Dear customer or interested party,
In the following you will receive the legally required notifications and information on the processing of your personal data provided to us or transmitted to us by others:
1 Name and Contact Details of the Controller
The Controller within the scope of the applicable data protection laws (Art. 4 para. 7 GDPR) is:
29 The Green
London N21 1HS
Phone: +44 141 628 5997
2 Scope of Processing Personal Data
As a matter of principle, we process personal data of our customers only to the extent necessary to provide our offered services. The processing of personal data is regularly only carried out with the consent of the persons concerned or if the processing of the data is permitted by legal regulations.
3 Legal Basis for Processing Personal Data
Insofar as we obtained the consent of the data subject for processing of personal data, Art. 6 para. (1) lit. a) GDPR serves as the legal basis. Your consent can be revoked at any time by informing us informally, without affecting the lawfulness of the previous processing. If your consent is revoked, we will immediately cease the corresponding data processing.
With regard to the processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. (1) lit. b) GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh those interest, Art. 6 para. (1) lit. f) GDPR serves as the legal basis for the processing. Data subjects have the right to object to the processing of their data carried out on this legal basis. Further information can be found in the section entitled "Data subjects' rights" below.
4 Storage Duration
Personal data will only be stored for as long as is necessary to fulfil the respective order or purpose and then deleted, unless we are obliged to store the data for a longer period of time in accordance with Art. 6 para. (1) lit. c GDPR due to tax and commercial law storage and documentation obligations, you have consented to storage beyond this in accordance with Art. 6 para. (1) lit. a) GDPR or storage beyond this is otherwise legally permissible.
5 Contacting, Order Processing, Marketing
We collect and process your personal data only for the purpose of contacting you, in the course of processing and handling already placed orders or to enable the execution of future orders.
For this purpose, we process your master data (name, address, telephone number, e-mail address) and, if necessary, corresponding data of contact persons.
As a rule, you have provided us with this data yourself in the course of previous contact, or we have received it from one of our business partners at your behest or with your consent in order to contact you for the purpose of initiating or fulfilling orders.
The legal basis for the processing is Art. 6 para. (1) lit. b) GDPR, as the processing of the data is necessary for the appropriate execution of an order or for the initiation of an order. Without the provision of this data, it is not possible to execute an order, as otherwise we will not have the opportunity to contact you.
The processing of other data which you have made available to us or to our business partners yourself will only take place within the framework of the initiation or execution of an order. The legal basis for this is your consent according to Art. 6 para. (1) lit. a) GDPR.
We may also use your business-related master data to the extent necessary for marketing purposes, i.e., to provide you with offers or information on other services or performances offered by us which we think might be of interest to you or your company. The legal basis for this is the protection of legitimate interests in accordance with Art. 6 para. (1) lit. f) GDPR. The legitimate interests take the form of sales promotion of our products and services. In this context, the data will not be passed on to third parties, nor will automated decision-making or profiling take place.
6 Transfer of Data
Your data will be treated in strict confidence and are secured against unauthorized access. In our company, only those employees who need this data for the initiation or execution of an order have access to your data.
IT service providers who support us in the operation of our website and the general business procedures and associated processes as processors may, under certain circumstances, have access to personal data. This processing always takes place within the framework of a data processing agreement in accordance with Art. 28 GDPR.
These processors process the data on our behalf and exclusively according to our instructions. In this case we are legally responsible for appropriate data protection measures at the companies we commission as processors. The companies have been carefully selected by us, commissioned in writing in accordance with the legal requirements, are bound by our instructions and are regularly checked.
Apart from that, a transfer to third parties is not intended and will of course not take place, unless you expressly give us your consent to the transfer, or we are obliged or entitled to transfer the data independently of your consent according to applicable legal regulations. Such a case could be, for example, if it would be necessary to pass on data to a court or an authority in order to assert, exercise or defend legal claims.
In some cases, we may transfer personal data to third countries outside the EU. In any case, we will ensure an adequate level of data protection in accordance with European standards.
For the purpose of simplifying and rationalizing the internal processes and, above all, in order to create and maintain a safe and responsible processing environment for personal date, we have implemented a software solution, ZOHO ONE (hereinafter referred to as the “CRM”), via which the storage, maintenance and Shared Use of customer data is managed and carried out. We use this CRM together with Intalcon GmbH Wilhelm-Herbst-Str. 7, 28359 Bremen, Germany as joint controllers within the meaning of Art. 26 GDPR.
8 Rights of Data Subjects
As data subject, you have the right:
8.1 pursuant to Art. 7 para. (3) GDPR to revoke your consent to us at any time. As a result, we are not allowed to continue the data processing for the future, if it was based on the consent;
8.2 pursuant to Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of such data;
8.3 pursuant to Art. 16 GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
8.4 pursuant to Art. 17 GDPR to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
8.5 pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing pursuant to Art. 21 GDPR;
8.6 pursuant to Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request its transfer to another responsible party.
To exercise these rights or to obtain additional information on them, please contact us. For this purpose, an e-mail to the above-mentioned contact address, for example, is sufficient.
Furthermore, you have the possibility to complain to a supervisory authority in accordance with Art. 77 GDPR. You can, for example, contact the supervisory authority at your usual place of residence or workplace or at our headquarters.
