Data protec­tion infor­ma­tion in accordance with Arti­cles 13, 14 and 21 of the EU General Data Protec­tion Regu­la­tion (GDPR)

The infor­ma­tion listed below gives you an over­view of how your personal data is processed by the compa­nies of the hep Group and of your rights under data protec­tion law.

Our data protec­tion infor­ma­tion is divided as follows:

Part I: Data Protec­tion Infor­ma­tion for Natural Persons

The data protec­tion notices listed in this Part I apply in all cases in which you are in contact with us exclu­si­vely as a natural person (e.g., as an investor to invest only your own assets) and not as a repre­sen­ta­tive or employee of a legal entity.

The specific deter­mi­na­tion of which of your personal data is processed in each indi­vi­dual case and how it is used for what purpose depends on the manner in which contact was estab­lished between you and us and the connec­tion (e.g., a contract) between you and our companies.

If you as an investor join or have joined an invest­ment fund managed by the hep Group (this can also be done in the form of a trust agree­ment between you and HEP Treu­hand GmbH), the data protec­tion infor­ma­tion that is atta­ched to your membership decla­ra­tion, with regard to the speci­fi­cally named compa­nies of the hep Group and the service provi­ders, takes prece­dence over the infor­ma­tion listed below; in this event, the following explana­tions are only to be used as a supplement.

1. Data Controller and Contact Data

a) If you as an investor join an invest­ment fund managed by the hep Group (this can also take place in the form of a trust agree­ment between you and HEP Treu­hand GmbH), the data controller is the company that is named in the “Infor­ma­tion on the proces­sing of your personal data in accordance with Art. 13, 14 and 21 GDPR”, which is included as an annex to the membership decla­ra­tion of the respec­tive invest­ment fund.

b) In all other cases, the data controller respon­sible for proces­sing your data is:

hep global GmbH Römerstr. 3
74363 Güglingen
Phone: 07135 93446 – 616
Email: info@hep.global

c) You can contact our data protec­tion officer as follows:

hep global GmbH
Daten­schutz­be­auf­tragter der hep global GmbH Römerstr. 3

74363 Güglingen
Email: datenschutz@hep.global

2. Processed Personal Data and its Origin

a) If you join an invest­ment fund managed by the hep Group as an investor, we process the personal data from the membership decla­ra­tion (your name, date of birth, place of birth, natio­na­lity, contact data, data from iden­ti­fi­ca­tion docu­ments, tax and bank data, subscrip­tion amount) and the decla­ra­tions and insurances made with this membership decla­ra­tion. This includes, in parti­cular, infor­ma­tion on the deve­lo­p­ment of capital accounts, infor­ma­tion on payments, holding share­hol­ders’ meetings and commu­ni­ca­tion with the tax authorities.

Insofar as we do not collect this data directly from you, we process personal data that we have legi­ti­mately received either from compa­nies of the hep group, such as HEP Vertrieb GmbH, or from agents or sales part­ners, or from publicly acces­sible sources such as land regis­ters and commer­cial regis­ters, press and other media as well as debtor regis­ters and that we are permitted to process.

b) In all other cases (e.g., if you work as an agent for a company of the hep group) we process the personal data that we receive from you as part of our busi­ness rela­ti­onship.
In addi­tion, we process personal data that we have legi­ti­mately received from third parties (e.g., to fulfil contracts or based on your consent). On the other hand, we process personal data that we are allowed to collect and process from publicly acces­sible sources (e.g., land regis­ters, commer­cial regis­ters, asso­cia­tion regis­ters, the press, media).

The type and scope of this data depends on the respec­tive busi­ness rela­ti­onship between you and us; typi­cally, this can be: your name, your address and other contact details, such as tele­phone number and email address, tax and bank data as well as legi­ti­ma­tion and authen­ti­ca­tion data (ID data and signa­ture samples).

3. Purposes of Proces­sing and Legal Basis

a) To fulfill pre-contrac­tual obli­ga­tions (Art. 6 para. 1 lit b) GDPR)

If you join an invest­ment fund managed by the hep Group as an investor, your personal data will be processed in parti­cular to prepare, manage and support your invest­ment in this invest­ment fund and for the purpose of billing the sales partner and informing them in accordance with the contrac­tual provi­sions regar­ding your parti­ci­pa­tion. In other cases, too, your personal data is processed to carry out the respec­tive contract concluded with you or to carry out pre-contrac­tual measures.

b) According to legal requi­re­ments (Art. 6 para. 1 c GDPR) or when it is in the public inte­rest (Art. 6 para. 1 lit. c of the GDPR)

In addi­tion, we process your personal data to fulfil our statu­tory or super­vi­sory obli­ga­tions, such as those resul­ting for us from the Money Laun­de­ring Act (GwG), the Capital Invest­ment Code (KAGB) or the tax laws. The purposes of proces­sing include, inter alia, iden­tity checks, resi­dency checks, preven­ting fraud and money laun­de­ring, fulfil­ling tax control and repor­ting obli­ga­tions as well as asses­sing and mana­ging risks in our company.

c) Within the Frame­work of the Balan­cing of Inte­rests (Art. 6 para. 1 lit. f) GDPR)

In addi­tion, your personal data is processed in indi­vi­dual cases to safe­guard our legi­ti­mate inte­rests or the legi­ti­mate inte­rests of a third party.

