Privacy Policy – Invesdor Platform


Privacy Policy
Status August 2023

Table of contents

  1. Contact details of the data controller
  2. Contact details of the data protection officer
  3. General information on data processing
  4. Rights of the data subject
  5. Provision of the website and creation of log files
  6. Use of cookies
  7. Newsletter
  8. Email contact
  9. Job application by email
  10. Social networks
  11. Job-oriented networks
  12. Hosting
  13. Geotargeting
  14. Registration
  15. Anti-Money Laundering Activities - Customer Due Diligence
  16. Anti-Money Laundering Activities - Simplified Customer Due Diligence
  17. Projects of Helmet Capital Oy
  18. Ownersportal
  19. Partner Programmes
  20. Content Delivery Programmes
  21. Plugins used

I. Contact details of the data controller

The website "Invesdor" and its domains offer various brokerage services (“Brokerage Services”) for companies as well as private individuals and institutional investors. The Brokerage Services are offered via various platforms on the website or its domains. These various platforms are operated on different domains by companies of the Invesdor Group.
The Invesdor Group consists of Invesdor Oy and Invesdor Services Oy each with registered offices in Helsinki, Invesdor INV AG, Invesdor GE GmbH and Invesdor Brokerage GmbH each with registered offices in Berlin, Oneplanetcrowd International B.V. with registered office in Amsterdam and Invesdor GmbH with registered office in Vienna.
Data controller within the meaning of the General Data Protection Regulation (“GDPR”) and other data protection regulations, as well as the service provider of the "Invesdor" online presence and its various domains is:

Invesdor INV AG
c/o Mindspace Germany GmbH
Uhlandstraße 32
10719 Berlin
Germany
+49 30 36428570
service@invesdor.com
https://invesdor.com

If your data is processed by other companies of the Invesdor Group for the provision of the Brokerage Services offered on the website, these companies are deemed to be joint controllers with Invesdor INV AG. The contact details of the Brokerage Service providers offering the respective Brokerage Services are listed in the respective imprint.

II. Contact details of the data protection officer

The data protection officer of Invesdor INV AG is:

DataCo GmbH
Dachauer Straße 65
80335 Munich, Germany
+49 89 7400 45840
www.dataguard.com

III. General information on data processing

1. Scope of the processing of personal data

We process personal data of the users of the services of our website ("Users") only insofar as this is necessary for the provision of a functioning website, our contents and services. The processing of personal data of the Users is primarily only carried out with the consent of the respective User. An exception applies in cases where it is not possible to obtain a prior consent and the data processing is required by regulatory reasons.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1)(a) of the GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1)(b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1)(c) of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1)(d) of the GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, and when the fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1)(f) of the GDPR serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also be legitimate if applicable legislation requires so. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

IV. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in respect to the data controller:

1. Right to information

You may request confirmation from the controller as to whether personal data concerning you are being processed by the data controller.

If there is such processing, you can request information from the controller about the following:

  1. the purposes for which the personal data are processed
  2. the categories of personal data which are processed
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed
  4. the planned duration of the storage of the personal data or if specific information on this is not possible, criteria for determining the storage duration
  5. the existence of a right to rectification or erasure of personal data, a right to restriction of processing by the controller or a right to object to such processing
  6. the existence of a right of appeal to a supervisory authority
  7. any available information on the origin of the data if the personal data are not collected from the data subject
  8. the existence of automated decision-making including profiling, and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

You also have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR relating to the transfer.

2. Right to rectification

You have a right of rectification and/or completion in respect to the controller if the personal data processed concerning you are inaccurate or incomplete. The controller must perform the rectification without undue delay.

3. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you when at least one of following conditions applies:

  • if you contest the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data
  • the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data
  • the controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims
  • if you have objected to the processing pursuant to Art. 21 (1) of the GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds

Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a EU Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to delete

You may request the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

  1. the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
  2. you withdraw your consent on which the processing was based pursuant to Art. 6 (1)(a) or Art. 9 (2)(a) of the GDPR and there is no other legal basis for the processing
  3. you object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR
  4. the personal data concerning you has been processed unlawfully
  5. the deletion of the personal data concerning you is necessary for compliance with a legal obligation under EU or EU Member State law to which the controller is subject
  6. the personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) of the GDPR

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, taking account the available technology and the cost of implementation, to inform controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of that personal data.

c) Exceptions

The right to erasure as described above, does not exist insofar as the processing is necessary in at least one of the following situations:

  • to exercise the right to freedom of expression and information
  • for compliance with a legal obligation which requires processing under EU or EU Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) of the GDPR
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) of the GDPR, where the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
  • for the establishment, exercise or defence of legal claims

5. Right to data controller’s notification

If you have exercised the right to rectification, erasure or restriction of processing in respect to the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed of these recipients by the controller.

