Privacy Policy

We are pleased with your interest in CAPinside and that you are therefore visiting our homepage. At this point, we would like to inform you about which of your personal data we collect when you visit our website and for what purposes it is used.

General Information

Version: 01.03.2022

Note: Only the German version of this Privacy Policy is authoritative.

CONTROLLER AND CONTACT

The controller within the meaning of Art. 4 No. 7 GDPR is CAPinside GmbH, which maintains and operates the CAPinside platform as its own brand:

CAPinside GmbH
Represented by: Achim Denkel, Jürgen Sehnert
Kleine Johannisstrasse 9
20457 Hamburg
Phone: +49 40/897 20 776 0
Email: info@capinside.com

CAPinside GmbH is a German limited liability company based in Hamburg. Our platform develops individual marketing and sales offers for investors in the B2B area.

If you have any questions about data protection law, please contact our (external) appointed Data Protection Officer:

Mr. Thomas Mecke
Hagenbreite 33
37124 Rosdorf
Phone: 0551 -- 29 344 58
Email: datenschutz@capinside.com

SCOPE OF THIS PRIVACY POLICY

CAPinside is a service that has established itself as a marketing and sales partner for financial products. We pursue the purpose of expanding the range of our users' products through a variety of different applications and contributing to individual market expansion. The combination of these applications allows the user the best possible result and the greatest range of functions. It is our goal to make the financial market more transparent, more open and more easily accessible. In order to fulfill these purposes, CAPinside provides the user with information, offers, recommendations and services on the basis of data collected, among other things. This Privacy Policy applies to the entire service of CAPinside GmbH (and all applications).

TO WHOM DOES THIS PRIVACY POLICY APPLY?

This Privacy Policy applies to the personal data of the following groups: Visitors and those persons who use our website or our app. For example, clients and contractual partners of CAPinside who are natural persons as well as all other natural persons who are in contact with CAPinside, e.g. representatives and employees of a legal person or economic beneficiaries of a client.

HOW WILL YOUR DATA BE PROCESSED?

We have obligated ourselves to treat your data confidentially at all times and protect your privacy in accordance with the legal requirements, in particular the European General Data Protection Regulation (GDPR) that came into force on 25.05.2018.

GENERAL PURPOSE OF DATA PROCESSING

CAPinside and the operation of this platform are subject to very dynamic development. It is therefore not possible to depict every single detail. However, we would like to make the essential details of data processing transparent to you. The processing of data primarily occurs to fulfill our contractual obligations toward our clients and users. In variation from this, we process your data to ensure our legitimate interests while also giving due consideration to your interests. And, of course, in some cases we are legally obligated to process data (e.g. to disclose data to investigating authorities). In all other cases, we will obtain separate consent from you for data processing. Within the scope of performance of our contractual obligations to our users, we always try to adapt our products and services to the needs of the users. Personalisation plays an important role here. Interest and usage profiles are created in the process. In order to be able to present you with suitable product recommendations, we need to understand what interests you may have. We use the information you provide to us to determine these interests. In addition, we also use information that we automatically receive as a result of your use of our service (through so-called "tracking") as well as information, if applicable, that we receive indirectly.

WHAT IS PERSONAL DATA?

Personal data is all such information, including partial information, that relates to an identified or identifiable living person. It is collected when you contact us, i.e. if you are an existing or new client, interested party or applicant who is interested in our products and services, submits applications, fills out online forms, creates a profile or already has a business relationship with us. In this sense, data that is not personal is data is that which is neither directly nor absolutely assignable to a natural person and that which is collected or processed for the purpose of purely statistical surveys (e.g. regarding user behaviour on our website).

INFORMATION THAT YOU PROVIDE TO US

Due to the contractual relationship between you and CAPinside GmbH, you are contractually obligated to provide us with the necessary data within the scope of our general terms and conditions since we cannot fulfill our contractual obligations without it. In this respect, no legal obligation exists. When you visit and/or use our web pages, we process the following personal data that we have received from you:

1. Registration Data

When registering, you must fill out the following mandatory fields:

  • Email address
  • Last name
  • Password

We need this mandatory information to verify you.

If you send us a deletion request, we will typically delete this data on the same working day, but no later than 72 hours. We also delete this data when you delete your user account.

The legal basis for this processing of personal data is Article 6 Para. 1 letter (b) GDPR.

2. Access Data

As part of the CAPinside applications that require registration, we need to collect and process certain personal data from you as your access data. For example:

  • Email address
  • Password

Your access data cannot be seen by third parties. We do not disclose this data to third parties. We also delete this data when you delete your user account. The legal basis for this processing of personal data is Article 6 Para. 1 letter (b) GDPR.

3. Email Address

We use the email address that you have provided to send you newsletters or advertising for our own similar products and services or surveys for the purpose of our own market research by electronic means unless you have objected to such use. In the newsletters, we can, for example, inform you of new functions at CAPinside, suggest interesting contacts and products or send you specific personal statistics. You can unsubscribe from the newsletter at any time by email using the link provided at the end of the respective newsletter or from within your profile.

We also delete this data when you delete your user account. The legal basis for this processing of personal data is Article 6 Para. 1 letter (b) GDPR.

4. Fund Data

In order to live up to our claim of a personalised offer for the user of our services, we store the fund data you provide, such as:

  • List names and anonymised IDs of the funds contained therein
  • Stored fund comparisons
  • WKNs and ISINs
  • Fund name and internal ID of the fund

The legal basis is Article 6 Para. 1 letter (b) GDPR, i.e. that the data collection and processing occurs in order to achieve the contractual goals. This also applies to pre-contractual information that you provide to us as part of an initial enquiry and that we need in order to present you with a binding offer.

