1. Information about the collection of personal data
1.1 In this data protection declaration, we inform you about the collection of personal data from you as a data subject and the processing in the context of the use of our website. In this context, personal data is all information that relates to an identified or identifiable natural person, such as name, address, e-mail addresses, user behavior. The processing of data means, in particular, its collection, storage, use and transmission.
1.2 The responsible party for data processing is:
Apaton Finance GmbH
Ellernstr. 34
30175 Hannover
Germany
Phone: +49 511 6768-731
Fax: +49 511 6768-730
E-mail: office@apaton.com
1.3 You can reach our data protection officer at:
Data Protection Officer
Apaton Finance GmbH
Ellernstr. 34
30175 Hannover
Germany
Phone: +49 511 6768-731
Fax: +49 511 6768-73
E-mail: datenschutz@apaton.com
2. Collection of personal data when visiting our website
2.1 General
When you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser automatically transmits to our server. If you wish to view our website, we, therefore, collect the following data in this way, which is technically necessary for us and the purpose of which is to enable the delivery of the website to your computer, to display our website to you and to ensure stability and security:
· IP address
· Hostname of the accessing computer
· Date and time of the server request
· Time zone difference to Greenwich Mean Time (GMT)
· Content of the request (specific page)
· Access status/HTTP status code
· Amount of data transferred in each case
· Web page from which the request comes
· Browser type and browser version
· Operating system used
· Language and version of the browser software
This data is stored in so-called server log files.
The legal basis of the processing in this regard is Art. 6 para. 1 S. 1 lit. f GDPR. The legitimate interest here lies in the delivery of the website to the user’s computer and the proper display of the website.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of this data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. Consequently, the user cannot object.
2.2 Cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard drive – assigned to the browser you are using – and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve the purpose of making the Internet offering as a whole more user-friendly and effective.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 S. 1 lit. f GDPR.
2.2.1 Use of cookies
This website uses the following types of cookies, the scope and functionality of which are explained below:
Transient cookies (see 2.2.2).
Persistent cookies (see 2.2.3)
2.2.2 Transient cookies are automatically deleted when you close the browser. These include, in particular, the so-called session cookies. These store a session ID with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
2.2.3 Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
2.2.4 You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that you may not be able to use all functions of our website in this case.
2.2.5 We use cookies to identify you for subsequent visits.
2.3 Option to object to and remove all services that use cookies
2.3.1 Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, you also have complete control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your Internet browser. You can delete cookies that have already been stored at any time. This can also be done automatically. If you deactivate cookies for our website, you may no longer be able to use our website’s functions fully.
2.3.2 Below, you will find links where you can find out how to manage and also deactivate cookies for some of the most well-known browsers:
Mozilla Firefox:
https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Internet Explorer:
https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Chrome Browser:
https://support.google.com/accounts/answer/61416?hl=de
3. Further functions and offers of our website and related data processing
3.1 In addition to the possibility of purely informational use of our website, we offer other services that you can use if you are interested. For this purpose, you usually have to provide further personal data, which we use to provide the service.
3.2 Contact via e-mail and mail
On our website, we offer the option of contacting us via an e-mail address provided by us. In this case, the personal data transmitted by you with the e-mail will be stored. In any case, this is your e-mail address. Furthermore, you can contact us by post via our postal address. In this context, too, the data you send us by post will be stored. This includes, for example, your address.
When you contact us, the data you provide will be processed by us exclusively for the purpose of handling your contact. In connection with this data processing, the data will not be passed on to third parties.
If you send us an e-mail or contact us by post, the legal basis for the processing is Art. 6 para. 1 S. 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis of the processing is Art. 6 para. 1 S. 1 lit. b GDPR.
We delete the data accruing in this context when they are no longer required to achieve the purpose. For the personal data sent by you by e-mail or post, this is the case when the respective conversation has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
If you have contacted us by e-mail or post, you can object to the storage of your personal data. You can address your revocation or objection to the contact data mentioned in section 1.2.
Please note that in such a case, the conversation cannot be continued and must be terminated. We will then delete the data transmitted and stored in the course of the contact.
3.3 Newsletter
On our website, we offer you the possibility to subscribe to free newsletters. With this, we would like to inform you about our current interesting offers.
The data is entered in the template, transmitted to us and stored. Your data will not be passed on to third parties. The data will be used exclusively for sending the newsletter. As part of the registration process, we ask for the following: Last name, first name, company, function in the company, and your e-mail address. The provision of further data not marked with a red asterisk is voluntary and used to address you more personally and better meet your needs. Furthermore, in addition to your IP address, the time of registration is also stored.
