- Data protection information sheet: Data protection information in accordance with the EU data protection basic regulation for natural and legal persons [PDF]
The protection of your privacy is very important to us. As aescuvest international GmbH and operator of the online platform www.aescuvest.eu (hereinafter also referred to as “platform” or “website”), we attach great importance to the protection and confidentiality of your data. The collection and use of your personal data take place exclusively within the scope of the legal provisions, in particular the applicable data protection law (EU General Data Protection Regulation and German Federal Data Protection Act (BDSG)). Below we inform you in detail about the handling of your data.
Responsible persons in the sense of data protection
aescuvest international GmbH
Hanauer Landstrasse 328-330,
60314 Frankfurt am Main
Managing Director: Dr. Patrick Pfeffer, Andreas Kühnemund
Tel.: +49 (0) 69 254741644
Data protection officer
We have appointed a data protection officer for our company.
Mr. Stephan Krischke
Phone: +49 (0)8171/346465
Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person. This includes, for example, your name, address, date of birth, user name, password, email address and payment data, but also your IP address. In the following, we describe how we process your personal data.
Provision of the website and creation of log files
You can visit our website at any time without having to register or provide any personal details. Each time you access our website, however, our system automatically collects data and information from the computer system of the accessing computer.
Description and scope of data processing: The following data is automatically collected when a page is called up:
- Browser type and version,
- The operating system used and its user interface,
- Language and version of the browser software,
- Website from which you visit us (referrer URL),
- Website you are visiting,
- Access status/HTTP status code,
- Date and time of your access,
- Time zone difference to Greenwich Mean Time (GMT),
- Your Internet Protocol (IP) address.
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website.
Legal basis for data processing: The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f EU General Data Protection Regulation (GDPR).
Purpose of data processing: The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The purpose of storage in log files is to ensure the functionality and stability of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.
Duration of storage: The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the respective session is terminated.
Registration and execution of investments (investment brokerage)
You can register on our website to receive detailed project information and invest in projects. We process your data as follows:
Description and scope of data processing: The data you enter in the input mask will be transmitted to us and stored. Data will only be passed on to third parties if this is expressly described in the following. In particular, when accepting subscription and purchase declarations for investments in financial instruments (investment brokerage), the Platform acts as a so-called “contractually tied broker” within the meaning of Sec. 2 (10) of the German Banking Act (Kreditwesengesetz) and acts exclusively in the name, for the account and under the liability of BN & Partners Capital AG, Erftstadt (“liability umbrella”). The data required for the execution and settlement of the subscription to a financial instrument is transmitted to the liability umbrella as well as to the relevant issuer or provider of the financial instrument and, where appropriate, to the service providers involved in the execution of the contract (such as a securities settlement bank and/or a payment service provider).
The following data will also be stored at the time of registration:
(1) The IP address of the user
(2) Date and time of registration
As part of the registration process, the user’s consent to the processing of this data is obtained.
We use your email address and phone number as a contact method for information and queries regarding the processing status. We would like to point out that communication by email can potentially be insecure.
The provision of personal data by you is not legally required and in the case of pure information also not contractually required. You are not obliged to provide us with personal data. If personal data is not provided, we will not be able to provide you with detailed project information and it will not be possible to invest in projects, provided this information is mandatory.
Legal basis for data processing: The legal basis for data processing is Art. 6 para. 1 lit. a GDPR if the user has given his consent. If the data input serves to fulfil a contract to which the user is a party (e.g. an underwriting or purchase contract in relation to a financial instrument) or if it serves to implement pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
Purpose of data processing: If you only request detailed project information, the data input serves to send you this information. If you invest in projects, i.e. acquire financial instruments, the data input is used for the purpose of concluding and executing the subscription or purchase agreement.
Duration of storage: The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. After complete completion of the contract, the storage only takes place for the legally prescribed periods. Your personal data will then be deleted unless you have agreed to further use or processing.
Description and scope of data processing: When registering for our free newsletter, the data from the input mask are transmitted to us. Your consent will be obtained for the processing of your data during the registration process and reference will be made to this data protection declaration.
The following data will also be stored at the time the registration is sent:
- The IP address of the user
- Date and time of registration.
If you open one of our newsletters or click on a link in it, this may be logged via the web server (date, time, email address). This serves internal statistical purposes, so that we can tailor our information offer even better to the interests of our newsletter users. This is also our legitimate interest in data processing. This data is not combined to form personal user profiles.
The provision of personal data by you is neither legally nor contractually prescribed nor necessary for the conclusion of a contract. You are not obliged to provide us with personal data. If personal data is not made available, we will not be able to send you a newsletter, as long as this information is mandatory.
Legal basis for data processing: The legal basis for the processing of data after registration for the newsletter is your consent (Art. 6 para. 1 lit. a GDPR). The legal basis for any statistical evaluations carried out is Art. 6 para. 1 lit. f GDPR.
Purpose of data processing: The collection of your email address serves to send you the newsletter. If other personal data is voluntarily provided by you during the registration process, this serves to individualise the newsletter and to prevent misuse of the services or the email address used.