5. Community Data

Profile

In principle, your profile is completely visible to all members and clients of our services. Depending on your settings, it may also be visible to third parties internal or external to our services (e.g. visitors to our services or users of third-party search engines). In your account settings, you can choose which information you want to share with which user group.

Posts, follows, comments, messages

Our services allow you to read and share information. This includes posts, comments and the "Follow" function.

If you share an article or a post publicly (e.g. an update, picture, video or an article), it can be viewed by anyone (depending on your settings) and shared again (depending on your settings). Members, visitors and third parties will be able to find and view your publicly shared content, including your name (and photo insofar as you have provided one).

We collect the content, communications and other information that you provide when you use our services; this also includes the exchange of messages and communications with others. This may include information about the content you provide or that which is contained within it (such as metadata), for example, the date a message was sent.

In order to adequately analyse your interest and be able to react accordingly, we also store which funds you are following and which funds you have listed in a portfolio in your user profile. Depending on your settings, this information can also be viewed by other members or third parties.

The legal basis is Article 6 Para. 1 letters (a) and (f) GDPR. Our "interest" within the meaning of Article 6 Para. 1 letters (a) and (f) GDPR is the analysis of your interests for the corresponding design of our service (personalisation).

INFORMATION WE AUTOMATICALLY RECEIVE DUE TO YOUR USE OF OUR PLATFORM

With the help of so-called tracking technologies, we automatically collect and process data from you when you visit our website.

What is tracking and what is it used for?

We collect data from our users and third parties on our web server, which we primarily use for the provision of our service. On your end device, be it PC or mobile, data from you is collected and evaluated with the help of cookies, pixels and similar tracking methods in order to continuously optimise our offer and adapt it to your individual needs.

The evaluation of information obtained through tracking is necessary in order to provide you with personalised services in accordance with the contractual purpose of CAPinside and to ensure the greatest possible benefit to you. The implicit feedback that you provide to us based on our tracking through your use of CAPinside is an important part of understanding which content you are more or less interested in.

The IP address of the end device you are using must be processed in order for the pages to be displayed in your browser. Additional information about your end device browser is also provided. We are also obligated under data protection law to ensure the confidentiality and integrity of the personal data processed with our IT systems. For this purpose, the following data is logged:

  • IP address of the calling computer (for a maximum of 7 days)
  • Operating system of the calling computer
  • Browser version of the calling computer
  • Name of the accessed file
  • Date and time of the access
  • Volume of data transmitted
  • Referring URL

The IP address will be deleted or made anonymous to all systems used in connection with the operation of these web pages after 7 days at the latest. We will then no longer be able to establish a personal reference from the remaining data. The data is also additionally used to correct errors on the web pages, for example to detect attacks and manipulations and to protect our users from them. The legal basis for data processing is Article 6 Para. 1 letter (f) GDPR and is carried out in our legitimate interest. Our "interest" within the meaning of Article 6 Para. 1 letter (f) GDPR is the operation of these web pages taking into account the security goals of confidentiality, integrity and availability of the data. As a recipient, you have the option to object at any time to this form of data collection.

Alternatively you can adjust your settings here

APPLIED TRACKING TECHNOLOGIES:

1. Google

In the following, we explain all the applications that we use from Google Ltd. (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland - Registration Number: 368047 - hereinafter "Google")

a.) Google Analytics

We use the Google Analytics web analysis tool from Google. Google Analytics uses so-called "cookies". These are text files that are stored on your computer or mobile end device and allow for the analysis of your use of the website. The information on your use of this website generated by the cookie (including your IP address) will be transmitted to and stored on a Google server in the USA. In doing so, we use the so-called "anonymiseIP()" script, which ensures that your IP address (after carrying out a geo-localisation) is immediately anonymised by Google. We have also concluded a data processing contract with Google. Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to also provide other services related to website and Internet activity, in particular, also functions for display advertising, such as remarketing, reports on impressions in the Google Display Network or Google Analytics performance reports according to demographics and interests.

The use includes the Universal Analytics operating mode. Through this, it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse user's activities across devices.

Google will also transmit this information to third parties insofar as this is legally specified or insofar as third parties process this information on behalf of Google. Google will not associate your IP address with any other data held by Google. Google is an active participant in the US-EU Privacy Shield whereby an adequate level of data protection within the meaning of the GDPR is ensured. For more information on how Google Analytics handles user data, please refer to Google's Privacy Policy. The legal basis is in accordance with Article 6 Para. 1 letter (a) GDPR.

You can prevent the storage of the cookies through the corresponding setting within your browser software; nevertheless, we would like to point out that, in this case, you may not be able to make full use of all the functions on this website. You can also prevent the data generated by cookies and concerning your use of the website (including your IP address) from being collected by Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is then set that prevents the collection of your data on future visits to this website: https://tools.google.com/dlpage/gaoptout?hl=en

b.) Google Ads Conversion

We use the offer of Google Ads Conversion to draw attention to our attractive offers with the help of advertising media (so-called Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. We thereby pursue our interest in showing you advertisements that are of interest to you, in making our website more interesting for you and in achieving a fair calculation of advertising costs.

