Privacy policy and authorization for data usage

Data protection is a matter of trust and your trust is important to us. When processing your personal data, we strictly observe the statutory provisions. With the following data protection information, we would like to give you an overview of the processing of personal data held at Estably Asset Management Ltd. (hereinafter referred to as EST) and the resulting rights in accordance with the provisions of the new Basic Data Protection Regulation of the EU (GDPR) and the Data Protection Act (DSG). Which data is processed in detail and how it is used depends to a large extent on the services and products to be provided or agreed in each case. Due to banking secrecy, EST is obliged to protect your privacy and secrecy and for this reason takes a variety of technical and organisational data protection precautions for all data processing of personal data.

Within the framework of our business relationship, we are dependent on the processing of personal data which is necessary for the establishment and execution of the business relationship and the fulfilment of the associated legal or contractual obligations as well as for the provision of services or the execution of orders. Without this data, we will generally not be able to enter or maintain a business relationship, process an order or offer services and products.

Should you have any questions regarding individual data processing operations or wish to exercise your rights as described in point 5 below, please contact:

Responsible institution:

Estably Asset Management Ltd

Schaanerstrasse 29

9490 Vaduz

Liechtenstein

Phone: +423 220 29 70

Contact details of the data protection officer:

Estably Asset Management Ltd

Data protection officer

Schaanerstrasse 29

9490 Vaduz

Liechtenstein

Phone: +423 220 29 70

Which data are processed (data categories) and from which sources do they originate?

We collect and process personal data that we receive within the scope of our business relationship with our clients. Personal data may be processed at any stage of the business relationship and may vary from person to person.

In principle, we process personal data that you provide to us by means of submitted contracts, forms, your correspondence or other documents. If necessary for the provision of the service, we also process personal data which arises or is transmitted as a result of the use of products or services or which we have received from third parties (e.g. your custodian bank, the identification service provider), from public authorities (e.g. UN and EU sanctions lists). Finally, personal data may be processed from publicly accessible sources (e.g. trade and association registers, press, Internet).

In addition to customer data, we may also process personal data of other third parties involved in the business relationship, such as data of agents, representatives or beneficial owners of a business relationship. We would ask you to also inform any third parties about this data protection information. By personal data we mean the following categories of data:

Master data

  • personal details (e.g. name, date of birth, nationality)
  • Address and contact data (e.g. physical address, telephone number, e-mail address)
  • legitimation data (e.g. passport or identity card data) and
  • Authentication data (e.g. signature sample, log-in information)
  • data from publicly available sources (e.g. tax numbers)

 Further basic data

  • Information on services and products used (e.g. investment experience and profile, advice protocols, data on transactions executed)
  • Information on household structure and relationships (e.g. information on spouses or life partners and other family details, authorised signatories, legal representatives)
  • Information on financial characteristics and financial situation (e.g. portfolio and account number, creditworthiness data, origin of assets)
  • Information about professional and personal background (e.g. professional activity, hobbies, wishes, preferences)
  • Technical data and information on electronic traffic with EST (e.g. records of accesses or changes)
  • image and sound files (e.g. video or telephone recordings)

For what purposes and on what legal basis will your data be processed?

We process personal data in accordance with the provisions of the GDPR and the DSG for the following purposes or on the basis of the following legal bases:

To fulfil a contract or to carry out pre-contractual measures within the framework of the provision and brokerage of asset management, investment advice and other financial services which may be provided by EST.  The purposes of data processing depend primarily on the specific service or product (e.g. securities) and may include, but are not limited to, demand analyses, advice, asset management and the execution of transactions.

To fulfil legal obligations or in the public interest, in particular compliance with legal and supervisory requirements (e.g. compliance with the GDPR, the DSG, the Asset Management Act and Regulations), due diligence and anti-money laundering regulations, market abuse regulations, tax laws and agreements, control and reporting obligations, risk management). If you do not provide us with the necessary data, we will have to fulfil the relevant supervisory obligations and may be forced to terminate the business relationship.

In order to protect the legitimate interests of us or third parties for concretely defined purposes, in particular to determine creditworthiness, pursue claims, product development, marketing and advertising, business audits and risk management, reporting, statistics and planning, prevention and clarification of criminal offences, video surveillance to protect the right of domicile and avert danger, telephone recordings.

