Privacy Policy

Privacy Policy

I. Introduction

We are aware of the trust you are placing in us. Therefore, we would like to provide comprehensive information to you on how we handle your personal data at Aquila Capital (which refers to Aquila Capital Holding GmbH and the companies affiliated with it within the meaning of Sections 15 et seqq. of the German Stock Corporation Act (AktG)). In particular, we would like to inform you on the type of data we collect when you visit and/or use our website and on how we use this data. If we have received personal data from you through other communication channels (e.g. by e-mail), the following Privacy Notice applies as well.

Given that our website and the technologies on which it is based, as well as our business processes are subject to continuous development, the Privacy Notice may need to be changed too. All future changes will be published on this website.

II. Use of the website and data protection

1. Name and contact data of the controller for personal data processing on the Aquila Capital website

We, Aquila Capital Management GmbH, represented by the managing directors Marc-Aurel Kaiser, Christian Ohl, Bernhard Bußmann und Karsten Nebe, Valentinskamp 70, 20355 Hamburg (Tel.: +49 40 875050-100 / receptionist, Fax: +49 40 87 5050-129) are the controller within the meaning of Art. 4(7) GDPR for the processing of personal data in relation to the usage of the website.

2. Contact data of the data protection officer

The data protection officer of Aquila Capital can be reached as follows:

Aquila Capital Holding GmbH

c/o the data protection officer

Valentinskamp 70, 20355 Hamburg

DSGVO@aquila-capital.com, nasim.farbin@aquila-capital.com

In addition, a data protection officer has been appointed for the relevant Spanish Group companies, who can be contacted as follows: e-mail: margarita.gonzalez@aquila-capital.com.

3. Restriction of the scope of this Privacy Notice for visits to our website

Our Privacy Notice only applies to our content which is stored on our servers. It expressly does not cover any links to websites of third parties in our offerings

4. Collection of personal data in the context of informational use of our website

a. Description and scope of data processing

If you only use our website for informational purposes, we do not collect any personal data aside from the data transmitted by your browser to enable you to visit the website.

That data is:

  1. Date and time of your request
  2. Duration of your visit
  3. Time zone difference compared to Greenwich Mean Time (GMT)
  4. Content of the request (specific page)
  5. Access status / HTTP status code
  6. Website & provider from/by which the request is made
  7. Browser
  8. Operating system
  9. Language and version of the browser software
  10. IP-address.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. For more details on cookies, see II. Clause 9 of this Privacy Notice. For information on data processing via the Facebook pixel and the LinkedIn pixel, please refer to section II 11. and 12.

b. Purpose and legal basis of data processing

We store data related to the end device in order to create use statistics, for example, or to identify and trace unauthorised attempts to access our web servers. We only create profiles regarding the use of our website in anonymised form and only to improve user navigation and optimise our products and services. Our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes. We do not create or process behaviour profiles relating to a specific person from the aforementioned information.

c. Duration of data storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

5. Collection of personal data during the use of our website features

We only store personal data, such as your e-mail address or your name, if you choose to provide this information to us, e.g. in the context of the contact form, an application, or for the performance of a contract (principle of direct collection).

a. Contact form

We process your personal data provided in the contact form in order to contact you and to process your request (Art. 6 (1) lit. b GDPR). This data will not be passed on without your consent. Data transmitted via the contact form will remain with us until you request us to delete it or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.

 

b. Tab “Real Assets”

If you want to search for information on specific products via the "Real Assets" tab, we collect the following data from you: your status as a professional investor, your country of origin, and information on the pages you have visited on our website. In doing so, we want to ensure that we provide you with the information you are interested in. In doing so, we want to ensure that we provide you with the information you are interested in. The legal basis for this is Art. 6 (1) lit. a. GDPR. You can revoke your consent at any time (see clause 9 d.)

c. Applications

If you also use our website to provide a profile/resume to us, we will also use that personal data to create our own professional profile for you in accordance with this Privacy Notice. Given that we will store your work history in this case, your submission must not contain any sensitive information with respect to race or ethnic origin, political opinions, religion or beliefs, trade union or political party memberships, genetic, physical or mental health status, dependencies, sexual orientation, criminal offences or criminal proceedings and related penalties or fines, social security number or national ID. If your profile contains such information regardless, you agree that we may store that information and also use it in accordance with this Privacy Notice. Please also note that where you provide information of a third party to us as a reference you are responsible for ensuring that the person involved is aware of your disclosure of his/her personal data and has provided his/her written consent to this disclosure.

Further details can be found in our Privacy Policy for online application.

d. YouTube

Our website uses plugins from YouTube to integrate and display video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When a page with an integrated YouTube plugin is opened, a connection to the YouTube servers is established. This will tell YouTube which of our pages you have accessed. YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.

Details on the handling of user data can be found in YouTube's data protection declaration at: https://www.google.de/intl/de/policies/privacy.

Notes on legal bases:

If we ask you for your consent to the use of Youtube, the legal basis for the processing of data is the consent pursuant to Art. 6 (1) lit. a. GDPR. In other cases, your data will be processed on the basis of our legitimate interests (i.e. interest in an attractive presentation of our online services) in accordance with Art. 6 (1) lit. f. GDPR.

e. Vimeo

Our website uses plugins from Vimeo to integrate and display video content. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When calling a page with an integrated Vimeo plugin, a connection to the servers of Vimeo is established. This will tell Vimeo which of our pages you have accessed. Vimeo will know your IP address even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.