This advertising media is delivered by Google via the so-called "Ad Server". For this purpose, we use Ad Server cookies through which certain parameters for performance measurement, such as the display of advertisements or of clicks by users, can be measured. Insofar as you access our website via a Google advertisement, Google Ads will store a cookie on your end device. These cookies typically expire after 30 days and are not used with the intention of personally identifying you. The unique cookie ID, number of ad impressions per placement (frequency) and last impression (relevant for post-view conversions) as well as opt-out information (an indicator that the user no longer wishes to be addressed) are typically stored as analysis values for this cookie.

These cookies enable Google to recognise your Internet browser. Insofar as a user visits certain pages of a Google Ads client's website and the cookie stored on their computer has not expired, both Google and the client are able to recognise that the user has clicked on the ad and has been redirected to this page. Each Google Ads client is assigned a different cookie. Thus, cookies cannot be tracked using the website of a Google Ads advertiser. We do not collect and process any personal data ourselves in the aforementioned advertising measures. We are only provided with statistical evaluations by Google. We are able to recognise which of the advertising measures are particularly effective on the basis of these evaluations. We do not receive any further data from the use of advertising material, in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser is automatically able to establish a direct connection to the Google server. We have no influence on the extent and the further use of the data that is collected through Google's use of this tool, and we therefore inform you that, according to our knowledge: Through the integration of Ads Conversion, Google receives the information that you accessed the relevant part of our online presence or clicked on one of our advertisements. Insofar as you are registered with a Google service, Google can associate your visit to our website with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

c.) Google Ads Remarketing

We use the remarketing function within the Google Ads service. With the remarketing function, we can present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to show users targeted advertising on other pages and also after visiting our website. Therefore, Google stores a number in the browsers of users who visit certain Google services or websites in the Google Display Network. The visits of these users are recorded via this number, known as a "cookie". This number is used to uniquely identify a web browser on a particular end device and not to identify a person. Personal data is not stored. You can also prevent this participation in the tracking process in various ways, as already explained above under 1. a).

Lifespan of cookies: Up to 1 month (this only applies to cookies that were set via this website).

The legal basis is in accordance with Article 6 Para. 1 letter (a) GDPR.

d.) Google Data Studio

We use an additional data management tool from the Google Marketing Platform --Google Data Studio -- to visually create user-defined reports and interactive dynamic dashboards for us and our clients. Here, we use the data from the above-stated Google Analytics and other interfaces to data sources (such as Google AdWords, YouTube Analytics). The web tool does not require a local application and can be started via the web. The access occurs via a browser and the data sources are connected directly via Google Data Studio. You can find further information on using Google Data Studio in the Information provided by Google.

The legal basis for the use of Google Data Studio is Article 6 Para.1 letter (f) GDPR. The possibility of visual creation of reports and dashboards creates an additional possibility for us to optimise our offer and adapt it to the needs of our clients.

This provider is also listed in the Privacy Shield and an order processing contract is present. You can find more information about the EU Privacy Shield and its validity here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

e.) Google AdSense

We use Google AdSense to integrate advertisements. Google AdSense uses cookies. These are files that enable Google to analyse your usage data of our website. In addition, Google AdSense also uses web beacons, which are invisible graphics that enable Google to analyse clicks on this website, traffic on this website and similar information.

The information obtained via cookies and web beacons, your IP address and the delivery of advertising formats are transmitted to a Google server located in the USA and stored there. Google may share this collected information with third parties if required to do so by law or if Google contracts with third parties to process the data. However, Google will merge your IP address with the other stored data.

By making the appropriate settings on your internet browser, you can prevent the aforementioned cookies from being stored on your PC. However, this may mean that the contents of this website can no longer be used to the same extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

2. Facebook

CAPinside offers the user the option of registering for the service with their Facebook account (so-called Facebook Connect function). Facebook Connect is a service of the Facebook social network, which is operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An additional registration with CAPinside is then not required. To log in, the user is redirected to the Facebook website, where they can log in with their user data. This links the Facebook profile and the CAPinside service with one another. Through the link, CAPinside automatically receives the information transmitted by Facebook that the user has consented to be transmitted (e.g. first name, last name, email address, profile picture, gender, friends list). We use this information to be able to identify you within the scope of usage of CAPinside. You can find further information on Facebook Connect and the privacy settings directly in Facebook's data protection information: https://www.facebook.com/about/privacy.

This website uses the "Custom Audiences" remarketing function of Facebook Inc. ("Facebook"), also known as Facebook Pixel. This function is used to present interest-based advertisements ("Facebook Ads") to visitors of this website within the scope of a visit to the Facebook social network. Facebook's remarketing tag has been implemented on this website for this purpose. This tag is used to establish a direct connection to the Facebook servers when this website is visited. In the process, a message is sent to the Facebook server indicating that you have visited this website and Facebook assigns this information to your personal Facebook user account. The Facebook Pixel will be integrated directly by Facebook when you visit our websites and can store a so-called cookie, i.e. a small file, on your device. If you then log on to Facebook or visit Facebook in a logged in state, the visiting of our offers will be noted in your profile. The data collected about you remains anonymous to us and so does not provide us with any conclusions about the identity of the user. However, Facebook stores and processes the data so that a connection to the respective user profile is possible. Facebook processes the data in accordance with Facebook's Data Policy. Accordingly, you can find more information about how the remarketing pixel functions and how Facebook Ads are displayed in general in Facebook's Data Policy at https://www.facebook.com/policy.php.

