Privacy information for users of our website
We take the protection of your personal data very seriously. We collect, process and use data about you in accordance with the provisions of the applicable data protection legislation, particularly the European Union’s General Data Protection Regulation. This notice describes the personal data we collect and the purpose for which it is collected, and explains how we ensure it is protected. Personal data is information relating to an identified or identifiable person. It includes, in particular, all information that allows you to be identified, such as your name, telephone number, address or email address. Statistical data such as that collected during a visit to our website, for example, that cannot be attributed to you as an individual, is not personal data. The controller responsible for data processing is Hypoport AG, Kloster Straße 71, 10179 Berlin, Germany.
You can contact the data protection officer of Hypoport AG at email@example.com.
- Data processing on the website
- a) Information purposes when visiting the website
Every time you use our website, we collect access data that is sent to us automatically by your browser. This facilitates your use of the website. The access information includes, in particular:
- IP address of the requesting device
- Date and time of the request
- Address of the requesting and requested website
- Information about the browser and operating system used
- Online identification data (e.g. device ID, session ID)
The processing of this data is necessary to enable you to visit the website and to guarantee the functionality and security of our systems. The access data is also saved in temporary log files for the purposes described above to enable the collection of statistical data about the use of our website so that we can improve our website in accordance with how it is used by our visitors (e.g. if the proportion of visits from mobile devices increases) and so that we can carry out general administrative tasks. The legal basis for this data processing is Art. 6 (1) lit. f GDPR, based on our legitimate interest in optimising our website.
The information stored in the log files does not allow you to be identified directly. After seven days, IP addresses are stored only in a shortened, anonymised form. The log files are stored for 30 days and then anonymised and archived.
- b) Newsletter
You have the option to subscribe to our newsletter which we send out periodically to keep you informed of news about our services.
We use the so-called ‚double opt-in‘ method for this. After you have registered, we send you a notification email containing a link to click on to confirm that you are the owner of the email address. Only once this has been confirmed will we send you newsletters by email. If you confirm your email address, we save the email address, the time and date of the registration and the IP address used to register. We keep this information until you unsubscribe. The sole purpose of storing this information is to send you the newsletter and be able to prove that you opted to subscribe. You can unsubscribe from the newsletter at any time. Every newsletter contains an Unsubscribe link Alternatively you can of course send us an email or a letter at any time using the contact details provided above or in the newsletter. The legal basis for processing this information is your consent, pursuant to Art. 6 (1) sentence 1 (a) GDPR.
In our newsletter we use standard, commercially available technologies to measure interaction with the newsletter (e.g. opening of the email, links clicked on). We use this data in pseudonymised form for general statistical analysis and to optimise and enhance our content and customer communications. This is done using small graphics that are embedded in the newsletters (‚pixels‘). This data is collected solely in pseudonymised form, and the data collected is not linked to other personal data about you. The legal basis for this is our aforementioned legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR. We want to better understand what interests our readers and to share information with our customers that is as relevant as possible to them. If you would prefer us not to analyse your usage behaviour, you can unsubscribe from the newsletter or deactivate graphics in your email program as the default setting. We want to better understand what interests our readers and to share information with our customers that is as relevant as possible to them.
You can unsubscribe from the newsletter at any time, for example by clicking on the unsubscribe link included at the end of every newsletter. Alternatively you can contact us at any time using the contact details provided above.
- Cookies and web analysis
We use our cookies in particular
- to smooth out the flow of traffic to our site
- to remember that we have shown you certain information on our website – so that this same information is not shown to you again the next time you visit the site
- to temporarily save information you have entered on our website to save you having to enter it again if you reload the page.
Our aim is to enhance and personalise your experience of our website. These services are based on our aforementioned legitimate interest; the legal basis is therefore Art. 6 (1) sentence 1 (f) GDPR.
You can prevent cookies from being stored on your device by disabling the acceptance of cookies in your browser settings. If you do not accept cookies, however, you may find that the functionality of our website is substantially restricted.
- a) Google Analytics
Google will use the information obtained from the cookies on our behalf to analyse the use of our website, compile reports on website activity and provide other services for us relating to the use of the website and use of the internet.
