Privacy Policy

We, Hamburg Commercial Bank AG (in the following: "we" or "us") appreciate your interest in our company and our products. In this Privacy Policy, we want to inform you about the processing of your personal data (in the following also only "data") when you visit our websites https://www.hcob-bank.com, https://hcob.com/ and use our services. We further provide information about your rights. Data privacy is very important to us, and we comply with the applicable data protection regulations, in particular, the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as a matter of course.

Our website and our services are not intended for children or adolescents under the age of 16.

If you do not understand terms that we use in this Privacy Policy, our explanations provided under the heading Help in understanding data protection terms might help. If you have any questions about data privacy, you can also contact us (informally) by using the contact details provided below.

The controller for the data processing is:

Hamburg Commercial Bank AG
Gerhart-Hauptmann-Platz 50
20095 Hamburg, Germany and
Martensdamm 6, 24103 Kiel, Germany
E-Mail: info@hcob-bank.com
Telephone: Hamburg +49 40 3333 0 / Kiel +49 431 900 01

You can contact our data protection officer at:

Hamburg Commercial Bank AG
Data Protection Officer
Martensdamm 6
24103 Kiel
Germany
E-Mail: datenschutz@hcob-bank.com

I. Data processing during your visit to our website

We collect and process your personal data in the context of your visit to our website. This is done for the purposes and to the extent described below. In doing this, we disclose your data to third parties only as described below.

1. To make our website and services available

In order to be able to make our website and the services rendered via the website available to you, we collect and process the following data relating to you automatically when you visit our website:

date and time of your access
your IP address
the address of the website via which you accessed our website
the websites that you switch to while you are on our website
information about your internet browser (browser type and version)
the operating system of the device by way of which you access our website and ser-vices
your internet service provider

The legal basis for the processing of your data in order to make our website and services available to you is Article 6(1) sentence 1 (f) GDPR. We have a legitimate interest in processing your data so that we can offer our website and the services rendered via our website without technical problems, securely and tailored to your needs. The data of the server log files are stored separately from other data.

We store this information, but without your IP address, in log files for security reasons and erase it after 15 days. The data in the log files are stored separately from other data about you.

The data are stored for a longer period only if necessary in the individual case (e.g. in the event of a concrete suspicion of misuse or fraud). In such cases, the respective log files are stored until the matter has been investigated and any subsequent necessary measures have been completed.

To be able to make our website and the services rendered via the website (including those specified below) available, we use service providers that process your data specified in this Privacy Policy only on our account and in accordance with our instructions (processors as defined in Article 28 GDPR) and which have implemented the appropriate technical and organisational measures to protect your rights. That especially includes Diebold Nixdorf Global IT Operations GmbH, Wendenstraße 21, 20097 Hamburg, the hosting provider for our website and related services.

2. Use of cookies

When you visit our website, we also collect and use your data so that you can use our website and services more conveniently. In this context, we also use a session cookie. Cookies are small text files that are saved on your device via your internet browser. Details regarding the definition of cookies and how they function and regarding other data protection and technical terms are available under " Help in understanding data protection terms ".

The legal basis for the use of the session cookie in the context of our website and services is Article 6(1) sentence 1 (f) GDPR. We have a legitimate interest in using the cookie so that we can offer our website and the services rendered via our website with the optimal technology.

The session cookie is erased when you leave our website.

Moreover, you can generally deactivate the use of cookies in your browser settings. Without the use of cookies, however, some functions of this website may not work at all or may not work as conveniently for you as usual.

Consent Manager

We have integrated the consent management tool "consentmanager" (www.consentmanager.net) from consentmanager AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, consentmanager helps us (according to GDPR this is the responsible party) to fulfill our legal obligations (e.g. obligation to provide evidence). Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active. One year after making the user settings, the consent will be asked again. The user settings made are then saved again for this period.

You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to info@consentmanager.net.

Vimeo

We use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011.

