Privacy - hep

Data pro­tec­tion infor­ma­ti­on in accordance with Arti­cles 13, 14 and 21 of the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR)

The infor­ma­ti­on lis­ted below gives you an over­view of how your per­so­nal data is pro­ces­sed by the com­pa­nies of the hep Group and of your rights under data pro­tec­tion law.

Our data pro­tec­tion infor­ma­ti­on is divi­ded as follows:

Part I: Data Pro­tec­tion Infor­ma­ti­on for Natu­ral Persons

The data pro­tec­tion noti­ces lis­ted in this Part I app­ly in all cases in which you are in con­ta­ct with us exclu­si­ve­ly as a natu­ral per­son (e.g., as an inves­tor to invest only your own assets) and not as a repre­sen­ta­ti­ve or employee of a legal entity.

The spe­ci­fic deter­mi­na­ti­on of which of your per­so­nal data is pro­ces­sed in each indi­vi­du­al case and how it is used for what pur­po­se depends on the man­ner in which con­ta­ct was estab­lis­hed bet­ween you and us and the con­nec­tion (e.g., a con­tract) bet­ween you and our companies.

If you as an inves­tor join or have joi­ned an invest­ment fund mana­ged by the hep Group (this can also be done in the form of a trust agree­ment bet­ween you and HEP Treu­hand GmbH), the data pro­tec­tion infor­ma­ti­on that is atta­ched to your mem­bers­hip decla­ra­ti­on, with regard to the spe­ci­fi­cal­ly named com­pa­nies of the hep Group and the ser­vice pro­vi­ders, takes pre­ce­dence over the infor­ma­ti­on lis­ted below; in this event, the fol­lowing explana­ti­ons are only to be used as a supplement.

1. Data Con­trol­ler and Con­ta­ct Data

a) If you as an inves­tor join an invest­ment fund mana­ged by the hep Group (this can also take place in the form of a trust agree­ment bet­ween you and HEP Treu­hand GmbH), the data con­trol­ler is the com­pa­ny that is named in the “Infor­ma­ti­on on the pro­ces­sing of your per­so­nal data in accordance with Art. 13, 14 and 21 GDPR”, which is inclu­ded as an annex to the mem­bers­hip decla­ra­ti­on of the respec­ti­ve invest­ment fund.

b) In all other cases, the data con­trol­ler respon­si­ble for pro­ces­sing your data is:

hep glo­bal GmbH Römer­str. 3
74363 Güg­lin­gen
Pho­ne: 07135 93446 – 616
Email: info@hep.global

c) You can con­ta­ct our data pro­tec­tion offi­cer as follows:

hep glo­bal GmbH
Daten­schutz­be­auf­trag­ter der hep glo­bal GmbH Römer­str. 3

74363 Güg­lin­gen
Email: datenschutz@hep.global

2. Pro­ces­sed Per­so­nal Data and its Origin

a) If you join an invest­ment fund mana­ged by the hep Group as an inves­tor, we pro­cess the per­so­nal data from the mem­bers­hip decla­ra­ti­on (your name, date of birth, place of birth, natio­na­li­ty, con­ta­ct data, data from iden­ti­fi­ca­ti­on docu­ments, tax and bank data, sub­scrip­ti­on amount) and the decla­ra­ti­ons and insuran­ces made with this mem­bers­hip decla­ra­ti­on. This inclu­des, in par­ti­cu­lar, infor­ma­ti­on on the deve­lo­p­ment of capi­tal accounts, infor­ma­ti­on on pay­ments, hol­ding share­hol­ders’ mee­tings and com­mu­ni­ca­ti­on with the tax authorities.

Inso­far as we do not collect this data direct­ly from you, we pro­cess per­so­nal data that we have legi­ti­mate­ly recei­ved eit­her from com­pa­nies of the hep group, such as HEP Ver­trieb GmbH, or from agents or sales part­ners, or from publicly acces­si­ble sources such as land regis­ters and com­mer­cial regis­ters, press and other media as well as deb­tor regis­ters and that we are per­mit­ted to process.

b) In all other cases (e.g., if you work as an agent for a com­pa­ny of the hep group) we pro­cess the per­so­nal data that we recei­ve from you as part of our busi­ness rela­ti­ons­hip.
In addi­ti­on, we pro­cess per­so­nal data that we have legi­ti­mate­ly recei­ved from third par­ties (e.g., to ful­fil con­tracts or based on your con­sent). On the other hand, we pro­cess per­so­nal data that we are allo­wed to collect and pro­cess from publicly acces­si­ble sources (e.g., land regis­ters, com­mer­cial regis­ters, asso­cia­ti­on regis­ters, the press, media).

The type and scope of this data depends on the respec­ti­ve busi­ness rela­ti­ons­hip bet­ween you and us; typi­cal­ly, this can be: your name, your address and other con­ta­ct details, such as tele­pho­ne num­ber and email address, tax and bank data as well as legi­ti­ma­ti­on and authen­ti­ca­ti­on data (ID data and signa­tu­re samples).

3. Pur­po­ses of Pro­ces­sing and Legal Basis

a) To ful­fill pre-con­trac­tu­al obli­ga­ti­ons (Art. 6 para. 1 lit b) GDPR)

If you join an invest­ment fund mana­ged by the hep Group as an inves­tor, your per­so­nal data will be pro­ces­sed in par­ti­cu­lar to pre­pa­re, mana­ge and sup­port your invest­ment in this invest­ment fund and for the pur­po­se of bil­ling the sales part­ner and informing them in accordance with the con­trac­tu­al pro­vi­si­ons regar­ding your par­ti­ci­pa­ti­on. In other cases, too, your per­so­nal data is pro­ces­sed to car­ry out the respec­ti­ve con­tract con­clu­ded with you or to car­ry out pre-con­trac­tu­al measures.

b) Accord­ing to legal requi­re­ments (Art. 6 para. 1 c GDPR) or when it is in the public inte­rest (Art. 6 para. 1 lit. c of the GDPR)

In addi­ti­on, we pro­cess your per­so­nal data to ful­fil our sta­tu­to­ry or super­vi­so­ry obli­ga­ti­ons, such as tho­se resul­ting for us from the Money Laun­de­ring Act (GwG), the Capi­tal Invest­ment Code (KAGB) or the tax laws. The pur­po­ses of pro­ces­sing inclu­de, inter alia, iden­ti­ty checks, resi­den­cy checks, pre­ven­ting fraud and money laun­de­ring, ful­fil­ling tax con­trol and repor­ting obli­ga­ti­ons as well as asses­sing and mana­ging risks in our company.

c) Wit­hin the Frame­work of the Balan­cing of Inte­rests (Art. 6 para. 1 lit. f) GDPR)

In addi­ti­on, your per­so­nal data is pro­ces­sed in indi­vi­du­al cases to safe­guard our legi­ti­ma­te inte­rests or the legi­ti­ma­te inte­rests of a third party.