You can object to the collection through Facebook Pixel and the use of your data to display Facebook Ads. To do this, you can access the page set up by Facebook and follow the instructions there regarding the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare objection via the US American page http: //www.aboutads.info/choices/  or the EU page http://www.youronlinechoices.com/. The settings apply independent of platform, i.e. they are applied to all devices, such as desktop computers or mobile devices. To find more information on the collection and use of data by Facebook as well as your rights in this regard and on options for protecting your privacy, go to Facebook's data protection information at https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the "Custom Audiences" remarketing function at https://www.facebook.com/settings/?tab=ads#_=_ . To do so, you will need to be logged into Facebook. Facebook can link this data with your Facebook account and also for their own advertising purposes, according to Facebook's Data Policy https://www.facebook.com/about/privacy/. You have the option of prohibiting Facebook as well as its partners from placing advertisements. You can edit the settings for Facebook's advertisements under the following link: https://www.facebook.com/ads/website_custom_audiences/

Facebook is a participant in the US-EU Privacy Shield, whereby an adequate level of data protection is ensured. The legal basis of this is our justified interest in accordance with Article 6 Para. 1 letter (f) GDPR. This lies in recognising our users' interests in order to continually improve and expand our products and our offering as a whole.

3. Fan Pages and Social Media Plug-ins

We operate so-called fan pages on the platforms of various social networks (Facebook, LinkedIn, Xing, YouTube, Instagram and Twitter). Social plug-ins on our website will take you to the respective CAPinside appearances (fan pages) in the social networks. By clicking on these plug-ins, personal data can be collected from the respective social network as described below. When you access such a plug-in, the social network immediately establishes a direct connection with your browser. As a result, the social network receives, among other things, the information that you have visited this website with your IP address/device ID. This occurs regardless of whether you are currently logged into the social network or registered at all. Insofar as you are logged into the respective social network at the same time, the social network automatically assigns your page access to your profile.

We would like to point out that the data collected in connection with the fan pages and plug-ins is exclusively exchanged between your browser and the operator of the social networks. We have no knowledge of the content of the data collected and transmitted. With this in mind, we recommend that you read the respective current privacy policies of the operators of the social networks. You can find more information about our joint responsibility for the operation of our Facebook page and the processing of data by Facebook in our Facebook Privacy Policy.

4. Twitter

We use Twitter, a service provided by Twitter Inc., to place target group-based online advertising and conversion tracking (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA). The Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland) is responsible for the data processing of persons living outside the United States. We have implemented a Twitter tag on our web page for this purpose. When the website is visited via this tag, a direct connection to the Twitter servers is established and transmits that you have visited our website and whether you have made a request or other action. Twitter assigns this information to your personal Twitter user account. In this way, we can place targeted advertisements based on your previous page accesses and activities (remarketing). The data processed by Twitter here does not allow us to identify you personally. This pseudonymous information will not be merged with any other personal information. You can find more information on the collection and use of data by Twitter as well as your related rights and options for protecting your privacy in Twitter's data protection information under: https://twitter.com/privacy?lang=en.

Twitter is a participant in the US-EU Privacy Shield, whereby an adequate level of data protection is ensured. The legal basis of this is our justified interest in accordance with Article 6 Para. 1 letter (f) GDPR). This lies in communicating with our community and recognising our users' interests in order to continually improve and expand our products and our offering as a whole.

We also use so-called conversion tracking with Twitter Pixel on CAPinside. This thereby enables us to statistically record the use of our website in order to then optimise it. With conversion tracking, a cookie is placed on your end device by Twitter when you visit our website by clicking on a Twitter ad. Conversion tracking is used to generate statistics and not to identify you personally. In fact, we only wish to know which Twitter ads or interactions users engage to come to our website. You can find further information under: https://business.twitter.com/en/help/campaign-measurement-and-analytics/conversion-tracking-for-websites.html

Twitter is certified in the Privacy Shield: https://www.privacyshield.gov/participant. You can prevent the storage of cookies through a corresponding browser setting. In addition, you can establish settings for receiving advertising in your personal Twitter account: https://twitter.com/settings/personalization. You can find information under: https://twitter.com/en/privacy

The legal basis is Article 6 Para. 1 letter (a) GDPR.

In this context, the following data is processed: Twitter cookie ID, browser user agent string, browser IP address, website tag ID, timestamp, page URL.

5. LinkedIn Pixel

We use so-called conversion tracking on CAPinside with the LinkedIn Pixel, a tool from the LinkedIn Corporation (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). This thereby enables us to statistically record the use of our website in order to then optimise it. With conversion tracking, a cookie is placed on your end device by LinkedIn when you visit our website by clicking on a LinkedIn ad. Conversion tracking is used to generate statistics and not to identify you personally. In fact, we only wish to know which LinkedIn ads or interactions on LinkedIn users engage to come to us. You can find further information under: https://www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht LinkedIn is certified in the Privacy Shield: https://www.privacyshield.gov/participant. You can prevent the storage of cookies by setting the browser accordingly. Please note that in this case, you may only be able to use our website to a limited extent. In this context, the following data is processed: IP address, timestamp, events (e.g. page accesses).

The legal basis is Article 6 Para. 1 letter (a) GDPR.

6. Internal Software

Here, data on the behaviour of the user on the website is recorded and processed, e.g. which articles you read, which products you are interested in, how long you stay on individual pages, etc. The data is pseudonymised (in addition to general metadata such as age group and the specified license, e.g. only the user ID is recorded) and stored in Google Cloud Services (information on Google's data processing and protection can be found here: https://policies.google.com/privacy). A conclusion about your person is only possible for CAPinside and also here, only by authorised employees when comparing the analytics and user databases. Third parties cannot draw any conclusions based on this data. We collect this data as the basis for our machine learning so that the user of our service is shown a personalised portal and only the content that interests them or so that our user is only shown products for which they hold a license.

