
Privacy Policy
I. Introduction
We are aware of the trust you are placing in us. Therefore, we would like to provide comprehensive information to you on how we handle your personal data at Aquila Capital (which refers to Aquila Capital Holding GmbH and the companies affiliated with it within the meaning of Sections 15 et seqq. of the German Stock Corporation Act (AktG)). In particular, we would like to inform you about the type of data we collect when you visit and/or use our website and on how we use this data. If we have received personal data from you through other communication channels (e.g. by e-mail), the following Privacy Notice applies as well.
Given that our website and the technologies on which it is based, as well as our business processes are subject to continuous development, the Privacy Notice may need to be changed too. All future changes will be published on this website.
II. Use of the website and data protection
1. Name and contact data of the controller for personal data processing on the Aquila Capital website
We, Aquila Capital Holding GmbH, represented by the managing directors Dr. Dieter Rentsch und Roman Rosslenbroich, Valentinskamp 70, 20355 Hamburg (Tel.: +49 40 875050-100 / receptionist, Fax: +49 40 87 5050-129) are the controller within the meaning of Art. 4 (7) GDPR for the processing of personal data in relation to the usage of the website.
2. Contact data of the data protection officer
The data protection officer of Aquila Capital can be reached as follows:
Aquila Capital Holding GmbH
c/o the data protection officer
Valentinskamp 70, 20355 Hamburg
DSGVO@aquila-capital.com, nasim.farbin@aquila-capital.com
In addition, Aquila Capital has implemented local contact persons at its foreign locations, who can be reached for questions relating to data protection under the contact details listed in section III. 1. Of this Privacy Policy.
3. Restriction of the scope of this Privacy Notice for visits to our website
Our Privacy Notice only applies to our content which is stored on our servers. It expressly does not cover any links to websites of third parties in our offerings.
4. Collection of personal data in the context of informational use of our website
a. Description and scope of data processing
If you only use our website for informational purposes and have not consented to the setting and use of any optional cookies, we do not collect any personal data aside from the data transmitted by your browser via basic cookies that are stored on your end device which are necessary to enable you to visit and functionally use the website.
That data is:
- Date and time of your request
- Duration of your visit
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status / HTTP status code
- Website & provider from/by which the request is made
- Browser
- Operating system
- Language and version of the browser software
- IP-address.
In addition to the aforementioned data, additional data may be collected and processed if you consent to the storage of optional cookies on your computer and processing of such data when you visit and use our website. For more details on the processing of data via cookies, see II. Clause 9 of this Privacy Notice.
b. Purpose and legal basis of data processing
We store data related to the end device in order to create use statistics, for example, or to identify and trace unauthorised attempts to access our web servers. We only create profiles regarding the use of our website in anonymised form and only to improve user navigation and optimise our products and services. Our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes. We do not create or process behaviour profiles relating to a specific person from the aforementioned information.
c. Duration of data storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
5. Collection of personal data during the use of our website features
We only store personal data, such as your e-mail address or your name, if you choose to provide this information to us, e.g. in the context of the contact form, an application, or for the performance of a contract (principle of direct collection).
a. Contact form
We process your personal data provided in the contact form in order to contact you and to process your request (Art. 6 (1) lit. b GDPR). This data will not be passed on without your consent. Data transmitted via the contact form will remain with us until you request us to delete it or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.
b. Tab “Real Assets”
If you want to search for information on specific products via the "Real Assets" tab, we collect the following data from you: your status as a professional investor, your country of origin, and information on the pages you have visited on our website. In doing so, we want to ensure that we provide you with the information you are interested in. In doing so, we want to ensure that we provide you with the information you are interested in. The legal basis for this is Art. 6 (1) lit. a. GDPR. You can revoke your consent at any time (see clause 9 d.)
c. Applications
If you also use our website to provide a profile/resume to us, we will also use that personal data to create our own professional profile for you in accordance with this Privacy Notice. Given that we will store your work history in this case, your submission must not contain any sensitive information with respect to race or ethnic origin, political opinions, religion or beliefs, trade union or political party memberships, genetic, physical or mental health status, dependencies, sexual orientation, criminal offences or criminal proceedings and related penalties or fines, social security number or national ID. If your profile contains such information regardless, you agree that we may store that information and also use it in accordance with this Privacy Notice. Please also note that where you provide information of a third party to us as a reference you are responsible for ensuring that the person involved is aware of your disclosure of his/her personal data and has provided his/her written consent to this disclosure.
Further details can be found in our Privacy Policy for online application.
d. YouTube
Our website uses plugins from YouTube to integrate and display video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When a page with an integrated YouTube plugin is opened, a connection to the YouTube servers is established. This will tell YouTube which of our pages you have accessed. YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.
Details on the handling of user data can be found in YouTube's data protection declaration at: https://www.google.de/intl/de/policies/privacy.
Notes on legal bases:
If we ask you for your consent to the use of YouTube, the legal basis for the processing of data is the consent pursuant to Art. 6 (1) lit. a. GDPR. In other cases, your data will be processed on the basis of our legitimate interests (i.e. interest in an attractive presentation of our online services) in accordance with Art. 6 (1) lit. f. GDPR.
e. Vimeo
Our website uses plugins from Vimeo to integrate and display video content. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When calling a page with an integrated Vimeo plugin, a connection to the servers of Vimeo is established. This will tell Vimeo which of our pages you have accessed. Vimeo will know your IP address even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.
