PRIVACYVERKLARING / PRIVACY POLICY - EXPORO INVESTMENT GMBH

Version 1.4 – Status 01.01.2021

§ 1 GENERAL INFORMATION AND MANDATORY DATA PROTECTION INFORMATION

GENERAL INFORMATION
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the applicable legal data protection regulations and exclusively within the framework of this data protection declaration.

When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done. If we have received personal data from you by other means (e.g. by e-mail), the following data protection declaration also applies. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

If you have any questions about this privacy policy or the processing of your personal data, please contact the following responsible office:

NOTE ON THE RESPONSIBLE BODY
The responsible body for data processing on this website is:

Exporo Investment GmbH
Am Sandtorkai 70
20457 Hamburg
Telephone: 040 / 210 91 73 - 00
E-mail: datenschutz@exporo.com

- hereinafter also “Exporo” -

Exporo Investment GmbH is the responsible party within the meaning of Art. 4 (7) DSGVO, Exporo AG is a service provider within the meaning of §§ 12 et seq. in conjunction with. § 2 No. 1 TMG.

BASIS OF DATA PROCESSING
Any processing of your personal data will only be carried out i) on the basis of your consent, ii) for the fulfilment of a contractual relationship, iii) due to the legitimate interest of the data controller in the data processing or iv) for the fulfilment of a legal mandate or in the public interest.

REVOCATION OF YOUR CONSENT TO DATA PROCESSING
If data processing is carried out on the basis of your explicit consent, this consent can be revoked at any time without giving reasons and with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AND TO DIRECT ADVERTISING (ART. 21 DSGVO)
If the data processing is carried out on the basis of the legitimate interest of the controller in the data processing or on the basis of tasks in the public interest entrusted to the controller (Art. 6(1)(e) or (f) DSGVO), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) DSGVO).

DATA SUBJECT RIGHTS
Based on the statutory data protection provisions, you are entitled to extensive rights concerning your data. You can exercise these rights by sending an e-mail to datenschutz@exporo.com. These include in particular

Right to information

Upon request, Exporo will provide you with comprehensive information on all data stored by Exporo about you within the legally standardised period of time. In addition to the personal data, this information also includes the purpose of processing and the type of processing.

Right to rectification

You have a right vis-à-vis Exporo to have your personal data corrected, supplemented or amended at any time. Exporo may require proof of your identity before Exporo can comply with this right.

Right to data transfer

You have the right, insofar as this is technically possible, to have all data stored about you by Exporo transferred to another company.

Right to deletion

Upon your request, Exporo will delete all personal data relating to you that is stored by Exporo within the period provided by law. If there is a legal obligation to store data, the data will only be deleted after this period has expired. This data will be blocked internally for further use.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. The right to restriction of processing exists in the following cases:

(1) If you dispute the accuracy of your personal data held by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

(2) If the processing of your personal data has happened / is happening unlawfully, you may request the restriction of data processing instead of erasure.

(3) If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request the restriction of the processing of your personal data instead of the erasure.

(4) If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

RIGHT OF COMPLAINT TO THE COMPETENT SUPERVISORY AUTHORITY
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

DATA SECURITY
SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after the conclusion of a contract with costs, there is an obligation to transmit your payment data to us (e.g. account number in the case of direct debit authorisation), this data is required for payment processing.

Payment transactions via the common means of payment (direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

**§ 2 DATA PROTECTION OFFICER

DATA PROTECTION OFFICER REQUIRED BY LAW**
We have appointed an external data protection officer for Exporo Investment GmbH. You can contact this officer at:

Exporo Investment GmbH
Data Protection Officer
Am Sandtorkai 70
20457 Hamburg
Telephone: 040 / 228 686 99 - 0
E-mail: datenschutz@exporo.com

§ 3 DATA COLLECTION ON OUR WEBSITE
COOKIES

Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

A distinction is made between 2 categories of cookies:

- Essential cookies to ensure the basic functions of the website.
- Functional cookies to ensure the performance of the website.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (e.g. shopping cart function) are stored on the basis of Exporo’s legitimate interest (Art. 6 para. 1 lit. f DSGVO). The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are dealt with separately in this data protection declaration.

Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).

When you enter our website, the following personal data is transferred to Usercentrics:

Your consent(s) or revocation of your consent(s).
Your IP address
Information about your browser
Information about your terminal device
Time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consent(s) granted or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

SERVER LOG FILES
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

- browser type and browser version
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be recorded.

NEW RELIC - SERVER MONITORING AND ERROR TRACKING
With the help of server monitoring & error tracking, we ensure the availability and integrity of our online offer and use the data processed in the process to technically optimise our online offer.

For these purposes, we use the service New Relic, Inc. Attn: Legal Department 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. New Relic is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active).

New Relic processes aggregated performance data, i.e. performance, utilisation and comparable technical values, which provide information about the stability and any anomalies of our online offer. In the event of errors and anomalies, individual enquiries from the users of our online offering are recorded pseudonymously in order to identify and rectify the sources of problems. In this case, pseudonym means in particular that the IP addresses of the users are stored shortened by the last two digits (so-called IP masking). The aggregated data is deleted after three months, the pseudonymised data after seven days.

We use New Relic on the basis of our legitimate interests in the security, accuracy and optimisation of our online offer pursuant to Art. 6 para. 1 lit. f DSGVO. For further information on the processing of personal data by New Relic, please refer to the privacy policy of the service: https://newrelic.com/termsandconditions/privacy.

CONTACT FORM / CHAT TOOL
If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you have provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

ENQUIRY BY E-MAIL, TELEPHONE OR FAX
If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a DSGVO) and / or on our legitimate interests (Art. 6 para. 1 lit. f DSGVO), as we have a legitimate interest in effectively processing the enquiries sent to us.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

REGISTRATION ON THIS WEBSITE
You can register on our website in order to use additional functions on the site. We use the data you enter for this purpose only for the purpose of using the particular offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.

The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

PROCESSING OF DATA (CUSTOMER AND CONTRACT DATA)
We collect, process and use personal data only to the extent that it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our Internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user.

The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

TRANSFER OF DATA UPON CONCLUSION OF A CONTRACT FOR SERVICES AND DIGITAL CONTENT
We only transmit personal data to third parties if this is necessary within the framework of the contract processing, for example to the service provider commissioned with the identification or payment processing.

No further transmission of data takes place or only if you have expressly consented to the transmission or if this is necessary in the context of legitimate interest. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

§ 4 ANALYSIS TOOLS AND ADVERTISING

If cookies are used on our pages for the purpose of analysis or advertising, we will inform you of this via the cookie consent technology of Usercentrics. If the cookies used are not classified as essential, you have the option of giving or withdrawing your consent.

You can obtain more information about the cookies currently in use and your consent via the fingerprint in the bottom left-hand corner of our homepage.

**§ 5 NEWSLETTER

NEWSLETTER DATA**
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time by sending an e-mail to datenschutz@exporo.com or by clicking on the “unsubscribe” link in the newsletter. The legality of the data processing procedures already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
**
DISPATCH SERVICE PROVIDER**
The dispatch of the newsletter is carried out by the dispatch service provider Drip https://www.drip.com/. You can view the data protection provisions of the dispatch service provider here: https://www.drip.com/terms.

The dispatch service provider is used on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f. DSGVO and an order processing contract pursuant to Art. 28 para. 3 p. 1 DSGVO.

The use of the transmitted personal data by the shipping service provider takes place exclusively on the instructions of Exporo and on the basis of the order processing agreement. In addition, the dispatch service provider is entitled to use the transmitted data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletter or for statistical purposes.
**
MEASUREMENT OF SUCCESS (iGoDigital)**
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved from our server or, if we use a dispatch service provider, from their server when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected.

