Privacy Policy

Privacy Policy

This website is maintained by Spotcap Global Services GmbH.

Introduction

Spotcap is committed to data protection best practices and complies with EU and local data protection law, we are bound by General Data Protection Regulation (“GDPR”) and the German Data Protection Act (Bundesdatenschutzgesetz), “BDSG”.

“We”, “our” or “us” means Spotcap Global Services GmbH, registered with the German company register under the registration number HRB 156871 B and with our main office located at Stralauer Allee 4, 10245 Berlin, Germany. For the purposes of EU data protection law and country of operation law, we are a data controller in respect of the personal data we receive from you, or otherwise collect about you, and we are responsible for ensuring that we use your personal data in compliance with applicable data protection laws.

You can contact our data protection officer by mail to the address indicated above with the addition ‘Data Protection Officer, Spotcap Global Services GmbH’ or by email at data-protection@spotcap.com.

The Privacy Policy contains information about the nature, purpose and scope of our use of your personal data with regard to the website https://www.spotcap.com/ and sub-websites (“Website”) and your respective rights.

In this Policy:

Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Data Protection Officer: means the contact person for questions or complaints regarding our handling of personal information;

Disclosing: means providing information to persons outside of our organisation;

Lawful processing: the reason that allows us to legally process personal data and includes freely given consent for a specific purpose; the performance of a contract, compliance with a legal obligation, protecting vital interests, public interest, legitimate interests pursued by the controller;

Legitimate interest: the interest of a controller to process personal data, including scenarios in which personal data may be disclosed or provided by a third party, and may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overridden, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller;

Personal data: means any information relating to an identified or identifiable natural person (’data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Sensitive information: personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association memberships, sexual preferences and criminal record, and also includes health information;

Special category data: personal data which the GDPR defines as more sensitive, and therefore needs more protection. For example, information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.;

Use: means our use of information.

Who do we collect personal information on?

The personal information we may collect and hold includes (but is not limited to) personal information about the following individuals:

  • Current, past and prospective employees,
  • Partners, service provides and suppliers,
  • Current and potential customers,
  • Users of our websites,
  • Subscribers,
  • Other stakeholders.

How do we collect personal information?

We collect personal data if you use the Website or voluntarily transfer them to us by contacting us, for example via form or email. We will only collect your personal data with your consent or as permissible under applicable data protection law (e. g. GDPR). The type of data that will be collected in the contact form is set out on our Website in the respective contact form. Data transmitted through the contact form will be stored on servers located in Germany. We use the data you provide to us to process your inquiries. Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued. 

We may also collect personal information about you from a third party, including, but not limited to, banks and non-bank financial institutions, credit agencies, governmental agencies, marketing agencies. If so, we will take reasonable steps to ensure that you are made aware of this Policy. We may also use third parties to analyse traffic at our website, which may involve the use of cookies. 

We will not collect sensitive information about you without your consent unless an exemption in the data protection law applies. These exceptions include cases when collection is required or authorised by law or is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

If you do not provide us with the personal information we request, we may not be able to provide you with our products or services, or meet your needs appropriately or we may have to provide our services on terms that are less favourable to you.

What kinds of personal information do we collect and hold?

We may collect and hold a range of information about you that is reasonably necessary for, or directly related to, one or more of our functions or activities, including:

  • Contact– and identification information: non-public, personal information you knowingly choose to disclose, which is collected on an individual basis via internet, fax, phone, or mail;
  • Website-use information collected on an aggregate basis as you and other users of our website. If you choose to correspond through email, we may retain the content of your email messages together with your email address and all responses sent through our website;
  • Device information – e.g. IP address, language settings, browser settings, time zone settings, operating system and platform and screen resolution. 
  • Details about your activity on selected online webpages. 
  • Screen recording – record user behaviour in core pages (Hotjar for homepage, contact-page).

Why do we collect personal information?

We collect and hold personal information about you so that we may:

  • provide you with our products and services;
  • review and meet your ongoing needs;
  • provide you with information we believe may be relevant or of interest to you;
  • let you know about other products or services we offer, send you information about special offers or invite you to events;
  • consider any concerns or complaints you may have;
  • comply with relevant laws, regulations and other legal obligations; and
  • help us improve the products and services offered to our customers and enhance our overall business.

We may use and disclose your personal information for any of these purposes. We may also use and disclose your personal information for secondary purposes which are related to the primary purposes set out above, or in other circumstances authorised by the data protection law. 

Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise or an exemption in the data protection law applies. 

Who do we disclose personal information to?

Unless expressly specified with regard to specific information that we collect from you, we may disclose personal information to:

  • a related entity;
  • an agent, professional advisor or service provider we engage to carry out our functions and activities (such as, but not limited to, lawyers, accountants, IT contractors, marketing companies);
  • organisations involved in the transfer or sale of our assets or business;
  • financial institutions involved in managing our payments, such as banks;
  • regulatory bodies, government agencies, law enforcement bodies and courts;
  • anyone whom you authorise us to disclose it to; and

if we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it. We ensure that all contractual arrangements with third parties adequately address privacy issues and make third parties aware of this Policy.