By selecting and agreeing to cookies, you consent to the integration of Vimeo. On some of our web pages, we use plugins from the provider Vimeo. When you call up the Internet pages of our website that are provided with such a plugin, a connection is established to the Vimeo servers and the plugin is displayed. This transmits to the Vimeo server which of our Internet pages you have visited. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

The legal basis for the processing is your consent in accordance with Art. 6 (a) DSGVO.

Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy.

The domain consensu.org is used by ConsentManager and managed by IAB Europe.

ConsentManager uses that domain in order to offer the HCOB support for the IAB standard. However, IAB Europe does not read cookies.

Webtrekk

Our website uses Webtrekk in order to be able to adapt the website to your interests and needs, and for the purpose of market research, the data generated during your visit to my website is evaluated. For this purpose, we use the services of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, datenschutz@webtrekk.com .

Webtrekk GmbH collects anonymised usage data on the surfing and clicking behaviour of website visitors. For this purpose, Webtrekk sets a session cookie through your browser, provided you have agreed to this cookie via the cookie banner. The session cookie makes it possible to record your visit coherently across several Deutsche Bank websites. The session cookie is set anew with each visit and expires after you leave the website. Furthermore, Webtrekk sets a temporary cookie that makes it possible to identify you pseudonymously as a returning visitor to the website on the basis of the cookie ID. The temporary cookies expire six months after your last visit.

You can delete cookies at any time via your browser settings.

The legal basis for the processing of your data is your consent to the cookie in accordance with Art. 6 Para. 1 (a).

Data transfer by Webtrekk GmbH to third countries outside the European Union does not take place. This takes place on the basis of contractual regulations provided for by law, which are intended to ensure adequate protection of your data and which you can view on request.

3. Contacting us (particularly when a form is used)

You can contact us in different ways. These include contacting us by way of the forms on our website or by email. The data processing that takes place in the context of contacting us can serve different purposes, depending on the content of your communication. As a rule, we store and process the data given to us so that we can process the matter that you contacted us about.

The legal basis for the processing of your data when you contact us is your consent (Article 6(1) sentence 1 (a) GDPR).

This does not apply only when your contact with us is directly for the purpose of performing a contractual relationship already existing between us. In these cases, we base the processing of your data on Article 6(1) sentence 1 (b) GDPR.

Your data stored in the context of your contact with us are erased as soon as they are no longer necessary and as long as they are not subject to any statutory retention duties. We check whether it is necessary to continue to store data at least once a year. Deviating from this, data regarding contractual relationships are stored for at least six years or, if they have tax relevance, for at least ten years.

4. Use of our newsletter

On our website, you can subscribe to a free newsletter containing promotional information if you have explicitly consented to receiving it. To avoid misuse, you will first receive an email with a confirmation link that you must activate in order to receive the actual newsletter (double opt-in procedure).

When you register for the newsletter, your email address, your IP address and the date and time of your registration will be transmitted to us and stored and processed by us. Your data will be used only as proof of your consent to the content and transmission of the newsletter. No data will be disclosed to third parties.

The legal basis for the processing of your data in the context of the transmission of our newsletter is your consent (Article 6(1) sentence 1 (a) GDPR).

Your data will be stored as long as we regularly send you the newsletter. If we should no longer send you the newsletter (in particular, if you withdraw your consent), we will erase your data 12 months after sending you the last newsletter at the latest.

Please note that you can withdraw your consent at any time and can unsubscribe the newsletter by sending us an email to investor-relations@hcob-bank.com or by clicking on the link to unsubscribe in each newsletter.

