Privacy policy and authorization for data usage
Data protection is a matter of trust and your trust is important to us. When processing your personal data, we strictly observe the statutory provisions. With the following data protection information, we would like to give you an overview of the processing of personal data held at Estably Asset Management Ltd. (hereinafter referred to as EST) and the resulting rights in accordance with the provisions of the new Basic Data Protection Regulation of the EU (GDPR) and the Data Protection Act (DSG). Which data is processed in detail and how it is used depends to a large extent on the services and products to be provided or agreed in each case. Due to banking secrecy, EST is obliged to protect your privacy and secrecy and for this reason takes a variety of technical and organisational data protection precautions for all data processing of personal data.
Within the framework of our business relationship, we are dependent on the processing of personal data which is necessary for the establishment and execution of the business relationship and the fulfilment of the associated legal or contractual obligations as well as for the provision of services or the execution of orders. Without this data, we will generally not be able to enter or maintain a business relationship, process an order or offer services and products.
Should you have any questions regarding individual data processing operations or wish to exercise your rights as described in point 5 below, please contact:
Responsible institution:
Estably Asset Management Ltd
Schaanerstrasse 29
9490 Vaduz
Liechtenstein
Phone: +423 220 29 70
Contact details of the data protection officer:
Estably Asset Management Ltd
Data protection officer
Schaanerstrasse 29
9490 Vaduz
Liechtenstein
Phone: +423 220 29 70
Which data are processed (data categories) and from which sources do they originate?
We collect and process personal data that we receive within the scope of our business relationship with our clients. Personal data may be processed at any stage of the business relationship and may vary from person to person.
In principle, we process personal data that you provide to us by means of submitted contracts, forms, your correspondence or other documents. If necessary for the provision of the service, we also process personal data which arises or is transmitted as a result of the use of products or services or which we have received from third parties (e.g. your custodian bank, the identification service provider), from public authorities (e.g. UN and EU sanctions lists). Finally, personal data may be processed from publicly accessible sources (e.g. trade and association registers, press, Internet).
In addition to customer data, we may also process personal data of other third parties involved in the business relationship, such as data of agents, representatives or beneficial owners of a business relationship. We would ask you to also inform any third parties about this data protection information. By personal data we mean the following categories of data:
Master data
- personal details (e.g. name, date of birth, nationality)
- Address and contact data (e.g. physical address, telephone number, e-mail address)
- legitimation data (e.g. passport or identity card data) and
- Authentication data (e.g. signature sample, log-in information)
- data from publicly available sources (e.g. tax numbers)
Further basic data
- Information on services and products used (e.g. investment experience and profile, advice protocols, data on transactions executed)
- Information on household structure and relationships (e.g. information on spouses or life partners and other family details, authorised signatories, legal representatives)
- Information on financial characteristics and financial situation (e.g. portfolio and account number, creditworthiness data, origin of assets)
- Information about professional and personal background (e.g. professional activity, hobbies, wishes, preferences)
- Technical data and information on electronic traffic with EST (e.g. records of accesses or changes)
- image and sound files (e.g. video or telephone recordings)
For what purposes and on what legal basis will your data be processed?
We process personal data in accordance with the provisions of the GDPR and the DSG for the following purposes or on the basis of the following legal bases:
To fulfil a contract or to carry out pre-contractual measures within the framework of the provision and brokerage of asset management, investment advice and other financial services which may be provided by EST. The purposes of data processing depend primarily on the specific service or product (e.g. securities) and may include, but are not limited to, demand analyses, advice, asset management and the execution of transactions.
To fulfil legal obligations or in the public interest, in particular compliance with legal and supervisory requirements (e.g. compliance with the GDPR, the DSG, the Asset Management Act and Regulations), due diligence and anti-money laundering regulations, market abuse regulations, tax laws and agreements, control and reporting obligations, risk management). If you do not provide us with the necessary data, we will have to fulfil the relevant supervisory obligations and may be forced to terminate the business relationship.
In order to protect the legitimate interests of us or third parties for concretely defined purposes, in particular to determine creditworthiness, pursue claims, product development, marketing and advertising, business audits and risk management, reporting, statistics and planning, prevention and clarification of criminal offences, video surveillance to protect the right of domicile and avert danger, telephone recordings.
Based on your consent, which you have given us for the provision of asset management services or on the basis of orders such as the disclosure of data to service providers or contract partners of EST. You have the right to revoke your consent at any time. This also applies to the revocation of declarations of consent issued to EST before the GDPR came into force, i.e. before 25 May 2018.
