Privacy Policy
A. General Information and Contact Information
As a securities firm, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this Privacy Policy.
Personal data is data that can be used to identify you personally or make you identifiable. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.
Date of Privacy Policy
Effective: 02/2026
Given the constant pace of technological change and the ongoing development and improvement of our processes, this policy is updated regularly. We therefore recommend that you review our information and guidelines on data processing at regular intervals. You can find Solidvest’s privacy policy on the Solidvest website.
Data Controller
DJE Kapital AG
Pullacher Straße 24
82049 Pullach
Phone: +49 89 790453-0
Email: info@dje.de
Represented by the Executive Board: Dr. Jens Ehrhardt (Chairman), Dr. Jan Ehrhardt (Vice Chairman), Christian Janas, Peter Schmitz
Scope of Application
This privacy notice explains the nature, scope, and purpose of the processing of personal data by the data controller, which is represented by the management.
The legal basis for data protection within Germany is set forth in particular in the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-neu), and the Telecommunications and Telemedia Data Protection Act (TDDDG).
Handling of Personal Data
Personal data is information relating to an identified or identifiable natural person (data subject).
The processing of such data is lawful only if at least one of the following conditions is met:
the data subject has consented to the processing of their personal data for one or more purposes (e.g., a declaration of consent for promotional communications),
the processing is necessary for the performance of a contract or for the implementation of precontractual measures (e.g., a concluded contract, the provision of services, the supply of products),
the processing is necessary to comply with a legal obligation to which the controller is subject (e.g., disclosure of data to government authorities),
the processing is necessary to protect the legitimate interests of the data controller or a third party, and the data subject’s conflicting interests do not outweigh these interests (e.g., data transfer to collection agencies and attorneys, video surveillance).
Description of the source groups
To the extent that we have not received the data directly from you, we obtain your personal data (first name, last name, phone number, cell phone number, email address, and your message) from intermediaries, referral sources, or other financial institutions in accordance with Article 6(1)(b) of the GDPR.
Transfer of Personal Data to a Third Country
Personal data is generally not transferred to a third country. Should this nevertheless be the case, the data transfer is governed by an adequacy decision (e.g., Canada), consent, Binding Corporate Rules, or concluded EU Standard Data Protection Clauses, supplemented by appropriate technical and organizational measures (so-called “supplementary measures”).
Standard Retention Periods for the Deletion of Personal Data
Personal data is deleted upon expiration of the statutory and contractual retention periods in accordance with Section 257 of the German Commercial Code and Section 147 of the German Fiscal Code. We are obligated to process data in this manner pursuant to Article 6(1)(c) of the GDPR.
If personal data is not subject to any retention periods, it will be deleted as soon as the stated purposes no longer apply. If you submit a valid request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.
Data Protection Officer
We have appointed a Data Protection Officer who acts on behalf of the company in accordance with Art. 37 et seq. of the GDPR:
Carolin Bauer
aigner business solutions GmbH
Goldener Steig 42
94116 Hutthurm
Phone: +49 8505 91927-0
Email: Datenschutz@dje.de
B. Rights of Data Subjects
Below, we would like to inform you about your rights under the GDPR:
Right of Access
You have the right to request information from the data controller regarding whether and which of your personal data are being processed.
To this end, the data controller provides an overview of the purposes of processing, the categories of personal data being processed, and the respective recipients or categories of recipients in accordance with Article 15 of the GDPR.
Rights to Rectification, Erasure, and Restriction of Processing
Pursuant to Article 16 of the GDPR, you have the right to request the immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.
Pursuant to Article 17 of the GDPR, you have the right to request that the controller erase personal data concerning you without undue delay, provided that no other legal requirement precludes such erasure.
Pursuant to Article 18 of the GDPR, you have the right to request the restriction of processing if
the accuracy of the personal data is disputed,
the processing is unlawful and you oppose the erasure of the personal data and instead request that its use be restricted,
the controller no longer needs the personal data for the purposes of processing, but needs it to assert, exercise, or defend legal claims,
you object to the processing pursuant to Article 21 of the GDPR.
Right to Withdraw Consent
You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of your consent prior to withdrawal.
Right to Object
You have the right under Article 21 of the GDPR to object at any time to the processing of your personal data. The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject.
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling to the extent that it is related to direct marketing. If you object, your personal data will no longer be processed for direct marketing purposes (Art. 21(2) GDPR).
Right to Data Portability
You have the right to have data that the controller processes automatically—based on your consent or in fulfillment of a contract—provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.
Right to File a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates this Regulation.
Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you.
C. Data Processing When Visiting Our Website
1. Privacy at a Glance
General Information
The following information provides an overview of how your personal data is processed when you visit this website. Personal data refers to any data that can be used to personally identify you.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact information in the “General Information” section.
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This may include, for example, data you enter into a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This primarily consists of technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you access this website.
How do we use your data?
Some of the data is collected to ensure the website functions properly. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive, free of charge, information about the source, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time with future effect. In addition, you have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the competent supervisory authority. You can contact us at any time regarding this matter or any other questions about data protection.
2. General Information and Mandatory Disclosures
Data Protection
The data controller takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this Privacy Policy.
When you use this website, various types of personal data are collected. Personal data is data that can be used to personally identify you. This Privacy Policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.
Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.
Hosting
This website is hosted externally. The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact information, names, website visits, and other data generated through a website.
External hosting is carried out for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR). If consent has been obtained, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent that the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Our hosting provider(s) will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
We use the following hosting provider(s):
maxcluster GmbH
Lise-Meitner-Str. 1b
D-33104 Paderborn
Data Processing on Behalf of Others
We have entered into a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Note on Data Transfer to the U.S.
Our website incorporates, among other things, tools from companies based in the United States. When these tools are active, your personal data may be transferred to the U.S. servers of the respective companies. Please note that the U.S. is not a “safe third country” within the meaning of EU data protection law. U.S. companies are required to disclose personal data to law enforcement agencies, and you, as the data subject, have no legal recourse against this. It therefore cannot be ruled out that U.S. authorities (e.g., intelligence agencies) may process, analyze, and permanently store your data located on U.S. servers for surveillance purposes. We have no influence over these processing activities.
Redirection to Third-Party Websites
We have included links to third-party websites. When you click on these links, data is transmitted to the operator of the website. This privacy policy does not govern the collection, disclosure, or handling of personal data by third parties. Please review the privacy policy of the respective data controller.
Declaration of Consent pursuant to Section 25(1) of the TDDDG
Depending on your consent, we use various tools on our website that process your data. If we base data processing on your declaration of consent pursuant to Article 6(1)(a) of the GDPR and inform you in our privacy policy about the purpose and effect of the declaration of consent, your consent also applies within the meaning of Section 25(1) of the TDDDG.
Please refer to the Privacy Policy for information on which cookies, plug-ins, and other data-processing tools are used.
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock icon in your browser’s address bar. When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
3. Data Collection on This Website
Cookies
Our website uses so-called “cookies.” Cookies are small data packets that do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.
