Data Protection Notice
We, Wealthcap Kapitalverwaltungsgesellschaft mbH, Bavariafilmplatz 8, D‑82031 Grünwald (hereinafter called “WCK”), inform you in this notice about the processing of personal data done by us.
You may contact us at any time, not only by mail, but also at info@wealthcap.com or at +49 89 678 205 500.
You can reach our Data Protection Officer by mail at Wealthcap Kapitalverwaltungsgesellschaft mbH, ‑Datenschutzbeauftragter‑, Bavariafilmplatz 8, 82031 Grünwald, or by e‑mail at datenschutz@wealthcap.com.
In the following, we have compiled the most important information on the typical data processing operations for you, subdivided by data subject categories. For certain data processing operations concerning only specific categories, the duty to provide information is fulfilled in separate documents. Whenever the term “data” is used in this text, it refers solely to personal data within the meaning of the EU General Data Protection Regulation (GDPR).
This data protection notice already complies with the requirements of the GDPR.
1. Visitors to our website
- 1.1 Server protocol data
For every request, our web server processes certain data that your browser automatically transfers to our web server. These data are the IP address currently assigned to your device, the date and time of your request, the time zone, the specific page or file visited, the http status code and the data volume transferred; additionally, the web page where your request originated, the browser used, the operating system of your terminal device, and the language used. These data are used by our web server for the best possible display of the contents of this website on your device.
- 1.2 Google Analytics
Our website uses the services of Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Analysis of your use of our websites is made possible through storage of what are known as “cookies” (see 1.8) on your computer, which then generate information on your user behavior and transfer this information to Google. Usually, a truncated version of your IP address is transferred to the Google server. In exceptional cases, the full IP address may also be transferred. We have commissioned Google to use this information to prepare reports on user behavior on our web pages. The IP address identified by Google Analytics is not combined with other data by Google. If you do not wish to have cookies (see 1.8) stored on your computer, you can adjust your browser settings accordingly. Unfortunately, this may lead to restricted use of our web pages. You may prevent data collection by Google Analytics by clicking on the following link, which sets an opt-out cookie preventing the future collection of your data when you visit this website: Deactivate Google Analytics
More detailed information on the terms of use and privacy policy is available at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/, respectively. Please note that Google Analytics has been extended to include the “anonymizeIp” code on this website in order to ensure anonymized collection of IP addresses (a process known as “IP masking”). In addition, we use Google Analytics to analyze data from AdWords and the double-click cookie for statistical purposes. If you do not wish such analysis, you can deactivate this function in the ads preferences manager (https://support.google.com/ads/answer/2662922?hl=de). - 1.3 GA Audience
On this website, data is collected and processed by GA Audiences, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). From this data, user profiles are created on a pseudonymized basis. This technology serves the purpose of showing users who have already visited our web pages and online services targeted ads from us at other third-party pages of the Google partner network. For this purpose, a cookie is stored on your computer to analyze user behavior during visits on our website that can subsequently be used for targeted product recommendations and interest-based advertising. No personal data are stored or processed when the relevant cookie (see 1.8) is placed. If you do not wish to receive interest-based ads, you can deactivate the use of cookies (see 1.8) by Google for these purposes by following the instructions at https://adssettings.google.com/authenticated#fyRr4c. - 1.4 Google Tag Manager
In addition, we use the Google Tag Manager provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This tool can be used to manage website tags. The Google Tag Manager merely creates tags — a tag is a code used to measure visitor numbers and visitor behavior. The tags come from other services — in our case from Google Analytics (see above). The Google Tag Manager only manages these tags, but neither places cookies nor collects personal data. When tracking has been deactivated via Deactivate Google Analytics, this also applies to all tracking tags managed by the Google Tag Manager. - 1.5 Google AdWords Conversion
This website uses the “Google AdWords Conversion Tracking” function provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google AdWords Conversion Tracking uses what are known as “cookies” (see 1.8), i.e., text files that are stored on your computer and permit an analysis of your website use when you have clicked on a Google add. The cookies (see 1.8) are valid for a maximum of 90 days. No personal data are stored in this process. As long as a cookie is valid, Google and we, in our capacity of website operator, can see that you have clicked on an ad and accessed a certain target page (e.g., order confirmation page, newsletter subscription). These cookies (see 1.8) cannot be tracked across several websites by other AdWords participants. The cookie is used to create conversion statistics in Google AdWords. These statistics document the number of users that have clicked on one of our ads. In addition, the number of users accessing a target page marked with a conversion tag is counted. However, the statistics do not contain any data that would make it possible to identify you.
