1. Contact details for the controller and Data Protection Officer
The controller within the meaning of the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”), the German Data Protection Act, other data protection laws applicable in European Union member states and other provisions of a data protection nature is:
Gerauer Straße 18
60528 Frankfurt am Main
Tel.: +49 (0) 69 50 50 250- 0
Fax: +49 (0) 69 50 50 250- 11
Managing Director: Matthias Rüth
Data Protection Officer: Kimia Rüth
Tel.: +49 (0) 69 50 50 25 0- 203
Fax: +49 (0) 69 5050250- 11
2. Website provision
Our system automatically collects data and information that your browser transfers to us when you visit one of our websites. The following data are processed in this context:
- The current IP address of the Internet connection used by you
- If you visit our website via a link, the site from which you were directed
- The pages accessed
- The date and time of your visit
- Your operating system and the name and version of the browser used
- The name of your Internet provider
- The volume of data transferred.
In order to operate our websites, it is absolutely essential that we collect these data for the purpose of website provision and store these data in what are known as log files.
The legal basis for the data processing is point (f) of Art. 6(1) GDPR.
The system must temporarily store the IP address so that the respective website can be made available on your computer. The purpose of storing the data in log files is to ensure the functionality and stability of the website. We also have a legitimate interest in data processing for these purposes pursuant to point (f) of Art. 6(1) GDPR. The data are not disclosed to third parties or aggregated with other data.
The data are erased as soon as they are no longer needed to achieve the purpose for which they were collected, provided that there are no contractual or legal obligations that prevent the erasure. The data are erased within seven days of the end of the respective session and closing of the browser
3. Making contact via contact form, chat, e-mail or phone
On some of our websites, we provide a contact form that you can use to send us your contact details and requests. If you submit the contact form, the data that you provide (contact information such as name, e-mail address, postal address, phone number, your desired investment volume, your request) are transferred to us and processed by us for the purpose of processing your request and communicating with you. When you submit the contact form, the system automatically stores the date and time of submission and your IP address.
You also have the option to contact us via live chat on some of our websites. We use functionality provided by Userlike UG (haftungsbeschränkt) (Probsteigasse 44-46, 50670 Cologne, Germany, hereinafter referred to as “Userlike”) for this chat feature. Userlike acts on our behalf on the basis of a commissioned processing agreement. For more information on data protection at Userlike, please visit: https://www.userlike.com/de/data-privacy. Your name and e-mail address are recorded as contact details before a chat begins. Once you have begun a chat, these contact details are stored together with your inputs. The system also automatically processes the date and time of the chat and your IP address.
Alternatively, you can contact us using the e-mail addresses and phone numbers provided. We then process your personal data provided in the e-mail or over the phone.
Where appropriate and if you have given your consent, we transfer your data to one of our sales partners abroad for the purpose of further communication in your native language.
You provide your data on a voluntary basis. If you do not provide personal data that are indicated as mandatory in our contact form or chat feature, we will not be able to process your request.
The legal basis for the processing of your data transferred via a contact form or e-mail or by phone is point (f) of Art. 6(1) GDPR. We have a legitimate interest in processing your request. If the date and time of submission and your IP address are automatically recorded when you submit a contact form or use the chat feature, this is for the purpose of ensuring the security of our systems and protecting them against abuse. We also have a legitimate interest in this pursuant to point (f) of Art. 6(1) GDPR. We obtain your consent for data processing when you use our chat feature pursuant to point (a) of Art. 6(1) GDPR. We also obtain your consent if we transfer your data to one of our sales partners abroad for the purpose of further communication. If the aim of the contact is to establish a contractual relationship with us or if the contact takes place within the context of an existing contractual relationship, point (b) of Art. 6(1) GDPR is another legal basis for the data processing.
Your data are erased as soon as the respective conversation with you is ended, unless there are contractual or legal retention obligations that prevent such erasure. The conversation is ended when it can be inferred from the circumstances that the matter involved has been definitively clarified. Generally speaking, the data are erased three years after the conversation has ended. If we establish a business relationship with you or are in a contractual relationship, the data concerning you required to take steps prior to entering into a contract and/or to perform a contract are stored for the duration of the contractual relationship and beyond that for the duration of the retention periods required under commercial or tax law.
4. Newsletter subscription
On some websites, we offer the option to subscribe to a newsletter. To send the newsletter, we process your e-mail address, name and salutation. In the course of the registration process, we also store your IP address and the date and time.
