1. Controller and data protection officer

Deutsche Vermögensberatung Aktiengesellschaft DVAG
Wilhelm-Leuschner-Strasse 24
60329 Frankfurt am Main, Germany
Phone: 069/2384-0
E-mail: info@dvag.com

You can also contact our data protection officer at the above address, with the addition "Data Protection Officer" or at datenschutz@dvag.com
 

2. General information on data processing and your rights

2.1 Relevant legal bases for data processing

Unless the legal basis is expressly stated in this data protection information, the following legal bases are decisive: Insofar as we obtain your consent for data processing, Article 6 (1) (a) and Article 7 GDPR is the legal basis for data processing. If the processing of the data takes place for the fulfilment of our services and the implementation of contractual measures as well as answering inquiries, Art. 6 para. 1 lit. b GDPR is the legal basis for data processing. If the data processing serves to fulfil a legal obligation, Article 6 (1) (c) GDPR is the legal basis. Examples of this are the fulfilment of retention periods under commercial law or the fulfilment of tax (retention) obligations. If the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party, Article 6 (1) (f) GDPR serves as our legal basis. Legitimate interests are in particular the guarantee of IT security and IT operations, the assertion of legal claims and defence in legal disputes, the creation of user statistics, advertising for own services and products of the companies of the DVAG Group, our investment consultants and our product partners, as well as the market and opinion research by the above, unless direct advertising has been objected to.

 

2.2 Your rights

You have the right

  • to access pursuant to Article 15 GDPR,
  • to rectification pursuant to Article 16 GDPR,
  • to erasure in accordance with Article 17 GDPR,
  • to restriction of processing in accordance with Art. 18 DSG-VO
  • to portability in accordance with Article 20 GDPR.

The restrictions of §§ 34 and 35 BDSG apply to the rights to access and erasure. In addition, you have a right of complaint pursuant to Art. 77 GDPR to a data protection supervisory authority pursuant to § 19 BDSG.

You can revoke your consent to the processing of personal data at any time with effect for the future.

 

2.3 Duration of storage

Unless otherwise stated in this data protection notice, personal data will only be stored for as long as is necessary to fulfil the respective purpose or to fulfil our contractual or legal obligations. We are subject to various storage and documentation obligations. These result in particular from the German Commercial Code, the Tax Code, the Money Laundering Act and the Ordinance on Financial Investment Mediation as well as the Insurance Mediation Ordinance. The deletion deadlines specified there can be up to 10 years.

 

2.4 Transfer of personal data

If we transfer personal data to other persons or companies, this is only done on the basis of your consent, a legal permission, a legal obligation (e.g. to public bodies and institutions such as supervisory authorities or tax authorities) or on the basis of an agreement on order processing in accordance with Art. 28 GDPR. Further categories of recipients can be found in this data protection information (see section 3.).

 

2.5 Transfer of personal data to third countries

Personal data will only be processed outside the European Economic Area if an adequate level of data protection has been confirmed by the EU Commission in the third country in accordance with Art. 44 et seq. GDPR or if other appropriate guarantees for the protection of personal data are in place.

 

2.6 Automated individual decision-making

Automated individual decision-making or profiling does not take place within the framework of this website.

 

3. Further information on data processing

3.1 Cookies

Our website uses cookies. These are small data packets that are stored on the customer's device. In addition to so-called session cookies, which are automatically deleted as soon as you log out or close the browser, so-called permanent cookies are also used, which recognize a returning user. These cookies expire automatically after a fixed period of time.
It is possible at any time to object to the setting of a cookie by appropriate settings in the Internet browser. You can delete cookies that have already been set at any time. If cookies are deactivated, it may not be possible to use all functions of our website to their full extent. The legal basis for the setting of a cookie is the protection of the above-mentioned legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.


3.2 Collection of general data and creation of log data

When you visit our website, general data and information are automatically collected and stored in a log of the server. The following data may be collected:

  • Browser type and version information
  • Information about the user's operating system
  • Information about the user's service provider
  • The Internet Protocol (IP) address of the user or calling system
  • Date and time of access
  • The page from which you came to us (referrer URL)
  • Websites accessed by the user's system via our website

The processing of this data serves to provide our website, to ensure the functionality of our information technology systems and to optimize our website. These data and information, which are collected anonymously, are statistically evaluated by us with the aim of ensuring data protection and data security. The data of the log files are always stored separately from other personal data that may be collected and are not passed on to third parties. The deletion of the data takes place automatically after expiry of the deletion deadline. The legal basis for the temporary processing of the data is the protection of the above-mentioned legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.