Duration of storage: The personal data provided by you will be stored until you revoke your consent to receive the newsletter. Upon receipt of your revocation, your email address will be provided with a blocking notice in order to document that you no longer wish to be contacted by us by email in the future. Any other personal data collected with the newsletter registration will be deleted immediately. The blocking notice and your email address will be deleted three years after the end of the calendar year in which the blocking notice was set.
Use of the email service provider “MailChimp”
The newsletter is dispatched by “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients and their further details described in this information are stored on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. MailChimp can by its own admission also use this data to enhance or improve its own services, e.g. to technically enhance the dispatch procedure and display of the newsletter or for commercial purposes to be able to determine which countries the recipients are from. However, MailChimp will not use the data of our newsletter recipients to contact them itself or forward it to third parties.
The newsletters contain a so-called “web-beacon”. This is a file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval points (which can be determined with the help of the IP address) or access times.
Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor MailChimp’s aim to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Such tracking is not possible if you have disabled the display of images by default in your email program. In this case, however, the newsletter will not be displayed completely, and you may not be able to use all functions. If you display the images manually, the above tracking is performed.
You can cancel your subscription to our newsletter at any time. At the same time, your consents to its dispatch via MailChimp and the statistical analyses expire. You will find a link to cancel the newsletter at the end of each newsletter.
Contact form and email contact
Description and scope of data processing: By sending a contact request via our contact form, the data entered in the input mask is transmitted to us and stored. At the time the message is sent, the following data will also be stored:
- The IP address of the user
- Date and time ofthe message dispatch.
The provision of personal data by you is neither legally nor contractually prescribed nor necessary for the conclusion of a contract. You are not obliged to provide us with personal data. If personal data is not provided, this means that it is not possible to establish contact via the contact form, insofar as this is mandatory information.
Alternatively, you can contact us via the email address provided. In this case your personal data transmitted with the email will be stored.
Legal basis for data processing: The legal basis for the processing of data transmitted via the contact form or in the course of an e-mail is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in answering the sender’s contact request. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Article 6(1)(b) DS Block Exemption Regulation.
Purpose of the data processing: The processing of the personal data from the input mask serves us alone for the treatment of the contact inquiry. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage: The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with you has ended, unless contractual or legal obligations prevent a deletion. The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
Transmission of personal data
aescuvest international GmbH will not pass on your data to third parties unless you have given your express prior consent to such a transfer or the transfer is required or permitted by law. Excluded from this are our service partners, who are required to process the contractual relationship and who have been commissioned by us to process personal data in accordance with our instructions within the framework of an order processing contract, as well as the liability umbrella and those issuers and providers from whom you acquire financial instruments and who require the necessary personal data (name, address, date of birth, email address, phone number, custody account data, tax identification number) to execute the subscription contract. When accepting subscription and purchase declarations for investments in financial instruments (investment brokerage), the platform acts as a so-called “contractually tied broker” within the meaning of Sec. 2 (10) of the German Banking Act (Kreditwesengesetz) and acts exclusively in the name, for the account and under the liability of BN & Partners Capital AG, Erftstadt (“liability umbrella”). We will neither sell your data to third parties nor otherwise pass it on to third parties for advertising purposes. Our employees are bound to secrecy and to compliance with data protection regulations.
Description and scope of data processing: In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your mobile device.
You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or whether to exclude the acceptance of cookies in certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted. The following links will show you how to adjust the settings for the following common browsers:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Legal basis for data processing: If personal data are processed using cookies, the legal basis is Art. 6 para. 1 lit. f GDPR.
We need cookies for the following applications:
- Google Analytics
- Google Tag Manager
- Google Dynamic Remarketing
- Zoho Sales IQ
- Zoho PageSense
- Zoho CRM
- Facebook, Vimeo, Twitter, LinkedIn, Xing
The user data collected through cookies are not used to create user profiles.
Duration of storage: Sog. Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser. Permanent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
Use of Google Analytics
Use of Google Tag Manager
Our website uses Google Tag Manager. Google Tag Manager is a solution operated by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
Use of Zendesk
We use the ticket system Zendesk, a customer service platform of Zendesk Inc., 1019 Market St., San Francisco, CA 94103, USA, to process customer inquiries. For this purpose, necessary data such as name, first name, postal address, telephone number, email address are collected via our website. The data provided will be treated confidentially.
Zendesk is certified under the US-EU Privacy Shield and is committed to complying with EU privacy standards.
Use of Zoho SalesIQ
When you visit our website, anonymous usage data is collected using the Zoho service SalesIQ (https://zoho.eu/salesiq). SalesIQ uses so-called “cookies” which enable an analysis of our website. You can prevent this “tracking” by making the appropriate settings in your browser. We store this data exclusively for statistical purposes. The IP addresses are shortened by the last digits within the framework of legislation in order to guarantee anonymity.