Cookies may be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services into websites (e.g., cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary, as certain website features would not work without them (e.g., the shopping cart feature or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary for carrying out the electronic communication process, for providing certain functions you have requested (e.g., the shopping cart function), or for optimizing the website (e.g., cookies for measuring website traffic) (necessary cookies), are stored on the basis of Article 6(1)(f) of the GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar tracking technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG); consent may be revoked at any time.
You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to block the acceptance of cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be limited.
You can find information about which cookies and services are used on this website in this Privacy Policy.
Consent via Cookiebot by UserCentrics
Our website uses Cookiebot’s consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this in compliance with data protection regulations. This technology is provided by UserCentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).
When you visit our website, a connection is established with Cookiebot’s servers to obtain your consents and other declarations regarding cookie usage. Cookiebot then stores a cookie in your browser to associate the consents you have granted—or their revocation—with your session. The data collected in this manner is stored until you request that we delete it, delete the Cookiebot cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention requirements remain unaffected.
Cookiebot is used to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Essential Cookies
Essential cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
3a. Cookies Used
Server Log Files
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:
browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
This data is not combined with other data sources.
This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring the technically error-free display and optimization of its website—to this end, the server log files must be collected.
Inquiries by email or phone
If you contact us via email, phone, or fax, your inquiry—including all personal data contained therein (name, inquiry)—will be stored and processed by us for the purpose of handling your request. We will not disclose this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) of the GDPR).
The data you send us via contact requests will remain with us until you request its deletion or the purpose for storing the data no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.
Contact Form
If you submit inquiries to us via the contact form, the contact information you provide and the content of your inquiry will be stored by us for processing. We will not share this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is necessary for the performance of a contract or for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us (Article 6(1)(f) of the GDPR).
The data you provide will remain with us until the purpose for storing the data no longer applies or you request that we delete it. Legal provisions, in particular retention obligations, remain unaffected.
Newsletters and Information Materials
To receive the newsletter offered on our website as well as information about our services and offerings (e.g., Portfolio Paper), you can sign up using our forms. By subscribing, you provide your consent within the meaning of Art. 6(1)(a) of the GDPR and § 7(2)(3) of the 3 of the German Unfair Competition Act (UWG), which authorizes us to use your personal data for promotional purposes as part of our newsletter and for analytical purposes by evaluating click-through rates. For this purpose, we process your title, first and last name, email address, and data regarding your click behavior. If you grant us your consent, we will send you our portfolio by mail once. For this purpose, we process your mailing address.
To verify that you have correctly provided your consent, we use the so-called double opt-in procedure. First, a confirmation email will be sent to the email address you provided, asking you to confirm your consent. Your registration will not take effect until you click the activation link contained in the confirmation email.
We use HubSpot to send and analyze our newsletter. Your data will therefore be transmitted to this service provider. HubSpot is prohibited from using your data for any purposes other than those specified. HubSpot is not permitted to share or sell your data. HubSpot is a software provider that was carefully selected in accordance with the requirements of the GDPR and the BDSG.
Your consent is voluntary. You may revoke your consent to the storage of your data and its use for sending the newsletter at any time with future effect, e.g., via the unsubscribe link in the newsletter. Please note that if you do not give your consent or revoke it before the informational material is sent, we will not be able to send you the informational material.
It is possible that you may still receive promotional communications even after revoking your consent, or that you may receive a newsletter or informational material within the next 10 days. This is because our company plans promotional campaigns over an extended period, and the selection of recipients may have already been made before we received your revocation. Please also note that the informational material will still be delivered to you if your revocation is received after we have already sent it.
4. Plugins and Tools
CookieBot
We use CookieBot on our website. For more information, see the “Cookies” section.
YouTube with enhanced privacy settings
This website embeds videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of the pages on this website that includes a YouTube video, a connection is established with YouTube’s servers. In the process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing activity directly with your personal profile. You can prevent this by logging out of your YouTube account.
When you load a YouTube video, connections are also established to Google Fonts and other Google services. For more details, please refer to the information below.
We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalize the YouTube browsing experience. Ads displayed in enhanced privacy mode are also not personalized. No cookies are set in enhanced privacy mode. Instead, however, so-called local storage elements are stored in the user’s browser; these contain personal data similar to cookies and can be used for recognition purposes. Details about enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780.
In some cases, playing a YouTube video may trigger additional data processing operations over which we have no control.
The use of YouTube is in the interest of presenting our online offerings in an appealing manner. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) of the GDPR. If consent has been requested, processing is based exclusively on Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, to the extent that the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
For more information about data protection on YouTube, please see their Privacy Policy at: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform any independent analyses. It is used solely to manage and deploy the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website.
If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data transfers to the United States are based on the EU-U.S. Data Privacy Framework.
Google Fonts
This website uses Google Fonts. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This site uses so-called Google Fonts, provided by Google, to ensure a consistent font display. When you visit a page, your browser loads the necessary fonts into its cache to display text and fonts correctly.
For this purpose, the browser you are using must establish a connection to Google’s servers. As a result, Google becomes aware that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6(1)(a) of the GDPR and § 25(1) of the TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data transfers to the United States are based on the EU-U.S. Data Privacy Framework.
If your browser does not support Google Fonts, a default font from your computer will be used.
For more information about Google Fonts, visit developers.google.com/fonts/faq and see Google’s Privacy Policy: policies.google.com/privacy.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Maps
This site uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to embed map content on our website.
To use the features of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the United States and stored there. The provider of this site has no influence over this data transmission. When Google Maps is activated, Google may use Google Fonts to ensure consistent font display. When you access Google Maps, your browser loads the required web fonts into its cache to display text and fonts correctly.
The use of Google Maps is based exclusively on Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on how user data is handled, please see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user’s location. This data is associated with the user’s respective device. The data is not assigned to a user ID. Furthermore, Google Analytics allows us to track, among other things, your mouse and scroll movements as well as your clicks. In addition, Google Analytics uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in its data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the United States and stored there.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG.
Consent may be revoked at any time. Data transfers to the United States are based on the EU-U.S. Data Privacy Framework.
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF commits to complying with these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data, please see Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display ads in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively by, for example, analyzing which search terms led to the display of our ads and how many ads resulted in corresponding clicks. Use of this service is based on your consent pursuant to Art. 6(1)(a) of the GDPR and §25(1) of the TDDDG. You may revoke your consent at any time.
Data transfers to the United States are based on the EU-U.S. Data Privacy Framework.
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Conversion Tracking allows Google and us to determine whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked and how often, as well as which products are viewed or purchased most frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they took.
We do not receive any information that would allow us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification purposes.
The use of this service is based on your consent pursuant to Art. 6(1)(a) of the GDPR and §25(1) of the TDDDG. You may revoke your consent at any time.
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Consent may be revoked at any time. Data transfers to the United States are based on the EU-U.S. Data Privacy Framework.
For more information on Google Conversion Tracking, please see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
Google DoubleClick
This website uses features provided by Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “DoubleClick”).
DoubleClick is used to display interest-based ads to you throughout the Google Display Network. With the help of DoubleClick, these ads can be tailored to the interests of the respective viewer. For example, our ads may appear in Google search results or in ad banners connected to DoubleClick.