Management of personal information

We recognise the importance of securing personal information. We will take steps to ensure your personal information is protected from misuse, interference or loss, and unauthorised access, modification or disclosure.

Your personal information is generally stored in our computer database. All paper files are stored in secure areas. In relation to information that is held on our computer database, we apply the following guidelines:

  • passwords are required to access the system and passwords are routinely checked;
  • data ownership is clearly defined;
  • we change employees’ access capabilities when they are assigned to a new position;
  • employees have restricted access to certain sections of the system;
  • the system automatically logs and reviews all unauthorized access attempts;
  • unauthorized employees are barred from updating and editing personal information;
  • all computers which contain personal information are secured both physically and electronically;
  • data is encrypted during transmission over the network; and
  • print reporting of data containing personal information is limited.

Rights of the data subject

Right of Access

You have the right to obtain information about the personal data processed by us, the processing purposes, the categories of processed personal data, the recipients or categories of recipients to whom your data was or is being disclosed, the planned period of storage or the criteria for determining the duration of storage, the right of correction, deletion, limitation of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if they were not collected by us, the existence of automated decision-making including profiling and possibly significant information on the logic applied and the scope and intended impact of such processing, as well as your right to be informed of what guarantees according to Art. 46 GDPR exist in case of redirection of data in third countries.

Right to Correction

Right to correction according to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of incomplete data.

Right to Deletion

Right to deletion according to Art. 17 DSGVO: You have the right to demand the deletion of your personal data if the requirements of Art. 17 (1) GDPR are met. This right does not apply if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the pursuit, exercise or defense of rights.

Right to Restriction of Processing

Right to restriction of processing according to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data provided that the correctness of your data is verified, if you refuse to delete your data due to inadmissible data processing and instead restrict the processing of your data, if you need your data for the assertion, exercise, or defense of legal rights, after we no longer require these data for their purpose, or if you have objected for reasons of your particular situation, as long as it is not ascertained, whether our legitimate reasons prevail.

How do we keep personal information accurate and up-to-date?

We are committed to ensuring that the personal information we collect, hold, use and disclose is relevant, accurate, complete and up-to-date.

We encourage you to contact us if any personal information we hold about you needs to be updated. If we correct information that has previously been disclosed to another entity, we will notify the other entity of the correction within a reasonable period. Where we have reason to believe  that information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. We will not charge you for correcting your personal information.

What about cookies and other tracking technologies?

General Use of Cookies

In order to provide this Website and to improve its performance, we use cookies. Cookies are text files that are stored on your device. Cookies remain on your device for a certain and defined period of time and allow us to recognize your browser on the next visit (persistent cookies). You can set your browser to inform you about the cookie setting and disable cookies individually, or to disable cookies for specific cases or in general. Some cookies are necessary for the functions of the Website. If the usage of these cookies is not enabled on your device or in your browser, the functionality of our Website may be restricted.

Use of Google Analytics

This Website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). that helps determine usage preferences and particularly popular areas of websites. Google Analytics uses methods that allow the analysis of the use of the Website, e. g. through cookies. The generated information about your use of this Website is transferred to a Google server in Europe and stored there. By activating the IP anonymization on this Website, the IP address will be shortened before transmission within the Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser under Google Analytics will not be merged with other Google data.

You can prevent Google’s processing of the data (including your IP address) generated by a cookie and your use of the Website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link. Alternatively, you can revoke your consent to the processing of your data through the use of the services on the Website.

Further information on data protection regarding Google Analytics is available at Google’s data protection notice under “Google Analytics Cookies” available under the following link.

Further information on Google’s privacy policy is available here.

The cookie lifetime is up to 24 months (this applies only to cookies which have been set by this Website) and the maximum storage period of used data is up to 36 months.

The processing of data using Google Analytics is based on your consent according to Art. 6 (1) (a) GDPR.

Updates to this policy

This Policy will be reviewed from time to time to take account of new laws and technology, and changes to our operations and the business environment.

Our responsibilities

It is the responsibility of management to inform employees and other relevant third parties about this Policy. Management must ensure that employees and other relevant third parties are advised of any changes to this Policy. All new employees are to be provided with timely and appropriate access to this Policy, and all employees are provided with training in relation to appropriate handling of personal information. Employees or other relevant third parties that do not comply with this Policy may be subject to disciplinary action.

Unsolicited personal information

We may receive unsolicited personal information about you. We destroy or de-identify all unsolicited personal information we receive, unless it is relevant to our purposes for collecting personal information. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.

Making a complaint

If you have any questions about this Policy, or wish to make a complaint about how we have handled your personal information, you can lodge a complaint with us by: