Data protection statement according to GDPR regulations

I. Name and address of the responsible organization

The organization responsible for upholding the meaning of the basic data protection regulations and other national data protection laws within the member states, as well as other data protection regulations is:

FALCON Vermögensverwaltung AG
Hochstrasse 35 – 37
60313 Frankfurt
Germany
Tel.: +49-(0)69-260 1424 0
E-Mail: info@falconinvestment.de
Website: www.falconinvestment.de

II. Name and address of the organisations’ data protection officer

The data protection officer for the responsible organization is:

Hermann Hackmann
Procurator and Chief Representative
FALCON Vermögensverwaltung AG
Hochstraße 35-37
D-60313 Frankfurt am Main
Germany
Tel.: +49-(0)69-260 1424 0
Email: info@falconinvestment.de
Website: www.falconinvestment.de

III. General information concerning data processing

1. Scope of processing of personal data
In principle, we process our users personal data only insofar as this is necessary to provide a functioning website together with our content and services. The processing of our users personal data only takes place with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and where the processing of any data is permitted by law.

2. Legal basis for the processing of personal data
Insofar as we obtain the users consent to process their personal data, Article. 6 para. 1, section a EU General Data Protection Regulation (GDPR) is the legal basis.
In the processing of personal data necessary for the performance of a contract to which the owner of the data is a party, Article. 6 para. 1, section b of the GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfil a legal obligation that is required by our company, Article. 6 para. 1, section c of the GDPR is the legal basis.
In the event that the vital interests of the data owner or any other natural person require the processing of personal data, Article. 6 para. 1, section d of the GDPR is the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Article. 6 para. 1, section f of the GDPR is the legal basis for processing.

3. Deletion of data and storage duration
The owners personal data will be deleted or locked as soon as the reason for its storage has been served. However, continued storage of personal data may be required by any European or national legislative body under EU regulations, laws or other regulations, to which the company is subject. Locking or deletion of the data will also take place when any storage period prescribed by the regulations mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of a contract.

IV. Provision of our website and the creation of logfiles

1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer.
The following data is collected:

1. Information about the browser type and version used
2. The operating system of the user
3. The IP address of the user
4. Date and time of access
5. Websites from which the system of the user reaches our website
6. Websites accessed by the user’s system through our website

The data is also stored in the log files of our system. Other storage of this data together with other personal user data does not take place. The IP addresses are detached so that assigning them to the visiting client is no longer possible.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article. 6 para. 1, section f of the GDPR.

3. Purpose of the data processing
The temporary storage of an IP address by our system is required to allow us to deliver the website to the requesting user’s computer. To do this, the user’s IP address must be kept for the duration of the session.

Storage in log files is required to ensure the functionality of our website. In addition, the data is used to optimize the website and to ensure the security of our own IT systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in the processing of data is according to Article. 6 para. 1, section f of the GDPR.

4. Storage duration
The data will be deleted after 9 weeks.

5. Opposition and removal options
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of our website. There is consequently no possibility to oppose these provisions on the part of the user.

V. Use of cookies

a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies on our website that allow an analysis of users’ browsing behavior. In this way, the following data can be transmitted:

• Entered search terms
• Frequency of page views
• Use of website features

The user’s data collected in this way is anonymized technically. Therefore, any connection of the data to the identity of the user is no longer possible. This data will not be stored together with any other personal user data.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to within this privacy policy. In this context, there are also instruction on how the storage of cookies in the user’s browser settings can be prevented.

When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is requested. In this context, there is also a reference to this privacy policy.

b) Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1), section f of the GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is the user’s consent according to Article. 6 para. 1, section a of the GDPR.

c) The purpose of our data processing
The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis of cookies, we learn how the website is used which allows us to constantly optimize our offer.

For these purposes, our legitimate interest in the processing of personal data is pursuant to Article. 6 para. 1, section f of the GDPR.

e) Duration of storage, objection and disposal options
Cookies are stored on the user’s computer and transmitted to our IT system. Each user has full control over the use of cookies. By changing the settings in the user’s internet browser, they can disable or restrict the transmission of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of our website.

VI. Newsletter

1. Description and scope of data processing
On our website users can subscribe to a free newsletter. The following data from the input mask is transmitted to us when registering for the newsletter.

• E-mail address
• Name (optional)
• Company name: (optional)
• Newsletter category (optional)

In addition, the following data is collected upon registration:

• IP address of the requesting computer
• Date and time of registration

For the processing of the data, the user’s consent is obtained during the registration process and reference is made to this privacy policy.

With the processing of data for the sending of newsletters, there is no disclosure of any data to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing
The legal basis for the processing of data after the user has registered for our newsletter is the user’s consent according to Article. 6 para. 1, section a of the GDPR.

3. Purpose of the data processing
The collection of the user’s e-mail address serves to deliver the newsletter.
The collection of other personal data in the context of the registration process serves to personalize the contents and to prevent misuse of the services or the e-mail address used.

4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user is only stored for as long as the subscription to the newsletter is active.

5. Opposition and removal options
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user is only stored for as long as the subscription to the newsletter is active.

