Data protection information

The following data protection declaration explains which personal data we process and how we process it.

Legal controller and data protection officer

Responsible for this website is
HKCF Corporate Finance GmbH
Vor den Siebenburgen 2
50676 Köln
info@hkcf.de

You can contact the data protection officer by e-mail at:
datenschutz@hkcf.de

Purposes and legal bases for processing your data

Protocol data
Every time you access a website, your web browser automatically sends information (known as protocol data) to our web server for technical reasons. We save some of this information in log files, e.g.

• Access date
• Access time
• URL of the referring website
• file opend
• Quantity of data transmitted
• Browser type and version
• Operating system
• IP address

In general, we only analyse protocol data in order to rectify faults in the operation of our website or to clarify security incidents.
When rectifying faults or processing evidence in the event of security incidents, it may be necessary for us to collect personal data in addition to the protocol data. In such cases, the protocol data is processed on the basis of a legal permit.
Processing in such cases is performed on the basis of Art. 6 Para. 1(f) GDPR. Our interest is the technical provision, security and optimisation of the website.

Contact by e-mail
You can contact us using the email address provided on the website. In this case, the user’s personal data sent with the email will be stored. Other data that you share with us will make it easier to contact you directly or will make processing more prompt and efficient.
Processing in such cases is performed on the basis of Art. 6 Para. 1(b) and (f) GDPR.

Applicant data
The personal data you provide in your application will be collected and processed for recruitment and hiring purposes. This may include the following data:

• Contact details, such as your name, address, telephone number and e-mail address
• Information about your professional experience and skills, as well as previous employment, language skills, performance appraisals and evaluations
• Photo (if added voluntarily)

It is not intended that specific types of personal data will be processed. However, if you provide us with such data, e.g. health data, this data will also be processed.
This processing is mainly based on Art. 88 GDPR in combination with § 26 FDPA as well as Art. 6 para. 1 lit. b and lit. f GDPR.

Suppliers, clients and other interested parties
We use contact and communications data, as well as other relevant personal data, from our suppliers, customers, other interested parties or other persons with whom we make contact and exchange information as part of our business activities, to the extent that they or their staff are natural persons. This starts with the exchange of business cards, automated management of contact data, the sending of information and news through to communication within the framework of a collaboration. We process these data for the purpose of the business relationship, for communication, publicity and to maintain contact. Processing is based for the most part on art. 6 para. 1 lit. f GDPR, and our justifiable interest is in making acquaintance, handling business collaborations, publicity measures and maintaining contact. If the customers themselves are natural persons, and a contractual relationship exists with them or is pending, we base processing on art. 6 para. 1 lit. b GDPR.

Recipients
To implement and operate our website, we work with service providers who may receive personal data under certain circumstances:

• Providers of hosting services
• IT service provider
• Providers of programming services
• Authorities and institutes, if a legal obligation exists

We send your data to the recipients only if this is necessary to fulfil a contract with you or if a legitimate interest in passing on your data exists or if you have provided your consent for the data to be passed on.

Transfer to recipients outside the EEA
We do not pass on personal data to recipients based outside the European Economic Area (EEA) in so-called third countries. Further information on this, in particular on the measures taken, can be obtained from our data protection officer.

Information on external links

Google Maps:
We integrate Google Maps to display interactive maps and to create directions on our website. Google Maps is a map service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When visiting our website your browser establishes a direct connection with Google’s servers. The map content is transmitted by Google directly to your browser which integrates into the website. Therefore we have no influence on the scope of the data collected by Google and are not responsible for this. To the best of our knowledge this is at least the following data:

• Date and time of your visit to the website
• Internet address or URL of the website accessed
• IP address, (start) address entered for route planning

If you do not want Google to collect, process or use your data via our website you can deactivate JavaScript in your browser settings. In this case you will not be able to use the map display.
The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options for your privacy can be found in Google’s data protection information.
By using our website you consent to the processing of data by Google Maps Route Planner as described as well as for the purpose above.

LinkedIn:
Our social media presence is intended to ensure the broadest possible presence on the internet. If you visit our LinkedIn profile, we may be jointly responsible with LinkedIn for the data processing operations triggered during this visit. You can assert your rights both against us and against LinkedIn.
Please note that despite our joint responsibility with LinkedIn we do not have full control over LinkedIn’s data processing operations. Our options are largely determined by their company policy.
Please note that an adequacy decision for the EU-US Data Privacy Framework has been in place since 10.07.2023. This permits the transfer of personal data from the EU to US companies that have joined the framework by means of certification.
This processing is based on Art. 6 para. 1 lit. b and lit. f GDPR. The analysis processes initiated by LinkedIn may be based on different legal bases, which must be specified by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland.

Storage duration
If we store your personal data, this will only be for a limited period of time and no longer than necessary. In principle, we delete your data if it is no longer necessary for the processing purpose for which it was collected or if there are other legal reasons that require deletion.
Insofar as we are subject to statutory retention obligations that require longer storage, we store the data for this period, in particular to fulfill retention periods under commercial and tax law, which are between 2 and 10 years.

Other legal reasons for retention may be that we must retain data for evidence purposes for the duration of the applicable statute of limitations. These periods are generally between 2 and 30 years.

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose of its storage no longer applies, you request us to delete it or revoke your consent to storage.
Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected. We have no influence on the storage period of your data that is stored by LinkedIn for its own purposes. For details, please contact LinkedIn directly (e.g. in their privacy policy).

Rights of those affected:

Right to information
You can request information in accordance based on Art. 15 GDPR about your personal data that we process.

Right to rectification
If the information concerning you is not (or no longer) correct, you can request a correction based on Art. 16 GDPR. If your data is incomplete you can request it to be completed.

Right to erasure
You have the right to request that we delete your personal data based on Art. 17 GDPR.

Right to restrict processing
Based on Art. 18 GDPR you have the right to request that the processing of your personal data is restricted.

Right to complain
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice based on Art. 77 para. 1 GDPR. This also includes the data protection supervisory authority responsible:

Die Landesbeauftragte für den Datenschutz Nordrhein-Westfalen,
Kavalleriestraße 2-4
40213 Düsseldorf
e-mail: poststelle@ldi.nrw.de

Right to data portability
If the requirements of Art. 20 para. 1 GDPR are met you have the right to have data that we process automatically based on your consent or in fulfilment of a contract handed over to you or to third parties. The collection of data for the provision of the website and the storage of log files are necessary for the operation of the website. They are therefore not based on consent in accordance with Art. 6 para. 1 lit. a GDPR or on a contract in accordance with Art. 6 para. 1 lit. b GDPR but are justified in accordance with Art. 6 para. 1 lit. f GDPR. The requirements of Art. 20 para. 1 GDPR are therefore not met in this respect.

Right of objection according to Art. 21 para. 1 GDPR
You have the right to object on grounds relating to your particular situation at any time to process your personal data which is based on Art. 6 para. 1 lit. f GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are necessary for the operation of the website.

Revocation of consent
If you have given us your consent to process your personal data, you can revoke this at any time and without giving reasons with effect for the future. To do so please contact the contact point where you gave your consent or the data protection officer directly.