The legal basis of this is our justified interest in accordance with Article 6 Para. 1 letter (f) GDPR. This lies in recognising our users' interests in order to continually improve and expand our products and our offering as a whole.

7. Cookies

Cookies are text files that are sent to your computer so that it can be recognised in within the scope of the use of websites. CAPinside GmbH uses cookies in some areas to make it easier for you to use the pages and to make them more individual. CAPinside requires so-called session cookies, which are not stored after the browser is closed. If you activate the "Remember me" function when logging in, a persistent cookie is necessary. CAPinside also uses cookies to track the status of the user so that certain one-time functions cannot be repeatedly displayed to you.

You can set your web browser so that it informs you of the transfer of cookies or that cookies are rejected. You can obtain information on this from the Help function of your web browser that you use to access the Internet. For this, Google also offers so-called deactivation tools for some Internet browsers with which you can prevent the recording and analysis of your user behaviour. You can find more information and download options for these tools here: http://tools.google.com/dlpage/gaoptout?hl=en

However, we would like to point out that the use of our web pages may then only be possible to a limited extent. No other programs or other applications on your computer can be installed or started via cookies.

The legal basis for the use of cookies for unregistered visitors to our homepage is Article 6 Para. 1 letter (f) GDPR. The legitimate interest in the sense of the standard lies in the operation of our website. The legal basis for the use of cookies for registered visitors to our homepage and the related provision of our contractual services is Article 6 Para. 1 letter (b) GDPR.

8. SurveyMonkey

We use the services of SurveyMonkey Inc., One Curiosity Way, San Mateo, CA 94403, United States, to conduct surveys. If you volunteer to take part in this survey, SurveyMonkey will collect information about the device and application you use to complete the survey. This includes the IP address, the version of your operating system, the device type and information on the system, performance and browser type. If you participate in the survey from a mobile device, such as a smartphone, SurveyMonkey also collects the UUID (Universally Unique Identifier) of the device. SurveyMonkey also uses so-called tracking services from third-party providers, which in turn use cookies and page tags (also known as web beacons) to collect usage data and user statistics. We have no influence on the extent of the data collected by SurveyMonkey. You can find further information on the cookies used by SurveyMonkey and data protection as well as storage duration under the following link: https://www.surveymonkey.com/mp/legal/privacy-policy/#pp-section-10.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your browser. We would like to point out that, in this case, you may not be able to use all the functions of our website.

We seek to improve the quality of our offer in an ongoing manner through surveys using SurveyMonkey. For this purpose, we have a legitimate interest in processing the data mentioned, which is based on Article 6 Para. 1 letter (f) GDPR.

SurveyMonkey Inc. One Curiosity Way, San Mateo, CA 94403, United States, is based in the USA, so it cannot be excluded that your data collected by SurveyMonkey will also be transmitted to the USA. However, SurveyMonkey Inc. has submitted to the Privacy Shield Agreement between the European Union and the USA and is certified accordingly. SurveyMonkey has therefore committed itself to complying with the standards and regulations of European data protection law.

This provider is also listed in the Privacy Shield and an order processing contract is present. You can find more information on the EU Privacy Shield and its validity here: https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active

9. Opinary

We use the service of Opinary GmbH, Engeldamm 62-64, 10179 Berlin, for the live evaluation of user surveys.

Opinary offers a service that allows users to vote in editorial surveys. In order to conduct editorial surveys, you will be asked in advance for your consent to the disclosure of personal data to Opinary. Insofar as you have consented to its use, the following information will be transmitted:

Opinary stores the abbreviated IP addresses and cookie IDs. All personal data is automatically deleted after a period of one year.

The legal basis for data processing is your consent in accordance with Article 6 Para. 1, letter (a) GDPR.

You can revoke your consent to the processing of your personal data by Opinary at any time using your browser settings.

You can find further information on the collection and storage of data by Opinary can be found under: https://opinary.com/privacy-policy/

10. Infogram

We use the functions of the provider infogram.com (San Francisco, USA) within our platform. The most common definition of an Infographic describes it simply as a visual representation of information and data. By combining text, images, diagrams and, more recently, videos, infographics enable data to be presented effectively. Complex problems can be explained in a clear and easily understandable way. In order to be able to see infographics, you will be asked in advance for your consent to the disclosure of personal data to infogram.com.

Insofar as you have provided your consent to the disclosure of your personal data by means of a cookie, your browser connects to the Infogram servers. The content of the HTML code is transmitted directly to the browser, which processes it on the accessed page.

The legal basis for data processing is your consent in accordance with Article 6 Para. 1 letter (a) GDPR.

You can revoke your consent to the processing of your personal data by Infogram at any time using your browser settings.

Which data Infogram collects for which purposes can be found in Infogram's data protection information at https://infogram.com/de/privacy.

11. Hotjar

Our website uses the Hotjar web analysis service by Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).

This tool allows tracking movements on the websites where Hotjar is used (so-called heatmaps). For example, how far users scroll and which buttons users click and how often is visible. Furthermore, it is also possible to collect feedback directly from the users of the website with the help of the tool. Above all, the functionality of the Hotjar-based website can be improved through the services of Hotjar by making them more user-friendly, more valuable and easier to use for the end user.