This applies in particular:

  • to obtain infor­ma­tion about your economic perfor­mance (such as credit and default risks),
  • to combat money laun­de­ring, terro­rist finan­cing and criminal offenses that endanger assets,
  • to assert, exer­cise or defend legal claims,
  • to fulfil regu­la­tory requi­re­ments, for example the Federal Finan­cial Super­vi­sory Autho­rity (BaFin), the Deut­sche Bundes­bank or the Euro­pean Central Bank (ECB),
  • to ensure IT secu­rity and our IT operations,
  • to control our busi­ness opera­tions and further develop services and products,
  • to develop and imple­ment adver­ti­sing measures for market and opinion rese­arch, provided you have not objected to the proces­sing for these purposes.

d) On the basis of your consent (Art. 6 para. 1 lit. a) GDPR).

Insofar as you have consented to the proces­sing of personal data for specific purposes in indi­vi­dual cases, this consent forms the legal basis for the proces­sing based on it. You can with­draw your consent at any time. This also applies to with­drawing consent – such as any Schufa consent – were given to us before May 25, 2018. Please note that a with­drawal only takes effect in the future and does not affect the lega­lity of any proces­sing carried out before the withdrawal.

4. Cate­go­ries of Reci­pi­ents of your Personal Data

Access to your personal data is only given to those persons and offices within the respec­tive proces­sing company of the hep group who need it to fulfil their contrac­tual and legal obli­ga­tions or to safe­guard legi­ti­mate inte­rests. Service provi­ders used by us who process your data on our behalf (Art. 28 GDPR) or compa­nies that operate as (self-employed) “control­lers” within the meaning of Art. 4 No. 7 GDPR, can receive your data if the necessary requi­re­ments of the GDPR are fulfilled. These are compa­nies in parti­cular in the cate­go­ries of IT services, logistics, telecom­mu­ni­ca­tions, sales and marke­ting, legal and tax advice and debt collection.

It can also be passed on to public bodies such as the Federal Finan­cial Super­vi­sory Autho­rity, the Deut­sche Bundes­bank or the Euro­pean Central Bank, as well as to tax offices, insofar as we are obli­gated to do so by law or by super­vi­sory law.

If you are an investor in an invest­ment fund managed by the hep Group, the data proces­sing for the afore­men­tioned purposes also includes the trans­mis­sion of the data, in parti­cular to HEP Vertrieb GmbH and the invest­ment fund’s respec­tive depo­si­tary, to the Federal Central Tax Office and – if you have inst­ructed us accord­ingly – to a tax advisor appointed by you.

In addi­tion, other inves­tors may also receive part of your personal data, provided that they claim infor­ma­tion about their co-share­hol­ders or co-distributors.

5. Transfer to a Third Country or Inter­na­tional Organization

As a rule, we will not pass on your personal data to reci­pi­ents in third coun­tries (coun­tries outside the Euro­pean Union or the Euro­pean Economic Area) or to inter­na­tional orga­niz­a­tions. Some­thing else only applies to the extent that:

  • it is necessary to carry out your parti­ci­pa­tion as an investor in our invest­ment funds,
  • it is required by law (e.g., due to tax repor­ting obli­ga­tions) or
  • you have consented to the disclosure.

We will inform you sepa­r­ately about the details of such a transfer, as far as legally required.

6. Dura­tion of storage of your data

If necessary, your personal data will be stored for the period of our busi­ness rela­ti­onship (typi­cally a contrac­tual rela­ti­onship). The dura­tion of the storage also includes the initia­tion and proces­sing of such a busi­ness rela­ti­onship.
In addi­tion, we are subject to various reten­tion and docu­men­ta­tion obli­ga­tions, which result from the Commer­cial Code (HGB), the Tax Code (AO) and the Money Laun­de­ring Act (GwG). The periods for storage and docu­men­ta­tion speci­fied there are between two and ten years after the end of the busi­ness relationship.

Finally, the reten­tion period is also assessed according to the statu­tory limi­ta­tion periods, which, for example, according to Art. 195 et seq. of the German Civil Code (BGB) may, as a rule, be three years, but in certain cases also up to thirty years.

After the afore­men­tioned dead­lines have expired, your personal data will be regu­larly deleted, unless the – in turn limited – further proces­sing of this data is necessary in order to safe­guard our inte­rests or the legi­ti­mate inte­rests of a third party, as exem­pli­fied in Clause 3©. Such a legi­ti­mate inte­rest can also exist, for example, if dele­tion is only possible with dispro­por­tio­nate effort due to the special type of storage and at the same time proces­sing for purposes other than those mentioned is excluded by suitable tech­nical and orga­niz­a­tional measures.

7. Your Data Protec­tion Rights

Under certain condi­tions, if you are affected by the proces­sing of personal data, you have the following data protec­tion rights:

  • You have the right to receive from us infor­ma­tion about your data stored by us according to the provi­sions of Art. 15 GDPR (possibly with restric­tions according to Section 34 BDSG [Federal Data Protec­tion Act]).
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inac­cu­rate or incorrect.
  • If you wish, we will delete your data in accordance with the princi­ples of Art. 17 GDPR, provided that other legal regu­la­tions (e.g., statu­tory reten­tion requi­re­ments or the restric­tions according to Section 35 BDSG) or an over­ri­ding inte­rest on our part (e.g. to defend our rights and claims) do not oppose this.
  • Taking into account the requi­re­ments of Art. 18 GDPR, you can ask us to restrict the proces­sing of your data.
  • You can also object to the proces­sing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop proces­sing your data. However, this right of objec­tion only applies in the event of very special circum­s­tances regar­ding your personal situa­tion, whereby our company’s rights may conflict with your right of objection.
  • You also have the right, subject to the requi­re­ments of Art. 20 GDPR, to receive your data in a struc­tured, common and machine-read­able format or to transmit it to a third party.
  • In addi­tion, you have the right to with­draw your consent to the proces­sing of personal data at any time with future effect.
  • You also have the right to lodge a comp­laint with a data protec­tion super­vi­sory autho­rity (Art. 77 GDPR). However, we recom­mend that you always address a comp­laint to us first.
  • If possible, your requests to exer­cise your rights should be addressed in writing to the data controller named in Clause 1.

