Data Protection

 

You can access our further legal information and our imprint under the following links:

7orca Asset Management AG's data protection policy for clients and other persons concerned

Your rights according to Art. 12ff. GDPR

 

You should know what data we collect, process and use about you and for what purpose. This is your right and complies with the requirements of the EU General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG). We therefore provide you below with an overview ("Information") of both the personal data stored by you and the data protection organisation of 7orca Asset Management AG. In this way, we would like to put you in a position to exercise your "fundamental right to informational self-determination".

Contact person


Responsible body

7orca Asset Management AG

Data protection officer

Deutsche Datenschutz Consult GmbH

Stresemannstrasse 29

22769 Hamburg

Phone: +49 40 2286070 402

E-mail: datenschutz@7orca.com 

www.deutsche-datenschutz-consult.de

 
Supervisory authority for data protection

Hamburg Representative

for Data Protection and Freedom of Information

Thomas Fuchs

Ludwig-Erhardt-Str. 22; 7th floor

20459 Hamburg

Phone: 040/428544040

E-mail: mailbox@datenschutz.hamburg.de

www.datenschutz-hamburg.de

 

General information

 

Data origin

Personal data is information that can be used to identify a person, i.e. information that can be traced back directly or indirectly to a person. Personal data is only collected, used and passed on by us if this is permitted by law or if consent has been given to the use of the data.

We receive personal data from clients and other business partners, as well as investors in the funds managed by us on behalf of capital management companies during contract initiation and fulfilment. We also process personal data from publicly accessible sources, e.g. internet, registers.

When you contact us, we use the information provided to us in this context and in particular personal data to reply and process your enquiry. For example, we store - where available - your first and last name, address, telephone number and email address when you contact us by email, chat contact or social networks. Personal data may also be collected from personal meetings or telephone enquiries. We do not pass on this data without your consent. The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

If you give us a business card at a meeting, we may include the contact details on it in our CRM tool and assume that you consent to this.

 
Processing purposes

We process your personal data in accordance with the EU GDPR for a specific purpose and limited to what is necessary. In most cases, relevant personal data is simple contact data, consisting of the name of the employee, or, when establishing a business relationship, the data record and the legitimisation and authentication data in accordance with the German Money Laundering Act (GwG).

The focus of our activities is financial portfolio management, which we regularly provide to capital management companies for the account of investment funds with institutional investors. In this respect, we establish a continuing obligation with our clients and use the data received or collected in the course of the initiation, establishment and implementation for the duration and purposes of this business relationship. The personal data used by us is normally used in the following contexts:

  • Data that we must collect in accordance with legal/supervisory requirements (in particular the German Money Laundering Act - GwG) in order to accept clients; this is often data that enables us to contact natural persons who represent legal entities (capital management companies, custodians, investors, etc.), whereby these can often also be found in public registers (such as commercial registers or transparency registers),
  • Other contact details that are necessary to onboard any new mandate including during its implementation to provide and obtain event-related information (such as updating customer data, exchanging information in the course of outsourcing controlling by customers, sending performance reports) and
  • Contact data that we have received with consent to be able to send performance reports to interested parties (potential customers) for marketing purposes.

Conceivable processing purposes

  • Contract initiation and conclusion
  • Contract fulfilment in general
  • Master data maintenance
  • Creation of an investment strategy
  • Creation of a suitability concept
  • Order handling
  • Payment transactions on behalf of customers
  • Order execution
  • Handling of electronic communication
  • Strengthening customer loyalty
  • Sending a newsletter
  • Accounting/collection
  • Prevention of criminal offences
  • Fulfilment of overriding legal requirements, in particular those for securities institutions (e.g. WpIG, WpHG, various EU regulations and directives)
  • Safeguarding legal claims
 
Legal basis of processing

Based on the provisions of the EU GDPR, the processing of personal data by us is lawful if it is based on one of the following legal bases - accepted legal bases

  • Consent
  • Contract initiation
  • Contract, contractual relationship of trust
  • Legal obligation, overriding legal provisions, public interest
  • Weighing of interests

 

Recipients of data

The employees of 7orca Asset Management AG process the relevant personal data to fulfil contractual and legal obligations. This takes place within the employment relationship - the data does not leave our sphere of influence. In addition, entities outside 7orca Asset Management AG (third parties) receive personal data on the basis of a mandatory legal basis. These bodies only receive the data they need for the respective task.

