Legal

Privacy Policy

Readcrest icon

Information and legal notices from Readcrest Capital AG

Data Protection Information

With this privacy notice, we inform you about how we handle your personal data and about your rights under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Readcrest Capital AG is responsible for data processing (hereinafter referred to as "we" or "us").

Contents

  1. I. General Information
  2. 1. Contact
  3. 2. Legal bases
  4. 3. Storage duration
  5. 4. Categories of data recipients
  6. 5. Data transfers to third countries
  7. 6. Processing when exercising your rights
  8. 7. Your rights
  9. 8. Right to object
  10. 9. Data Protection Officer
  11. II. Data processing on our website
  12. 1. Processing of server log files
  13. 2. Contact options and inquiries
  14. 3. Updates by email
  15. 4. Cookies
  16. 5. Vercel Blob Storage
  17. 6. Supabase
  18. III. Data processing on our social media pages
  19. 1. Visiting a social media page
  20. 2. Communication via social media pages
  21. IV. Further data processing
  22. 1. Applications
  23. 2. Contacting us
  24. 3. Customer and prospective customer data

I. General Information

1. Contact

If you have any questions or suggestions regarding this information, or if you wish to assert your rights, please contact:

Readcrest Capital AG
Schopenstehl 22
20095 Hamburg
Germany
Phone +49 40 679 580-22
Email: info@readcrest.com

2. Legal bases

In data protection law, the term "personal data" means all information relating to an identified or identifiable natural person. We process personal data in compliance with the applicable data protection regulations, in particular the GDPR and the BDSG. We only process data when permitted by law. We process personal data only with your consent (Section 25 (1) TDDDG or Art. 6 (1) lit. a GDPR), for the performance of a contract with you or in order to take steps at your request before entering into a contract (Art. 6 (1) lit. b GDPR), to comply with legal obligations (Art. 6 (1) lit. c GDPR), or where processing is necessary for our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring protection of personal data prevail (Art. 6 (1) lit. f GDPR).

If you apply for an open position at our company, we also process your personal data to decide on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG and/or Art. 6 (1) lit. b GDPR).

3. Storage duration

Unless otherwise stated below, we store data only as long as necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law requirements. At the end of the calendar year in which the data was collected, we retain personal data contained in our accounting records for ten years and personal data contained in commercial letters and contracts for six years. In addition, we retain data related to consents requiring proof, complaints, and claims for the duration of statutory limitation periods. Data stored for advertising purposes will be deleted if you object to processing for that purpose.

4. Categories of data recipients

We use processors when processing your data. Processing activities carried out by such processors include, for example, hosting, sending emails, maintenance and support of IT systems, accounting and billing, marketing measures, and destruction of files and data carriers. A processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller. Processors do not use the data for their own purposes; they process data solely for the controller and are contractually obliged to implement appropriate technical and organizational measures to protect data. We may also transfer your personal data to entities such as postal and delivery services, our bank, tax advisors/auditors, or tax authorities. Further recipients may result from the information below.

5. Data transfers to third countries

Our data processing may involve transferring certain personal data to third countries, i.e., countries in which the GDPR does not apply as domestic law. Such transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection exists in the relevant third country. If no such adequacy decision exists, personal data is transferred to a third country only where appropriate safeguards pursuant to Art. 46 GDPR are in place or where one of the conditions of Art. 49 GDPR is met.

If no adequacy decision exists and unless otherwise stated below, we use the EU Standard Contractual Clauses as appropriate safeguards for transfers of personal data to third countries. You may obtain a copy of or inspect these EU Standard Contractual Clauses. Please contact us using the details provided under Contact.

If you consent to the transfer of personal data to third countries, the transfer is carried out on the legal basis of Art. 49 (1) lit. a GDPR.

6. Processing when exercising your rights

If you exercise your rights under Arts. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights and to be able to provide evidence of this. Data stored for responding to access requests and preparing responses will be processed only for these purposes and for data protection control purposes; otherwise, processing will be restricted in accordance with Art. 18 GDPR.

This processing is based on Art. 6 (1) lit. c GDPR in conjunction with Arts. 15 to 22 GDPR and Section 34 (2) BDSG.

7. Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information as to whether and to what extent we process personal data concerning you.
  • You have the right to request correction of your data in accordance with Art. 16 GDPR.
  • You have the right to request deletion of your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
  • You have the right to request restriction of processing of your personal data in accordance with Art. 18 GDPR.
  • Under Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another controller.
  • If you have provided separate consent to data processing, you may revoke this consent at any time with future effect in accordance with Art. 7 (3) GDPR. Such revocation does not affect the lawfulness of processing carried out before revocation.
  • If you believe that processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

8. Right to object

In accordance with Art. 21 (1) GDPR, you have the right to object, on grounds relating to your particular situation, to processing based on Art. 6 (1) lit. e or f GDPR. If we process personal data concerning you for direct marketing purposes, you may object to this processing pursuant to Art. 21 (2) and (3) GDPR.

9. Data Protection Officer

You can reach our Data Protection Officer at:

Email: datenschutzbeauftragter@readcrest.com
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de

II. Data processing on our website

When using the website, we collect information you provide yourself. During your visit, we also automatically collect certain information about your use of the website. Under data protection law, the IP address is generally also considered personal data. An IP address is assigned by the internet provider to each device connected to the internet so that it can send and receive data.

1. Processing of server log files

When you use our website for information purposes only (i.e., without registration), general information that your browser transmits to our server is automatically stored. This typically includes: browser type/version, operating system used, accessed page, previously visited page (referrer URL), IP address, date and time of server request, and HTTP status code.

Processing is carried out to protect our legitimate interests and is based on Art. 6 (1) lit. f GDPR. This processing serves the technical administration and security of the website. Stored data is deleted after three days unless there are concrete indications of justified suspicion of unlawful use and further review and processing is required for this reason. Based on the stored information, we are not able to identify you as a data subject. Arts. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 (2) GDPR unless you provide additional information enabling identification for exercising rights under those articles.

2. Contact options and inquiries

Our website contains contact forms through which you can send us messages. Your data is transmitted in encrypted form (recognizable by "https" in the browser address bar). All fields marked as mandatory are required to process your request. If this data is not provided, we cannot process your request. Providing additional data is voluntary. Alternatively, you can send us a message via the contact email address. We process the data for the purpose of answering your inquiry.

If your inquiry relates to concluding or performing a contract with us, Art. 6 (1) lit. b GDPR is the legal basis for processing. Otherwise, we process the data based on our legitimate interest in communicating with inquiring persons. In that case, Art. 6 (1) lit. f GDPR is the legal basis.

3. Updates by email

On our website, we offer the option to subscribe to updates sent by email. After subscribing, we will regularly inform you about current news regarding our company. A valid email address is required for subscription. To verify your email address, you will first receive a registration email that you must confirm via a link (double opt-in). If you subscribe to updates on our website, we process personal data such as your email address and your name based on your consent. Processing is based on Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect, for example via the unsubscribe link in an update email or by contacting us through the channels listed above. The lawfulness of processing carried out before revocation remains unaffected.

When subscribing to our updates, we also store the IP address as well as the date and time of subscription. Processing this data is necessary to prove that consent was granted. The legal basis follows from our legal obligation to document your consent (Art. 6 (1) lit. c in conjunction with Art. 7 (1) GDPR).

For managing subscriptions and sending updates, we use the service Resend by Resend, Inc. (USA). Therefore, your email address is transmitted to this service provider. If you do not want your data to be processed by this provider, you should not subscribe to our updates or you should unsubscribe.

Please also note the information in the section "Data transfers to third countries".

4. Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small datasets stored by your browser when you visit a website. This identifies the browser used and enables web servers to recognize it. You have full control over cookie use through your browser. You can delete cookies at any time in your browser's security settings. You can object to the use of cookies through your browser settings in general or for specific cases.

Some cookies are technically necessary for operating our website and may therefore be used without user consent. We do not use cookies for analytics or marketing purposes that would only be permissible with your consent pursuant to Section 25 (1) TDDDG and, where applicable, Art. 6 (1) lit. a GDPR.

5. Vercel Blob Storage

We use the hosting and infrastructure service "Vercel" provided by Vercel Inc. (USA) for delivering and storing media content (e.g., images and documents). This requires processing of technical connection data (e.g., your IP address).

Processing of your data is based on Art. 6 (1) lit. f GDPR and our legitimate interest in technically secure, efficient, and modern provision of our online content. You can object to this data processing via browser settings or specific browser extensions. Please note that this may result in functional limitations on the website.