As part of the submission process, we obtain consent from you and refer to this privacy policy.
For the registration to a newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the specified e-mail address, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within one week, your information will be blocked and automatically deleted after one month. The purpose of the procedure is to prove your registration and to be able to clarify any possible misuse of your personal data.
The legal basis for the processing is Art. 6 para. 1 S. 1 lit. a GDPR.
We delete the data as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your e-mail address will be stored as long as the subscription to the newsletter is active.
You can revoke your consent to send the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to datenschutz@apaton.com or by sending a message to the contact details provided in the imprint.
3.4 Registration for conferences
We offer you the opportunity to register to attend the IIF – International Investment Forum on our website.
As part of the registration process, we ask you for various personal data. Mandatory data are: Title, first name, last name, company, function in the company, postal code, city, street and house number, e-mail address, and, if available, the press card number. The provision of further data not marked with a red asterisk is voluntary. For example, providing your telephone number makes it easier for us to contact you. Furthermore, in addition to your IP address, the time of registration is also stored. By registering for our IIF – International Investment Forum, you also give us permission to store your data beyond the conference and to share it with the presenting companies and the IIF partners.
Your data will be entered into a template and transmitted to us, and stored. The purpose of the data processing is your registration and subsequent participation in the aforementioned conferences and their organization and implementation. In addition, the data may be used by us and our cooperation partners of the IIF to contact you – especially for invitations to the further events. In addition, your visits to individual events and company presentations, analyst events, workshops and lectures within the scope of the respective conference are recorded for statistical purposes.
The legal basis for the processing is the initiation and implementation of a contractual relationship according to Art. 6 (1) S. 1 lit. b GDPR. With regard to the statistical recording of your participation, the legal basis is a legitimate interest on our part according to Art. 6 (1) S. 1 lit. f GDPR. The legitimate interest here is to continuously improve the respective conference by recording the specific participation and thus to make it even more interesting for the participants.
You must provide us with the data we request as mandatory information. This information is required for participation in the conference. Registration and subsequent participation cannot take place without this information.
Your data will only be passed on if necessary for the processing, particularly for the organization and implementation of the conference for which you have registered. Recipients of this data are, in particular, service providers. In addition, the presenting companies, speakers, sponsors and event partners have an interest in contacting participants of the audience. Therefore, upon request, the data will be shared with the following categories of recipients: organizers Apaton Group and GBC Group, presenting companies, speakers as well as sponsors and event partners of the conferences.
We delete your data as soon as it is no longer required to achieve the purpose for which it was collected. If you give us your consent to further storage and use of your data, we will delete it as soon as you revoke the consent you have given us. Please note, however, that legal obligations, such as compliance with retention periods may prevent deletion. Retention periods based on commercial and tax regulations are up to 10 years. However, the processing of your data is then restricted and only takes place for these purposes.
In some cases, we use external service providers to process your data, in particular for the organization and implementation of the conferences. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. These are order processors who have concluded a corresponding contract with us in accordance with Art. 28 GDPR.
4. Use of social media plug-ins
We currently use the following social media plug-ins: Pinterest. In doing so, we use the so-called two-click solution, in which they must first consent. That means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the plug-in provider by the mark on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the plug-in provider via the button. If you click on the marked box and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding web page of our online offer. In addition, the data mentioned in section 2 of this declaration is transmitted. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
The legal basis for the use of the plug-ins is Art. 6 para. 1 S. 1 lit. a GDPR.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses them for advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for non-logged-in users) to display needs-based advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users to improve our offer and make it more interesting for you as a user.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button. This allows you to avoid an assignment to your profile with the plug-in provider.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There, you will also receive further information about your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA; https://policy.pinterest.com/de/privacy-policy. Pinterest has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
5. Integration of Google Fonts
We use the so-called Google Fonts on our website. These are external fonts provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
An interface (“API”) to the Google services is used to integrate the Google Fonts on our website. As a result of the integration of Google Fonts, Google can collect and process information, possibly also personal data. It cannot be excluded that Google transmits the collected information and data to a server located in a third country.
We do not collect any data in the context of providing Google Fonts.
The legal basis for the use is Art. 6 para. 1 S. 1 lit. f GDPR.
By integrating Google Fonts, we can display uniform fonts on your end device, keep our website’s quality high, and present the internet presence in a uniform and as aesthetically pleasing manner as possible. The design effort is less than if we had to resort to font standards of different operating systems or browsers with their own graphically adapted web pages and respond.
