Data protection information

The following data protection declaration explains which personal data we process and how we process it.

Controller and data protection officer
We would like you to know who is legally responsible for processing your data and who exactly you should contact in all matters relating to your data.

Controller:
HKCF Corporate Finance GmbH
Vor den Siebenburgen 2
D- 50676 Cologne
Data protection officer
c/o HKCF Corporate Finance GmbH
Vor den Siebenburgen 2
D- 50676 Cologne
datenschutz@hkcf.de

Purposes and legal basis
Protocol data
Every time you access a website, your web browser automatically sends information (known as protocol data) to our web server for technical reasons. We save some of this information in log files, e.g.

• Access date
• Access time
• URL of the referring website
• File opened
• Quantity of data transmitted
• Browser type and version
• Operating system
• IP address

In general, we only analyse protocol data in order to rectify faults in the operation of our website or to clarify security incidents.
When rectifying faults or processing evidence in the event of security incidents, it may be necessary for us to collect personal data in addition to the protocol data. In such cases, the protocol data is processed on the basis of a legal permit.
Processing in such cases is performed on the basis of Art. 6 Para. 1(f) GDPR. Our interest is the technical provision, security and optimisation of the website.

Contact by email
You can contact us using the email address provided on the website. In this case, the user's personal data sent with the email will be stored. Other data that you share with us will make it easier to contact you directly or will make processing more prompt and efficient.
Processing in such cases is performed on the basis of Art. 6 Para. 1(b) and (f) GDPR.

Suppliers and customers
We use contact and communication data and other relevant personal data from our suppliers and customers provided that they or their employees are natural persons. We process this data in order to exercise the business relationship, and to communicate and maintain contacts.
Processing in such cases is performed on the basis of Art. 6 Para. 1(f) GDPR. Our legitimate interest is the exercise of the business relationship and the maintenance of contacts.

Recipients
To implement and operate our website, we work with service providers who may receive personal data under certain circumstances:

• Providers of hosting services
• IT service providers
• Providers of programming services
• Authorities and institutes, if a legal obligation exists

We send your data to the recipients only if this is necessary to fulfil a contract with you or if a legitimate interest in passing on your data exists or if you have provided your consent for the data to be passed on.

Passing on data to recipients outside the EEA
We do not pass on data to recipients who are based outside the European Economic Area (EEA) in third countries.
Further information, in particular relating to the measures taken, can be obtained from our data protection officer.

Obligation to provide personal data
If the personal data is required to initiate and exercise the business relationship and the associated contractual or legal obligations, you must provide this data so that we can fulfil our obli-gations to perform services or our legal obligations. If the data is not provided, it may no long-er be possible for us to perform the service, or it may not be possible for us to perform the service in the proper manner or in full.

Storage period
If we store your personal data, then we store it for a limited period only and for no longer than necessary. In general, we delete data when it is no longer required to fulfil the processing purpose for which it was collected, or if there are other legal reasons that make it necessary for the data to be deleted.
If we are subject to legal retention periods that require us to retain data for a longer period, we store the data for this period, particularly in order to comply with retention periods under commercial and fiscal law, which are between two and ten years.
Other legal reasons for retaining data may exist insofar as we are required to retain data for evidence purposes for the duration of the applicable statute of limitations. These periods are generally between two and thirty years.

Your rights in relation to your personal data
You have the following legal rights in relation to your personal data. You can contact our data protection officer for more information, including if you want to know more about what these rights mean in detail. As the legal details are extremely complicated, we have provided the most important information on the rights below. Please let us know in what form you wish to receive the information. If you do not specify a preference, we will generally answer your request in the same form as the request itself. You will receive a reply within one month. In the event that requests are received that are clearly unjustified or are excessive in number, we are authorised to demand appropriate payment or to reject your request.

Access to your data, Art.15 GDPR
You have the right to request information about whether we process your personal data or not. If we do process your personal data, you will receive information about the specific data in question along with additional information.

Rectification of your data, Art. 16 GDPR
You have the right to request that we rectify your data in the event that it is incorrect, inapplicable and/or incomplete; the right to rectification includes the right to have incomplete personal data completed by providing supplementary statements.

Deletion of your data, Art. 17 GDPR
You have the right to request that we delete your data provided that there is no longer any reason to retain the data.

Restriction of processing of your data by us. Art. 18 GDPR
You have the right to arrange for the processing of your personal data to be restricted in certain cases and for a certain period.

Data portability, Art. 20 GDPR
Under certain circumstances, you have the right to request that your data be issued in a commonly used electronic, machine-readable data format.
The right to data portability includes the right to transmit the data to another controller; on request and where technically feasible, we will therefore transmit your data to a controller nominated or to be nominated by you. The right to data portability exists only for data provided by you and requires that the data is processed on the basis of consent or for the performance of a contract and using automated processes.

Objection to the processing of your data, Art. 21 GDPR
In the event that personal data is processed in order to perform tasks carried out in the public interest (Art. 6 Para. 1(e) GDPR) or for the purposes of legitimate interests (Art. 6 Para. 1(f) GDPR), you can object to the processing of your personal data at any time with effect for the future, provided that there is no reason for your personal data to be processed further.

(Please note that you may not assert the right to object if the data is processed on the basis of consent. However, as you have the right to withdraw consent with effect for the future whenever data is processed with your consent, your withdrawal will achieve a comparable out-come to an objection.)

Withdrawal of consent
If you have given us your consent to the processing of your personal data, you can withdraw this consent at any time and without specifying reasons with effect for the future. Please notify the point of contact to whom you gave your consent or contact the data protection officer directly.

Complaints
You have the right to lodge a complaint pertaining to the processing of your personal data with the responsible supervisory authority (Art. 77 GDPR).