6. Right to data portability

You have the right to obtain the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, when the following conditions apply:
the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) of the GDPR or on a contract pursuant to Art. 6 (1)(b) of the GDPR
the processing is carried out by automated procedures
other persons’ rights and freedoms are not adversely affected while using this right
In exercising this right, you also have the right to have the personal data concerning you transferred directly from a controller to another controller, insofar as this is technically feasible.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) (e) or (f) of the GDPR. This also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.


8. Right to withdraw the consent

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the withdrawal.

9. Automated decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply when at least one of the following applies:
1) the decision is necessary for entering into or performance of a contract between you and the controller
2) the decision is authorised by legislation of the EU or the EU Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests
3) the decision is done with your explicit consent
However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in 1 and 3, the data controller shall take reasonable steps to safeguard your rights, freedoms and legitimate interests, including the right to obtain human intervention, to express your point of view, to obtain an explanation of the decision reached after such assessment and to challenge the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

V. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
Information about the browser type and version used
The operating system of the respective User
The Internet service provider of the respective User
The IP address of the respective User
Date and time of access
Websites from which the system of the respective User accesses our website
Websites that are called up by the system of the respective User via our website
Time zone difference from Greenwich Mean Time; content of the request (specific page); status code; amount of data transferred
This data is stored in the log files of our system. This data is not stored together with other personal data of the respective User.

2. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the computer of the respective User. For this purpose, the IP address of the respective User must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 (1)(f) of the GDPR.

3. Legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1)(f) of the GDPR.

4. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, the data is deleted at the latest after seven days. If the data is stored longer than seven days, the IP addresses of the Users are deleted or alienated in a way that data cannot be associated to specific Users any longer.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the respective User to object.

VI. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the respective User. When a User calls up a website, a cookie may be stored on the operating system of the respective User. This cookie contains a characteristic character string that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Log-in information

We also use cookies on our website that allow us to analyse the browsing behaviour of Users.
The following data can be transmitted in this way:

  • Search terms entered
  • Frequency of page views
  • Use of website functions
  • Status and role of the respective User; information on the referral source; information on interactions made; frequency of page views

The User data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling User. The data is not stored together with other personal data of the User.

2. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for Users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
We need cookies for the following applications:

  • Adoption of language settings
  • Enabling log-in, service provision and registration

The User data collected through technically necessary cookies are not used to create User profiles.
Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

3. Legal basis for the data processing

The legal basis for the processing of personal data using technically unnecessary cookies is Art. 6 (1)(a) of the GDPR.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1)(f) of the GDPR.

4. Duration of storage

Cookies are regularly stored by the Users’ browser until manually deleted by the User. This also applies to opt-out cookies, which are set to prevent tracking measures.

5. Possibility of objection and removal

Cookies are stored on the computer of the respective User and are transmitted to our website by the User. Therefore, you as the User have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

VII. Newsletter

1. Description and scope of data processing

On our website, you have the option of subscribing to a free newsletter. When registering for the newsletter, the following data from the online form is transmitted to us.

  • Email address
  • Last Name
  • First name
  • IP address of the calling computer
  • Date and time of registration
  • Country of residence

No data is passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. Purpose of the data processing

The collection of the email address of the respective User serves to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

3. Legal basis for the data processing

The legal basis for the processing of data after registration for the newsletter by the User is Art. 6 (1)(a) of the GDPR if the User has given his/her consent.

4. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The email address of the respective User is therefore stored as long as the subscription to the newsletter is active.
As a general rule, the other personal data collected during the registration process is deleted after a period of seven days.

5. Possibility of objection and removal

The subscription to the newsletter can be cancelled by the respective User at any time. For this purpose, there is a corresponding link in each newsletter.
This also enables the revocation of consent to the storage of personal data collected during the registration process.

VIII. Email contact

 1. Description and scope of data processing

On our website, it is possible to contact us via the email address provided. In this case, the personal data of the respective User transmitted with the email will be stored.

2. Purpose of the data processing

The data is used exclusively for processing the conversation. In addition, in some cases the data processing is necessary to entering into a contract.

3. Legal basis for the data processing

The legal basis for the processing of the data is Art. 6 (1)(a) of the GDPR if the respective User has given his/her consent.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1)(f) of the GDPR. If the email contact is aimed to entering into a contract, the additional legal basis for the processing is Art. 6 (1)(b) of the GDPR. If the data ist stored due to retention obligations, the legal basis is Art. 6 (1) lit c GDPR.

4. Duration of the storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no other reasons or obligations to retain it.

5. Possibility of objection and removal

The User has the option to revoke his/her consent to the processing of personal data at any time. If the User contacts us by email, he/she can object to the storage of his/her personal data at any time. In such a case, the email conversation cannot be continued.
The revocation of consent and the objection to storage can be declared by email to service@invesdor.com.