In order to display interest-based ads to users, DoubleClick must be able to recognize the viewer and associate them with the websites they have visited, their clicks, and other information regarding their user behavior. To do this, DoubleClick uses cookies or similar recognition technologies (e.g., device fingerprinting). The information collected is compiled into a pseudonymous user profile to display interest-based ads to the user in question.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may revoke your consent at any time with future effect.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
Consent may be revoked at any time. Data transfers to the United States are based on the EU-US Data Privacy Framework.
For more information on how to opt out of the ads displayed by Google, please visit the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.
Meta Pixel (formerly Facebook Pixel)
This website uses Facebook/Meta’s visitor action pixels to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the United States and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and helps optimize future advertising campaigns.
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook, allowing a link to be established with the respective user profile and enabling Facebook to use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to display advertisements both on Facebook and outside of Facebook. As the site operator, we have no control over this use of the data.
Use of this service is based on your consent pursuant to Art. 6(1)(a) of the GDPR and § 25(1) of the TDDDG. You may revoke your consent at any time with future effect.
We use the extended matching feature within Meta Pixel.
Extended Matching allows us to transmit various types of data (e.g., city, state, ZIP code, hashed email addresses, names, gender, date of birth, or phone number) about our customers and prospects—which we collect via our website—to Meta (Facebook). By enabling this feature, we can tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offerings. In addition, advanced matching improves the attribution of website conversions and expands Custom Audiences.
To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. The obligations shared by us have been set forth in a joint processing agreement. The text of the agreement can be found at: www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy notices when using the Facebook tool and for ensuring the tool is implemented on our website in compliance with data protection laws. Facebook is responsible for the data security of Facebook products. You can exercise your data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obligated to forward these requests to Facebook.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
You can find further information on the protection of your privacy in Facebook’s Privacy Policy: https://de-de.facebook.com/about/privacy/.
You can also disable the “Custom Audiences” remarketing feature in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can disable interest-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4452.
HubSpot
We use HubSpot Forms, HubSpot Analytics, HubSpot Usemessages, and HubSpot CRM (hereinafter collectively referred to as “HubSpot”) and related services on this website to send newsletters, analyze usage, and collect customer contact information from potential customers.
HubSpot is a software company based in the United States (HubSpot Inc., 25 Street, Cambridge, MA 02141, USA) with a branch office in Ireland. Contact: HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland.
Among other things, HubSpot enables us to manage existing and potential customers as well as customer contacts. With the help of HubSpot, we are able to record, organize, contact, and analyze customer interactions via email, social media, or phone across various channels. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing activities (e.g., newsletter mailings). HubSpot also enables us to track and analyze the user behavior of our contacts on our website.
The use of HubSpot CRM and Forms is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in managing and communicating with customers as efficiently as possible, as well as in providing a sign-up form for newsletters on its website.
The use of HubSpot Analytics, HubSpot User Messages, and data processing in connection with the distribution of newsletters is based exclusively on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time with future effect.
For details, please refer to HubSpot’s Privacy Policy: https://legal.hubspot.com/de/privacy-policy.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.
The company is also certified under the “EU-US Data Privacy Framework” (DPF). This framework is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to complying with these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5812.
Data Processing
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
SalesViewer
We have integrated SalesViewer into this website. The provider is SalesViewer / SalesViewer GmbH, Hueststr. 30, 44787 Bochum (hereinafter referred to as “SalesViewer”).
SalesViewer enables us to track visits to our website by employees of other companies. For this purpose, the website visitor’s IP address is compared with the company IP addresses stored in SalesViewer’s database. If the IP address belongs to a company, this visit and the visitor’s user behavior are recorded. IP addresses not found in SalesViewer’s database are immediately deleted, ensuring that website visits by private individuals are not further tracked by SalesViewer.
SalesViewer offers an opt-out procedure to enhance data protection. For further details, please refer to the following link provided by the provider: https://www.salesviewer.com/de/opt-out/.
The use of SalesViewer is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in tracking business visits to our website and the users’ behavior.
For further details, please refer to the provider’s privacy policy: https://www.salesviewer.com/de/plattform/datenschutz/.
Data Processing on Behalf of a Client
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
This website uses the Insight Tag (LinkedIn Ads and LinkedIn Analytics) from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data Processing via the LinkedIn Insight Tag The LinkedIn Insight Tag allows us to obtain information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyze, among other things, their key professional data (e.g., career level, company size, country, location, industry, and job title) and thus better tailor our site to the respective target groups. Furthermore, using LinkedIn Insight Tags, we can measure whether visitors to our website make a purchase or take another action (conversion tracking). Conversion tracking can also be performed across devices (e.g., from a PC to a tablet). LinkedIn Insight Tag also offers a retargeting feature that allows us to display targeted ads to our website visitors outside of the website; according to LinkedIn, this does not involve identifying the ad recipient.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymized). LinkedIn members’ direct identifiers are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
As the website operator, we cannot associate the data collected by LinkedIn with specific individuals.
LinkedIn will store the collected personal data of website visitors on its servers in the United States and use it for its own advertising purposes.
For details, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal Basis
To the extent that consent has been obtained, the use of the aforementioned service is based exclusively on Article 6(1)(a) of the GDPR and Section 25 of the TDDDG. Consent may be revoked at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses.
Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to complying with these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5448.
Microsoft Advertising / Bing Ads
The website operator uses Bing Ads, hereinafter referred to as Microsoft Advertising. Microsoft Advertising is an online advertising program provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft Advertising enables us to display advertisements in the Bing search engine or on third-party websites when a user enters specific search terms into Bing (keyword targeting). Furthermore, targeted ads can be displayed based on user data available to Microsoft (e.g., location data and interests) (audience targeting). As the website operator, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
We use Microsoft Advertising’s Universal Event Tracking (UET) on this page. This involves collecting pseudonymized data to track the actions you take on our websites after clicking on an ad through Microsoft Advertising. In this process, UET collects your IP address (anonymized), device identifiers, information about device and browser settings, Microsoft Click ID (stored in a cookie), the duration of your visit to the website, which sections of the website were accessed, which ad brought you to the website, and which keyword you clicked on.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may revoke your consent at any time.
Data transfers to the United States are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.
Data Processing on Behalf of a Third Party
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Objection to the Use of the LinkedIn Insight Tag
Object to the analysis of user behavior and targeted advertising by LinkedIn via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Data Processing on Behalf of a Client
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Microsoft Clarity
This website uses Microsoft Clarity (hereinafter referred to as “Clarity”). The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/.
Clarity is a tool for analyzing user behavior on this website. In particular, Clarity tracks mouse movements and creates a graphical representation of which parts of the website users scroll to most frequently (heat maps). Clarity can also record sessions, allowing us to view page usage in the form of videos. We also receive information about general user behavior on our website.
Clarity uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft’s servers (Microsoft Azure Cloud Service) in the United States.
The use of this service is based exclusively on your consent, in accordance with Article 6(1)(a) of the GDPR and Section 25 of the TTDSG. You may withdraw your consent at any time.
Further details on Clarity’s privacy policy can be found here: https://docs.microsoft.com/en-us/clarity/faq.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. Microsoft and the Microsoft Clarity service have submitted to the DPF. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active
Data Processing
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
JSDelivr.com
We use JSDelivr on our website, which is provided by the Polish software company ProspectOne, Królewska 65A/1, 30081, Kralów, Poland.