Possible data recipients

  • Public authorities (BaFin, Bundesbank, financial authorities, law enforcement authorities, data protection authorities, etc.)
  • Capital management companies
  • Custodians
  • External accounting
  • Shipping service provider
  • Other contractually bound vicarious agents
  • Other bodies for which you have given us your consent to transfer data
 
Transfer to third countries

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment or securities orders), if it is required by law (e.g. tax reporting obligations) or if you have given us your consent. If service providers in third countries are used, they are obliged to comply with the level of data protection in Europe, additionally to written instructions agreeing to the EU standard contractual clauses. In the event of any data transfer to the United States, we ensure the necessary level of data protection by checking with the U.S. Department of Commerce that the company in question has registered under the EU-US Data Privacy Framework before concluding an order processing contract with a company based in the United States.

 
Data Deletion periods

We process (and store) your personal data to fulfil our contractual and legal obligations or for the purpose for which you provide us with the data. As soon as the purpose of processing ceases to apply, this data is regularly deleted, unless its temporary further processing is required for the following purposes.

  • Fulfilment of retention periods under commercial and tax law: These include the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The retention and documentation periods specified there are two to ten years.
  • Preservation of evidence within the framework of the statute of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
 
Your rights under the EU Data Protection Regulation
 
(Preliminary) information

The information provided to you in this document. 

Information

On request, we will provide you with a summary of the personal data we have stored about you.

Deletion

In principle, we delete your data as soon as it is no longer necessary to process it.

Restriction of processing

Your data will no longer be used by us if the purpose of processing ceases to apply; however, we may be prevented from deleting it due to overriding legal provisions.

Data portability

On request, you will receive your data in a suitable form for transfer to a third party.

Revocation

If you have given us your consent to process your personal data for certain processing purposes, you can revoke this consent at any time without giving reasons.

Contradiction

If the data processing is in the public interest or was justified on the basis of a balancing of interests ("overriding legitimate interest"), you can object to the processing of your personal data.

Complaint

If you believe that the processing of your personal data by 7orca Asset Management AG is unlawful, you have the right to lodge a complaint with the supervisory authority of your place of residence.

 

Are there obligations to provide and process data?

In particular, we may be obliged under money laundering regulations to identify you before establishing the business relationship, for example by means of your identity card, and to collect and record your name, place of birth, date of birth, nationality and residential address. As a securities institution subject to the supervision of the German Federal Financial Supervisory Authority (BaFin), we are also legally obliged to process certain data when providing financial services (e.g. financial portfolio management, investment advice, investment and contract brokerage).

As part of our business relationship, you must therefore provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to fulfil an existing contract and may have to terminate it. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship you have requested.

 

Is there automated decision-making (including profiling)?

In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and conduct the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

 

Objection and withdrawal of consent 

If you revoke a necessary consent that you have already given, we will no longer process your personal data. If you object to data processing in the public interest or on the basis of a balancing of interests, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

 

SSL or TLS encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Concrete processing

 

Investors and their respective employees

 

Purpose of data processing

Personal data is processed for the performance and administration of existing or prospective contractual relationships, including enquiries, provision of services, billing of commissions, for example, and compliance with legal regulations. The processing also serves the purpose of submitting further offers, without the intention of changing these purposes.

Legal basis

Processing is done according to Article 6(1)(b) GDPR (contract or contract initiation) for natural persons, Article 6(1)(f) GDPR (legitimate interest) for legal persons and Article 6(1)(c) GDPR (legal obligations) and Article 6(1)(a) GDPR in conjunction with Article 7 GDPR (consent) for advertising purposes. Article 7 GDPR (consent) for advertising purposes. For investments in third countries, Article 49(1)(b) GDPR (fulfilment of contract) applies.