Based on your consent, which you have given us for the provision of asset management services or on the basis of orders such as the disclosure of data to service providers or contract partners of EST. You have the right to revoke your consent at any time. This also applies to the revocation of declarations of consent issued to EST before the GDPR came into force, i.e. before 25 May 2018.

The revocation of your consent is only effective for the future and does not affect the legality of the data processed until the revocation.

We reserve the right to process personal data collected for one of the above purposes for other purposes as well, if this is compatible with the original purpose or permitted or prescribed by law (e.g. reporting obligations).

Who gets access to the personal data and how long is it stored?

Access to your data can be both inside and outside EST. Within EST, only entities or employees may process your data if they need it to fulfil our contractual, legal and regulatory obligations and to safeguard legitimate interests. Other companies, service providers or vicarious agents may also receive personal data for these purposes in compliance with the relevant statutory provisions. Contract processors may be companies in the categories of asset management services, distribution agreements, IT services, logistics, printing services, consulting, sales and marketing. Furthermore, recipients of your data in this context may be other financial services institutions or comparable institutions to which we transfer personal data for the purpose of conducting the business relationship (e.g. custodian banks, brokers, stock exchanges, information centres).

If there is a legal or supervisory obligation, public bodies and institutions (e.g. supervisory authorities, financial authorities, etc.) may also receive your personal data. Data may only be transferred to countries outside the EU or the EEA (so-called third countries) if

  • this is necessary for the execution of pre-contractual measures or for the performance of a contract, for the provision of services or for the execution of orders (e.g. securities transactions)
  • you have given us your consent
  • this is necessary for important reasons of public interest (e.g. prevention of money laundering) or
  • this is required by law (e.g. transaction reporting obligations).

However, these are only countries for which the EU Commission has decided that they have an adequate level of data protection (such as Switzerland) or we apply measures to ensure that all recipients have an adequate level of data protection. To this end, in each case we conduct a risk assessment of the rule of law principles of the country in which the personal data is to be transferred and, if appropriate risks exist, supplement the standard data protection clauses with additional clauses or safeguards to effectively ensure the protection of the data in the destination country. These standard data protection clauses are available upon request.

We process and store the personal data for the entire duration of the business relationship, unless there are shorter mandatory deletion obligations for certain data.

In addition, the duration of the storage depends on the necessity and purpose of the respective data processing. If the data are no longer necessary for the fulfilment of contractual or legal obligations or for the protection of our legitimate interests (achievement of purpose) or if a consent given is revoked, they are deleted regularly, unless further processing is necessary due to the contractual or legal retention periods and documentation obligations or for reasons of preservation of evidence during the duration of the applicable statute of limitations.

Is there an automated decision making process including profiling?

Some of our decisions are based on automated processing of personal data. There are business areas in which personal data is partly processed automatically. This is done with the aim of assessing certain personal aspects where we are required by law or regulation (e.g. prevention of money laundering), to analyse requirements for services and products, and as part of risk management.

A suitable investment strategy is determined on the basis of your investment objectives (including your willingness to take risks, your risk-bearing capacity and your knowledge and experience of securities). This determination is based exclusively on automated decision-making.

We partially process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling to provide you with targeted information and advice on products. The evaluation tools used for this purpose enable us to communicate and advertise according to your needs.

What data protection rights do you have?

With regard to the personal data concerning you, you are entitled to the following data protection rights in accordance with the GDPR (Art. 7, Art. 15 to 21):