This service is used to ensure that our website loads quickly and displays properly on various devices, even when our website is experiencing high traffic.
By using this open-source solution, JavaScript libraries can be hosted on npm, GitHub, and similar servers. In order to provide these services, your browser may send personal data—such as your IP address, preferred language, browser type, browser version, the website being loaded, and the time and date of the load—to jsdelivr.com so that the website can be displayed correctly in your browser.
The use of JSDelivr.com is based exclusively on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time with future effect.
Legal Basis
To the extent that consent has been obtained, the use of the aforementioned service is based exclusively on Article 6(1)(a) of the GDPR and Section 25 of the TDDDG. Consent may be revoked at any time.
Highcharts
On our website, we use the “Highcharts Cloud” service provided by Highcharts AS, Sentrumsgata 44, 6893 VIK I SOGN, Norway.
This service allows us to display the current prices of various funds and investment options on our website.
In order to display the data relevant to each website visitor, the user’s country and investment profile type are requested. This information is required to provide the desired information to each visitor. If you do not wish to have this data processed, you will not be able to use this feature.
This data processing is based on our legitimate interest in displaying current market information for our customers and prospective clients, in accordance with Article 6(1)(f) of the GDPR.
For more information, please refer to the provider’s privacy policy: https://www.highcharts.com/blog/privacy/.
Anevis Solutions
We use the services of anevis solutions GmbH, Friedrich-Bergius-Ring 15, 97076 Würzburg, to provide graphic content on our website.
To ensure that the respective media are displayed correctly on different devices and in various browsers, Anevis Solutions retrieves server log files in order to provide the optimal version (see the “Server Log Files” section).
This data processing is based on our legitimate interest in displaying current stock market information for our customers and prospective clients, in accordance with Article 6(1)(f) of the GDPR.
For more information, please refer to the provider’s privacy policy: https://www.anevis-solutions.com/de/datenschutzerklaerung/
5. Privacy Information for Social Media
We use business accounts on Facebook, Instagram, LinkedIn, and Xing. When you visit our social media pages, you have the option to react to our posts, comment on them, and send us messages. Your visit to our social media profiles triggers a variety of data processing activities involving your personal data. We would like to inform you here about your rights regarding this processing of your personal data.
You are not required to provide us with your personal data. However, doing so may be necessary for the specific functionality of our social media profiles. We process your data for customer-oriented corporate presentation, for effective market-facing communication, and for communicating with users of our social media profiles. These data transfers and processing take place through your voluntary use of the platforms in accordance with Article 6(1)(a) and Article 49(1)(a) of the GDPR.
If you contact us via one of our social media channels, the data you provide will be used solely for the purpose of contacting you. The legal basis for this form of data processing is Article 6(1)(a) of the GDPR, your consent to be contacted via the respective social media channel, or, where applicable, Article 6(1)(b) of the GDPR in the case of the initiation or performance of contracts, Section 26 of the German Federal Data Protection Act (BDSG) for contact related to employment relationships; and Article 6(1)(f) of the GDPR in the event of an overriding legitimate interest in effective public relations work.
We would like to point out that the platform operators use web tracking and profiling systems that create comprehensive profiles of the users of these platforms. However, we have no control over these systems. When you visit our social media pages, your personal data is collected, used, and stored not only by us but also by the social media operators. This occurs even if you do not have a profile on the respective social network yourself. For details on the collection and storage of your personal data, as well as the nature, scope, and purpose of its use by the social media platforms, please refer to their privacy policies:
Facebook.com https://de-de.facebook.com/privacy/explanation
Instagram.com https://privacycenter.instagram.com/policy/
LinkedIn.com https://de.linkedin.com/legal/privacy-policy
Apple Podcasts https://www.apple.com/de/legal/privacy/data/de/apple-podcasts/
Google Podcasts https://policies.google.com/privacy?hl=en
Anchor.fm https://www.spotify.com/de/privacy
Information on Data Transfers to a Third Country
The headquarters of LinkedIn, Facebook, YouTube, Apple Podcasts, Google Podcasts, Spotify, Anchor.fm, and Instagram are located in the United States. This means that all of your data will be transferred to an unsafe third country where the level of protection for your personal data is not comparable to the standard within the European Union. Xing is headquartered in Germany. According to the provider, however, data may still be transferred to non-EU countries when using the platform.
The data transfer takes place on the basis of consent in accordance with Article 6(1)(a) and Article 49(1)(a) of the GDPR, unless the respective provider is certified under the EU-U.S. Data Privacy Framework.
D. For our customers and those interested in our products and services
If you are interested in our products and services, we will process your personal data in order to provide you with a quote. We also process your personal data when you enter into contracts with us regarding the use of our products and services. We would like to provide you with the following information regarding this:
Categories of Data Processed
We process the following personal data:
Identity information (e.g., first and last name, ID card or passport number, nationality, place and date of birth, gender, photo, IP address)
Contact information (address, email address, and phone number)
Tax information (tax identification number, tax status)
Bank, financial, and transaction data (e.g., bank account information (IBAN))
Money transfers from and to your account/securities account
Assets
Disclosed investor profile, investment behavior
Financial situation (income and expenses)
Customer contact information collected during the initial business engagement phase and throughout the business relationship—particularly through in-person, telephone, or written communications initiated by you or by DJE Kapital AG—as well as any additional personal data arising therefrom, such as information regarding the contact channel, date, reason, and outcome; (electronic) copies of correspondence; as well as information regarding participation in direct marketing activities and details of requests you have made to us.
Audiovisual data (information from the video identification process, recordings of calls)
In securities trading:
Information regarding knowledge and/or experience with securities (MiFID status)
Investment behavior/strategy (time period, scope, and frequency of the customer’s transactions in financial instruments; the customer’s risk tolerance)
Information regarding education and occupation (e.g., level of education, occupation, employer’s name)
Income (e.g., earnings)
Financial situation
Assets, liabilities, income (e.g., from employment or self-employment / business operations); expenses
Foreseeable changes in financial circumstances (e.g., reaching retirement age)
Specific goals / key priorities for the future (e.g., planned purchases, repayment of liabilities)
Marital status, matrimonial property regime, and maintenance obligations
Tax information (e.g., details regarding church tax liability), documentation (e.g., declarations of suitability)
In interest rate, currency, and liquidity management:
Information regarding knowledge and/or experience with interest rate/currency products and financial investments
MiFID client classification
Investment behavior/strategy (time frame, scope, and frequency of the customer’s transactions in financial instruments; the customer’s risk tolerance)
Education, professional qualifications, occupation, position within the company, industry
Financial situation
(assets, liabilities, income—e.g., from employment or self-employment, or business operations; expenses)
Anticipated changes in financial circumstances (e.g., reaching retirement age)
Specific goals / key priorities for the future (e.g., planned purchases, repayment of liabilities)
Tax information (e.g., indication of church tax liability), documentation data (e.g., consultation records)
Processing of Personal Data of Children
To the extent requested by clients, we also collect personal data from children. In doing so, we ensure that the holders of parental responsibility consent to the processing of the personal data or, in certain cases, consent to the child’s processing of such data.