The revocation of your consent is only effective for the future and does not affect the legality of the data processed until the revocation.
We reserve the right to process personal data collected for one of the above purposes for other purposes as well, if this is compatible with the original purpose or permitted or prescribed by law (e.g. reporting obligations).
Who gets access to the personal data and how long is it stored?
Who gets access to the personal data and how long is it stored?
Access to your data can be both inside and outside EST. Within EST, only entities or employees may process your data if they need it to fulfil our contractual, legal and regulatory obligations and to safeguard legitimate interests. Other companies, service providers or vicarious agents may also receive personal data for these purposes in compliance with the relevant statutory provisions. Contract processors may be companies in the categories of asset management services, distribution agreements, IT services, logistics, printing services, consulting, sales and marketing. Furthermore, recipients of your data in this context may be other financial services institutions or comparable institutions to which we transfer personal data for the purpose of conducting the business relationship (e.g. custodian banks, brokers, stock exchanges, information centres).
If there is a legal or supervisory obligation, public bodies and institutions (e.g. supervisory authorities, financial authorities, etc.) may also receive your personal data. Data may only be transferred to countries outside the EU or the EEA (so-called third countries) if
- this is necessary for the execution of pre-contractual measures or for the performance of a contract, for the provision of services or for the execution of orders (e.g. securities transactions)
- you have given us your consent
- this is necessary for important reasons of public interest (e.g. prevention of money laundering) or
- this is required by law (e.g. transaction reporting obligations).
However, these are only countries for which the EU Commission has decided that they have an adequate level of data protection (such as Switzerland) or we apply measures to ensure that all recipients have an adequate level of data protection. To this end, in each case we conduct a risk assessment of the rule of law principles of the country in which the personal data is to be transferred and, if appropriate risks exist, supplement the standard data protection clauses with additional clauses or safeguards to effectively ensure the protection of the data in the destination country. These standard data protection clauses are available upon request.
We process and store the personal data for the entire duration of the business relationship, unless there are shorter mandatory deletion obligations for certain data.
In addition, the duration of the storage depends on the necessity and purpose of the respective data processing. If the data are no longer necessary for the fulfilment of contractual or legal obligations or for the protection of our legitimate interests (achievement of purpose) or if a consent given is revoked, they are deleted regularly, unless further processing is necessary due to the contractual or legal retention periods and documentation obligations or for reasons of preservation of evidence during the duration of the applicable statute of limitations.
Is there an automated decision making process including profiling?
Some of our decisions are based on automated processing of personal data. There are business areas in which personal data is partly processed automatically. This is done with the aim of assessing certain personal aspects where we are required by law or regulation (e.g. prevention of money laundering), to analyse requirements for services and products, and as part of risk management.
A suitable investment strategy is determined on the basis of your investment objectives (including your willingness to take risks, your risk-bearing capacity and your knowledge and experience of securities). This determination is based exclusively on automated decision-making.
We partially process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling to provide you with targeted information and advice on products. The evaluation tools used for this purpose enable us to communicate and advertise according to your needs.
What data protection rights do you have?
With regard to the personal data concerning you, you are entitled to the following data protection rights in accordance with the GDPR (Art. 7, Art. 15 to 21):
- Right of access: you may request information from EST as to whether and to what extent personal data about you are processed (e.g. categories of personal data processed, purpose of processing, etc.).
- Right to rectification, erasure and restriction of processing: you have the right to request that inaccurate or incomplete personal data concerning you be rectified. In addition, your personal data must be deleted if this data is no longer necessary for the purposes for which it was collected or processed, you have withdrawn your consent or this data is processed unlawfully. Furthermore, you have the right to request the restriction of the processing.
- Right of withdrawal: you have the right to withdraw your consent to the processing of personal data concerning you for one or more specific purposes at any time, if the processing is based on your explicit consent. This also applies to the revocation of declarations of consent given prior to the applicability of the GDPR, i.e. prior to May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. Also, the revocation does not affect data processing on any other legal basis.
- Right to data portability: you have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format and to have this data transferred to another controller.
- Right to object: you have the right to object informally to data processing in individual cases for reasons arising from your particular situation, provided that the processing is in the public interest or is carried out to protect the legitimate interests of EST or a third party. In addition, you have the right to object informally to the use of personal data for advertising purposes. If you object to the processing of your personal data for direct marketing, we will no longer process your personal data for this purpose.
- Right of appeal: you have the right to lodge a complaint with the competent Liechtenstein supervisory authority. You may also contact another supervisory authority in an EU or EEA member state, for example, in your place of residence or work or in the place of the alleged breach.
