Data Protection Notices
Ernst Russ AG, Elbchaussee 370, D-22609 Hamburg, which can be reached at +49 40 88 88 1 - 0 and at email@example.com, and the companies affiliated with the Ernst Russ Group take the protection of personal data very seriously. In the following, we would like to provide an explanation about the data that we process when visiting our websites and using our online services and about the entities with which we share these data. In addition, you will find information about your rights as a data subject.
Personal data within the meaning of the EU General Data Protection Regulation (GDPR) means all information relating to a person that can be used to identify that person, such as the name or email address of the data subject. Processing within the meaning of the GDPR means any action taken with respect to personal data, such as the collection, storage, transmission, or deletion of personal data.
1. Usage data
When visiting our website, we record personal data that your browser transmits to our server (so-called log files). These log files, which are stored on our server, are necessary both in technical terms so that you can access our website as well as for our legitimate interest in displaying our websites to you and ensuring their stability and security. The legal basis for this processing is Article 6(1)(b) and (f) GDPR. The log files that we process involve, in particular, the following data:
- your IP address;
- the date and time of your query;
- the content of your request (which specific sub-websites you are visiting);
- the website that you came from to reach our website;
- the access status/HTTP status code;
- the amount of data transferred in each case;
- your browser;
- your operating system and its interface; and
- the language and version of your browser software.
2. Web forms
In order to be able to provide our online services to you, we use so-called web forms on our websites in which you can actively enter your personal data. These personal data are recorded by us and processed for each online service. The legal basis for this processing is Article 6(1)(b) GDPR. We use web forms for sending the newsletter. Details can be found Section 5 of these Data Protection Notices.
3. Disclosure of personal data to third parties
Your personal data are transmitted by us to the following recipients:
- domainfactory GmbH, Oskar-Messter-Str. 33, D-85737 Ismaning, as hosting provider. The legal basis for the disclosure is Article 28 GDPR;
- CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, as newsletter provider. The legal basis for the disclosure is Article 28 GDPR.
If we use service providers to process your personal data on our behalf (processors), we have concluded processing contracts with them that obligate them to process your personal data only in accordance with our instructions and to the extent permitted by statute.
4. Use of social media plug-ins
We have website links to our social media accounts from Xing and Twitter. We use the “Shariff solution” from Heise, which is in conformity with data protection law: Only when you click on one of the Icons will a connection be established with the respective provider, and you will be sent to its website. There, you will communicate directly with the corresponding provider. If you have an account and are logged in, the data are directly attributed to your account. We have no influence over the data collected by the provider or its data processing operations, nor are we aware of the full extent of the data collection, the purposes, or the storage periods.
For more information about the purpose and extent of data collection and their processing by the plug-in providers, please refer to their data protection policies:
a) Xing AG, Dammtorstraße 30, 20354 Hamburg, Germany; https://www.xing.com/privacy
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy
5. Email newsletter
With your consent, you can subscribe to our newsletter, which we use to inform you about our current, interesting services. The services applied for are specified in the declaration of consent. If you enter your email address in the newsletter mailing list, we initially store this email address only temporarily for the purpose of sending you an email in which you can confirm membership in the email mailing list (so-called “double opt-in” procedure). If you do not confirm your membership within seven days of requesting the confirmation email, the provided data will not be processed for any other purpose and will be deleted. If your email address was confirmed by you, we store this for the purpose of sending the newsletter until you request that we delete your email address.
In order for us to be able to prove your enrolment in the newsletter mailing list and to counter any accusation of unsolicited sending of emails, we also store the date and time of the enrolment and the confirmation of enrolment in the email mailing list, as well as the IP address used for your enrolment. The IP address is not used for any other purpose. The legal basis for data processing operations in connection with newsletter services is Article 6(1)(a) GDPR. You may cancel your enrolment in the sending of the newsletter at any time by unsubscribing to the newsletter using the link contained in each newsletter.
There are cookies that are deleted when you close your browser (transient cookies) as well as cookies that are stored on your computer for a specific period of time, which can differ from cookie to cookie (persistent cookies). A common type of transient cookies are session cookies, which store a so-called session ID that enables various requests from your browser to be assigned to a common session. That allows your computer to be recognised when you return to our websites. Session cookies are deleted when you log out or close your browser. You can delete persistent cookies at any time using your browser’s security settings.
