PRIVACY POLICY
Privacy
Our website can be generally used without entering any personal details. If personal details (such as name, address or e-mail addresses) are collected on our websites, if possible this is always conducted on a voluntary basis. Your data will not be passed on to third parties without your express consent.
Please note that data transmission in the internet (such as communication by e-mail) may be vulnerable. Full protection of data from access by third parties is not possible.
We herewith expressly object to the use of contact details published in our mandatory site notice by third parties to send unsolicited advertising and information material. The website operators reserve the right to take legal action in case of the unsolicited sending of advertising material, for instance in the form of spam mails.
In accordance with the legal requirements of data protection law (in particular the German Federal Data Protection Act [FDPA] and the European General Data Protection Regulation [GDPR]), we will inform you of the nature, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. With regard to the definition of terms such as “personal data” and “processing”, please refer to Article 4 of the GDPR.
Name and contact details of the controller
Within the meaning of Article 4, 7 GDPR, our controller is:
WOLLENBERG Investment Management GmbH
Kaiser-Wilhelm-Ring 3-5
50672 Cologne
Telephone: +49 221 429 11040
E-mail: contact@wollenberginvest.com
Managing Director: Dr Hans-Joachim Sievers
Company headquarters: Cologne
Registry Court: Cologne District Court
Commercial Register: HRB 90397
Data types, processing purposes and data subject categories
In the following we shall inform you of the nature, scope and purpose of the collection, processing and use of personal data.
1. Types of data processed by us
Usage data (access times, visited websites, etc.), user data (name, address etc.), contact details (telephone number, e-mail, fax, etc.), communication data (IP address, etc.),
2. Processing purposes in accordance with Article 13, 1, c GDPR
Dealing with contact inquiries
3. Data subject categories in accordance with Article 13, 1, e GDPR
Visitors/users of the website, customers
The data subjects shall be collectively referred to as “users”.
Cookies
1. Our internet website uses cookies. A cookie is a text file that is created when a website is accessed and is stored on the system of the website user. If the website user calls up our website server again, the browser of the website user returns the previously received cookie to the server. This process enables the server to evaluate the information in the cookie. Cookies can be used, for instance, to control ad displays and to facilitate website navigation. Cookies are also required to ensure the function of our website (the legal basis is Article 6, 1, f GDPR, the protection of the legitimate interests of the operator of this website – we only use cookies in compliance with Article 5, 1, a GDPR, therefore according to the principles of “lawfulness, fairness, and transparency”). If you wish to prevent the use of cookies, you can adjust the local settings in your internet browser (e.g. Internet Explorer, Mozilla Firefox, Opera or Safari) accordingly.
Legal bases for the processing of personal data
In the following, we shall inform you of the legal bases for the processing of personal data:
If we have obtained your consent for the processing of personal data, the legal basis is Article 6, 1, 1, a GDPR.
If processing is necessary to fulfil a contract or to implement pre-contractual measures instigated at your request, the legal basis is Article 6, 1, 1, b GDPR.
If processing is necessary to fulfil a legal obligation to which we are subject (such as legal obligations to preserve records), the legal basis is Article 6, 1, 1, c GDPR.
If processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Article 6, 1, 1, d GDPR.
If processing is necessary to protect our legitimate interests or those of a third party and your interests or fundamental rights and freedoms do not prevail in this respect, the legal basis is Article 6, 1, 1, f GDPR.
Passing on personal data to third parties and data processors
We do not pass on any data to third parties without your consent. If this is the case, the data is passed on for the aforementioned legal bases such as forwarding data to online payment providers to fulfil a contract or on account of a court order or legal obligation to disclose the data for the purpose of criminal prosecution, of averting danger or of exercising rights to intellectual property.
We also employ data processors (external service providers who, for instance host our websites and databases) to process your data. If data are passed onto data processors under a data processing agreement, this shall always be conducted in accordance with Article 28 GDPR. We select our data processors carefully, subject them to regular checks, and exercise a right of instruction with regard to the processing of data. In addition, the data processors must have taken appropriate technical and organisational measures and comply with data protection regulations in accordance with the FDPA (new version) and the GDPR.
