Data Protection

Privacy Notice

We at ACRON AG attach great importance to the protection of your privacy when you use our website. The following explanations are meant to inform you about the nature, scope and purpose of collecting and using personal data when you visit our website.

The Privacy Notice (including legally required information) is divided into two parts:

  • Part 1: Data protection information regarding our data processing pursuant to Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR)
  • Part 2: Privacy Notice for our website



Part 1: Data protection information

Data protection information regarding our data processing pursuant to Articles (Art.) 13, 14, and 21 of the General Data Protection Regulation (GDPR). We take data protection seriously and would like to inform you here about how we process your data and about the claims and rights you are entitled to under data protection regulations. Valid from May 25, 2018.


1. Data controller and the contact information of the data controller within the meaning of the data protection law

ACRON AG
Splügenstrasse 14
8002 Zurich
Switzerland
Phone: +41 44 20 43 400
Fax: +41 44 20 43 409
infoacronch

and its subsidiaries.

Represented by:
ACRON Lux Invest S.á r.l.
121, avenue de la Faiencerie
1511 Luxembourg
Grand Duchy of Luxembourg
infoacronlu

Contact information of our data protection officer:
ACRON Lux Invest S.á r.l.
Mr. Ertan Isen
121, avenue de la Faiencerie
1511 Luxembourg
Grand Duchy of Luxembourg
datenschutzacronlu

2. Purposes and legal bases on which we process your data


We process personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) and other applicable data protection provisions (cf. details below). Which data is processed in detail and how the data is used largely depends on the respective services and contracts requested and/or agreed in each case. Further details to and supplementary information on the purposes of data processing can be found in the respective contract documentation, forms, a declaration of consent and/or other information with which you were provided (e.g., in the context of using our website). In addition, this data protection information may be updated from time to time.

 

2.1 Processing for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6 para. 1 b of the GDPR)


The processing of personal data serves the purpose of performing our contracts with you and executing your orders in addition to implementing measures and activities prior to entering into a contract, e.g., with interested parties. Most notably, the processing therefore serves to provide services in accordance with your orders and wishes, and it encompasses the services, measures and activities required for this purpose. This essentially includes any contract-related communication with you and any verifications of transactions, orders and other agreements, and any measures taken for quality control purposes through corresponding documentation, goodwill procedures, measures to manage and optimize business processes, and for meeting general due diligence obligations, management and supervision on the part of affiliated companies (e.g. parent company). It also covers any statistical evaluations for business management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of operational services, risk management, assertion of statutory claims and defense in legal disputes; safeguarding IT security (inter alia system and plausibility tests) and general security, such as building and plant security, and safeguarding and protecting the right of owner of premises to undisturbed possession (e.g. through access controls); ensuring the integrity, authenticity and availability of the data, prevention and investigation of criminal offenses; and control measures exercised by supervisory boards or control bodies (e.g., auditing).


2.2 Processing for purposes of the legitimate interests pursued by us or by a third party (Art. 6 para. 1 f of the GDPR)

  • Above and beyond the performance proper of the contract or of the steps prior to entering into a contract, we can process your data if it is necessary in order to preserve legitimate interests pursued by us or by a third party, especially for the purposes of:
  • advertising or market and opinion research, unless you have objected to the use of your data
  • obtaining information and exchanging data with information agencies to the extent this exceeds our economic risk
  • reviewing and optimizing requirement analysis procedures
  • enhancing services and products as well as existing systems and processes
  • disclosing personal data in the context of due diligence during negotiations on the sale of an enterprise
  • comparing information with European and international anti-terrorist lists to the extent it exceeds statutory obligations
  • enriching our data, for example by using or researching publicly available data
  • performing statistical evaluations or market analyses
  • benchmarking
  • asserting legal claims and defense in legal disputes that are not directly attributable to the contractual relationship
  • storing the data within limits if deleting it is not possible at all or would involve unreasonably high effort or expense due to the particular type of data storage
  • developing scoring systems or automated decision-making processes
  • preventing and investigating criminal offenses unless exclusively for meeting statutory requirements
  • ensuring building and plant security (e.g., through access controls and video surveillance) to the extent it exceeds general due diligence obligations
  • performing internal and external investigations, security checks
  • possibly overhearing or recording telephone conversations for quality control and training purposes
  • obtaining and preserving certifications of a private law and official nature
  • safeguarding and protecting the right of owner of premises to undisturbed possession through taking appropriate measures including, e.g., video surveillance for the protection of our customers and employees and for the preservation of evidence in criminal offenses and their prevention