Notes on legal bases:
If we ask you for your consent to the use of Vimeo, the legal basis for the processing of data is the consent in accordance with Art. 6 (1) lit. a. GDPR. In other cases, your data will be processed on the basis of our legitimate interests (i.e. interest in an attractive presentation of our online services) pursuant to Art. 6 (1) lit. f. GDPR.
Vimeo can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand. Details on the handling of user data can be found in Vimeo's data protection declaration at: https://vimeo.com/privacy.
f. LinkedIn Plug-In
Components of LinkedIn Corporation are also integrated on this website. In Europe, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland.
Each time a LinkedIn component (LinkedIn plug-in) is installed on our website, that component causes the browser used by the individual to download an appropriate representation of the LinkedIn component. More information about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn obtains information as to which specific subpage of our website is visited by the person concerned.
If the person concerned is logged in to LinkedIn at the same time, LinkedIn recognizes which specific page of our website the person concerned is visiting each time the person visits our website and for the entire duration of that person's stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the person concerned. If the person concerned clicks on an integrated LinkedIn button on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and saves this personal data.
LinkedIn always receives information through the LinkedIn component that the person concerned has visited our website if the person concerned is logged in to LinkedIn at the same time as accessing our website; this occurs regardless of whether the person concerned clicks on the LinkedIn component or not. If the data subject does not want LinkedIn to receive such information, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.
At https://www.linkedin.com/psettings/guest-controls LinkedIn offers the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads as well as to manage ad settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who can set cookies. Such cookies may be declined at https://www.linkedin.com/legal/cookie-policy LinkedIn's current privacy policy can be found at https://www.linkedin.com/legal/privacy-policy LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.
Notes on legal bases:
If we ask you for your consent to the use of LinkedIn, the legal basis for the processing of data is the consent in accordance with Art. 6 (1) lit. a. GDPR. In other cases, your data will be processed on the basis of our legitimate interests (i.e. interest in an attractive presentation of our online services) pursuant to Art. 6 (1) lit. f. GDPR.
g. Facebook (Meta) plug-in
Our website uses so-called social plug-ins ("plugins") of the social network Facebook, which is operated by Meta Platforms Irleland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 in Ireland, an entity of Meta Group (Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA, ("Facebook" or “Meta”). The plugins are marked with a Facebook logo or the addition "Social Plug-in from Facebook" or "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: developers.facebook.com/docs/plugins. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server, possibly also to the USA, and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook's privacy policy: www.facebook.com/policy.php. If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website.
Notes on legal basis:
If we ask for your consent to use the Facebook plugin, the legal basis for the processing of data is consent pursuant to Art. 6 para.1 lit. a. GDPR. Otherwise, your data will be processed on the basis of our legitimate interests pursuant to Art. 6 para.1 lit. f GDPR (i.e. interest in an appealing presentation of our online offer). If the transfer to an unsafe third country takes place, this is done on the basis of Art. 49 para. 1 lit. a) GDPR.
6. Presences in social networks (fan pages)
We maintain publicly accessible profiles on social networks. Details on the social networks used by us can be found below.
Social networks such as Facebook etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Please note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals and data may also be transferred by the provider to a so-called unsafe third country (for example into the USA). For details, please refer to the terms of use and data protection provisions of the respective social media portals.
a. Legal basis
Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO).
b. Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint, for more information see section VIII.) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals operators. Our options are largely determined by the corporate policy of the respective provider.
c. Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
d. Social networks in detail:
aa. Facebook (Meta)
We have a profile on Facebook. The provider is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 in Ireland, a company of the Meta group (Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA) (“Facebook”).
We have concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
For details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.
bb. Instagram (Meta)
We have a profile on Instagram. The provider in Europe is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 in Ireland, a company of the Meta group (Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA). For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.
cc. LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
For details on their handling of your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
7. Disclosure to third parties
To facilitate the purposes described we may exchange your data with third parties we use to process orders and inquiries. In this context we may provide access to your information to third parties that support our provision of services to you. Examples are third parties used to manage our web servers and to analyse data who may be able to access your data in this context. A data processing agreement is concluded in this case.
If you make your personal data available to us for the purpose of potential future cooperation, potential investments and/or to enable us to contact you, we may disclose this data to affiliated companies (as defined in Sections 15 et seqq. of the German Stock Corporation Act), if there is a legitimate interest on our part and your interests, fundamental rights and freedoms do not outweigh.
Otherwise we only provide your personal data to third parties if we are obligated to do so by compulsory legal regulations, if you ask us to do so or have consented to the disclosure, or after the data has been anonymised or pseudonymised.
We only transfer data to third parties established in a third country with your consent or to fulfil our contractual obligations pursuant to Art. 44 GDPR et seqq.
8. Data security, TLS encryption with https; Technologies used
Aquila Capital Holding GmbH and the companies affiliated with it take diligent precautions to protect your data managed by us against manipulations, loss, destruction and against access by unauthorised persons. We continuously improve our security measures in accordance with the development of technology. Our employees are obligated to maintain data confidentiality in accordance with the provisions of the GDPR.
We use https to transmit data in a tap-proof manner on the Internet (data protection through technology design Article 25 (1) GDPR). Through the use of TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the https scheme (instead of http) as part of our Internet address.
Parts of this website may use technologies that are widely used on the internet, such as JavaScript, Java, Flash or ActiveX, to allow us to present the information requested in a form that is more convenient for you. We do not use these technologies in any way to spy out personal data or manipulate data on your computer.
9. Cookies
a. Description and scope of data processing
We need certain information to enable us to design our websites based on user needs. For the collection of this information we also use cookies. Cookies are meant to facilitate the use of the internet and communication. Cookies are stored on your PC or another end device to anonymously identify the device and to support the application when you return to our websites.
If you want to, you can suppress the storage of cookies in general through your web browser or you can decide if you want to be asked if a cookie should be stored or not. However, if you do not accept cookies some pages may not be displayed correctly anymore.
We use cookies on our website to store the following parameters, for example:
- Language and country
- Browser settings and installed plug-ins
- Data on the use of our website.
This website uses the following cookies:
- Transient cookies (temporary use)
- Persistent cookies (use for a limited time)
Transient cookies are deleted automatically when you close your browser. They specifically include session cookies. Session cookies store a "session ID" which allows to allocate various requests from your browser to a joint session. This allows the website to recognize your computer when you return to the website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are deleted automatically after a specified period which may vary depending on the type of the cookie. You can delete the cookies at any time in the security settings of your browser.
The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.
More information on how cookies work can be found on the following website: http://www.allaboutcookies.org.
b. Purpose and legal basis of data processing
The purpose of using technically necessary cookies is to enable and simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.
The user data collected by technically necessary cookies are not used to create user profiles.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f. GDPR. Legal basis for the processing of personal data using optional cookies (marketing, statistics, etc.) is your consent based on Art. 6 (1) lit. a. GDPR.
c. Duration of storage objection and elimination options
Cookies are stored on the user's end device and via them, data is transmitted to our site. For every Cookie we have set a specific storage limitation, depending on the purpose, which you can view under cookie settings – “Show Cookie Details ”. In addition, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to use all functions of the website to their full extent.
d. Customize cookie settings
When calling up our website, we offer you the possibility to individually adjust the optional cookies via the "Settings" item in the cookie banner. Your consent to optional cookies is voluntary, not necessary for the use of this website and can be revoked at any time. You can adjust the cookie settings here at any time.
By clicking on "accept" in the cookie banner or “accept all” in the settings, you also consent to your data being processed in the USA in accordance with Art. 49 Para. 1 S.1 lit a GDPR. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and monitoring purposes, possibly without the possibility of legal recourse. If you click on “only functional cookies” in the cookie banner or "accept only necessary cookies" in the settings, the transfer described above will not take place.
10. Google Analytics
We use the Google Analytics service (Google Analytics 4) of the provider Google Ireland Limited (Google Ireland/EU) on our website.
Google Analytics is a web analytics service that allows us to collect and analyse data about the behaviour of visitors to our website. Google Analytics sets and uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.
Some of this data is information stored in the end device you are using. In addition, further information is also stored on your end device via the cookies used. Such setting of cookies, storage of information by Google Analytics or access to information already stored in your end device as well as the processing of data by us will only take place with your consent.
Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet. In doing so, pseudonymous user profiles can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the setting of the cookies and data processing in connection with the Google Analytics service is therefore § 25 (1) TTDSG and Art. 6 (1) a GDPR. You can revoke this consent via our cookie settings at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland's sub-processors maintain facilities. Google Ireland transmits data to Google LLC and its servers located in the United States, which is deemed a third country where the data protection standards do not meet the same standards as set by the GDPR. Google Ireland respectively uses the EU standard data protection clauses as appropriate safeguards for these transfers of personal data in third countries, which can be found at the following link: https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/ and has performed a Transfer Impact Assessment for the transfer.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of users is shortened by Google Ireland within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data. Further information on the use of data for advertising purposes can be found in Google's privacy policy at: www.google.com/policies/technologies/ads/.
The data on user actions is stored for a period of 2 months to enable us to reach the purposes for which we collected the data and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.
11. Facebook Retargeting Facebook Pixel (Meta)
A pixel of Meta Platforms Ireland Limited is integrated into this website (website custom audience pixel). Through this pixel, information about the use of this website is collected by Aquila Capital Holding GmbH and Meta Platforms Ireland Limited in joint responsibility and transmitted to Meta Platforms Ireland Limited. This information can be assigned to your person with the help of further information that Meta Platforms Ireland Limited has stored about you, e.g. due to your ownership of an account on the social network "Facebook". Based on the information collected via the pixel, you can be shown interest-based advertisements about our offers in your Facebook account (retargeting). The information collected via the pixel may also be aggregated by Meta Platforms Ireland Limited and the aggregated information may be used by Meta Platforms Ireland Limited for its own web purposes as well as for advertising purposes of third parties. For example, Meta Platforms Ireland Limited may infer certain interests from your browsing behaviour on this website and may also use this information to promote third-party offers. Meta Platforms Ireland Limited may also combine the information collected via the pixel with other information that Meta Platforms Ireland Limited has collected about you via other websites and / or in connection with the use of the social network "Facebook", so that a profile about you can be stored at Meta Platforms Ireland Limited. This profile can be used for advertising purposes. Meta Platforms Ireland Limited is solely responsible for the permanent storage and the presented further processing of the tracking data collected via the website custom audience pixel used on this website. The legal basis for this data processing is Article 6(1)(a) GDPR (consent).