3.3 Contact form and e-mail contact

On our website you will find a contact form and an e-mail address through which you can contact us electronically. If you use one of these channels and contact us, the personal data you transmit to us will be stored automatically. The storage and further processing of this data serves exclusively to process your contact request and for the subsequent contact request with you. A transfer to third parties does not take place in principle. An exception exists if your request relates to an advisor of our company and a transfer of the data is necessary to process your contact request. The data transmitted by you will be deleted after completion of the process, provided that the deletion does not conflict with any contractual or statutory retention periods. In this case, the data subject to retention will be deleted after expiry of the deadline. The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR.

 

3.4 Use of Adobe Analytics

On our website we use Adobe Analytics (Omniture) or Adobe Marketing Cloud (hereinafter referred to as "Omniture"), a web analysis service provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Omniture allows us to analyze user behavior and visitor flows. This allows us to create content on demand and also to identify and fix problems faster.

Omniture stores cookies on your system for this purpose. We also use appropriate system settings to ensure that the tracking data sets transmitted to Adobe are anonymized before geolocation. Anonymization is implemented by replacing the last part of the IP address. We have also made server-side settings on the basis of which your IP address is anonymized independently of each other before processing for geolocation and range measurement. Adobe processes the collected data and information exclusively on our behalf. The subject matter is the analysis of user behavior and the creation of anonymous reports or statistics. The data collected, in particular your IP address, will not be merged with other personal data by Adobe or us. We use the information obtained from this to optimize our website. The legal basis for data processing is § 15 para. 3 TMG or Art. 6 para. 1 lit. f GDPR. The legitimate interests are the purposes mentioned above. Adobe's applicable privacy policy can be found at http://www.adobe.com/de/privacy.html .

You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Omniture from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Omniture can be deleted at any time via an Internet browser or other software programs.

Furthermore, you have the option of objecting to and preventing the collection of data generated by the Adobe cookie relating to the use of this website and the processing of this data by Adobe. To do this, you must press the unsubscribe button under the link http://www.adobe.com/de/privacy/opt-out.html , which sets an opt-out cookie. The opt-out cookie set with the objection is stored on your system. If the cookies on your system are deleted after an objection, you must call up the link again and set a new opt-out cookie. With the setting of the opt-out cookie, however, it is possible that the Internet pages of the controller are no longer fully usable for you.


3.5 Use of Google Analytics

Our website uses the analysis tool Google Analytics, a web analysis service provided by Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland. Web analysis includes the collection, collection and evaluation of information about the behavior of visitors to websites. For example, from which page you came to us, which subpages you accessed and how long a subpage was viewed. Cookies are used for this purpose. Cookies are text files that are stored on a computer system via an Internet browser. The information collected by the cookie is transmitted to a server of Google Inc. in the USA. In addition to information on website use, this also includes your IP address. However, we use Google Analytics with the addition "AnonymizeIP". This means that your IP address will be shortened and anonymized by Google if you visit our site within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The transmitted IP address will also not be merged with other Google data. The purpose of data processing is the evaluation of visitor flows and website use by visitors. On our behalf, Google creates online reports for us. We use the information obtained from this to optimize our website. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interests are the purposes mentioned above. The applicable data protection conditions and terms of use of Google Analytics can be found under https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser and thus permanently object to the setting of cookies. In addition, cookies already set by Google can be deleted at any time via an Internet browser or other software programs.

Furthermore, you have the option of objecting to and preventing the collection of data generated by the cookie relating to the use of this website and the processing of this data by Google. To do this, you need to download and install a browser add-on. You can download it here: https://tools.google.com/dlpage/gaoptout?hl=de. The add-on prevents your data from being collected and processed in the future.

 

3.6 Information on data processing in the context of online meetings

For online meetings, video conferences or webinars ("Online Meetings"), advisors use the tools "Zoom" or "Microsoft Teams".

"Zoom" is a service of Zoom Video Communications Ltd., 55 Almaden Boulevard, 6 th Floor, San Jose, California 95113, USA.

"Microsoft Teams" is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Responsible for the data processing that is directly related to the conduct of online meetings is the advisor who invited you to the respective online meeting. If you access the website of Zoom or Microsoft or use the Zoom or Teams app, Zoom or Microsoft are responsible.

When conducting the online meeting, personal data of the participants will also be processed and, if necessary, stored on servers of Zoom or Microsoft, insofar as these are part of the communication process. This includes, in particular, metadata (e.g. IP addresses, device and hardware information), user data (e.g. user name, e-mail address, password), text, audio and video data.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the appropriate and efficient conduct of online meetings.