Data transmission to third countries
A uniform basis for data protection in Europe was put in place through the adoption of the European General Data Protection Regulation (GDPR). Your data are therefore primarily processed by companies that are subject to the GDPR. If processing is carried out by third-party services outside the European Union or the European Economic Area, they must meet the specific requirements of Article 44 et seq. GDPR. This means that processing is conducted on the basis of special guarantees, such as official recognition by the EU Commission of a level of data protection compliant with EU standards or observance of officially recognised special contractual obligations or so-called standard data protection clauses. In the case of US companies, these requirements are fulfilled through their compliance with the Privacy Shield, the data protection agreement between the EU and the USA.
Deletion of data and retention period
Unless expressly stated otherwise in this privacy policy, your personal data are deleted or blocked as soon as the purpose of the storage ceases to apply, unless further storage is required for evidential purposes or legal retention obligations are constituted. This includes commercial retention obligations to store business letters in accordance with Article 257, 1 of the German Commercial Code (HGB) (6 years) and fiscal retention obligations to store documents in accordance with Article 147, 1 of the Revenue Code (AO) (10 years). When the prescribed retention period expires, your data are blocked or deleted, unless storage is still required in order to conclude or fulfil a contract.
Automated decision-making
We do not use any automated decision-making or profiling systems.
Provision of our website and creation of log files
1. If you use our website for informational purposes only (with no registration or any other transmission of information), we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data:
2. • IP address;
3. • internet service provider of the user;
• date and time of access;
• browser type;
• language and browser version;
• content of the retrieval;
• time zone;
• access status/HTTP status code;
• amount of data;
• accessing websites;
• operating system.
This data is not stored together with your other personal data.
4. This data is used to ensure the user-friendly, efficient, and reliable provision of our website to you with functions and content as well as to optimise the website and to conduct statistical evaluations.
5. The legal basis for this is our legitimate interest in the data processing in accordance with Article 6, 1, 1, f) GDPR.
6. For security reasons, we store this data in server log files for a period of days. On expiry of this period, the data are deleted automatically unless we need to continue storing them for evidential purposes in case of attacks on the server infrastructure or other legal violations.
Contact via contact form/e-mail/ fax/post
1. When you contact us by contact form, fax, post or e-mail, we process your details for the purpose of dealing with your contact inquiry.
2. Should you have given your consent, the legal basis for data processing is Article 6, 1, 1, a GDPR. The legal basis for processing data transmitted with a contact inquiry or e-mail, letter or fax is Article 6, 1, 1, f) GDPR. The controller has a legitimate interest in the processing and storing of the data to enable them to deal with user inquiries, to secure evidence for reasons of liability, and to fulfil their legal retention obligations with regard to business correspondence. If the contact is aimed at concluding a contract, a further legal basis for processing is constituted by Article 6, 1, 1, b) GDPR.
3. We may store your details and contact inquiries in our customer relationship management system (CRM system) or a comparable system.
4. The data are deleted as soon as they cease to be required for the purpose of their collection. In respect of personal data from the contact form input mask and those sent by e-mail, this is the case when the relevant communication with you is ended. The communication is deemed over when it is clear from the circumstances that the matter has been conclusively settled. We store inquiries from users who have account or contract with us for a period of two years after expiry of the contract. In case of legal archiving obligations, deletion takes place on the latter’s expiry: end of commercial (six years) and fiscal (10 years) retention obligation.
5. In accordance with Article 6, 1, 1, a GDPR, you are entitled to revoke your consent to the processing of your personal data at any time. If you contact us via e-mail, you can object to the storage of your personal data at any time.
Google ReCAPTCHA
1. Our website integrates the anti-spam function “recaptcha” by “Google” (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA, EU office: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland). The “recaptcha” function in our forms enables us to determine whether a machine (robot) or a person has entered the data. When using the service, your IP address and any other data required may be transferred to Google servers in the USA.
2. The purpose of processing this data is to prevent spam and misuse as well as our economic interest in optimising our website.
3. The legal basis is our legitimate interest in data processing in accordance with Article 6, 1, 1, f GDPR.
4. Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework). This ensures compliance with European data protection law.