You can obtain more information on data protection at Meta Platforms Ireland Limited here: www.facebook.com/policy.php
Here you will also find the possibility of asserting your data subject rights (e.g. right to deletion) against Facebook Ireland Limited. You can give your consent to the transmission of data to Facebook Ireland Limited through the use of the pixel on this website via the cookie settings cookie settings.
12. LinkedIn Insights and Conversion Tracking – LinkedIn Pixel
Furthermore, we use the so-called conversion tracking with LinkedIn Insights Tag, a tool of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website. For this purpose, the LinkedIn Insight Tag is integrated on our pages and a cookie is set on your end device by LinkedIn. This informs LinkedIn that you have visited our web pages, whereby your IP address is also collected. In addition, timestamps and events such as page views are stored. This enables us to statistically evaluate the use of our website in order to constantly optimize it. We learn, for example, through which LinkedIn ad or interaction on LinkedIn you came to our website. This allows us to better control the display of our advertising. You can find more information on conversion tracking at www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht.
Please note that the data may be stored and processed by LinkedIn, so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. For more information, please see LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy. You can prevent the analysis of your usage behavior by LinkedIn as well as the display of interest-based recommendations via www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
13. Your rights
Your rights with regard to data processing are outlined in section VIII. of this Privacy Policy.
III. General data processing at Aquila Capital (data protection information according to Art. 13 GDPR)
The privacy, protection and processing of your personal data is very important to Aquila Capital (meaning Aquila Capital Holding GmbH and its affiliated entities in the sense of sections 15 et seqq. of the German Stock Corporation Act (AktG)). In the following we would like to inform you about the processing of your personal data at Aquila Capital and your rights regarding personal data protection. Which specific personal data will be processed and/or used depends on the specific business relationship with you and/or the processing occasion and purpose or other factors. In this respect, you will find in section IV and following sections specific data protection information relating to specific processing activities. Information regarding your rights are detailed in section VIII.
1. Name and contact data of the controller
Controller within the meaning of GDPR and/or other European data protection laws or regulations, is the legal entity within Aquila Capital, with which you maintain a business relationship, that collects personal data from you or to which you provide personal data.
The responsible companies of Aquila Capital with legal seat in Hamburg, Germany, can be reached as follows:
Valentinskamp 70, 20355 Hamburg, Germany
Tel.: +49 40 875050-100
info@aquila-capital.de
and
ABC-Straße 21, 20354 Hamburg, Germany
Tel.: +49 40 875050-200
info@aquila-capital.de
The responsible company of Aquila Capital with legal seat in the UK can be reached as follows:
20th Floor, Leaf B, Tower 42, 25 Old Broad Street, London EC2N 1HQ
Tel. +44 2082085400
info@aquila-capital.de
The responsible company of Aquila Capital with legal seat in Luxembourg, can be reached as follows:
Airport Center Luxembourg, 5, Heienhaff, 1736 Sennigerberg, Luxembourg
Tel.: +352 24 83 29 1
info@alceda.lu
The responsible company of Aquila Capital with legal seat in Spain can be reached as follows:
Paseo de la Castellana, 259D, Torre Espacio , 28046 Madrid, Spain
Tel.: +34 91 511 90-50
info@aquila-capital.com
and
Carrer del Foc, 30, 08038 Barcelona, Spanien
Tel.: +34 91 511 90-50
info@aquila-capital.com
and
Av. De las Americas 3, Plamta 4, oficina E4, 29006 Malaga, Spanien
Tel.: +34 91 511 90-50
info@aquila-capital.com
The responsible company of Aquila Capital with legal seat in Switzerland can be reached as follows:
Poststraße 3
8001 Zurich, Switzerland
phone: +49 40 87 5050-100
info@aquila-capital.com
The responsible company of Aquila Capital with legal seat in Norway can be reached as follows:
Haakon VIIs Gate 2
0161 Olso, Norway
phone: +47 90 14 36 67
info@aquila-capital.com
The responsible company of Aquila Capital with legal seat in the Netherlands can be reached as follows:
Schiphol Boulevard 215, WTC Schiphol
1118BH Schiphol, Netherlands
phone: +49 40 87 5050-100
info@aquila-capital.com
The responsible company of Aquila Capital with legal seat in Japan can be reached as follows:
12 F Yurakucho Itocia, 2-7-1 Yurakucho, Chiyoda-ku
100-0006 Tokio, Japan
phone: +49 40 87 5050-100
info@aquila-capital.com
The responsible company of Aquila Capital with legal seat in Singapore can be reached as follows:
138 Market Street #15-03 Capitagreen
048946 Singapore
phone: +49 40 87 5050-100
info@aquila-capital.com
The responsible company of Aquila Capital with legal seat in Portugal can be reached as follows:
Avenida Fontes Pereira de Melo, N14, 11
1050-121 Lisbon
phone: +351 211 328 420
info@aquila-capital.com
2. Contact data of the data protection officer of the Aquila Group
The data protection officer of Aquila Capital can be reached as follows:
Aquila Capital Holding GmbH
c/o data protection officer
Valentinskamp 70, 20355 Hamburg
nasim.farbin@aquila-capital.com.
3. Purpose of personal data processing and legal basis
We process personal data in accordance with the relevant rules and regulations, in particular with GDPR.
The processing of personal data is necessary for the performance of a contract with you (Art. 6(1) lit. b. GDPR).
