Note: This is a convenience translation of the German “Datenschutzerklärung” and serves solely information purposes. In any case, the German version shall prevail and constitute the definitive statement with regard to user privacy.
Dear customer or interested party,
In the following you will receive the legally required notifications and information on the processing of your personal data provided to us or transmitted to us by others:
1 Name and Contact Details of the Controller
The Controller within the scope of the applicable data protection laws (Art. 4 para. 7 GDPR) is:
Phone: +49 421 40 886 550
2 SCOPE OF PROCESSING PERSONAL DATA
As a matter of principle, we process personal data of our customers only to the extent necessary to provide our offered services. The processing of personal data is regularly only carried out with the consent of the persons concerned or if the processing of the data is permitted by legal regulations.
3 LEGAL BASIS FOR PROCESSING PERSONAL DATA
Insofar as we obtained the consent of the data subject for processing of personal data, Art. 6 para. (1) lit. a) GDPR serves as the legal basis. Your consent can be revoked at any time by informing us informally, without affecting the lawfulness of the previous processing. If your consent is revoked, we will immediately cease the corresponding data processing.
With regard to the processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. (1) lit. b) GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh those interest, Art. 6 para. (1) lit. f) GDPR serves as the legal basis for the processing. Data subjects have the right to object to the processing of their data carried out on this legal basis. Further information can be found in the section entitled "Data subjects' rights" below.
4 STORAGE DURATION
Personal data will only be stored for as long as is necessary to fulfil the respective order or purpose and then deleted, unless we are obliged to store the data for a longer period of time in accordance with Art. 6 para. (1) lit. c GDPR due to tax and commercial law storage and documentation obligations, you have consented to storage beyond this in accordance with Art. 6 para. (1) lit. a) GDPR or storage beyond this is otherwise legally permissible.
5 Website Use
5.1 Usage data
When you visit our website, the data collected through the use of the website is temporarily stored on our web server for statistical purposes. This record contains:
• Information about the browser type and version used
• The user's operating system
• The Internet service provider of the user
• The IP address of the user
• Date and time of access
• Websites from which the user's system accesses our website
• Websites that are called up by the user's system via our website
With the exception of the IP address (see point (2) below), the usage data listed is stored anonymously. Therefore, no personal user profiles can be created. No data about individuals or their individual behavior is collected.
The data is processed on the basis of Art. 6 para. (1) lit. f GDPR. We use this information to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes or automatic decision making or profiling does not take place in this context. Your data will only be processed to answer your request and will be deleted as soon as the information is no longer required. They will not be passed on to third parties.
5.2 Storage of your IP address
We store the IP address transmitted by your web browser for a period of seven (7) days, solely for the purpose of identifying, limiting and eliminating attacks on our website. After seven (7) days, we will delete or make your IP address anonymous. The legal basis for the processing of this personal data is Art. 6 para. (1) lit. f GDPR.
5.3 Data security
In order to prevent unauthorized access to your data, we have taken technical and organizational measures. We use encryption technologies on our website. Your data is transferred to our servers and back again via a connection protected by TLS encryption technology. You can tell that you are surfing on an encryption-secured website by the lock symbol in the address bar of your browser and by the address bar beginning with https: //
We use both technically necessary cookies, which are necessary for the operation of the website and its functions, and technically not necessary cookies to evaluate the use of our site and to improve our offer
Data processing in the context of technically necessary cookies is carried out on the basis of Art. 6 para. (1) lit. f GDPR, as we have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. Technically necessary cookies include, for example, session cookies, especially for language settings and locations, to enable the calling browser to be identified even after a page change and to recognize that you have already visited individual pages of our website or have made settings.
The data processing within the scope of technically not necessary cookies is only carried out after your consent on the basis of Art. 6 para. (1) lit. a GDPR.
If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). We have concluded a contract on commissioned data processing with Google. Google LLC, headquartered in California, USA, and possibly US authorities may have access to the data stored by Google.
Google uses technically not necessary cookies, which enable an analysis of the use of our website by you and to compile reports about the website activities, in particular: The pages you call up, your "click path", achievement of "website objectives" (e.g. conversions, newsletter registrations, downloads, purchases), your user behavior (e.g. clicks, length of stay, bounce rates), your approximate location (region), your IP address (in abbreviated form), technical information about your browser and the end devices you use (e.g. language settings, screen resolution), your Internet provider, the referrer URL (via which website/advertising medium you came to this website).
The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We use the function 'anonymizeIP' (so-called IP-Masking) due to which, your IP-address will be shortened by Google within the EU or the EEA before the transfer to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. A transfer of personal data to the USA can therefore not be excluded. According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not merged or used in combination with other Google data.
The data sent by us and linked with cookies will be automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google through measures in accordance with section 5, paragraph (5), especially by not giving your consent to the setting of technically not necessary cookies or by downloading and installing the browser add-on for deactivating Google Analytics from the Google website (currently here).
The legal basis for the processing of personal data in this context is your consent in accordance with Art. 6 para. (1) lit. a) GDPR.