All personal data stored in the course of contacting us via email will be deleted in this case:

  • Email address
  • Last Name
  • First name

IX. Job applications by email

1. Description and scope of data processing

You can send us your job application by email. We will collect your email address and the data you provide in the email.

2. Purpose of the data processing

The processing of personal data from your job application email is solely for the purpose of processing your application.

3. Legal basis for the data processing

The legal basis for the processing of the data is Art. 6 (1)(a) of the GDPR if the respective User has given his/her consent. The additional legal basis for the processing is Art. 6 (1)(b) of the GDPR when the application is aimed to entering into a contract.

4. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

5. Possibility of objection and removal

The applicant has the possibility to object to the processing of personal data at any time. In such a case, the job application can no longer be considered.
The revocation of consent and the objection to storage can be declared by email to service@invesdor.com.

X. Social networks

Instagram:

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

1. Description and scope of data processing

On our company Instagram page, we provide information and offer Instagram users the opportunity to communicate with us. If you carry out an action on our Instagram company page, it is possible that you will make your personal data (e.g. your name or your user profile picture) public. However, we cannot provide any binding information on the purpose and scope of the processing of your data, since we generally or to a large extent have no influence on the processing of your personal data by Instagram.

2. Purpose of the data processing

Our presence in Instagram is used for communication and information exchange with customers and potential customers. In particular, we use our company Instagram page for the following:

  • To give information about products
  • To give information about services
  • Advertising
  • Customer contact
  • Latest sector-specific news

Every Instagram user is free to publish their personal data through their activities.

3. Legal basis for the data processing

The legal basis for data processing is Art. 6 (1)(a) of the GDPR.

4. Duration of the storage

The data generated by our company Instagram page is not stored in our own systems.

5. Possibility of objection and removal

You can object at any time to the processing of your personal data that we collect in the course of your use of our Instagram presence and assert your data subject rights as set out in IV. of this Privacy Policy. To do so, send us an email to service@invesdor.com. You can find more information about the processing of your personal data by Instagram and the corresponding objection options on Instagram’s privacy policy.

X (former Twitter):

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

1. Description and scope of data processing

On our company X page, we provide information and offer X Users the opportunity to communicate with us. If you carry out an action on our X page, it may be that you make your personal data (e.g. your name or your user profile picture) public. However, we cannot provide any binding information on the purpose and scope of the processing of your data, since we generally or to a large extent have no influence on the processing of your personal data by X.

2. Purpose of the data processing

Our presence in X is used for communication and information exchange with customers and potential customers. In particular, we use our X page for the following:

  • To give information about products
  • To give information about services
  • Advertising
  • Customer contact
  • Latest sector-specific news

Every X user is free to publish their personal data through their activities.

3. Legal basis for the data processing

The legal basis for data processing is Art. 6 (1)(a) of the GDPR.

4. Duration of the storage

The data generated by our company X page is not stored in our own systems.

5. Possibility of objection and removal

You can object at any time to the processing of your personal data that we collect in the course of your use of our X corporate presence and assert your data subject rights as stated under IV. of this Privacy Policy. To do so, send us an email to service@invesdor.com. You can find more information about the processing of your personal data by X and the corresponding objection options on X's privacy policy.

YouTube:

YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, United States

1. Description and scope of data processing

On our company YouTube page, we provide information and offer YouTube users the opportunity to communicate with us. If you carry out an action on our YouTube page, it may be that you make your personal data (e.g. name or your user profile picture) public. However, we cannot provide any binding information on the purpose and scope of the processing of your data, since we generally or to a large extent have no influence on the processing of your personal data by YouTube.

2. Purpose of the data processing

Our presence in YouTube is used for communication and information exchange with customers and potential customers. In particular, we use the YouTube page for the following:

  • To give information about products
  • To give information about services
  • Advertising
  • Customer contact
  • Latest sector-specific news

Every YouTube user is free to publish their personal data through their activities.

3. Legal basis for the data processing

The legal basis for data processing is Art. 6 (1)(a) of the GDPR.

4. Duration of the storage

The data generated by our company YouTube page is not stored in our own systems.

5. Possibility of objection and removal

You can object at any time to the processing of your personal data that we collect in the course of your use of our YouTube corporate presence and assert your data subject rights as stated under IV. of this Privacy Policy. To do so, send us an email to service@invesdor.com. You can find more information about the processing of your personal data by YouTube and the corresponding objection options on YouTube’s privacy policy.

XI. Job-oriented networks

1. Scope of data processing

We use the possibility of company presences on professional networks. We maintain a company presence on the following job-oriented networks:

LinkedIn: LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
XING: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

On our LinkedIn and XING pages, we provide information and offer users the opportunity to communicate with us.

The company pages are used for job applications, information/PR and general marketing.

We do not have information on the processing of your personal data by LinkedIn and XING. You can find more information on the data processing on LinkedIn’s and XING’s privacy policies.