The processing of personal data is necessary for the purposes of the legitimate interests pursued by you or by a third party (Art. 6(1) lit. f. GDPR).
If you have declared your consent in the processing of personal data for certain purposes, we process such data on the basis of your consent (Art. 6(1) lit. a. GDPR.
In addition, we are subject to a large number of legal obligations (money- laundering act, tax law etc.) as well as regulatory regulations. For this purpose we can use and process your personal data (Art. 6(1) lit. c. GDPR).
Depending on the specific business relationship we have with you, we may collect and use personal data from our customers to send important information or updates on Aquila Capital’s products and services. This includes, in particular, important security information or significant changes to products, services or this Privacy Policy. The legal basis for processing data for these purposes is the legitimate interest of Aquila Capital to adapt and correct legal innovations or product errors, to comply with legal obligations and to offer high-quality product support. The collection and use of this data may be mandatory for compliance with existing legal regulations. Insofar as we collect or use data for purposes of advertising and customer retention, for example for performance reports, analyses and market-relevant assessments as well as invitations to specific events, following prior consent, there is a right of revocation for this consent at any time with effect for the future. The revocation can - just like the consent - be made orally, in writing or in text form.
4. Recipients or categories of recipients of the personal data
Your personal data will be transmitted within Aquila Capital to all entities, which need these data for contractual and/or regulatory purposes. For these purposes we also may transmit your personal data to processors (Art. 28 GDPR) if applicable. To comply with certain contractual obligations we may transmit personal data to other recipients, e.g. public authorities or organisations in case of legal obligations. A transfer of personal data to third parties with a registered office in a third country will only take place with your consent or in order to fulfil our contractual obligations pursuant to Art. 44 et seq GDPR.
5. Duration of storage
Where required, we process and store your personal data for the period of our business relation or until the revocation of your consent. The retention period of personal data within the Know Your Costumer process is 5 years. The retention period begins upon conclusion of the calendar year in which the business relationship is terminated. In all other cases, it begins upon conclusion of the calendar year in which the respective information was gathered (see Sec. 8 para 4 Money Laundering Act).
Furthermore, we are subject to miscellaneous safekeeping and documentation obligations that may arise from e.g. German Commercial Code or General Fiscal Code.
Pursuant to the provisions of these laws, personal data must generally be retained for a period of ten years. In addition, the statutory period of limitations within the meaning of §§ 195 et seq. German Civil Code (BGB) shall apply in relation to the duration of storage period. Thus, the maximum period of limitation term is up to 30 years.
6. Automated decision-making including profiling
We do not use automated decision-making within the meaning of Art. 22 GDPR for establishing and fulfilling the business relationship with you. We do not use procedures based solely on automated processings. Your personal data will be partially processed automatically, to analyse certain personal aspects (profiling). Profiling is used in the following areas: We are subject to certain legal and regulatory requirements, e.g. anti-money laundering, terrorist financing and asset risk offenses. Concurrently, these measures are for your protection.
7. Your rights
Your rights with regard to data processing are outlined in section VIII. of this Privacy Policy.
IV. Data protection information according to Art. 13 GDPR for telephone recording according to MiFID/MiFIR
1. Controller according to Art. 4 no. 7 GDPR
Aquila Capital Investmentgesellschaft mbH is the controller of the data processing.
2. Purpose of the data processing
In accordance with the requirements of Directive 2014/65/EU ("MiFID II") and Regulation (EU) No. 600/2014 ("MiFIR") the obligation to record and store telephone calls and electronic communication in the performance of ancillary services has existed since January 3, 2018 (Aquila Capital Investmentgesellschaft mbH).
The obligation to record telephone conversations and electronic communication equivalent thereto requires that the conversation and electronic communication between the investors and controller mentioned under 1. be directed at least at the transactions carried out in trading for own account or at the acceptance, transmission or execution of investor orders. This also includes the provision of ancillary services such as investment brokerage, investment advice and financial portfolio management.
The aim of the supervisory authority is to give clients the opportunity to further document the investment mediation process in addition to the written records (e.g. in the brokerage protocol) as part of strengthening investor protection. The requirement applies to all client categories (private clients, semi-professional clients, professional clients and eligible Counterparties). In order to achieve this goal, Art.16 para. 7 MiFID II now prescribes the binding obligation to record telephone calls and electronic communication in addition to the general recording obligation of Art. 16 para. 6 MiFID II. For evidence purposes, all relevant telephone conversations or parts thereof with (potential) customers can be recorded in relation to business transactions or business conversations.
3. Legal basis for data processing
The data protection legal basis for these records derives from Art. 6 para. 1 lit. c. GDPR in conjunction with Art.16 para. 7 MiFID II, para. 6 MiFID II, Art. 76 MiFID II-DVO, §83 WpHG, §9 WpDVVerOV
4. Data protection officer
The contact details of the data protection officer can be found in section III. clause 2 of this privacy policy.
5. Recipient of the data
For audit purposes, Aquila Capital's Compliance Department and Audit Department may be granted access to the telephone records. In addition, access by external auditors is possible.
The competent supervisory authorities (data protection authority, BaFin) may also request existing recordings of telephone calls or electronic communications from the responsible parties for audit purposes.
For the implementation of the recording obligation, the responsible parties work together with the external service provider ASC Technologies AG. A data processing agreement has been concluded. The hosting of the data takes place exclusively in Germany.