You can prevent the storage of cookies (see 1.8) on your computer by clicking on the following link which places an opt-out cookie preventing the future collection of your data when you visit this website: Deactivate Google Analytics. Please note, however, that you may not be able to fully use all functions of this website in this case. By using this website, you agree to the processing of the data collected on you by Google in the manner described above and for the purpose outlined above. Further information on the way in which Google Conversion uses data and Google’s privacy policy are available at https://support.google.com/adwords/answer/93148?ctx=tltp and http://www.google.de/policies/privacy/, respectively. - 1.6 Google AdWords User Lists and Google Dynamic Remarketing
Google AdWords User Lists and Google Dynamic Remarketing are products offered by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). Our website uses a pixel made available by Google that creates a direct link to the Google servers. This is used to transfer the information that you have visited our website to the Google server. Google links this information with a unique ID, which is stored on your terminal device as a cookie (see 1.8) or made available by your terminal device (“ad ID” on smartphones). If you visit other websites that also use Google AdWords User Lists / Google Dynamic Remarketing, this information is also linked to your unique ID. However, we are not able to see which other websites you visit. You can deactivate the pixel and its effect at any time: Deactivate Google Analytics - 1.7 Google Maps
The maps of the „Google Maps“ service have been integrated into some subpages of this website. When you access subpages that have integrated maps made available by the Google Maps service, the visitor’s IP address is used for the technical retrieval of the maps, i.e., Google servers can store and process your IP address and other data automatically transferred by your browser (see above under point 1.1, protocol file of the web server). The map service is operated by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and is exclusively subject to the Google Privacy Policy.
Please note that this means that personal data may be transferred to the United States of America and other third countries that are considered to be subject to uncertainties in terms of data protection under the GDPR. We have no influence on the type and scope of data processing by Google. - 1.8 Cookies
Some of our web pages use what is known as “cookies”. Our cookies neither damage your computer nor contain viruses. Cookies merely serve the purpose of making our offerings more user-friendly, more effective, and more secure. Cookies are small text files that are placed on your computer and saved by your browser. Most of the cookies we use are what are known as “session cookies”. They are automatically deleted at the end of your visit to our website. Other cookies are stored on your terminal device until you delete them. These cookies allow us to recognize your browser at your next visit. You can select browser settings that ensure that you are informed when cookies are placed and allow cookies only on a case-by-case basis, exclude the placement of cookies in certain cases or generally, and activate automatic deletion of cookies when you close your browser. When cookies are deactivated, the functionality of this website may be limited. - 1.9 Purpose of data processing
The purpose of data processing is to present the group of companies on the Internet and the communication with prospects, investors, business partners, and representatives of the press. - 1.10 Legal basis
The legal basis of the processing is Article 6 (1) letter b) of the GDPR (user contract for website). The legal basis of the processing of press representatives’ data is Article 6 (1) letter b) of the GDPR (contract on inclusion in the press distribution list). - 1.11 Protocol and communication data
Protocol and communication data is not transferred to third parties unless special circumstances require us to do so. When criminal activities are suspected or investigation proceedings are conducted, data may be passed on to the police and the public prosecutor’s office. We use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems. - 1.12 IP addresses
IP addresses are anonymized at the latest after 24 hours. The content of communications is deleted after six calendar years. - 1.13 Disclosure
The use of our website is not possible without disclosure of personal data such as your IP address. Communication via the website is not possible without disclosure of data.