8. Neces­sity to Provide your Personal Data

a) If you as an investor join an invest­ment fund managed by the hep Group, we will require your personal data so that we can examine your offer of parti­ci­pa­tion in the respec­tive invest­ment fund in accordance with the legal regu­la­tions to be observed.
According to money laun­de­ring regu­la­tions, we are obli­gated to iden­tify you, for example using your iden­tity card, and to collect and record your name, place of birth, date of birth, natio­na­lity and home address. In accordance with Section 8 para. 2 in conjunc­tion with Section 12 para. 1 GwG, we are also obli­gated to record the type, number and issuing autho­rity of the docu­ment submitted to verify iden­tity. For us to be able to meet these legal obli­ga­tions, according to Section 11 para. 6 GwG you must provide the necessary infor­ma­tion and docu­ments and also notify us immedia­tely of any changes that arise after accep­ting your offer to manage your parti­ci­pa­tion.
If you do not provide your infor­ma­tion, we cannot review and accept your offer for parti­ci­pa­tion and, in the event of accep­t­ance, we cannot manage your parti­ci­pa­tion in accordance with the contrac­tual provi­sions agreed between us. Further­more, we would not be able to fulfil our legal obli­ga­tions to combat money laun­de­ring without your details to verify your iden­tity or to change this infor­ma­tion. We would there­fore be legally obli­gated to refrain from a busi­ness rela­ti­onship with you or to termi­nate an exis­ting busi­ness rela­ti­onship, see Section 10 para. 9 GwG.

b) In other cases, too, in estab­li­shing a busi­ness rela­ti­onship – espe­cially if this is directly related to the commer­cial acti­vi­ties of HEP Kapi­tal­ver­wal­tung AG – you can be obli­gated to provide the personal data required to verify your iden­tity in accordance with the afore­men­tioned provi­sions of the Money Laun­de­ring Act; other­wise, we would also be obli­gated to refrain from a busi­ness rela­ti­onship or to termi­nate it. In all other cases, you must only provide the personal data that is necessary to prepare, imple­ment and termi­nate a busi­ness rela­ti­onship. Without these items of data, we will usually have to refuse the conclu­sion of the respec­tive contract or we will no longer be able to execute an exis­ting contract and may have to termi­nate it.

9. Auto­mated Indi­vi­dual Decisions Inclu­ding Profile Creation

We may process your data with the aim of evalua­ting certain personal aspects (“profiling”). Profiling can be used, in parti­cular, due to regu­la­tory requi­re­ments. We are obli­gated to combat money laun­de­ring, the finan­cing of terro­rism and criminal offences that endanger assets. We may also use profiling for these measures, which also serve to protect you.

We also use profiling to provide you with targeted infor­ma­tion and advice about our products. No special cate­go­ries of personal data according to Art. 9 GDPR are processed.

Further­more, we do not use purely auto­mated decision-making in accordance with Art. 22 GDPR. Should we use these proce­dures in indi­vi­dual cases, however, we will inform you sepa­r­ately, insofar as this is required by law.

Infor­ma­tion on the Right to Object to the Proces­sing of Your Data at any Time

You have the right at any time to object to our proces­sing of your personal data for the purpose of direct mail (sending adver­ti­sing mate­rial in whatever form). If you object, your personal data will no longer be processed for adver­ti­sing purposes. Please address your objec­tion to:

hep global GmbH Römerstr. 3
74363 Güglingen
Phone: 07135 93446 – 616
E‑Mail: info@hep.global or datenschutz@hep.global

Moreover, you have the right at any time, for personal reasons, to object to the proces­sing of your data that is necessary to safe­guard our legi­ti­mate inte­rests. Please send your objec­tion and its justi­fi­ca­tion to:

hep global GmbH Römerstr. 3
74363 Güglingen
Phone: 07135 93446 – 616
E‑Mail: info@hep.global or datenschutz@hep.global

Based on the justi­fi­ca­tion you provide, we will review immedia­tely, at the latest within one month after receipt of your objec­tion, whether we are obli­gated to delete your data or whether further proces­sing of your data is required to safe­guard over­ri­ding legi­ti­mate inte­rests or to assert, exer­cise or defend legal claims. We will inform you of the result of our review in writing or in text form.

Part II: Data Protec­tion Infor­ma­tion for Legal Enti­ties and Their Employees

The data protec­tion notices listed in this Part II apply in all cases in which you are in contact with us as the owner, repre­sen­ta­tive or appro­pria­tely autho­rized employee of a legal entity (herein­after “your company”) and do act not for yourself, but for or on behalf of your company.

The specific deter­mi­na­tion of which of your personal data is processed in each indi­vi­dual case and how it is used for what purpose depends on the manner in which contact was estab­lished and the connec­tion (e.g. a contract) between you and our companies.