Notes on legal bases:

If we ask you for your consent to the use of Vimeo, the legal basis for the processing of data is the consent in accordance with Art. 6 (1) lit. a. GDPR. In other cases, your data will be processed on the basis of our legitimate interests (i.e. interest in an attractive presentation of our online services) pursuant to Art. 6 (1) lit. f. GDPR.

Vimeo can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand. Details on the handling of user data can be found in Vimeo's data protection declaration at: https://vimeo.com/privacy.

f. LinkedIn Plug-In

Components of LinkedIn Corporation are also integrated on this website. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, in Europe by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland. For privacy matters outside the United States, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Each time a LinkedIn component (LinkedIn plug-in) is installed on our website, that component causes the browser used by the individual to download an appropriate representation of the LinkedIn component. More information about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn obtains information as to which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in to LinkedIn at the same time, LinkedIn recognizes which specific page of our website the person concerned is visiting each time the person visits our website and for the entire duration of that person's stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the person concerned. If the person concerned clicks on an integrated LinkedIn button on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and saves this personal data.

LinkedIn always receives information through the LinkedIn component that the person concerned has visited our website if the person concerned is logged in to LinkedIn at the same time as accessing our website; this occurs regardless of whether the person concerned clicks on the LinkedIn component or not. If the data subject does not want LinkedIn to receive such information, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

At www.linkedin.com/psettings/guest-controls LinkedIn offers the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads as well as to manage ad settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who can set cookies. Such cookies may be declined at www.linkedin.com/legal/cookie-policy LinkedIn's current privacy policy can be found at www.linkedin.com/legal/privacy-policy LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

Notes on legal bases:

If we ask you for your consent to the use of LinkedIn, the legal basis for the processing of data is the consent in accordance with Art. 6 (1) lit. a. GDPR. In other cases, your data will be processed on the basis of our legitimate interests (i.e. interest in an attractive presentation of our online services) pursuant to Art. 6 (1) lit. f. GDPR.

g. Facebook plug-in

Our website uses so-called social plug-ins ("plugins") of the social network Facebook, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), in Europe by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 in Ireland. The plugins are marked with a Facebook logo or the addition "Social Plug-in from Facebook" or "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: developers.facebook.com/docs/plugins. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server, possibly also to the USA, and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook's privacy policy: www.facebook.com/policy.php. If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website.

Notes on legal basis:

If we ask for your consent to use the Facebook plugin, the legal basis for the processing of data is consent pursuant to Art. 6 para.1 lit. a. DSGVO. Otherwise, your data will be processed on the basis of our legitimate interests pursuant to Art. 6 para.1 lit. f DSGVO (i.e. interest in an appealing presentation of our online offer). If the transfer to an unsafe third country takes place, this is done on the basis of Art. 49 para. 1 lit. a) DSGVO.

6. Presences in social networks (fan pages)

We maintain publicly accessible profiles on social networks. Details on the social networks used by us can be found below.

Social networks such as Facebook etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.

Please note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals and data may also be transferred by the provider to a so-called unsafe third country (for example into the USA). For details, please refer to the terms of use and data protection provisions of the respective social media portals.

a. Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO).

b. Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint, for more information see section VIII.) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals operators. Our options are largely determined by the corporate policy of the respective provider.

c. Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

d. Social networks in detail:

aa. Facebook

We have a profile on Facebook. The provider is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 in Ireland, a company of the Facebook group (Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA).

We have concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: www.facebook.com/settings.

For details, please refer to Facebook's privacy policy: www.facebook.com/about/privacy/.

bb. Instagram

We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please refer to Instagram's privacy policy: help.instagram.com/519522125107875.

cc. LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For details on their handling of your personal data, please refer to LinkedIn's privacy policy: www.linkedin.com/legal/privacy-policy.

7. Disclosure to third parties

To facilitate the purposes described we may exchange your data with third parties we use to process orders and inquiries. In this context we may provide access to your information to third parties that support our provision of services to you. Examples are third parties used to manage our web servers and to analyse data who may be able to access your data in this context. A data processing agreement is concluded in this case.

If you make your personal data available to us for the purpose of potential future cooperation, potential investments and/or to enable us to contact you, we may disclose this data to affiliated companies (as defined in Sections 15 et seqq. of the German Stock Corporation Act), if there is a legitimate interest on our part and your interests, fundamental rights and freedoms do not outweigh.

Otherwise we only provide your personal data to third parties if we are obligated to do so by compulsory legal regulations, if you ask us to do so or have consented to the disclosure, or after the data has been anonymised or pseudonymised.

We only transfer data to third parties established in a third country with your consent or to fulfil our contractual obligations pursuant to Art. 44 GDPR et seqq.

8. Data security, TLS encryption with https; Technologies used

Aquila Capital Management GmbH and the companies affiliated with it take diligent precautions to protect your data managed by us against manipulations, loss, destruction and against access by unauthorised persons. We continuously improve our security measures in accordance with the development of technology. Our employees are obligated to maintain data confidentiality in accordance with the provisions of the GDPR.

We use https to transmit data in a tap-proof manner on the Internet (data protection through technology design Article 25 (1) GDPR). Through the use of TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the https scheme (instead of http) as part of our Internet address.

Parts of this website may use technologies that are widely used on the internet, such as JavaScript, Java, Flash or ActiveX, to allow us to present the information requested in a form that is more convenient for you. We do not use these technologies in any way to spy out personal data or manipulate data on your computer.