2.3 Processing within the limits of your consent (Art. 6 para. 1 a of the GDPR)


Processing your personal data for certain purposes (e.g., using your email address for marketing purposes) can also be a result of your consent to such processing. As a rule, you are free to revoke your consent at any time. This also applies to revoking declarations of consent with which you provided us before the GDPR took effect, i.e., prior to May 25, 2018. You will be provided with information on the purposes and consequences of revoking consent or refusing to grant consent separately in the corresponding wording of the consent.

As a rule, the revocation of consent only applies to the future. Any processing performed prior to the revocation remains unaffected and continues to be lawful.


2.4 Processing for compliance with legal obligations (Art. 6 para. 1 c of the GDPR) or in the public interest (Art. 6 para. 1 e of the GDPR)

Just like any player that takes part in business life, we, too, are subject to numerous legal obligations. These primarily result from statutory requirements (e.g., commercial or tax laws) but regulatory or other official requirements can also play a role. The purposes of processing data can include identity and age checks; fraud and money laundering prevention; preventing, combating and investigating terrorist financing and criminal offenses that damage property; comparisons of information with European and international anti-terrorist lists; compliance with control and reporting obligations under tax law; archiving data for data protection and data security purposes; and audits performed by fiscal and other authorities. In addition, disclosure of personal data might be necessary in the context of official/judicial acts for the purpose of collecting evidence, criminal prosecution or enforcement of civil-law claims.


3. The categories of the data processed by us, insofar as we do not receive the data directly from you, and its origin

  • To the extent that this is necessary for performing our services, we process personal data lawfully received from other companies or other third parties (e.g., information agencies, address databases). Moreover, we process personal data that we lawfully obtained, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, civil registers, debtors’ directories, land registers, the press, the internet and other media) and that we are allowed to process.
  • Relevant personal data can in particular include:
  • Personal details (name, date of birth, place of birth, nationality, marital status, occupation/trade and similar data)
  • Contact information (address, email address, telephone number and similar data)
  • Address information (residential registration information and similar data)
  • Tax information
  • Confirmation of payment/coverage limits for debit and credit cards
  • Information on your financial situation (e.g., creditworthiness data including scoring, i.e. information for an assessment of economic risk)
  • Customer history
  • Data on your use of the telemedia we provide (e.g., time of access to our web pages, apps or newsletters, clicked pages/links on our pages, and/or entries and similar data)
  • Video data


4. Recipients or categories of recipients of your data

Your data is received by the internal departments and organizational units within our company that need this data to meet our contractual and statutory obligations or to handle and enforce a legitimate interest we are pursuing. The disclosure of your data to external parties is restricted to the following cases:

  • In connection with contract performance
  • For the purpose of meeting statutory requirements that oblige us to inform about, report or disclose data, or provided the disclosure of the data is in the public interest (cf. clause 2.4)
  • To the extent that external service providers process data on our behalf as processors or parties that assume certain functions (e.g., external data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money-laundering purposes, data validation and/or plausibility check, data destruction, purchasing/procurement, customer management, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing service, credit institutions, printing houses or data removal companies, courier services, logistics)
  • As a result of our legitimate interest or the legitimate interest of a third party as part of the purposes listed in section 2.2 (e.g., public authorities, information agencies, debt collection, lawyers, courts of law, appraisers, companies that belong to the group and boards and supervisory bodies)
  • If you have consented to our transmitting your data to third parties

     

    We will not transfer your data to third parties above and beyond the cases provided for above. To the extent that we commission service providers with processing data, your data is subject to the same security standards at these providers’ places of business as we use at our place of business. Above and beyond these considerations, the recipients may only use the data for the purposes for which they have been provided with the data.


    5. Length of time your data is stored

    We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual relationship) and the performance of a contract.

    Furthermore, we are subject to various statutory retention and documentation obligations. The retention and/or documentation periods stipulated there can last up to ten years from the end of the business relationship or the pre-contractual relationship. Moreover, special statutory provisions can prescribe a longer retention period like in the case where evidence must be preserved under the legal provisions governing the statutes of limitation.

    If the data is no longer required for complying with contractual or statutory obligations and rights, it is regularly deleted, unless its continued processing - for a limited period of time – is still necessary to fulfill the purposes listed in clause 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to exist, for example, if its deletion is not possible at all or would involve an unreasonably high effort or expense due to the particular type of data storage, and its processing for other purposes is excluded through suitable technical and organizational measures.


    6. Processing your data in a third country or by an international organization

    The transfer of data to bodies in countries outside of the European Union (EU) or the European Economic Area (EEA) (what are known as third countries) occurs if it is required to carry out an order/perform a contract of or with you; if it is legally prescribed (e.g., reporting obligations under tax law); if it lies in our legitimate interest or in the legitimate interest of a third party; or if you have granted us your consent for this purpose.

    In this context the processing of your data in a third country can also occur in connection with the commissioning of service providers under processing arrangements. To the extent that the Commission has not taken a decision confirming that an adequate level of data protection exists in the relevant third country, we guarantee through corresponding contracts in compliance with the EU data protection requirements that your rights and freedoms are adequately protected and guaranteed. We will gladly provide you with corresponding detailed information upon request.

    Information on suitable or reasonable guarantees and on the possibility of obtaining a copy thereof can be requested from the data protection officer.


    7. Your data protection rights

    You can assert your data protection rights against us under certain circumstances.

    • For example, you are entitled to be informed by us about which data we store about you pursuant to the provisions of Art. 15 of the GDPR (possibly subject to restrictions pursuant to section 34 of the German Federal Data Protection Act).
    • Upon your request, we will rectify the data stored about you pursuant to Art. 16 of the GDPR if such data is incorrect or flawed.
    • If you so desire, we will erase your data pursuant to the principles of Art. 17 of the GDPR unless other statutory regulations (e.g., statutory retention periods or the restrictions stipulated in section 35 of the German Federal Data Protection Act) or our overriding interest (e.g., regarding the defense of our rights and claims) do not run counter to such erasure.
    • Taking the preconditions laid down in Art. 18 of the GDPR into account, you have the right to demand that we restrict the processing of your data.
    • Moreover, you can object to the processing of your data pursuant to Art. 21 of the GDPR, as a result of which we have to stop processing your data. However, this right to object only applies if special circumstances exist in your personal situation, and rights of our company might run counter to your right of objection.
    • Under the circumstances defined in Art. 20 of the GDPR, you also have the right to receive your data in a structured, commonly used and machine-readable format or to transmit such data to a third party.
    • Moreover, you have the right to revoke at any time the consent you granted for the processing of your personal data with effect for the future (cf. clause 2.3).
    • Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 of the GDPR). However, we recommend you always first contact our data protection officer to address a complaint.

    Your requests for exercising your rights should, as far as possible, be addressed in writing to the address stated above, or directly addressed to our data protection officer.


    8. Scope of your obligations to provide us with your data

    You only need to provide us with the data that is required for entering into and conducting a business relationship or a pre-contractual relationship with us, or the data that we need to collect in compliance with the law. Without this data we will generally not be in a position to conclude or perform the contract. This can also relate to data that is required later in the course of the business relationship. To the extent that we request data above and beyond the aforementioned data collected from you, we will separately draw your attention to the fact that the provision of such data is voluntary.


    9. Existence of automated individual decision-making (including profiling)

    We do not use any merely automated decision-making process pursuant to Art. 22 of the GDPR. However, should we come to use such a process in individual cases in the future, we will separately inform you thereof, provided this is a statutory requirement.
    Under certain circumstances, we partly process your data with the aim of evaluating certain personal aspects (profiling).
    We may use evaluation tools in order to provide you with targeted information and advice on our products. These enable requirement-oriented product design, communication and advertising, including market and opinion research.

    Such procedures can also be used in order to assess your solvency and creditworthiness and to combat money laundering and fraud. What is known as “score values” can be used for assessing your solvency and creditworthiness. Scoring serves to calculate the likelihood that a customer will honor his or her payment obligations in line with the contract with the help of mathematical methods. Such score values therefore support us, for example, in assessing the creditworthiness or the decision-making process in the context of product deals, and they are incorporated into our risk management. The calculation is based on recognized mathematical-statistical and proven methods and on your data, especially data on income levels, spending, existing liabilities, profession, employer, length of service, experience from the business relationship to date, repayment of earlier loans in line with the contractual stipulations, and information from credit agencies.