If your company joins or has joined an invest­ment fund managed by the hep Group (this can also be done in the form of a trust agree­ment between your company and HEP Treu­hand GmbH), the data protec­tion infor­ma­tion that is atta­ched to your membership decla­ra­tion, with regard to the speci­fi­cally named compa­nies of the hep Group and the service provi­ders, takes prece­dence over the infor­ma­tion listed below; in this event, the following explana­tions are only to be used as a supplement.

1. Data Controller and Contact Data

a) If your company joins an invest­ment fund managed by the hep Group (this can also take place in the form of a trust agree­ment between your company and HEP Treu­hand GmbH), the data controller is the company that is named in the “Infor­ma­tion on the proces­sing of your personal data in accordance with Art. 13, 14 and 21 GDPR”, which is included as an annex to the membership decla­ra­tion of the respec­tive invest­ment fund.

b) In all other cases, the data controller respon­sible for proces­sing your data is:

hep global GmbH Römerstr. 3
74363 Güglingen
Phone: 07135 93446 – 616
E Mail: info@hep.global

c) You can contact our data protec­tion officer as follows:

hep global GmbH
Daten­schutz­be­auf­tragter der hep global GmbH Römerstr. 3

74363 Güglingen
Email: datenschutz@hep.global

2. Processed Personal Data and its Origin

a) If your company joins an invest­ment fund managed by the hep Group as an investor, we process your personal data from the membership decla­ra­tion (name, date of birth, place of birth, natio­na­lity, contact details, data from iden­ti­fi­ca­tion documents).

Insofar as we do not collect this data directly from you, we process personal data that we have legi­ti­mately received either from compa­nies of the hep group, such as HEP Vertrieb GmbH, or from agents or sales part­ners, or from publicly acces­sible sources such as land regis­ters and commer­cial regis­ters, press and other media as well as debtor regis­ters and that we are permitted to process.

b) In all other cases (e.g., if your company works as an agent for a company of the hep group) we process the personal data that we receive from you in your func­tion as a repre­sen­ta­tive or employee of your company.

Moreover, we process personal data that we are allowed to collect and process from publicly acces­sible sources (e.g., land regis­ters, commer­cial regis­ters, asso­cia­tion regis­ters, the press, media).

The type and scope of this data depends on the respec­tive busi­ness rela­ti­onship between your company and us; typi­cally, this can be: your name, your address and other contact details, such as Tele­phone number and email address for your company as well as legi­ti­ma­tion and authen­ti­ca­tion data (ID data and signa­ture samples).

3. Purposes of Proces­sing and Legal Basis

a) To fulfill pre-contrac­tual obli­ga­tions (Art. 6 para. 1 lit b) GDPR)

Your personal data will be processed, in parti­cular, to prepare, manage and support busi­ness rela­ti­onship between your company and us and is prima­rily used to commu­ni­cate with your company.

b) According to legal requi­re­ments (Art. 6 para. 1 c GDPR) or when it is in the public inte­rest (Art. 6 para. 1 lit. c of the GDPR)

In addi­tion, we process your personal data to fulfil our statu­tory or super­vi­sory obli­ga­tions, such as those resul­ting for us from the Money Laun­de­ring Act (GwG), the Capital Invest­ment Code (KAGB) or the tax laws. The purposes of proces­sing include, inter alia, iden­tity checks, resi­dency checks, preven­ting fraud and money laun­de­ring, fulfil­ling tax control and repor­ting obli­ga­tions as well as asses­sing and mana­ging risks in our company.

c) Within the frame­work of the balan­cing of inte­rests (Art. 6 para. 1 lit. f) GDPR)

In addi­tion, your personal data is processed in indi­vi­dual cases to safe­guard our legi­ti­mate inte­rests or the legi­ti­mate inte­rests of a third party.
This applies, in particular,

  • to assert, exer­cise or defend legal claims,
  • to fulfil regu­la­tory requi­re­ments, for example the Federal Finan­cial Super­vi­sory Autho­rity (BaFin), the Deut­sche Bundes­bank or the Euro­pean Central Bank (ECB),
  • to ensure IT secu­rity and our IT operations.

d) On the Basis of Your Consent (Art. 6 para. 1 lit. a) GDPR).

Insofar as you have consented to the proces­sing of personal data for specific purposes in indi­vi­dual cases, this consent forms the legal basis for the proces­sing based on it. You can with­draw your consent at any time. This also applies to the with­drawal of consent given to us before 25 May 2018. Please note that a with­drawal only takes effect in the future and does not affect the lega­lity of any proces­sing carried out before the withdrawal.

4. Cate­go­ries of Reci­pi­ents of Your Personal Data

Access to your personal data is only given to those persons and offices within the respec­tive proces­sing company of the hep group who need it to fulfil their contrac­tual and legal obli­ga­tions or to safe­guard legi­ti­mate inte­rests. Service provi­ders used by us who process your data on our behalf (Art. 28 GDPR) or compa­nies that operate as (self-employed) “control­lers” within the meaning of Art. 4 No. 7 GDPR, can receive your data if the necessary requi­re­ment of the GDPR is fulfilled. These are compa­nies, in parti­cular, in the cate­go­ries of IT services, logistics, telecom­mu­ni­ca­tions, sales and marke­ting, legal and tax advice.

It can also be passed on to public bodies such as the Federal Finan­cial Super­vi­sory Autho­rity, the Deut­sche Bundes­bank or the Euro­pean Central Bank, as well as to tax offices, insofar as we are obli­gated to do so by law or by super­vi­sory law.