We use the services of rapidmail GmbH (Augustinerplatz 2, 79098 Freiburg i.Br., Germany, hereinafter referred to as “rapidmail”) to send out our newsletter. rapidmail GmbH acts on our behalf on the basis of a commissioned processing agreement.
rapidmail processes opening and click rates to determine whether the newsletters sent are opened, which links are clicked and which actions are performed. It is not possible to separately disable this analysis. In addition to the opening and click rates, the technical system data of recipients of the newsletter (browser and operating system used, date and time the newsletter was opened, IP address) are processed. For the purpose of analysing opening and click rates, the newsletters sent by rapidmail contain a tracking pixel that connects to the rapidmail servers and collects usage data when the e-mail is opened. For more information on data protection at rapidmail, please visit: https://www.rapidmail.de/datensicherheit and https://www.rapidmail.de/hilfe/kategorie/statistiken.
After you subscribe to the newsletter, we verify your e-mail address using what is known as a double opt-in process. For this, we send you an e-mail in which we request that you confirm your data and your consent to receive our newsletter by a specific point in time.
The legal basis for processing your data for the purpose of sending our newsletter and processing opening and click rates is the consent given by you, pursuant to point (a) of Art. 6(1) GDPR. On sending the e-mail within the context of the double opt-in process, we meet our legal obligation to verify your e-mail address pursuant to point (c) of Art. 6(1) GDPR.
Your data are processed for the purpose of sending our newsletter.
You provide the personal data on a voluntary basis. If you do not provide the data, however, we will not be in a position to send you the newsletter.
Your data are stored for the purpose of sending the newsletter until you withdraw your consent or unsubscribe. You can unsubscribe from future newsletters at any time using the relevant feature in our newsletters. On receiving your withdrawal/cancellation, we will place a lock flag on your e-mail address in order to document that you no longer wish to receive any newsletter from us in the future. The lock flag and your e-mail address are erased three years after the end of the calendar year in which the lock flag was set unless there is still an active business relationship at that point in time and we need to store your e-mail address in order to perform a contract with you. If you do not respond to our e-mail sent in the context of the double opt-in process, we will erase your data three months after your subscription to the newsletter provided that there are no statutory retention obligations that prevent this
5. Establishment, existence and execution of a business relationship
For the purpose of establishing or executing a future or existing business relationship, we process your personal data required for this, such as your name, postal address, e-mail address, phone number, authentication data (e.g. ID or passport details) and data from fulfilling our contractual obligations (contract documents, declarations, communication, bank details). We receive these data within the context of our business relationship and its initiation either from you (e.g. via a contact form) or from sales partners or brokers with whom we collaborate. We may also – if necessary within the context of our performance – process data that we have legitimately collected from publicly accessible sources (e.g. debtors’ lists, commercial and association registers, land registers and the like).
If we collaborate with a sales partner or broker in order to establish the business relationship, we may share information about the conclusion of a contract with this sales partner or broker so that any commission payments can be calculated.
In the context of contractual relationships, you only have to provide the personal data that are needed to establish, execute and end the contractual relationship or that we are legally obliged to collect (e.g. due to tax regulations). Without these data, we generally have to refuse to establish a business relationship.
The legal basis for the data processing is the establishment and performance of a contract or steps required prior to entering into a contract pursuant to point (b) of Art. 6(1) GDPR. We obtain your consent pursuant to point (a) of Art. 6(1) GDPR for individual processing operations, such as sharing data with a sales partner or broker.
As a general principle, your data are only processed and stored for as long as this is necessary for the purpose for which they were collected, especially to fulfil our contractual obligations and for any statutory retention periods that go beyond this, e.g. as set out in the German Commercial Code (HGB) or German Fiscal Code (AO). These generally amount to six or ten years. Data may also be stored in order to establish and assert legal claims within the context of statutory limitation periods, e.g. for the preservation of evidence.
Cookies are used on our websites. Cookies are small text files that are placed on your end device. Technically necessary cookies are used to allow us to offer certain features on our websites (e.g. language settings).
In addition to technically necessary cookies, cookies may also be used by third-party providers to analyse your usage behaviour on our websites and optimise our marketing activities. We will obtain your express consent for this in advance of using such cookies.
We use the function of Borlabs, a plug-in solution from Borlabs (Rübenkamp 32, 22305 Hamburg, Germany, hereinafter referred to as “Borlabs”), to obtain and document your consent to the use of third-party cookies. Using the Borlabs cookie box, you can manage your cookie settings and access further details on the cookies used (name, purpose, functional duration) on our websites. Your consent status is stored using the Borlabs plug-in. The legal basis for this data processing is our legal obligation to obtain and document your consent pursuant to point (c) of Art. 6(1) GDPR.
You can generally configure your browser so that you are informed about cookies being placed and can decide on a case-by-case basis whether to accept them. Alternatively, you can configure your browser to accept cookies in certain cases or to always reject them. If you do not accept technically necessary cookies, this may limit the functionality of our websites.