Special Categories of Personal Data
Personal data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data for the unique identification of a natural person, health data, or data concerning sex life or sexual orientation, are processed by us only to the extent that we are legally authorized to do so.
Purposes and Legal Bases
Pre-contractual and contractual processing pursuant to Art. 6(1)(b) of the GDPR
When you use our products and services, when we provide financial services to you, or when you submit specific inquiries regarding these matters, we process your data for the purposes of contract initiation or contract performance. The purposes of data processing depend primarily on the specific product and may include, among other things, needs assessments, consulting, asset management and advisory services, as well as the execution of transactions. The processing of your data is necessary, for example, when it is used for billing purposes as part of contract fulfillment or to provide you with an offer you have requested.
Consent pursuant to Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR
To the extent that you have given us consent to process personal data for specific purposes (e.g., sharing data within the group or using your data for specific advertising purposes), the lawfulness of this processing is based on your consent. Data processing for the purpose of contacting us is based on your voluntary consent, for example, when you use the contact form or subscribe to the newsletter on our websites www.dje.de and www.solidvest.de, or when you provide us with a business card. Consent that has been given may be revoked at any time. This also applies to the revocation of consent given to us prior to the entry into force of the EU General Data Protection Regulation, i.e., before May 25, 2018. Please note that the withdrawal of consent applies only to future processing. Processing that took place prior to the withdrawal is not affected. If we intend to use your personal data for purposes other than those mentioned above, we will inform you accordingly and, if necessary, obtain your consent.
Legal obligations under Article 6(1)(c) of the GDPR
As a financial services institution, we are subject to various legal obligations, i.e., statutory requirements (e.g., the EU Financial Markets Directive and Regulation, the Securities Institutions Act, the Money Laundering Act, the Securities Trading Act, tax laws; distance selling law, general civil law obligations), as well as banking supervisory requirements (e.g., from the European Supervisory Authority, the Deutsche Bundesbank, and the Federal Financial Supervisory Authority (BaFin)). The purposes of processing include, among other things, the obligations under the Securities Institutions Supervision Act (WpIG) to record each client’s knowledge and experience with securities services and financial instruments, the client’s financial circumstances and investment objectives, identity and age verification, fraud and money laundering prevention, compliance with sanctions and embargo regulations, responding to official inquiries from a competent government agency or judicial authority, fulfilling tax-related audit and reporting obligations, and the assessment and management of risks at DJE Kapital AG.
Legitimate interest pursuant to Art. 6(1)(f) of the GDPR
We may also process your personal data in our legitimate interest. This includes, for example, being able to process your inquiries to us. Your rights and freedoms, on the other hand, are not considered to take precedence, as the inquiry was initiated by you. We also pursue our legitimate interests when we transfer your data to a lawyer or debt collection agency to collect outstanding debts or enforce our rights. Your rights and freedoms, however, are not considered to take precedence, as it is a reasonable expectation of a data subject that lawyers or debt collection service providers will be engaged in the event of legal disputes or claims.
In addition, we process your data, to the extent necessary, beyond the actual performance of the contract to safeguard our legitimate interests or those of third parties, for example in the following cases:
Reviewing and optimizing procedures for needs analysis and direct customer outreach, including customer segmentation and calculating the probability of closing a deal
Advertising or market and opinion research, provided you consent to the use of your data
Asserting legal claims and defending against legal disputes
Ensuring IT security and the IT operations of DJE Kapital AG
Prevention of criminal offenses, in particular fraud prevention
Measures for building and facility security (e.g., access controls)
Other measures to ensure the enforcement of property rights
Measures for business management and the further development of services and products
Source of Your Personal Data
As a general rule, we collect data directly from you. In some cases, we also receive your data from third parties. For example, if you are being assisted by an intermediary or a referral source, your personal data will be transmitted to us by your advisor as part of the application process. Furthermore, we may receive your data from banks, financial portals, Deutsche Post AG (POSTIDENT), and service providers conducting risk assessments in accordance with the Anti-Money Laundering Act (GwG). In addition, in some cases, we obtain information from various public registries.
Recipients of Your Personal Data
Within DJE Kapital AG, access to your data is granted to those departments that require it to fulfill our contractual and legal obligations. Service providers and agents we engage may also receive data for these purposes, provided they maintain banking secrecy and comply with our written data protection guidelines. We may only disclose information about you if required by law, if you have given your consent, or if data processors commissioned by us guarantee compliance with the provisions of the GDPR or the BDSG. Under these conditions, recipients of personal data may include, for example:
Public authorities and institutions (e.g., the Deutsche Bundesbank, the Federal Financial Supervisory Authority (BaFin), the European Supervisory Authority, tax authorities, the Federal Central Tax Office) where there is a legal or regulatory obligation to do so.
Other credit and financial services institutions, comparable entities, and processors to whom we transfer personal data in order to conduct our business relationship with you. These companies are also legally or contractually obligated to handle personal data with the necessary care. In particular, we work with IT service providers, financial service providers, and custodian banks.
Intermediaries, referral sources, and service providers who assist us with the following activities:
Support / maintenance of computer/IT applications
Archiving
Document processing
Call center services
Compliance services
Controlling
Data Screening for Anti-Money Laundering Purposes
Data Destruction
Purchasing / Procurement
Space Management
Real Estate Appraisals
Loan Processing Services
Collateral Management
Debt Collection
Customer Management and Support
Mailing Services
Marketing
Shipping of Customer Gifts
Media Technology
Reporting
Research
Risk Management
Expense Reporting
Telephony
Video Verification
Website Management
Securities Services
Share Register
Fund Management
Auditing services
Payment Transactions
Members of certain regulated professions, such as attorneys, notaries, or auditors
Other recipients of your data may include those entities to which you have given your consent for data transfer or for which you have exempted us pursuant to an agreement or consent.
Digital Application Process
As part of the preparatory activities, as well as during the process of opening a securities account and the associated data exchange with the custodian bank, we process your personal data in digital form (digital application process).
We generally collect this information directly from you or receive it from your referral source.
This includes the following information:
Personal identification data: First name, last name, date of birth, place of birth, nationality
Address information: Street address
Contact information: Phone number, cell phone number, email address
Asset data: Portfolio balance, asset overviews
Contract data: Transaction data, information regarding the asset management agreement
We do not process special categories of personal data as defined in Article 9 of the GDPR.
To facilitate a digital application process and the associated faster account opening, we use a service provider with whom we have entered into a data processing agreement in accordance with Article 28 of the GDPR.
A contractual relationship is possible even without using the digital application process. However, even when processing is done manually, the transfer of your personal data is necessary to fulfill the contract.
Transfer to Third Countries
Data transfers to countries outside the EU or the EEA (so-called third countries) take place only to the extent that this is necessary to execute your orders (e.g., payment and securities orders) or is required by law (e.g., tax reporting obligations), you have given us your consent, or as part of data processing on our behalf. If service providers in third countries are used, they are obligated—in addition to written instructions—to comply with European data protection standards through the EU Standard Contractual Clauses. If you need a printed copy of these provisions or information regarding their availability, you may contact us in writing using the contact information provided.
