as of 24 January 2020
2. Name and contact details of the responsible party as well as the Data Protection Supervisor
Responsible party: Hellwig Wertpapierhandelsbank GmbH („Hellwigbank“), Hochstr. 49,
60313 Frankfurt, Germany
Telephone: +49 (69) 92 00 26 0
Our data protection officer can be contacted either at the above-mentioned address or by e-mail to: email@example.com
a) When visiting the Website:
When accessing our Website www.hellwigbank.com the browser of your terminal will automatically send information to the server of our website. Such information will be temporary stored in so called log files. The following information will be recorded without any action on your part until the time of automatic deletion:
→ IP-address (anonymised) of accessing computer,
→ date and time of Website retrievals,
→ name and URL of the requested file,
→ Website, from which access is initiated (Referrer-URL),
→ type of browser and where applicable the operating system of your computer as well as the name of your Host-Providers.
Purpose of processing the data mentioned above:
→ to ensure that the connection to our Website is established smoothly,
→ to secure a user-friendly operation of our Website,
→ analysis of system security and stability as well as
→ for further administrative purposes.
For security reasons (e.g. for investigations of misuse or fraud), log file data is archived for a maximum of seven days and is then deleted. Data that needs to be archived for longer periods due to evidentiary purposes is not deleted until the relevant case has been closed.
The legal basis for processing data is constituted by Article 6(1)(f) GDPR. Our legitimate interest is clear from the above listed purposes of processing data. On no account will we utilize the obtained data to draw any conclusions to your person.
4. Disclosure of personal data
We only disclose any personal data to third parties for the purposes listed below. Personal data will only be forwarded to a third party, if:
→ you have given your explicit consent according to Art. 6(1)(a) GDPR,
→ in accordance with Art.6(1)(f) GDPR, it is necessary for the establishment, exercise or defence of legal claims and there are no reasonable grounds to assume that you have an overriding interest warranting protection relating to disclosure of the data,
→ in case that disclosure according to Art. 6(1)(c) GDPR is due to legal obligations, as well as
→ it is permitted by law and as specified in Art. 6(1)(b) GDPR required for the execution of the terms and conditions of our contract with you.
Cookies are used on our Website. When you visit our site, these small text files will be saved automatically by your browser on your device (such as laptop, tablet or smartphone). However these cookies do not install programs on your device nor do they contain viruses / trojans or cause any damage whatsoever.
A cookie primarily stores information about a user (or the device on which the cookie is stored) while accessing a Property or thereafter. Nonetheless we will not gain knowledge of your identity.
We use session cookies in order to make our online services more convenient for you. Such cookies enable us to see which pages of our Website have been frequented and they expire automatically when you exit our site or close your browser.
The same reasons apply to the usage of temporary cookies, which will be stored on your device for a certain established short period of time. On your next visit to our site, your previous settings and adjustments will be automatically recognized, therefore preventing you from entering them again.
Furthermore cookies enable us to register our Website usage for statistical purposes and thus to optimize our offer for you. These cookies recognize upon visiting our site, previous visits of you and will be deleted automatically after a defined time.
The data processing carried out through cookies is justified for the purpose of protecting our rightful interest as well as of third parties according to Art. 6 (1)(f) GDPR.
Most browsers automatically accept cookies. You may modify the settings in your browser in such way that no cookies can be saved on your computer or so that you are always asked for permission before cookies are saved. Please note that in doing so you may not be able to take full advantage of all our Website features.
6. Recording of telephone calls
As required by law, all securities-based telephone conversations between our traders and clients will be recorded, therefore solely their telephone lines will be monitored. Only under very strict and limited conditions can these recordings be accessed or played back, such as upon the request by the Federal Agency for Financial Services Supervision. Furthermore, access is limited to authorized persons (management together with a representative of Compliance or Internal Audit) and will be deleted after 5 years.
7. Analysis Tools
We do not use any analysis tools.
8. Social Media Plug-ins
The application of Social Media Plug-ins on our website is not intended.
9. Data privacy in connection with job applications
We process job application data solely for purposes of and in connection with the relevant job application procedure, and as prescribed by law. Such data processing enables us to meet our job application procedure-related contractual obligations as prescribed by law, insofar as we need to carry out such processing in connection with statutory processes.
In order for job application procedures to be carried out by us, job applicants must submit their application materials to us. Insofar as we provide an online job application form, the required applicant data is labeled. If not, it arises from the relevant job descriptions.
Insofar as job applicants voluntarily provide us with specific classes of data as part of the job application process (pursuant to Art. 9(1) GDPR), such data is also processed pursuant to Art. 2(b) GDPR, and includes data such as information concerning severe disabilities and ethnic origin. Insofar as specific classes of data are requested of applicants as part of the job application process (pursuant to Art. 9(1) GDPR), such data is also processed pursuant to Art. 9(2)(a) GDPR, and includes data such as health information, insofar as such information is relevant for exercise of the relevant profession.