    In this context neither the data on your nationality nor the special categories of personal data pursuant to Art. 9 of the GDPR are processed.

    Information about your right to object pursuant to Art. 21 of the GDPR

    • You have the right to object to the processing of your data under Art. 6 para. 1 f of the GDPR (data processing on the basis of a weighing of interests) or Art. 6 para. 1 e of the GDPR (data processing in the public interest) on grounds relating to your particular situation. This also applies to your right to object to any profiling that relies on this provision within the meaning of Art. 4 no. 4 of the GDPR. If you object to the processing of your data, we will no longer process your personal data unless we can furnish proof of compelling, legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
    • We may also process your personal data for direct advertising purposes. If you do not want to receive any advertising, you have the right to object to this at any time; this also applies to profiling to the extent that profiling is connected with such direct advertising measures. We will respect your objection with regard to the future.

    If you object to the processing of your data for these purposes, we will stop processing your data for direct advertising purposes. The objection need not follow a particular form and, as far as possible, should be addressed to:

    ACRON Lux Invest S.á r.l.
    Mr. Ertan Isen
    121, avenue de la Faiencerie
    1511 Luxembourg
    Grand Duchy of Luxembourg
    datenschutzacronlu

    Our Privacy Notice and the data protection information regarding our data processing pursuant to Articles (Art.) 13, 14 and 21 of the GDPR can change from time to time. All changes will be published on this page. We will make older versions available for your inspection in an archive.


    Part 2: Privacy Notice

    1. Data controller

    ACRON AG and its subsidiaries are the data controller responsible for collecting, processing and using data in connection with the use of our website.


    2. General

    The use of our website does not require prior registration, except in the investor login section. When you visit our website, we collect and process the data which you transmit to us through automated technology (cf. clause 3) and/or personal data (cf. clause 4).


    3. Usage data

    When you visit our website or use our services, the device and the internet browser that you use to access our website will automatically transmit log data to our server. This log data particularly includes the name of the file (web page) that was accessed, the data volume transferred, the type and version of the web browser used, the operating system used (type and version), the data and time at which the page was accessed, the referrer URL (website from which you accessed our website by clicking on a link) and the IP address of the computer sending the request. After it is no longer technically required for accessing the website, the IP address will be stored in abbreviated (anonymized) form only for statistical analysis purposes.

    The aforementioned data that was automatically transmitted is exclusively collected and evaluated for the purpose of a proper and optimal presentation of the offered information and for statistical analysis purposes. We are not in a position to assign the data automatically transmitted to the server to specific individuals, i.e., there is absolutely no way to identify you directly with the help of the data that was automatically transmitted. However, we would like to point out that with the cooperation of your internet access provider, it is theoretically possible over a certain period of time to determine the owner of the internet connection that you use to access our website on the basis of the transmitted IP address. Your internet access provider will inform you about the length of time it stores used and assigned IP addresses.


    4. Nature, scope and purpose of the collection and use of personal data

    We collect, process and use personal data such as name, address, telephone number or email address on these websites only for the purpose of performing the contract and for safeguarding legitimate own business interests with respect to advising and supporting our contractual partners. Apart from this, we use the data with which you provided us voluntarily exclusively for the purpose for which you let us have it. It is only if you also granted us your consent to using your data for further offers or for marketing purposes that we will use your data also for these purposes. Your personal data will be deleted as soon as it is no longer needed to fulfill the purpose it was stored for, at the latest, however, after the contract has been fully performed and the relevant periods prescribed under tax and commercial law have expired.

    a) Contact form

    You can contact us using the contact/email form which can be accessed on our website. The use of the form as well as the entry of personal data into this contact form is, of course, voluntary. The personal data that you transmit using the contact form will only be used for processing your inquiry unless you have specifically consented to further use. Should you use our contact form in the shareholder section to contact us, the data entered will be encrypted as it leaves your computer according to the latest technical standards (SSL) to protect it against misuse by third parties.