This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Unfortunately, a separate revocation of the performance measurement is not possible; in this case, the entire newsletter subscription must be cancelled. Here to also, among other things, the cookie iGoDigital used on our website.

§ 6 PLUGINS AND TOOLS

GOOGLE TAG MANAGER
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, to integrate Google Analytics and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users’ personal data, please refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html
**
GOOGLE WEB FONTS**
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google’s servers. This informs Google that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

ZENLOOP
To optimise our website and our products, we ask you to rate us. The so-called Net-Promoter Score, NPS for short, is used here.

This serves to protect our legitimate interests in an optimal marketing of our offer within the framework of a balancing of interests according to Art. 6 Para. 1 S. 1 lit. f) DSGVO. The NPS and the services advertised with it are an offer of zenloop GmbH, Brunnenstraße 196, 10119 Berlin.

When a rating is submitted, the web server automatically saves a so-called server log file that contains, for example, your IP address, the date and time of the request, the amount of data transferred and the requesting provider (access data) and documents the request. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the site.

SALESFORCE
We use the CRM system of the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, in order to be able to process user enquiries more quickly and efficiently (legitimate interest pursuant to Art. 6 Para. 1 lit. f. DSGVO ).

Salesforce is certified under the Privacy Shield Agreement and thereby offers an additional guarantee of compliance with European data protection law if data is processed in the USA (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active).

Salesforce uses the data of the users only for the technical processing of the requests and does not pass them on to third parties. To use salesforce, at least a correct e-mail address is required. A pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address).

If users do not agree to data collection via and data storage in salesforce’s external system, we offer them alternative contact options for submitting service requests by e-mail, telephone, fax or post.

For further information, users should refer to salesforce’s privacy policy: https://www.salesforce.com/de/company/privacy/

**§ 7 OTHER SERVICE PROVIDERS

Exporo AG**
The service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO and an order processing agreement pursuant to Art. 28 para. 3 p. 1 DSGVO.

§ 8 DATA PROTECTION INFORMATION IN THE APPLICATION PROCEDURE

We process applicant data only for the purpose of and within the scope of the application procedure in accordance with the legal requirements. Applicant data is processed in order to fulfil our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 (1) lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany, § 26 BDSG also applies). In addition, your data will be processed on the basis of your consent if you allow us to keep a record of your application.

The application procedure requires applicants to provide us with applicant data. The necessary applicant data are marked if we offer an online form, otherwise they result from the job descriptions and basically include personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants may voluntarily provide us with additional information.

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy.

Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are voluntarily disclosed within the scope of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b DSGVO (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) a DSGVO (e.g. health data if this is necessary for the exercise of the profession).

If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.

Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend rather using an online form or sending by post. This is because instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.

In the event of a successful application, the data provided by applicants may be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

Subject to a justified withdrawal by the applicants, the deletion will take place after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

§ 9 RETENTION
Your data will be stored for as long as is necessary to provide the services. If longer storage is necessary due to legal regulations, the data will be stored until the expiry of this period.

§ 10 COPYRIGHT
The contents of our website, in particular the products presented and data provided, are protected by copyright. The contents may not be reproduced and/or published in whole or in part or stored in an information system without prior written permission. The presentation of this website in external frames is only permitted with express written consent.

§ 11 SCOPE OF APPLICATION OF THE DATA PROTECTION DECLARATION
The data protection declaration applies exclusively to the website of Exporo.

The privacy policy does not apply to services offered by other companies or persons, including products or websites displayed to you in search results, websites that may contain Exporo services or other websites linked to Exporo services. The Privacy Policy does not cover the handling of information by other companies or organisations that advertise services and may use cookies, pixel tags and other technologies to provide and offer relevant ads.

§ 12 CHANGES
The Privacy Policy may change from time to time. Any changes to the Privacy Policy will be posted on this website.