9. Cookies

a. Description and scope of data processing

We need certain information to enable us to design our websites based on user needs. For the collection of this information we also use cookies. Cookies are meant to facilitate the use of the internet and communication. Cookies are stored on your PC or another end device to anonymously identify the device and to support the application when you return to our websites.

If you want to, you can suppress the storage of cookies in general through your web browser or you can decide if you want to be asked if a cookie should be stored or not. However, if you do not accept cookies, some pages may not be displayed correctly any more.

We use cookies on our website to store the following parameters, for example:

  1. Language and country
  2. Browser settings and installed plug-ins
  3. Data on the use of our website.

This website uses the following cookies:

Transient cookies (temporary use)

Persistent cookies (use for a limited time)

Transient cookies are deleted automatically when you close your browser. They specifically include session cookies. Session cookies store a "session ID" which allows to allocate various requests from your browser to a joint session. This allows the website to recognize your computer when you return to the website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are deleted automatically after a specified period which may vary depending on the type of the cookie. You can delete the cookies at any time in the security settings of your browser.

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

More information on how cookies work can be found on the following website: http://www.allaboutcookies.org.

b. Purpose and legal basis of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f. GDPR. Legal basis for the processing of personal data using other cookies (marketing, statistics, etc.) will be in the event that we ask you for consent based on Art. 6 (1) lit. a. GDPR.

c. Duration of storage objection and elimination options

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to use all functions of the website to their full extent.

d. Customize cookie settings

When calling up our website, we offer you the possibility to individually adjust the cookies via the "Settings" item in the cookie banner. This consent is voluntary, not necessary for the use of this website and can be revoked at any time. You can adjust the cookie settings here at any time.

By clicking on "accept" in the cookie banner or “accept all” in the settings, you also consent to your data being processed in the USA in accordance with Art. 49 Para. 1 S.1 lit a GDPR. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and monitoring purposes, possibly without the possibility of legal recourse. If you click on “only functional cookies” in the cookie banner or "accept only necessary cookies" in the settings, the transfer described above will not take place.

10. Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses “cookies”. As mentioned above, cookies are text files that are stored on your computer and enable us to analyse your use of the website. The information on your use of this website generated by the cookie is transferred to a Google server in the USA and is stored there. Google will use this information to analyse your use of the website, prepare reports on the website activities for website operators and provide other services related to the use of the website and the internet. The legal basis for the use of Google Analytics is Art. 6 (1) a. GDPR. The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. Google may also transfer information to third parties if this is required by law or if this data is processed by third parties on behalf of Google. Google will not connect your IP address with other Google data under any circumstances. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de.By activating the add-on that can be downloaded through this link you effectively object to the collection, use and processing of your data by Google Analytics.

This website uses the anonymisation option provided by Google Analytics. We only collect your IP address in shortened form which means it cannot be traced back to you.

If you object to the use of cookies, we place a simple cookie which expires after your browser session and only memorises that data should not be collected about you.

11. Facebook Retargeting Facebook Pixel

A pixel of Facebook Ireland Limited is integrated into this website (website custom audience pixel). Through this pixel, information about the use of this website is collected by Aquila Capital Management GmbH and Facebook Ireland Limited in joint responsibility and transmitted to Facebook Ireland Limited. This information can be assigned to your person with the help of further information that Facebook Ireland Limited has stored about you, e.g. due to your ownership of an account on the social network "Facebook". Based on the information collected via the pixel, you can be shown interest-based advertisements about our offers in your Facebook account (retargeting). The information collected via the pixel may also be aggregated by Facebook Ireland Limited and the aggregated information may be used by Facebook Ireland Limited for its own web purposes as well as for advertising purposes of third parties. For example, Facebook Ireland Limited may infer certain interests from your browsing behaviour on this website and may also use this information to promote third-party offers. Facebook Ireland Limited may also combine the information collected via the pixel with other information that Facebook Ireland Limited has collected about you via other websites and / or in connection with the use of the social network "Facebook", so that a profile about you can be stored at Facebook Ireland Limited. This profile can be used for advertising purposes. Facebook Ireland Limited is solely responsible for the permanent storage and the presented further processing of the tracking data collected via the website custom audience pixel used on this website. The legal basis for this data processing is Article 6(1)(a) DSGVO (consent).

You can obtain more information on data protection at Facebook Ireland Limited here: www.facebook.com/policy.php

Here you will also find the possibility of asserting your data subject rights (e.g. right to deletion) against Facebook Ireland Limited. You can give your consent to the transmission of data to Facebook Ireland Limited through the use of the pixel on this website via the cookie settings cookie settings.

12. LinkedIn Insights and Conversion Tracking – LinkedIn Pixel

Furthermore, we use the so-called conversion tracking with LinkedIn Insights Tag, a tool of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website. For this purpose, the LinkedIn Insight Tag is integrated on our pages and a cookie is set on your end device by LinkedIn. This informs LinkedIn that you have visited our web pages, whereby your IP address is also collected. In addition, timestamps and events such as page views are stored. This enables us to statistically evaluate the use of our website in order to constantly optimize it. We learn, for example, through which LinkedIn ad or interaction on LinkedIn you came to our website. This allows us to better control the display of our advertising. You can find more information on conversion tracking at www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht.