The processing of the usage data by Google Analytics is based on our legitimate interest in the demand-drive design and optimisation of our website, so the legal basis is Art. 6 (1) sentence 1 (f) GDPR. You can object to the analysis by Google at any time. There are several ways of doing this:
- You can adjust your browser settings so that cookies from Google Analytics are blocked.
- You can adjust your ad settings at Google .
- You can set an opt-out cookie by clicking here: opt out of Google Analytics
- You can install the opt-out browser add-on provided by Google in your Firefox, Internet Explorer or Chrome browser via the following link (this variant does not work on mobile devices): browser add-on link
For further information on Google Analytics, please refer to Google’s privacy notice.
- b) Google Maps
We use Google Maps on our website to show addresses in visual form. Google Maps is a map service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‚Google‘). In order for the Google maps we use to be displayed in your browser, your browser must accept a link to a Google server, which may be in the USA, when you access our website. For the eventuality that data may be transferred to the USA, Google has joined the EU-US Privacy Shield framework. When you visit our site, Google is informed that our website has been accessed from the IP address of your terminal device. The legal basis for this data processing is Art. 6 (1) sentence 1 (f) GDPR, based on our legitimate interest in providing a map service on our website.
- c) YouTube
Our website features videos that are stored on YouTube and can be played directly on our website. YouTube is a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‚Google‘). When you visit the pages on which YouTube videos have been integrated, Google is informed that you have accessed the relevant page on our website. This happens irrespective of whether or not you are logged into Google or your YouTube account. If you are logged in, the information about the video played will be attributed directly to your Google account and your YouTube account. If you do not wish this information to be provided, you must log out of your account before playing the video. Google stores your data and may use it for the purposes of advertising, market research and the demand-driven design of its own websites. This information is analysed even if you are not logged in. You can configure your browser as described above so that it refuses to accept cookies, or you can prevent the collection of the data generated by the cookies relating to your use of this website, and the processing of this data by Google, by going to the Google ad settings and deactivating the ‚Ads personalization across the web‘ option. If this setting is deactivated, Google will only show you general advertising, including when you use YouTube, not ads that have been personalised based on information collected about you.
If Google also processes your data in the USA, it guarantees compliance with European data protection principles through its certification under the EU-US Privacy Shield framework. The legal basis for the integration of YouTube and the associated data processing is Art. 6 (1) sentence 1 (f) GDPR, based on our legitimate interest in integrating video and image content into our website to make it more appealing.
- d) Twitter
Twitter functions are integrated into our website. These functions are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. If you use Twitter and the ‚re-tweet‘ function, the websites you have visited will be linked to your Twitter account and shared with other users. This also involves transferring data to Twitter.
- Links to other websites and online services
- Social media
Twitter feed and follow plugin
- a) Use of YouTube videos
Our website features videos that are stored on YouTube and can be played directly on our website. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (‚YouTube‘), a Group company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‚Google‘). For the eventuality that personal data may be transferred to the USA, Google and its subsidiary YouTube have joined the EU-US Privacy Shield framework. The legal basis is Art. 6 (1) sentence 1 (f) GDPR, based on our legitimate interest in integrating video and image content.
When you visit our website, YouTube and Google are informed that you have accessed the relevant page on our website. This happens irrespective of whether or not you are logged into your YouTube or Google account. YouTube and Google store your data and may use it for the purposes of advertising, market research and the demand-driven design of their own websites. If you access YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google may link this event to your profile . If you do not wish this information to be attributed to your Google profile, you need to log out of Google before accessing our website.
You can configure your browser as described above so that it rejects cookies, or you can prevent the collection of the data generated by the cookies relating to your use of this website, and the processing of this data by Google, by going to the Google ad settings and deactivating the ‚Ads personalization across the web‘ option. Google will then only show you non-personalised ads.
For further information, including about YouTube, please refer to Google’s privacy notice.
- Social media functions
Our website features social plugins from various social media providers:
- Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), Privacy
- Google+ (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), Privacy
- Xing (XING AG, Dammtorstrasse 30, 20354 Hamburg, Germany), Your Privacy
Social plugins can be identified by the logos of the individual providers.