6. Deletion of data
Records to which Aquila Capital Investementgesellschaft mbH is legally obligated are kept for 5 years, maximum 7 years from the date of creation (§ 83 para. 3. WpHG in conjunction with Art 16 para. 7 MiFID II), unless legal retention periods apply that require longer storage.
The controllers collect this personal data as evidence of transactions carried out and to comply with applicable legal requirements.
7. Rights of the data subjects
Your rights with regard to data processing are outlined in section VIII. of this Privacy Policy.
V. Data protection information pursuant to Art. 13 GDPR for video and telephone conferences via "Microsoft Teams" and "LoopUp"
1. Controller according to Art. 4 no. 7 GDPR
The controller for data processing in direct connection with the holding of video and telephone conferences (hereinafter "Online Meetings") is Aquila Capital Holding GmbH.
2. Purpose of the data processing
We use the tools "Microsoft Teams" and "LoopUp" to conduct telephone and video conferences within the business purposes of Aquila Capital. Different types of data are processed. The extent of the data also depends on the information provided before or during participation in an online meeting.
3. Which data is processed?
Microsoft Teams
- User details: e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language
- Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
- Text, audio and video data: It is possible to use the chat function in an online meeting. In this respect, the text entries made by the respective user are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera on the terminal device are processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Microsoft Teams" applications.
- Log files, protocol data
LoopUp
To grant access to LoopUp the following data is processed:
- Contact information (if provided - name and phone number)
- Call records (if approved)
- Video / Pictures (if desired)
When creating call overviews (participants, duration and recordings) the following data is processed:
- Contact details (if provided - name and phone number)
- Call recording (if approved)
- Video / Pictures (if desired)
If we want to record "Online Meetings", we will inform you transparently in advance and - if necessary - ask for your consent. In principle, however, no recordings are made.
If it is necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
Furthermore, we would like to point out that during online meetings in the home office, the background of the apartment may also be visible. In this case further data may be processed. The unprepared optical and/or acoustic appearance of third parties is also possible. It is therefore recommended to change the background for video conferences in the home office. To do this, select the Background Effects option for Microsoft Teams when you set up your video and audio settings before participating in a meeting. It is located directly to the right of the microphone switch. Your background options are then displayed on the right side. Your new background will remain in all your meetings and calls until you change it again. If this is not possible, make sure that the camera is not in an unfavourable position and that the meeting is not held in unsuitable rooms or rooms occupied by third parties.
Transportation encryption is used when transferring video conference data.
Automated decision making in the sense of Art. 22 GDPR does not take place.
4. Legal basis for data processing
The legal basis for data processing of "online meetings" is Art. 6 (1) lit. b GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If no contractual relationship exists, the legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest is to ensure effective communication between employees of Aquila Capital and external persons/companies or business partners. Particularly against the background of the Corona Pandemic, the use of long-distance means of communication had to be increased in order to avoid, for example, personal meetings. You have the right to object to the processing of your personal data which is carried out (i.a.) on the basis of Art. 6 (1) f) GDPR at any time on grounds relating to your particular situation in accordance with Art. 21 GDPR.
5. Data protection officer
You may contact the Aquila Capital's data protection officer at any time regarding your rights and obligations and any other information exchange. The contact details of the data protection officer can be found in section III. clause 2 of this Privacy Policy.
6. Recipient of the data
Personal data processed in connection with participation in online meetings is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from online meetings, as well as personal meetings, is used to communicate information to third parties and is therefore intended for disclosure.
Furthermore, we would like to inform you that the employees of Aquila Capital are employed in various group companies. It is therefore possible that the meeting data may be passed on within the group. Our legitimate interest according to Art.6 para. 1 lit. f. GDPR is to make online meetings effectively available to every employee in the company. You have the right to object to the processing of your personal data which is carried out (i.a.) on the basis of Art. 6 (1) f) GDPR at any time on grounds relating to your particular situation in accordance with Art. 21 GDPR.Further recipients: Microsoft and LoopUP necessarily receive knowledge of the above-mentioned data, as far as this is provided for in the framework of the contract processing agreements.
Microsoft Teams is part of the Office 365 cloud application, for which a user account must be created. Microsoft also reserves the right to process customer data for its own business purposes. According to Microsoft, these are activities related to the provision of the services, such as usage-based billing, capacity planning and combating cybercrime. Use for user profiling, advertising or similar commercial purposes is expressly excluded by contract. Please note that we have no control over Microsoft's data processing. To the extent that Microsoft teams process personal information in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for that use and as such is responsible for compliance with all applicable laws and a data controller's obligations. For more information about the purposes and extent of data collection and processing by Microsoft Teams, please see the Microsoft Privacy Statement at privacy.microsoft.com/de-de/privacystatement and Microsoft Teams at docs.microsoft.com/de-de/microsoftteams/teams-privacy. You can also obtain further information about your rights in this regard.
LoopUp processes personal data only according to our written instructions. You can find further information about data processing by LoopUp here: loopup.com/de/legal/privacy-policy/
Since Microsoft and LoopUP are companies based in the USA or Great Britain, data processing outside the European Union (EU) is also possible. Measures have been taken to protect data processing by a third country (e.g. standard contract clauses). In addition, due to the current jurisdiction of the EUGH on the invalidity of the Privacy Shield, further measures to protect your data are being discussed with the provider.