We use the services of mailing service providers that assist us in the mailing of our newsletter and process your data only on our account and in accordance with our instructions (processors as defined in Article 28 GDPR). These service providers have implemented appropriate technical and organisational measures for the protection of your data. These are currently:

Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin (Germany).
Invitario GmbH, Lerchenfelder Straße 74/1/6, A-1080 Vienna (Austria)

Invitario

The participant management software is used to plan, coordinate, implement and control activities from event communication to participant administration. When registering for an event that is controlled via this tool, you agree to the conditions of Invitario GmbH, Lerchenfelder Straße 74/1/6, A-1080 Vienna. You can find the detailed declaration at: https://invitario.com/datenschutz-website/

ClickMeeting

For meetings or webinars offered by HCOB, we use the webinar software from ClickMeeting. If you take part in a digital event, you will receive the corresponding access data from us. With the use of the offer, the data protection guidelines of the company ClickMeeting Spółka z ograniczoną odpowiedzialnością with registered office at ul. Arkońska 6/A4, 80-387 Gdańsk, Poland, company no. (KRS): 0000604194, VAT no. (NIP): 5842747535. ClickMeeting processes personal data mainly to enable access to the platform. Details can be found at the following address: https://clickmeeting.com/legal

5. Privacy policy online banking

You can carry out your banking transactions in online banking via our web branch or by using a finance software supporting the FinTS standard (“online banking”).

The data processed in the context of online banking (in particular access and authentication data such as user-ID, PINs, TANs, your entries in the online banking as well as payment transaction data such as booking records, payment recipients, account data, purposes, transfer and credit card information) is used exclusively for the purposes of providing online banking and carrying out payment transactions.

Due to legal requirements (in particular from the Money Laundering Act (GWG), the Banking Act (KWG) and the Payment Services Supervision Act (ZAG)), we may be obliged to transfer your payment transaction data to public institutions.

In addition, the data is transferred to our payment service providers as part of the technical provision of online banking and the processing of payment transactions. They process your data exclusively on our behalf and in accordance with our instructions (so-called data processors in accordance with Article 28 GDPR) and have taken appropriate technical and organisational measures to protect your data.

In the case of international transfers and separately ordered express transfers, the data contained in the transfer are forwarded to the recipient's credit institution via international payment service providers (in particular SWIFT located in Belgium and TARGET2).

The legal basis for the processing of payment transactions is the execution of our contract with you, Article 6(1) sentence 1 (b) GDPR. The legal basis for the legally required transfer of data to third parties and their storage beyond our contractual relationship is Article 6(1) sentence 1 (c) GDPR.

We store your data processed in the context of online banking for as long as it is necessary for the technical provision and execution of the contract. In addition, we process your data for as long as we are obliged to do so under statutory and supervisory requirements, in particular under tax and fiscal law.

6. Fondsinformationsportal and Handelsportal

The fund information and trading portal (Fondsinformationsportal und Handelsportal) is linked via our website at https://www.hsh-nordbank-geschlossenefonds.de/ and is not operated by us. Please read the privacy policy shown there.

II. Data processing in the context of our online presence on XING and LinkedIn

In addition to our website we are also represented on online platforms and in social networks. If our communication with you takes place on these platforms and in these networks, their terms and data privacy policies will apply to our communication. You can find these terms and policies on the website of the relevant provider.

If you communicate with us via such platforms or networks, we process the data in your messages and posts, depending on their content and purposes of the communication, on the basis of either Article 6(1) sentence 1 (b) GDPR or Article 1 sentence 1 (f) GDPR. We use your data in order to be able to communicate with you.

If the respective platform or network allows this, your data will be erased as soon as they are no longer necessary for the respective purpose.

Data processing in the context of our online presences on the podcast platforms Spotify, Soundcloud and Google Podcasts

Insofar as communication with you takes place within the framework of these music and audio platforms, the terms and conditions and data protection guidelines there apply. These can be found on the website of the relevant provider.

Spotify:

We generally link to our podcast on the Spotify platform. Through the use and associated forwarding of the link, your IP address is transmitted to Spotify. If you are logged in as a Spotify user, Spotify assigns this data to your user account. If you do not want Spotify to associate your visit to our website with your Spotify user account, please log out of your Spotify user account. By using the Spotify service, personal data may be transmitted to the company Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Spotify also processes this data on servers outside the EU. For more information on Spotify's data protection, please visit https://www.spotify.com/us/legal/privacy-policy/ .

