§ 1 Bright Capital Websites
§ 2 Summary
§ 3 Contact persons and responsibilities
Responsible entity within the meaning of data protection law
Bright Capital Investment Management GmbH
Matthias Mathieu, Karsten Batran
Große Bockenheimer Str. 43
60313 Frankfurt am Main
+49 69 3487 759 80
Registered office: Frankfurt am Main
Registry court: Amtsgericht Frankfurt am Main
Commercial register: HRB 99217
Managing directors: Matthias Mathieu, Karsten Batran
Contact details of the data protection officer
Bright Capital Investment Management GmbH
Große Bockenheimer Str. 43
60313 Frankfurt am Main
+49 69 3487 759 80
§ 4 Definition of personal data
Personal data is any information about the personal and actual circumstances of a particular or identifiable person. This information includes, for example, your name, e-mail address, postal address or telephone number. Information on the basis of which your identity cannot be determined without additional data is not included. In the opinion of the supervisory authorities, IP addresses are, in particular, data that refer to personal data. The transmission of the IP address when accessing a website is a technical necessity. If necessary, the data is analysed for statistical purposes in anonymous and pseudonymised form. This means that it is not possible to identify you personally through this. In principle, our data protection declaration should be simple and understandable for everyone. For this reason, our data protection declaration generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.
§ 5 Data processing by visiting our website
When you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during a running connection for communication between your internet browser and our web server:
- Visited domain
- The date and time of the request
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- The web browser, system language, operating system and device type used
- IP address of the requesting computer
- The amount of data transferred
We collect the listed data to ensure a smooth connection to the website and to enable a comfortable use of our website by the users. In addition, the log file serves the purpose of evaluating system security and stability, as well as providing administrative functions. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 a. GDPR.
§ 6 Storage of data
If we receive personal data from you, Bright Capital will store it on a server and use it exclusively for the purposes for which you have transmitted it to us. All the servers used by Bright Capital are located within the European Union. We comply with legal regulations both during transmission and after receipt, taking into account the state of the art and suitable technical and organisational measures to protect personal information and data transmitted to us. However, no transmission method over the internet or electronic storage method is one hundred percent secure. As a result, we cannot guarantee absolute safety.
§ 7 Newsletter
You can register on our website to receive our newsletter. We need your e-mail address for this. In addition, we must check whether you are actually the owner of the e-mail address provided and would like to receive the newsletter, taking into account the relevant legal regulations. We therefore collect information that makes such a check possible. The data collected in this context is used to send and receive the newsletter. It has no other purpose and will not be passed on to third parties. Apart from the information required for sending the newsletter, no other data is collected from our site. As the sending and receiving of the newsletter is dependent on your consent, you can revoke this consent to the collection and storage of your data at any time without giving reasons. Please use the Unsubscribe-Link, which is provided in the newsletter. We use the service MailChimp to send our newsletter. MailChimp is a service of The Rocket Science Group, LLC, 512 Means Street, Ste 404 Atlanta, GA 30318. MailChimp offers analysis possibilities of how our newsletter is opened and used. This analysis is group-related and is not used by us for an individual analysis. Information about MailChimp and data protection at MailChimp can be found here: mailchimp.com/legal/privacy/ You can revoke your consent to the use of your e-mail address to send the newsletter at any time. The cancellation can be made via a link in the newsletter.
§ 8 Use of website analytics tools (web tracking)
Like most website operators, we also use analytics tools in the form of tracking software to determine the frequency of use and the number of users of our website. According to § 15 Abs. 3 TMG (German Telemedia Act) the service provider may create user profiles for purposes of advertising, market research and for the demand-oriented design of the website, provided that these are not combined with data about the owner of the pseudonym.
§ 9 Google Analytics
§ 10 Hotjar
When you visit a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to our opt-out page at www.hotjar.com/legal/compliance/opt-out and disabling Hotjar. For more information about Hotjar Ltd. and the Hotjar tool, please visit: www.hotjar.com
§ 11 LinkedIn
Within our online offer we use the marketing functions (so-called “LinkedIn Insight Tag”) of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is informed that you have visited our website with your IP address. With the help of the LinkedIn Insight Tag we can analyse the success of our campaigns within LinkedIn or determine target groups for them based on the interaction of the users with our online offer. If you are registered with LinkedIn, it is possible for LinkedIn to associate your interaction with our online service with your user account. Even if you click on the “Recommend-Button” from LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. The described data processing procedures take place according to art. 6 para. 1 lit. f DSGVO on the basis of the legitimate interests of LinkedIn in the insertion of personalised advertising in order to inform other users of the social network about your activities on our website and for the demand-oriented design of the service.
§ 12 Google Maps
§ 13 Cookies
Internet Explorer: windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
You can also individually manage the cookies of many companies and features used for advertising. Use the corresponding user tools, available at www.aboutads.info/choices/ or www.youronlinechoices.com/uk/your-ad-choices
Most browsers also offer a so-called “Do-Not-Track function” with which you can specify that you do not want to be “tracked” by websites. When this feature is enabled, your browser tells advertising networks, websites and applications that you do not want to be tracked for behavior-based advertising. Information and instructions on how to edit this function are available from the links below, depending on the provider of your browser:
Google Chrome: support.google.com/chrome/answer/2790761;
Mozilla Firefox: www.mozilla.org/de/firefox/dnt/
Please note that when cookies are deactivated, the functionality of this website may be limited.
§ 14 Data transfer and recipient
We do not sell your personal data to third parties. Your personal data will not be passed on to third parties unless
- we have explicitly indicated this in the description of the respective data processing,
- you have given your explicit consent in accordance to Art. 6 para. 1 sentence 1 lit. a GDPR,
- the disclosure pursuant to Art. 6 para. 1 sentence 1 f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an outright interest worthy of protection in not disclosing your data,
- that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
- this is required under Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.
We also use external service providers, which we have carefully selected and commissioned in writing, to carry out our services. They are bound by our instructions and are regularly checked by us. With which we have concluded order processing contracts in accordance with Art. 28 GDPR, if necessary. These are service providers for web hosting, sending e-mails and maintaining our IT systems, etc. The service providers will not pass this data on to third parties.
§ 15 Duration of data storage
We adhere to the principles of data avoidance and data minimization. Accordingly, we will only store your personal data for as long as necessary to achieve the purposes stated here or in accordance with the various storage periods prescribed by law. Once the targets have been met or these deadlines have expired, the relevant data is routinely blocked or deleted in accordance with legal requirements.
§ 16 Rights of the persons concerned
In the following section you will find information on the rights of persons concerned which are granted to you by the current data protection laws with regard to the entity responsible of the processing of your personal data: The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information regarding their details. The right to immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR. The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR. The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible. The right to revoke your consent granted pursuant to Art. 7 para. 3 GDPR at any time with effect in the future. The right to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which we have our registered office or, if applicable, that of your usual place of residence or work. The right to revoke consent granted pursuant to Art. 7 para. 3 GDPR: You have the right to revoke consent to the processing of data once granted at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation;
Right of objection
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to indicate a special situation.
If you wish to exercise your right of revocation or opposition or any of your other rights, simply send an e-mail to firstname.lastname@example.org with the subject “Data protection Bright Capital websites”. If necessary, you must provide proof of your identity or that it is your account.
§ 17 Subject to alterations
Status of this data protection declaration: 01.05.2019