Data protection

§ 1 Bright Capital Websites

This Privacy Policy applies to all Bright Capital websites. These include our corporate website www.brightcapital.de as well as other existing websites. This Privacy Policy describes how Bright Capital collects and uses information that you provide when you visit our websites. It also describes the choices you have about how we use this information and how you can access and update it.

§ 2 Summary

§ 3 Contact persons and responsibilities

Responsible entity within the meaning of data protection law

Bright Capital Investment Management GmbH
Matthias Mathieu, Karsten Batran
Große Bockenheimer Str. 43
60313 Frankfurt am Main
Germany
mittelstand@brightcapital.de
+49 69 3487 759 80

Registered office: Frankfurt am Main

Registry court: Amtsgericht Frankfurt am Main

Commercial register: HRB 99217

Managing directors: Matthias Mathieu, Karsten Batran

Contact details of the data protection officer

Bright Capital Investment Management GmbH
Datenschutzbeauftragter
Große Bockenheimer Str. 43
60313 Frankfurt am Main
Germany
dataprotection@brightcapital.de
+49 69 3487 759 80

§ 4 Definition of personal data

Personal data is any information about the personal and actual circumstances of a particular or identifiable person. This information includes, for example, your name, e-mail address, postal address or telephone number. Information on the basis of which your identity cannot be determined without additional data is not included. In the opinion of the supervisory authorities, IP addresses are, in particular, data that refer to personal data. The transmission of the IP address when accessing a website is a technical necessity. If necessary, the data is analysed for statistical purposes in anonymous and pseudonymised form. This means that it is not possible to identify you personally through this. In principle, our data protection declaration should be simple and understandable for everyone. For this reason, our data protection declaration generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

§ 5 Data processing by visiting our website

When you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during a running connection for communication between your internet browser and our web server:

Visited domain
The date and time of the request
Page from which the file was requested
Access status (file transferred, file not found, etc.)
The web browser, system language, operating system and device type used
IP address of the requesting computer
The amount of data transferred

We collect the listed data to ensure a smooth connection to the website and to enable a comfortable use of our website by the users. In addition, the log file serves the purpose of evaluating system security and stability, as well as providing administrative functions. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 a. GDPR.

§ 6 Storage of data

If we receive personal data from you, Bright Capital will store it on a server and use it exclusively for the purposes for which you have transmitted it to us. All the servers used by Bright Capital are located within the European Union. We comply with legal regulations both during transmission and after receipt, taking into account the state of the art and suitable technical and organisational measures to protect personal information and data transmitted to us. However, no transmission method over the internet or electronic storage method is one hundred percent secure. As a result, we cannot guarantee absolute safety.

§ 7 Newsletter

You can register on our website to receive our newsletter. We need your e-mail address for this. In addition, we must check whether you are actually the owner of the e-mail address provided and would like to receive the newsletter, taking into account the relevant legal regulations. We therefore collect information that makes such a check possible. The data collected in this context is used to send and receive the newsletter. It has no other purpose and will not be passed on to third parties. Apart from the information required for sending the newsletter, no other data is collected from our site. As the sending and receiving of the newsletter is dependent on your consent, you can revoke this consent to the collection and storage of your data at any time without giving reasons. Please use the Unsubscribe-Link, which is provided in the newsletter. We use the service MailChimp to send our newsletter. MailChimp is a service of The Rocket Science Group, LLC, 512 Means Street, Ste 404 Atlanta, GA 30318. MailChimp offers analysis possibilities of how our newsletter is opened and used. This analysis is group-related and is not used by us for an individual analysis. Information about MailChimp and data protection at MailChimp can be found here: mailchimp.com/legal/privacy/ You can revoke your consent to the use of your e-mail address to send the newsletter at any time. The cancellation can be made via a link in the newsletter.

§ 8 Use of website analytics tools (web tracking)

Like most website operators, we also use analytics tools in the form of tracking software to determine the frequency of use and the number of users of our website. According to § 15 Abs. 3 TMG (German Telemedia Act) the service provider may create user profiles for purposes of advertising, market research and for the demand-oriented design of the website, provided that these are not combined with data about the owner of the pseudonym.

