Thank you for visiting our platform. For your convenience we have provided a translation of our Datenschutzerklärung – Data Protection declaration. This translation is for informal purposes only, and the definitive version of this page is the German version you find under https://innovestment.eu/datenschutzerklaerung.
With regard to the terms used (e.g. personal data, person responsible) we refer to the definitions of the EU General Data Protection Regulation (GDPR).
Responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations:
Managing Director: Christin Friedrich
Friedrichstrasse 68, 10117 Berlin, Germany
email: [email protected]
Phone: +49 30 577 010 870
As a matter of principle, we collect and use personal data only to the extent that this is necessary to provide a functional platform and our content and services, you have given your consent or the processing of the data is permitted by a legal regulation.
Insofar as we obtain your consent for processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.
When processing personal data which is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or of a third party and if your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
If the processing of your personal data is based on Art. 6 para. 1 lit. f GDPR, our legitimate interest, unless otherwise stated, is the performance of our business activities. In all other respects, we have stated our purposes and interests in each case within the framework of the above list of processing.
Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply or you revoke your consent. Furthermore, data may be stored if this has been provided for by the European or national legislator in union-law ordinances, laws or other regulations to which the person responsible is subject. If the purpose of storage ceases to apply, if you revoke your consent or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.
Recipients of the data collected via our platform are primarily us as a responsible company. In addition, at best, contract processors (web hosters, IT service providers, etc.) have access to the data collected via our platform. Compliance with the legal regulations is, however, guaranteed in this respect by processing contracts which we conclude with our processors based in the EU. Data will only be transferred to so-called third countries outside the EU if and insofar as this has been pointed out below.
You can visit our platform without personal data being collected. However, if you wish to make use of our services, the provision of personal data is mandatory for the execution of the contract.
We do not carry out automatic decision making or profiling in the sense of Art. 22 GDPR.
We secure our platform and other systems through comprehensive technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. These measures are subject to constant review and improvement in order to guarantee the current state of the art.
Our hosting provider automatically saves access data in so-called server log files every time our platform is accessed.
This includes the date and time of retrieval.
Temporary storage of the IP address by the system is necessary to enable delivery of the platform to your end device. For this purpose, your IP address must remain stored for the duration of the session.
The legal basis for the temporary storage of your data and log files is Art. 6 para. 1 lit. f GDPR.
This data is evaluated exclusively to ensure the permanent and trouble-free operation of the platform and to improve the contents of our platform as well as for transmission to law enforcement agencies in the event of a cyber attack and to ensure the security of our information technology systems. For this purpose, the above-mentioned data will be stored for a maximum of 7 days. Data whose further storage is required for evidence purposes will be stored until the respective incident has been finally clarified.
The collection of data for the provision of the platform and the storage of the data in log files is absolutely necessary for the operation of our platform. There is therefore no possibility of objection.
In order to make visiting our platform attractive and to enable the use of certain functions, we use so-called "cookies" on our platform. These are small text files which are stored and saved on your end device via a browser.
Many cookies contain a so-called cookie ID. It consists of a string of characters which can be used to assign websites and servers to a specific browser in which the respective cookie was stored.
We set the following cookies:
|Name des Cookies||Function of the cookie||Collected data||Storage duration|
|__cfduid||The _cfduid cookie helps us to detect malicious visitors to the platform and minimizes blocking of legitimate users.||The _cfduid cookie collects and anonymizes end-user IP addresses with a one-way hash of certain values so that they cannot be personally identified.||1 year|
|__cflb||The __cflb cookie ensures that a user is redirected to the same server for all requests to our platform.||A unique randomized value.||24h|
|web-director-info||The web-director-info cookie enables us to identify a user of our platform across all requests to our platform.||A unique randomized value. Data about the origin (referrer) of the user. No personal data.||1 year|
|web-director- session||The web-director-session cookie enables us to identify expired sessions.||A unique randomized value. Time of last activity.||24h|
|web-director-vh||The web-director-vh cookie enables us to recognize users as real visitors to protect us from bots.||True or False||No time lapse|
|WD_COOKIE_GDPR _CONSENT||The WD_COOKIE_GDPR_CONSENT allows us to determine whether a user has read the privacy statement on our site.||True or False||No time lapse|
The legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies, which are not necessary for the operation of our platform, is Art. 6 para. 1 lit. a GDPR, if you have given your consent to this.