If your company is an investor in an invest­ment fund managed by the hep Group, the data proces­sing for the afore­men­tioned purposes also includes the trans­mis­sion of the data to HEP Vertrieb GmbH and the invest­ment fund’s respec­tive depositary.

5. Transfer to a Third Country or Inter­na­tional Orga­niz­a­tion

In principle, we will not pass on your personal data to reci­pi­ents in third coun­tries (coun­tries outside the Euro­pean Union or the Euro­pean Economic Area) or to inter­na­tional orga­niz­a­tions. Some­thing else only applies to the extent that:

  • it is necessary for your company’s parti­ci­pa­tion in our invest­ment funds,
  • it is required by law (e.g., due to tax repor­ting obli­ga­tions) or
  • you have consented to the disclosure.

We will inform you sepa­r­ately about the details of such a transfer, as far as legally required.

6. Dura­tion of Storage of Your Data

If necessary, your personal data will be stored for the period of our busi­ness rela­ti­onship (typi­cally a contrac­tual rela­ti­onship). The afore­men­tioned dura­tion of the storage also includes the initia­tion and proces­sing of such a busi­ness relationship.

In addi­tion, we are subject to various reten­tion and docu­men­ta­tion obli­ga­tions, which result from the Commer­cial Code (HGB), the Tax Code (AO) and the Money Laun­de­ring Act (GwG). The periods for storage and docu­men­ta­tion speci­fied there are between two and ten years after the end of the busi­ness relationship.

After the afore­men­tioned dead­lines have expired, your personal data will be regu­larly deleted, unless the – in turn limited – further proces­sing of this data is necessary in order to safe­guard our inte­rests or the legi­ti­mate inte­rests of a third party, as exem­pli­fied in Clause 3©. Such a legi­ti­mate inte­rest can also exist, for example, if dele­tion is only possible with dispro­por­tio­nate effort due to the special type of storage and at the same time proces­sing for purposes other than those mentioned is excluded by suitable tech­nical and orga­niz­a­tional measures.

7. Your Data Protec­tion Rights

Under certain condi­tions, if you are affected by the proces­sing of personal data, you have the following data protec­tion rights:

  • You have the right to receive from us infor­ma­tion about your data stored by us according to the provi­sions of Art. 15 GDPR (possibly with restric­tions according to Section 34 BDSG [Federal Data Protec­tion Act]).
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inac­cu­rate or incorrect.
  • If you wish, we will delete your data in accordance with the princi­ples of Art. 17 GDPR, provided that other legal regu­la­tions (e.g., statu­tory reten­tion requi­re­ments or the restric­tions according to Section 35 BDSG) or an over­ri­ding inte­rest on our part (e.g., to defend our rights and claims) do not oppose this.
  • Taking into account the requi­re­ments of Art. 18 GDPR, you can ask us to restrict the proces­sing of your data.
  • You can also object to the proces­sing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop proces­sing your data. However, this right of objec­tion only applies in the event of very special circum­s­tances regar­ding your personal situa­tion, whereby our company’s rights may conflict with your right of objection.
  • You also have the right, subject to the requi­re­ments of Art. 20 GDPR, to receive your data in a struc­tured, common and machine-read­able format or to transmit it to a third party.
  • You also have the right to lodge a comp­laint with a data protec­tion super­vi­sory autho­rity (Art. 77 GDPR). However, we recom­mend that you always address a comp­laint to us first.
  • If possible, your requests to exer­cise your rights should be addressed in writing to the data controller named in Clause 1.

8. Neces­sity to Provide Your Personal Data

In the context of our busi­ness rela­ti­onship with your company, you must provide us with the personal data that is required to record the representation/authorization and the fulfilment of the related contrac­tual obli­ga­tions or that we are legally obli­gated to collect. Without this data, we usually have to reject you as an representative/authorized signa­tory or we have to revoke an exis­ting representation/authorization.

In parti­cular, according to money laun­de­ring regu­la­tions, we are obli­gated to iden­tify you, for example using your iden­tity card, before setting up the repre­sen­ta­tion representation/authorization and to collect and record your name, place of birth, date of birth, natio­na­lity and home address. In accordance with Section 8 para. 2
in conjunc­tion with Section 12 para. 1 GwG, we are also obli­gated to record the type, number and issuing autho­rity of the docu­ment submitted to verify iden­tity. For us to be able to meet these legal obli­ga­tions, according to Section 11 para. 6 GwG, the contrac­tual partner must provide the infor­ma­tion and docu­ments necessary for clari­fi­ca­tion and immedia­tely notify any changes that arise in the course of the busi­ness rela­ti­onship. If you do not provide us with the necessary infor­ma­tion and docu­ments, we may not set up or continue the busi­ness rela­ti­onship desired by the respec­tive company.

Your personal data can also be processed in accordance with money laun­de­ring regu­la­tions insofar as you are to be regarded as the “bene­fi­cial owner” (Section 3 Money Laun­de­ring Act) of your company. If you do not provide us with the infor­ma­tion and docu­ments required in this context, we may not commence the busi­ness rela­ti­onship with your company or we would have to termi­nate it.

9. Auto­mated Indi­vi­dual Decisions Inclu­ding Profile Crea­tion

When proces­sing your personal data as the owner, representative/authorized signa­tory or another employee of your company, neither “profiling” nor a purely auto­mated decision-making process in accordance with Art. 22 GDPR takes place.