9 Separate Information on your Right of Objection pursuant to Art. 21 GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 para. (1) lit. f GDPR. Following an objection, we will no longer process the personal data concerned unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
You may also object at any time to the processing of personal data concerning you for the purposes of direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for those purposes.
Any objection based on the above-mentioned grounds may be lodged informally at any time, e.g., by e-mail to email@example.com. Processing operations carried out prior to an objection remain unaffected by it.
10 Adjustments and Updates
In order to ensure that our data protection information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection information has to be adapted due to new or revised offers or services. You can access and print out the current data protection declaration at any time by clicking on this link.
Status December 2020.
ANNEX – Information on CRM
Intalcon GmbH, Wilhelm-Herbst-Str. 7, 28359 Bremen, Germany – hereinafter referred to as „Intalcon GER” and Intalcon Ltd., 29 The Green, Winchmore Hill, London N21 1HS, UK – hereinafter referred to as „Intalcon UK” – are companies active in the area of developing and marketing algorithms for systematic trading and portfolio management in financial markets. Intalcon GER and Intalcon UK are hereinafter also referred to as each a “Party” or jointly as “the Parties”.
Intalcon UK is a fully owned subsidiary of Intalcon GER and organizationally responsible for and active in the area of the United Kingdom.
Both Parties regularly receive requests from customers that require a cross-border cooperation between the Parties or a complete assignment to one of the Parties and thus may involve the transfer, independent access to and / or processing of personal data by either Party (hereinafter referred to as “Shared Use”).
For the purpose of simplifying and rationalizing the internal processes and, above all, in order to create and maintain a safe and responsible processing environment for personal date, the Parties have implemented a software solution, ZOHO ONE (hereinafter referred to as the “CRM”), via which the storage, maintenance and Shared Use of customer data is managed and carried out. The data is stored on centralized servers located in Amsterdam and Dublin.
Both Parties generally pursue agreed upon business goals, but they may individually and independently access, alter, supplement or amend personal data via the CRM in cases of Shared Use. As a result, they jointly determine the purposes and means of processing within the meaning of Art. 26 GDPR in such cases, thus they are then considered joint controllers. The Parties have concluded a joint controllership agreement that duly reflects the respective roles and relationships of the joint controllers vis-à-vis the data subjects. The essence of the arrangement is made available to the data subjects with this Annex alongside with further general information on the use of the CRM and its compliance with data protection laws.
2. General Scope of Processing in Relation to the CRM
As a rule, the Parties enter their respective customers’ data into the CRM. The data regularly contains personal data of customers (if natural persons) or of the customers’ employees that are contact persons, particularly their contact information such as name and work/business related address, phone number, e-mail, position (hereinafter referred to as “Customer Data”). No special categories of personal data are subject to processing. However, the visibility is limited by default, so that the Customer Data can only be accessed by the Party that primarily maintains a business relationship with the respective customer.
3. Legal Basis of Shared Use
The Parties may also regularly make Customer Data available for the access and processing by the respective other Party, which is or may reasonably foreseeable become subject to a cooperation between the Parties or assignment to the respective other Party (Shared Use).
If and as far as the transfer to and the processing by the other Party is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, the legal basis is Art. 6 para. (1) s. 1 lit. b) GDPR;
In any other case in which a cooperation seems reasonably foreseeable and may require access and additional processing by the respective other Party, the legal basis is Art. 6 para. (1) s. 1 lit. f) GDPR. The legitimate interests pursued are internal administrative purposes as well as the allocation of those resources to the customer that provide for the best output and service.
4. Joint Responsibility, Division of Tasks and Obligations
The Parties carry out the processing activities in relation to Shared Use with joint responsibility. Accordingly, both Parties are responsible within the meaning of Art. 4 No. 7 GDPR regarding personal data that is subject to processing in this context and are each subject to the provisions applicable to responsible persons.
The division of tasks between the Parties and the definition of which Party assumes which tasks and obligations imposed by the GDPR are specified as follows (an ‘x’ signifies which controller assumes which obligation and / or responsibility):
5. Obligations of the Parties
Within their area of responsibility (see sec. 4), the Parties provide sufficient guarantees that appropriate technical and organizational measures are implemented to ensure that the processing complies with the applicable data protection rules and the rights of the data subject.
The Parties confirm that they are aware of the relevant data protection regulations and their internal organization was and still is set up in a way that complies with the applicable data protection regulations.
The Parties sufficiently familiarize the employees that work with or have access to personal data with the data protection provisions applicable to them. They also ensure that the persons involved in the processing of personal data are obliged to maintain confidentiality or are subject to an appropriate statutory duty of confidentiality. The Parties regularly monitor their compliance with data protection regulations.
Within their area of responsibility (see sec. 4), each Party may engage subprocessors and will select subcontractors carefully according to their suitability and reliability. Before engaging subcontractors, the respective Party obligate them in accordance with Art. 28 GDPR.
The liability of the Parties is governed by Art. 82 GDPR.
8. Standard Contractual Clauses
Since Intalcon UK is located in the United Kingdom, which may become a third country within the meaning of the GDPR after the Brexit transition period ends, the Parties precautionary agreed on the standard contractual clauses to provide for appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects in accordance with Art. 46 GDPR.