This app­lies in particular:

  • to obtain infor­ma­ti­on about your eco­no­mic per­for­mance (such as credit and default risks),
  • to com­bat money laun­de­ring, ter­ro­rist finan­cing and cri­mi­nal offen­ses that end­an­ger assets,
  • to assert, exer­cise or defend legal claims,
  • to ful­fil regu­la­to­ry requi­re­ments, for examp­le the Federal Finan­cial Super­vi­so­ry Aut­ho­ri­ty (BaFin), the Deut­sche Bun­des­bank or the Euro­pean Cen­tral Bank (ECB),
  • to ensu­re IT secu­ri­ty and our IT operations,
  • to con­trol our busi­ness ope­ra­ti­ons and fur­ther deve­lop ser­vices and products,
  • to deve­lop and imple­ment adver­ti­sing mea­su­res for mar­ket and opi­ni­on rese­arch, pro­vi­ded you have not objec­ted to the pro­ces­sing for the­se purposes.

d) On the basis of your con­sent (Art. 6 para. 1 lit. a) GDPR).

Inso­far as you have con­sen­ted to the pro­ces­sing of per­so­nal data for spe­ci­fic pur­po­ses in indi­vi­du­al cases, this con­sent forms the legal basis for the pro­ces­sing based on it. You can with­draw your con­sent at any time. This also app­lies to with­drawing con­sent – such as any Schufa con­sent – were given to us befo­re May 25, 2018. Plea­se note that a with­dra­wal only takes effect in the future and does not affect the lega­li­ty of any pro­ces­sing car­ri­ed out befo­re the withdrawal.

4. Cate­go­ries of Reci­pi­ents of your Per­so­nal Data

Access to your per­so­nal data is only given to tho­se per­sons and offices wit­hin the respec­ti­ve pro­ces­sing com­pa­ny of the hep group who need it to ful­fil their con­trac­tu­al and legal obli­ga­ti­ons or to safe­guard legi­ti­ma­te inte­rests. Ser­vice pro­vi­ders used by us who pro­cess your data on our behalf (Art. 28 GDPR) or com­pa­nies that ope­ra­te as (self-employ­ed) “con­trol­lers” wit­hin the mea­ning of Art. 4 No. 7 GDPR, can recei­ve your data if the necessa­ry requi­re­ments of the GDPR are ful­fil­led. The­se are com­pa­nies in par­ti­cu­lar in the cate­go­ries of IT ser­vices, logistics, telecom­mu­ni­ca­ti­ons, sales and mar­ke­ting, legal and tax advice and debt collection.

It can also be pas­sed on to public bodies such as the Federal Finan­cial Super­vi­so­ry Aut­ho­ri­ty, the Deut­sche Bun­des­bank or the Euro­pean Cen­tral Bank, as well as to tax offices, inso­far as we are obli­ga­ted to do so by law or by super­vi­so­ry law.

If you are an inves­tor in an invest­ment fund mana­ged by the hep Group, the data pro­ces­sing for the afo­re­men­tio­ned pur­po­ses also inclu­des the trans­mis­si­on of the data, in par­ti­cu­lar to HEP Ver­trieb GmbH and the invest­ment fund’s respec­ti­ve depo­si­ta­ry, to the Federal Cen­tral Tax Office and – if you have inst­ruc­ted us accord­in­gly – to a tax advi­sor appoin­ted by you.

In addi­ti­on, other inves­tors may also recei­ve part of your per­so­nal data, pro­vi­ded that they claim infor­ma­ti­on about their co-share­hol­ders or co-distributors.

5. Trans­fer to a Third Coun­try or Inter­na­tio­nal Organization

As a rule, we will not pass on your per­so­nal data to reci­pi­ents in third coun­tries (coun­tries out­side the Euro­pean Uni­on or the Euro­pean Eco­no­mic Area) or to inter­na­tio­nal orga­niz­a­ti­ons. Some­thing else only app­lies to the extent that:

  • it is necessa­ry to car­ry out your par­ti­ci­pa­ti­on as an inves­tor in our invest­ment funds,
  • it is requi­red by law (e.g., due to tax repor­ting obli­ga­ti­ons) or
  • you have con­sen­ted to the disclosure.

We will inform you sepa­r­ate­ly about the details of such a trans­fer, as far as legal­ly required.

6. Dura­ti­on of sto­rage of your data

If necessa­ry, your per­so­nal data will be stored for the peri­od of our busi­ness rela­ti­ons­hip (typi­cal­ly a con­trac­tu­al rela­ti­ons­hip). The dura­ti­on of the sto­rage also inclu­des the initia­ti­on and pro­ces­sing of such a busi­ness rela­ti­ons­hip.
In addi­ti­on, we are sub­ject to various reten­ti­on and docu­men­ta­ti­on obli­ga­ti­ons, which result from the Com­mer­cial Code (HGB), the Tax Code (AO) and the Money Laun­de­ring Act (GwG). The peri­ods for sto­rage and docu­men­ta­ti­on spe­ci­fied the­re are bet­ween two and ten years after the end of the busi­ness relationship.

Final­ly, the reten­ti­on peri­od is also asses­sed accord­ing to the sta­tu­to­ry limi­ta­ti­on peri­ods, which, for examp­le, accord­ing to Art. 195 et seq. of the Ger­man Civil Code (BGB) may, as a rule, be three years, but in cer­tain cases also up to thir­ty years.

After the afo­re­men­tio­ned dead­lines have expi­red, your per­so­nal data will be regu­lar­ly dele­ted, unless the – in turn limi­ted – fur­ther pro­ces­sing of this data is necessa­ry in order to safe­guard our inte­rests or the legi­ti­ma­te inte­rests of a third par­ty, as exem­pli­fied in Clau­se 3©. Such a legi­ti­ma­te inte­rest can also exist, for examp­le, if dele­ti­on is only pos­si­ble with dis­pro­por­tio­na­te effort due to the spe­cial type of sto­rage and at the same time pro­ces­sing for pur­po­ses other than tho­se men­tio­ned is exclu­ded by sui­ta­ble tech­ni­cal and orga­niz­a­tio­nal measures.

7. Your Data Pro­tec­tion Rights

Under cer­tain con­di­ti­ons, if you are affec­ted by the pro­ces­sing of per­so­nal data, you have the fol­lowing data pro­tec­tion rights:

  • You have the right to recei­ve from us infor­ma­ti­on about your data stored by us accord­ing to the pro­vi­si­ons of Art. 15 GDPR (pos­si­b­ly with restric­tions accord­ing to Sec­tion 34 BDSG [Federal Data Pro­tec­tion Act]).
  • At your request, we will cor­rect the data stored about you in accordance with Art. 16 GDPR if it is inac­cu­ra­te or incorrect.
  • If you wish, we will dele­te your data in accordance with the princi­ples of Art. 17 GDPR, pro­vi­ded that other legal regu­la­ti­ons (e.g., sta­tu­to­ry reten­ti­on requi­re­ments or the restric­tions accord­ing to Sec­tion 35 BDSG) or an over­ri­ding inte­rest on our part (e.g. to defend our rights and claims) do not oppo­se this.
  • Taking into account the requi­re­ments of Art. 18 GDPR, you can ask us to restrict the pro­ces­sing of your data.
  • You can also object to the pro­ces­sing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop pro­ces­sing your data. Howe­ver, this right of objec­tion only app­lies in the event of very spe­cial cir­cum­s­tan­ces regar­ding your per­so­nal situa­ti­on, wher­eby our company’s rights may con­flict with your right of objection.
  • You also have the right, sub­ject to the requi­re­ments of Art. 20 GDPR, to recei­ve your data in a struc­tu­red, com­mon and machi­ne-read­a­ble for­mat or to trans­mit it to a third party.
  • In addi­ti­on, you have the right to with­draw your con­sent to the pro­ces­sing of per­so­nal data at any time with future effect.
  • You also have the right to lodge a com­p­laint with a data pro­tec­tion super­vi­so­ry aut­ho­ri­ty (Art. 77 GDPR). Howe­ver, we recom­mend that you always address a com­p­laint to us first.
  • If pos­si­ble, your requests to exer­cise your rights should be addres­sed in wri­ting to the data con­trol­ler named in Clau­se 1.