2. Visitors to our corporate headquarters
- 2.1
The purpose of data processing is to carry out the visit to our corporate headquarters while ensuring access control. The purposes of video surveillance are enforcement of our house rules, detection and prosecution of criminal activities, and enforcement of claims under civil law. No change in these purposes is planned. - 2.2
The legal basis of the processing is Article 6 (1) letter f) of the GDPR (legitimate interest, i.e., enforcement of house rules, detection and prosecution of criminal activities, and enforcement of claims under civil law). - 2.3
Visitor data are not transferred to third parties unless special circumstances must also be taken into consideration. When criminal activities are suspected or investigation proceedings are conducted, data may be passed on to the police and the public prosecutor’s office. We use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems. - 2.4
Visitor data are stored for a period of three months. The local video surveillance system does not produce any recordings. - 2.5
Data collection is required for the enforcement of our house rules and visitor control. Access to the building is not possible without disclosure of data.
3. Investors and their employees
- 3.1
We process your personal data for the purpose of executing (managing) the respective contractual relationship that exists or is initiated with you, including replies to inquiries, performance and billing of our services, and settlement of commission payments to intermediaries. In addition, we process the personal data provided in the subscription agreement (and updated at a later date, if applicable) for the purpose of satisfying and ensuring compliance with legal requirements. In addition, the processing also serves the purpose of submitting further offers. No change in these purposes is planned. - 3.2
The legal basis of processing is Article 6 (1) letter b) of the GDPR for agreements with natural persons (contract or contract initiation), Article 6 (1) letter f) of the GDPR for agreements with legal entities (legitimate interest, i.e., communication with agreement-relevant contacts), and Article 6 (1) letter c) of the GDPR in all cases (legal obligations, especially requirements under tax and commercial law). For the collection and use of information for the submission of future offers and the settlement of commissions due to intermediaries, the legal basis is Article 6 (1) letter f) of the GDPR (legitimate interest, i.e., offer of legitimate services and settlement of commission claims). The legal basis of the processing of your e‑mail address for the purpose of sending you marketing material or providing information to your intermediaries is your consent in accordance with Article 6 (1) letter a) of the GDPR in conjunction with Article 7 of the GDPR. To the extent to which funds make (potentially also indirect) investments in countries outside the EU (“third countries”), the legal basis of the transfer of data to the third country is Article 49 (1) letter b) of the GDPR (necessary for the performance of a contract). - 3.3
For the purpose of managing the investment, data may be transferred to Wealth Management Capital Holding GmbH as well as its subsidiaries and sub-subsidiaries, target funds and withholding agents, distribution partners, the custodian, lawyers, tax consultants, and auditors. In addition, recipients of the data may be banks for the purpose of opening and managing collective escrow accounts and special accounts and for the settlement of payments. Public authorities and institutions may be recipients within the framework of the performance of their tasks to the extent to which we are obliged and authorized to transfer the data in question. In addition, we use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems, for the fulfillment of duties under anti-money-laundering and sanction law, and for the mailing of subscription documents and investor letters. To the extent to which funds make (potentially also indirect) investments in third countries, investor data (name, address, date of birth, place of birth, country of birth, nationality, bank details including bank master data, tax identification number including information on the tax residence, and information on the subscribed investment and payment transactions) are transferred to the target funds and withholding agents for the purpose of managing the investment. In addition, investor data are transferred to the tax consulting companies serving us in the respective third country for the purpose of tax advice and the preparation of necessary tax documents. In principle, no adequate level of protection within the meaning of the GDPR exists in third countries. No adequacy resolution has been adopted by the European Commission, and the respective third-country recipients do not offer suitable and adequate guarantees for the protection of personal rights, fundamental rights, and fundamental freedoms as laid down in the EU Charter of Fundamental Rights either. - 3.4
Legal and regulatory requirements oblige us to combat money laundering, terrorism financing, and asset-endangering crimes. This obligation also includes the analysis of data with a view to evaluating certain personal aspects (profiling). These measures also serve to protect you. - 3.5
We do not process and store your personal data any longer than necessary for the respective processing purposes. If the data are no longer required for the performance of contractual and statutory obligations, they are regularly deleted, unless their further processing (for a limited time) is necessary for the following purposes:- Compliance with records retention periods under commercial and tax law pursuant to the German Commercial Code (Handelsgesetzbuch; HGB) and the German Tax Code (Abgabenordnung; AO) as well as records retention periods pursuant to the German Anti-Money Laundering Act (Geldwäschegesetz; GwG). The retention or documentation periods prescribed therein may be up to 10 years.