If you carry out an action on our company LinkedIn or XING pages, you may make your personal data (e.g. name or your user profile picture) public.

2. Legal basis for the data processing

The legal basis for the processing of your data in connection with the use of our company LinkedIn and XING pages are Art. 6 (1)(f) of the GDPR.

3. Purpose of the data processing

Our corporate LinkedIn and XING pages are used to inform the respective networks’ users about our services. Every user is free to publish their personal data through their activities.

4. Duration of the storage

We store your activities and personal data published via our corporate LinkedIn and XING pages until you revoke your consent. In addition, we comply with the statutory retention periods.

5. Possibility of objection and removal

You can object at any time to the processing of your personal data that we collect in the course of your use of our LinkedIn and XING corporate presence and assert your data subject rights as stated under IV. of this Privacy Policy. To do so, send us an email to service@invesdor.com.
You can find more information on objection options on LinkedIn’s and XING’s privacy policies.

XII. Hosting

The website is hosted on our service provider’s servers.

Our service provider is Amazon Web Services

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 (1)(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website, for this reason the server log files must be recorded for this purpose.
The server is geographically located in Germany.

XIII. Geotargeting

We use the IP address and other information provided by the User (in particular postcode in the context of registration or usage of the website) for regional targeting (so-called "geotargeting").
Geotargeting is used for example to automatically show you regional offers or advertisements that are often more relevant to Users. The legal basis for the use of the IP address and, if applicable, other information provided by the User is Art. 6 (1)(f) of the GDPR, based on our interest in ensuring more precise targeting and thus providing offers and advertising with greater relevance for Users.
A part of the IP address and the additional information provided by the respective User is only collected and not stored separately.
You can prevent geotargeting for example by using a VPN or proxy server that prevents precise localisation. In addition, depending on the browser used, you can also deactivate location localisation in the corresponding browser settings if this is supported by the respective browser.

We use geotargeting on our website for the following purposes:

  • Customer oriented approach
  • Advertising purposes

XIV. Registration

1. Description and scope of data processing

On our website, we offer Users the opportunity to register and do investments by providing personal data. After entering to data into an online form, it is transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration or investment process:

  • Email address
  • Last Name
  • First name
  • Address & Country of residence
  • Tax residency
  • Telephone / mobile phone number
  • IP address of the calling computer
  • Date and time of registration
  • Place of birth; bank details; tax number, tax identification number, other tax related information, position in the company (for institutional investors and clients)
  • Information on status as Politically Exposed Person (PEP)
  • Indication whether US tax liability exists

As part of the registration and investment process, consent is obtained from the respective User for the processing of this data.

2. Purpose of the data processing

Registration of the respective User is necessary for the performance of a contract with the respective User or for the implementation of pre-contractual measures.
Identification of Users is necessary for regulatory reasons.

3. Legal basis for the data processing

The legal basis for processing the data is Art. 6 (1)(a) of the GDPR if the respective User has given his/her consent.
If the registration serves the performance of a contract to which the User is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1)(b) of the GDPR.

4. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for the data collected during the registration process for the performance of a contract, or in case of implementation of pre-contractual measures when the data is no longer required for entering into a contract. Even after entering into a contract, it may be necessary for us to store personal data of the contractual party in order to fulfil our contractual or legal obligations.

5. Possibility of objection and removal

As a User, you have the option of cancelling your registration at any time in accordance with our Terms of Use. You can have the data stored about you rectified at any time.
Users can request deletion by sending an email to service@invesdor.com.

If the data is required for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

XV. Anti-Money Laundering Activities - Customer Due Diligence

1. Description and scope of data processing
As providers of regulated financial services, we are an obliged entity according to EU Anti-Money Laundering regulation (Directive (EU) 2015/849; “EU AML Regulation”). As an obliged entity we have to perform customer due diligence measures defined in Art. 13 of the EU AML Regulation. Depending on the country of residency of a User, customer due diligence measures include the authentication of Users together with third party providers Onfido Limited, Deutsche Post AG, Lionware GmbH, Authada Gmbh and Signicat AS Within the authentication, the following personal data can be processed:

  • Last Name
  • First name
  • Address
  • National identification number
  • Date of birth
  • Birthplace
  • Nationality
  • Issuing authority of the identification document
  • Place of issuance of the identification document
  • Date of issuance of the identification document

2. Legal basis for the data processing

The legal basis for the processing of personal data is our legal obligation to comply with the due diligence obligations stemming from the EU AML Regulation. The legal basis is therefore Art. 6 (1)(c) of the GDPR.

3. Purpose of the data processing

The processing of the personal data serves exclusively the purpose of fulfilling our legal obligations stemming from the EU AML Regulation.

4. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Mandatory legal provisions - in particular retention periods - remain unaffected.