8. Neces­si­ty to Pro­vi­de your Per­so­nal Data

a) If you as an inves­tor join an invest­ment fund mana­ged by the hep Group, we will requi­re your per­so­nal data so that we can exami­ne your offer of par­ti­ci­pa­ti­on in the respec­ti­ve invest­ment fund in accordance with the legal regu­la­ti­ons to be obser­ved.
Accord­ing to money laun­de­ring regu­la­ti­ons, we are obli­ga­ted to iden­ti­fy you, for examp­le using your iden­ti­ty card, and to collect and record your name, place of birth, date of birth, natio­na­li­ty and home address. In accordance with Sec­tion 8 para. 2 in con­junc­tion with Sec­tion 12 para. 1 GwG, we are also obli­ga­ted to record the type, num­ber and issuing aut­ho­ri­ty of the docu­ment sub­mit­ted to veri­fy iden­ti­ty. For us to be able to meet the­se legal obli­ga­ti­ons, accord­ing to Sec­tion 11 para. 6 GwG you must pro­vi­de the necessa­ry infor­ma­ti­on and docu­ments and also noti­fy us immedia­te­ly of any chan­ges that ari­se after accep­t­ing your offer to mana­ge your par­ti­ci­pa­ti­on.
If you do not pro­vi­de your infor­ma­ti­on, we can­not review and accept your offer for par­ti­ci­pa­ti­on and, in the event of accep­t­ance, we can­not mana­ge your par­ti­ci­pa­ti­on in accordance with the con­trac­tu­al pro­vi­si­ons agreed bet­ween us. Fur­ther­mo­re, we would not be able to ful­fil our legal obli­ga­ti­ons to com­bat money laun­de­ring without your details to veri­fy your iden­ti­ty or to chan­ge this infor­ma­ti­on. We would the­re­fo­re be legal­ly obli­ga­ted to refrain from a busi­ness rela­ti­ons­hip with you or to ter­mi­na­te an exis­ting busi­ness rela­ti­ons­hip, see Sec­tion 10 para. 9 GwG.

b) In other cases, too, in estab­li­shing a busi­ness rela­ti­ons­hip – espe­cial­ly if this is direct­ly rela­ted to the com­mer­cial acti­vi­ties of HEP Kapi­tal­ver­wal­tung AG – you can be obli­ga­ted to pro­vi­de the per­so­nal data requi­red to veri­fy your iden­ti­ty in accordance with the afo­re­men­tio­ned pro­vi­si­ons of the Money Laun­de­ring Act; other­wi­se, we would also be obli­ga­ted to refrain from a busi­ness rela­ti­ons­hip or to ter­mi­na­te it. In all other cases, you must only pro­vi­de the per­so­nal data that is necessa­ry to pre­pa­re, imple­ment and ter­mi­na­te a busi­ness rela­ti­ons­hip. Without the­se items of data, we will usual­ly have to refu­se the con­clu­si­on of the respec­ti­ve con­tract or we will no lon­ger be able to exe­cu­te an exis­ting con­tract and may have to ter­mi­na­te it.

9. Auto­ma­ted Indi­vi­du­al Decisi­ons Inclu­ding Pro­fi­le Creation

We may pro­cess your data with the aim of eva­lua­ting cer­tain per­so­nal aspects (“pro­filing”). Pro­filing can be used, in par­ti­cu­lar, due to regu­la­to­ry requi­re­ments. We are obli­ga­ted to com­bat money laun­de­ring, the finan­cing of ter­ro­rism and cri­mi­nal offen­ces that end­an­ger assets. We may also use pro­filing for the­se mea­su­res, which also ser­ve to pro­tect you.

We also use pro­filing to pro­vi­de you with tar­ge­ted infor­ma­ti­on and advice about our pro­ducts. No spe­cial cate­go­ries of per­so­nal data accord­ing to Art. 9 GDPR are processed.

Fur­ther­mo­re, we do not use pure­ly auto­ma­ted decisi­on-making in accordance with Art. 22 GDPR. Should we use the­se pro­ce­du­res in indi­vi­du­al cases, howe­ver, we will inform you sepa­r­ate­ly, inso­far as this is requi­red by law.

Infor­ma­ti­on on the Right to Object to the Pro­ces­sing of Your Data at any Time

You have the right at any time to object to our pro­ces­sing of your per­so­nal data for the pur­po­se of direct mail (sen­ding adver­ti­sing mate­ri­al in wha­te­ver form). If you object, your per­so­nal data will no lon­ger be pro­ces­sed for adver­ti­sing pur­po­ses. Plea­se address your objec­tion to:

hep glo­bal GmbH Römer­str. 3
74363 Güg­lin­gen
Pho­ne: 07135 93446 – 616
E‑Mail: info@hep.global or datenschutz@hep.global

Moreo­ver, you have the right at any time, for per­so­nal rea­sons, to object to the pro­ces­sing of your data that is necessa­ry to safe­guard our legi­ti­ma­te inte­rests. Plea­se send your objec­tion and its jus­ti­fi­ca­ti­on to:

hep glo­bal GmbH Römer­str. 3
74363 Güg­lin­gen
Pho­ne: 07135 93446 – 616
E‑Mail: info@hep.global or datenschutz@hep.global

Based on the jus­ti­fi­ca­ti­on you pro­vi­de, we will review immedia­te­ly, at the latest wit­hin one mon­th after rece­i­pt of your objec­tion, whe­ther we are obli­ga­ted to dele­te your data or whe­ther fur­ther pro­ces­sing of your data is requi­red to safe­guard over­ri­ding legi­ti­ma­te inte­rests or to assert, exer­cise or defend legal claims. We will inform you of the result of our review in wri­ting or in text form.

Part II: Data Pro­tec­tion Infor­ma­ti­on for Legal Enti­ties and Their Employees

The data pro­tec­tion noti­ces lis­ted in this Part II app­ly in all cases in which you are in con­ta­ct with us as the owner, repre­sen­ta­ti­ve or appro­pria­te­ly aut­ho­ri­zed employee of a legal enti­ty (her­ein­af­ter “your com­pa­ny”) and do act not for yourself, but for or on behalf of your company.

The spe­ci­fic deter­mi­na­ti­on of which of your per­so­nal data is pro­ces­sed in each indi­vi­du­al case and how it is used for what pur­po­se depends on the man­ner in which con­ta­ct was estab­lis­hed and the con­nec­tion (e.g. a con­tract) bet­ween you and our companies.