- Preservation of evidence within the scope of statutes of limitation. Under the German Civil Code (Bürgerliches Gesetzbuch; BGB), these limitation periods may be up to 30 years, with the regular limitation period being three years.
- 3.6
Disclosure of data is mandatory for investors both due to statutory regulations (German Anti-Money Laundering Act) and for the conclusion of the trust agreement. Fund investments and their management are not possible without the disclosure of data on the part of the investor. - 3.7
When you subscribe to investments via distribution partners or intermediaries or acquire investments from third parties, we receive the information you disclose in your subscription form or otherwise to the distribution partner, intermediary, or third party.
4. Applicants for employment
- 4.1
The purpose of data processing is to select applicants for an employment relationship. No change in this purpose is planned. - 4.2
The legal basis is Article 6 (1) letter b) of the GDPR (employment contract) and Article 88 of the GDPR. The legal basis of the identity and reliability checks are statutory requirements, including those laid down in Article 6 (1) letter c) in conjunction with Section 6 (2) No. 5 of the German Anti-Money Laundering Act (Geldwäschegesetz; GwG). - 4.3
Applicant data are transferred internally to the competent and decision-making employees. Within the scope of background checks for the purpose of identity and reliability checks, we transfer your e‑mail address to HireRight EMEA, 70 Wapping Lane, London, E1W 2RD, United Kingdom. In addition, we use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems. - 4.4
The data are deleted six months after completion of the recruitment process. If an applicant is also interested in other jobs, the data will be stored for up to twelve months. - 4.5
Disclosure of personal data is required for checking the application and (if applicable) the subsequent conclusion of an employment contract. Without disclosure of personal data, applications cannot be considered.
5. Service providers, business partners, and their employees
- 5.1
The purposes of processing are the preparation, initiation, execution, and termination of the respective service or business relationship and compliance with statutory obligations. An additional purpose of processing is the provision of information on upcoming events, on the company, on market trends, and on further products and offers from the area of financial and capital investments and from the real estate sector. No change in these purposes is planned. - 5.2
The legal basis of the processing is Article 6 (1) letter b) of the GDPR for agreements with natural persons (contract or contract initiation), Article 6 (1) letter f) of the GDPR for agreements with legal entities (legitimate interest, i.e., communication with agreement-relevant contacts), and Article 6 (1) letter c) of the GDPR in all cases (legal obligations, especially requirements under tax and commercial law). The legal basis of the processing of your data for the provision of information on upcoming events, on the company, on market trends, and on further products and offers from the area of financial and capital investments and from the real estate sector is Article 6 (1) letter f) of the GDPR (legitimate interest, i.e., communication with contractual and business partners) if you are a contractual or business partner or our contact at a contractual or business partner and otherwise your consent pursuant to Article 6 (1) letter a) of the GDPR. - 5.3
Contact and contractual data may be transferred to other service providers, business partners as well as public institutions and authorities insofar as this is necessary for the execution of the contract or order. In addition, we use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems and for the fulfillment of duties under anti-money-laundering and sanction law. - 5.4
Legal and regulatory requirements oblige us to combat money laundering, terrorism financing, and asset-endangering crimes. This obligation also includes the analysis of data with a view to evaluating certain personal aspects (profiling). These measures also serve to protect you. - 5.5
We do not process data of contractual partners and service providers any longer than necessary for the respective processing purposes. If the data are no longer required for the performance of contractual and statutory obligations, they are regularly deleted, unless their further processing (for a limited time) is necessary for the following purposes:- Compliance with records retention periods under commercial and tax law pursuant to the German Commercial Code (Handelsgesetzbuch; HGB) and the German Tax Code (Abgabenordnung; AO) as well as records retention periods pursuant to the German Anti-Money Laundering Act (Geldwäschegesetz; GwG). The retention or documentation periods prescribed therein may be up to 10 years.