VII. Web analysis by Matomo (formerly PIWIK)

1. Scope of processing of personal data
On our website we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software sets a cookie on the user’s computer (for cookies see above). If individual pages of our website are requested, the following data is stored:

(1) Two bytes of the IP address of the user’s requesting system
(2) The requested website
(3) The website from which the user came to the requested website ( the referrer)
(4) The subpages that are called from the requested web page
(5) The length of stay on the website
(6) The frequency of requested the website

The software runs exclusively on our website servers. The storage of the user’s personal data only takes place there. A transfer of the data to third parties does not take place.

The software is set so that the IP addresses are not completely stored, meaning 2 bytes of the IP address are masked (eg 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the requesting computer is no longer possible.

2. Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is according to Article 6 (1), section f of the GDPR.

3. Purpose of the data processing
The processing of users’ personal data enables us to analyze the surfing behavior of our users. By analyzing the obtained data, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. For these purposes, our legitimate interest lies in the processing of the data according to Article. 6 para. 1, section f of the GDPR. The anonymisation of the IP address sufficiently takes into account the interest of users in their protection of personal data.

4. Duration of storage
The data will be deleted after 180 days.

5. Opposition and removal options
Cookies are stored on the user’s computer and transmitted to our IT system. Each user has full control over the use of cookies. By changing the settings in the user’s internet browser, they can disable or restrict the transmission of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of our website.

For more information on the privacy settings of the Matomo software, please visit the following link: https://matomo.org/docs/privacy/.

VIII. Rights of the data subject

The following list includes all rights of the persons concerned according to the GDPR. Rights that have no relevance for your own website need not be mentioned. In that regard, the listing can be shortened.

If your personal data is being processed, according to GDPR regulations, you are granted the following rights by the responsible organization:

1. Your right to information
You may ask the responsible person to confirm if personal data concerning you is processed by us.
If such processing is available, you can request information from the person responsible about the following data:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data has been disclosed or is currently being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of your personal data, a right to restrict your personal data being processed by the controller, or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with Article. 46 of the GDPR, in regard to the transfer.

2. Your right to correction
You have a right to correction and/or rectification by the controller, if your personal data is incorrect or incomplete. The responsible person must make any correction without delay.

3. Your right to restrict processing
You may request the restriction of the processing of your personal data under the following conditions:

1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
(2) if the processing is unlawful and you refuse the deletion of your personal data and instead demand the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) if you have objected to the processing pursuant to Article. 21 (1) of the GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of your personal data has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims, or protecting the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

If the limitation of the processing after the above and if conditions are restricted, you will be informed by the person in charge before the restriction is lifted.

4. Your right to cancellation

a) Obligation to delete
You can expect the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
(1) Personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent, to which the processing according to Article. 6 para. 1, section. a or Article. 9 para. 2, section of the GDPR and there is no other legal basis for the processing.
(3) According to. Article. 21 para. 1, of the GDPR, objection to the processing and there are no prior justifiable reasons for the processing, or you object according to Article. 21 para. 2 of the GDPR Opposition to data processing.
(4) Your personal data may have been processed unlawfully.
(5) The deletion of your personal data shall be required to fulfill a legal obligation under European Union law, or the law of a Member State, to which the controller is subject.
(6) Your personal data was collected in relation to services offered by the information society according to Article. 8 (1) of the GDPR.

b) Transmission of information to third parties
If the responsible person has made your personal data public according to Article 17 (1) of the GDPR, they shall take appropriate measures, including any technical means, to inform data controllers who process your personal data, that you have been identified and have been affected and taking into account available technology and implementation costs, shall request deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions
The right to erasure does not exist if the processing is necessary:

(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation that requires processing under European Union or Member State law to which the controller is subject, or for the performance of a task of public interest, or the exercise of official authority has conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to Article. 9 (2), section. h and i and Article. 9 (3), of the GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1), of the GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.

5. Your right to information
If you have claimed the right of correction, erasure or restriction of processing, the controller of such data, is obliged to notify all recipients to whom your personal data may have been disclosed of this correction, or deletion, or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.
You have a right to be informed about these recipients by the person responsible.

6. Your right to Data Portability
You have the right to receive personally identifiable information you provide to the controller in a structured, understandable and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that:

(1) the processing of a consent according to Article. 6 para. 1, section a of the GDPR or Article. 9 para. 2, section a of the GDPR, or on a contract based on Article. 6 para. 1, section a of the GDPR and
(2) the processing is done by automated means.

In exercising this right, you also have the right to obtain any personal data relating to you that is transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

7. Your right to object
You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data, which pursuant to Article. 6 para. 1, section e or f of the GDPR, allows an objection; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless he/she can demonstrate compelling legitimate grounds for continued processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, to exercise your right to object through automated procedures using technical systems.

8. Your right to revoke your data protection consent declaration
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decisions on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or affect you in a similar manner. This does not apply if the decision:

(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permitted by European Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or;
(3) with your express consent.

However, these decisions must not be based on special categories of personal data under Article. 9 (1) of the GDPR, unless Article. 9 (2), section a or g of the GDPR applies and reasonable measures have been taken to protect your rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold your rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his/her own position and be heard when challenging the decision.

10. Your right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular regarding its residence, place of work or place of infringement within an EU Member State, if you believe the processing of your personal data violates GDPR regulations.

The supervisory authority to which the complaint is submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.