Further information on data use by Google, setting and objection options can be obtained on Google’s websites at https://policies.google.com/technologies/partner-sites?hl=de (data use by Google when you use websites or apps of our partners), http://www.google.com/policies/technologies/ads (data use for advertising purposes) and http://www.google.de/settings/ads (manage information that Google uses to display advertising to you). Guidance on Google’s privacy settings can be found at https://safety.google/privacy/. Google also processes your data in the US and has submitted it to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
6. Integration of Font Awesome
This site uses so-called web fonts provided by Fonticons, Inc. for the uniform display of fonts.
When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must establish a connection to the servers of Fonticons, Inc. This enables Fonticons, Inc. to know that our website has been accessed via your IP address.
If your browser does not support web fonts, a standard font will be used by your computer.
The legal basis for this data processing is Art. 6 para. 1 S. 1 lit. f GDPR.
By integrating Font Awesome, we can display uniform fonts on your terminal device, keep the quality of our website high, and present the website in a uniform and as aesthetically pleasing manner as possible. The design effort is less than if we had to resort to and respond to font standards of different operating systems or browsers with their own graphically customized web pages.
Information about Font Awesome’s terms of use can be found at https://fontawesome.com/tos. You can read the privacy policy of Font Awesome or Fonticons, Inc. at https://fontawesome.com/privacy.
7. Integration of Google APIs
A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Google APIs) is loaded onto our website.
We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google APIs.
The legal basis for the data processing is Art. 6 para. 1 S. 1 lit. f GDPR. The legitimate interest consists in an error-free function of the website.
Google APIs has self-certified under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list ). The data is deleted as soon as the purpose of its collection has been fulfilled. For more information on the handling of transferred data, please refer to the Google APIs privacy policy: https://policies.google.com/privacy. You can prevent the collection and processing of your data by Google APIs by disabling the execution of script codes in your browser or by installing a script blocker in your browser. You can find this, for example, at www.noscript.net or www.ghostery.com.
8. Integration of Gstatic
A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded onto our website.
We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.
The legal basis for the data processing is Art. 6 para. 1 S. 1 lit. f GDPR. The legitimate interest consists in an error-free function of the website.
Gstatic has self-certified under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list ). The data is deleted as soon as the purpose of its collection has been fulfilled. For more information on the handling of transferred data, please see Gstatic’s privacy policy: https://policies.google.com/privacy. You can prevent the collection and processing of your data by Gstatic by disabling the execution of script codes in your browser or by installing a script blocker in your browser. You can find this, for example, at www.noscript.net or www.ghostery.com.
9. Use of ajax.google.apis.com
We use AJAX on our website. AJAX uses the content delivery network of Google. AJAX is a software library used on many websites, i.e. a collection of functions that a programmer can use. AJAX technologies optimize the loading speed. In this regard, program libraries are called from Google servers.
The legal basis for the processing of your data is Art. 6 para. 1 S. 1 lit. f GDPR.
By using AJAX, we pursue the legitimate interest of optimizing our website’s graphic design and navigation.
10. Integration of jQuery
We use the JavaScript library jQuery on our website. jQuery is a software library used on many websites, i.e. a collection of functions that a programmer can use. The operator of https://jquery.com/ is the JS Foundation (formerly the jQuery Foundation). jQuery also uses Google’s Content Delivery Network.
By using jQuery, we pursue the legitimate interest of optimizing our website’s graphical design and navigation.
The legal basis for the use is Art. 6 para. 1 S. 1 lit. f GDPR.
A connection to the jQuery server in the USA is established even if your browser already has a copy of the jQuery library in the browser’s cache. We do not retain any personal data within the scope of jQuery. We do not transfer personal data to other recipients.
The developer of the jQuery JavaScript library is the jQuery team of the JS Foundation, which can be found at https://jquery.org/team/. Contact to the JS Foundation can be established via https://js.foundation/contact.
11. Integration of Bootstrap
A web service from Bootstrap, which is used to host files such as scripts or style sheets, is loaded on our website. This service provider is StackPath LLC, 2021 McKinney Ave, Suite 1100, Dallas, TX 75201.
The integration is done by a server call. As a rule, this is a server of Bootstrap in the USA. Which pages of our website you have visited are transmitted to the server. The IP address of the browser of the end device may also be stored.
We do not store any personal data within Bootstrap. We do not forward the data to other recipients. We do not know which data Bootstrap links to the data received and for which purposes Bootstrap uses this data.
By using Bootstrap, we pursue the legitimate interest of optimizing our website’s graphic design and navigation.