If your com­pa­ny joins or has joi­ned an invest­ment fund mana­ged by the hep Group (this can also be done in the form of a trust agree­ment bet­ween your com­pa­ny and HEP Treu­hand GmbH), the data pro­tec­tion infor­ma­ti­on that is atta­ched to your mem­bers­hip decla­ra­ti­on, with regard to the spe­ci­fi­cal­ly named com­pa­nies of the hep Group and the ser­vice pro­vi­ders, takes pre­ce­dence over the infor­ma­ti­on lis­ted below; in this event, the fol­lowing explana­ti­ons are only to be used as a supplement.

1. Data Con­trol­ler and Con­ta­ct Data

a) If your com­pa­ny joins an invest­ment fund mana­ged by the hep Group (this can also take place in the form of a trust agree­ment bet­ween your com­pa­ny and HEP Treu­hand GmbH), the data con­trol­ler is the com­pa­ny that is named in the “Infor­ma­ti­on on the pro­ces­sing of your per­so­nal data in accordance with Art. 13, 14 and 21 GDPR”, which is inclu­ded as an annex to the mem­bers­hip decla­ra­ti­on of the respec­ti­ve invest­ment fund.

b) In all other cases, the data con­trol­ler respon­si­ble for pro­ces­sing your data is:

hep glo­bal GmbH Römer­str. 3
74363 Güg­lin­gen
Pho­ne: 07135 93446 – 616
E Mail: info@hep.global

c) You can con­ta­ct our data pro­tec­tion offi­cer as follows:

hep glo­bal GmbH
Daten­schutz­be­auf­trag­ter der hep glo­bal GmbH Römer­str. 3

74363 Güg­lin­gen
Email: datenschutz@hep.global

2. Pro­ces­sed Per­so­nal Data and its Ori­gin

a) If your com­pa­ny joins an invest­ment fund mana­ged by the hep Group as an inves­tor, we pro­cess your per­so­nal data from the mem­bers­hip decla­ra­ti­on (name, date of birth, place of birth, natio­na­li­ty, con­ta­ct details, data from iden­ti­fi­ca­ti­on documents).

Inso­far as we do not collect this data direct­ly from you, we pro­cess per­so­nal data that we have legi­ti­mate­ly recei­ved eit­her from com­pa­nies of the hep group, such as HEP Ver­trieb GmbH, or from agents or sales part­ners, or from publicly acces­si­ble sources such as land regis­ters and com­mer­cial regis­ters, press and other media as well as deb­tor regis­ters and that we are per­mit­ted to process.

b) In all other cases (e.g., if your com­pa­ny works as an agent for a com­pa­ny of the hep group) we pro­cess the per­so­nal data that we recei­ve from you in your func­tion as a repre­sen­ta­ti­ve or employee of your company.

Moreo­ver, we pro­cess per­so­nal data that we are allo­wed to collect and pro­cess from publicly acces­si­ble sources (e.g., land regis­ters, com­mer­cial regis­ters, asso­cia­ti­on regis­ters, the press, media).

The type and scope of this data depends on the respec­ti­ve busi­ness rela­ti­ons­hip bet­ween your com­pa­ny and us; typi­cal­ly, this can be: your name, your address and other con­ta­ct details, such as Tele­pho­ne num­ber and email address for your com­pa­ny as well as legi­ti­ma­ti­on and authen­ti­ca­ti­on data (ID data and signa­tu­re samples).

3. Pur­po­ses of Pro­ces­sing and Legal Basis

a) To ful­fill pre-con­trac­tu­al obli­ga­ti­ons (Art. 6 para. 1 lit b) GDPR)

Your per­so­nal data will be pro­ces­sed, in par­ti­cu­lar, to pre­pa­re, mana­ge and sup­port busi­ness rela­ti­ons­hip bet­ween your com­pa­ny and us and is pri­ma­ri­ly used to com­mu­ni­ca­te with your company.

b) Accord­ing to legal requi­re­ments (Art. 6 para. 1 c GDPR) or when it is in the public inte­rest (Art. 6 para. 1 lit. c of the GDPR)

In addi­ti­on, we pro­cess your per­so­nal data to ful­fil our sta­tu­to­ry or super­vi­so­ry obli­ga­ti­ons, such as tho­se resul­ting for us from the Money Laun­de­ring Act (GwG), the Capi­tal Invest­ment Code (KAGB) or the tax laws. The pur­po­ses of pro­ces­sing inclu­de, inter alia, iden­ti­ty checks, resi­den­cy checks, pre­ven­ting fraud and money laun­de­ring, ful­fil­ling tax con­trol and repor­ting obli­ga­ti­ons as well as asses­sing and mana­ging risks in our company.

c) Wit­hin the frame­work of the balan­cing of inte­rests (Art. 6 para. 1 lit. f) GDPR)

In addi­ti­on, your per­so­nal data is pro­ces­sed in indi­vi­du­al cases to safe­guard our legi­ti­ma­te inte­rests or the legi­ti­ma­te inte­rests of a third par­ty.
This app­lies, in particular,

  • to assert, exer­cise or defend legal claims,
  • to ful­fil regu­la­to­ry requi­re­ments, for examp­le the Federal Finan­cial Super­vi­so­ry Aut­ho­ri­ty (BaFin), the Deut­sche Bun­des­bank or the Euro­pean Cen­tral Bank (ECB),
  • to ensu­re IT secu­ri­ty and our IT operations.

d) On the Basis of Your Con­sent (Art. 6 para. 1 lit. a) GDPR).

Inso­far as you have con­sen­ted to the pro­ces­sing of per­so­nal data for spe­ci­fic pur­po­ses in indi­vi­du­al cases, this con­sent forms the legal basis for the pro­ces­sing based on it. You can with­draw your con­sent at any time. This also app­lies to the with­dra­wal of con­sent given to us befo­re 25 May 2018. Plea­se note that a with­dra­wal only takes effect in the future and does not affect the lega­li­ty of any pro­ces­sing car­ri­ed out befo­re the withdrawal.

4. Cate­go­ries of Reci­pi­ents of Your Per­so­nal Data

Access to your per­so­nal data is only given to tho­se per­sons and offices wit­hin the respec­ti­ve pro­ces­sing com­pa­ny of the hep group who need it to ful­fil their con­trac­tu­al and legal obli­ga­ti­ons or to safe­guard legi­ti­ma­te inte­rests. Ser­vice pro­vi­ders used by us who pro­cess your data on our behalf (Art. 28 GDPR) or com­pa­nies that ope­ra­te as (self-employ­ed) “con­trol­lers” wit­hin the mea­ning of Art. 4 No. 7 GDPR, can recei­ve your data if the necessa­ry requi­re­ment of the GDPR is ful­fil­led. The­se are com­pa­nies, in par­ti­cu­lar, in the cate­go­ries of IT ser­vices, logistics, telecom­mu­ni­ca­ti­ons, sales and mar­ke­ting, legal and tax advice.

It can also be pas­sed on to public bodies such as the Federal Finan­cial Super­vi­so­ry Aut­ho­ri­ty, the Deut­sche Bun­des­bank or the Euro­pean Cen­tral Bank, as well as to tax offices, inso­far as we are obli­ga­ted to do so by law or by super­vi­so­ry law.

