PARIBUS GROUP | PRIVACY POLICY
General information about data processing
The Paribus Group companies are pleased that you have decided to visit the website and thank you for your interest in our company and products. We take the protection of your personal information very seriously and want you to feel safe when visiting our website.
The protection of your privacy when processing personal data is an important matter for us and one that is reflected in our business processes. In principle, we only process personal data to the extent that is necessary in terms of running a functional website, handling correspondence through the email addresses published on our website and providing content and services.
Insofar as we obtain the data subject’s consent for personal data to be processed, the legal basis for processing personal data is Article 6, paragraph 1, point (a), of the European General Data Protection Regulation (GDPR). When the processing of personal data is necessary for the performance of a contract, the legal basis is Article 6, paragraph 1, point (b), of the GDPR. This also applies to processing operations that are necessary for carrying out tasks before a contract is entered into. Furthermore, data processing may be carried out to protect our legitimate interests under Article 6, paragraph 1, point (f), of the GDPR.
Personal data is blocked or deleted as soon as the purpose of data storage ceases to apply. Data may also be stored if this is required under European or local legislation. Data is blocked and deleted when the specified retention period lapses, unless it is necessary to continue storing data in order to conclude or fulfil a contract.
Personal data is not shared with state institutions and authorities unless subject to mandatory provisions under European or national law. We compel our employees to maintain confidentiality.
For your security, we use SSL or TLS encryption to protect data transfers when you send information to us. You can recognise an encrypted connection because the address line of the browser changes from http:// to https:// or by the padlock icon in the browser window. If SSL or TLS encryption is activated, any information you send to us cannot be accessed by third parties.
Collection and processing of personal data on our website
When you visit our website, our web servers automatically save the following information and more as server log files: the browser type and version and operating system used, the website from which you are visiting us, our websites that you visit, the date of your visit and, for security purposes (e.g. identifying attacks on our websites), the amount of data sent in bytes and, for a period of seven days, the IP address allocated to you by your Internet service provider. Data may also be stored if this is required under European or local legislation. The system must temporarily save the IP address in log files to enable website function and ensure website access on the user’s computer. We also use the data to optimise the website and ensure the security of our technical information systems, which also serves as our legitimate interest when it comes to processing data pursuant to Article 6, paragraph 1, point (f), of the GDPR.
With the exception of the IP address, personal data is only saved if you choose to share it with us (e.g. when using the contact form) or if you provide your consent for the use of cookies or plug-ins.
Matomo
We use the cloud version of Matomo, an open-source web analytics service provided by InnoCraft Ltd., 7 Waterloo Quarry PO625, 6140 Wellington, New Zealand. The legal basis for use is your consent, which is obtained through the cookie banner, in line with Article 6, paragraph 1, point (a), of the GDPR. We use this service in line with our legitimate interest in optimising our website for our public image.
The collected data is transmitted to InnoCraft Ltd. A corresponding processing agreement has been concluded. An adequacy decision from the European Commission, as required by the GDPR, finding that New Zealand has an adequate level of data protection, has been issued (Commission Implementing Decision 2013/65/EU). Where Matomo uses sub-processors, Matomo enters into contractual arrangements to ensure that all data is processed. Nevertheless, where personal data is processed by the parent company of the cloud provider used by Matomo in the USA, Amazon Web Services, Inc. is certified under the EU-US Data Privacy Shield Framework (DPF), and so guarantees that it will observe European data security. Matomo uses cookies, which are stored on your computer and allow analysis of how you use our website.
The IP addresses are anonymised (IP masking) so that they cannot be allocated to any individual users.
We use the data to evaluate how our website is used for the purposes of improving our website. The data is not shared with third parties.
Your personal data is deleted or anonymised after 180 days. For information about data protection at InnoCraft, please refer to the Matomo Cloud Privacy Policy – Matomo Analytics.
You can prevent the collection of your website usage data for this website at any time by deleting the cookies in your browser or clicking the following button to change your decision regarding the use of Matomo.