- Preservation of evidence within the scope of statutes of limitation. Under the German Civil Code (Bürgerliches Gesetzbuch; BGB), these limitation periods may be up to 30 years, with the regular limitation period being three years.
- 5.6
The processing of the contact data of service providers and business partners is required to execute the agreement. Failure to disclose these data may lead to substantial disruptions in communications.
6. Existing and prospective tenants for rental properties
- 6.1
The purposes of processing are preparation, initiation, execution, and termination of the respective tenancy, provision of data for a due diligence check within the context of a potential sale of the rental property and compliance with statutory obligations. No change in these purposes is planned. - 6.2
The legal basis of the processing is Article 6 (1) letter b) of the GDPR for agreements with natural persons (contract or contract initiation), Article 6 (1) letter f) of the GDPR for agreements with legal entities (legitimate interest, i.e., communication with agreement-relevant contacts), and Article 6 (1) letter c) of the GDPR in all cases (legal obligations, especially requirements under tax and commercial law). - 6.3
Contact and tenancy agreement data may be transferred to other service providers, business partners, public institutions and authorities as well as to prospective buyers of the rental property for the performance of due diligence checks to the extent to which this is required for taking over the tenancy agreement. In addition, we use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems, for the fulfillment of duties under anti-money-laundering and sanction law, and within the framework of the documentation and accounting of operating and ancillary costs. - 6.4
Legal and regulatory requirements oblige us to combat money laundering, terrorism financing, and asset-endangering crimes. This obligation also includes the analysis of data with a view to evaluating certain personal aspects (profiling). These measures also serve to protect you. - 6.5
We do not process and store tenant data any longer than necessary for the respective processing purposes. If the data are no longer required for the performance of contractual and statutory obligations, they are regularly deleted, unless their further processing (for a limited time) is necessary for the following purposes:- Compliance with records retention periods under commercial and tax law pursuant to the German Commercial Code (Handelsgesetzbuch; HGB) and the German Tax Code (Abgabenordnung; AO) as well as records retention periods pursuant to the German Anti-Money Laundering Act (Geldwäschegesetz; GwG). The retention or documentation periods prescribed therein may be up to 10 years.
- Preservation of evidence within the scope of statutes of limitation. Under the German Civil Code (Bürgerliches Gesetzbuch; BGB), these limitation periods may be up to 30 years, with the regular limitation period being three years.
Data of prospective tenants with whom no tenancy agreement is concluded are deleted after three months.
- 6.6
The processing of the contact data of service providers and business partners is required to execute the contract. Failure to disclose these data may lead to substantial disruptions in communications.