Some cookies are absolutely necessary for the operation of this website (known as essential cookies). These are set automatically when visiting our website. The legal basis for the associated data processing is Article 6(1)(b) GDPR. Other non-essential cookies are set only if you first declare your express consent through activation of the corresponding cookies by ticking a box. This consent also relates to the personal data processed in connection with the cookies. The legal basis is Article 6(1)(a) GDPR. Your consent is voluntary. You may modify or withdraw it at any time. To do so, simply click below on “Change your consent” or “Withdraw your consent”.
The Cookie EquityStory is an offer of EQS Group. EQS Group is a leading international provider of regulatory technology (RegTech) in the fields of corporate compliance and investor relations. The Cookie only collects a session ID to ensure an equal distribution of all requests via our server. It is valid until the end of the browser session.
- Your IP address;
- The date and time of your request;
- The content of your request (which specific subpage you visit);
- The website that you came from when accessing our website;
- The access status/HTTP status code;
- The amount of data transferred each time;
- Your browser;
- Your operating system and its interface; and
- The language and version of your browser Software.
7. Standard periods for deletion of data
Personal data that we receive from you when visiting our websites are, subject to compliance with statutory retention duties, promptly deleted after completion of the contractual service or after their purpose has been fulfilled. Your data are promptly deleted when you unsubscribe from our newsletter.
8. Data security
Ernst Russ AG takes state-of-the-art technical and organisational security measures in order to protect your data as comprehensively as possible against loss, destruction, falsification, or unwanted accessing. When personal data are entered in web forms, Ernst Russ AG protects them with great care.
If you contact us by email, please be aware that data are not encrypted when they are transmitted. If you would like to send us confidential information, you should not do this by email but instead, e.g. by sending a letter in the mail.
Your personal data are protected by Ernst Russ AG and the providers carefully selected by us pursuant to Article 28 GDPR in application of the relevant statutory provisions through technical and organisational measures.
9. Links to other websites
Our website contains links to other websites. We have no influence over whether their operators comply with data protection provisions. Despite carefully reviewing content, we also cannot assume any liability for external links to outside content. Please refer to the data protection notices on the respective websites for information about data processing operations on those sites.
10. Voluntary provision of data
Provision of your personal data on our websites is always done on a voluntary basis. You have neither a legal nor contractual obligation to do so.
11. Your rights
Depending on the circumstances in the specific case, you have the following data protection rights:
- to request access to your personal data and/or copy of such data. That includes information about the purpose of use, the category of the used data, their recipients and persons authorised to access them, and, where possible, the planned duration of data storage or, if this is not possible, the criteria for establishing this duration;
- to request that your personal data be corrected, deleted, or restricted in terms of processing if their use is impermissible under data protection law, particularly because (i) the data are incomplete or inaccurate, (ii) they are no longer needed for the purposes for which they were collected, (iii) the consent to processing was revoked, or (iv) you successfully made use of a right of revocation concerning data processing; in cases where the data are processed by third parties, we will forward your applications for correction, deletion, or restriction in terms of processing to such third parties unless this proves to be impossible or is associated with unreasonable effort;
- to refuse to consent or – without affecting the lawfulness of the data processing that took place prior to revocation – to revoke you consent at any time to the processing of your personal data;
- not to be subjected to a decision based exclusively on automated processing that is legally effective against you or substantially interferes with you in a similar fashion;
- to request that you be provided with the personal data concerning you that you provided to us in a structured, common, and machine-readable format and to transmit such data to another data controller without interference by us; you may also have the right to request that we transmit the personal data directly to another data controller, if this is technically feasible;
- to take legal steps or to request the involvement of the responsible supervisory authorities if you believe that your rights were infringed as a result of your personal data being processed in a manner that is not in conformity with the requirements of data protection law.
In addition to the foregoing, you have the right to object at any time to the processing of your personal data:
- if we process your personal data for purposes of direct marketing; or
- if we process your personal data for the purposes of pursuing our legitimate interests and reasons exist that result from your special situation.
Please contact the data protection officer of Ernst Russ AG if you have any questions, suggestions, or comments about the issue of data protection.
Ernst Russ AG
Data Protection Officer
Hamburg, November 2019