Data transfer to third parties

Data may be transmitted to recipients such as the capital management company or depositary or generally to sales partners in order to manage the investment or fund participation. Service providers in the area of ICT systems are also used.

Combating money laundering and terrorist financing

Where required by law, measures are taken to combat money laundering, terrorist financing and offences that pose a threat to assets, as well as to comply with financial sanctions regulations, including data collection and analysis.

Data retention

Personal data is only stored for as long as necessary for the respective processing purposes. Deletion takes place after fulfilment of contractual or legal obligations. Exceptions apply to retention obligations under commercial and tax law and to the preservation of evidence within the framework of statutory limitation periods.

Specification of data

The provision of data is required by law and is necessary for the establishment of an investment contract under investment law; without this information, it is not possible to launch or participate in a fund.

Information from sales partners

In the case of sales done via sales partners or intermediaries, we receive the information you provide to them.

 

Business partners, clients and contractors as well as their respective employees
 
Processing purposes

The processing purposes include the preparation, establishment, performance and termination of service or business relationships, as well as the fulfilment of legal obligations. There is no intention to change these purposes.

Legal basis

The legal bases are Article 6(1)(b) GDPR (contract or contract initiation) for natural persons, Article 6(1)(f) GDPR (legitimate interest, in particular communication with contact persons relevant to the contract) for legal persons and always Article 6(1)(c) GDPR (legal obligations, in particular tax and commercial law regulations).

Data transmission

Contact and contract data may be transmitted to service providers or business partners if this is necessary for the fulfilment of the contract or order. Service providers in ICT systems are used as part of order processing.

Combating money laundering and terrorist financing

Measures are taken based on legal requirements, in particular to collect information for the purpose of risk assessment to combat money laundering, terrorist financing and criminal offences that pose a threat to assets, as well as to implement sanction provisions to protect all parties involved.

Data retention

Data from contractual partners, service providers and third parties are only used for the respective processing purposes and are not stored for longer than necessary. Upon termination of contractual or legal obligations, the regular deletion takes place. Exceptions apply to retention obligations under commercial and tax law and to the preservation of evidence within the framework of statutory limitation periods.

Necessity of the contact data

The processing of contact data for clients, business partners and service providers is necessary for the fulfilment of the contract. Failure to provide this data can significantly impair communication. If we do not receive the necessary data, this may mean that we are unable to enter into or fulfil a contract for legal reasons.

 

Guests, such as customers, clients, business partners, service providers, suppliers and general visitors to the 7orca premises
 
Purpose of data processing

We use video surveillance on our premises to safeguard domiciliary rights, detect and prosecute criminal offences and enforce civil law claims. There is no intention to change these purposes.

Legal basis

The legal basis for the processing is based on Article 6(1)(f) GDPR (legitimate interest), specifically in the protection of domiciliary rights, the detection and prosecution of criminal offences and the enforcement of civil law claims.

Forwarding of visitor data

Visitor data is not passed on to third parties under normal circumstances. However, data may be transmitted to the police and public prosecutor's office in the event of suspected criminal offences. Service providers are used within the scope of order processing for ICT systems.

Video surveillance and data recording

We have set up local video surveillance to protect our office premises, but this does not permanently record any data.

Necessity of the data

The collection of data is necessary to ensure the protection of domiciliary rights.

Applicants 
 
Applications

We are regularly on the lookout for suitable talent to ensure the continuous growth and further development of our business organisation. In this case, we offer you the opportunity to apply (by e-mail, post or online application form).

In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

We use the personnel management software Personio to handle the application process digitally - starting with the submission of your application and the associated personal data. This gives us the opportunity to use a powerful software solution that has been tried and tested over several years.

We have concluded corresponding contracts with the service provider to comply with the legal requirements. Under the following link, you can find out which technical measures our service provider has taken to ensure that we handle your data in compliance with data protection regulations:

Data protection at Personio

If you send us your application documents electronically to "Bewerbungen@7orca.com", this is done unencrypted by e-mail. We would like to point out that this unencrypted transmission is not secure under data protection law. The only alternative to electronic transmission by e-mail is currently by post.