When using this service, transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfers to third countries". Further information on data protection at Vercel is available at https://vercel.com/legal/privacy-policy.

6. Supabase

For technical provision and operation of our form and newsletter data, we use the service "Supabase" provided by Supabase Inc. (USA).

Supabase provides a platform for database, authentication, and hosting functions through which certain content and functions are delivered, managed, and stored. In particular, IP addresses, device and browser information, and where applicable data you enter via forms or user accounts are processed.

The legal basis for using this service is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the reliable technical implementation and maintenance of online content.

Our Supabase cluster runs in AWS region eu-north-1 (Stockholm, Sweden). Therefore, all content we store remains within the European Union. When using this service, transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfers to third countries".

Further information on data protection at Supabase is available at https://supabase.com/privacy.

III. Data processing on our social media pages

We maintain a company page on the social media platform LinkedIn. This gives us additional opportunities to provide information about our company and to communicate.

When you visit or interact with our LinkedIn profile, personal data concerning you may be processed. Information associated with the social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to our social media profile, which may also constitute personal data.

1. Visiting a social media page

When visiting our social media page, through which we present our company or individual products, certain information about you is processed. LinkedIn is solely responsible for this processing of personal data. Further information on LinkedIn's processing of personal data can be found at https://www.linkedin.com/legal/privacy-policy.

LinkedIn collects and processes event and profile data and provides us with anonymized statistics and insights for our pages, enabling us to gain insights into the types of actions people take on our page ("Page Insights"). These Page Insights are created on the basis of certain information about persons who have visited our page. This processing is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating actions taken on our page and improving our page based on these insights. The legal basis is Art. 6 (1) lit. f GDPR.

We cannot assign information received via Page Insights to individual user profiles interacting with our pages. We have entered into agreements with LinkedIn regarding processing as joint controllers, which define the distribution of data protection obligations between us and LinkedIn. Details on processing personal data for creating Page Insights and the agreement concluded between us and LinkedIn are available at https://legal.linkedin.com/pages-joint-controller-addendum.

You may also exercise your rights directly against LinkedIn. Further information is available at https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de.

We have agreed with LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

2. Communication via social media pages

We also process information that you provide to us via our LinkedIn company page. Such information may include your username, contact details, or a message to us. This processing is carried out by us as sole controller. We process this data based on our legitimate interest in communicating with inquiring persons. The legal basis is Art. 6 (1) lit. f GDPR. Further processing may occur if you have consented (Art. 6 (1) lit. a GDPR) or if required to fulfill a legal obligation (Art. 6 (1) lit. c GDPR).

IV. Further data processing

1. Applications

If you apply to our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contacts in our company. All employees involved in data processing are obliged to maintain confidentiality of your data. If we cannot offer you employment, we will retain the data you submitted for up to six months after any rejection in order to answer questions related to your application and rejection. This does not apply where statutory provisions prevent deletion, where further storage is required for evidentiary purposes, or where you have expressly consented to longer storage. The legal basis is Section 26 (1) sentence 1 BDSG and/or Art. 6 (1) lit. b GDPR. If we retain applicant data beyond six months and you have expressly consented, please note that this consent may be revoked at any time pursuant to Art. 7 (3) GDPR. Such revocation does not affect the lawfulness of processing carried out before revocation.

2. Contacting us

If you call us or send a message to the contact email address provided, we process the transmitted data for the purpose of answering your inquiry. We process this data based on our legitimate interest in communicating with inquiring persons.

The legal basis for data processing is Art. 6 (1) lit. f GDPR.

3. Customer and prospective customer data

If you contact our company as a customer or prospective customer, we process your data to establish or perform the contractual relationship to the extent required for this purpose. This generally includes processing of personal master data, contract and payment data provided to us, as well as contact and communication data of contact persons at commercial customers and business partners. The legal basis for this processing is Art. 6 (1) lit. f GDPR.

We also process customer and prospective customer data for evaluation and marketing purposes. This processing is based on Art. 6 (1) lit. f GDPR and serves our interest in further developing our services and informing you specifically about our offers.

Further processing may occur if you have consented (Art. 6 (1) lit. a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 (1) lit. c GDPR).

Privacy Policy | Readcrest Capital AG | Readcrest Capital AG