Data Protection Notices
Ernst Russ AG, Elbchaussee 370, D-22609 Hamburg, which can be reached at +49 40 88 88 1 - 0 and at firstname.lastname@example.org, and the companies affiliated with the Ernst Russ Group take the protection of personal data very seriously. In the following, we would like to provide an explanation about the data that we process when visiting our websites, when using our online services and when contacting us, as well as about the entities with which we share these data. In addition, you will find information about your rights as a data subject.
Personal data within the meaning of the EU General Data Protection Regulation (GDPR) means all information relating to a person that can be used to identify that person, such as the name or email address of the data subject. Processing within the meaning of the GDPR means any action taken with respect to personal data, such as the collection, storage, transmission, or deletion of personal data.
1. Usage data
When visiting our website, we record personal data that your browser transmits to our server (so-called log files). These log files, which are stored on our server, are necessary both in technical terms so that you can access our website as well as for our legitimate interest in displaying our websites to you and ensuring their stability and security. The legal basis for this processing is Article 6(1)(b) and (f) GDPR. The log files that we process involve, in particular, the following data:
- your IP address;
- the date and time of your query;
- the content of your request (which specific sub-websites you are visiting);
- the website that you came from to reach our website;
- the access status/HTTP status code;
- the amount of data transferred in each case;
- your browser;
- your operating system and its interface; and
- the language and version of your browser software.
2. Disclosure of personal data to third parties
Your personal data are transmitted by us to the following recipient:
- domainfactory GmbH, Oskar-Messter-Str. 33, D-85737 Ismaning, as hosting provider. The legal basis for the disclosure is Article 28 GDPR.
If we use service providers to process your personal data on our behalf (processors), we have concluded processing contracts with them that obligate them to process your personal data only in accordance with our instructions and to the extent permitted by statute.
3. Use of social media plug-ins
We have website links to our social media accounts from Xing and Twitter. We use the “Shariff solution” from Heise, which is in conformity with data protection law: Only when you click on one of the Icons will a connection be established with the respective provider, and you will be sent to its website. There, you will communicate directly with the corresponding provider. If you have an account and are logged in, the data are directly attributed to your account. We have no influence over the data collected by the provider or its data processing operations, nor are we aware of the full extent of the data collection, the purposes, or the storage periods.
For more information about the purpose and extent of data collection and their processing by the plug-in providers, please refer to their data protection policies:
a) Xing AG, Dammtorstraße 30, 20354 Hamburg, Germany; https://www.xing.com/privacy
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy
4. Contacting us
If you contact us by mail, e-mail, fax or telephone, we will process your personal data. In particular, we process your name, your contact data depending on the chosen method of contact (address, e-mail address, telephone number, fax number) as well as the content of your inquiry or requests. We do this in order to be able to process your inquiry and any follow-up questions. The legal basis is Article 6(1)(b) GDPR.
There are cookies that are deleted when you close your browser (transient cookies) as well as cookies that are stored on your computer for a specific period of time, which can differ from cookie to cookie (persistent cookies). A common type of transient cookies are session cookies, which store a so-called session ID that enables various requests from your browser to be assigned to a common session. That allows your computer to be recognised when you return to our websites. Session cookies are deleted when you log out or close your browser. You can delete persistent cookies at any time using your browser’s security settings.
Some cookies are absolutely necessary for the operation of this website (known as essential cookies). These are set automatically when visiting our website. The legal basis for the associated data processing is Article 6(1)(b) GDPR. Other non-essential cookies are set only if you first declare your express consent through activation of the corresponding cookies by ticking a box. This consent also relates to the personal data processed in connection with the cookies. The legal basis is Article 6(1)(a) GDPR. Your consent is voluntary. You may modify or withdraw it at any time. To do so, simply click below on “Change your consent” or “Withdraw your consent”.
The Cookie EquityStory is an offer of EQS Group. EQS Group is a leading international provider of regulatory technology (RegTech) in the fields of corporate compliance and investor relations. The Cookie only collects a session ID to ensure an equal distribution of all requests via our server. It is valid until the end of the browser session.
- Your IP address;
- The date and time of your request;
- The content of your request (which specific subpage you visit);
- The website that you came from when accessing our website;
- The access status/HTTP status code;
- The amount of data transferred each time;
- Your browser;
- Your operating system and its interface; and
- The language and version of your browser Software.
6. Standard periods for deletion of data
Personal data that we receive from you when visiting our websites or when contacting us are, subject to compliance with statutory retention duties, promptly deleted after completion of the contractual service or after their purpose has been fulfilled.
7. Data security
Ernst Russ AG takes state-of-the-art technical and organisational security measures in order to protect your data as comprehensively as possible against loss, destruction, falsification, or unwanted accessing.
If you contact us by email (see Section 6 for further details), please be aware that data are not encrypted when they are transmitted. If you would like to send us confidential information, you should not do this by email but instead, e.g. by sending a letter in the mail.
Your personal data are protected by Ernst Russ AG and the providers carefully selected by us pursuant to Article 28 GDPR in application of the relevant statutory provisions through technical and organisational measures.
8. Links to other websites
Our website contains links to other websites. We have no influence over whether their operators comply with data protection provisions. Despite carefully reviewing content, we also cannot assume any liability for external links to outside content. Please refer to the data protection notices on the respective websites for information about data processing operations on those sites.
9. Voluntary provision of data
Provision of your personal data on our websites is always done on a voluntary basis. You have neither a legal nor contractual obligation to do so.
10. Your rights
Depending on the circumstances in the specific case, you have the following data protection rights:
- to request access to your personal data and/or copy of such data. That includes information about the purpose of use, the category of the used data, their recipients and persons authorised to access them, and, where possible, the planned duration of data storage or, if this is not possible, the criteria for establishing this duration;
- to request that your personal data be corrected, deleted, or restricted in terms of processing if their use is impermissible under data protection law, particularly because (i) the data are incomplete or inaccurate, (ii) they are no longer needed for the purposes for which they were collected, (iii) the consent to processing was revoked, or (iv) you successfully made use of a right of revocation concerning data processing; in cases where the data are processed by third parties, we will forward your applications for correction, deletion, or restriction in terms of processing to such third parties unless this proves to be impossible or is associated with unreasonable effort;
- to refuse to consent or – without affecting the lawfulness of the data processing that took place prior to revocation – to revoke you consent at any time to the processing of your personal data;
- not to be subjected to a decision based exclusively on automated processing that is legally effective against you or substantially interferes with you in a similar fashion;
- to request that you be provided with the personal data concerning you that you provided to us in a structured, common, and machine-readable format and to transmit such data to another data controller without interference by us; you may also have the right to request that we transmit the personal data directly to another data controller, if this is technically feasible;
- to take legal steps or to request the involvement of the responsible supervisory authorities if you believe that your rights were infringed as a result of your personal data being processed in a manner that is not in conformity with the requirements of data protection law.
In addition to the foregoing, you have the right to object at any time to the processing of your personal data:
- if we process your personal data for purposes of direct marketing; or
- if we process your personal data for the purposes of pursuing our legitimate interests and reasons exist that result from your special situation.
Please contact the data protection officer of Ernst Russ AG if you have any questions, suggestions, or comments about the issue of data protection.
Ernst Russ AG
Data Protection Officer
Hamburg, December 2022