If your com­pa­ny is an inves­tor in an invest­ment fund mana­ged by the hep Group, the data pro­ces­sing for the afo­re­men­tio­ned pur­po­ses also inclu­des the trans­mis­si­on of the data to HEP Ver­trieb GmbH and the invest­ment fund’s respec­ti­ve depositary.

5. Trans­fer to a Third Coun­try or Inter­na­tio­nal Orga­niz­a­ti­on

In princip­le, we will not pass on your per­so­nal data to reci­pi­ents in third coun­tries (coun­tries out­side the Euro­pean Uni­on or the Euro­pean Eco­no­mic Area) or to inter­na­tio­nal orga­niz­a­ti­ons. Some­thing else only app­lies to the extent that:

  • it is necessa­ry for your company’s par­ti­ci­pa­ti­on in our invest­ment funds,
  • it is requi­red by law (e.g., due to tax repor­ting obli­ga­ti­ons) or
  • you have con­sen­ted to the disclosure.

We will inform you sepa­r­ate­ly about the details of such a trans­fer, as far as legal­ly required.

6. Dura­ti­on of Sto­rage of Your Data

If necessa­ry, your per­so­nal data will be stored for the peri­od of our busi­ness rela­ti­ons­hip (typi­cal­ly a con­trac­tu­al rela­ti­ons­hip). The afo­re­men­tio­ned dura­ti­on of the sto­rage also inclu­des the initia­ti­on and pro­ces­sing of such a busi­ness relationship.

In addi­ti­on, we are sub­ject to various reten­ti­on and docu­men­ta­ti­on obli­ga­ti­ons, which result from the Com­mer­cial Code (HGB), the Tax Code (AO) and the Money Laun­de­ring Act (GwG). The peri­ods for sto­rage and docu­men­ta­ti­on spe­ci­fied the­re are bet­ween two and ten years after the end of the busi­ness relationship.

After the afo­re­men­tio­ned dead­lines have expi­red, your per­so­nal data will be regu­lar­ly dele­ted, unless the – in turn limi­ted – fur­ther pro­ces­sing of this data is necessa­ry in order to safe­guard our inte­rests or the legi­ti­ma­te inte­rests of a third par­ty, as exem­pli­fied in Clau­se 3©. Such a legi­ti­ma­te inte­rest can also exist, for examp­le, if dele­ti­on is only pos­si­ble with dis­pro­por­tio­na­te effort due to the spe­cial type of sto­rage and at the same time pro­ces­sing for pur­po­ses other than tho­se men­tio­ned is exclu­ded by sui­ta­ble tech­ni­cal and orga­niz­a­tio­nal measures.

7. Your Data Pro­tec­tion Rights

Under cer­tain con­di­ti­ons, if you are affec­ted by the pro­ces­sing of per­so­nal data, you have the fol­lowing data pro­tec­tion rights:

  • You have the right to recei­ve from us infor­ma­ti­on about your data stored by us accord­ing to the pro­vi­si­ons of Art. 15 GDPR (pos­si­b­ly with restric­tions accord­ing to Sec­tion 34 BDSG [Federal Data Pro­tec­tion Act]).
  • At your request, we will cor­rect the data stored about you in accordance with Art. 16 GDPR if it is inac­cu­ra­te or incorrect.
  • If you wish, we will dele­te your data in accordance with the princi­ples of Art. 17 GDPR, pro­vi­ded that other legal regu­la­ti­ons (e.g., sta­tu­to­ry reten­ti­on requi­re­ments or the restric­tions accord­ing to Sec­tion 35 BDSG) or an over­ri­ding inte­rest on our part (e.g., to defend our rights and claims) do not oppo­se this.
  • Taking into account the requi­re­ments of Art. 18 GDPR, you can ask us to restrict the pro­ces­sing of your data.
  • You can also object to the pro­ces­sing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop pro­ces­sing your data. Howe­ver, this right of objec­tion only app­lies in the event of very spe­cial cir­cum­s­tan­ces regar­ding your per­so­nal situa­ti­on, wher­eby our company’s rights may con­flict with your right of objection.
  • You also have the right, sub­ject to the requi­re­ments of Art. 20 GDPR, to recei­ve your data in a struc­tu­red, com­mon and machi­ne-read­a­ble for­mat or to trans­mit it to a third party.
  • You also have the right to lodge a com­p­laint with a data pro­tec­tion super­vi­so­ry aut­ho­ri­ty (Art. 77 GDPR). Howe­ver, we recom­mend that you always address a com­p­laint to us first.
  • If pos­si­ble, your requests to exer­cise your rights should be addres­sed in wri­ting to the data con­trol­ler named in Clau­se 1.

8. Neces­si­ty to Pro­vi­de Your Per­so­nal Data

In the con­text of our busi­ness rela­ti­ons­hip with your com­pa­ny, you must pro­vi­de us with the per­so­nal data that is requi­red to record the representation/authorization and the ful­film­ent of the rela­ted con­trac­tu­al obli­ga­ti­ons or that we are legal­ly obli­ga­ted to collect. Without this data, we usual­ly have to reject you as an representative/authorized signa­to­ry or we have to revo­ke an exis­ting representation/authorization.

In par­ti­cu­lar, accord­ing to money laun­de­ring regu­la­ti­ons, we are obli­ga­ted to iden­ti­fy you, for examp­le using your iden­ti­ty card, befo­re set­ting up the repre­sen­ta­ti­on representation/authorization and to collect and record your name, place of birth, date of birth, natio­na­li­ty and home address. In accordance with Sec­tion 8 para. 2
in con­junc­tion with Sec­tion 12 para. 1 GwG, we are also obli­ga­ted to record the type, num­ber and issuing aut­ho­ri­ty of the docu­ment sub­mit­ted to veri­fy iden­ti­ty. For us to be able to meet the­se legal obli­ga­ti­ons, accord­ing to Sec­tion 11 para. 6 GwG, the con­trac­tu­al part­ner must pro­vi­de the infor­ma­ti­on and docu­ments necessa­ry for cla­ri­fi­ca­ti­on and immedia­te­ly noti­fy any chan­ges that ari­se in the cour­se of the busi­ness rela­ti­ons­hip. If you do not pro­vi­de us with the necessa­ry infor­ma­ti­on and docu­ments, we may not set up or con­ti­nue the busi­ness rela­ti­ons­hip desi­red by the respec­ti­ve company.

Your per­so­nal data can also be pro­ces­sed in accordance with money laun­de­ring regu­la­ti­ons inso­far as you are to be regar­ded as the “bene­fi­cial owner” (Sec­tion 3 Money Laun­de­ring Act) of your com­pa­ny. If you do not pro­vi­de us with the infor­ma­ti­on and docu­ments requi­red in this con­text, we may not com­mence the busi­ness rela­ti­ons­hip with your com­pa­ny or we would have to ter­mi­na­te it.

9. Auto­ma­ted Indi­vi­du­al Decisi­ons Inclu­ding Pro­fi­le Crea­ti­on

When pro­ces­sing your per­so­nal data as the owner, representative/authorized signa­to­ry or ano­t­her employee of your com­pa­ny, neit­her “pro­filing” nor a pure­ly auto­ma­ted decisi­on-making pro­cess in accordance with Art. 22 GDPR takes place.