Once we have received your application, we will use the information you provide to assess your suitability for the position and carry out the application process. If necessary, suitable applications will be forwarded internally to the departmental managers responsible for the respective vacant position to coordinate the following steps. The only persons who have access to your data are those who require it for the application process.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.

If the application is successful, the data submitted by you will be transferred from the applicant data system to our personnel information system and stored based on § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

If, in the event of a rejection on our part, we are still interested in your profile, we will obtain your consent for further storage and checking for a match with other open positions in the company. Your data will then only be used with your consent. If you have consented to further storage of your personal data, we will transfer your data to our applicant pool. There the data will be deleted after two years. If you do not respond to the enquiry within 2 months, your data will be deleted. In all other cases, your data will be deleted immediately upon rejection.

You can request information at any time about what data we have stored about you and can request that it be deleted.

Legal basis

The legal basis for the processing is Article 6(1)(b) GDPR (employment contract) and Article 88 GDPR. The identity and reliability check is carried out in accordance with legal requirements, in particular Article 6 para. 1 lit. c) in conjunction with Section 6 para. 2 no. 5 GwG. § Section 6 para. 2 no. 5 GwG.

Necessity of applicant data

The provision of personal data is necessary for the application review and potential subsequent employment contracts. Without this information, an application cannot be considered.

 

Online conferencing application Microsoft Teams
Data processing

Certain personal data is processed during conversations that take place using Microsoft Teams, for example with customers or clients, investors in general, with business partners or service providers or even applicants:

  • Personal details, such as first name, surname, telephone number and email address, meeting metadata, including topic, description, participant IP addresses and device/hardware information.

When dialling in by phone:

  • information on the incoming and outgoing phone number, country name, start and end time and, if applicable, other connection data such as the IP address of the device.

Text, audio and video data:

  • Use of the chat function, processing of text input, display of video and playback of audio, whereby the camera and microphone can be deactivated independently.
Legal basis and purpose

Processing is carried out in accordance with Article 6 para. 1 lit. b) GDPR (contract fulfilment, contract initiation) for the purpose of conducting discussions with persons interested in a product of 7orca Asset Management AG, both for existing and potential investors and with business partners and service providers. Log and metadata are processed exclusively for error analyses, based on Article 6 para. 1 lit. f) GDPR (legitimate interest). In principle, no automated decisions are made in individual cases. If there is a need to record the conversation in individual cases, we will only do so after obtaining express consent, Art. 6 para. 1 lit. a) GDPR (see information below for more details).

Use without registration

No separate registration is required to participate in Microsoft Teams video meetings. Participants will receive an access link by email from their dialogue partner. The disclosure of the name and the activation or deactivation of the camera and microphone are at the discretion of the participants. In principle, neither image nor sound will be recorded by us, regardless of the type of participation (telephone, Microsoft Teams app or browser)

Recording in individual cases

In individual cases where there is a need to be able to use various details that are expressed throughout the course of the meeting for a specific purpose afterwards, we record the online conference after we have informed the participants and obtained the express consent of all of them. Such a need exists, for example, if we need to collect comprehensive information in a mutual exchange to be able to make an appropriate and individualised decision vis-à-vis our (potential) contractual partners.

This consent can be revoked at any time and will be recorded at the start of the call once information and consent have been obtained. If a call participant no longer agrees to the recording, they must end their participation. The data recorded based on consent given will only be stored for as long as the stated purpose of use has not yet been fulfilled. In our company, only those who need this information to deal with the issues underlying the call have access to the recorded call content.