Soundcloud:

In principle we link to our podcast from our website. By leaving our site or by clicking on the podcast, you will be redirected to soundcloud and accept that your data will be transmitted to soundcloud in the USA, a country without an adequate level of data protection. By leaving our website, your IP address and possibly personal data will be transmitted to the company SoundCloud Global Limited & Co. KG. For more information on data protection at Soundcloud, please visit: https://soundcloud.com/pages/privacy

Google Podcasts:

Furthermore, our podcast can be accessed on the Google Podcasts platform. Insofar as communication with you takes place within the framework of these music and audio platforms, the terms and conditions and data protection guidelines from there apply. You can find these on the website of the relevant provider. Data protection & declaration of use: https://policies.google.com/privacy?hl=en

III. Data transfer according to the German Deposit Insurance Act

Hamburg Commercial Bank AG is audited by third parties for the purpose of assessing its admission to the Deposit Insurance Fund of the Association of German Banks (Einlagensicherungsfonds des Bundesverbandes deutscher Banken e.V.) and its admission to the Compensation Scheme of German Banks (Entschädigungseinrichtung deutscher Banken GmbH). Among other things, the risk of HSH Nordbank AG’s default is assessed in accordance with the Deposit Insurance Act (Einlagensicherungsgesetz – EinSiG). For this purpose, we have granted or will grant – to the extent necessary – the third parties set out below access to selected documents and information.

This concerns, in particular, the following customer data:

name, title,
address and nationality,
date of birth,
information about your loan, securitization and contracts in connection with your contractual loan obligations,
other information that you have made available to us pursuant to supervisory requirements in connection with our customer relationship to you (e.g. "know your customer").

Additionally, the documents may also contain other personal data, such as data of employees (e.g. a signature on a document or the documentation of participation in a business transaction) or other third parties (e.g. a certifying notary).

The data is reviewed by the Auditing Association of German Banks (Prüfungsverband deutscher Banken) or its subsidiaries (e.g. GBB-Rating Gesellschaft für Bonitätsbeurteilung mbH) as well as by the service providers engaged by the Auditing Association of German Banks (e.g. law firms) to carry out the audit, and the Association of German Banks (Bundesverband deutscher Banken). Additionally, Deutsche Bank AG acts as an advisor of the Association of German Banks.

According to §§ 34 et seq. EinSiG, the audit by third parties is obligatory for the admission to the Compensation Scheme of German Banks (Entschädigungseinrichtung deutscher Banken GmbH). In addition, such processing of data is justified based on Hamburg Commercial Bank AG’s overriding interest to participate in the Deposit Insurance Fund and the German Banks' Compensation Scheme pursuant to Article 6 (1) lit. f GDPR and § 28 (2) sentence 2 no. 2 German Federal Data Protection Act (former version).

In particular, the data will be made available to these third parties via a so-called virtual data room provided by Merrill Corporation. This is an online database which is only accessible with a user ID and which allows to track and limit the users’ access. Your data will only be stored in databases within the EU. In this way, the data is comprehensively protected against access by unauthorized persons. Access to the data room will be suspended as soon as the customer data is no longer required for the audit.

IV. Data transfer in connection with the sale of HSH Nordbank AG

In connection with the sale of HSH Nordbank AG and/or the disposal of a portfolio of HSH Nordbank AG’s internal restructuring bank, HSH Nordbank AG has submitted or will submit personal data to the following purchasers and their consultants (e.g. legal consultants, auditors):

Cerberus European Investments LLC and affiliated entities;
J.C. Flowers & Co. LLC;
GoldenTree Asset Management L.P.

These data are:

name, title,
address and nationality,
date of birth,
information about your loan, securitization and contracts in connection with your contractual loan obligations
other information that you have made available to us pursuant to supervisory requirements in connection with our customer relationship to you (e.g. "know your customer").

