Privacy Policy

We, Privatize GmbH (hereinafter "we" or "us"), appreciate your visit to our websites "privatize.de" or "privatizegroup.com" and their subdomains (hereinafter collectively: "website") and your interest in our services.

We take the protection of your personal data very seriously. With this privacy policy we would like to inform you about the processing of your personal data.

Name and contact details of the person responsible 

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Privatize GmbH
Taunusanlage 9-10
60329 Frankfurt am Main
Germany
Tel.: +49 69 5050 6049 14
Email: contact@privatizegroup.com

Contact of the data protection officer

The data protection officer of the controller is:

DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany
+49 89 7400 45840

How we collect and use your personal information depends on how you interact with us or which services you use. We collect, use or share your personal data only when we have a legitimate purpose and a legal basis to do so.

What do we mean by legal basis?

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to revoke your consent at any time. For more information on how to withdraw your consent, please see the subsections "Exercising your rights" in the following sections of this privacy policy.

Contract (Art. 6 para. 1 sentence 1 lit. b GDPR) - We need to use your data to fulfill a contract you have with us. Alternatively, it is necessary to use your data because we have asked you to do so or you have taken certain steps yourself before entering into this contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) - We need to use your data to comply with the law.

Vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) - The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm.

Public task (Art. 6 para. 1 sentence 1 lit. e GDPR) - The processing of your data is necessary for the performance of a task carried out in the public interest or because it is covered by a task defined by law, e.g. for a statutory function.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) - The processing of your data is necessary to support a legitimate interest that we or another party have, only if your own interests do not override.

Please note that we may not be able to provide you with our website services if your data is processed to fulfill a contract or legal obligation and you do not provide the requested data.

Data sharing and international transmission

As explained in this privacy policy, we use various service providers to help us provide our services and keep your information secure. When we use these service providers, it is necessary for us to share your personal data with them.

We have concluded agreements with all service providers to whom we pass on your data, obliging them to protect your data.

If your personal data is transferred outside the EU, we will ensure that your personal data receives an equivalent level of protection, either because the country to which your data is transferred has an "adequate" data protection standard as defined by the European Commission, or by applying another protection measure, such as an enhanced contractual agreement, i.e., the standard contractual clauses (SCCs) adopted by the European Commission.

For example, when we use U.S. service providers, we rely on either the SCC or the EU-US Data Privacy Framework, depending on the provider. You may request a copy of the SCCs we have entered into with our service providers by sending an email to the email address provided in this privacy policy.

Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. The right of access (Art. 15 GDPR)

You have the right to request confirmation from us as to whether personal data concerning you are being processed. If this is the case, you have a right to information about this data and the following information:

  • Processing purposes
  • Categories of personal data
  • Recipients or categories of recipients
  • Planned storage duration or the criteria for determining this duration
  • the existence of the rights of rectification, cancellation or restriction or objection
  • the right to lodge a complaint with the competent supervisory authority
  • If applicable, origin of the data (if collected from a third party)
  • If applicable, existence of automated decision-making including profiling with meaningful information about the logic involved, the scope and the effects to be expected
  • If applicable, transfer of personal data to a third country or international organization
2. Right to rectification (Art. 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to request that the personal data be corrected or completed without delay.

3. Right to restriction of processing (Art. 18 GDPR)

If one of the following conditions is met, you have the right to request restriction of the processing of your personal data:

  • You dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data.
  • In the context of unlawful processing, refuse to erase the personal data and instead request the restriction of the use of the personal data.
  • We no longer need your personal data for the purposes of processing, but you need your personal data for the assertion, exercise or defense of your legal claims or
  • after you have objected to the processing, for the duration of the examination as to whether our legitimate grounds override your grounds.
4. Right to erasure ("right to be forgotten") (Art. 17 GDPR)

If one of the following reasons applies, you have the right to request immediate deletion of your personal data:

  • Your data is no longer necessary for the processing purposes for which it was originally collected.
  • You withdraw your consent and there is no other legal basis for the processing.
  • You object to the processing and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 para. 2 GDPR.
  • Your personal data is processed unlawfully.
  • The deletion is necessary for compliance with a legal obligation under Union law or the law of the member state to which we are subject.
  • The personal data was collected in relation to information society services offered pursuant to Article 8 para. 1 GDPR.

Please note that the above reasons do not apply insofar as the processing is necessary:

  • To exercise the right to freedom of expression and information.
  • To fulfill a legal obligation or to perform a task that is in the public interest and to which we are subject.
  • For reasons of public interest in the area of public health.
  • For archival purposes in the public interest, scientific or historical research purposes, or statistical purposes.
  • for the assertion, exercise or defense of legal claims.
5. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, common and machine-readable format or to request the transfer to another controller.