Please note that the data may be stored and processed by LinkedIn, so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. For more information, please see LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy. You can prevent the analysis of your usage behavior by LinkedIn as well as the display of interest-based recommendations via www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

13. Your rights

Your rights with regard to data processing are outlined in section VIII. of this Privacy Policy.

III. General data processing at Aquila Capital (data protection information according to Art. 13 GDPR)

The privacy, protection and processing of your personal data is very important to Aquila Capital (meaning Aquila Capital Holding GmbH and its affiliated entities in the sense of sections 15 et seqq. of the German Stock Corporation Act (AktG)). In the following we would like to inform you about the processing of your personal data at Aquila Capital and your rights regarding personal data protection. Which specific personal data will be processed and/or used depends on the specific business relationship with you and/or the processing occasion. In this respect, you will find in section IV and following sections specific data protection information relating to specific processing activities. Information regarding your rights are detailed in section VIII.

1. Name and contact data of the controller

Controller within the meaning of GDPR and/or other European data protection laws or regulations, is the legal entity within Aquila Group, with which you maintain a business relationship, that collects personal data from you or to which you provide personal data.

Controller within the meaning of GDPR and/or other European data protection laws or regulations, is the legal entity within Aquila Capital, with which you maintain a business relationship, that collects personal data from you or to which you provide personal data.

The responsible companies of Aquila Capital with legal seat in Hamburg, Germany, can be reached as follows:

Valentinskamp 70, 20355 Hamburg, Germany
Tel.: +49 40 875050-100
info@aquila-capital.de

and

ABC-Straße 21, 20354 Hamburg, Germany
Tel.: +49 40 875050-200
info@aquila-capital.de

The responsible company of Aquila Capital with legal seat in the UK can be reached as follows:

20th Floor, Leaf B, Tower 42, 25 Old Broad Street, London EC2N 1HQ
Tel. +44 2082085400
info@aquila-capital.de

The responsible company of Aquila Capital with legal seat in Luxembourg, can be reached as follows:

Airport Center Luxembourg, 5, Heienhaff, 1736 Sennigerberg, Luxembourg
Tel.: +352 24 83 29 1
info@alceda.lu

The responsible company of Aquila Capital with legal seat in Spain can be reached as follows:

Paseo de la Castellana, 259D, Torre Espacio , 28046 Madrid, Spain
Tel.: +34 91 511 90-50
info@aquila-capital.com

The responsible company of Aquila Capital with legal seat in Switzerland can be reached as follows:

Poststraße 3
8001 Zurich, Switzerland
phone: +49 40 87 5050-100
info@aquila-capital.com

The responsible company of Aquila Capital with legal seat in Norway can be reached as follows:

Haakon VIIs Gate 2
0161 Olso, Norway
phone: +47 90 14 36 67
info@aquila-capital.com

The responsible company of Aquila Capital with legal seat in the Netherlands can be reached as follows:

Schiphol Boulevard 215, WTC Schiphol
1118BH Schiphol, Netherlands
phone: +49 40 87 5050-100
​​​​​​​info@aquila-capital.com

The responsible company of Aquila Capital with legal seat in Japan can be reached as follows:

12 F Yurakucho Itocia, 2-7-1 Yurakucho, Chiyoda-ku
100-0006 Tokio, Japan
phone: +49 40 87 5050-100
info@aquila-capital.com

The responsible company of Aquila Capital with legal seat in Singapore can be reached as follows:

138 Market Street #15-03 Capitagreen
048946 Singapore
phone: +49 40 87 5050-100
info@aquila-capital.com

The responsible company of Aquila Capital with legal seat in Portugal can be reached as follows:

Avenida Fontes Pereira de Melo, N14, 11
1050-121 Lisbon
phone: +351 211 328 420
​​​​​​​info@aquila-capital.com

The responsible company of Aquila Capital with legal seat in Italy can be reached as follows:

Via Mike Bongiorno 13
20124 Mailand
info@aquila-capital.com

The responsible company of Aquila Capital with legal seat in Taiwan can be reached as follows:

Room 1502 No. 80, Section 1, Zhongxiao West Road
100 Taipei
phone: +886 2370 3838

info@aquila-capital.com

 

2. Contact data of the data protection officer of the Aquila Group 

The data protection officer of Aquila Capital can be reached as follows:

Aquila Capital Holding GmbH
c/o data protection officer
Valentinskamp 70, 20355 Hamburg
nasim.farbin@aquila-capital.com.

In addition, a data protection officer has been appointed for the relevant Spanish and Portuguese Group companies, who can be contacted as follows: e-mail: margarita.gonzalez@aquila-capital.com.

3. Purpose of personal data processing and legal basis

We process personal data in accordance with the relevant rules and regulations, in particular with GDPR.

The processing of personal data is necessary for the performance of a contract with you (Art. 6(1) lit. b. GDPR).

The processing of personal data is necessary for the purposes of the legitimate interests pursued by you or by a third party (Art. 6(1) lit. f. GDPR).

If you have declared your consent in the processing of personal data for certain purposes, we process such data on the basis of your consent (Art. 6(1) lit. a. GDPR.

In addition, we are subject to a large number of legal obligations (money- laundering act, tax law etc.) as well as regulatory regulations. For this purpose we can use and process your personal data (Art. 6(1) lit. c. GDPR).