7. Preregistration for subscription of specifically designated investment options
- 7.1
We process your data for the purpose of preregistration for the subscription of specifically designated investment options. - 7.2
In the preregistration for subscription, the legal basis of the processing is Article 6 (1) letter a) of the GDPR in conjunction with Article 7 of the GDPR for preregistration of natural persons and Article 6 (1) letter f) of the GDPR for preregistration of legal entities (legitimate interest, i.e., communication with agreement-relevant contacts). - 7.3
The subscription preregistration form you send back to us is forwarded to the relationship manager/ distribution partner listed therein. In addition, we use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems, for the fulfillment of duties under anti-money-laundering and sanction law, and for the mailing of letters to preregistered individuals and investors. - 7.4
All data that are relevant for subscription preregistration are stored by us for a period of one calendar year. - 7.5
The disclosure of data is mandatory for the preregistration of a subscription. Without the disclosure of data, subscription preregistration is not possible. - 7.6
We do not use procedures for automated individual decision-making. - 7.7
You have the right to request access to all your personal data we process at any time. - 7.8
Should your personal data be incorrect or incomplete, you have the right to request data rectification and completion. - 7.9
You may request erasure of your personal data at any time, unless we are legally obliged or authorized to continue processing your data. - 7.10
When the statutory prerequisites are fulfilled, you may request a restriction of the processing of your personal data. - 7.11
You have the right to object against the processing insofar as the data processing serves the purpose of direct marketing. When the processing is based on a balancing of interests, you may object against the processing citing grounds relating to your particular situation. - 7.12
When data processing is based on your consent or done within the framework of an agreement, you have the right to request transfer of the data you submitted unless such transfer infringes upon the rights and freedoms of other persons. - 7.13
When we process data on the basis of a declaration of consent, you have the right to withdraw your consent at any time with prospective effect. Any processing carried out before such withdrawal of consent shall not be affected by the withdrawal. - 7.14
In addition, you have the right to lodge a complaint with a supervisory authority for data protection at any time if you are of the opinion that your data has been processed in violation of the applicable law.
8. Forwarding of data to investment services enterprises/ financial investment brokers for online customer events
- 8.1
We process your data in connection with online customer events for the purpose of forwarding to the investment services enterprise/ financial investment broker listed in the declaration of consent for the purpose of providing counselling on the investment option advertised. - 8.2
For natural persons, the legal basis of processing data for forwarding to the investment services enterprise/ financial investment broker listed in the declaration of consent for the purpose of providing counselling on the investment option advertised is their consent pursuant to Article 6 (1) letter a) of the GDPR in conjunction with Article 7 of the GDPR. For legal entities, the legal basis is Article 6 (1) letter f) of the GDPR (legitimate interest, i.e., communication with agreement-relevant contacts). - 8.3
The information you provide will be forwarded to the investment services enterprise/ financial investment broker listed in the declaration of consent. In addition, we use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems, for the fulfillment of duties under anti-money-laundering and sanction law, and for the mailing of letters to individuals and investors interested in receiving counselling on the investment option advertised. - 8.4
We will store the data processed for forwarding to the investment services enterprise/ financial investment broker listed in the declaration of consent for the purpose of providing counselling on the investment option advertised for a period of one calendar year. - 8.5
Disclosure of data for forwarding to the investment services enterprise/ financial investment broker listed in the declaration of consent for the purpose of providing counselling on the investment option advertised is mandatory. Without the disclosure of data, no forwarding to the investment services enterprise/ financial investment broker listed in the declaration of consent for the purpose of providing counselling on the investment option advertised is possible.
9. Invitees and attendees of events
- 9.1
We process your data for the purpose of inviting you to and carrying out events and for the documentation of events in video and audio recordings and the use of the recordings made for the purpose of press and public relations activities. No change in these purposes is planned. - 9.2
The legal basis of the processing of data for invitations is Article 6 (1) letter f) of the GDPR (legitimate interest, i.e., communication with contractual and business partners) if you are a contractual or business partner or our contact at one of our contractual or business partners; otherwise the legal basis is your consent (Article 6 (1) letter a) of the GDPR). If you have registered for an event, the legal basis is Article 6 (1) letter b) of the GDPR (contract for staging the event) and Article 6 (1) letter c) of the GDPR (legal obligations, especially requirements under tax and commercial law). The legal basis of video and audio recordings is Article 6 (1) letter f) of the GDPR (legitimate interest in the documentation of events staged by us and our legitimate interest in the presentation of our company through press and public relations activities). If we transfer images of you in which you are distinctly recognizable for the purpose of press and public relations activities, publish such images, or use them for the preparation of brochures and marketing materials, we will ask you for your prior consent. In this case, the legal basis is your consent pursuant to Article 6 (1) letter a) of the GDPR. - 9.3
The video and audio recordings made may be transferred to journalists, media companies, and press and photo agencies as well as platforms, also abroad, and published by us for the purpose of press and public relations activities. Contact and contractual data may be transferred by us to other service providers, business partners, and public institutions and authorities insofar as this is necessary for staging the event. In addition, we use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems. - 9.4
All contract and booking-relevant data will be stored in accordance with the records retention obligations under tax and commercial law. In particular, mention must be made of the German Commercial Code (Handelsgesetzbuch; HGB) and the German Tax Code (Abgabenordnung; AO). The retention or documentation periods prescribed therein may be up to 10 years. Archived video and audio recordings of the event and publications are usually not deleted. - 9.5
Disclosure of data is a contractual requirement for the receipt of invitations and the attendance of events. Without data disclosure, invitations cannot be sent and attendance of events is not possible. Granting permission of video and audio recordings is not mandatory for the attendance of events. If you do not wish any video and audio recordings, please inform our employees at the event venue accordingly.