Infor­ma­ti­on on the Right to Object to the Pro­ces­sing of Your Data at any Time

You have the right at any time, for per­so­nal rea­sons, to object to the pro­ces­sing of your data that is necessa­ry to safe­guard our legi­ti­ma­te inte­rests. Plea­se send your objec­tion and its jus­ti­fi­ca­ti­on to:

hep glo­bal GmbH Römer­str. 3
74363 Güg­lin­gen
Pho­ne: 07135 93446 – 616
EMail: info@hep.global or datenschutz@hep.global

Based on the jus­ti­fi­ca­ti­on you pro­vi­de, we will review immedia­te­ly, at the latest wit­hin one mon­th after rece­i­pt of your objec­tion, whe­ther we are obli­ga­ted to dele­te your data or whe­ther fur­ther pro­ces­sing of your data is requi­red to safe­guard over­ri­ding legi­ti­ma­te inte­rests or to assert, exer­cise or defend legal claims. We will inform you of the result of our review in wri­ting or in text form.

Part lll: Data pro­tec­tion infor­ma­ti­on for visi­t­ing our website
The data pro­tec­tion infor­ma­ti­on lis­ted in this Part III will inform you about the type and scope of the pro­ces­sing of per­so­nal data when you visit our website.

Per­so­nal data wit­hin the mea­ning of the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR) means any infor­ma­ti­on rela­ting to a per­son and with the help of which this per­son can be iden­ti­fied, such as the name or email address of the data subject.

Pro­ces­sing wit­hin the mea­ning of the GDPR means any action that is car­ri­ed out in rela­ti­on to per­so­nal data, such as the collec­tion, sto­rage, trans­mis­si­on or dele­ti­on of per­so­nal data.

In the fol­lowing, we exp­lain which data is pro­ces­sed and with whom it is shared when you visit our web­site and when you use our online offering.
You will also find infor­ma­ti­on on your rights as a data subject.

1. Data Con­trol­ler and Con­ta­ct Data


a) The data con­trol­ler respon­si­ble for pro­ces­sing your data is:

hep glo­bal GmbH Römer­str. 3
74363 Güglingen
Pho­ne: 07135 93446 – 616
Email: info@hep.global

b) You can con­ta­ct our data pro­tec­tion offi­cer as follows:

hep glo­bal GmbH
Daten­schutz­be­auf­trag­ter der hep glo­bal GmbH Römer­str. 3
74363 Güglingen
Email: datenschutz@hep.global

2. Collec­tion of Per­so­nal Data When you Visit our Website

When you visit our web­site, we collect data that your brow­ser trans­mits to our ser­ver (“log files”). The­se log files, which are tem­pora­ri­ly stored in our server’s log files, are tech­ni­cal­ly necessa­ry both for you to access our web­site and for our legi­ti­ma­te inte­rest in showing you our web­site as well as to ensu­re its sta­bi­li­ty and secu­ri­ty. The fol­lowing infor­ma­ti­on is recor­ded without your inter­ven­ti­on and stored until it is auto­ma­ti­cal­ly deleted:

  • the IP address of your inter­net-capa­ble computer,
  • the date and time of request,
  • the name and URL of the file retrieved,
  • the website/application from which access is made,
  • the request status/HTTP sta­tus code,
  • the amount of data transmitted,
  • the brow­ser you are using and, if app­li­ca­ble, the ope­ra­ting sys­tem of your inter­net-capa­ble computer,
  • the lan­guage and ver­si­on of your brow­ser software,

The legal basis for pro­ces­sing is your con­sent under Art. 6 para. 1 lit. f) GDPR. Our legi­ti­ma­te inte­rest ari­ses from the pur­po­ses of data collec­tion lis­ted below.

  • ensu­ring a smooth con­nec­tion to the website,
  • ensu­ring con­ve­ni­ent use of our website,
  • eva­lua­ting sys­tem secu­ri­ty and stability.

The data is stored for a peri­od of 60 days and then auto­ma­ti­cal­ly deleted.
Collec­tion of data requi­red to make the web­site avail­ab­le and sto­rage of the data in log files is essen­ti­al for the ope­ra­ti­on of the web­site. Con­se­quent­ly, you have no opti­on to object to its collection.

3. Collec­tion and Pro­ces­sing of Per­so­nal Data When Using the Con­ta­ct Form and When Con­ta­c­ting us by Email

To make our online offe­ring avail­ab­le to you, we use web or con­ta­ct forms on our website.

Our home­page has a form for you to con­ta­ct us. The data ent­e­red here in the mask will be trans­mit­ted to us when the mes­sa­ge is sent and will then be saved. The con­nec­tion is SSL-encrypted.

We ask for your name, your email address and your request in an input mask. Optio­nal­ly, you can give us fur­ther infor­ma­ti­on about e.g., your address or pho­ne, but this is not abso­lute­ly necessa­ry for contact.

In addi­ti­on, the time of sen­ding is also saved.

You can only com­ple­te the pro­cess if you give us your con­sent to pro­cess the con­ta­ct infor­ma­ti­on you have provided.

Alter­na­tively, you can con­ta­ct us via the email address pro­vi­ded. In this case, your per­so­nal data that you trans­mit­ted along with the email will be stored.

When you con­ta­ct us, we will pro­cess the data you pro­vi­de us exclu­si­ve­ly for the pur­po­se of pro­ces­sing your con­ta­ct. No data will be dis­c­lo­sed to third par­ties in the con­text of this data processing.

The legal basis for pro­ces­sing in the event that our con­ta­ct form is used is Art. 6 para. 1 lit. a) GDPR.

If you send us an email, the legal basis for pro­ces­sing is Art. 6 para. 1 lit. f) GDPR.

Inso­far as con­ta­ct is estab­lis­hed for the pur­po­ses of poten­ti­al­ly con­clu­ding a con­tract, an addi­tio­nal legal basis is Art. 6 para. 1 lit. b) GDPR.

We dele­te the data ari­sing in this con­text when it is no lon­ger requi­red to achie­ve the pur­po­se. For the per­so­nal data from the con­ta­ct form input screen and the data you sent by email, this is the case when the respec­ti­ve con­ver­sa­ti­on with the user has been com­ple­ted. The con­ver­sa­ti­on is ter­mi­na­ted when the cir­cum­s­tan­ces indi­ca­te that the mat­ter in ques­ti­on has been final­ly resolved.

You have the opti­on to with­draw your con­sent to data pro­ces­sing at any time. If you have con­ta­c­ted us by email, you can object to the sto­rage of your per­so­nal data. You can send your with­dra­wal or objec­tion to the con­ta­ct address given above.

Plea­se note that in such a case the con­ver­sa­ti­on can­not be con­ti­nued and must be ended. We then dele­te the data trans­mit­ted and stored in the cour­se of making contact.

4. Web­site Optimization

4.1 Coo­kies

To make your visit to our web­site more plea­sant, and to enab­le you to use cer­tain func­tions, we use “coo­kies”. The­se are small text files that are stored on your hard dri­ve and assi­gned to the brow­ser you are using and through which we, as the enti­ty set­ting the coo­kie, recei­ve cer­tain infor­ma­ti­on. A coo­kie usual­ly con­tains the name of the domain from which the coo­kie data was sent, infor­ma­ti­on about the age of the coo­kie and an alpha­nu­me­ric identifier.