§ 9 Google Analytics

This website uses Google Analytics, an internet analysis service provided by Google Inc. “(“Google”). Google Analytics uses so-called “cookies” and web beacons. The information generated in relation to the use of this website is transferred by default to a Google server in the USA and stored there. We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, which may exclude any personal relationship. Google Inc., based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. Processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR and § 15 Para. 3 TMG respectively on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes. On behalf of the operator of this website, Google will use this information to analyze your use of the website and to generate reports on website activity. Google also uses this information to provide other services related to the use of the website and the internet to the website operator. The IP address sent by your browser as part of Google Analytics is not combined with other Google data. The terms of use of Google Analytics and information on data protection can be accessed via the following links: www.google.com/analytics/terms/de.html and at www.google.de/intl/de/policies/. You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. However, we must point out that in this case you will not be able to use all functions of this website without restrictions. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en. Information on the handling of user data at Google Analytics can be found in Google’s data protection declaration: support.google.com/analytics/answer/6004245

§ 10 Hotjar

To improve the user experience, this website uses Hotjar software (http://www.hotjar.com, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). By means of Hotjar the user behaviour (mouse movements, clicks, scroll height etc.) on internet pages can be measured and evaluated. For this purpose, Hotjar uses cookies on the user’s end devices and can store data from users such as browser information, operating system, time spent on the site etc. in anonymized form. Furthermore, it is possible to get feedback directly from the users of the website with the help of the tool. Above all, Hotjar services can improve the functionality of Hotjar-based websites by making them more user-friendly, more valuable and easier for end users to use. When using this tool, we pay particular attention to the protection of your personal data. This way we can only see which buttons are clicked, the course of the mouse, how far the mouse scrolls, the screen size of the device, device type and browser information, geographical location (country only) and the preferred language to display our website. Areas of the websites in which personal data of you or third parties is displayed are automatically hidden by Hotjar and are therefore at no time traceable. In order to exclude a direct personal relationship, IP addresses are only stored and processed anonymously. Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that is transmitted by your browser within the framework of website enquiries. These may be cookies or your IP address, for example. In these exceptional cases, this processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes. Hotjar offers every user the possibility to prevent the use of the tool Hotjar with the help of a “Do-not-Track-Headers”, so that no data about the visit of the respective website is recorded. This is a setting that supports all common browsers in current versions. Your browser sends a request to Hotjar to deactivate the tracking of the respective user. If you use our websites with different browsers or computers, you must set up the “Do-not-Track-Headers” for each of these browsers or computers separately.

When you visit a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to our opt-out page at www.hotjar.com/legal/compliance/opt-out and disabling Hotjar. For more information about Hotjar Ltd. and the Hotjar tool, please visit: www.hotjar.com

The privacy policy of Hotjar Ltd. can be found at: www.hotjar.com/privacy

§ 11 LinkedIn

Within our online offer we use the marketing functions (so-called “LinkedIn Insight Tag”) of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is informed that you have visited our website with your IP address. With the help of the LinkedIn Insight Tag we can analyse the success of our campaigns within LinkedIn or determine target groups for them based on the interaction of the users with our online offer. If you are registered with LinkedIn, it is possible for LinkedIn to associate your interaction with our online service with your user account. Even if you click on the “Recommend-Button” from LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. The described data processing procedures take place according to art. 6 para. 1 lit. f DSGVO on the basis of the legitimate interests of LinkedIn in the insertion of personalised advertising in order to inform other users of the social network about your activities on our website and for the demand-oriented design of the service.