Google Maps
We integrate maps provided by the Google Maps services onto the contact page and the subpages of the portfolio, property portfolio and fund portfolio sections. The provider of this map material is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If personal data is indeed processed in the USA, Google LLC is certified under the EU-US Data Privacy Shield Framework, which means that there is an adequate level of data protection. The legal basis for use is your consent, which is obtained through the cookie banner, in line with Article 6, paragraph 1, point (a), of the GDPR.
However, these maps will not be integrated or fully accessible without your active consent, in which case the data processed primarily includes IP addresses and user location data. Further information is available in Google’s Privacy Policy.
You can change your decision regarding the use of Google Maps at any time by clicking on the link below.
YouTube
We use YouTube to embed videos on our website. YouTube is a video platform operated by Google Ireland Limited, Gordon House Barrow Street, Dublin 4, Ireland. If personal data is indeed processed in the USA, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, is the regular recipient of the data. Google LLC is certified under the EU-US Data Privacy Shield Framework, which means that there is an adequate level of data protection.
The legal basis for use is your consent, which is obtained through the cookie banner, in line with Article 6, paragraph 1, point (a), of the GDPR. YouTube uses cookies, which are stored on your computer and allow analysis of how you use our website.
If you access subpages of our website that contain a YouTube video and you have already consented to the use of the cookies required to unlock YouTube content, a connection to the YouTube servers will be established. As a result, your IP address, device information and information about which of our subpages you have visited will be transmitted to the YouTube server. If you have a YouTube account and are logged in, YouTube will link this information to your personal user account. If you use YouTube on our website (e.g. when clicking on the start button of a video), this information, too, will be linked to your user account. You can prevent this form of linking by signing out of your YouTube user account and other user accounts and by deleting the corresponding cookies before using our website.
We have no influence on the type and scope of data processed by YouTube/Google, the type of processing and use, or the transmission of data to third parties. YouTube saves your data, for example, as usage profiles, which it uses for the purpose of advertising, market research and/or tailoring the design of its websites. Even for users who are not logged in, this type of analysis is conducted primarily for the purpose of personalising ads and informing other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles and can do so by contacting YouTube.
If you would like to prevent the transmission of your data, you cannot use YouTube functions on our website.
Further information about data processing and details concerning YouTube/Google data protection can be found in Google’s Privacy Policy.
Collection and processing of personal data when you contact us by email or use the contact form
It is possible to contact us through our website using the email addresses provided. In this case, the user’s personal data that is sent with the email will be stored. Data is used only to process the conversation, and we only need it to handle the enquiry. Information is deleted as soon as it is no longer necessary for the purpose for which it was collected. For contact made by email, this occurs when the respective conversation with the user has ended, specifically when it is fair to assume from the circumstances that the matter in question has been clarified in full.
The legal basis for processing this data is Article 6, paragraph 1, point (f), of the GDPR. If the aim of email contact is to conclude a contract, an additional legal basis for data processing is Article 6, paragraph 1, point (b), of the GDPR.
You also have the option to communicate with us using our contact form. Required fields are marked with an asterisk (*). Additionally, you have the option to fill in fields with voluntary information. Whether or not you fill in the voluntary information has no effect whatsoever on our response to your request for contact. The personal data you provide us with in connection to this enquiry will only be used for the purpose of responding to your enquiry and/or contacting you as well as for any associated technical administration.
Where indicated or substantially necessary, data is shared with the relevant Paribus Group company to be processed further. No data is passed on to third parties.
You have the right to revoke the consent you have provided at any time with future effect, in which case your personal data will be immediately deleted.
Your personal data will also be deleted once we have processed your enquiry (without the need to revoke your consent) or if you revoke the consent for data storage which you have provided here. This also occurs if storage is not permitted on other legal grounds.
In this case, the legal basis for processing is the consent which you have provided (Article 6, paragraph 1, point (a), of the GDPR).
Collection and processing of personal data for newsletter subscription
Our website offers you the option to subscribe to our newsletter FondsCONNECT, which will keep you up to date on Paribus Group funds and activities. If you would like to subscribe to the regular newsletter, you will need to provide a valid email address. Required fields are marked with an asterisk (*). Additionally, you have the option to fill in fields with voluntary information. Whether or not you fill in the voluntary information, you will still be added to the newsletter distribution list. Your data will be used solely for the purpose of sending the newsletter and, with the exception of the mail service provider (see below), will not be shared with any third parties. When you subscribe to the newsletter, you agree to receive the newsletter and consent to the processes explained.
Double opt-in process
The procedure for subscribing to our newsletter is based on a double opt-in process, which means, after subscribing to the newsletter, you will receive an email requesting that you confirm your subscription. This confirmation is necessary, as it prevents registration of third-party email addresses. As required by law, newsletter registration is recorded as proof of the subscription process, which includes storage of the IP address and the date and time of registration and confirmation.
In this case, the legal basis for processing is the consent which you have provided (Article 6, paragraph 1, point (a), of the GDPR).
Measurement of open and click rates
The newsletters contain a web beacon, which is a pixel-sized file accessed by the server of our mail service provider when the newsletter is opened. When the file is accessed, technical information such as details about the browser and your system is collected.
This information is used to make technical improvements to our newsletter on the basis of technical data or target groups and their reading behaviour, with a focus on their access locations (which can be determined using the IP address) or access times. This analysis also determines if and when the user opened the newsletter and which links they clicked on. This information is presented in anonymous form. No full IP addresses are collected and processed, and no cookies are installed.
Revocation and cancellation
You can withdraw your consent to receive the newsletter at any time using the unsubscribe link at the end of every newsletter (opt-out) or by sending an email to . Once you have withdrawn your consent, your personal data will be deleted. Your consent to receive the newsletter will expire at the same time.
Mail service provider
CleverReach, a mail service platform provided by CleverReach GmbH & Co. KG, Schafjueckenweg 2, 26180 Rastede, Germany, processes data and sends out the newsletter on our behalf. Information about the mail service provider’s data protection provisions are available in the Privacy Policy of CleverReach GmbH & Co. KG.
Collection and processing of personal data for job applications
When you apply for a position at our company, we process your personal data to the extent necessary to make a decision regarding your employment with us. This can include general personal information (such as your name, address and contact details), details concerning your professional qualifications, school education or professional training, and any other information you provide to us in connection with your application. In addition, we may process professional information that you have made publicly available, such as profiles on professional social media networks. The legal basis here is paragraph 6, sentence 1 b Federal Data Protection Act (BDSG) and paragraph 88 BDSGO in conjunction with Section 26, paragraph 1, in conjunction with paragraph 8, sentence 2, of the Federal Data Protection Act (BDSG, latest version). If we do not collect data directly from you, but rather from an active profile on an online job platform (e.g. StepStone), or if you present an inactive or only partially active profile during the application process, we may collect personal data in addition to professional information.
We process your application using StepStone, which means that StepStone Deutschland GmbH and its subcontractors, which you can find in StepStone’s terms and conditions, act on our behalf and are also data recipients. When StepStone processes your application on our behalf, it uses security services provided by Akamai Technologies, Inc., which may result in data transfer to the US. In this case, please note that the US government has committed to introduce or, on request, provide protections, especially a two-tier redress system, as part of the EU-US Data Privacy Shield Framework (DPF). The guarantees offered by the US government apply to all data transfers, including companies not certified under the DPF.
Furthermore, all Paribus Group companies – with the exception of job adverts for Paribus Kapitalverwaltungsgesellschaft mbH – use the applicant management software ‘HRworks-Bewerbermanagement’ from HRworks GmbH to display vacancies. A data processing agreement has been concluded. HRworks GmbH runs a website for us as a processor. You can access that website by clicking on a link on our website. The data transmitted in connection with your application is stored in a computing centre in Germany and on a server in the European Union (the latter with AMAZON Web Services EMEA SARL, which is based in Luxembourg and has servers in Ireland). The data is encrypted when it is transmitted. Nevertheless, should the parent company in the USA request data, please note that the US government has committed to introduce or, on request, provide protections, especially a two-tier redress system, as part of the EU-US Data Privacy Shield Framework (DPF). The guarantees offered by the US government apply to all data transfers, including companies not certified under the DPF.