Coo­kies do not cau­se any dama­ge to your com­pu­ter and can­not run pro­grams or deli­ver viru­ses to your com­pu­ter. We use coo­kies to make our web­site more user-friend­ly and effec­ti­ve for you as a whole.

We use coo­kies that are dele­ted when the brow­ser is clo­sed (tran­si­ent coo­kies) and coo­kies that are stored on your com­pu­ter for a cer­tain peri­od, which can dif­fer depen­ding on the coo­kie (per­sis­tent cookies).

The tran­si­ent coo­kies inclu­de, in par­ti­cu­lar, ses­si­on coo­kies that save what is known as a ses­si­on ID with which various requests from your brow­ser can be assi­gned to the com­mon ses­si­on. This allows your com­pu­ter to be reco­gni­zed when you return to our web­site. Ses­si­on coo­kies are dele­ted when you log out or clo­se the brow­ser. You can dele­te per­sis­tent coo­kies at any time in the secu­ri­ty set­tings of your browser.

This use of coo­kies is inten­ded to help you in hand­ling our web­site (func­tio­n­al coo­kies) and to enab­le us to sta­tis­ti­cal­ly ana­ly­ze access to our web­site (per­for­mance cookies).
The data ori­gi­na­ting from our web­site is recor­ded by a ser­vice pro­vi­der com­mis­sio­ned by us, howe­ver, hep glo­bal GmbH exclu­si­ve­ly deter­mi­nes the use of the data.
The data we collect includes:

  • the inter­net pro­to­col address from which you access the internet,
  • the day and time,
  • the files or search terms sear­ched for,
  • the brow­ser you are using, the ope­ra­ting system,
  • your inter­net-capa­ble com­pu­ter used.

To meet our data pro­tec­tion stan­dard, your inter­net pro­to­col address is always pro­ces­sed anony­mous­ly via coo­kies in 1‑byte.

We use this infor­ma­ti­on to record the num­ber of visi­tors to the various are­as of our web­site, mea­su­re sys­tem per­for­mance and iden­ti­fy pro­blem areas.

We use this infor­ma­ti­on to make our web­site more com­pre­hen­si­ve and to incre­a­se your bene­fit. This infor­ma­ti­on is not lin­ked to per­so­nal data.

Inso­far as we use coo­kies that are abso­lute­ly necessa­ry for the pro­vi­si­on of our web­site, the legal basis for the pro­ces­sing of per­so­nal data using the­se coo­kies is Art. 6 para. 1 lit.

f) GDPR.

Pro­ces­sing of per­so­nal data by func­tio­n­al and/or per­for­mance coo­kies only takes place if you have given us your con­sent. The legal basis for this is Art. 6 para. 1 lit. a) GDPR.
You may with­draw your con­sent at any time without giving rea­sons under the fol­lowing link by adjus­ting the per­mit­ted functionalities.
Coo­kies are stored on your end device and you have full con­trol over their use. You can deac­ti­va­te or restrict the trans­mis­si­on of coo­kies by chan­ging the set­tings of your inter­net brow­ser. Coo­kies which have alrea­dy been saved can be dele­ted at any time. This can also be done auto­ma­ti­cal­ly. If coo­kies are deac­ti­va­ted for our web­sites, you may no lon­ger be able to use all func­tions of the web­sites to their full extent.

4.2 Web Ana­ly­sis with Matomo

We use “Matomo” (form­er­ly “Piwik”) on our web­site – an open-source tool for web ana­ly­sis. With Matomo, no data is trans­mit­ted to ser­vers that are bey­ond our con­trol. Matomo is gene­ral­ly deac­ti­va­ted when you visit our web­site. Your usa­ge beha­vi­or will only be recor­ded anony­mous­ly if you actively consent.

Among other things, Matomo uses the coo­kies lis­ted abo­ve and simi­lar tech­no­lo­gies such as device fin­ger­prin­ting. On com­pu­ters with inter­net access (devices), device fin­ger­prin­ting is used to read stored infor­ma­ti­on (e.g. instal­led fonts, reso­lu­ti­on, plugins, MAC or IP addres­ses). We collec­tively refer to coo­kies and simi­lar tech­no­lo­gies such as device fin­ger­prin­ting to their uni­form func­tio­n­a­li­ty as “coo­kies”.

The coo­kies used by Matomo enab­le us to ana­ly­ze the use of our web­site. For this pur­po­se, the infor­ma­ti­on obtai­ned by the coo­kie about usa­ge is trans­mit­ted and stored so that usa­ge beha­vi­or can be evaluated.

Your IP address is immedia­te­ly 2‑byte anony­mi­zed so that you as a user remain anony­mous. The infor­ma­ti­on gene­ra­ted by the coo­kie when visi­t­ing our web­site is not trans­fer­red to any third party.

We under­stand this ana­ly­sis to be part of our inter­net ser­vice. We would like to use it to fur­ther impro­ve the web­site and adapt it even more to your needs.

You may also with­draw your con­sent at any time without giving rea­sons under the fol­lowing Coo­kie Set­tings by adjus­ting the per­mit­ted functionalities.

For more infor­ma­ti­on on terms of use and data pro­tec­tion at Matomo, see their Pri­va­cy Poli­cy: https://matomo.org/privacy-policy/

5. Dis­clo­sure of Per­so­nal Data to Third Parties

We trans­mit your per­so­nal data to the fol­lowing recipients:

Tele­house Deutsch­land GmbH, Kley­er­stra­ße 75–87,
D‑60326 Frank­furt a.M.,

The legal basis for the trans­fer is Art. 28 GDPR, sin­ce Tele­house Deutsch­land GmbH works for us as a pro­ces­sor in the field of hosting.
If we use ser­vice pro­vi­ders to pro­cess your per­so­nal data, who in turn pro­cess your per­so­nal data on our behalf (pro­ces­sors), we have con­trac­tual­ly bound them by con­clu­ding order pro­ces­sing con­tracts to pro­cess your per­so­nal data only in accordance with our inst­ruc­tions and to the extent per­mit­ted by law.

6. Use of Social Media Plug-ins
Our web­sites cur­r­ent­ly con­tain links to the fol­lowing social media websites:

  • Face­book,
  • Xing,
  • Lin­kedIn,
  • Insta­gram

When you visit our web­site, no per­so­nal data is pas­sed on to the ope­ra­tors of the social media web­sites. You can reco­gni­ze the Coo­kie Set­tings to the social media web­site by the mar­king on the box abo­ve its first let­ter or by the logo. We give you the opti­on of using this link to go direct­ly to the cor­re­spon­ding social media web­site. We recom­mend that you log out regu­lar­ly after using a social net­work, but espe­cial­ly befo­re acti­vat­ing the link, as this way you can avoid being assi­gned to your pro­fi­le on the social media website.

If you visit one of the lin­ked social media web­sites, we have no influ­ence on the data collec­ted and data pro­ces­sing ope­ra­ti­ons, nor are we awa­re of the full scope of data collec­tion, the pur­po­ses of pro­ces­sing or the sto­rage peri­ods. We also have no infor­ma­ti­on on the dele­ti­on of the data collec­ted by the social media provider.