Obligation to Provide Your Personal Data
As part of our business relationship, you must provide the personal data necessary for establishing and conducting a business relationship and fulfilling the associated contractual obligations, or data that we are legally required to collect. Without this data, we will generally have to refuse to enter into the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it. In particular, under anti-money laundering regulations, we are required to identify you before establishing the business relationship—for example, by verifying your identification card—and in doing so, to collect and record your name, place of birth, date of birth, nationality, as well as your residential address and identification details. In order for us to comply with this legal obligation, you must provide us with the necessary information and documents pursuant to Section 11(6) of the Money Laundering Act and promptly notify us of any changes that arise during the course of the business relationship. If you do not provide us with the necessary information and documents, we may not establish or continue the business relationship you have requested.
Retention Periods
We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations. Please note that our business relationship is a continuing obligation designed to last for several years. If the data is no longer necessary for the fulfillment of contractual or legal obligations, it will be deleted on a regular basis, unless its—temporary—further processing is necessary for the following purposes:
Compliance with commercial and tax retention periods to fulfill legal obligations (Art. 6(1)(c) GDPR): These include the German Commercial Code, the German Fiscal Code, the Money Laundering Act, and the Securities Trading Act. The retention and documentation periods specified therein range from two to ten years.
Preservation of evidence within the framework of the statute of limitations provisions in the overriding legitimate interest (Art. 6(1)(f) GDPR). According to Sections 195 et seq. of the German Civil Code (BGB), these statutes of limitations can be up to 30 years, although the standard statute of limitations is three years. For applicants who do not subsequently enter into a contract, a retention period of six months applies. By contrast, your rights and freedoms are not to be regarded as overriding, as it is within a data subject’s reasonable expectation that their data will be retained for a certain period to preserve evidence for potential disputes. Data processing is strictly limited to the specified purpose.
Defense and assertion of rights and claims in the overriding legitimate interest (Art. 6(1)(f) GDPR): To assert and defend our rights and claims, it may be necessary to continue retaining your personal data in the event of a dispute. By contrast, your rights and freedoms are not to be regarded as overriding, as it is within the reasonable expectation of a data subject that their data will be retained for a certain period of time in the event of a dispute to preserve evidence. Data processing is strictly limited to the specified purpose.
Backup Retention: In our overriding legitimate interest (Art. 6(1)(f) GDPR) in protecting our business operations and ensuring data protection and information security, we create backup copies at regular intervals. By contrast, your rights and freedoms are not to be regarded as overriding, as it is the reasonable expectation of a data subject that backup copies will be created. Data processing is strictly limited to the specified purpose.
As soon as none of the above-mentioned purposes for further processing of your data apply, we will delete your data.
Data Exchange with Your Advisor (Referrer)
In cases where you are referred to us by your advisor—our referral source—for our services or products, we may exchange personal data with your advisor. This applies to the following data about you:
Name
Address
Contact information
Account balance
Asset summaries
Transaction Data
Information on the Asset Management Agreement
We receive your data from the referral source as part of the contract initiation process in accordance with Article 6(1)(b) of the GDPR when we receive your request to enter into a contract.
If you have given us your consent pursuant to Article 6(1)(a) of the GDPR, we will also transfer your data to the referral source so that they can provide you with high-quality service and so that we can settle the referral source’s commission with them. Consent is voluntary and may be revoked at any time with future effect. You will not suffer any disadvantages if you do not give your consent or if you revoke your consent at a later date. However, if you do not give your consent or revoke your consent, the support provided by your advisor may be affected because we will then no longer be able to provide them with further information.
E. Webinars and Video Conferencing Systems
Data Processing
We use online conferencing tools, among other things, to communicate with our customers and conduct informational webinars. The specific tools we use are listed below. If you communicate with us via video or audio conference over the Internet, or participate in one of our webinars online, your personal data will be collected and processed by us and by the provider of the respective conferencing tool.
The conferencing tools collect all data that you provide or use to access the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, the start and end times of your participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).
In addition, the tool provider processes all technical data necessary for facilitating online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded, or otherwise made available within the tool, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have full control over the data processing activities of the tools used. Our options depend largely on the corporate policies of the respective provider. For further information on data processing by the conferencing tools, please refer to the privacy policies of the respective tools, which we have listed below this text.
Purpose and Legal Basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of these tools serves to generally simplify and expedite communication with us or our company, as well as to conduct webinars and informational events (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). To the extent that consent has been requested, the use of the relevant tools is based on this consent (Art. 6(1)(a) GDPR); consent may be revoked at any time with future effect.
Retention Period
The data collected directly by us via the video and conferencing tools is deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected by this.
We have no influence over the retention period of your data that is stored by the operators of the conferencing tools for their own purposes. For details, please contact the operators of the conferencing tools directly.
Conference Tools Used
We use the following conference tools:
Zoom
We use Zoom. This service is provided by Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s Privacy Policy: https://zoom.us/de-de/privacy.html.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://zoom.us/de-de/privacy.html.
GoToWebinar
We use GoToWebinar. The provider is LogMeIn, Inc., 320 Summer Street, Boston, MA 02210, USA. For details on data processing, please refer to GoToMeeting’s privacy policy: https://www.goto.com/de/company/legal/privacy.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf
F. Advertising Communication
We would like to contact you for promotional purposes to provide you with information about our company’s offerings and services, particularly regarding webinars, customer satisfaction surveys, promotions, and events.
Legal Basis for Data Processing
The legal basis for this is either your consent pursuant to Article 6(1)(a) of the GDPR and Section 7 of the UWG, or our legitimate interest in direct marketing pursuant to Article 6(1)(f) of the GDPR in conjunction with Section 7 of the UWG.
Purposes of Processing Your Data
Data processing for these purposes includes the processing of your lawfully stored data in conjunction with the relevant information regarding your financial circumstances, your risk tolerance, and securities account data for personalized advertising, market research, statistics, and analyses. It also includes the use of this data to uniquely identify you, to provide you with the best possible services and customer experiences, and to avoid any inconsistencies in connection with the aforementioned purposes of promotional communication.
To this end, automated processes are used to match and merge data in order to identify potential matches across two or more data records from different sources and systems, with the goal of generating a unique, accurate, and consistently up-to-date customer master record.
Marketing Communications Based on Your Consent
If you provide us with your consent, we base the aforementioned data processing on your consent pursuant to Art. 6(1)(a) GDPR/§ 7 UWG. The following provisions apply to data processing in connection with the submission of this declaration of consent:
Contact Channels
To respect your personal rights to the greatest extent possible, we offer you a choice between various communication channels (phone, email, mail, cell phone/text message) whenever possible. Accordingly, we will only use those channels to which you have consented.
Processing of Data for Documentation Purposes
For record-keeping purposes and to fulfill our accountability obligations under Article 5 of the GDPR, we will retain your declaration of consent and the personal data it contains until the purpose for which it was stored no longer applies within our company. Consequently, your declaration of consent will be deleted in accordance with data protection regulations 5 years after you revoke your consent to receive marketing communications.