The legal basis for this is Art. 6 para. 1 S. 1 lit. f GDPR.
12. External hosting
This website is hosted by an external service provider, Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen.
Hosting is a service in which a webspace provider provides storage space on its server. Webspace means storage space placed on a web server so that the homepage can be stored there and made accessible to the public. Provider means the provider, which in our case is Hetzner Online GmbH.
The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contact details, names, website accesses and other data generated via a website.
Our host will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions regarding this data.
The host is used for the purpose of fulfilling contracts with our potential and existing customers, Art. 6 para. 1 S. 1 lit. b GDPR, and in the interest of a secure, fast and efficient provision of our online offer by a professional provider, Art. 6 para. 1 S. 1 lit. f GDPR.
13. SSL encryption
This site uses SSL encryption for security reasons and protects the transmission of confidential content you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, third parties cannot read the data you transmit to us.
14. Your rights as a data subject
You have the following rights to us regarding personal data concerning you:
14.1 Information
You have the right to request information from us about the personal data we have stored about you. We will gladly provide you with this information upon your request. Furthermore, upon request, we will be happy to inform you to which third parties your data has been transmitted.
14.2 Correction
You have the right to request us to correct or complete your personal data. If you do not notify us accordingly, this will be done immediately if we become aware that our data is incorrect or incomplete.
14.3 Deletion
You have the right to demand that we delete the personal data stored by us. The possibility of an actual deletion depends on whether the fulfillment of a legal obligation by us, such as compliance with legal retention obligations and the assertion, exercise and defense of legal claims, makes this possible.
Legal retention periods based on commercial and tax law provisions are up to 10 years. Statutes of limitation for claims are up to 30 years.
You have the right to demand that we restrict processing. This is particularly relevant if there are reasons preventing deletion. From this point on, your personal data will only be processed with your consent.
14.4 Restriction of processing
You have the right to demand that we restrict processing. This is particularly relevant if there are reasons opposing deletion. From this point on, your personal data will only be processed with your consent.
14.5 Right to data portability
You have the right to request that we transfer your personal data to yourself or third parties in a structured, common and machine-readable format.
14.6 Objection to data processing
Insofar as we base the processing of your data on the balance of interests (Art. 6 para. 1 S. 1 lit. f GDPR), you may object to the processing. This is the case, in particular, if the processing is not necessary to fulfill a contract with you. When exercising such an objection, we ask you to explain why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your advertising objection using the following contact details:
Apaton Finance GmbH
Ellernstr. 34
30175 Hannover
Germany
Phone: +49 511 6768-731
Fax: +49 511 6768-730
E-mail: office@apaton.com
14.7 Revocation of consent
If you have given your consent to data processing, you have the right to revoke this consent at any time. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
14.8 Right of complaint
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
15. No automated decision-making
We do not carry out automated decision-making in the context of Art. 22 GDPR.
16. Transfer of personal data to third countries
The European General Data Protection Regulation (GDPR) has created a uniform legal basis for data protection in the European Union. Therefore, your personal data is mainly collected and processed by companies to which the European Data Protection Regulation applies.
If we process data in a third country, i.e. a country outside the European Union (EU) or the European Economic Area (EEA), or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 GDPR are met, i.e. the processing takes place e.g. on the basis of special guarantees. This is the case, for example, when the European Commission has decided that a certain third country offers an adequate level of protection in the area of data protection or officially recognized special contractual obligations, so-called “standard contractual clauses” are observed. If, for example, an American company is subject to the so-called “Privacy Shield”, i.e. the data protection agreement between the USA and the European Union, the aforementioned conditions are currently met.
17. Transfer of personal data to third parties and processors
In principle, we only pass on data with your consent. If we pass on data without such consent, this is done based on the aforementioned legal grounds. This is the case, for example, when forwarding data to public authorities to fulfill overriding legal obligations or due to a court order or due to a legal obligation to hand over data for a criminal prosecution, to avert danger or to protect and enforce intellectual property rights.
Addressees of your personal data can be, according to the previously mentioned, third parties and processors.
If data is forwarded to a processor, this is done on the basis of an agreement on commissioned processing and the basis of Art. 28 GDPR. Processors must ensure that appropriate technical and organizational measures are implemented so that the processing of personal data is carried out in accordance with the requirements of the GDPR and the BDSG. The processor and any person subordinate to us or the processor who has access to personal data may process such data only on our instructions unless they are obliged to do so under Union or Member State law. We select our processors carefully and monitor them at regular intervals
18. Modification of our privacy policy
We reserve the right to adapt this privacy policy to always comply with the current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.