Fur­ther infor­ma­ti­on on the pur­po­se and scope of data collec­tion and its pro­ces­sing by the social media ser­vice can be found in the fol­lowing pri­va­cy poli­ci­es of the­se pro­vi­ders. The­re you will also find fur­ther infor­ma­ti­on about your rights and opti­ons for pro­tec­ting your privacy.

You can find the addres­ses of the respec­ti­ve plug-in pro­vi­ders and URL with their data pro­tec­tion infor­ma­ti­on at:

a) Face­book Inc., 1601 S Cali­for­nia Ave, Palo Alto, Cali­for­nia 94304, USA: www.facebook.com/policy.php;
Fur­ther infor­ma­ti­on on data collec­tion: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info
Face­book has sub­mit­ted to the EU-US pri­va­cy shield: www.privacyshield.gov/EU-US-Framework

b) Xing AG, Gän­se­markt 43, 20354 Ham­burg, DEU: www.xing.com/privacy

c) Insta­gram LLC repre­sen­ted by Kevin Sys­trom und Mike Krie­ger 1601 Wil­low Rd., Men­lo Park CA 94025, USA:
help.instagram.com

d) Lin­kedIn Ire­land Unli­mi­ted Com­pa­ny, Wil­ton Place, Dub­lin 2, IRL:

www.linkedin.com/legal/privacy-policy

7. Sta­tu­to­ry Dead­lines for the Dele­ti­on of Data

Once con­sent has been given, it may be with­drawn at any time with effect for the future. Per­so­nal data that you have pro­vi­ded to us through our web­site is only stored until the pur­po­se for which it was pro­vi­ded has been met. If you are no lon­ger hap­py for your per­so­nal data to be stored or if the per­so­nal data is no lon­ger cor­rect, then with appro­pria­te noti­ce we will have your data dele­ted or blo­cked or make the necessa­ry cor­rec­tions (to the extent that this is pos­si­ble, accord­ing to the app­li­ca­ble law). On request and at no cost, you may recei­ve infor­ma­ti­on about the per­so­nal data that we have stored about you. We have lis­ted fur­ther infor­ma­ti­on on your rights under Clau­se 11.

8. Data Security

hep glo­bal GmbH takes sta­te-of-the-art tech­ni­cal and orga­niz­a­tio­nal secu­ri­ty mea­su­res to pro­tect your data as com­pre­hen­si­ve­ly as pos­si­ble from loss, dest­ruc­tion, fal­si­fi­ca­ti­on or unwan­ted access. When ent­e­ring per­so­nal data in web forms, hep glo­bal GmbH pro­tects this per­so­nal data with gre­at care.

Your per­so­nal data will be pro­tec­ted by hep glo­bal GmbH and the pro­ces­sors we have care­ful­ly selec­ted in accordance with Art. 28 GDPR, app­ly­ing the rele­vant legal regu­la­ti­ons through tech­ni­cal and orga­niz­a­tio­nal measures.

Plea­se note that data trans­mit­ted via the inter­net (e.g., via email com­mu­ni­ca­ti­on), howe­ver, may be sub­ject to secu­ri­ty breaches. Com­ple­te­ly pro­tec­ting data against third-par­ty access is impossible.

9. Links to Other Websites

Our on-line offer con­tains links to other web­sites. We do not have any influ­ence on whe­ther their ope­ra­tors obser­ve the data pro­tec­tion pro­vi­si­ons. Des­pi­te care­ful checks of the con­tent, we can­not accept any lia­bi­li­ty for exter­nal links to third-par­ty con­tent. For infor­ma­ti­on on data pro­ces­sing ope­ra­ti­ons on the­se pages, we would like to refer you to the respec­ti­ve pages’ data pro­tec­tion information.

10. Vol­un­ta­ry Pro­vi­si­on of Data

The pro­vi­si­on of your per­so­nal data on our web­site takes place exclu­si­ve­ly on a vol­un­ta­ry basis. You are neit­her legal­ly nor con­trac­tual­ly obli­ga­ted to do so.
If you send us que­ries via the con­ta­ct form, we will collect the data ent­e­red on the form, inclu­ding the con­ta­ct details you pro­vi­de, to ans­wer your que­ry and for any fol­low-up ques­ti­ons. We do not share this data without your permission.

11. Your Data Pro­tec­tion Rights

Under cer­tain con­di­ti­ons, if you are affec­ted by the pro­ces­sing of per­so­nal data, you have the fol­lowing data pro­tec­tion rights:

  • You have the right to recei­ve from us infor­ma­ti­on about your data stored by us accord­ing to the pro­vi­si­ons of Art. 15 GDPR (pos­si­b­ly with restric­tions accord­ing to Sec­tion 34 BDSG [Federal Data Pro­tec­tion Act]).
  • At your request, we will cor­rect the data stored about you in accordance with Art. 16 GDPR if it is inac­cu­ra­te or incorrect.
  • If you wish, we will dele­te your data in accordance with the princi­ples of Art. 17 GDPR, pro­vi­ded that other legal regu­la­ti­ons (e.g., sta­tu­to­ry reten­ti­on requi­re­ments or the restric­tions accord­ing to Sec­tion 35 BDSG) or an over­ri­ding inte­rest on our part (e.g., to defend our rights and claims) do not oppo­se this.
  • Taking into account the requi­re­ments of Art. 18 GDPR, you can ask us to restrict the pro­ces­sing of your data.
  • You can also object to the pro­ces­sing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop pro­ces­sing your data. Howe­ver, this right of objec­tion only app­lies in the event of very spe­cial cir­cum­s­tan­ces regar­ding your per­so­nal situa­ti­on, wher­eby our company’s rights may con­flict with your right of objection.
  • You also have the right, sub­ject to the requi­re­ments of Art. 20 GDPR, to recei­ve your data in a struc­tu­red, com­mon and machi­ne-read­a­ble for­mat or to trans­mit it to a third party.
  • In addi­ti­on, you have the right to with­draw your con­sent to the pro­ces­sing of per­so­nal data at any time with future effect.
  • You also have the right to lodge a com­p­laint with a data pro­tec­tion super­vi­so­ry aut­ho­ri­ty (Art. 77 GDPR). Howe­ver, we recom­mend that you always address a com­p­laint to us first.
  • If pos­si­ble, your requests to exer­cise your rights should be addres­sed in wri­ting to the data con­trol­ler named in Clau­se 1.

Infor­ma­ti­on on the right to object to the pro­ces­sing of your data at any Time

You have the right at any time, for per­so­nal rea­sons, to object to the pro­ces­sing of your data that is necessa­ry to safe­guard our legi­ti­ma­te inte­rests. Plea­se send your objec­tion and its jus­ti­fi­ca­ti­on to:

hep glo­bal GmbH Römer­str. 3
74363 Güglingen
Pho­ne: 07135 93446 – 616
Email: info@hep.global or datenschutz@hep.global

Based on the jus­ti­fi­ca­ti­on you pro­vi­de, we will review immedia­te­ly, at the latest wit­hin one mon­th after rece­i­pt of your objec­tion, whe­ther we are obli­ga­ted to dele­te your data or whe­ther fur­ther pro­ces­sing of your data is requi­red to safe­guard over­ri­ding legi­ti­ma­te inte­rests or to assert, exer­cise or defend legal claims. We will inform you of the result of our review in wri­ting or in text form.