We collect and use personal data from our customers to send important information or updates on Aquila Capital’s products and services. This includes, in particular, important security information or significant changes to products, services or this Privacy Policy. The legal basis for processing data for these purposes is the legitimate interest of Aquila Capital to adapt and correct legal innovations or product errors, to comply with legal obligations and to offer high-quality product support. The collection and use of this data may be mandatory for compliance with existing legal regulations. Insofar as we collect or use data for purposes of advertising and customer retention, for example for performance reports, analyses and market-relevant assessments as well as invitations to specific events, following prior consent, there is a right of revocation for this consent at any time with effect for the future. The revocation can - just like the consent - be made orally, in writing or in text form.

4. Recipients or categories of recipients of the personal data

Your personal data will be transmitted within Aquila Capital to all entities, which need these data for contractual and regulatory purposes. For these purposes we also may transmit your personal data to processors (Art. 28 GDPR) if applicable. To comply with certain contractual obligations we may transmit personal data to other recipients, e.g. public authorities or organisations in case of legal obligations. A transfer of personal data to third parties with a registered office in a third country will only take place with your consent or in order to fulfil our contractual obligations pursuant to Art. 44 et seq GDPR.

5. Duration of storage

Where required, we process and store your personal data for the period of our business relation or until the revocation of your consent. The retention period of personal data within the Know Your Costumer process is 5 years. The retention period begins upon conclusion of the calendar year in which the business relationship is terminated. In all other cases, it begins upon conclusion of the calendar year in which the respective information was gathered (see Sec. 8 para 4 Money Laundering Act). Furthermore, we are subject to miscellaneous safekeeping and documentation obligations that may arise from e.g. German Commercial Code or General Fiscal Code.

Pursuant to the provisions of these laws, personal data must be retained for a period of ten years. In addition, the statutory period of limitations within the meaning of seq. 195 et German Civil Code shall apply in relation to the duration of storage period. Thus, the maximum period of limitation term is up to 30 years.

6. Automated decision-making including profiling

We do not use automated decision-making within the meaning of Art. 22 GDPR for establishing and fulfilling the business relationship with you. We do not use procedures based solely on automated processings. Your personal data will be partially processed automatically, to analyse certain personal aspects (profiling). Profiling is used in the following areas: We are subject to certain legal and regulatory requirements, e.g. anti-money laundering, terrorist financing and asset risk offenses. Concurrently, this measures are for your protection.

7. Your rights

Your rights with regard to data processing are outlined in section VIII. of this Privacy Policy.

IV. Data protection information according to Art. 13 GDPR for telephone recording according to MiFID/MiFIR, FinVermV (German Financial Asset Brokerage Regulation)  

1. Controller according to Art. 4 no. 7 GDPR

Aquila Capital Concepts GmbH and Aquila Capital Investmentgesellschaft mbH are the Controllers of the data processing.

2. Purpose of the data processing

In accordance with the requirements of Directive 2014/65/EU ("MiFID II") and Regulation (EU) No. 600/2014 ("MiFIR") the obligation to record and store telephone calls and electronic communication in the performance of ancillary services has existed since January 3, 2018 (Aquila Capital Investmentgesellschaft mbH). As a financial investment broker pursuant to Section 34 f of the German Trade Regulation Act (GewO), Aquila Capital Concepts GmbH is obliged to record the content of telephone conversations and other electronic communications for the purpose of preserving evidence, as soon as they relate to the brokerage of or advice on financial investments, in accordance with the Financial Investment Brokerage Ordinance (FinVermV).

The obligation to record telephone conversations and electronic communication equivalent thereto requires that the conversation and electronic communication between the investors and controllers mentioned under 1. be directed at least at the transactions carried out in trading for own account or at the acceptance, transmission or execution of investor orders. This also includes the provision of ancillary services such as investment brokerage, investment advice and financial portfolio management and according to § 18a FinVermV the mediation and advisory of financial investments.

The aim of the supervisory authority is to give clients the opportunity to further document the investment mediation process in addition to the written records (e.g. in the brokerage protocol) as part of strengthening investor protection. The requirement applies to all client categories (private clients, semi-professional clients, professional clients and eligible Counterparties). In order to achieve this goal, Art.16 para. 7 MiFID II now prescribes the binding obligation to record telephone calls and electronic communication in addition to the general recording obligation of Art. 16 para. 6 MiFID II. For evidence purposes, all relevant telephone conversations or parts thereof with (potential) customers can be recorded in relation to business transactions or business conversations.

3. Legal basis for data processing

The data protection legal basis for these records derives from Art. 6 para. 1 lit. c. GDPR in conjunction with Art.16 para. 7 MiFID II, para. 6 MiFID II, Art. 76 MiFID II-DVO, §83 WpHG, §9 WpDVVerOV §§ 18a, 23 FinVermV.

4. Data protection officer

The contact details of the data protection officers can be found in section III. clause 2 of this privacy policy.

5. Recipient of the data

For audit purposes, Aquila Capital's Compliance Department and Audit Department may be granted access to the telephone records. In addition, access by external auditors is possible.

The competent supervisory authorities (data protection authority, BaFin) may also request existing recordings of telephone calls or electronic communications from the responsible parties for audit purposes.

For the implementation of the recording obligation, the responsible parties work together with the external service provider ASC Technologies AG. A data processing agreement has been concluded. The hosting of the data takes place exclusively in Germany.

