We are happy to welcome you to this website. Data privacy and data security for our customers and users have a high priority for us. We observe the data protection regulations, in particular the EU General Data Protection Regulation (“GDPR”), the Federal Data Protection Act (“BDSG”) and the Telemedia Act (“TMG”).
In this data protection information, we explain to you what information (including personal data) we process during your visit and use of our aforementioned website.
I. Who is responsible for data processing?
The data protection responsible for the processing of personal data and service provider within the meaning of the TMG is Simon Capital Management GmbH, Speditionstraße 13, 40221 Düsseldorf, Tel. +496561 14-2000, E-Mail firstname.lastname@example.org. Whenever we talk about “we” or “us” in this data protection information, it refers to the aforementioned company.
II.What principles do we follow?
In compliance with data protection regulations, we only process your personal data if a legal regulation allows us to do so or if you have declared your consent.
On this website, we may also collect information that does not directly allow us to conclude anything about your person. In certain cases – especially in combination with other data – these information may still be considered “personal data” in the sense of data protection law. Furthermore, we may also collect information on this website that does not allow us to directly or indirectly identify you; this is, for example, the case with aggregated information about all users of this website.
III. What data do we process?
You can access our website without directly providing personal data (such as your name, postal address or email address). Even in this case, we have to collect and store certain information to enable you to access our website. Moreover, we use certain analytical processes on this website.
Log files: When you visit this website, our web server will automatically store the domain name or IP address of the accessing computer (usually that of your internet access provider), including the date, time and duration of your visit, the subpages/URLs you visit as well as information about the applications and end devices you use to view our pages.
IV. For what purposes and on what legal bases do we process your data?
The processing of any personal data contained in the log files is carried out to enable you to use our website; this is done on the basis of Section 15, Para. 1 of the German Telemedia Act (TMG).
We can also process the data collected in connection with your use of our website in order to fulfill legal obligations to which we are subject; this is carried out on the basis of Article 6(1)(c) of the GDPR.
Where necessary, we also process your data, in addition to the aforementioned purposes, for the purpose of safeguarding our legitimate interests or the interests of third parties; this is carried out on the basis of Article 6(1)(f) of the GDPR. Our legitimate interests include, in particular,
a. The assertion of legal claims and defense in legal disputes;
b. The prevention and investigation of criminal offenses;
c. The control and further development of our business activities, including risk control.
V. Am I obligated to provide data?
Where we collect personal data from you in addition to this, we will inform you at the time of collecting whether the provision of this information is prescribed by law or contract or is required for the conclusion of a contract. When doing so we will usually identify information the provision of which is voluntary and is not based on one of the above-mentioned obligations or not required for the conclusion of a contract.
VI. Who gets my data?
Your personal data is generally processed within our company. Depending on the type of personal data, only certain departments / organizational units will have access to your personal data. These include in particular the departments concerned with the provision of our digital services (e.g. webpages) and our IT department. By means of a role and authorization concept, the access within our company is limited to the functions and scope required for the purpose of processing.
We may also share your personal data with third parties outside of our company to the legally permitted extent. These external recipients can include in particular
a. Affiliated companies within the Bitburger Holding, with whom we share personal data for internal management purposes;
b. The service providers engaged by us who provide services for us on a separate contractual basis, which may include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
c. Non-public and public bodies, as far as we are obligated to share your personal data based on legal obligations.
VII. Is an automated decision-making used?
We generally do not use an automated decision-making process (including profiling) in the sense of Art. 22 of the GDPR in connection with the running of our website. Where we use such procedures in individual cases, we will inform you about this separately to the extent provided for by law.
VIII. Will data be transmitted to countries outside the EU/EEA?
The processing of your personal data is generally carried out within the EU or the European Economic Area.
Only in connection with the engaging of service providers for the provision of web analytics services can a transmission of information to recipients in so-called “third countries” be carried out. “Third countries” are countries outside the European Union or the European Economic Area Agreement, where a level of data protection cannot be readily assumed that is comparable to that in the European Union.
Where the transmitted information also includes personal data, we will make sure prior to such transmission that the adequate data protection level required is ensured in the respective third country or at the recipient in the third country. This may result in particular from a so-called “adequacy decision” of the European Commission enabling an adequate level of data protection for a specific third country to be determined overall. Alternatively, we can also base the data transmission on the so-called “EU Standard Contractual Clauses” agreed upon with a recipient. We will provide you with more information about the appropriate and adequate guarantees for compliance with a reasonable level of data protection on request; see the contact information at the beginning of this information on data protection.
IX. How long will my data be stored for?
We generally store your personal data for as long as we have a legitimate interest in doing so and said interest is not outweighed by your interests in discontinuing storage.
Even without a legitimate interest we can still store the data where required to do so by law (to meet our obligation to preserve records for example). We will delete your personal data without any action on your part as soon as knowing it is no longer necessary for fulfilling the purpose of processing or storing it is otherwise legally inadmissible.
As a general rule:
The log data will be deleted within seven days as far as continued storage is not required for purposes provided for by law such as the detection of misuse and the detection and elimination of technical malfunctions.
X. What rights do I have?
You have the right as an affected person:
To receive information about the personal data stored about you, Art. 15 of the GDPR;
To correction of inaccurate or incomplete data, Art. 16 of the GDPR;
To deletion of personal data, Art. 17 of the GDPR;
To restriction of processing, Art. 18 of the GDPR;
To data portability, Art. 20 of the GDPR, and
To object to the processing of the personal data concerning you, Art. 21 of the GDPR.
To exercise these rights, you can contact us at any time, e.g. via one of the communication channels specified at the beginning of this information on data protection.
You are also entitled to file a complaint with a competent supervisory authority for data protection, Art. 77 of the GDPR.