5. Possibility of objection and removal

The User has the option to object to the processing of his/her personal data at any time by sending an email to service@invesdor.com. You can find more information from the privacy policies of Onfido Limited, Deutsche Post AG, Lionsware GmbH, AUTHADA GmbH and Signicat GmbH.

XV. Anti-Money Laundering Activities - Simplified Customer Due Diligence

1. Description and scope of data processing

In cases where there is a particularly low risk of money laundering and terrorist financing, the data controller shall apply the simplified due diligence obligations according to Art. 15 of the EU AML Regulation
The authentication is performed as described in the following:

Automatic comparison is performed with the database of SCHUFA Holding AG via the GiroIdentPlus -system or via a corresponding system of Crif GmbH (Crif Bürgel). The requested bank details of the User are checked and the data of the requested person, in combination with the bank code and the account number or IBAN, are compared with the existing database. The following personal data are processed:

  • Last name, first name
  • Address
  • Date of birth
  • Bank details

The authentication processes described above are only applicable to Users with country of residency in Germany or Austria.

2. Legal basis for the data processing

The legal basis for the processing of personal data is our legal obligation to comply with the due diligence obligations stemming from EU AML Regulation. The legal basis is therefore Art. 6 (1)(c) of the GDPR.

3. Purpose of the data processing

The processing of the personal data serves exclusively the purpose of fulfilling our legal obligations stemming from the applicable EU AML Regulation.

4. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Mandatory legal provisions - in particular retention periods - remain unaffected.

5. Possibility of objection and removal

The User has the possibility at any time to object to the processing of his/her personal data by sending an email to service@invesdor.com. You can find more information from the privacy policies of SCHUFA Holding AG and Crif GmbH.

XVII. Projects of Helmet Business Mentors Oy

Helmet Business Mentors Oy is a financial company that invests capital in other companies. For the provision of its services, Helmet Businuess Oy uses part of the technical infrastructure of Invesdor AG. This means that Helmet Business Oy's customers have to register and create a customer profile via Invesdor AG's technical infrastructure in order to use the services.

In this case, Helmet Business Mentors OY and Invesdor AG are joint data controllers within the meaning of the GDPR. Regarding the details of the data processing, we refer to point "XIV Registration" of this Privacy Policy.

XVIII. Ownersportal

In the case of the Ownersportal service for managing shareholder lists, we act only as a data processor, while the company using the service is the data controller.

XIX. Partner programmes

Furthermore, we use the following partner programmes:

Own affiliate programme, FinanceAds

XX. Content Delivery Programmes

We also use the following content delivery networks:

Microsoft Azure CDN, Fastly

XXI. Plugins used

We use plugins for various purposes. The plugins used are listed below:

Google Tag Manager

1. Scope of the processing of personal data

We use the Google Tag Manager of Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (“Google”). The Google Tag Manager can be used to manage tags from Google services and third-party providers and to embed them in a bundle. Tags are small code elements on an online presence that are used, among other things, to measure website visitor numbers and behaviour, to record the impact of online advertising and social channels, to use remarketing and targeting and to test and optimise online presences. When a User visits the website, the current tag configuration is sent to the User's browser. It contains instructions on which tags should be triggered. Google Tag Manager triggers other tags which may collect data. Information on these can be found in this Privacy Policy in the sections concerning the use of these corresponding services. Google Tag Manager does not access this data.

You can find more information on Google Tag Manager on Google’s website and on Google's privacy policy.

2. Purpose of the data processing

The purpose of the processing of the personal data is to efficiently integrate the third party services.

3. Legal basis for the processing of personal data

The legal basis for the processing of the Users' personal data is generally the consent of the respective User in accordance with Art. 6 (1)(a) of the GDPR.

4. Duration of the storage

Your personal data will be stored as long as it is necessary to fulfil the purposes described in this Privacy Policy or as required by law. According to Google, advertising data in server logs is anonymised by deleting parts of the IP address and cookie information after 9 and 18 months respectively.

5. Possibility of objection and removal

You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can prevent the collection and the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function on your browser, by deactivating the execution of script code in your browser or by installing a script blocker to your browser.

You can also prevent the collection of data generated by cookies and your online presence (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing a browser plugin.
You can deactivate the use of your personal data by Google on Google’s website.
You can find more information on objection and removal options on Google’s privacy policy.

Google Analytics

1. Scope of the processing of personal data

We use Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (“Google”). Google Analytics examines, among other things, the origin of website visitors, the time length they spend on individual pages and the use of search engines, thus enabling better monitoring of our advertising campaigns. Google sets a cookie on your computer, which allows personal data to be stored and analysed, in particular the activity of the respective User (especially which pages have been visited and which elements have been clicked on), device and browser information (especially the IP address and the operating system), data about the advertisements displayed (especially which advertisements were displayed and whether the User clicked on them) and also data from advertising partners (especially pseudonymised User IDs). The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymisation is activated on the website, your IP address will be truncated beforehand by Google inside the EU or EEA member states. Only in extraordinary cases the full IP address is transmitted to a Google server in the USA and truncated there after the transmission. On behalf of the operator of the website, Google will use this information for the purpose of analysing your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You may refuse the use of cookies on your browser settings. However if you object using cookies, you may not be able to use the full functionality of the website.
Further information on the processing of data by Google can be found on Google’s privacy policy.