If personal data are processed using technically necessary cookies, the legal basis for this is our legitimate interest in maintaining the functionality of our website pursuant to point (f) of Art. 6(1) GDPR.
The data collected using technically necessary cookies are not used to create user profiles.
Use of Matomo
Subject to your consent, we use Matomo on our websites for web analytics purposes. This is a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”) by means of cookie technology.
Data are only collected if you have not generally opted out from cookies (via your browser settings, for example) and have given your consent in the cookie box. The data are only stored by our hosting provider and are not forwarded to third parties.
In addition to your IP address, the website accessed, the time spent and actions performed on the website, the frequency with which the website is accessed and the website from which you visited our website are processed for usage analysis purposes.
The legal basis for the data processing is your consent, point (a) of Art. 6(1) GDPR.
The data are erased as soon as they are no longer needed for our record-keeping purposes. In our case, this is after seven days.
Use of Google Analytics
The information generated by these cookies, such as the time, place and frequency of your website visits, including your IP address, is transmitted to Google in the USA and stored there. We use Google Analytics with the code extension “_gat._anonymizeIp” on our website. In this case, your IP address is truncated and thereby anonymised by Google already within European Union member states and other states party to the Agreement on the European Economic Area.
Google uses this information on our behalf to analyse your usage of our website, to compile reports on the website activities for us and to render further services connected with the usage of the website and of the Internet. Google may also share this information with third parties where required to do so by law or where third parties process these data on Google’s behalf.
Google states that it never associates your IP address with other Google data. You can prevent cookies being installed by adjusting your browser software appropriately; however, please note that you may not then have full use of all of the features of our website.
Google is a subsidiary of Google Inc. based in the USA. Even if providers are based in the EU, we cannot rule out the possibility of data also being stored by group companies in the USA or another third country. Some of these third countries do not have an adequate level of data protection. In some third countries, such as the USA, government agencies have extensive rights to access data of companies that are headquartered in these third countries. We have concluded an agreement in respect of commissioned processing with Google. We also use Standard Contractual Clauses for transferring personal data from the European Union to third countries.
If you visit our websites using a mobile device (smartphone or tablet), you must instead click this link in order to prevent Google Analytics tracking in the future. This can also be used as an alternative to the browser add-on above. Clicking the link sets an opt-out cookie in your browser that is only valid for this browser and domain. If you clear cookies from this browser, this also erases the opt-out cookie. Therefore, you will have to click the link again.
Your consent is the legal basis for using the cookies set for Google Analytics (point (a) of Art. 6(1) GDPR).
The data sent by us and linked with cookies, user IDs or campaign IDs are automatically erased after 14 months. Data for which the retention period has ended are automatically erased once a month. For more information on the Terms of Service and data protection, please visit https://policies.google.com/?hl=de.
Use of Google Ads
Subject to your consent, we use Google Ads functions and Google conversion tracking, a service provided by Google Ireland Ltd., Google Building Gordon House, Barrow St., Dublin 4, Ireland (hereinafter “Google”).
Google Ads allows us to use ads on external websites to draw attention to our attractive offers and determine how successful individual advertising measures are. Google places these ads using an ad server. For this, we use ad server cookies, which allow for measurement of certain success tracking parameters, such as ads displayed and clicks by users. If you reach our websites via a Google ad, Google Ads stores a cookie on your device. The cookie is not intended to personally identify you. The following information is generally stored as analytical values for the cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indicating that the user no longer wishes to be targeted). These cookies allow Google to recognise your browser. If you visit certain pages of a website and the cookie stored on your device has not yet expired, Google can recognise that you clicked on the ad and were directed to the website. Each Ads customer is given a different cookie. Google states that cookies cannot therefore be tracked across the websites of Ads customers.
We ourselves do not collect or process any personal data in the context of the stated advertising measures. We simply have access to statistical analysis from Google. We can use this analysis to identify which of the advertising measures used are particularly effective. We do not receive any further information from the use of the ads – in particular, we cannot identify individual users based on this information.
On the basis of the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the scope or further use of the data processed by Google through the use of Google Ads. As far as we are aware, Google is notified that you have accessed the relevant section of our website or clicked on an ad of ours. If you have a Google user account and are logged in, Google can assign the visit to your user account. Even if you are not registered with or logged into Google, there is the possibility that Google may learn and store your IP address.
The legal basis for the data processing is your consent, point (a) of Art. 6(1) GDPR.
The cookies have a functional duration of up to 180 days.
Google is a subsidiary of Google Inc. based in the USA. Even if providers are based in the EU, we cannot rule out the possibility of data also being stored by group companies in the USA or another third country. Some of these third countries do not have an adequate level of data protection. In some third countries, such as the USA, government agencies have extensive rights to access data of companies that are headquartered in these third countries. We are joint controllers with Google for the data processing operations for the purposes of the aforementioned statistical analysis and have agreed the relevant Standard Contractual Clauses.