 

3.7 Recording obligations pursuant to Section 18a of the Financial Investment Brokerage Ordinance

Deutsche Vermögensberatung AG and the independent commercial agents working for us are obliged in accordance with § 18a Financial Investment Brokerage Ordinance (FinVermV) to record the contents of telephone conversations or other electronic communications for the purpose of preserving evidence as soon as the communication relates to the brokerage of or advice on financial investments. This also applies if the telephone conversation or other electronic communication does not lead to the conclusion of a contract. The records are automatically deleted after expiry of the statutory retention period. Telephone recording is voluntary. You can object to the phone recording. A telephone investment brokerage or investment advice are then excluded. Within Deutsche Vermögensberatung AG, only those departments have access to the records that need them to fulfil the processing purpose. We only pass on the records to other places if we are legally obliged to do so or if this serves the purpose of legal defence. The legal bases for processing are Art. 6 para. 1 lit. c GDPR and § 18a FinVermV.

 

3.8 Personalized offers

From time to time, your advisor may provide you with personalized offers that they believe will fit your interests and needs. For this purpose, your advisor processes your personal data on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in order to send you corresponding information and offers by post or – if you have consented – by e-mail. For this purpose, your advisor uses your contact details (name, address, e-mail address) as well as other information that you have provided to him or us (e.g. information on product interest). Of course, you can object to this advertising use of your data at any time with effect for the future or revoke your consent. Your objection or revocation can be made directly to the respective advisor or by e-mail to datenschutz@dvag.com . You can complete personalized offers online. Only you have access to the offer. If you decide to conclude a contract, we may collect and process further personal data (e.g. name, address, data on insured risk, payment data) within the framework of the respective service or application dialogues. The purpose of data processing is the brokerage of insurance and financial products of our product partners, the preparation of applications and the fulfilment of the associated pre-contractual measures. The legal basis for this is Art. 6 para. 1 lit. b and f GDPR. Data will only be passed on to the product partner with whom you wish to conclude the contract. Further information on data processing by us and our advisors in the brokerage of insurance and financial products can also be found at www.datenschutz.dvag. Information on data processing by product partners can be found in the data protection information of the application of the respective product partner. In order for our advisors to be able to support you with personalized offers and to make our offer even more interesting for you, we collect usage data from the online area of our personalized offers on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) and, if necessary, on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

 

4. Integration of third-party services and content (social plugins, etc.)

Some of our websites use third-party services and content. In particular, so-called "social plugins", videos or fonts. This is done on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the provision and distribution of our content, the analysis, optimization and operation of our website. Our websites may therefore include the services and content of the following third-party providers:

  • Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (controller responsible for the processing of personal data if a data subject lives outside the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Google Ireland Limited Gordon House, Barrow Street Dublin 4, Irland
  • YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066
  • XING AG, Gänsemarkt 43 – 20354 Hamburg – Germany
  • Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA
  • Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103
  • LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA (for data protection matters outside the US: LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland)

If a website uses social plugins, we use the "Shariff" solution to protect your data. Social plugins are thus only integrated on our website as graphics. This means that there is no direct link to the website of the plugin provider. If you click on one of the graphics, you will be forwarded directly to the respective provider. Only then will your data be transmitted to the provider. If you do not click on the graphic, no data will be exchanged with the providers of the integrated social plugins. Further information on the use of your data can be found in the respective terms of use and data protection notices of the respective providers. Information and notes on the Shariff solution we use can be found here: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Further data protection information and information on the social plugins and third-party services we use:


4.1 Privacy policy information for Facebook components

Some of our websites use social plugins and components of the social network Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you use Facebook plugins, your web browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the website. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and in this respect no knowledge of the data collected by Facebook. However, Facebook can learn by calling the plugin that you have visited our website with your IP address. Especially if you are logged in to Facebook with your Facebook profile. By clicking on the Facebook "Like" button, you can also link content from our website to your Facebook profile, which allows Facebook to assign your visit to our website. The same applies to other Facebook plugins that we use.

An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE . Facebook's privacy policy can be found at https://de-de.facebook.com/about/privacy/. On this page you will find further information about the collection, processing and use of personal data by Facebook and which setting options Facebook offers to protect your personal data.


4.2 Privacy policy for YouTube Videos

Videos from the Internet video portal YouTube are embedded on some of our websites. These videos are provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (YouTube). YouTube, LLC is a subsidiary of Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland.