2. Purpose of the data processing

The purpose of processing personal data is to specifically address a target group that has already expressed an initial interest by visiting the website.

3. Legal basis for the processing of personal data

The legal basis for the processing of the Users' personal data is generally the consent of the respective User in accordance with Art. 6 (1)(a) of the GDPR.

4. Duration of storage

Your personal information will be stored as long as it is necessary to fulfil the purposes described in this Privacy Policy or as required by law. According to Google, advertising data in server logs is anonymised by deleting parts of the IP address and cookie information after 9 and 18 months respectively.

5. Possibility of objection and removal

You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection and the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function on your browser, by deactivating the execution of script code in your browser or by installing a script blocker to your browser.

You can also prevent the collection of data generated by the cookies and your online presence (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin.
You can deactivate the use of your personal data by Google on Google’s website.
You can find more information on objection and removal options on Google’s privacy policy.

Piwik PRO

1. Description and scope of data processing

Our website uses Piwik PRO as a web analysis service (Piwik Pro GmbH, Lina-Bommer-Weg 6, 51149 Köln, Germany). The data obtained in this way is stored exclusively in anonymised form for marketing and optimisation purposes. Pseudonymous usage profiles are also created. For this purpose, cookies are used and they are stored on your computer after your consent. This enables pseudonymous analysis of your use of our website. We also analyse the activity of website visitors (number of times the web pages are called up). This is done anonymously, and the IP address is truncated immediately after collection.

2. Purpose of the data processing

This software is used to collect data for website optimisation and for statistical evaluation of website visits.

3. Legal basis of the data processing

The legal basis of the processing is Art. 6 (1)(a) of the GDPR.

4. Duration of storage

Your personal data will be stored for as long as is necessary to fulfil the purposes described in this Privacy Policy or as required by law.

5. Possibility of objection and removal

You can prevent the processing of your personal data at any time by changing your browser’s cookie settings.
You can find more information on objection and removal options on Piwik PRO’s privacy policy.

Hotjar

1. Scope of the processing of personal data

We use the web analytics service Hotjar provided by Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (“Hotjar”). Hotjar uses, among other things, cookies that enable the analysis of your use of our online presence. This allows personal data to be stored and analysed, in particular the activity of the respective User (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system) and a tracking code (pseudonymised User ID). The information collected by this way is transmitted by Hotjar to a server in Ireland and stored there in anonymised form. Further information on the processing of data by Hotjar can be found on Hotjar’s privacy policy.

2. Purpose of the data processing

The use of the Hotjar plug-in is used to get a better understanding of the needs of our Users and to optimise our online presence.

3. Legal basis for the processing of personal data

The legal basis for the processing of the Users' personal data is generally the consent of the User pursuant to Art. 6 (1)(a) of the GDPR.

4. Duration of storage

Your personal information will be stored for as long as is necessary to fulfil the purposes described in this Privacy Policy or as required by law.

5. Possibility of objection and removal

You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can prevent the collection and processing of your personal data by Hotjar by preventing third-party cookies from being stored on your computer, using the "Do Not Track" function on your browser, deactivating the execution of script code in your browser or installing a script blocker to your browser.
You can deactivate the use of your personal data by Hotjar on Hotjar’s website.
Information about objection and removal options in respect to Hotjar can be found on Hotjar’s privacy policy.

Facebook Retargeting

1. Scope of the processing of personal data

We use functionalities of the advertising plugin called Facebook Retargeting provided by Meta Platforms Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).
Facebook Retargeting is used to carry out advertising campaigns and to interact with these campaigns. Users are reminded by Facebook Retargeting of products that they have searched for or viewed but have not purchased. Cookies are stored by Facebook on your terminal device.

In particular, the following personal data is processed by Facebook:

  • Information about the activities of the respective User
  • Websites accessed
  • Which products have been displayed
  • Which ads have been clicked on
  • Device information, in particular device type and IP address
  • Facebook account of the User, if they are logged into Facebook

Data is processed on servers of Facebook Inc, Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA. Other recipients of the data are providers and service providers of Facebook.
Further information on the data processing by Facebook can be found on Facebook’s privacy policy.

2. Purpose of the data processing

We use Facebook Retargeting to serve ads on various platforms and to analyse how Users interact with these ads. In this way, we aim to be able to show Users personalised advertising.

3. Legal basis for the processing of personal data

The legal basis for the processing of the Users' personal data is generally the consent of the respective User in accordance with Art. 6 (1)(a) of the GDPR.