This is necessary to enable the privatization of HSH Nordbank AG and to enable the purchasers to continue contractual relationships with you and is based on HSH Nordbank AG’s legitimate business interest in a successful privatization and the interest of HSH Nordbank AG in selling its loan claims in accordance with Article 6 (1) lit. f GDPR and § 28 (2) sentence 2 no. 2 German Federal Data Protection Act (former version). HSH Nordbank AG will retain your data for another term of at least six years or – if relevant for tax purposes – at least ten years in order to comply with the law.

The data was made available to the purchasers via a so-called virtual data room provided by Merrill Corporation. For more information, see III.

V. Routine erasure and blocking of data

In principle, we store your data only for the time period required for the achievement of the purpose of the storage or prescribed by the European lawmakers or other lawmakers in laws or regulations to which we are subject. In Germany, in particular, a duty to store for six years applies under § 257 (1) German Commercial Code (Handelsgesetzbuch) (particularly to trading books, inventories, opening balance sheets, annual financial statements, commercial correspondence, internal invoices) and for ten years under § 147 (1) German Tax Code (Abgabenordnung) (particularly to accounts, records, management reports, internal invoices, commercial and business correspondence, documents relevant for taxation). If the purpose for storage no longer applies or if a storage period prescribed by statutory provisions expires, your personal data is routinely blocked or erased in compliance with the statutory provisions. Please take note of the specific statements regarding individual storage and erasure periods in this Privacy Policy as well.

VI. Privacy policy electronic banking

You can carry out your banking transactions in Electronic Banking via our web-based application, the HCOB Banking APP or via any other EBICS financial software.

The data processed in the context of electronic banking (in particular access and authentication data such as signature plug-in, user-ID, your entries in the electronic banking as well as payment transaction data such as booking records, payment recipients, account data, purposes, transfer and credit card information) is used exclusively for the purposes of providing electronic banking and carrying out payment transactions.

In addition, the data is transferred to our payment service providers as part of the technical provision of electronic banking and the processing of payment transactions. They process your data exclusively on our behalf and in accordance with our instructions (so-called data processors in accordance with Article 28 GDPR) and have taken appropriate technical and organisational measures to protect your data.

We store your data processed in the context of electronic banking for as long as it is necessary for the technical provision and execution of the contract. In addition, we process your data for as long as we are obliged to do so under statutory and supervisory requirements, in particular under tax and fiscal law.

VII. Your rights

As data subject (Article 4(1) GDPR), you have numerous rights about which we would like to inform you in the following. Details can also be found in Articles 15 to 21 GDPR and §§ 32 to 37 German Federal Data Protection Act (in the version applicable as of 25 May 2018).

To exercise your rights, please contact our data protection officer designated above (no specific form required).

1. Right of access

You have the right to obtain from us information as to whether or not personal data concerning you are being processed and if so, what data are being processed. This includes information as to how long and for what purpose we process the data, the source of the data and to what recipients or categories of recipients we disclose the data. You can also obtain copies of these data from us.

2. Right to rectification

You have the right to obtain from us the rectification of data concerning you that are or are no longer correct without delay. Moreover, you can demand that your incomplete personal data to be completed. If this is required by law, we will also inform third parties about this rectification if we have disclosed your data to them.

3. Right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of your personal data without delay when one of the following reasons applies:

your data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or the purpose has been achieved;
you withdraw your consent and there is no other legal basis for the processing;
you object to the processing and there are no overriding legitimate grounds for the processing; where personal data are used for direct marketing purposes, it suffices if you simply object to the processing;
your personal data have been unlawfully processed;
your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.

Please note that your right to erasure can be restricted by statutory regulations. These include in particular the restrictions listed under Article 17 GDPR and § 35 German Federal Data Protection Act (in the version applicable as of 25 May 2018).

4. Right to restriction of processing

You have the right to obtain from us the restriction of the processing of your personal data where one of the following applies:

you contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
we no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
you have objected to the processing pending the verification whether our legitimate grounds override yours.