When you visit a website that contains a YouTube component or when you play an embedded video, your web browser establishes a direct connection to YouTube's servers. The content is transmitted directly from YouTube to your browser or downloaded and played. We have no influence on the amount of data that YouTube collects and therefore no knowledge of the data collected by YouTube. However, YouTube may learn by viewing the video that you have visited our website with your IP address. Especially if you are logged in to YouTube with your YouTube profile. More detailed information on data protection and the use of your data by YouTube can be found at https://www.google.de/intl/de/policies/privacy/ .


4.3 Privacy policy information for Instagram components

Some of our websites use plugins of the social network Instagram, e.g. the Insta button. These components are provided and operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA (Instagram).

If you use Instagram plugins, such as the Insta button, your web browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the website. We therefore have no influence on the scope of the data that Instagram collects with the help of this plugin and in this respect no knowledge of the data collected by Instagram. However, Instagram may learn by calling up the plugin that you have visited our website with your IP address. Especially if you are logged in to Instagram with your Instagram profile. By clicking on the Insta button, you can also link content from our website to your Instagram profile, which allows Instagram to assign your visit to our website. More detailed information about the Insta button and other plugins of the provider and the use of your data by Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy .


4.4 Privacy policy LinkedIn Plugins

Some of our websites use the LinkedIn plugin of the social network LinkedIn. This component is provided and operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA (LinkedIn). For privacy matters outside the United States, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

If you use the LinkedIn button, your web browser establishes a direct connection to the LinkedIn servers. The content of the plugin is transmitted by LinkedIn directly to your browser and integrated into the website. We therefore have no influence on the scope of the data that LinkedIn collects with the help of this plugin and thus no knowledge of the data collected by LinkedIn. However, LinkedIn may learn by calling up the plugin that you have visited our website with your IP address. Especially if you are logged in to LinkedIn with your LinkedIn profile. By clicking on the LinkedIn button, you can also link content from our website to your LinkedIn profile, which allows LinkedIn to assign your visit to our website. More detailed information about the LinkedIn button and other plugins of the provider and the use of your data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/cookie-policy .


4.5 Privacy policy information for Twitter components

Some of our websites use plugins and components of the microblogging service Twitter. These components are provided and operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (Twitter).

If you use the Twitter button or Twitter components, your web browser establishes a direct connection to Twitter's servers. The content of the plugin or component is transmitted by Twitter directly to your browser and integrated into the website. We therefore have no influence on the amount of data that Twitter collects with the help of this plugin and thus no knowledge of the data collected by Twitter. However, Twitter may learn by calling up the plugin that you have visited our website with your IP address. Especially if you are logged in to Twitter with your Twitter profile. By clicking on the Twitter button, you can also link content from our website to your Twitter profile or transmit data and information to Twitter or other Twitter users, which allows Twitter and other Twitter users to assign your visit to our website. More detailed information about the LinkedIn button and other plugins of the provider and the use of your data by LinkedIn can be found at https://twitter.com/privacy?lang=de and https://about.twitter.com/de/resources/buttons .


4.6 Privacy policy information for Xing-Share-Button

Some of our websites use the share button of the social network Xing. This component is provided and operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (Xing).

If you use the share button, your web browser establishes a direct connection to the Xing servers. The content of the plugin or component is transmitted by Xing directly to your browser and integrated into the website. We therefore have no influence on the scope of the data that Xing collects with the help of this plugin and thus also no knowledge of the data collected by Xing. However, Xing can learn by calling the plugin that you have visited our website with your IP address. Especially if you are logged in to Xing with your Xing profile. By clicking on the Xing button, you can also link content from our website to your Xing profile or transmit data and information to Xing, which allows Xing to assign your visit to our website. More detailed information about the Xing button and other plugins of the provider and the use of your data by LinkedIn can be found at https://www.xing.com/privacy and https://www.xing.com/app/share?op=data_protection .


4.7 Privacy policy for Google Maps and Google Fonts

Some of our websites use the map service "Google Maps" and fonts of the service "Google Webfonts" of Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland. We use the Google Maps API to visually display and integrate geographic information on individual websites. When using Google Maps, Google also processes data about the use of the map functions. In addition, we use font libraries from Google Webfonts. Font libraries are transferred to the cache of your browser. If your browser settings do not allow this, or if your browser does not support the fonts, font content will be displayed in a default font. To transfer the font libraries to your cache, a connection to the service provider is automatically established.

Further information about data processing by Google can be found here: https://www.google.com/policies/privacy/.


5. Changes

We reserve the right to change this data protection declaration for the future.