You have the possibility to register on our platform. As part of the registration process, we are required by law to collect certain data from investors (Investors) such as knowledge and experience in relation to transactions with certain types of financial assets or data from identification documents (e.g. identity card or passport) ("Mandatory Data"). The scope of this data query is defined by the Financial Investment Brokerage Ordinance (Finanzanlagenvermittlungsordnung – FinVermV) and the Capital Investment Information Sheet Audit Ordinance (Vermögensanlagen-Informationsblatt- Bestätigungsverordnung – VIBBestV). Mandatory information within the scope of registration is marked with an asterisk and is required for the conclusion of the user contract. Which data is collected can be seen from the respective input forms. Within the scope of registration as a natural person, these are: Your name and your email address, your address and your telephone number, your date and place of birth as well as data on your identity document. If you register as a company, we will collect your email address, company name, company form, date of incorporation, registration number, registry administrator, address and the following data on your representative: his name, address, telephone number, date and place of birth and data on his identity document. You must also create a password. If you do not provide these details, you cannot create a user account.
The legal basis for the processing of your data is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.
We also store your IP address and the date and time of registration in order to prevent the misuse of our platform and the services offered on it and to clarify any criminal offences committed. The storage of this data is therefore necessary for our own protection. The legal basis for this processing of personal data is Art. 6 para. 1 lit. f GDPR. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
In the context of the use of our services, we also use the data provided by you during registration.
The legal basis for the processing of your data is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.
For the purpose of contract processing, we transfer your data to the companies in which you have invested via our platform. These companies require the necessary personal data (name, place of residence, year of birth and investment) for the execution and processing of the contractual relationship.
This data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on of the data serves criminal prosecution.
After complete processing of the contract or deletion of your account, your data will first be blocked for further use and then deleted after the legal retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you below.
You have the possibility to object to the processing at any time and to delete your account. In such a case the contractual relationship with you cannot be continued.
You have the opportunity to register for our partner program and recommend Innovestment and the investments we broker through our partner program.
To do this, you must provide third parties with a corresponding affiliated link, a so-called partner link. The third party is provided with a unique identification feature via the partner link, without stating your name and first name in the link.
In the event of a successful recommendation by several third parties, we will link the investment sums made by the third parties via the platform to your account, but without providing any further identification features.
We also use the account data you have provided us with to pay you the corresponding commissions.
The legal basis for the processing of your data is accordingly the fulfilment of the partner contract with you in accordance with Art. 6 Para. 1 lit. b GDPR.
We only use the data you provide us with for the contract processing of the partner program.
We also store your IP address and the date and time of recommendation emails sent via the partner program in order to prevent misuse of the partner program and to clarify any criminal offences committed. The storage of this data is therefore necessary for our own protection. The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
After complete processing of the contract or deletion of your account, your data will first be blocked for further use and then deleted after the legal retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are legally permitted and about which we inform you below.
Registered agents have the possibility to advertise our services and offers on our platform. For this purpose, intermediaries can integrate a direct link (a so-called partner link) to our offers on their website or send this partner link to interested third parties by email. The third party is provided with a unique identification feature of the agent via the partner link in order to be able to assign the advertised third party to the respective agent.
The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR, if consent has been given.
The recruited third party can give his consent e.g. via the cookie banner of the agent or directly to the agent and revoke it in the settings at any time with effect for the future.
Your IP address is immediately pseudonymised during this process so that we can no longer assign the IP address directly to you as a person. The software runs exclusively on our servers.
We use the collected data to evaluate the use of our platform by you and our other users and thereby constantly improve our platform.
In addition to this platform, we also maintain presences in various social networks. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to the storage of the data you specifically entered in this social network, further information may also be processed by the social network provider. Thus, your data is usually processed for market research and advertising purposes, among other things, to create corresponding user profiles and to display personalised advertising to you. For this purpose, the social network provider usually stores cookies on your end device, in which your usage behaviour and interests are stored. In addition, the social network provider may process the most important data of the computer system from which you visit it, for example your IP address, the type of processor used and browser version including plug-ins.