Furthermore, we cannot exclude the possibility that the routing of data is carried out via Internet servers located outside the EU. This may be the case in particular if participants in online meetings are located in a third country. However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.
7. Deletion of data
The online meetings are generally not recorded. We point out that the (secret) recording of video and/or audio data as well as the storage and distribution of the recordings is punishable by law.
A requirement for the recording and storage of data can exist in particular if the data is still needed to fulfill contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation.
8. Rights of the person concerned
Your rights with regard to data processing are described in section VIII. of this Privacy Policy.
VI. Data Protection Information in accordance with Art. 13 GDPR for the Know Your Counterparty Check (KYC-Check)
1. Controller according to Art. 4 no. 7 GDPR
The responsible data controller is determined by the context in which the KYC-Check is performed. For KYC-Checks in the context of the potential purchase of investment objects and, under certain circumstances, in connection with the engagement of service providers in a consulting context, the controller is Aquila Capital Holding GmbH. The controller for KYC-Checks in the context of engaging investors is Aquila Capital Investmentgesellschaft mbH as the management company for the investment fund offered. The named responsible companies are in this section VII. each referred to as "Aquila".
2. Processing purposes and legal basis
The collection and further processing is carried out for the fulfillment of legal obligations to which Aquila is subject on the basis of Art. 6 (1) sentence 1 lit. c) GDPR in conjunction with § 28 KAGB, § 25h KWG, §§ 10-17 GwG for the prevention of money laundering, financing of terrorism and other criminal acts. The main measure to comply with this obligation is the identification of the business/contractual partner and, if applicable, the persons acting on its behalf and their authorization, the clarification of whether the contractual partner is acting on its own account or on behalf of a beneficial owner and its identification, the determination of whether the contractual partner or the beneficial owner is a politically exposed person (PEP), a family member or a known related person of a PEP.
In addition, we process your data on the basis of Art. 6 (1) sentence 1 lit. f) GDPR, insofar as this is necessary to protect legitimate interests on our part or on the part of a third party, in particular our interest in the efficient organization, planning and implementation of business processes (for example, when involving external service providers or when transferring data to the other recipients mentioned in section VII. 5.). You have the right to object to the processing of your personal data which is carried out (i.a.) on the basis of Art. 6 (1) f) GDPR at any time on grounds relating to your particular situation in accordance with Art. 21 GDPR.
3. What personal data is processed
Depending on the constellation, the following personal data of the acting person(s) and the beneficial owner may be collected and processed during a KYC-Check in connection with the KYC questionnaire and the associated verification documents (e.g. copy of ID, proof of residential address):
Surname, first name, nationality, date of birth, place of birth, ID card data (e.g. ID card number, date of issue, issuing authority), address data (street, house number, zip code, city, country), attribute of beneficial owner, information on origin of assets, gross income, type of contribution, PEP status (in this context, if applicable, also name of family members or other known related persons if they have a PEP status), any additional data that may result from the verification documents: Copy of ID (title, birth name, height, eye color, signature, order or artist name, if applicable), proof of address document (electricity consumption, telephone log, etc., if applicable).
4. Data Protection Officer
You may contact Aquila Capital's data protection officers at any time regarding your rights and obligations and any other information exchange. The contact details of the data protection officers can be found in section III. clause 2 of this Privacy Policy.
5. Data Transmissions
Aquila Capital - Internal: In the Aquila Group, some functions are performed centrally by other group companies and tasks may be performed by employees of other group companies. Data may therefore be transferred or accessed within the group to the extent necessary for the purposes of the processing. In these cases, personal data will only be transferred if there is a legitimate interest on the part of the controller and provided that your interests or fundamental rights and freedoms as a data subject do not prevail. Our legitimate interest pursuant to Art. 6 para.1 sentence 1 lit. f) GDPR is, among other things, to effectively design internal business processes, to process tasks that require special expertise centrally and in a high-quality manner by a corresponding specialist department, or to centrally manage the documentation and necessary deletions of personal data. This is usually the department Group Compliance at Aquila Capital Holding GmbH.
External Service Providers: Aquila uses external service providers to fulfill the purposes described in the context of the KYC check. For example, the collected data is stored in the customer management software "Salesforce", provided by Salesforce Inc. Salesforce is supported and maintained by our service providers Hanse CRM GmbH, Omega CRM Consulting S.L. and IT-Lotsen GmbH, whose employees may become aware of the above data in the course of providing their services. In addition, your name is checked against current PEP and sanctions lists via the tool WorldcheckOne, provided by Refinitiv Germany GmbH, as well as against, among other things, press releases on the subject of financial crime by Factiva Limited. Lionware GmbH is engaged for cases of necessary ID-verifications via post-ident.
Other Recipients: In addition, Aquila may make (individual or combined) collected data available to other recipients, for example, to those companies that are jointly involved with Aquila in the procurement of investment projects, namely buyers or financing companies of the investment properties or owner companies. They pursue a similar, albeit separate interest in the audit, which they may carry out parallel as an independent responsible party. The additional verification can further reduce the overall risk of financial crime (especially prevention of money laundering and terrorist financing) in potential projects or project participations. In addition, in the case of investors in Luxembourg investment funds, Aquila forwards the data to the relevant register and transfer agent Apex Fund Services S.A. for the opening of the register, which is necessary to complete the subscription of shares in the investment fund. Before forwarding, Aquila checks the correctness and completeness of the data and documents collected.