We pay special attention to the protection of your personal data when using this tool. We can only track which buttons are clicked, the course of the mouse, how far scrolling occurs, the screen size of the device, device type and browser information, geographical location (only the country) and the preferred language to display our website. Hotjar automatically hides areas of the websites in which your personal data or those of third parties are displayed and are therefore not trackable at any time. In order to exclude a direct personal reference, IP addresses are only stored and processed anonymously. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data transmitted by your browser as part of Web Page Requests. This would be, for example, cookies or your IP address. In these exceptional cases, this processing is carried out in accordance with Article 6 Para. 1 letter (a) GDPR on the basis of your consent for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.

Hotjar offers each user the option to prevent the use of the Hotjar tool with the help of "Do Not Track Headers" so that no data is recorded about the visit to the respective website. This is a setting that all common browsers support in current versions. To do so, your browser sends a request to Hotjar with the instruction to deactivate tracking of the respective user. If you use our websites with different browsers/computers, you must set up the "Do Not Track Headers" for each of these browsers/computers separately.

You can find further information about Hotjar Ltd. and about the Hotjar tool under: https://www.hotjar.com

You can find the Hotjar Ltd. Privacy Policy under: https://www.hotjar.com/privacy/

INFORMATION THAT WE RECEIVE FROM THIRD PARTIES

We also process data that we have not collected directly from you. This is the case when we request an external agency (e.g. Schufa) to compare and verify your data. In these cases, we process the data in accordance with Article 6 Para. 1 letter (b) and alternatively, letter (f) GDPR within the scope of our contract fulfilment with the respective user and/or to ensure our legitimate interests while also giving due consideration to your interests. No third party has access to this data. We store this data until the user account is deleted insofar as no longer statutory storage periods exist (e.g. when using/purchasing a paid service/product).

INFORMATION THAT WE SHARE WITH THIRD PARTIES

Data that we receive from you will only be disclosed to third parties when this is necessary to fulfill our own business purposes and in particular, to provide the services due to you (e.g. to enlarge your community or maximise the reach of your products), you have given your consent to this or we are obligated to do so by law or on the basis of a judicial or administrative order. In particular, your data will not be disclosed to third parties for their advertising purposes. If we work with external service providers as part of data processing (e.g. web hosting), this is typically done on the basis of so-called order processing in which we remain responsible for data processing. We examine each of these service providers beforehand for the measures they have taken toward data protection and data security and thus ensure the statutory contractual provisions for the protection of personal data.

However, we may use service providers for the operation of these web pages or for other products from us. Here, it may happen that a service provider receives knowledge of personal data. We carefully select our service providers -- particularly with regard to data protection and data security -- and adopt all measures required under data protection law for permissible data processing.

FURTHER THIRD-PARTY SERVICE PROVIDERS AND OTHER COMPANIES' SERVICES THAT WE USE

In the following, we name the most relevant service providers with which CAPinside cooperates and may receive data from you:

1. Adobe Typekit

Adobe Typekit web fonts are used on this website. Typekit is a service offered by Adobe (Adobe Systems Software Ireland Limited, 4-6 Riverwalk Citywest Business Campus, Dublin 24, Ireland). This service provides fonts that are displayed in the user's web browser after a server call to Adobe (in the USA). At minimum here, the IP address of the end device browser of the user of this website is stored by Adobe. You can find more information in Typekit's data protection information, which you can access here: https://www.adobe.com/privacy/policies/adobe-fonts.html Adobe is a participant in the US-EU Privacy Shield (https: //www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active), whereby an adequate level of data protection is ensured. The legal basis of this is our justified interest in accordance with Article 6 Para. 1 letter (f) GDPR. This lies in recognising our users' interests in order to continually improve and expand our products and our offering as a whole.

2. YouTube Videos

Our website uses plug-ins from YouTube (YouTube LLC, Headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA). YouTube is represented by Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). A connection to the YouTube servers is established when you visit one of our pages featuring a YouTube plug-in. In doing so, the YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. You can find further information about the handling of user data in YouTube's Privacy Policy under: https://policies.google.com/privacy?hl=en-US

3. Use of Vimeo Plug-ins

We also use the Vimeo provider for the integration of videos (Vimeo LLC, Headquarters at 555 West 18th Street, New York, New York 10011).

We use plug-ins from Vimeo on some of our web pages. If you access the web pages of our Internet presence with such a plug-in -- for example, our media library -- a connection to the Vimeo servers is established and the plug-in is displayed. Through this, the plug-in then transmits information to the Vimeo server about which of our web pages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. When using the plug-in, such as by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo account and deleting the corresponding Vimeo cookies before using our web pages. You can find further information on data processing and information on data protection by Vimeo under: https://vimeo.com/privacy.

We would like to point out that, according to its own information, Vimeo also ensures an adequate level of data protection by adhering to the requirements of the Privacy Shield. You can find more information regarding this here: https://vimeo.com/transfer_statement

4. Rapidmail

Our email newsletters are sent via the rapidmail GmbH technical service provider, Augustinerplatz 2, 79098 Freiburg ("rapidmail"), to which we disclose the data you provided when creating an account on CAPinside. The disclosure occurs in accordance with Article 6 Para. 1 letter (f) GDPR and serves our legitimate interest in the use of a promotionally effective, secure and user-friendly newsletter system. The data you enter for the purpose of receiving the newsletter (e.g. email address) will be stored on rapidmail's servers in Germany. rapidmail uses this information to send and statistically evaluate the newsletter on our behalf. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files that are stored on our website. This allows the determination of whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of so-called conversion tracking, whether a previously defined action (e.g. interest in a certain product) has taken place after clicking the link in the newsletter can also be analysed. Technical information (e.g., time of access, IP address, browser type and operating system) is collected as well. The results of these analyses can be used to ensure that the content of future newsletters better matches the interests of recipients. We have entered into an order processing contract with rapidmail, in which we require rapidmail to protect the data of our clients and to not disclose this data to third parties.