Infor­ma­tion on the Right to Object to the Proces­sing of Your Data at any Time

You have the right at any time, for personal reasons, to object to the proces­sing of your data that is necessary to safe­guard our legi­ti­mate inte­rests. Please send your objec­tion and its justi­fi­ca­tion to:

hep global GmbH Römerstr. 3
74363 Güglingen
Phone: 07135 93446 – 616
EMail: info@hep.global or datenschutz@hep.global

Based on the justi­fi­ca­tion you provide, we will review immedia­tely, at the latest within one month after receipt of your objec­tion, whether we are obli­gated to delete your data or whether further proces­sing of your data is required to safe­guard over­ri­ding legi­ti­mate inte­rests or to assert, exer­cise or defend legal claims. We will inform you of the result of our review in writing or in text form.

Part lll: Data protec­tion infor­ma­tion for visi­ting our website
The data protec­tion infor­ma­tion listed in this Part III will inform you about the type and scope of the proces­sing of personal data when you visit our website.

Personal data within the meaning of the General Data Protec­tion Regu­la­tion (GDPR) means any infor­ma­tion rela­ting to a person and with the help of which this person can be iden­ti­fied, such as the name or email address of the data subject.

Proces­sing within the meaning of the GDPR means any action that is carried out in rela­tion to personal data, such as the collec­tion, storage, trans­mis­sion or dele­tion of personal data.

In the following, we explain which data is processed and with whom it is shared when you visit our website and when you use our online offering.
You will also find infor­ma­tion on your rights as a data subject.

1. Data Controller and Contact Data


a) The data controller respon­sible for proces­sing your data is:

hep global GmbH Römerstr. 3
74363 Güglingen
Phone: 07135 93446 – 616
Email: info@hep.global

b) You can contact our data protec­tion officer as follows:

hep global GmbH
Daten­schutz­be­auf­tragter der hep global GmbH Römerstr. 3
74363 Güglingen
Email: datenschutz@hep.global

2. Collec­tion of Personal Data When you Visit our Website

When you visit our website, we collect data that your browser trans­mits to our server (“log files”). These log files, which are tempora­rily stored in our server’s log files, are tech­ni­cally necessary both for you to access our website and for our legi­ti­mate inte­rest in showing you our website as well as to ensure its stabi­lity and secu­rity. The following infor­ma­tion is recorded without your inter­ven­tion and stored until it is auto­ma­ti­cally deleted:

  • the IP address of your internet-capable computer,
  • the date and time of request,
  • the name and URL of the file retrieved,
  • the website/application from which access is made,
  • the request status/HTTP status code,
  • the amount of data transmitted,
  • the browser you are using and, if appli­cable, the opera­ting system of your internet-capable computer,
  • the language and version of your browser software,

The legal basis for proces­sing is your consent under Art. 6 para. 1 lit. f) GDPR. Our legi­ti­mate inte­rest arises from the purposes of data collec­tion listed below.

  • ensu­ring a smooth connec­tion to the website,
  • ensu­ring conve­nient use of our website,
  • evalua­ting system secu­rity and stability.

The data is stored for a period of 60 days and then auto­ma­ti­cally deleted.
Collec­tion of data required to make the website avail­able and storage of the data in log files is essen­tial for the opera­tion of the website. Conse­quently, you have no option to object to its collection.

3. Collec­tion and Proces­sing of Personal Data When Using the Contact Form and When Conta­c­ting us by Email

To make our online offe­ring avail­able to you, we use web or contact forms on our website.

Our home­page has a form for you to contact us. The data entered here in the mask will be trans­mitted to us when the message is sent and will then be saved. The connec­tion is SSL-encrypted.

We ask for your name, your email address and your request in an input mask. Optio­nally, you can give us further infor­ma­tion about e.g., your address or phone, but this is not abso­lutely necessary for contact.

In addi­tion, the time of sending is also saved.

You can only complete the process if you give us your consent to process the contact infor­ma­tion you have provided.

Alter­na­tively, you can contact us via the email address provided. In this case, your personal data that you trans­mitted along with the email will be stored.

When you contact us, we will process the data you provide us exclu­si­vely for the purpose of proces­sing your contact. No data will be disc­losed to third parties in the context of this data processing.

The legal basis for proces­sing in the event that our contact form is used is Art. 6 para. 1 lit. a) GDPR.

If you send us an email, the legal basis for proces­sing is Art. 6 para. 1 lit. f) GDPR.

Insofar as contact is estab­lished for the purposes of poten­ti­ally conclu­ding a contract, an addi­tional legal basis is Art. 6 para. 1 lit. b) GDPR.

We delete the data arising in this context when it is no longer required to achieve the purpose. For the personal data from the contact form input screen and the data you sent by email, this is the case when the respec­tive conver­sa­tion with the user has been completed. The conver­sa­tion is termi­nated when the circum­s­tances indi­cate that the matter in ques­tion has been finally resolved.

You have the option to with­draw your consent to data proces­sing at any time. If you have conta­cted us by email, you can object to the storage of your personal data. You can send your with­drawal or objec­tion to the contact address given above.

Please note that in such a case the conver­sa­tion cannot be conti­nued and must be ended. We then delete the data trans­mitted and stored in the course of making contact.

4. Website Optimization

4.1 Cookies

To make your visit to our website more plea­sant, and to enable you to use certain func­tions, we use “cookies”. These are small text files that are stored on your hard drive and assi­gned to the browser you are using and through which we, as the entity setting the cookie, receive certain infor­ma­tion. A cookie usually contains the name of the domain from which the cookie data was sent, infor­ma­tion about the age of the cookie and an alpha­nu­meric identifier.