The software from HRworks uses the following technically necessary cookies:
HrwJobApplicationmanagementSession
This cookie is used by the applicant management software ‘HRworks-Bewerbermanagement’. It displays the session of the person in our job portal. This is necessary for operational reasons in order to distinguish between the users of the session. This cookie is technically necessary.
AWSALB and AWSALBCORS
These two cookies are used by the applicant management software ‘HRworks-Bewerbermanagement’. On the one hand, they are necessary in order to allocate information to the correct server instance. On the other hand, they are necessary for the purposes of uploading application documents, so that the process can run smoothly for the applicants. This cookie is technically necessary.
More information about the HR software’s data protection provisions is available in the Privacy Policy of HRworks GmbH.
At the same time, we may process your personal data to the extent necessary to defend against legal claims made against us resulting from the application process. The legal basis for this is Article 6, paragraph 1, point (f), of the GDPR, where our legitimate interest may be, for example, a burden of proof in proceedings under the General Act on Equal Treatment (AGG).
If an employment relationship comes into being between you and us, we may, in accordance with Section 26, paragraph 1, of the Federal Data Protection Act (BDSG), continue to process personal data that you have already provided for purposes related to the employment relationship, to the extent necessary for managing or terminating the employment relationship or to exercise or meet any rights or obligations arising from a law, collective agreement, company agreement or operating agreement (collective agreement) concerning the protection of employees’ interests.
We store your personal data for as long as this is necessary to reach a decision on your application. If an employment relationship between you and us does not come about, we may also store data to the extent necessary to defend against potential legal claims. Application documents are deleted no later than six months after submission of the rejection decision unless a longer retention period is necessary due to legal disputes. The provision of personal data is not required by law or contract, and neither are you obliged to provide personal data. However, the provision of personal data is necessary in order to form a contract of employment with us. This means that, if you do not provide us with any personal data during the application process, we will not enter into an employment relationship with you.
Sharing data with third parties
The Paribus Group companies will treat your personal data confidentially. When you contact us using our general email address or HRWworks on our website (the latter is not available for vacancies at Paribus Kapitalverwaltungsgesellschaft mbH), the data is transmitted to the Human Resources department of the Paribus Group, Paribus Holding GmbH & Co. KG. If you contact a Paribus Group company directly or select an area of interest when you use the contact form, the data will be transmitted to that company directly. The company will pass the data on to the central Human Resources department for processing. Where necessary to fill a vacancy as part of the application process, the relevant Paribus Group companies will be granted access to the necessary data. No further sharing with third parties takes place unless, if legally required to do so, we commission an external service provider to process your information and this processing is based on contracts in accordance with Article 28 of the GDPR. Examples of such cases include sending letters or emails and processing by host providers or applicant management system providers. These service providers only receive the information that is necessary for them to perform their tasks. They may not use data for other purposes and are obliged to handle information in accordance with the GDPR and the Federal Data Protection Act (BDSG, latest version). We also draw up appropriate non-disclosure agreements and, if necessary, order processing agreements with each partner. In all other cases, we will inform you if personal information is to be shared with third parties and provide you with an opportunity to give your consent.
Cookies
Our website uses the following session cookies, which are essential for operating the pages. When a user accesses a page of our website, a cookie may be stored on the local operating system. This cookie contains a unique string of characters that uniquely identifies the user’s browser when the website is accessed again at a later time. We use cookies in order to give our website a more user-friendly design. Some features of our website cannot be offered without using cookies. Additionally, some elements of our website make it necessary for the accessing browser to be identifiable even after the user has navigated to a different website.
The legal basis for the processing of personal data using cookies is Article 6, paragraph 1, point (f), of the GDPR and, for cookies used by Google Analytics, Article 6, paragraph 1, point (a), of the GDPR.
As the user, you have full control over the use of cookies and can delete the cookies used from your computer at any time. You can also deactivate or limit the use of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time.
PHPSESSID (Session-Cookie)
This cookie saves your current session with regard to PHP applications and thus ensures that page functions based on the PHP programming language can be displayed in full. The cookie is deleted after the browser session has ended.