6. Deletion of data

Records to which Aquila Capital Concepts GmbH is legally obligated are kept in accordance with the legal requirements for a maximum of 10 years from the end of the calendar year in which the last transaction subject to record-keeping for the respective order took place. (according to § 18a FinVermV in conjunction with § 34f GewO). Records to which Aquila Capital Investlementgesellschaft mbH is legally obligated are kept for 5 years, maximum 7 years from the date of creation (§ 83 para. 3. WpHG in conjunction with Art 16 para. 7 MiFID II), unless legal retention periods apply that require longer storage.

The controllers collect this personal data as evidence of transactions carried out and to comply with applicable legal requirements.

7. Rights of the data subjects

Your rights with regard to data processing are outlined in section VIII. of this Privacy Policy.

V. Data protection information pursuant to Art. 13 GDPR for the recording of telephone conversations in Energy Trading according to REMIT

1. Data Controller according to Art. 4 no. 7 GDPR

The person responsible for data processing is AQ ENRG GmbH.

2. Purpose of the Data Processing

The recording is done to increase the transparency and stability of the European energy markets, in particular to combat insider trading and market manipulation in the wholesale energy markets in accordance with the Regulation on Wholesale Energy Market Integrity and Transparency ("REMIT"). AQ ENRG GmbH collects and stores this data as evidence of transactions carried out and to document the content of agreements to assert, exercise or defend legal claims.

For this purpose, all telephone conversations and data transmissions with (potential) trading partners of AQ ENRG GmbH regarding transactions including trading orders may be recorded. In this context, we would like to point out that the entire content of the conversation is recorded,

3. Legal basis for data processing

The recording is carried out on the legal basis of Art. (1) lit. f GDPR. AQ ENRG GmbH, like the trading partners, has a legitimate interest in the transparency and stability of the energy market as well as in the documentation of the agreements for the assertion, exercise or defense of legal claims, which already outweighs the interests of the trading partners due to the absolute market custom and general knowledge and acceptance of call recordings in wholesale energy trading; in this regard, you have the right to object to the processing of your personal data which is carried out (i.a.) on the basis of Art. 6 (1) f) GDPR at any time on grounds relating to your particular situation in accordance with Art. 21 GDPR.

4. Data Protection Officer

The contact details of Aquila Capital's data protection officer can be found under section III. 2. of this Privacy Policy.

5. Recipients of the Data

AQ ENRG GmbH uses a service provider based in the United Kingdom (Cloudnimbus Holding Ltd.) for the technical implementation of the recording. A transfer of data to affiliated companies of Aquila Capital, for example in case of enforcement or defense of legal claims by the legal department at Aquila Capital Holding GmbH, may become necessary.

6. Deletion of data

Records are generally retained for a period of 1 year and are then deleted in accordance with legal regulations, unless legal retention periods apply that require longer retention or there are legitimate interests for longer retention.

7. Rights of the Data Subjects

Your rights with regard to data processing are outlined in Section VIII. of this Privacy Policy.

VI. Data protection information pursuant to Art. 13 GDPR for video and telephone conferences via "Microsoft Teams" and "LoopUp"

1. Controller according to Art. 4 no. 7 GDPR

The controller for data processing in direct connection with the holding of video and telephone conferences (hereinafter "Online Meetings") is Aquila Capital Management GmbH.

2. Purpose of the data processing

We use the tools "Microsoft Teams" and "LoopUp" to conduct telephone and video conferences within the business purposes of Aquila Capital. Different types of data are processed. The extent of the data also depends on the information provided before or during participation in an online meeting.

3. Which data is processed?

Microsoft Teams

  • User details: e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language
  • Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
  • Text, audio and video data: It is possible to use the chat function in an online meeting. In this respect, the text entries made by the respective user are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera on the terminal device are processed for the duration of the meeting.  You can switch off or mute the camera or microphone yourself at any time using the "Microsoft Teams" applications.
  • Log files, protocol data

LoopUp

To grant access to LoopUp the following data is processed:

  • Contact information (if provided - name and phone number) 
  • Call records (if approved)
  • Video / Pictures (if desired)

When creating call overviews (participants, duration and recordings) the following data is processed:

  • Contact details (if provided - name and phone number) 
  • Call recording (if approved)
  • Video / Pictures (if desired)

If we want to record "Online Meetings", we will inform you transparently in advance and - if necessary - ask for your consent. In principle, however, no recordings are made.

If it is necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Furthermore, we would like to point out that during online meetings in the home office, the background of the apartment may also be visible. In this case further data may be processed. The unprepared optical and/or acoustic appearance of third parties is also possible. It is therefore recommended to change the background for video conferences in the home office. To do this, select the Background Effects option for Microsoft Teams when you set up your video and audio settings before participating in a meeting. It is located directly to the right of the microphone switch. Your background options are then displayed on the right side. Your new background will remain in all your meetings and calls until you change it again. If this is not possible, make sure that the camera is not in an unfavourable position and that the meeting is not held in unsuitable rooms or rooms occupied by third parties.

Transportation encryption is used when transferring video conference data.

Automated decision making in the sense of Art. 22 GDPR does not take place.

4. Legal basis for data processing

The legal basis for data processing of "online meetings" is Art. 6 (1) lit. b GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If no contractual relationship exists, the legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest is to ensure effective communication between employees of Aquila Capital and external persons/companies or business partners. Particularly against the background of the Corona Pandemic, the use of long-distance means of communication had to be increased in order to avoid, for example, personal meetings. You have the right to object to the processing of your personal data which is carried out (i.a.) on the basis of Art. 6 (1) f) GDPR at any time on grounds relating to your particular situation in accordance with Art. 21 GDPR.