10. General information and rights of data subjects
- 10.1
We do not use procedures for automated individual decision-making. - 10.2
You have the right to request access to all your personal data we process at any time. - 10.3
Should your personal data be incorrect or incomplete, you have the right to request data rectification and completion. - 10.4
You may request erasure of your personal data at any time, unless we are legally obliged or authorized to continue processing your data. - 10.5
When the legal prerequisites are fulfilled, you may request a restriction of the processing of your personal data. - 10.6
You have the right to object against the processing insofar as the data processing serves the purpose of direct marketing or profiling to the extent to which it is related to such direct marketing. When the processing is based on a balancing of interests, you may object against the processing citing grounds relating to your particular situation. - 10.7
When data processing is based on your consent or done within the framework of an agreement, you have the right to request transfer of the data you submitted unless such transfer infringes upon the rights and freedoms of other persons. - 10.8
When we process data on the basis of a declaration of consent, you have the right to withdraw your consent at any time with prospective effect. Any processing carried out before such withdrawal of consent shall not be affected by the withdrawal. - 10.9
In addition, you have the right to lodge a complaint with a supervisory authority for data protection at any time if you are of the opinion that your data has been processed in violation of the applicable law.
11. Video conferencing software
- 11.1
In communications via Microsoft Teams, e.g. with applications, investors, or business partners, we process the following personal data:- Your personal details: e.g. first name, last name, phone number, e‑mail address
- Meeting meta data: e.g. topic, description, participants’ IP addresses, device/ hardware information
- For dial-in by phone: e.g. information on the incoming and outgoing phone number, country name, start and end time; if necessary, additional connection data may be stored, e.g. the IP address of the device
- Text, audio, and video data: You may have the option to use the chat function during an online meeting. If you do, the text you enter will be processed to display it in the online meeting and also record it, if desired. To enable video display and sound playing, the data of the microphone and/ or the video camera of your terminal device will be processed for the duration of the online meeting. You can deactivate your camera and/ or mute your microphone yourself at any time.