Server locations and data protection

Microsoft Teams, as part of Microsoft 365, is operated by Microsoft Ireland Operations Limited, based in Dublin, Ireland. Your data is processed on servers in the European Union (Ireland and the Netherlands), with a corresponding order processing agreement in accordance with Art. 28 GDPR. Nevertheless, it cannot be ruled out that data may be routed via servers outside the EU, especially if participants are located in third countries. However, comprehensive encryption during transport via the Internet offers protection against unauthorised access. It is possible that Microsoft Teams processes personal data in part in the USA. For example, due to legal regulations in the USA - in particular the CLOUD Act (Clarifying Lawful Overseas Use of Data Act) and the Patriot Act - Microsoft may be obliged in individual cases to access personal data stored on European servers and to hand it over to authorities in the United States of America. To safeguard this transfer, 7orca Asset Management AG has concluded a data protection agreement (standard data protection clause) with Microsoft in accordance with EU standards. This provides suitable guarantees for the protection of your data. In addition, Microsoft has submitted to the rules of the EU-US Data Privacy Framework.
Microsoft also reserves the right to process customer data for its own purposes. 7orca Asset Management AG has no influence on this processing of personal data by Microsoft. In these cases, Microsoft does not act as a processor for 7orca Asset Management AG, but as an independent controller according to Art. 4 No. 7 GDPR and as such is solely responsible for compliance with all applicable data protection regulations. Further information on the processing of your personal data by Microsoft for its own purposes can be found at

https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

Storage period

Personal data in Microsoft Teams will be retained until the user stops using Microsoft Teams or if the user deletes personal data. In this case, Microsoft deletes all copies of the personal data within 30 days. In the event that we stop using the service offered by Microsoft, the corresponding personal data will be deleted between 90 and 180 days after Microsoft discontinues the service.

 

Online conference application Zoom
 
Purpose and scope of data processing

We use the "Zoom" video conferencing system to hold telephone conferences, online meetings, video conferences and/or webinars. The service provider behind Zoom is Zoom Communications, Inc. based in the United States.

The following data (categories) are processed:

  • First name and/or surname
  • Further personal data can be entered optionally
  • Metadata such as information on the device used or the IP address of the subscriber
  • When dialling in by telephone, data relating to the telephone number used

After the start of the online conference, the participants themselves decide whether they want to use the audio and/or video function and - if authorised - make entries in the chat, with the consequence that data is processed to this extent.

Content recording

We do not regularly record content during an online conference.

In individual cases where there is a need to be able to use various details that are expressed throughout the course of the meeting for a specific purpose afterwards, we record the online conference after we have informed the participants and obtained the express consent of all of them. Such a need exists, for example, if we need to collect comprehensive information in a mutual exchange in order to be able to make an appropriate and individualised decision vis-à-vis our (potential) contractual partners.

This consent can be revoked at any time and will be recorded at the start of the call once information and consent have been obtained. If a call participant no longer agrees to the recording, they must end their participation. The data recorded on the basis of consent given will only be stored for as long as the stated purpose of use has not yet been fulfilled. In our company, only those who need this information to deal with the issues underlying the call have access to the recorded call content.

Legal basis

In the case of an existing contractual relationship between the online conference participant and us, we base our authorisation on Art. 6 para. 1 lit. b) GDPR. In other cases, we have a legitimate interest in the effective communication of product and service-related information in accordance with Art. 6 para. 1 lit. f) GDPR.

Server locations and data transfer

As the service provider is based in the United States, the use of Zoom inevitably involves the transfer of data to a third country. To ensure data protection, we have concluded an order processing agreement with the service provider. In addition, the EU standard contractual clauses are included in the contractual relationship and the service provider has submitted to the EU-US Data Privacy Framework.

Further information from the service provider on data protection is available at the following link:

Zoom Privacy Policy | Zoom

 

LinkedIn
 
Processing purpose

In addition to our own website, we also use the social media platform LinkedIn as an information dissemination and communication channel to provide our users and readers with product and service-related information.

Legal basis

We would like to use the opportunities offered by LinkedIn for information and communication with a wide range of interested parties and process your personal data in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in doing so.

Scope of processing and use

We have no control over the extent to which LinkedIn collects, transmits or discloses, otherwise uses and stores your personal data. In this respect, you use LinkedIn at your own risk. You can find more information on this in LinkedIn's privacy policy.

We also process your personal data when you communicate with us via our LinkedIn page. We receive visitor statistics in anonymised form in order to better understand the interest of our users and readers.