Cookies do not cause any damage to your computer and cannot run programs or deliver viruses to your computer. We use cookies to make our website more user-friendly and effec­tive for you as a whole.

We use cookies that are deleted when the browser is closed (tran­sient cookies) and cookies that are stored on your computer for a certain period, which can differ depen­ding on the cookie (persis­tent cookies).

The tran­sient cookies include, in parti­cular, session cookies that save what is known as a session ID with which various requests from your browser can be assi­gned to the common session. This allows your computer to be reco­gnized when you return to our website. Session cookies are deleted when you log out or close the browser. You can delete persis­tent cookies at any time in the secu­rity settings of your browser.

This use of cookies is intended to help you in hand­ling our website (func­tional cookies) and to enable us to statis­ti­cally analyze access to our website (perfor­mance cookies).
The data origi­na­ting from our website is recorded by a service provider commis­sioned by us, however, hep global GmbH exclu­si­vely deter­mines the use of the data.
The data we collect includes:

  • the internet protocol address from which you access the internet,
  • the day and time,
  • the files or search terms sear­ched for,
  • the browser you are using, the opera­ting system,
  • your internet-capable computer used.

To meet our data protec­tion stan­dard, your internet protocol address is always processed anony­mously via cookies in 1‑byte.

We use this infor­ma­tion to record the number of visi­tors to the various areas of our website, measure system perfor­mance and iden­tify problem areas.

We use this infor­ma­tion to make our website more compre­hen­sive and to increase your benefit. This infor­ma­tion is not linked to personal data.

Insofar as we use cookies that are abso­lutely necessary for the provi­sion of our website, the legal basis for the proces­sing of personal data using these cookies is Art. 6 para. 1 lit.

f) GDPR.

Proces­sing of personal data by func­tional and/or perfor­mance cookies only takes place if you have given us your consent. The legal basis for this is Art. 6 para. 1 lit. a) GDPR.
You may with­draw your consent at any time without giving reasons under the following link by adjus­ting the permitted functionalities.
Cookies are stored on your end device and you have full control over their use. You can deac­ti­vate or restrict the trans­mis­sion of cookies by chan­ging the settings of your internet browser. Cookies which have already been saved can be deleted at any time. This can also be done auto­ma­ti­cally. If cookies are deac­ti­vated for our websites, you may no longer be able to use all func­tions of the websites to their full extent.

4.2 Web Analysis with Matomo

We use “Matomo” (form­erly “Piwik”) on our website – an open-source tool for web analysis. With Matomo, no data is trans­mitted to servers that are beyond our control. Matomo is gene­rally deac­ti­vated when you visit our website. Your usage beha­vior will only be recorded anony­mously if you actively consent.

Among other things, Matomo uses the cookies listed above and similar tech­no­lo­gies such as device finger­prin­ting. On compu­ters with internet access (devices), device finger­prin­ting is used to read stored infor­ma­tion (e.g. installed fonts, reso­lu­tion, plugins, MAC or IP addresses). We collec­tively refer to cookies and similar tech­no­lo­gies such as device finger­prin­ting to their uniform func­tio­n­a­lity as “cookies”.

The cookies used by Matomo enable us to analyze the use of our website. For this purpose, the infor­ma­tion obtained by the cookie about usage is trans­mitted and stored so that usage beha­vior can be evaluated.

Your IP address is immedia­tely 2‑byte anony­mized so that you as a user remain anony­mous. The infor­ma­tion gene­rated by the cookie when visi­ting our website is not trans­ferred to any third party.

We under­stand this analysis to be part of our internet service. We would like to use it to further improve the website and adapt it even more to your needs.

You may also with­draw your consent at any time without giving reasons under the following Cookie Settings by adjus­ting the permitted functionalities.

For more infor­ma­tion on terms of use and data protec­tion at Matomo, see their Privacy Policy: https://matomo.org/privacy-policy/

5. Disclo­sure of Personal Data to Third Parties

We transmit your personal data to the following recipients:

Tele­house Deutsch­land GmbH, Kley­er­straße 75–87,
D‑60326 Frank­furt a.M.,

The legal basis for the transfer is Art. 28 GDPR, since Tele­house Deutsch­land GmbH works for us as a processor in the field of hosting.
If we use service provi­ders to process your personal data, who in turn process your personal data on our behalf (proces­sors), we have contrac­tually bound them by conclu­ding order proces­sing contracts to process your personal data only in accordance with our inst­ruc­tions and to the extent permitted by law.

6. Use of Social Media Plug-ins
Our websites curr­ently contain links to the following social media websites:

  • Face­book,
  • Xing,
  • LinkedIn,
  • Insta­gram

When you visit our website, no personal data is passed on to the opera­tors of the social media websites. You can reco­gnize the Cookie Settings to the social media website by the marking on the box above its first letter or by the logo. We give you the option of using this link to go directly to the corre­spon­ding social media website. We recom­mend that you log out regu­larly after using a social network, but espe­cially before acti­vating the link, as this way you can avoid being assi­gned to your profile on the social media website.

If you visit one of the linked social media websites, we have no influ­ence on the data collected and data proces­sing opera­tions, nor are we aware of the full scope of data collec­tion, the purposes of proces­sing or the storage periods. We also have no infor­ma­tion on the dele­tion of the data collected by the social media provider.