Borlabs-Cookie
This cookie is required to save consent with regard to the cookie banner. It is saved for a period of one year after consent has been given through the cookie banner, unless you, as the user, delete this cookie from your browser or modify your decisions regarding the provision of your consent through the cookie banner, which is done by accessing the cookie banner again using the ‘Change cookie settings’ button. Otherwise, the cookie is deleted after one year. No personal data is saved.
wp-rest-enabled-ping
This cookie determines whether the website’s REST API is accessible, and is deleted after one hour. No personal data is saved.
Browserupdateorg
We use this cookie to prevent the browser update prompt from popping up again. The cookie has a life of seven days. No personal data is saved.
Matomo
Matomo currently uses the following cookies:
- pk.*.: generates statistical data. The cookie is deleted after 13 months.
Sharing content via plug-ins (XING, LinkedIn, Facebook, Twitter)
Our website contains the social plug-ins of the online social networks xing.com, linkedin.com, facebook.com and twitter.com. To increase data protection when you visit one of our website pages, the plug-ins are only embedded on our website as graphics, which themselves do not contain a link to the corresponding provider’s services. A connection to the services is only established if the graphic is clicked on, so that no data is transmitted prior to clicking on our plug-in button. We have no influence on the scope of data collected by social networks. To our knowledge, XING, LinkedIn, Facebook and Twitter receive information about which of our websites you are currently using or have accessed in the past. When you access our website, the information that your browser has accessed the specific page of our website is then transmitted, if you do not have a profile with the corresponding social networks or are not currently logged in. Your browser transmits this information (including your IP address) directly to a server of the operators of XING, LinkedIn, Facebook and Twitter in the US, where it is stored. The information may be published and your contacts displayed in the social network in question.
For details about the purpose and scope of data collection, the further processing and use of data by the aforementioned social networks, your corresponding rights and privacy settings, please refer to the following privacy policies:
- Xing: https://privacy.xing.com/en/privacy-policy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Facebook: http://www.facebook.com/policy.php
- Twitter: https://twitter.com/en/privacy
If you have an account with one of the social networks and would like to limit data collection on our websites and the linking of your user data with the personal data collected by the social network, you should log out before visiting our website.
Rights of the user
You can request information from us about the personal data we have stored about you at any time and free of charge (Article 15 of the GDPR). You are also entitled to have this data corrected or completed if necessary (Article 16 of the GDPR), should it prove to be incorrect or incomplete. If the relevant requirements are met, you are also able to exercise your right to restrict the processing of your personal data (Article 18 of the GDPR) or to have it deleted (Article 17 of the GDPR). This does not apply if a certain retention period is required by law. If it is not possible to delete data, data processing will be restricted. Furthermore, you have the right to data portability (Article 20 of the GDPR).
Your request should be made using the following contact details: Paribus Holding GmbH & Co. KG, Königstrasse 28, 22767 Hamburg, tel. +49 40 8888 00 6-0, email:
Additionally, you have the right to object to the processing of your personal data at any time (Article 21 of the GDPR). This does not apply in cases where data collection is absolutely necessary for the provision and operation of the website. If you have contacted us by email or made an application using an online job platform, you can also object to the storage of your personal data at any time. In such cases, the conversation or application process cannot be continued. After receiving your objection, we will no longer use, process or share the data concerned for any purpose other than processing existing contracts. The legality of data processing up until the point of withdrawal shall remain unaffected. You can also withdraw consent you have given us at any time with future effect. Furthermore, you are entitled to lodge a complaint with a supervisory authority about our processing of personal data. However, we recommend that you direct a complaint to us or our data protection officer first.
If you would like to object to the collection, processing or use of your data by the Paribus Group companies in accordance with this Privacy Policy, either entirely or with regard to individual measures, please send your objection to the following address: Paribus Holding GmbH & Co. KG, Königstrasse 28, 22767 Hamburg, or by email to:
Data controller under data protection legislation
As the data controller under the General Data Protection Regulation (GDPR) and the BDSG (latest version), Paribus Holding GmbH & Co. KG is responsible for the collection, processing and use of your personal data on behalf of all Paribus Group companies.
Data protection officer
If you have any questions concerning the processing of your personal data, you can contact our data protection officer (email: ), who acts on behalf of the data controller and whose team is available to handle any information requests, suggestions or complaints.