6. Right to object to certain data processing (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

7. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Provision of the website and creation of the log files

1. Description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  • Information about the browser type and version used 
  • Operating system of the user
  • Internet service provider of the user 
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Web pages that are called up by the user's system via our website

This data is stored in the log files of our system.

This data is not stored together with other personal data of the user.

2. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

3. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Exercise your rights

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. The user can object to this. Whether the objection is successful is to be determined in the context of a balancing of interests.

Cookies use

1. Description and scope of data processing

When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether you generally permit the setting of cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager.

Cookies are text files or information in a database that are stored on your hard drive and associated with the browser you are using, so that certain information can flow to the entity that sets the cookie. Below we describe what kind of cookies we use:

We use technically necessary cookies, which are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.

The following data is stored and transmitted by the technically necessary cookies:

  • Language settings
  • Log-in information
  • Use of website functions

We use cookies on our website that are not technically necessary. Technically unnecessary cookies are text files that are not solely used for the functionality of the website, but also collect other data.

By setting technically unnecessary cookies, the following data is processed: 

  • Tracking of the surfing behavior
2. Purpose of data processing

The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

For the following applications we need the technically necessary cookies:

  • Adoption of language settings
  • Functionality of the website

The use of technically unnecessary cookies is done for the purpose of improving the quality of our website, its content and thus our reach and profitability. By setting these cookies, we learn how the website is used and can thus constantly optimize our offer. In particular, these cookies serve us for the following purposes:

To improve our service, we use technically unnecessary cookies with your consent.

3. Legal basis for data processing

The provisions of the Telecommunications Digital Services Data Protection Act (TDDDG) are relevant for the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is carried out on the basis of section 25 para. 2 no. 2 TDDDG. This storage and access to the information in your terminal equipment serves to facilitate your use of our website and to be able to offer you our services as you have requested. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted after the session ends (e.g. logging out or closing the browser) or after the expiry of a specified duration. Information about different storage periods for cookies can be found in the following sections of this privacy policy.

Insofar as cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. The basis for the storage and access to information in this case is section 25 para. 1 TDDDG in conjunction with. Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR. You can revoke your consent at any time with effect for the future or subsequently grant it again by configuring your settings for cookies accordingly. Alternatively, you can prevent the storage of cookies by making appropriate settings in your browser software. Please note that the browser settings you make only affect the browser you are using. If personal data is processed following the storage of and access to the information on your terminal equipment, the provisions of the GDPR are relevant. Information on this can be found in the following sections of this privacy policy.

4. Exercise your rights

You can revoke your consent to the use of cookies at any time and manage your consent preferences.

Newsletter

1. Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.

In order to provide this service, we collect the following data from you 

  • Email address

For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy.

No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. Purpose of data processing

The collection of the user's email address is used to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

3. Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given his consent.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's email address will be stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

5. Exercise your rights

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

This also enables the revocation of consent to the storage of personal data collected during the registration process.

Email contact

1. Description and scope of data processing

On our website, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored. The data is used exclusively for the processing of the conversation.

2. Purpose of data processing

In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

3. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to optimally answer your inquiry that you send by email.

If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Exercise your rights

If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

Contact form

1. Description and scope of data processing

Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

At the time of sending the message, the following data will be stored: 

  • Email address
  • Last name
  • First name
  • Phone / mobile number
  • Company name, position
  • Date and time
2. Purpose of data processing

The processing of personal data from the input mask of the contact form or via the provided email address serves us solely to process the contact.

The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to optimally answer your inquiry that you send to us via contact form. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Exercise your rights

If the user contacts us via the input mask in the contact form, he can object to the storage of his personal data at any time in the following manner:

To revoke consent already given or to object to the storage of your data, you can contact us at any time via email or our contact form.

All personal data stored in the course of contacting us will be deleted in this case.

Use of company presences in job-oriented networks

1. Scope of data processing

On our company site we provide information and offer users the opportunity to communicate.

The company website is used for applications, information/PR and active sourcing. We do not have any information on the processing of your personal data by the companies jointly responsible for the corporate presence. For more information, please see the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy

If you carry out an action on our company website (e.g. comments, posts, likes, etc.), it is possible that you make personal data (e.g. clear name or photo of your user profile) public.

2. Legal basis for data processing

The legal basis for the processing of personal data for the purpose of communication with customers and interested parties is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to answer your request in the best possible way or to be able to provide the requested information.

If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

Our company website serves to inform users about our services. In doing so, every user is free to publish personal data through activities.

4. Duration of storage

The data generated by the company website is not stored in our own systems.

5. Exercise your rights

You can object at any time to the processing of your personal data that we collect in the course of your use of our corporate presence and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal Email to the Email address stated in this data protection declaration.