If you access an article or a page on our website that contains these social plugins, your browser will establish a direct connection to the servers of the social network in question and load the visible image of the plugin and its underlying functionality from there. If you are already logged into the social network with your user name and password at the time, the social network service will be informed that you have visited our website and can attribute this information to your user account. If you interact with the social plugins, e.g. if you click on the Facebook ‚like‘ button or use the Twitter ‚tweet this‘ function, the content of our page will be linked to your Facebook or Twitter profile.
If you are not a member of the social network in question or if you log out of your account before visiting our website, there is still the possibility that at least your IP address may be transmitted and stored there.
We would point out that the content and scope of the data directly collected by and transmitted to social media services via social plugins, along with the storage period of up to 250 days and the intended use, are determined solely by the provider in question. We have no control over the content of the plugins or the transmission of information. For more information, please see the privacy policies of the respective providers using the links provided above.
The legal basis for the use of such plugins is Art. 6 (1) sentence 1 (f) GDPR, based on our legitimate interest in providing the aforementioned social media functions.
- Data subject rights
- a) Your rights
You have the right at any time to request information from us about the processing of your personal data. Upon such request, we will explain the way in which we process your data and provide an overview of the personal data we hold about you.
If the data we hold is incorrect or out of date, you have the right to have this data corrected.
You can also demand the erasure of your data. If, by way of exception, other legal provisions prevent us from erasing your data, the data will be blocked in such a way that it can only be used for the purpose specified by the legal provisions in question.
You can also restrict the processing of your data, e.g. if you believe that the data we hold about you is incorrect. You also have the right to data portability i.e. to request that we send you a digital copy of the personal data that you have provided and that we hold about you.
You can contact us at any time using the contact details provided above to exercise the rights outlined here. This also applies if you would like us to send you copies of guarantees proving we have an appropriate standard of data protection.
You also have the right to object to the processing of your data where such processing is based on Art. 6 (1) sentence 1 (e) or (f) GDPR. Finally, you have the right to complain to the competent data protection regulatory authority. You can exercise this right by contacting a regulatory authority in the EU member state where you live or work, or where the suspected data breach took place. In (…), the competent regulatory authority is:
Right to withdraw consent and right to object
Pursuant to Article 7 (2) GDPR, you have the right to withdraw the consent you have given us at any time. If you do this, it means we will no longer be able to process data on the basis of this consent in future. It does not affect the legality of processing carried out prior to the withdrawal of your consent.
If we process your personal data based on a legitimate interest pursuant to Art.. 6 (1) sentence 1 (f) GDPR, you have the right, under Art. 21 GDPR, to object to the processing of your data for reasons arising from your particular situation or if the objection relates to direct marketing. In the latter case, your right to object is unconditional and we must stop processing your data for this purpose without you having to provide a specific reason.
If you wish to exercise your right to withdraw consent or to object, you can contact us using the contact details provided above.
- Data security and amendments
- a) Data security
We implement up-to-date technical measures to ensure that data is kept safe, in particular to protect your personal data against the risks inherent in the transfer of data, and to prevent it from being disclosed to third parties. These measures are regularly updated to ensure they remain state of the art. We secure the personal data you provide via our website using Transport Layer Security (TLS) encryption.
- c) Contact
- Disclosure of data
We will only disclose the data we have collected if :
- you have explicitly given us consent to do so in accordance with Article 6 (1) sentence 1 (a) GDPR
- disclosure is necessary pursuant to Article 6 (1) sentence 1 (f) GDPR for the enforcement, exercising, or defence of legal claims and there is no reason to assume that your interest in preventing the disclosure of your data overrides our interest
- we are under a statutory obligation to do so under Art. 6 (1) sentence 1 (c) GDPR or
- under Art. 6 (1) sentence 1 (b) GDPR it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. This includes, in particular, the transmission of your data to advisors in order that they may advise you on the products of interest.
Data may also be disclosed in connection with official requests, court orders and legal proceedings, if such disclosure is necessary for the pursuit or enforcement of legal claims.