If you are logged in with your personal user account of the respective network during the visit of such a network, this network can assign the visit to your account. If you do not wish to have such an assignment, you must log out of your account and delete the cookies before visiting our social media presence.
The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR. Provided that you have given your consent for processing to the respective provider of the social network, the legal basis for processing your data is Art. 6 para. 1 lit. a GDPR.
We maintain a presence in the respective social networks in order to be able to communicate with you there and inform you about our services. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.
For further information on the purpose and scope of data collection as well as on the further processing and use of your data and the possibility to opt-out, please refer to the data protection regulations of the respective network:
Facebook is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have entered into a data sharing agreement with Facebook pursuant to Art. 26 GDPR. For more information on data sharing, please refer to the Facebook terms and conditions.
Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Google and Youtube are operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The USA is an unsafe third country. However, Google LLC has voluntarily certified itself under the US-EU Privacy Shield Agreement, thereby committing itself to comply with EU privacy standards. The entity responsible for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
LinkedIn is operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.
Xing is operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
On our platform we integrate videos from the social network youtube.com, which is operated by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA YouTube. YouTube LLC is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. The entity responsible for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you access our platform, your browser establishes a direct connection with the YouTube servers. Your browser is automatically prompted by the respective video embedded on our platform to download a representation of the corresponding component from YouTube. In the course of this technical process, YouTube is informed about which specific subpage of our platform you are visiting.
If you use the videos, the corresponding information – e.g. the activation of the play button – is transmitted from your browser to YouTube, possibly linked to your user account and stored.
The legal basis for the use of your data is Art. 6 para. 1 lit. f GDPR.
Our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR lies in the optimisation and economic operation of our platform.
If you are logged in with your personal Google Account during your visit to our platform, YouTube may associate your visit and the specific sub-pages of our platform you visited with your account.
If you don't have a Google Account, there is still the possibility that YouTube may store your IP address.
If you do not wish to receive such processing, you must log out of your Google Account and delete your cookies before visiting our platform.
You can object to the use of your data by Google at any time by clicking on the following link: https://adssettings.google.com/authenticated.
We integrate the Google Maps API on our platform, a map service for displaying maps and creating directions to make it easier for you to find our location. Google Maps is operated by Google LLC (www.google.de), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Responsible for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google reserves the right to transfer data to Google LLC in the USA. However, Google LLC has voluntarily certified itself under the US-EU Privacy Shield Agreement and is thus committed to complying with EU data protection requirements.
By visiting our platform, Google receives the information about the call of our platform as well as other log files, if applicable. Google stores and uses the data for the purposes of advertising, market research and/or the design of its own services to meet requirements. This cookie is usually not deleted by closing the browser, but expires after a certain time (up to 24 months), unless you delete it first.
The legal basis for the use of Google Maps is Art. 6 para. 1 lit. f GDPR. The purpose of the data processing is to enable us to find our location.
You have the possibility to easily deactivate the service of Google Maps and thus prevent the data transfer to Google:
You can object to the use of your data by Google at any time by clicking on the following link: https://adssettings.google.com/authenticated.
For further information on data protection, please refer to the data protection regulations of Google: https://policies.google.com/privacy.
You can register to receive our newsletter. Our newsletter appears regularly and contains information about our projects as well as about the industry and relevant events.
To register, you must provide us with your email address. Other information that serves to optimise the newsletter can be provided voluntarily. The registration takes place in a so-called double opt-in procedure. After registering on our platform, you will receive a confirmation email from us in which you must confirm your registration once again. This entire process is documented and saved. This includes the storage of the registration and confirmation time as well as the storage of your IP address. The collection of this data is necessary so that we can trace the processes in the event of misuse of the email address and therefore serves as a legal safeguard. By subscribing to our newsletter, you agree to receive it.
We use the data you provide during registration exclusively to send you our newsletter. Furthermore, we could inform you if this is necessary for the operation of the newsletter, e.g. in case of changes in the newsletter offer or if technical conditions change.
The legal basis for the processing of your data after registration for the newsletter is Art. 6 para. 1 lit. a GDPR, if you have given your consent.