You can find further information on data protection by rapidmail in rapidmail's Privacy Policy (German only): https://www.rapidmail.de/datenschutz

You will find a link to revoke your consent and thus unsubscribe from the newsletter at the end of each newsletter and on our website.

5. Amazon AWS

When you create a user account, so-called transactional emails are sent by CAPinside. Transactional emails are, for example, such emails in which you are asked to verify your email address, a link to reset your password is sent using the "Forgot my password" function, etc. These emails are sent via our external service provider Amazon SES (Simple Email Services), which belong to the Amazon Web Service (Amazon AWS), which in turn, is a subsidiary of the Amazon.com Group, based in the USA. Amazon is a participant of the EU-US data protection shield and ensures data protection according to European standards (more information on this here: https://amzn.to/2KqRpmAhttps://amzn.to/2ka3inR and here on the Data Protection Shield: https://amzn.to/2qVXqzh). We also use Amazon AWS for our other, automatically sent emails (e.g. newsletters). The legal basis for this is our justified interest in accordance with Article 6 Para. 1 letter (f) GDPR. This lies in communicating with our community and recognising our users' interests in order to continually improve and expand our products and our offering as a whole.

Other recipients may be:

  • CRM service providers
  • Web conference portals and service providers such as CSN Network GmbH
  • Software developers
  • Ad server operators
  • External consultants

6. Webinars

6.1 Zoom

We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc., which is based in the United States.

6.1.1 Controller

Controller: CAPinside GmbH is responsible for data processing that is directly related to the implementation of "Online Meetings".

Note: Insofar as you access the "Zoom" web pages, the "Zoom" provider is responsible for the data processing. However, accessing the "Zoom" web pages is only necessary in order to download the software for the use of "Zoom".

You can also use "Zoom" if you enter the respective meeting ID and, if necessary, additional access data for the meeting directly in the "Zoom" app.

If you do not wish to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which is also provided on the "Zoom" website.

6.1.2 Which data is processed?

When using "Zoom", different types of data are processed. The extent of the data also depends on the details of the data you provide before or when participating in an "Online Meeting".

The following personal data is the subject of processing:

User information: First name, last name, telephone (optional), email address, password (if "Single Sign-On" is not used), profile picture (optional), department (optional)

Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat

When dialling up with a phone: Information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data: If applicable, you may have the option of using the chat, question or survey functions in an "Online Meeting". In this respect, the text entries you make are processed in order to display them in the "Online Meeting" and, if applicable, to log them. In order to enable the display of video and playback of audio, the data from the microphone of the device and from any video camera on the device will be processed for the duration of the meetings. You can switch off or mute the camera or microphone yourself at any time using the "Zoom" applications.

To take part in an "Online Meeting" or to enter the "Meeting Room", you must at least provide information about your name.

6.1.3 Extent of Processing

We use "Zoom" to conduct "Online Meetings". If we wish to record "Online Meetings", we will inform you transparently in advance and -- insofar as is necessary - ask for your consent. The fact of the recording is also displayed in the "Zoom" app.

If necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this is not typically the case.

In the case of Webinars, we can also process the questions asked by webinar participants for the purpose of recording and following up webinars.

If you are registered with "Zoom" as a user, reports on the "Online Meetings" (meeting metadata, data on telephone dial-up, questions and answers in webinars, survey function in webinars) can be stored at "Zoom" for up to one month.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

6.1.4 Legal Basis for Data Processing

Insofar as personal data is processed by employees of CAPinside GmbH, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, implementation or termination of the working relationship, but is an elementary component of the use of "Zoom", Article 6 Para. 1 letter (f) GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of "Online Meetings".

In addition, the legal basis for data processing when conducting "Online Meetings" is Article 6 Para. 1 letter (b) GDPR insofar as the meetings are conducted within the scope of contractual relationships.

If there is no contractual relationship, the legal basis is Article 6 Para. 1 letter (f) GDPR. Here, too, our interest is in the effective implementation of "Online Meetings".

6.1.5 Recipient/Disclosure of Data

Personal data that is processed in connection with participation in "Online Meetings" is generally not disclosed to third parties insofar as it is not intended to be disclosed. Please note that content from "Online Meetings", as well as that from personal meeting events, is frequently used to communicate information with clients, interested parties or third parties and is therefore intended to be disclosed.

Additional recipients: The provider of "Zoom" necessarily receives knowledge of the above-stated data insofar as this is provided within the scope our order processing contract with "Zoom".

6.1.6 Data Processing Outside the European Union:

"Zoom" is a service that is provided by a provider from the USA. Processing of personal data also occurs in a third country. We have concluded an order processing contract with the provider of "Zoom" that meets the requirements of Art. 28 GDPR.

On the one hand, an adequate level of data protection is ensured by the "Privacy Shield" certification of Zoom Video Communications, Inc. and on the other hand, by the conclusion of the so-called EU standard contractual clauses.

6.2 BigMarker

We use the "BigMarker" tool to hold telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "BigMarker" is a service of the BigMarker LLC, 223 West Erie Street, Chicago, IL 60654, USA.

6.2.1 Controller

Controller:  CAPinside GmbH for data processing that is directly related to the implementation of "Online Meetings".