Aquila has concluded the necessary data protection agreements, e.g. data processing agreements, with all recipients of personal data. A transfer of personal data to a third country only takes place if the legal requirements are met. Some of the external service providers are registered in the USA, which is a third country without an adequacy decision by the European Commission; however, the data is stored on servers located within the European Economic Area.
6. Deletion of Data
Your data is stored for as long as it is required for the processing purpose or until the expiry of statutory retention periods. KYC documents and the data contained therein are subject to a basic retention period of 5 years from the end of the business relationship pursuant to Section 8 (4) GwG and are generally deleted after expiry. Other storage and documentation obligations may arise, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO) to which Aquila is subject to. The periods prescribed there for storage or documentation are two to ten years from the end of the year in which the last action was taken on the tax-relevant documents (usually the last annual financial statement/tax return of the fund). Finally, the storage period also depends on the applicable statutory limitation periods, e.g. according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
7. Voluntariness and necessity of the provision of personal data
The provision of personal data as part of the KYC-Check is neither legally nor contractually required of you. You are therefore not obliged to provide any information in this regard. Please note, however, that Aquila cannot enter into a business relationship with you without the provision of the requested data.
8. Automated decision making including profiling
In the context of the KYC-Check, we do not use automated decision-making in accordance with Art. 22 GDPR, i.e. no processes in which decisions are made exclusively automatically.
9. Rights of the persons concerned
Your rights with regard to data processing are described in section VIII. of this Privacy Policy.
VII. Data Protection Information in accordance with Art. 13 GDPR for Product-Related Disclosure Obligations pursuant Art. 10 SFDR
1. Controller according to Art. 4 no. 7 GDPR
The responsible data controller for processing of personal data in connection with product related disclosure obligations pursuant to Art. 10 of the Sustainable Finance Disclosure Regulation (“SFDR”) is Aquila Capital Holding GmbH.
2. Subject Matter, personal data and legal basis of the processing, usage of data
Aquila Capital Investmentgesellschaft mbH is legally obligated to provide information or sustainability-related disclosures on Aquila’s products via its public website to its investors. In order to comply with this obligation while maintaining confidentiality of confidential business information, Aquila has implemented a respective password-protected investor-space, including a Log-In mask for authorized investors. This Log-In Mask processes the email address and the password of the user on the basis of Art. 6 (1) lit. c GDPR in connection with Art. 10 SFDR. We do not use this data for any other purpose than to provide you with the product related information. Tracking, processing or transfer of log-in data and other user data while navigating the investor space will only take place if you have consented to the usage of the Google Analytics Cookie (Section II.10 of this Privacy Policy).
3. Data Protection Officer
You may contact Aquila Capital's data protection officer at any time regarding your rights and obligations and any other information exchange. The contact details of the data protection officer can be found in section III. clause 2 of this Privacy Policy.
4. Retention and Deletion of Data
The log-in data is only stored for the duration of the log-in and is automatically deleted after the session.
5. Voluntariness and necessity of the provision of personal data
The provision of personal data as part of the log-in requirements to the investor space is neither legally nor contractually required of you. You are therefore not obliged to provide any information in this regard. Please note, however, that you will not be able to enter the investor space and view the information provided there in this case.
6. Rights of the persons concerned
Your rights with regard to data processing are described in section VIII. of this Privacy Policy.
VIII. DATA SUBJECT RIGHTS
As a data subject within the meaning of the GDPR, you have various rights vis-à-vis the responsible entity of Aquila Capital with regard to your personal data, which we inform you about below. You can also find details about your rights in Art.15-21 of the GDPR:
- Right to information according to Art. 15 GDPR:
You have the right to request information about your personal data processed by the controller. In particular, about the processing purposes, the categories of personal data and about recipients or categories of recipients to whom the personal data have been disclosed. Furthermore, you have the right to obtain information about the planned duration of storage.
- Right to rectification pursuant to Art. 16 GDPR:
You have the right to request without delay the correction of inaccurate or the completion of your personal data stored by the controller.
- Right to deletion according to Art. 17 GDPR
You have the right to request the deletion of your data under the conditions specified in Art. 17 DSGVO.
- Right to restriction according to Art. 18 GDPR
In specific cases specified in the GDPR, you have the right to request the restriction of the processing of your personal data.
- Right to data portability according to Art. 20 GDPR
In specific cases set out in the GDPR, you have the right to receive and transfer all personal data concerning you to another controller (right to data portability).
In particular, you have a
- Right of objection according to Art. 21 GDPR
Insofar as personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data, insofar as there are grounds for doing so that arise from your particular situation;
as well as a
- Right of revocation according to Art. 7 para. 3 GDPR
Insofar as we process your data on the basis of your consent (Art. 6 para. 1 lit a) or Art. 9 para. 2 DSGVO), you have the right to revoke this consent at any time with effect for the future, without this affecting the lawfulness of the consent valid until then. The revocation is - like the granting of consent itself - possible orally or in text form.
To assert your rights, you can contact the responsible entity of Aquila Capital or Aquila Capital’s data protection officer (for contact details, see section III.2 of this Privacy Policy).
You also have a
- Right of appeal pursuant to Art. 77 GDPR
You have the right to complain to a data protection supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of the responsible controller.