Consequences of Non-Submission and Withdrawal
Your consent is always voluntary. You are free at any time to withdraw a declaration of consent you have previously provided, effective for the future, or to decline to provide a declaration of consent when requested. This action will have no negative consequences for you. Please note, however, that if you revoke or do not provide your consent, we will not be able—or will no longer be able—to provide you with information and offers from our company.
Marketing Communications and Sweepstakes or Events
If you have provided us with personal data in connection with a sweepstakes or event, we will process this data solely for the purpose of promotional communications, provided that you have given us your explicit and voluntary consent in accordance with Article 6(1)(a) of the GDPR.
Marketing Communications Based on Our Legitimate Interest
In some cases, we also process your personal data for the purposes mentioned above based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR. Our legitimate interest in this context lies in non-intrusive direct marketing, and your rights and freedoms are not considered to take precedence over this interest.
If we send you advertising via electronic mail (email), we use only email addresses that we have collected in connection with the sale of a product or service, send direct marketing only for our own similar products or services, and use your email address only as long as you have not objected to receiving direct marketing.
If we send you direct marketing by mail based on our legitimate interest, we will use your data for this purpose until you have objected to this form of direct marketing.
With this form of direct marketing, you have the right to object at any time pursuant to Article 21(2) of the GDPR, without having to provide a reason.
Processing of Data for Record-Keeping Purposes
If necessary to pursue our legitimate interests, we will process the declaration of consent or the data stored therein or in connection therewith, to the extent that we are authorized to do so. This may also include the disclosure of this information to legal counsel or government agencies in accordance with Article 6(1)(f) of the GDPR.
Direct Marketing Without Personal Reference
Provided that contact data is not personally identifiable and the recipient of the direct marketing is not a consumer as defined in § 13 BGB, we also use this data for telephone-based direct marketing, to the extent that we may assume the recipient’s implied consent. Furthermore, we also collect contact information from third parties for the purposes of promotional communication, to the extent permitted by law.
Blacklist/Robinson List
Contact information for individuals who do not have a customer account with us and who have exercised their right to object to direct marketing pursuant to Article 21(2) of the GDPR or Section 7 of the UWG is stored by us in a blacklist/Robinson list. The purpose of this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in managing and properly addressing objections to direct marketing. By contrast, the interests or fundamental rights and freedoms of the data subjects are not to be regarded as prevailing, as the data processing is necessary to safeguard the rights and freedoms of the data subjects; without this list, objections to direct marketing could not be taken into account when sending out advertising.
G. Contest
Purposes of Data Processing
As the organizer of a sweepstakes, DJE will process personal data to the extent necessary to establish the legal relationship with the participant and to subsequently conduct and administer the sweepstakes (Art. 6(1)(b) GDPR). This also includes verifying eligibility requirements and determining the winner. The winners’ data will be stored within the statutory retention periods (in particular under the German Commercial Code (HGB), the German Fiscal Code (AO), and the German Securities Trading Act (WpIG)) in accordance with Article 6(1)(c) of the GDPR.
DJE will also send all participants an email newsletter containing information about DJE’s offers and services based on their consent pursuant to Art. 6(1)(a) of the GDPR. Participation in the sweepstakes is not possible without providing this consent. Consent may be revoked at any time with future effect.
Should legal disputes arise in the course of conducting the sweepstakes or thereafter, we will retain the data of the participants concerned for as long as we need it to defend our rights in accordance with Article 6(1)(f) of the GDPR.
Categories of Data Collected
Data from contest participants is collected. This typically includes the participant’s title, first and last name, the company to which the participant belongs, as well as their email address, phone number, and mailing address.
Duration of Data Retention
Data from winners is retained in accordance with the statutory retention requirements under Section 257 of the German Commercial Code and Section 147 of the German Fiscal Code. Data from all participants is processed after the contest has been concluded until their declaration of consent is revoked, and is retained for an additional five years to serve as proof that the declaration of consent was provided.
Recipients of the Data
Data will not be disclosed to third parties without your prior consent. DJE uses the services of data processors to send out the newsletter. In accordance with Article 28 of the GDPR, these processors are obligated to process the data only on DJE’s instructions and to treat it confidentially.
Obligation to Provide Your Data
You are not required to provide your data to DJE. However, if you do not provide your data and do not consent to receiving the newsletter, you will not be able to participate in the contest.
H. Business Partner
We process the personal data of our business partners.
Data Subjects and Data
When we process personal data of our business partners, this primarily involves data pertaining to their employees or contact persons. We process only the data necessary to fulfill the intended purpose. In particular, this includes:
Identity information (e.g., first and last name, gender, company affiliation, job title/position)
Contact information (address, email address, and phone number)
Communication data (content and timing of communication, details regarding the recipient and sender of communication)
Contract information (details regarding the contract, contract terms, and contract status)
Data Processing
This is done, on the one hand, in the context of contract initiation and performance pursuant to Article 6(1)(b) of the GDPR, in order to fulfill existing contracts or to negotiate the conclusion of contracts.
Furthermore, we process your personal data based on our legitimate interest in safeguarding and pursuing our legal claims pursuant to Article 6(1)(f) of the GDPR.
If we are legally required to process your personal data, we process your data in accordance with Article 6(1)(c) of the GDPR.
Transfer to Third Countries
Data transfers to countries outside the EU or the EEA (so-called third countries) take place only to the extent that this is necessary to execute your orders (e.g., payment and securities orders) or is required by law (e.g., tax reporting obligations), you have given us your consent, or as part of data processing on our behalf. If service providers in third countries are used, they are obligated—in addition to written instructions—to comply with European data protection standards through the EU Standard Contractual Clauses. If you need a printed copy of these provisions or information, you may contact us in writing using the contact information provided.
Obligation to Provide Your Personal Data
As part of our business relationship, you must provide the personal data necessary for establishing and conducting a business relationship and fulfilling the associated contractual obligations, or data that we are legally required to collect. Without this data, we will generally have to refuse to enter into the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it.
In particular, under anti-money laundering regulations, we are required to identify you before establishing the business relationship—for example, by verifying your identification card—and in doing so, to collect and record your name, place of birth, date of birth, nationality, as well as your residential address and identification details. In order for us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with Section 11(6) of the Money Laundering Act and promptly notify us of any changes that arise during the course of the business relationship. If you do not provide us with the necessary information and documents, we may not establish or continue the business relationship you have requested.
Retention Periods
We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations. Please note that our business relationship is a continuing obligation designed to last for several years. If the data is no longer necessary for the fulfillment of contractual or legal obligations, it will be deleted on a regular basis, unless its—temporary—further processing is necessary for the following purposes:
Compliance with commercial and tax law retention periods to fulfill legal obligations (Art. 6(1)(c) GDPR): These include the German Commercial Code, the German Fiscal Code, the Money Laundering Act, and the Securities Trading Act. The retention and documentation periods specified therein range from two to ten years.
Preservation of evidence within the framework of the statute of limitations provisions in the overriding legitimate interest (Art. 6(1)(f) GDPR). According to Sections 195 et seq. of the German Civil Code (BGB), these statutes of limitations can be up to 30 years, although the standard statute of limitations is three years. For applicants who do not subsequently enter into a contract, a retention period of six months applies. By contrast, your rights and freedoms are not to be regarded as overriding, as it is within a data subject’s reasonable expectation that their data will be retained for a certain period to preserve evidence in the event of any disputes. Data processing is strictly limited to the specified purpose.