Note: Insofar as you access the "BigMarker" web pages, the "BigMarker" provider is responsible for the data processing. However, accessing the web pages is only necessary to use "BigMarker" in order to participate in an "Online Meeting"

6.2.2 Which data is processed?

When using "BigMarker", different types of data are processed. The extent of the data also depends on the details of the data you provide before or when participating in an "Online Meeting".

The following personal data is the subject of processing:

User information: First and last name, email address,

Meeting metadata: IP address of the user, date and time and browser ID, start time, duration in minutes. 

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the Online Meeting Chats.

Text data: If applicable, you may have the option of using the chat, question or survey functions in an "Online Meeting". In this respect, the text entries you make are processed in order to display them in the "Online Meeting" and, if applicable, to log them.

6.2.3 Extent of Processing

We use "BigMarker" to conduct "Online Meetings". If we wish to record "Online Meetings", we will inform you transparently in advance and -- insofar as is necessary -- ask for your consent.

If necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this is not typically the case.

In the case of Webinars, we can also process the questions asked by webinar participants for the purpose of recording and following up webinars.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

6.2.4 Legal Basis for Data Processing

Insofar as personal data is processed by employees of CAPinside GmbH, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "BigMarker", personal data is not required for the establishment, implementation or termination of the working relationship, but is an elementary part of the use of "BigMarker", Article 6 Para. 1 letter (f) GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of "Online Meetings".

In addition, the legal basis for data processing when conducting "Online Meetings" is Article 6 Para. 1 letter (b) GDPR insofar as the meetings are conducted within the scope of contractual relationships.

If there is no contractual relationship, the legal basis is Article 6 Para. 1 letter (f) GDPR. Here, too, our interest is in the effective implementation of "Online Meetings".

6.2.5 Recipient/Disclosure of Data

Personal data that is processed in connection with participation in "Online Meetings" is generally not disclosed to third parties insofar as it is not intended to be disclosed. Please note that content from "Online Meetings", as well as that from personal meeting meetings, is frequently used to communicate information with clients, interested parties or third parties and is therefore intended to be disclosed.

Additional recipients: The provider of "BigMarker" necessarily receives knowledge of the above-stated data insofar as this is provided for in our order processing contract with "BigMarker".

6.2.6 Data Processing in the European Union

"CSN" is a service that is provided by a provider from Germany. We have concluded an order processing contract with the provider of "CSN" that meets the requirements of Art. 28 GDPR.

"BigMarker" is a service that is provided by a provider from the USA. Processing of personal data occurs on server systems located within the EU. We have concluded an order processing contract with the provider of "BigMarker" that meets the requirements of Art. 28 GDPR.

All data transmitted to BigMarker LLC is managed on server systems within the EU. All conference and personal data is processed there under their own responsibility.

You can find more information about the privacy settings under the following link: https://www.bigmarker.com/privacy

7. Social Plug-ins

We do not use social plug-ins. The "share buttons" that you will find on our pages are not the scripts of the respective companies (Facebook, Twitter and Co.), but rather simple links to these pages. Your data will not be disclosed to these companies.

8. Userpilot

Userpilot can be used to track the last time a user logged on to the CAPinside platform in order to visually display any new features.

The corresponding Userpilot servers are located within the EU. The individual IP addresses of the users are shared with Userpilot in order to track the logins.

YOUR RIGHTS AS A DATA SUBJECT

Right to Information Access and Correction

Of course, you can request information about your personal data processed by us at any time as provided for in Art. 15-21 GDPR. If your data is incomplete, you can request completion. If we have disclosed your information to third parties, we will inform these third parties of the correction insofar as this is required by law.

Your Right to Deletion

You can request the immediate deletion of your personal data for the following reasons:

  • When your personal data is no longer required for the purposes for which it was collected.
  • If you revoke your consent and there is no other legal basis.
  • If you object to the processing and there are no overriding, legitimate reasons for processing.
  • If the personal data has been improperly processed.
  • When your personal data must be deleted to comply with legal requirements.

Please note that the stated reasons for deletion meet the legal requirements.

Your Right to Restrict the Processing of Your Personal Data

You have the right to request that the processing of your personal data be restricted for one of the following reasons:

  • If you dispute the accuracy of your personal data and we have had the opportunity to check the accuracy.
  • If the processing is not lawful and you request a restriction of use instead of deletion.
  • If we no longer need your data for processing purposes, but you need them to assert, exercise or defend against legal claims.
  • If you have lodged an objection, as long as it has not yet been determined whether your interests prevail.

Your Right to Object

CAPinside may only process your personal data on the basis of legitimate interests or your consent. You are entitled to object at any time to the use of your data in these cases.

Your Right to Complain

If you are not satisfied with an answer from CAPinside, you can contact our Data Protection Officer and file a complaint. Otherwise, you can also contact a data protection supervisory authority of your choice, for example:

The Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6 (Block C)
20095 Hamburg
Tel.: (040) 42854-4040
Email: mailbox@datenschutz.hamburg.de

Your Right to Data Portability

You have the right to receive personal data that you have provided to us in a portable format.

CONCLUDING NOTE

Should the General Terms and Conditions and/or this Privacy Policy subsequently prove to be ineffective or subsequently cease to exist for any other reason, all data of the contractual partner will be collected and processed on the basis of the interests (cf. Article 6 Para. 1 letter (f) GDPR). The "legitimate interest" of CAPinside lies in the continual market maintenance and expansion and the constant expansion of the community in order to provide clients with the greatest possible reach.

To use this feature, you have to create a free account.