5. For more information about Google reCAPTCHA, go to https://www.google.com/recaptcha/ and to Google’s privacy policy at: https://policies.google.com/privacy.
Google fonts
1. This website uses certain Google fonts to display content. When you access a website, your browser downloads these fonts. Your IP address and the website (internet address) you have accessed is transmitted to a Google server. For more information about these Google fonts, go to https://developers.google.com/fonts/faq and Google’s privacy policy at https://www.google.com/policies/privacy/
Security notice
1. We use appropriate technical and organisational measures to protect our website and other IT systems from loss, destruction, unauthorised access, unauthorised modification, and unauthorised distribution of your data. However, despite all due diligence, full protection against all dangers cannot be ensured. Since we cannot guarantee full data protection when communicating via e-mail, we recommend that you send confidential information by post.
Amendments to this privacy policy
1. We reserve the right to amend this privacy policy in the event of any changes in the legal situation, in this online service or in the type of data collection. However, this only applies to policies relating to data processing. If the consent of the user is necessary or parts of the privacy policy set forth rules regarding the contractual relationship with users, the amendment of the privacy policy shall be subject to the consent of the user. Please therefore refer to this privacy policy as required and in particular when you disclose personal data.
Data subject rights
1. Right to object or revoke consent to processing your data
Insofar as processing is subject to your consent in accordance with Article 6, 1, 1, a, Article 7, GDPR, you are entitled to revoke your consent at any time. This does not affect the legality of processing conducted on the basis of the consent prior to revocation.
Insofar as our processing of your personal data is based on a weighing of interests in accordance with Article 6, 1, 1, f GDPR, you may object to said processing. This is the case in particular if processing is not required for the fulfilment of a contract with you, which we shall indicate respectively in the following description of the functions. If you exercise your aforementioned right to object, we request you to notify us of the reasons as to why we may no longer process your personal details. In case of your justified objection, we shall examine the facts of the case and shall either curtail or adapt data processing or inform you of our compelling legitimate reasons for processing, on the basis of which we will continue to process your personal data.
You may object to the processing of your personal data at any time for the purpose of advertising or data analysis. You may exercise your right to object free of charge. You may notify us of your objection to advertising via the following contact details:
WOLLENBERG Investment Management GmbH
50672 Cologne
E-mail: contact@wollenberginvest.com
Company headquarters: Cologne
1. Commercial Register: HRB 90397
2. Register Court: Cologne District Court
3. Managing Director: Dr Hans-Joachim Sievers
4. Telephone: +49 221 429 11040
5. Kaiser Wilhelm Ring 3-5
6. Right to be informed
You have the right to ask us to confirm whether personal data relating to you are processed by us. If this is the case, you have a right to information about your personal data stored by us in accordance with Article 15 GDPR. This includes in particular information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or shall be disclosed, the planned retention period, and the origin of your data, should the latter not have been collected from you directly.
7. Right to rectification
You have a right to have inaccurate data rectified and to have incomplete data completed in accordance with Article 16 GDPR.
8. Right to erasure
You have the right to the erasure of your personal data stored by us in accordance with Article 17 GDPR, unless this is precluded by legal or contractual retention periods or other legal obligations or rights relating to continued retention.
9. Right to restriction
You have the right to request a restriction in the processing of your personal data if any of the requirements in Article 18, 1, a to d GDPR is fulfilled:
• if you contest the accuracy of the personal
data relating to you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of personal data and request the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims, or
• if you object to the processing in accordance with Article 21, 1 GDPR pending verification whether the legitimate grounds of the controller override your grounds.
10. Right to data portability
You have the right to data portability in accordance with Article 20 GDPR which means that you can receive the personal data concerning you that is stored by us in a structured, commonly used and machine-readable format or that you can request transmission to another controller.
11. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. As a rule, you can lodge your complaint with the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Data security
We have adopted appropriate technical and organisational measures in order to protect all personal data that are transmitted to us and to ensure that both we and our external service providers comply with the privacy regulations. This includes the encrypted transmission of all data between your browser and our server via a secure SSL connection.
Version: 05.08.2018
All rights reserved.