 
Calendly

On our website, you have the option of making an appointment with our Head of Relationship Management if you have any questions. In such a case, we process the contact details you have provided and then forward this data to the service provider we use.  The service provider we use is Calendly LLC. It is registered under the EU-USA Data Privacy Framework.

Your data is stored in data centres in the United States provided by Amazon Web Services ("AWS") and Google (selected back-ups).

We have obtained a data processing addendum from our service provider. In this addendum, the service provider undertakes to protect the processed data and not to pass it on to third parties.

If you book an appointment via Calendly, we assume that you also agree to the processing of the contact details entered by us or our service provider.

The following link will take you to our service provider's privacy policy:

Data protection by Calendly

 

Collection of personal data from persons not affected
 
Purpose

We collect and process personal data (contact and contract data) using generally accessible sources or via specific professional groups to initiate contracts or to fulfil legal requirements in connection with entering into business relationships. There are currently no plans to change these purposes.

Legal basis

The legal bases for processing are Article 6 (1) (b) GDPR (contract or contract initiation), Article 6 (1) (f) GDPR (legitimate interest, namely communication with contractually relevant contact persons) and always Article 6 (1) (c) GDPR (legal obligations, in particular tax and commercial law regulations).

Disclosure to third parties

Contact and contract data may be transmitted to other service providers, business partners, offices and authorities if this is necessary for the fulfilment of the contractual relationship.

We also use service providers by way of order processing for the provision of services, in particular for the provision, maintenance and servicing of ICT systems.

Website visitors
 
General information on the use of the website

If you have consented to data processing, we process your personal data on the basis of this consent. In the event of express consent to the transfer of personal data to third countries, data processing is carried out with reference to possible risks due to a lack of established equivalence in the level of protection. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TDDDG. Consent can be revoked at any time. If your data is required to fulfil a contract or to carry out pre-contractual measures, this contractual connection is a sufficient basis. Furthermore, we process your data if this is necessary to fulfil a legal obligation. Data processing may also take place based on our legitimate interest in terms of data protection.

Cookies

We have configured our websites so that they do not store cookies in your browser.

Log data of the server

Our web server automatically processes data that your browser sends to our server with each request. This data includes your current IP address, the date and time of the request, the time zone, the specific page or file accessed, the http status code, the amount of data transferred, the referring website, the browser used, the operating system of your end device and the language settings. This information is used to display the content of our website on your device in the best possible way.

Matomo

Our website uses the open source web analysis service Matomo.With the help of Matomo, we are able to collect and analyse data about the use of our website by visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, etc.).This analysis tool is used on the basis of Art. 6 para. 1 lit. f) GDPR. Accordingly, a website operator has legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

IP anonymisation

We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you.

Cookieless analysis

We have configured Matomo so that Matomo does not store any cookies in your browser.

Hosting

We host Matomo with the following third-party provider:

  • Homepage Helden GmbH
    Poststrasse 20
    20354 Hamburg

 

You have the option to prevent actions you take here from being analysed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users

 
Purpose of data processing

Data processing is used to present our institute on the Internet and to communicate with interested parties, investors, business partners and representatives of the press.

Legal basis

Processing is based on Article 6(1)(b) GDPR (contract of use for the website). Article 6(1)(b) GDPR applies to the use of the contact form.

Protocol and communication data

Without special circumstances, log and communication data will not be passed on to third parties. If a criminal offence is suspected, data may be transmitted to the police and public prosecutor's office. Service providers are used within the scope of order processing.

IP addresses

IP addresses are anonymised after 24 hours at the latest, communication content is deleted after six calendar years.

Disclosure

It is not possible to use the website without disclosing personal data such as your IP address. Data-free communication via the website is not possible.

 

Disclaimer

The content of our website is intended solely for professional investors according to § 67 subsection 2 of the German Securities Trading Act (WpHG), specifically those categorised as institutional investors. 


The content of our website is therefore not suitable for private investors.


By accessing our website using the below button, you confirm that you are an institutional investor.

Accept