4. Duration of storage

Your personal information will be stored for as long as it is necessary to fulfil the purposes described in this Privacy Policy or as required by law.

5. Possibility of objection and removal

You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can prevent the collection and processing of your personal data by Facebook by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function on your browser, by deactivating the execution of script code in your browser or by installing a script blocker to your browser.

Deactivating personalised advertising for Facebook users is possible for logged-in users on Facebooks’s website.
For more information on objection and removal options in respect to Facebook can be found on Facebook’s privacy policy.

LinkedIn Insight Tag

1. Scope of the processing of personal data

We use functionalities of the marketing plugin called LinkedIn Insight Tag provided by LinkedIn Ireland, Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The plugin enables us to obtain information about website visitors and to run detailed campaign reports.

In particular, the following personal data is processed by LinkedIn:

  • URL
  • Referrer URL
  • IP address truncated or hashed
  • Device and browser properties as well as timestamp

Cookies from LinkedIn are stored on your terminal device. Further information on the cookies used can be found on LinkedIn’s privacy policy.

LinkedIn does not share any personal data with us, but only provides aggregated audience and ad reports. LinkedIn also offers a remarketing function that allows us to show you targeted personalised advertising outside of our website without revealing your identity.

For more information on how LinkedIn processes data can be found on LinkedIn’s privacy policy.

2. Purpose of the data processing

The use of LinkedIn Insight Tag serves us to collect information about website visitors.

3. Legal basis for the processing of personal data

The legal basis for the processing of the Users' personal data is generally the consent of the respective User in accordance with Art. 6 (1)(a) of the GDPR.

4. Duration of storage

LinkedIn User IDs are removed within seven days to pseudonymise the data. This remaining pseudonymised data is then deleted within 180 days.

5. Possibility of objection and removal

You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can prevent the collection and processing of your personal data by LinkedIn by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function on your browser, deactivating the execution of script code in your browser or installing a script blocker to your browser.
For more information on objection and removal options in respect to LinkedIn can be found in LinkedIn’s privacy policy.

Calendly

1. Description and scope of data processing
Users have a possibility to book an appointment with our contact persons on our website. We use the online calendar "Calendly" to request and select an appointment. Calendly is a service of Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States. When the User presses the corresponding booking button, the User is automatically connected to the appointment account of one of our contact persons at Calendly. Once the User has selected the appointment, confirmed it and entered their contact details and questions, they will receive an email from Calendly confirming their appointment.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1)(a) of the GDPR.

3. Purpose of the data processing

The purpose of the processing of personal data is to arrange appointments as requested by Users and to enable the processing of the request in case of possible queries.

4. Duration of storage

This data remains with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.

5. Possibility of objection and removal

You have the right to revoke your consent at any time via sending an email to service@invesdor.com.
For more information on objection and removal options in respect to Calendly can be found on Calendly’s privacy policy.

Landbot

1. Scope of the processing of personal data

We use functionalities of the chatbot builder Landbot of Landbot, HELLO UMI S.L, Calle Garrigues, 5, 8º GL, 46001 Valencia, Spain (“Landbot”). With the help of Landbot, we can process requests from website visitors via a chatbot.

The following personal data is thereby processed by Landbot:

  • Data you share with us via the chatbot

For further information on the processing of data by Landbot can be found on Landbot’s privacy policy.

2. Purpose of the data processing

We use Landbot to provide a chatbot on our website. This allows us to answer and record queries from our website visitors in an automated way.

3. Legal basis for the processing of personal data

The legal basis for the processing of the Users' personal data is generally the consent of the respective User in accordance with Art. 6 (1)(a) of the GDPR.

4. Duration of the storage

Your personal data will be stored for as long as is necessary to fulfil the purposes described in this Privacy Policy or as required by law.

5. Possibility of objection and removal

You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can prevent the collection and processing of your personal data by Landbot by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function on your browser, by disabling the execution of script code in your browser or by installing a script blocker to your browser.
Further information on revocation and removal options in respect to Landbot can be found on Landbot’s privacy policy.

Zendesk

1. Description and scope of data processing

We use a programme provided by Zendesk GmbH, Neue Schönhauser Str. 3-5, 10178 Berlin (“Zendesk”). We use the programme for email, push messages, for live chats and the FAQ centre. Cookies may be used for this purpose. The cookies enable the recognition of the internet browser. As a result, personal data can be stored and analysed, especially the User's activity (in particular, which pages have been visited and which elements have been clicked on) and device and browser information (in particular, the IP address and the operating system). From this anonymised data, User profiles can be created under a pseudonym.

2. Legal basis of data processing

The legal basis for data processing is always the consent of the respective User, Art. 6 (1)(a) of the GDPR.

3. Purpose of data processing

We use Zendesk to enable interested website visitors to communicate more easily with our customer service, particularly in the context of support topics.