If you have obtained a restriction of processing according to the list above, we will inform you before the restriction of processing is lifted.

5. Right to withdraw consent

You may withdraw your consents given to us at any time with effect for the future. This withdrawal may take the form of an informal notification to the contact address mentioned above. This also applies to the consents given to us before the applicability of the GDPR (i.e. before 25 May 2018). If you withdraw your consent, this does not affect the validity of the data processing carried out until then. In general, the consequence of a withdrawal of consent is that you will no longer be able to use the services with regard to which we requested your consent or to use them to the full extent.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit these data to others. For details and exceptions, please see Article 20 GDPR. Exercising this right does not affect your right to erasure.

7. Right to lodge a complaint with the supervisory authority

If you are of the opinion that the processing of your personal data violates applicable data protection law, you may lodge a complaint with a competent supervisory authority, particularly with the Hamburg Commissioner for Data Protection and Freedom of Information (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit) and the Independent Centre for Privacy Protection Schleswig-Holstein (Unabhängiges Landeszentrum für Datenschutz Schleswig Holstein) or the respective supervisory authority in the Member State of your habitual residence, place of work or place of the alleged violation.

8. Right to object pursuant to Article 21 GDPR

According to Article 21 GDPR, you may object, on grounds relating to your particular situation, at any time to the processing of your personal data if we base this processing on legitimate interests in accordance with Article 6(1) sentence 1 (f) GDPR. If you object, we will no longer process your personal data, unless:

we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or
the processing serves the establishment, exercise or defence of legal claims.

In particular, if we process your personal data for direct marketing purposes, you may object at any time to the processing of your personal data for such marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.

VII. Help in understanding data protection terms

In this Privacy Policy, we use some terms that are also used by the lawmakers, particularly in the European General Data Protection Regulation (GDPR). Since it is of great importance to us that you understand this Privacy Policy, we will explain some important terms to you below in alphabetical order:

Browser: This is any program used to display websites online, such as the programs Mozilla Firefox or Google Chrome.

Consent: This is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller: This means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Cookies: Cookies are small text files that include a characteristic character sequence (cookie ID) and are filed and stored on your device (e.g. smart phone or computer) via an internet browser if you do not prevent this by adjusting your technical settings. Cookies make it possible for websites and servers to distinguish your individual browser from other internet browsers. A specific internet browser can therefore be recognised and identified by the distinct cookie ID. It is therefore possible to facilitate the use of our website because, for example, you have to enter certain data only once. If possible, we use cookies that are deleted again once you close your browser (session cookies). In addition to the option of configuring your browser not to accept any cookies, you also have the option of deleting already placed cookies at any time via an internet browser or other programs. Please note, however, that the non-use of cookies may result in a situation in which not all functions of our website or services can be used to the full extent.

Data subject: This is any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.

IP address: This is an address linked to your device (e.g. smart phone or computer) ensuring that your device can be addressed and reached on the internet.

Personal data: This is any information relating to an identified or identifiable natural person (also called "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: This means any operation or set of operations performed on personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor: This is a natural or legal person, public authority, agency or other body who/which processes personal data on behalf of a controller.

Recipient: This is a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.

Restriction of processing: This is the marking of stored personal data with the aim of limiting their processing in the future (e.g. with regard to certain processing purposes).

Third party: This means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

VIII. Security

We apply technical and organisational security measures so as to protect your personal data against misuse, loss, destruction or from access by unauthorised persons. Our security measures correspond to current state-of-the-art technology.

IX. Validity of and amendments to the Privacy Policy

This Privacy Policy is valid at present and dates from 24.05.2018.

Owing to the development of our website or the implementation of new technology, it may become necessary to amend this Privacy Policy. We reserve the right to make such amendments at any time.

X. Your questions regarding data protection

Should you have any questions regarding this Privacy Policy or your rights, please do not hesitate to contact the data protection officer designated above.