  • Right of access: you may request information from EST as to whether and to what extent personal data about you are processed (e.g. categories of personal data processed, purpose of processing, etc.).
  • Right to rectification, erasure and restriction of processing: you have the right to request that inaccurate or incomplete personal data concerning you be rectified. In addition, your personal data must be deleted if this data is no longer necessary for the purposes for which it was collected or processed, you have withdrawn your consent or this data is processed unlawfully. Furthermore, you have the right to request the restriction of the processing.
  • Right of withdrawal: you have the right to withdraw your consent to the processing of personal data concerning you for one or more specific purposes at any time, if the processing is based on your explicit consent. This also applies to the revocation of declarations of consent given prior to the applicability of the GDPR, i.e. prior to May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. Also, the revocation does not affect data processing on any other legal basis.
  • Right to data portability: you have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format and to have this data transferred to another controller.
  • Right to object: you have the right to object informally to data processing in individual cases for reasons arising from your particular situation, provided that the processing is in the public interest or is carried out to protect the legitimate interests of EST or a third party. In addition, you have the right to object informally to the use of personal data for advertising purposes. If you object to the processing of your personal data for direct marketing, we will no longer process your personal data for this purpose.
  • Right of appeal: you have the right to lodge a complaint with the competent Liechtenstein supervisory authority. You may also contact another supervisory authority in an EU or EEA member state, for example, in your place of residence or work or in the place of the alleged breach.

The contact details of the competent data protection authority in Liechtenstein are as follows:

Liechtenstein Data Protection Authority

Städtle 38

FL-9490 Vaduz

Principality of Liechtenstein

Telephone no. + 423 236 60 90

E-mail: [email protected]

Requests for information or objections should preferably be made in writing to the Data Protection Officer. He is also available as a contact person for all other data protection matters.

Provision of the website and creation of log files

Analysis tools and third-party tools

When visiting this website, your surfing behavior may be statistically analyzed. This is done primarily with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy:

Hosting and Content Delivery Networks (CDN)

We host our content with the following providers:

Hosting with AWS Web Services

We host our CRM software on AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter: AWS).

If you register on our website by clicking on the button “Become a customer” or log in as a customer, your personal data will be processed within the framework of our CRM software on the servers of AWS. Only regions located in the EU or the EEA have been explicitly named as storage locations in the contract with AWS. For its part, AWS uses sub-service providers for data processing, in particular Amazon.com Inc. based in Seattle/USA, which is why personal data may be transferred to the parent company of AWS in the USA. However, there is an adequate level of data protection for data transfers and processing by or to Amazon.com Inc. in the USA on the basis of a data protection agreement issued by the EU Commission in accordance with the review procedure under Art. 93(2) DSGVO (so-called EU Standard Contractual Clauses). The Data Processing Addendum provides customers with the assurance that AWS will treat customers’ data according to the same high security and data protection standards that they would receive in the EU. All data is encrypted and stored according to the current state of the art.

A corresponding contract on commissioned processing has been concluded between Estably and Amazon Web Services EMEA SARL. Amazon Web Services EMEA SARL is thus not authorized to process the personal data of our customers beyond our instructions. You can find the necessary details about this under: https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/

For more information, please see AWS’s privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr.

The use of AWS is based on Art. 6 para. 1 lit. b DSGVO.

External hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of contract fulfillment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Our hoster(s) will only process your data to the extent necessary to fulfill their service obligations and follow our instructions regarding this data.

We use the following hoster(s):

Raidboxes GmbH
Hafenstraße 32
DE – 48153 Münster

Order processing

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website through Cloudflare’s network. This enables Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. In doing so, Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described herein.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f DSGVO).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

You can find more information about security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/.

Order processing

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

General information and mandatory information

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising e-mails

We hereby object to the use of contact data published within the framework of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this and other questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
address given in the imprint. Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
  • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to advertising e-mails

The use of contact data published within the framework of the imprint obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Recording of data on this website

Our Internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

Consent with Borlabs Cookie

Our website uses the Borlabs Cookie Consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not shared with the Borlabs cookie provider.

The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found under https://borlabs.io/kb/what-information-does-borlabs-cookie-store/

The use of Borlabs cookie consent technology takes place in order to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

Contact form

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.

Request by e-mail, phone, or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

Communication via WhatsApp

For communication with our customers and other third parties, we use, among other things, the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp obtains access to metadata that is created in the course of the communication process (e.g. sender, recipient and time). We would also like to point out that WhatsApp, according to its own statement, shares personal data of its users with its parent company Meta, which is based in the USA. Further details on data processing can be found in WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

WhatsApp is used on the basis of our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties and other business and contractual partners (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent has been requested, the data processing is based exclusively on the consent; this can be revoked at any time with effect for the future.