You can also object to the loading of the LinkedIn plug-ins and thus the data processing procedures described above with add-ons for your browser in the future, e.g. with the script blocker “NoScript” (http://noscript.net/). (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy: www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

§ 12 Google Maps

Our websites use the online map service provider Google Maps via an interface. The map service provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functionalities of Google Maps it is necessary to save your IP address. This information is transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. The use of the Google Maps map service is in the interest of an appealing presentation of our online offer and to make it easier to find the addresses we have listed on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. For more information on how we treat user data, please see Google’s privacy policy: www.google.de/intl/de/policies/privacy/. Opt-out: www.google.com/settings/ads/

§ 13 Cookies

Our website uses cookies, which are stored by the browser on your device and which contain certain settings for the use of the website (e.g. for the current session). Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted after closing the browser. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies enable us to recognize your browser the next time you visit our website. In some cases, cookies are used to simplify website processes by saving settings (e.g. the provision of already selected options). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. You can configure your browser in such a way that you are informed about the settings of cookies and only allow cookies in individual cases, excluding the acceptance of cookies for certain cases or in general deactivating cookies and activating the automatic deletion of cookies when closing the browser. The cookie settings can be managed using the following links for the respective browser.

Firefox: support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen 

Internet Explorer: windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies 

Chrome: support.google.com/chrome/bin/answer.py

Safari: support.apple.com/kb/ph21411;

Opera: help.opera.com/Windows/10.20/de/cookies.html

You can also individually manage the cookies of many companies and features used for advertising. Use the corresponding user tools, available at www.aboutads.info/choices/ or www.youronlinechoices.com/uk/your-ad-choices

Most browsers also offer a so-called “Do-Not-Track function” with which you can specify that you do not want to be “tracked” by websites. When this feature is enabled, your browser tells advertising networks, websites and applications that you do not want to be tracked for behavior-based advertising. Information and instructions on how to edit this function are available from the links below, depending on the provider of your browser:

Google Chrome: support.google.com/chrome/answer/2790761;

Mozilla Firefox: www.mozilla.org/de/firefox/dnt/

Internet Explorer: support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track 

Opera: help.opera.com/Windows/12.10/de/notrack.html 

Safari: support.apple.com/kb/PH21416

You can also prevent scripts from being loaded by default. NoScript allows you to run JavaScripts, Java and other plug-ins only on trusted domains of your choice. For information and instructions on how to edit this feature, contact your browser vendor (e.g. for Mozilla Firefox at: addons.mozilla.org/de/firefox/addon/noscript/).

Please note that when cookies are deactivated, the functionality of this website may be limited.

§ 14 Data transfer and recipient

We do not sell your personal data to third parties. Your personal data will not be passed on to third parties unless

we have explicitly indicated this in the description of the respective data processing,
you have given your explicit consent in accordance to Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an outright interest worthy of protection in not disclosing your data,
that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
this is required under Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.

We also use external service providers, which we have carefully selected and commissioned in writing, to carry out our services. They are bound by our instructions and are regularly checked by us. With which we have concluded order processing contracts in accordance with Art. 28 GDPR, if necessary. These are service providers for web hosting, sending e-mails and maintaining our IT systems, etc. The service providers will not pass this data on to third parties.

§ 15 Duration of data storage

We adhere to the principles of data avoidance and data minimization. Accordingly, we will only store your personal data for as long as necessary to achieve the purposes stated here or in accordance with the various storage periods prescribed by law. Once the targets have been met or these deadlines have expired, the relevant data is routinely blocked or deleted in accordance with legal requirements.

§ 16 Rights of the persons concerned

In the following section you will find information on the rights of persons concerned which are granted to you by the current data protection laws with regard to the entity responsible of the processing of your personal data: The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information regarding their details. The right to immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR. The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR. The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible. The right to revoke your consent granted pursuant to Art. 7 para. 3 GDPR at any time with effect in the future. The right to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which we have our registered office or, if applicable, that of your usual place of residence or work. The right to revoke consent granted pursuant to Art. 7 para. 3 GDPR: You have the right to revoke consent to the processing of data once granted at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation;

Right of objection

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to indicate a special situation.

If you wish to exercise your right of revocation or opposition or any of your other rights, simply send an e-mail to dataprotection@brightcapital.de with the subject “Data protection Bright Capital websites”. If necessary, you must provide proof of your identity or that it is your account.

§ 17 Subject to alterations

Bright Capital reserves the right to change this Privacy Policy at any time in accordance with the law. If we make significant changes, we will notify you by posting a notice on this website before the change takes effect. We ask you to check this page regularly for current information on our data protection practices.

Status of this data protection declaration: 01.05.2019