The contact details of the competent data protection authority in Liechtenstein are as follows:
Liechtenstein Data Protection Authority
Städtle 38
FL-9490 Vaduz
Principality of Liechtenstein
Telephone no. + 423 236 60 90
E-mail: [email protected]
Requests for information or objections should preferably be made in writing to the Data Protection Officer. He is also available as a contact person for all other data protection matters.
Provision of the website and creation of log files
General information and mandatory information
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to advertising e-mails
We hereby object to the use of contact data published within the framework of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this and other questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
address given in the imprint. Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
- If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Objection to advertising e-mails
The use of contact data published within the framework of the imprint obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
Recording of data on this website
- Facebook name
- Facebook profile and cover picture
- Facebook cover picture
- Email address stored on Facebook
- Facebook ID
- Facebook friend lists
- Facebook Likes (“Like” information)
- Birthday
- Gender
- Country
- language
Social media
Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/.
When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information on this, please refer to Facebook’s privacy policy at: https://www.facebook.com/privacy/policy/
Insofar as consent has been obtained, the above-mentioned service is used on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
Analysis tools and advertising
Google Analytics
Would you like to opt out of Google Analytics directly? Then simply use this option:
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user’s end device. It is not assigned to a user ID.
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Data processing
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics E-commerce measurement
This website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.
Hotjar
This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool for analysing your user behaviour on this website. Hotjar allows us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a certain place. Hotjar uses this information to create so-called heat maps, which can be used to determine which website areas are favoured by website visitors.
We can also determine how long you stayed on a page and when you left it. We can also determine at which point you cancelled your entries in a contact form (so-called conversion funnels).
In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator’s web offerings.
Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting).
If consent has been obtained, the aforementioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
Deactivating Hotjar
If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/
Please note that Hotjar must be deactivated separately for each browser or end device.
For more information about Hotjar and the data collected, please refer to Hotjar’s privacy policy at the following link: https://www.hotjar.com/privacy
Clarity
This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as “Clarity”).
Clarity is a tool for analysing user behaviour on this website. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behaviour within our website.
Clarity uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.
If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective user analysis.
Further details on Clarity’s data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Facebook Pixel
This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
If personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the remarketing function “Custom Audiences” in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
can be transmitted.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Google conversion tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of Google Conversion Tracking is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
You can find more information about Google Conversion Tracking in the privacy policy of
Google: https://policies.google.com/privacy?hl=de
IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in10 / 17 exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Demographic characteristics with Google Analytics
This website uses the “demographic characteristics” function of Google Analytics in order to be able to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”
Data storage duration
Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de
Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.
Mailchimp
This website uses the services of Mailchimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Mailchimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. When you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on Mailchimp’s servers in the USA.
With the help of Mailchimp, we can analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (so-called web-beacon) connects to Mailchimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want any analysis by Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you have provided to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.
For more details, please refer to Mailchimp’s privacy policy at: https://mailchimp.com/legal/terms/.
Plug-ins and Tools
Vimeo
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages featuring a Vimeo video, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognize website visitors.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. You can find details here: https://vimeo.com/privacy.
Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.
Google Fonts
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This informs Google that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
If your browser does not support Google Fonts, a standard font will be used by your computer.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
Wordfence
We have integrated Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).
Wordfence serves to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made on our website and block them if necessary.
Wordfence is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.
Data processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Online marketing and affiliate programs
Affiliate programs on this website
We participate in affiliate partner programs. In affiliate partner programs, advertisements from one company (advertiser) are placed on websites of other companies in the affiliate partner network (publisher). If you click on one of these affiliate advertisements, you will be redirected to the advertised offer. If you subsequently make a certain transaction (conversion), the publisher receives a fee for this. In order to calculate this remuneration, it is necessary for the affiliate network operator to be able to track which advertisement referred you to the respective offer and which predefined transaction you carried out. Cookies or comparable recognition technologies (e.g. device fingerprinting) are used for this purpose.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the correct calculation of its affiliate remuneration. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
We participate in the following affiliate programs:
Affiliate partner programs:
financeAds GmbH & Co. KG | Karlstraße 9 | 90403 Nuremberg
Adtraction Deutschland GmbH | Oderberger Str. 13 | 10435 Berlin
FinanceQuality.net is a service of Netzeffekt GmbH | netzeffekt GmbH | Agnes-Bernauer-Straße 90 | 80687 Munich
eCommerce and payment provider
Processing of customer and contract data
We collect, process and use personal customer and contract data to establish, structure and amend our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.