You can revoke your consent to the storage and use of your personal data to receive the newsletter at any time with effect for the future. To revoke your consent, you can use the link provided for this purpose in the newsletter or inform us of your revocation by email to the following address: [email protected]
Your data will be deleted as soon as they are no longer required for the purpose of their collection. Your email address will therefore be stored for as long as your subscription to the newsletter is active.
Due to legal regulations, we provide information on our platform that enables rapid electronic contact with us and direct communication with us. This includes above all our email address. As far as you contact us by email, the personal data transmitted by you will be stored automatically.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Par. 1 lit. f GDPR. If the purpose of the contact is the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
However, we use the personal data provided by you exclusively for the processing of your concrete inquiry. The data provided will always be treated confidentially.
Your details may be stored in a customer relationship management system (CRM system) or other customer data organisation tool.
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data sent by email, this is the case when the respective conversation with you has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.
If you contact us, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.
You have the possibility to make an appointment with us on our platform. We use the online calendar Calendly to request and select an appointment. Calendly is an offer from Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States.
Your details from the Calendly form, including the data you enter there, will be stored by us for the purpose of processing your enquiry and in the event of follow-up questions. This data remains with us until you request us to delete it, revoke your consent to store it or the purpose for which it was stored ceases to apply (e.g. appointment made). Mandatory legal provisions – in particular retention periods – remain unaffected.
We use the following external payment service providers to process payments:
Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland
You transmit to the respective payment service provider your inventory data, such as first name, surname, address, date of birth, gender, email address, IP address, telephone number, mobile phone number as well as your bank data, as far as they are necessary for payment processing, e.g. account numbers, credit card numbers, passwords, TANs, check numbers, validity date and CVC code. For the processing of the payment also such personal data are necessary, which are in connection with your respective investment, such as the amount of the investment and fiscal charges, which we transmit to the respective payment service provider.
The transmission of the data is exclusively for the purpose of payment processing. The legal basis for the transmission of the data to the respective payment service provider is therefore Art. 6 para. 1 lit. b. GDPR, insofar as the payment serves to fulfil a contract. Otherwise, we use external payment service providers on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR in order to offer you an effective and secure payment option.
We do not get access to the entered data, they are processed and stored exclusively by the payment service providers. The payment service providers may transfer your data to credit agencies for identity and credit checks and fraud prevention.
Payment transactions are subject to the terms and conditions of the respective payment service provider. For further information on data protection, please refer to the respective data protection declaration:
Stripe Payments Europe Ltd: https://stripe.com/de/privacy#pagmt
If your personal data is processed, you as a data subject within the meaning of the GDPR are entitled to the following rights:
In addition, you have the right to receive free information from us at any time about the personal data stored about you and a copy of this information. You also have a right to information regarding the following information:
Furthermore, you have the right of information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate guarantees in connection with the transfer.
You have the right to request the immediate correction and/or completion of incorrect or incomplete personal data concerning you. We must make the correction without delay.
You have the right to demand that we restrict processing if one of the following conditions is met:
Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.
You have the right to demand that the personal data relating to you be deleted immediately if one of the following reasons applies and insofar as the processing is not necessary
If the personal data have been made public by us and if we, as data controllers, are obliged to delete the personal data pursuant to Art. 17 para. 1 GDPR, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, unless the processing is necessary.
If you have asserted the right to rectification, erasure or limitation of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
You have the right to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without hindrance from us, provided that the processing is based on the consent pursuant to Art. 6 para. 1 lit a GDPR or Art. 9 para. 2 lit a GDPR or on a contract pursuant to Art. 6 para. 1 lit b GDPR, and provided that the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to us.
Furthermore, when exercising your right to data transfer in accordance with Art. 20 Paragraph 1 GDPR, you have the right to request that personal data be transferred directly from us to another responsible party, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6, paragraph 1, letters e or f of the GDPR. This also applies to profiling based on these provisions.
In the event of an objection, we no longer process the personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
To exercise your right of objection, you can contact us at any time.
You have the right to revoke your consent to the processing of personal data at any time. Revocation of your consent does not affect the lawfulness of the processing that has taken place on the basis of your consent until revocation.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
DATED: February 26, 2020