Defense and assertion of rights and claims in the overriding legitimate interest (Art. 6(1)(f) GDPR): To assert and defend our rights and claims, it may be necessary to continue retaining your personal data in the event of a dispute. By contrast, your rights and freedoms are not to be regarded as overriding, as it is within the reasonable expectation of a data subject that their data will be retained for a certain period of time in the event of a dispute to preserve evidence. Data processing is strictly limited to the specified purpose.
Backup Retention: In our overriding legitimate interest (Art. 6(1)(f) GDPR) in protecting our business operations and ensuring data protection and information security, we create backup copies at regular intervals. By contrast, your rights and freedoms are not to be regarded as overriding, as it is the reasonable expectation of a data subject that backup copies will be created. Data processing is strictly limited to the specified purpose.
As soon as none of the above-mentioned purposes for further processing of your data apply, we will delete your data.
Recipients of the Data
Within DJE Kapital AG, access to your data is granted to those departments that need it to fulfill our contractual and legal obligations. Service providers and agents we engage may also receive data for these purposes, provided they maintain banking secrecy and comply with our written data protection guidelines. We may only disclose information about you if required by law, if you have given your consent, or if data processors commissioned by us guarantee compliance with the relevant regulations—in particular the GDPR and the BDSG. Under these conditions, recipients of personal data may include, for example:
Public authorities and institutions (e.g., the Deutsche Bundesbank, the Federal Financial Supervisory Authority (BaFin), the European Supervisory Authority, tax authorities, and the Federal Central Tax Office) where there is a legal or regulatory obligation to do so.
Other credit and financial services institutions, comparable entities, and data processors to whom we transfer personal data in order to conduct our business relationship with you. These companies are also legally or contractually obligated to handle personal data with the necessary care. In particular, we work with IT service providers, financial service providers, and custodian banks.
Intermediaries, referral sources, and service providers who assist us with the following activities:
Support / maintenance of computer/IT applications
Archiving
Document processing
Call center services
Compliance services
Controlling
Data Screening for Anti-Money Laundering Purposes
Data Destruction
Purchasing / Procurement
Space Management
Real Estate Appraisals
Loan Processing Services
Collateral Management
Debt Collection
Customer Management and Support
Mailing Services
Marketing
Shipping of Customer Gifts
Media Technology
Reporting
Research
Risk Management
Expense Reporting
Telephony
Video Verification
Website Management
Securities Services
Share Register
Fund Management
Auditing services
Payment Services
Members of certain regulated professions, such as attorneys, notaries, or auditors
Other recipients of your data may include those entities to which you have given your consent for data transfer or for which you have exempted us pursuant to an agreement or consent.
I. Applicants
When you apply for a job with us, we process your personal data as follows:
Purpose and Legal Basis for Data Processing
Application Process
The storage of your data as part of the application process and the associated processing of that data serve the purpose of filling a vacant position at our company.
a) Application for a Specific Job Posting
We publish job openings for our company on our website and on job portals. If you are interested in one of these job openings, you can apply to us for that specific position. Your application data will then be used solely for the application process for this specific position and processed in accordance with Art. 6(1)(b) of the GDPR and § 26 of the BDSG. If your application is not successful, your data will be deleted within four months after the end of the application process.
b) Unsolicited Application
You have the option of sending a speculative application to our company without referring to a specific job posting. These applications will be reviewed. Your application data will then be used solely for the application process and processed in accordance with Article 6(1)(b) of the GDPR and Section 26 of the BDSG. If your application is not successful, your data will be deleted within four months after the end of the application process.
Candidate Pool
If, as part of an application—whether for an advertised position or a speculative application—you have provided consent in accordance with Article 6(1)(a) of the GDPR, this consent applies to your inclusion in our applicant pool and the associated extended storage of your documents for up to 1 year. Only after you have given your consent will you be added to our pool with the data you have provided to us.
Access to the applicant pool is granted for the following purpose: to fill a position within our company. Your data is therefore compared with the job profile, and you are included in the application process. This data processing is carried out pursuant to Section 26 of the German Federal Data Protection Act (BDSG) in conjunction with Article 88 of the GDPR for the purpose of establishing an employment relationship.
For record-keeping purposes
Furthermore, we process your data in accordance with Article 6(1)(f) of the GDPR if this is necessary for a legitimate interest and your rights do not override that interest. This applies in particular to the retention of your application documents for evidentiary purposes in the event of a legal dispute related to the application process.
Legal Obligations
Processing your data within our company may also be necessary to comply with a legal obligation to which we are subject, pursuant to Article 6(1)(c) of the GDPR. An example of this is compliance with statutory retention periods.
Description of the Data Processed
We store and process all data that you provide to us during the application process. This includes both the data from your application documents and the information you provide to us during a phone interview or in-person interview.
The data processed includes, among other things, your contact information such as last name, first name, address, phone number, and email address, as well as all data regarding your professional and educational qualifications and degrees.
In addition, special categories of personal data within the meaning of Article 9 of the GDPR may also be subject to processing. This may include, in particular, data regarding health status, religious or philosophical beliefs, and membership in political parties or labor unions. Furthermore, submitted application photos may contain personal data that falls under the special categories of personal data. This includes, for example, information regarding racial and ethnic origin and health status. The processing of this special data serves solely to enable us to use your application documents for the purpose of recruitment. Our company will not take this special information into account in its decision-making process, unless there is a legal obligation to do so. If you do not wish for this data to be processed, you are free to submit new application documents that do not include this information. This action will not affect the prospects of your application.
Data Disclosure
1. Data Transfer to Our Company
In some cases, we also receive application materials and other information from recruitment service providers. Where applicable, we will process the personal data contained therein in the manner described here as part of our application process.
2. Data Disclosure by Our Company
Data may be disclosed by our company to fulfill legal obligations under Article 6(1)(c) of the GDPR (e.g., to government agencies, law enforcement, etc.). It may also occur based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR (e.g., to attorneys, tax advisors, government agencies, etc.).
Obligation to Provide Data
You are not obligated to provide us with your data under any legal or contractual provisions. However, providing your data is necessary in order to be considered for a vacant position.
There is no obligation to grant permission for long-term storage. However, without this consent, we cannot consider your data for placement beyond the application process for a specific position or an unsolicited application.
Standard Retention Periods for Personal Data
If processing is based on consent you have provided, we will process your data until you revoke that consent. Personal data will be deleted upon expiration of the statutory and contractual retention periods. If personal data is not subject to any retention periods, it will be deleted as soon as the stated purposes no longer apply. If your application is unsuccessful, your data will be deleted four months after the application process ends. If you are hired by our company, your application documents will be transferred to your personnel file and will then be subject to the corresponding retention periods. If we are permitted to store and process your data based on a declaration of consent you have provided, your data will be stored until you revoke your consent.
Transfer of Personal Data to a Third Country
As a general rule, personal data is not transferred to a third country. Should this nevertheless occur, the data transfer is governed by an adequacy decision (e.g., Canada), consent, Binding Corporate Rules, or EU Standard Data Protection Clauses.