Use of Zoho PageSense
When you visit our website, anonymous usage data is collected using the Zoho PageSense service (https://zoho.eu/pagesense). PageSense only records visits and clicks to our website anonymously. There is no inference about individual visitors. PageSense only enables us to check the general use of our website in the form of a heat map and to display its important content in the right place on the individual websites. No usage data or personal data is collected or stored.
Use of Zoho CRM
Personal data that you have provided to us by means of a contact request, a newsletter registration, a subscription or a purchase agreement are processed and administered by us with the help of a customer relationship management system (CRM system).
The CRM system currently in use is operated and offered by Zoho Corporation, 4141 Hacienda Drive Pleasanton, CA 94588, USA.
The data transmitted to Zoho will only be used for the purpose of contacting you and can be used for this purpose, not for sending newsletters. The latter must be agreed separately. After the first contact we offer our visitors to choose how much or how little they want to share with us. These data will not be passed on or distributed to third parties.
The CRM system is cloud-based. Your data are stored on servers in Europe (Netherlands and Ireland) to comply with EU data protection regulations.
Further information can be found on the Zoho website: https://www.zoho.eu/privacy.html
Use of Facebook Pixel/ Custom Audiences
Use of Vimeo
On our websites you can watch videos uploaded on Vimeo (Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA (“Vimeo”)) that are integrated via iFrame. The iFrames are set in a way that a connection is firstly established when you click on the “play” button.
If you are logged in to Vimeo account at the same time when you press play, Vimeo may associate your surfing behavior with your user profile. You can prevent such data processing by logging out of your account before visiting our websites.
As this is the service of a third party, we have no influence on the processing of such data by Vimeo. The purpose and scope of data collection and the further processing and use of the data by Vimeo as well as your rights and setting options for the protection of your privacy can be found in the relevant information on data protection at https://vimeo.com/privacy.
Legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. f GDPR. The purpose and legitimate interest is to increase the visibility of this website and the attractiveness and user-friendliness of our services.
Use of Twitter
Functions of the Twitter service are incorporated into our website. These functions are offered by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). When visiting one of our websites equipped with such a plugin, your browser sets up a direct connection with servers of Twitter. In doing so, Twitter will get the information that you visited (with your IP address) our website. If you click on the Twitter button while you’re logged into your Twitter account, Twitter will associate the visit of our pages with your user account.
If such a transmission of information to Twitter is not desirable, you may prevent this at any time by logging out from your Twitter account before a call-up to our website will be made. Further information can be accessed in the applicable data protection provisions of Twitter under https://twitter.com/privacy?lang=en.
Twitter allows you at any time to change the data protection settings of Your Twitter account under https://twitter.com/account/settings.
Use of LinkedIn
Our website uses the so-called “LinkedIn Insight Tag” of the network LinkedIn. Provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about members interacting with our LinkedIn adverts. The LinkedIn Insight Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views. All data is encrypted. The LinkedIn browser cookie is stored in a visitor’s browser until they delete the cookie or the cookie expires. With the help of the LinkedIn Insight Tag we are able to analyse the success of our campaigns within the LinkedIn platform or determine target groups for them based on the interaction of the users with our website. If you are registered with LinkedIn, it is possible for LinkedIn to associate your interaction with our online services with your user account.
Use of Xing
Our website uses functions of the XING network, whose operator is the company XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. When visiting one of our websites equipped with such a plugin of XING, your browser sets up a direct connection with servers of XING.
We would like to emphasize, that we are not aware of the exact content of the data transmitted or how it is used by Xing. If you do not want Xing to associate your visit to our pages, please log out of your Xing account before a call to our website will be made.
Automated decision making including profiling
There is no automated decision making including profiling.
Rights of the data subject
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the person responsible:
Right of access: Pursuant to Art. 15 GDPR, you have the right to request access to your personal data processed by us; in particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.
Right to rectification: Pursuant to Art. 16 GDPR, you have the right to demand immediate correction of incorrect or incomplete personal data stored by us.
Right to deletion: Pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
Right to limitation: Pursuant to Art. 18 GDPR, you have the right to request the limitation of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR.
Right to data transfer: Pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transfer to another responsible person.
Right of appeal: Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our place of business. The competent supervisory authority for our registered office is: The Hessian Data Protection Commissioner, Prof. Dr. Michael Ronellenfitsch, Postfach 3163, 65021 Wiesbaden, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany Email: Poststelle[at]datenschutz.hessen.de, Phone: +49 611 1408 – 0, Fax: +49 611 1408 – 900.
|Right of objection: You have the right to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you carried out pursuant to art. 6 par. 1 lit. f GDPR.|
If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising.
Right of revocation: You have the right to revoke your consent to the processing of your personal data at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation. Revocation is possible at any time by e-mail to privacy[at]aescuvest.euor by post at the above address.
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize the encryption by the closed representation of the key or lock symbol in the lower status bar or the address bar of your browser (https). We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
We reservethe right toamend this data protection declaration from time to time so that it always complies with current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The current data protection declaration applies to your renewed visit to our website.
Status: July 2019