5. Data protection officer

You may contact the Aquila Capital's data protection officers at any time regarding your rights and obligations and any other information exchange. The contact details of the data protection officers can be found in section III. clause 2 of this Privacy Policy.

6. Recipient of the data

Personal data processed in connection with participation in online meetings is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from online meetings, as well as personal meetings, is used to communicate information to third parties and is therefore intended for disclosure.

Furthermore, we would like to inform you that the employees of Aquila Capital are employed in various group companies. It is therefore possible that the meeting data may be passed on within the group. Our legitimate interest according to Art.6 para. 1 lit. f. GDPR is to make online meetings effectively available to every employee in the company. You have the right to object to the processing of your personal data which is carried out (i.a.) on the basis of Art. 6 (1) f) GDPR at any time on grounds relating to your particular situation in accordance with Art. 21 GDPR.Further recipients: Microsoft and LoopUP necessarily receive knowledge of the above-mentioned data, as far as this is provided for in the framework of the contract processing agreements.

Microsoft Teams is part of the Office 365 cloud application, for which a user account must be created. Microsoft also reserves the right to process customer data for its own business purposes. According to Microsoft, these are activities related to the provision of the services, such as usage-based billing, capacity planning and combating cybercrime. Use for user profiling, advertising or similar commercial purposes is expressly excluded by contract. Please note that we have no control over Microsoft's data processing. To the extent that Microsoft teams process personal information in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for that use and as such is responsible for compliance with all applicable laws and a data controller's obligations. For more information about the purposes and extent of data collection and processing by Microsoft Teams, please see the Microsoft Privacy Statement at privacy.microsoft.com/de-de/privacystatement and Microsoft Teams at docs.microsoft.com/de-de/microsoftteams/teams-privacy. You can also obtain further information about your rights in this regard.

LoopUp processes personal data only according to our written instructions. You can find further information about data processing by LoopUp here: loopup.com/de/legal/privacy-policy/

Since Microsoft and LoopUP  are companies based in the USA or Great Britain, data processing outside the European Union (EU) is also possible. Measures have been taken to protect data processing by a third country (e.g. standard contract clauses). In addition, due to the current jurisdiction of the EUGH on the invalidity of the Privacy Shield, further measures to protect your data are being discussed with the provider.

Furthermore, we cannot exclude the possibility that the routing of data is carried out via Internet servers located outside the EU. This may be the case in particular if participants in online meetings are located in a third country. However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.

7. Deletion of data

The online meetings are generally not recorded. We point out that the (secret) recording of video and/or audio data as well as the storage and distribution of the recordings is punishable by law.

 A requirement for the recording and storage of data can exist in particular if the data is still needed to fulfill contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation.

8. Rights of the person concerned

Your rights with regard to data processing are described in section VIII. of this Privacy Policy.

VII. Data Protection Information in accordance with Art. 13 GDPR for the Know Your Counterparty Check (KYC-Check)

1. Controller according to Art. 4 no. 7 GDPR

The responsible data controller is determined by the context in which the KYC-Check is performed. For KYC-Checks in the context of the potential purchase of investment objects and, under certain circumstances, in connection with the engagement of service providers in a consulting context, the controller is Aquila Capital Management GmbH. The controller for KYC-Checks in the context of engaging investors is Aquila Capital Investmentgesellschaft mbH as the management company for the investment fund offered. The named responsible companies are in this section VII. each referred to as "Aquila".

2. Processing purposes and legal basis

The collection and further processing is carried out for the fulfillment of legal obligations to which Aquila is subject on the basis of Art. 6 (1) sentence 1 lit. c) GDPR in conjunction with § 28 KAGB, § 25h KWG, §§ 10-17 GwG for the prevention of money laundering, financing of terrorism and other criminal acts. The main measure to comply with this obligation is the identification of the business/contractual partner and, if applicable, the persons acting on its behalf and their authorization, the clarification of whether the contractual partner is acting on its own account or on behalf of a beneficial owner and its identification, the determination of whether the contractual partner or the beneficial owner is a politically exposed person (PEP), a family member or a known related person of a PEP.

In addition, we process your data on the basis of Art. 6 (1) sentence 1 lit. f) GDPR, insofar as this is necessary to protect legitimate interests on our part or on the part of a third party, in particular our interest in the efficient organization, planning and implementation of business processes (for example, when involving external service providers or when transferring data to the other recipients mentioned in section VII. 5.).  You have the right to object to the processing of your personal data which is carried out (i.a.) on the basis of Art. 6 (1) f) GDPR at any time on grounds relating to your particular situation in accordance with Art. 21 GDPR.

3. What personal data is processed

Depending on the constellation, the following personal data of the acting person(s) and the beneficial owner may be collected and processed during a KYC-Check in connection with the KYC questionnaire and the associated verification documents (e.g. copy of ID, proof of residential address):

Surname, first name, nationality, date of birth, place of birth, ID card data (e.g. ID card number, date of issue, issuing authority), address data (street, house number, zip code, city, country), attribute of beneficial owner, information on origin of assets, gross income, type of contribution, PEP status (in this context, if applicable, also name of family members  or other known related persons if they have a PEP status), any additional data that may result from the verification documents: Copy of ID (title, birth name, height, eye color, signature, order or artist name, if applicable), proof of address document (electricity consumption, telephone log, etc., if applicable).