You can find more information on how to exercise your rights here: https://www.linkedin.com/legal/privacy-policy

Hosting

The website is hosted on servers of a service provider contracted by us. Our service provider is Salesforce, Inc., 415 Mission Street Suite 300 San Francisco, CA 94105. For more information, see the provider's privacy policy: https://www.salesforce.com/company/privacy/

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Information about the browser type and version used
  • Operating system of the user
  • Internet service provider of the user
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Web pages that are called up by the user's system via our website

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest for processing this data is to present our website error-free and to optimize its functions.

The location of the website's server is geographically in the United States of America.

Registration

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

  • Email address
  • Last name
  • First name
  • Company name
  • Company form
  • Investment target

As part of the registration process, the user's consent to the processing of this data is obtained.

2. Purpose of data processing

User registration is required for the provision of certain content and services on our website, in particular to access the Privatize platform and make full use of its features.

3. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in processing your login data in order to provide you with the requested content and services.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

With regard to registration data, your data will therefore be stored for as long as your account is active.

5. Exercise your rights

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time.

Specifically, you can request deletion in the following ways:

You can change the data you have provided as well as delete your account at any time via the account settings.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

Third-party integrated services

We use various service providers to provide the services we offer on the website.

In general, we have a legitimate interest in sharing your data with the relevant service providers if these services are essential to provide the basic service offered on the website, in order to provide the relevant website service.

If such services are required for additional services, enhanced features or additional purposes, your personal data will only be disclosed to service providers if you give your consent.

Here you can revoke your consent to use integrated third-party services and manage your consent settings at any time.

Use of Google Web Fonts

1. Scope of the processing of personal data

We use Google web fonts of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter: Google). In the process, the web fonts are transferred to the browser's cache when the page is called up in order to be able to use them for the visually improved display of various information. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor's computer when the page is accessed. Data transmitted in connection with the page call is sent to resource-specific domains such as https://fonts.googleapis.com or https://fonts.gstatic.com. As a result, personal data can be stored and evaluated, in particular the user's activity, especially which pages have been visited and which elements have been clicked on, and device and browser information, especially the IP address and the operating system.
The data is not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.
You can obtain further information on the processing of data by Google here: https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of data processing

The use of Google web fonts serves an appealing presentation of our texts. If your browser does not support this function, a standard font from your computer will be used for display.

3. Legal basis for the processing of personal data

The legal basis for the processing of the users' personal data is generally the user's consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

4. Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, such as for tax and accounting purposes.

5. Exercise your rights

You can prevent the collection as well as the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. You can deactivate the use of your personal data by Google using the following link: https://adssettings.google.de For more information on objection and removal options vis-à-vis Google, please visit: https://policies.google.com/privacy?gl=DE&hl=de

Use of Sendgrid

1. Scope of the processing of personal data

We use the service provider SendGrid, Inc, 1801 California Street, Suite 500, Denver, Colorado 80202, USA and its representative in the Union Sendgrid Albert House 256-260 Old Street, London EC1V 9DD, UK (hereinafter referred to as Sendgrid) to send emails and notifications. Sendgrid is a SendGrid is a cloud-based SMTP provider that acts as an email delivery system, enabling email to be sent without the need to own email servers. SendGrid manages the technical details of email delivery, such as infrastructure scaling, reputation monitoring, and real-time analytics. Cookies and web beacons (tracking pixels) are used in the emails sent by Sendgrid. These allow tracking whether the email sent via the SendGrid platform was delivered, opened, clicked, blocked or treated as spam. As a rule, the following data is processed in the process:

  • IP address
  • Browser types
  • Log files
  • Information about the operating system
  • Information about the connection
  • What pages are displayed
  • What parts of the services are used
  • Information about the performance of the services
  • Metrics for deliverability of Emails and other electronic communications

For more information on the processing of data by Sendgrid, please click here: https://sendgrid.com/policies/privacy/services-privacy-policy/

2. Purpose of data processing

Using Sendgrid allows us to send emails and notifications, measure the performance of email campaigns, and provide analytics information to improve the effectiveness of our services.

3. Legal basis for the processing of personal data

The legal basis for the processing of the personal data of the users is basically the consent of the user according to Art. 6 para. 1 p.1 lit. a GDPR.

4. Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

5. Exercise your rights

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can revoke your consent to the storage of the data, as well as its use for sending the Emails by Sendgrid at any time. You can exercise your revocation at any time by sending an Email to us or to datasubjectrequests@sendgrid.com or by clicking on the link provided in each Email.

For more information on appeal and removal options against Sendgrid, please visit: https://sendgrid.com/policies/privacy/services-privacy-policy/

Amendments of this privacy policy

We will revise this data protection information from time to time in order to adapt it to the state of the art or to changes in the legal framework. We therefore recommend that you regularly inform yourself about changes on this page.

Status 19 June 2024