- 11.2
The personal data is processed in accordance with Article 6 (1) sentence 1 letter b) of the GDPR (contract performance, contract initiation) for the purpose of communicating with persons interested in a product of Wealthcap Kapitalverwaltungsgesellschaft mbH. These persons may be both existing investors and individuals who are not yet investors. Log and meta data are processed solely for the purpose of error analysis. The legal basis of this processing is Article 6 (1) sentence 1 letter f) of the GDPR (legitimate interest). We do not use procedures for automated individual decision-making. - 11.3
You do not need to register specifically in order to be able to communicate with us during a Microsoft Teams video meeting. You will receive an access link to the video conference from your discussion partner by e‑mail. You can decide for yourself whether or not you wish to disclose your full name while using Microsoft Teams. Similarly, you are free to decide whether you wish to turn your camera and your microphone on or off. We make no video or audio recordings. The content of the discussion (the spoken word) is not recorded either, irrespective of whether you join the video conference by phone, the Microsoft Teams app, or your browser. - 11.4
Microsoft Teams is part of Microsoft 365 and, as such, a software of Microsoft Ireland Operations Limited with registered office in Dublin, Ireland. Your personal data will be processed on servers operated by Microsoft in computer centers in the European Union in Ireland and the Netherlands. For this purpose, we have concluded a contract commissioning Microsoft to process data pursuant to Article 28 of the GDPR. Accordingly, extensive technical and organizational measures have been agreed with Microsoft, which correspond to the currently applicable state of the art of IT security, e.g. with respect to access authorization and encryption approaches. Nevertheless, we cannot rule out that data is routed via Internet servers located outside the EU. In particular, this may be the case when meeting participants dial in from a third country. However, the data is encrypted during the transport via the Internet and thus protected to the best possible extent against unauthorized access by third parties. Furthermore, it cannot be ruled out that some of the personal data from Microsoft Teams are also processed in the United States of America. In individual cases, legal regulations in the US — notably the CLOUD Act (Clarifying Lawful Overseas Use of Data Act) and the Patriot Act — may put Microsoft under the obligation to access personal data stored on European servers and disclose such data to authorities in the United States of America. For this reason, Wealthcap has concluded a data protection agreement made available by the European Union for the processing of personal data in third countries (known as “standard data protection clause”) with Microsoft. This agreement provides for suitable guarantees for the protection of your data. Furthermore, Microsoft reserves the right to process customer data for its own purposes. Wealthcap cannot influence this processing of personal data by Microsoft. In these cases, Microsoft does not act as processor on behalf of Wealthcap, but as an independent controller within the meaning of Article 4 No. 7 of the GDPR and, as such, is solely responsible for complying with all applicable data protection regulations. For more information on the processing of your personal data by Microsoft for its own purposes, please see the following link: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy. - 11.5
The personal data in Microsoft Teams is stored for 90 days.
12. Social media
- 12.1
According to the information known at this point of time, it may be impossible to erase personal data on social media — such data is merely not displayed publicly anymore. No sufficient information on the internal use of photos and data by the respective companies — e.g. for creating personality profiles — is currently available. What is more, personal data may be processed on servers outside the European Economic Area where it may not be subject to the high protection level of the European General Data Protection Regulation in all cases. Information on the Internet and in social networks is accessible worldwide and can be found with search engines and linked with other information, which may permit the creation of personality profiles. Any information placed on the Internet, including photos, can easily be copied and disseminated to third parties. There are specialized archiving services whose aim is to permanently document the status of certain websites on certain dates. This may lead to a situation in which information published on the Internet and in social networks can still be found even after it was erased on the original website.
13. Collection of personal data not obtained from data subjects (Art. 14 GDPR)
- 13.1
The purposes of processing are continuation of contract execution, investor processing, and compliance with legal obligations. No change in these purposes is planned. - 13.2
We may receive personal data of third parties via investors. Further sources may be relationship managers, authorized representatives, third-party debtors, residents’ registration offices, courts, bailiffs, legal representatives, insolvency administrators, trade licensing offices, correctional facilities, publicly accessible information sources, estate executors, and lawyers. - 13.3
The legal basis of processing is Article 6 (1) letter b) of the GDPR for agreements with natural persons (contract or contract initiation), Article 6 (1) letter f) of the GDPR for agreements with legal entities (legitimate interest, i.e., communication with agreement-relevant contacts), and Article 6 (1) letter c) of the GDPR in all cases (legal obligations, especially requirements under tax and commercial law). - 13.4
Contact and contractual data may be transferred to other service providers, business partners as well as public institutions and authorities if this is necessary for the execution of the contract or order. In addition, we use service providers commissioned to process data in the provision of services, especially for the setup, maintenance, and servicing of IT systems. - 13.5
Data of contractual partners and service providers are deleted after a period of 10 calendar years after the termination of the contract or assignment. - 13.6
The processing of the contact data of service providers and business partners is required to execute the contract. Failure to disclose these data may lead to substantial disruptions in communications.
As of: November 2022