The communication content exchanged between and on WhatsApp remains with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after processing your request has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.

We use WhatsApp in the “WhatsApp Business” variant.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have set our WhatsApp accounts so that it does not automatically match data with the address book on the smartphones in use.

Registration on this website

You can register on this website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes, for example in the scope of the offer or for technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b DSGVO).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

Social media

Facebook

Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/.

When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information on this, please refer to Facebook’s privacy policy at: https://www.facebook.com/privacy/policy/

Insofar as consent has been obtained, the above-mentioned service is used on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendumhttps://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Analysis tools and advertising

Google Analytics

You would like to opt out of Google Analytics directly? Then just use this option:

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is assigned to the respective end device of the user. An assignment to a user ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

You can find more information on the handling of user data at Google Analytics in the Google privacy policy: https://support.google.com/analytics/answer/6004245

Order processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-commerce Measurement

This website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product. This data can be summarized by Google under a transaction ID, which is assigned to the respective user or their device.

Hotjar

This website uses Hotjar. Provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe

(Website: https://www.hotjar.com).

Hotjar is a tool for analyzing your user behavior on this website. With Hotjar, we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you have remained with the mouse pointer in a certain place. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator’s web offerings.

Hotjar uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or use of device fingerprinting).

Insofar as consent has been obtained, the use of the aforementioned service is based exclusively on Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f DSGVO; the website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising.

Disable Hotjar

If you want to disable data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/

Please note that Hotjar must be deactivated separately for each browser or end device.

For more information about Hotjar and the data it collects, please see Hotjar’s privacy policy at the following link: https://www.hotjar.com/privacy

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behavior of page visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook-Data Usage Policy. This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. This use of data cannot be influenced by us as the site operator.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

You can find more information about protecting your privacy in Facebook’s privacy policy: https://facebook.com/about/privacy/.

You can also use the Custom Audiences remarketing feature in the Ad Settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen deactivate. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can opt-out of usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.

Mailchimp

This website uses the services of Mailchimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. When you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on Mailchimp’s servers in the USA.

With the help of Mailchimp, we can analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (so-called web-beacon) connects to Mailchimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want any analysis by Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you have provided to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

For more details, please refer to Mailchimp’s privacy policy at: https://mailchimp.com/legal/terms/.

Plug-ins and Tools

Vimeo

This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognize website visitors.

The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.

For more information on the handling of user data, please refer to Vimeo’s privacy policy at: https://vimeo.com/privacy.

Google Fonts

This page uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google’s servers. This enables Google to know that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

If your browser does not support Google Fonts, a default font is used by your computer.

For more information about Google Fonts, see

https://developers.google.com/fonts/faq and in the privacy policy of Google: https://policies.google.com/privacy

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on the handling of user data can be found in the privacy policy of Google: https://policies.google.com/privacy

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to verify whether data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy and https://policies.google.com/terms

Wordfence

We have integrated Wordfence into this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence is used to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made to our website and block them if necessary.

The use of Wordfence is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

Order processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Online marketing and partner programs

Affiliate programs on this website

We participate in affiliate partner programs. In affiliate partner programs, advertisements of a company (advertiser) are placed on websites of other companies in the affiliate partner network (publisher). If you click on one of these affiliate ads, you will be redirected to the advertised offer. If you subsequently make a certain transaction (conversion), the publisher receives remuneration for this. In order to calculate this remuneration, it is necessary for the affiliate network operator to be able to track via which ad you came to the respective offer and made the predefined transaction. Cookies or comparable recognition technologies (e.g. device fingerprinting) are used for this purpose.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the correct calculation of its affiliate remuneration. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

We participate in the following affiliate programs:

financeAds GmbH & Co. KG | Karlstraße 9 | 90403 Nuremberg, Germany
Adtraction Germany GmbH | Oderberger Str. 13 |10435 Berlin
FinanceQuality.net is a service of Netzeffekt GmbH | netzeffekt GmbH | Agnes-Bernauer-Strasse 90 | 80687 Munich, Germany

Opt Out und Cookie Einstellungen einsehen