful, your data will be deleted four months after the end of the application process.
If you are employed by our company, your application documents will be transferred to your personnel file and are then subject to the corresponding retention periods.
If we are permitted to store and process your data on the basis of a declaration of consent, your data will be stored until you withdraw your consent.
Transfer of personal data to a third country
Personal data is generally not transferred to a third country. Should this still be the case, the data transfer is regulated by an adequacy decision (e.g. Canada), consent, binding corporate rules or concluded EU standard data protection clauses.