    b) Sharing information with third parties

    The personal data transmitted during use of our website will be shared with third parties only if you have given your prior consent to this data being shared, if we are entitled to do so based on statutory provisions, and/or if we are obligated on the basis of statute, regulation, court order or order by public authority to disclose such data. In general, sharing data with third parties for advertising purposes does not occur.

    c) Access, rectification, blocking, erasure

    You have the right to request from us, free of charge, access to the personal data stored about you, the recipients or categories of recipients with whom such data is shared and the purpose of storage. Moreover, you have a right to request rectification, blocking or erasure of personal data provided the statutory preconditions are fulfilled. Contact information can be found in our publishing information section.


    5. Cookies, tracking tools

    a) Cookies

    Our website uses cookies, e.g., for user analysis, to save the language chosen or to enhance user experience. Cookies are small text files that are stored on your computer for the duration of a browser session. After the end of the browser session, the cookies we use will be deleted (so-called “session cookies”). These cookies facilitate and accelerate your navigation when visiting our website. If you do not wish cookies to be used on your computer by our website, you can deactivate cookies in your browser settings and select browser settings that inform you about the use of cookies by a website. We would like to point out, however, that this might lead to a situation where you can no longer make full use of the functions of our website. More detailed information on this topic can be found here and here, for example.

    This website also uses cookies for dialog support. With certain dialogs that go on over several pages, it is unavoidable to use cookies as a processing tool because they are the only way to ensure that you can return to the previous page within the ongoing process. These cookies are automatically deleted from the internet user’s PC upon leaving this website. The use of cookies for dialog support is therefore in your own interest.

    We also use a cookie within our disclaimer for opening secure pages on our website (e.g. on the pages regarding real estate funds) that is activated after you confirm the disclaimer. This cookie enables navigation within the secure pages and will be automatically deleted after you close the browser window.

    b) Google Analytics

    When you visit our website, we will transmit data to our service provider Google Inc. within the scope of the Google Analytics solution. Google Analytics is configured so that your IP address will be anonymously transmitted to Google (anonymizeIP). Google processes your usage data on our website on our behalf in order to compile reports on website activity. We use these reports to determine your interest in what we offer and make improvements.

    If you wish to avoid tracking by Google Analytics, you can install a browser add-on to prevent tracking by Google Analytics.

    Further information

    Google has obligated itself to comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework on the collection, use and storage of personal data from member states of the EU and Switzerland as set forth by the US Department of Commerce.

    If you are not satisfied with the privacy protection measures described here or have further questions regarding the collection, processing and/or use of your personal data, we would like to hear from you. We will endeavor to answer your questions as quickly as possible and implement your suggestions. Please contact us at datenschutz@acron.lu.

    6. Scope of application of this Privacy Notice

    This Privacy Notice applies to all websites and services or offers for which ACRON AG and its subsidiaries are responsible. This Privacy Notice does not apply to services that are covered by separate privacy notices, which do not include the present Privacy Notice.

    In particular, our Privacy Notice does not apply to services offered by other companies or persons or other websites that are linked to our services. Our Privacy Notice does not cover the treatment of information by other companies or organizations that advertise our services and potentially also use cookies, pixel tags and other technologies to make relevant advertisements available.

    If you open an external website from our site (external link), the external provider may receive information from your browser that identifies which of our web pages you are coming from. The external provider is responsible for this data. We - just as every other website provider - are not able to influence this process.

    7. Security

    ACRON implements technical and organizational security measures to protect the data you provide from random or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continually revised in line with technological developments. Our employees are obligated to maintain confidentiality.

    8. Further information

    Your trust is important to us. If you have any questions which were not answered in this Privacy Notice or if you would like more detailed information on a certain aspect, please do not hesitate to contact our data protection officer at any time. In this context, we are also happy to fulfill your statutory right to information.

    Contact information of our data protection officer
    ACRON Lux Invest S.á r.l.
    Mr. Ertan Isen
    121, avenue de la Faiencerie
    1511 Luxembourg
    Grand Duchy of Luxembourg
    datenschutzacronlu

    Due to constant developments regarding the internet, occasional adjustments to our Privacy Notice will be necessary. We reserve the right to make relevant amendments to our Privacy Notice at any time.