We have embedded videos from the platform YouTube (operated by YouTube LLC ("YouTube"), a subsidiary of Google LLC ("Google")) into our website, which are hosted at https://www.YouTube.com and can be played directly from our website. All videos are embedded in "enhanced privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos.
5.8 Social Media
In addition, we have company profiles on the social networks Twitter, Facebook, LinkedIn and XING to inform our customers and interested parties primarily about our products and services. When accessing our profiles there, the respective general terms and conditions and privacy policies of the individual providers apply.
On our website we offer the possibility to subscribe to our newsletter. We need your name and your e-mail address for this purpose. In order to be able to prove your consent, we also collect consent data (e.g., your IP address and the time of your consent). The data is transmitted to our Zoho One System on an EU-Server from Zoho Corporation Pvt. Ltd. for the purpose of sending the newsletter and is being processed by them as a processor in accordance with § 28 GDPR.
This processing is carried out in accordance with art. 6 para. 1 lit. a GDPR on the basis of your consent declared in the context of the newsletter order.
You can unsubscribe from the newsletter at any time using the unsubscribe link which you will find in every newsletter e-mail.
5.10 Contact form
You can contact us via our web contact form. To use our contact form, we need your name and e-mail address. You can provide us with further information but are not obliged to do so. The legal basis for the processing is your consent to this in accordance with Art. 6 para. 1 lit. a GDPR. We use your data exclusively for the processing of your inquiry. Your data will be deleted as soon as they are no longer required for the original purpose and will not be passed on to third parties.
6 CONTACTING, ORDER PROCESSING, MARKETING
Outside of our web presence, we collect and process your personal data only for the purpose of contacting you, in the course of processing and handling already placed orders or to enable the execution of future orders.
For this purpose, we process your master data (name, address, telephone number, e-mail address) and, if necessary, corresponding data of contact persons.
As a rule, you have provided us with this data yourself in the course of previous contact, or we have received it from one of our business partners at your behest or with your consent in order to contact you for the purpose of initiating or fulfilling orders.
The legal basis for the processing is Art. 6 para. (1) lit. b GDPR, as the processing of the data is necessary for the appropriate execution of an order or for the initiation of an order. Without the provision of this data, it is not possible to execute an order, as otherwise we will not have the opportunity to contact you.
The processing of other data which you have made available to us or to our business partners yourself will only take place within the framework of the initiation or execution of an order. The legal basis for this is your consent according to Art. 6 para. (1) lit. a GDPR.
We may also use your business-related master data to the extent necessary for marketing purposes, i.e., to provide you with offers or information on other services or performances offered by us which we think might be of interest to you or your company. The legal basis for this is the protection of legitimate interests in accordance with Art. 6 para. (1) lit. f GDPR. The legitimate interests take the form of sales promotion of our products and services. In this context, the data will not be passed on to third parties, nor will automated decision-making or profiling take place.
7 Transfer of Data
Your data will be treated in strict confidence and are secured against unauthorized access. In our company, only those employees who need this data for the initiation or execution of an order have access to your data.
IT service providers who support us in the operation of our website and the general business procedures and associated processes as processors may, under certain circumstances, have access to personal data. This processing always takes place within the framework of a data processing agreement in accordance with Art. 28 GDPR.
These processors process the data on our behalf and exclusively according to our instructions. In this case we are legally responsible for appropriate data protection measures at the companies we commission as processors. The companies have been carefully selected by us, commissioned in writing in accordance with the legal requirements, are bound by our instructions and are regularly checked.
Apart from that, a transfer to third parties is not intended and will of course not take place, unless you expressly give us your consent to the transfer, or we are obliged or entitled to transfer the data independently of your consent according to applicable legal regulations. Such a case could be, for example, if it would be necessary to pass on data to a court or an authority in order to assert, exercise or defend legal claims.
In some cases, we may transfer personal data to third countries outside the EU. In any case, we will ensure an adequate level of data protection in accordance with European standards.
For the purpose of simplifying and rationalizing the internal processes and, above all, in order to create and maintain a safe and responsible processing environment for personal date, we have implemented a software solution, ZOHO ONE (hereinafter referred to as the “CRM”), via which the storage, maintenance and Shared Use of customer data is managed and carried out. We use this CRM together with Intalcon GmbH Wilhelm-Herbst-Str. 7, 28359 Bremen, Germany as joint controllers within the meaning of Art. 26 GDPR.
9 Rights of Data Subjects
As data subject, you have the right:
- pursuant to Art. 7 para. (3) GDPR to revoke your consent to us at any time. As a result, we are not allowed to continue the data processing for the future, if it was based on the consent;
- pursuant to Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of such data;
- pursuant to Art. 16 GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
- pursuant to Art. 17 GDPR to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request its transfer to another responsible party.
To exercise these rights or to obtain additional information on them, please contact us. For this purpose, an e-mail to the above-mentioned contact address, for example, is sufficient.
Furthermore, you have the possibility to complain to a supervisory authority in accordance with Art. 77 GDPR. You can, for example, contact the supervisory authority at your usual place of residence or workplace or at our headquarters.
10 SeparateInformation on your Right of Objection pursuant to Art. 21 GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 para. (1) lit. f GDPR. Following an objection, we will no longer process the personal data concerned unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
You may also object at any time to the processing of personal data concerning you for the purposes of direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for those purposes.