4. Data Protection Officer

 

You may contact the Aquila Capital's data protection officers at any time regarding your rights and obligations and any other information exchange. The contact details of the data protection officers can be found in section III. clause 2 of this Privacy Policy.

5. Data Transmissions 

Aquila Capital - Internal: In the Aquila Group, some functions are performed centrally by other group companies and tasks may be performed by employees of other group companies. Data may therefore be transferred or accessed within the group to the extent necessary for the purposes of the processing. In these cases, personal data will only be transferred if there is a legitimate interest on the part of the controller and provided that your interests or fundamental rights and freedoms as a data subject do not prevail. Our legitimate interest pursuant to Art. 6 para.1 sentence 1 lit. f) GDPR is, among other things, to effectively design internal business processes, to process tasks that require special expertise centrally and in a high-quality manner by a corresponding specialist department, or to centrally manage the documentation and necessary deletions of personal data. This is usually the department Group Compliance at Aquila Capital Management GmbH.

External Service Providers: Aquila uses external service providers to fulfill the purposes described in the context of the KYC check. For example, the collected data is stored in the customer management software "Salesforce", provided by Salesforce Inc. Salesforce is supported and maintained by our service providers Hanse CRM GmbH, Omega CRM Consulting S.L. and IT-Lotsen GmbH, whose employees may become aware of the above data in the course of providing their services. In addition, your name is checked against current PEP and sanctions lists via the tool WorldcheckOne, provided by Refinitiv Germany GmbH, as well as against, among other things, press releases on the subject of financial crime by Factiva Limited.

Other Recipients: In addition, Aquila may make (individual or combined) collected data available to other recipients, for example, to those companies that are jointly involved with Aquila in the procurement of investment projects, namely buyers or financing companies of the investment properties or owner companies. They pursue a similar, albeit separate interest in the audit, which they may carry out parallel as an independent responsible party. The additional verification can further reduce the overall risk of financial crime (especially prevention of money laundering and terrorist financing) in potential projects or project participations. In addition, in the case of investors in Luxembourg investment funds, Aquila forwards the data to the relevant register and transfer agent European Depository Bank S.A. The opening of the register is necessary to complete the subscription of shares in the investment fund. Before forwarding, Aquila checks the correctness and completeness of the data and documents collected.

Aquila has concluded the necessary data protection agreements, e.g. data processing agreements, with all recipients of personal data. A transfer of personal data to a third country only takes place if the legal requirements are met. Some of the external service providers are registered in the USA, which is a third country without an adequacy decision by the European Commission; however, the data is stored on servers located within the European Economic Area.

6. Deletion of Data

Your data is stored for as long as it is required for the processing purpose or until the expiry of statutory retention periods. KYC documents and the data contained therein are subject to a basic retention period of 5 years from the end of the business relationship pursuant to Section 8 (4) GwG and are generally deleted after expiry.

7. Voluntariness and necessity of the provision of personal data

The provision of personal data as part of the KYC-Check is neither legally nor contractually required of you. You are therefore not obliged to provide any information in this regard. Please note, however, that Aquila cannot enter into a business relationship with you without the provision of the requested data.

8. Automated decision making including profiling

In the context of the KYC-Check, we do not use automated decision-making in accordance with Art. 22 GDPR, i.e. no processes in which decisions are made exclusively automatically.

9. Rights of the persons concerned

Your rights with regard to data processing are described in section VIII. of this Privacy Policy.

VIII. DATA SUBJECT RIGHTS

As a data subject within the meaning of the GDPR, you have various rights vis-à-vis the responsible entity of Aquila Capital with regard to your personal data, which we inform you about below. You can also find details about your rights in Art.15-21 of the GDPR:

  • Right to information according to Art. 15 GDPR:
    You have the right to request information about your personal data processed by the controller. In particular, about the processing purposes, the categories of personal data and about recipients or categories of recipients to whom the personal data have been disclosed. Furthermore, you have the right to obtain information about the planned duration of storage.
     
  • Right to rectification pursuant to Art. 16 GDPR:
    You have the right to request without delay the correction of inaccurate or the completion of your personal data stored by the controller.
     
  • Right to deletion according to Art. 17 GDPR
    You have the right to request the deletion of your data under the conditions specified in Art. 17 DSGVO.
     
  • Right to restriction according to Art. 18 GDPR
    In specific cases specified in the GDPR, you have the right to request the restriction of the processing of your personal data.
     
  • Right to data portability according to Art. 20 GDPR
    In specific cases set out in the GDPR, you have the right to receive and transfer all personal data concerning you to another controller (right to data portability).

In particular, you have a

  • Right of objection according to Art. 21 GDPR
    Insofar as personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data, insofar as there are grounds for doing so that arise from your particular situation;

as well as a

  • Right of revocation according to Art. 7 para. 3 GDPR
    Insofar as we process your data on the basis of your consent (Art. 6 para. 1 lit a) or Art. 9 para. 2 DSGVO), you have the right to revoke this consent at any time with effect for the future, without this affecting the lawfulness of the consent valid until then. The revocation is - like the granting of consent itself - possible orally or in text form.

To assert your rights, you can contact the responsible entity of Aquila Capital or Aquila Capital’s data protection officer (for contact details, see section III.2 of this Privacy Policy).

You also have a

  • Right of appeal pursuant to Art. 77 GDPR
    ​​​​​​​You have the right to complain to a data protection supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of the responsible controller.