Use of GetResponse
We use GetResponse on our website, a service for our email marketing and marketing automation. The service provider is the Polish company GetResponse Sp. z o.o., Arkonska 6/A3, 80-387 Gdansk, Poland.
What is GetResponse?
Besides classic newsletter service, the company also offers Marketing Automation. This refers to a technical method that automates and individualizes certain marketing or sales processes. Thus, based on your user behavior, we can better adapt our communication to your needs and individually tailor and automate possible promotions for you and our other customers. For this purpose, personal data (e.g. name, address, IP address) and also technical data such as your click behavior or how long you stay on one of our pages are stored and processed. This data is only stored if you have consented to the data processing.
Why do we use GetResponse?
Of course, we do not want to deprive you of any news from our company. At the same time, we want you to receive only those news that may be relevant for you. With a smart marketing or newsletter tool we have the possibility to reconcile both.
7. Our profiles on social media platforms
We maintain business profiles on several social media channels. If you visit our profile on one of the social media platforms, the respective provider of the social media platform processes data concerning you in order to create usage profiles and to run and improve its own services. Furthermore, some providers of social media platforms make analysis about the use of our business profile available to us in an anonymised form. To some degree, the data processing takes place regardless of whether you yourself are registered on the social media platform. The analysis generally includes the following information:
- Reach measurement with regard to the profile, posts and other functions, i.e. the total number of people, the profile, posts and other functions visited/used
- Aggregated data regarding the age, gender, field of work, household income and place of residence (country, region/city) of the people that visit the profile
- Usage duration for videos and other functions
- Time and place of use
- Devices, operating systems and software used
- Interaction in connection with posts, e.g. click rates, shares, comments
With regard to the data processing operations for the purpose of the aforementioned analysis, we are joint controllers with the respective providers of the social media platforms within the meaning of the GDPR and have concluded the relevant agreements regarding joint controllership.
In order to optimise our marketing activities, we use features provided by the social media platforms to display ads and promote posts and content. For this, we define target groups based on particular criteria (such as location, gender, age and interests) for campaigns. Assignment to any particular individual is not possible in this regard. Via the campaigns, we receive the statistical analysis outlined above from the social media providers.
The providers of the social media platforms may be based outside of the EU and the European Economic Area (EEA) (so-called “third countries”), especially in the USA. Some of these third countries do not have an adequate level of data protection. In some third countries, such as the USA, government agencies have extensive rights to access data of companies that are headquartered in these third countries. Even if the providers are based in the EU, we cannot rule out the possibility of data also being stored by group companies in the USA or another third country. The Standard Contractual Clauses apply to data transfers.
Further information on the individual providers of the social media platforms is provided here:
Facebook and Instagram:
The services are provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information on the collection and use of personal data is available for Facebook at https://www.facebook.com/policy.php and for Instagram at https.//help.instagram.com/519522125107875. If you use our Facebook page or Instagram profile, Facebook stores cookies on your computer or smartphone. For information on this, please visit https://www.facebook.com/policies/cookies. We have concluded an additional agreement regarding joint controllership with Facebook that sets out the data processing operations for which we or Facebook are responsible when you visit our Instagram profile. This can be viewed at the following link: https://www.facebook.com/legal/controller_addendum.
8. Automated decision-making including profiling
There is no automated decision-making or profiling.
9. Your rights
Every data subject has a right of access (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to restriction of processing (Art. 18 GDPR), a right to erasure (Art. 17 GDPR), a right to object (Art. 21 GDPR) and a right to data portability (Art. 20 GDPR).
If data processing is based on your consent, you may withdraw this at any time with future effect. The data processing that has taken place up until the point that you withdraw your consent remains lawful. You may withdraw your consent by, for example, e-mailing firstname.lastname@example.org or KR@tradium.com or by writing to the postal address above.
Furthermore, you have the right to lodge a complaint with the relevant supervisory authority (Art. 77 GDPR).
Right to object
If your personal data are processed on the basis of legitimate interests pursuant to point (f) of Art. 6(1) GDPR, you have the right pursuant to Article 21 GDPR to object to personal data concerning you being processed on grounds relating to your particular situation or if the objection relates to direct marketing. In the case of the latter, you have a general right to object, which will be implemented by us without any reference to a particular situation. If you wish to exercise your right to object, you need simply e-mail email@example.com or KR@tradium.com.
10. Data security
We use the popular SSL method on our websites in combination with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we revert instead to 128-bit v3 technology.
For the rest, we use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and unauthorised third-party access. We continuously improve our security measures in line with technological advancements.