Any objection based on the above-mentioned grounds may be lodged informally at any time, e.g. by e-mail to firstname.lastname@example.org. Processing operations carried out prior to an objection remain unaffected by it.
11 Adjustments and Updates
In order to ensure that our data protection information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection information has to be adapted due to new or revised offers or services. You can access and print out the current data protection declaration at any time by clicking on this link.
Status December 2020.
ANNEX – INFORMATION ON CRM
Intalcon GmbH, Wilhelm-Herbst-Str. 7, 28359 Bremen, Germany – hereinafter referred to as „Intalcon GER” and Intalcon Ltd., 29 The Green, Winchmore Hill, London N21 1HS, UK – hereinafter referred to as „Intalcon UK” – are companies active in the area of developing and marketing algorithms for systematic trading and portfolio management in financial markets. Intalcon GER and Intalcon UK are hereinafter also referred to as each a “Party” or jointly as “the Parties”.
Intalcon UK is a fully owned subsidiary of Intalcon GER and organizationally responsible for and active in the area of the United Kingdom.
Both Parties regularly receive requests from customers that require a cross-border cooperation between the Parties or a complete assignment to one of the Parties and thus may involve the transfer, independent access to and / or processing of personal data by either Party (hereinafter referred to as “Shared Use”).
For the purpose of simplifying and rationalizing the internal processes and, above all, in order to create and maintain a safe and responsible processing environment for personal date, the Parties have implemented a software solution, ZOHO ONE (hereinafter referred to as the “CRM”), via which the storage, maintenance and Shared Use of customer data is managed and carried out. The data is stored on centralized servers located in Amsterdam and Dublin.
Both Parties generally pursue agreed upon business goals, but they may individually and independently access, alter, supplement or amend personal data via the CRM in cases of Shared Use. As a result, they jointly determine the purposes and means of processing within the meaning of Art. 26 GDPR in such cases, thus they are then considered joint controllers. The Parties have concluded a joint controllership agreement that duly reflects the respective roles and relationships of the joint controllers vis-à-vis the data subjects. The essence of the arrangement is made available to the data subjects with this Annex alongside with further general information on the use of the CRM and its compliance with data protection laws.
2. General Scope of Processing in Relation to the CRM
As a rule, the Parties enter their respective customers’ data into the CRM. The data regularly contains personal data of customers (if natural persons) or of the customers’ employees that are contact persons, particularly their contact information such as name and work/business related address, phone number, e-mail, position (hereinafter referred to as “Customer Data”). No special categories of personal data are subject to processing. However, the visibility is limited by default, so that the Customer Data can only be accessed by the Party that primarily maintains a business relationship with the respective customer.
3. Legal Basis of Shared Use
The Parties may also regularly make Customer Data available for the access and processing by the respective other Party, which is or may reasonably foreseeable become subject to a cooperation between the Parties or assignment to the respective other Party (Shared Use).
If and as far as the transfer to and the processing by the other Party is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, the legal basis is Art. 6 para. (1) s. 1 lit. b) GDPR;
In any other case in which a cooperation seems reasonably foreseeable and may require access and additional processing by the respective other Party, the legal basis is Art. 6 para. (1) s. 1 lit. f) GDPR. The legitimate interests pursued are internal administrative purposes as well as the allocation of those resources to the customer that provide for the best output and service.
4. Joint Responsibility, Division of Tasks and Obligations
The Parties carry out the processing activities in relation to Shared Use with joint responsibility. Accordingly, both Parties are responsible within the meaning of Art. 4 No. 7 GDPR regarding personal data that is subject to processing in this context and are each subject to the provisions applicable to responsible persons.
The division of tasks between the Parties and the definition of which Party assumes which tasks and obligations imposed by the GDPR are specified as follows (an ‘x’ signifies which controller assumes which obligation and / or responsibility):
5. Obligations of the Parties
Within their area of responsibility (see sec. 4), the Parties provide sufficient guarantees that appropriate technical and organizational measures are implemented to ensure that the processing complies with the applicable data protection rules and the rights of the data subject.
The Parties confirm that they are aware of the relevant data protection regulations and their internal organization was and still is set up in a way that complies with the applicable data protection regulations.
The Parties sufficiently familiarize the employees that work with or have access to personal data with the data protection provisions applicable to them. They also ensure that the persons involved in the processing of personal data are obliged to maintain confidentiality or are subject to an appropriate statutory duty of confidentiality. The Parties regularly monitor their compliance with data protection regulations.
Within their area of responsibility (see sec. 4), each Party may engage subprocessors and will select subcontractors carefully according to their suitability and reliability. Before engaging subcontractors, the respective Party obligate them in accordance with Art. 28 GDPR.
The liability of the Parties is governed by Art. 82 GDPR.
8. Standard Contractual Clauses
Since Intalcon UK is located in the United Kingdom, which may become a third country within the meaning of the GDPR after the Brexit transition period ends, the Parties precautionary agreed on the standard contractual clauses to provide for appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects in accordance with Art. 46 GDPR.