4. Duration of storage

The data is deleted as soon as the purpose of its collection has been fulfilled.

5. Possibility of objection and removal

You have the right to revoke your consent at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can prevent the collection and processing of your personal data by Zendesk by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function on your browser, by disabling the execution of script code in your browser or by installing a script blocker to your browser.
For more information, please see Zendesk's privacy policy.

FinanceAds

1. Description and scope of the data agreement
FinanceAds is a service provider for advertisers and websites offering performance marketing services including the measurement and tracking of advertising success. FinanceAds uses cookies to determine advertising success. No personal data is stored in these cookies as they are anonymised tracking IDs.

Further information on the data processing by FinanceAds can be found on FinanceAds’ privacy policy.

2. Legal basis for data processing

The legal basis for the processing is Art. 6 (1)(f) of the GDPR.

3. Purpose of the data processing

The purpose of processing personal data is to acquire new partnerships and to optimise our offerings.

4. Duration of storage

The duration of the FinanceAds parameters integrated in the browser of the respective User is 90 days.

5. Possibility of objection and removal

Information on objection options and an opt-out link can also be found on the FinanceAds’ privacy policy.

Bing Ads

1. description and scope of data processing

On our pages, we use the conversion tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This involves Microsoft Bing Ads storing a cookie on your computer if you have accessed our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognise that someone has clicked on an ad, been redirected to our website and reached a previously determined target page (conversion page).

2. Purpose of the data processing

This software is used to collect data for the needs-based design of our website and for the statistical evaluation of website visits for marketing and optimisation purposes.

3. Legal basis of data processing

The legal basis of the processing is Art. 6 para. 1 lit a) DSGVO.

4. Duration of storage, objection and removal options

If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by clicking on the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE to declare your objection. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.

Google Ads

1. Description and scope of data processing

This website uses Google AdSense. This is a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the integration of advertisements. Google AdSense uses cookies. These are files which are stored on your PC and enable Google to analyse the data relating to your use of our website. Google AdSense also uses web beacons, which are invisible graphics that enable Google to analyse clicks on this website, traffic to this website and similar information.

The information obtained via cookies and web beacons, your IP address and the delivery of advertising formats are transmitted to a Google server located in the USA and stored there. Google may share this collected information with third parties if required to do so by law or if Google contracts with third parties to process the data. However, Google will merge your IP address with the other stored data.

2. Purpose of the data processing

This software is used to collect data for the needs-based design of our website and for the statistical evaluation of website visits for marketing and optimisation purposes.

3. Legal basis of data processing

The legal basis of the processing is Art. 6 para. 1 lit a) DSGVO.

4. Duration of storage, objection and removal options

You can prevent the aforementioned cookies from being stored on your PC by making the appropriate settings on your Internet browser. However, this may mean that the contents of this website can no longer be used to the same extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Use of Unbounce

1. Description and scope of data processing

Unbounce, unbounce Marketing Solutions Inc, 400.401 West Geaorgia Street, Vancouver, BC, Canada, V6B 5A1, is a tool with which we integrate pop-ups on our website or create social media campaigns, which are intended to make it easier to subscribe to our newsletter. Your personal data is only processed if you enter it yourself. 

The following data is processed:

  • Name, first name
  • E-Mail-address
  • Language selection

2. Purpose of data processing

Personal data ist collected in order to make it as easy as possible for users to subscribe to our newsletter and to make the service of our website as optimal as possible. 

3. Legal basis for data processing

The legal basis for the processing of the data after registration for the newsletter by the user ist Art. 6 para. 1 p. 1 lit. a GDPR if the user has given his/her consent.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no other reasons or obligations to retain it. 

5. Possibility of objection and removal

The user has the possibility to revoke his/her consent to the processing of personal data at any time by sending an e-mail to service@invesdor.de. In addition, we refer to Unbounce's data protection declaration for further information on objection and removal options. 

Use of Zapier

1. Description and scope of data processing

Zapier, Papier Inc., 584 Market St. #62411, San Francisco, CA 94104-5401, is an API tool that assists in the transfer of personal data entered by the user when subscribing to the newsletter via the po-up integrated on our website by the service provider Unbounce (see above) into our newsletter distribution system.

The following data is processed:

  • Name, first name
  • E-Mail-address
  • Language selection

2. Purpose of data processing

Personal data ist collected in order to optimise our services and user experience on our website, in particular in relation to our newsletter.

3. Legal basis for data processing

The legal basis for the processing of the data are Art. 6 para. 1 p. 1 lit. a GDPR as well as Art. 6 para. 1 p. 1 lit. f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no other reasons or obligations to retain it. 

5. Possibility of objection and removal

The user has the possibility to revoke his/her consent to the processing of personal data at any time by sending an e-mail to service@invesdor.de. In addition, we refer to Zapier's data protection declaration for further information on objection and removal options.