Further infor­ma­tion on the purpose and scope of data collec­tion and its proces­sing by the social media service can be found in the following privacy poli­cies of these provi­ders. There you will also find further infor­ma­tion about your rights and options for protec­ting your privacy.

You can find the addresses of the respec­tive plug-in provi­ders and URL with their data protec­tion infor­ma­tion at:

a) Face­book Inc., 1601 S Cali­fornia Ave, Palo Alto, Cali­fornia 94304, USA: www.facebook.com/policy.php;
Further infor­ma­tion on data collec­tion: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info
Face­book has submitted to the EU-US privacy shield: www.privacyshield.gov/EU-US-Framework

b) Xing AG, Gänse­markt 43, 20354 Hamburg, DEU: www.xing.com/privacy

c) Insta­gram LLC repre­sented by Kevin Systrom und Mike Krieger 1601 Willow Rd., Menlo Park CA 94025, USA:
help.instagram.com

d) LinkedIn Ireland Unli­mited Company, Wilton Place, Dublin 2, IRL:

www.linkedin.com/legal/privacy-policy

7. Statu­tory Dead­lines for the Dele­tion of Data

Once consent has been given, it may be with­drawn at any time with effect for the future. Personal data that you have provided to us through our website is only stored until the purpose for which it was provided has been met. If you are no longer happy for your personal data to be stored or if the personal data is no longer correct, then with appro­priate notice we will have your data deleted or blocked or make the necessary correc­tions (to the extent that this is possible, according to the appli­cable law). On request and at no cost, you may receive infor­ma­tion about the personal data that we have stored about you. We have listed further infor­ma­tion on your rights under Clause 11.

8. Data Security

hep global GmbH takes state-of-the-art tech­nical and orga­niz­a­tional secu­rity measures to protect your data as compre­hen­si­vely as possible from loss, dest­ruc­tion, falsi­fi­ca­tion or unwanted access. When ente­ring personal data in web forms, hep global GmbH protects this personal data with great care.

Your personal data will be protected by hep global GmbH and the proces­sors we have care­fully selected in accordance with Art. 28 GDPR, applying the rele­vant legal regu­la­tions through tech­nical and orga­niz­a­tional measures.

Please note that data trans­mitted via the internet (e.g., via email commu­ni­ca­tion), however, may be subject to secu­rity breaches. Comple­tely protec­ting data against third-party access is impossible.

9. Links to Other Websites

Our on-line offer contains links to other websites. We do not have any influ­ence on whether their opera­tors observe the data protec­tion provi­sions. Despite careful checks of the content, we cannot accept any liabi­lity for external links to third-party content. For infor­ma­tion on data proces­sing opera­tions on these pages, we would like to refer you to the respec­tive pages’ data protec­tion information.

10. Volun­tary Provi­sion of Data

The provi­sion of your personal data on our website takes place exclu­si­vely on a volun­tary basis. You are neither legally nor contrac­tually obli­gated to do so.
If you send us queries via the contact form, we will collect the data entered on the form, inclu­ding the contact details you provide, to answer your query and for any follow-up ques­tions. We do not share this data without your permission.

11. Your Data Protec­tion Rights

Under certain condi­tions, if you are affected by the proces­sing of personal data, you have the following data protec­tion rights:

  • You have the right to receive from us infor­ma­tion about your data stored by us according to the provi­sions of Art. 15 GDPR (possibly with restric­tions according to Section 34 BDSG [Federal Data Protec­tion Act]).
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inac­cu­rate or incorrect.
  • If you wish, we will delete your data in accordance with the princi­ples of Art. 17 GDPR, provided that other legal regu­la­tions (e.g., statu­tory reten­tion requi­re­ments or the restric­tions according to Section 35 BDSG) or an over­ri­ding inte­rest on our part (e.g., to defend our rights and claims) do not oppose this.
  • Taking into account the requi­re­ments of Art. 18 GDPR, you can ask us to restrict the proces­sing of your data.
  • You can also object to the proces­sing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop proces­sing your data. However, this right of objec­tion only applies in the event of very special circum­s­tances regar­ding your personal situa­tion, whereby our company’s rights may conflict with your right of objection.
  • You also have the right, subject to the requi­re­ments of Art. 20 GDPR, to receive your data in a struc­tured, common and machine-read­able format or to transmit it to a third party.
  • In addi­tion, you have the right to with­draw your consent to the proces­sing of personal data at any time with future effect.
  • You also have the right to lodge a comp­laint with a data protec­tion super­vi­sory autho­rity (Art. 77 GDPR). However, we recom­mend that you always address a comp­laint to us first.
  • If possible, your requests to exer­cise your rights should be addressed in writing to the data controller named in Clause 1.

Infor­ma­tion on the right to object to the proces­sing of your data at any Time

You have the right at any time, for personal reasons, to object to the proces­sing of your data that is necessary to safe­guard our legi­ti­mate inte­rests. Please send your objec­tion and its justi­fi­ca­tion to:

hep global GmbH Römerstr. 3
74363 Güglingen
Phone: 07135 93446 – 616
Email: info@hep.global or datenschutz@hep.global

Based on the justi­fi­ca­tion you provide, we will review immedia­tely, at the latest within one month after receipt of your objec­tion, whether we are obli­gated to delete your data or whether further proces­sing of your data is required to safe­guard over­ri­ding legi­ti­mate inte­rests or to assert, exer­cise or defend legal claims. We will inform you of the result of our review in writing or in text form.