If we provide an online job application form, job applicants have the option to submit their application via such form, on our website. Such data is transmitted to us via state of the art encryption.
Job applicants also have the option to email their applications to us. Please note that emails are not encrypted in principle, therefore an applicant would need to take care of it themselves. Hence we cannot be held responsible for the transmission of application materials between the sender and our server – and therefore recommend that job applicants use our online form or send us their application by mail.
Data submitted by successful job applicants may be processed in connection with the resulting employment relationship. Data submitted by unsuccessful job applicants is deleted. Data from applicants who exercise their right to withdraw their application is also deleted.
Deletion is effected (subject to prior warranted recall of such data by the applicant) after six months have elapsed, so as to enable us to (a) respond to any queries that may arise concerning a given application; and (b) provide any evidence, as required by law, concerning equal treatment. Statements of account concerning any travel cost reimbursements are archived as prescribed by law.
Individuals who submit a job application to us have the option to be included in a talent pool for a two year period, provided that such individuals grant permission for such inclusion as prescribed by law.
Application materials included in the talent pool are processed solely in connection with future job postings and recruitment processes and are deleted upon expiration of the aforesaid two year period. Job applicants are informed of the following: being included in the talent pool is strictly voluntary; such inclusion will have no impact on any ongoing job application process; applicants have the right to cancel or object to their inclusion in the talent pool, pursuant to Art.21 GDPR.
10. Rights of the data subjects
You are entitled:
- to (a) require us to inform you whether your Personal Data is being, will be, or has been processed; and (b) request information concerning such data, as well as further information and copies of such data pursuant to Art. 15 GDPR;
- under Art. 16 GDPR, to call for your Personal Data to be completed or that any inaccuracy in your Personal Data will be rectified.
- to request that any of your Personal Data will be deleted without delay, in accordance with Art. 17 GDPR
- pursuant to Art. 18 GDPR, to request that restrictions will be imposed on the processing of your Personal Data, insofar as you contest the accuracy of those data, the processing is unlawful, but you are rejecting their deletion. Furthermore we do not need those data any longer; however they need to be preserved for the assertion, exercise or defence of legal claims before authorities.
- under Art. 21 GDPR, to bar any processing of your Personal Data.
- to require that any Personal Data that you have provided us with is (a) received in a structured and current as well as machine readable format in accordance with Art. 20 GDPR; and (b) transmitted to any other responsible party.
- to withdraw permission to process your data in the future as specified in Art. 7(3) GDPR.
- pursuant to Art. 77 GDPR, to file a complaint with a regulatory authority. Generally you can contact the competent authority of your current residence or workplace or your law firm’s office location.
11. Right of objection
You are entitled to object to the processing of your personal data at any time for legitimate reasons as stated in Art. 6(1)(f) GDPR, in case of compelling reasons as a result of your particular personal situation or due to contradicting direct marketing. In the latter case you have a general right of opposition, which we will implement without you having to state a particular personal situation.
In order to exercise your right of objection, it is sufficient to send an email to firstname.lastname@example.org.
12. Data security
During your visit of our Website, we employ the so called SSL technology (Secure Socket Layer) in connection with the highest secure encoding system supported by your browser. This is generally a 265-bit encryption. If your browser does not support a 265-bit encryption, a 128-bit v3 technology will be used instead. You are able to see that your data is transferred encrypted by the closed padlock or key icon in the lower left corner of your browser window or status bar.
In addition, we apply appropriate technical and organizational security measures in order to protect your personal data against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.
All our security measures are consistently being improved in accordance to the technical development.
13. Contacting us
If a user decides to contact us (e.g. by phone, via email, or via social media), their data is processed for purposes of handling and processing their query, pursuant to Art. 6(1)(b) GDPR. User information may also be stored in a customer relationship management system (CRM system) or equivalent.
We delete all queries as soon as such archiving is no longer necessary. We review the necessity of such archiving at two year intervals, subject to statutory archiving requirements.
14. Third Parties and online offer
Social media presence
We maintain a presence in social media, in order to enable us to communicate with customers, interested parties and users who also use such media and to keep them informed about our services. When you access third-party networks and platforms, the terms and conditions and the data processing guidelines of their operators apply.
14.1. Google ReCaptcha:
We incorporate a bot detection function, e.g. for entries in online forms – a service known as ReCaptcha, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Our Property may incorporate Twitter functions and content, which are provided by Twitter Inc., 1355
Market Street, Suite 900, San Francisco, CA 94103, USA. Users of our website who
are also Twitter users have the option to assign accessing of the aforementioned Content and functions to the users' profiles there. The fact that Twitter is certified under the Privacy Shield Agreement enables it to guarantee that it adheres to EU data privacy regulations (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy statement: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
Our Property may incorporate Xing functions and Content, which are provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Users of our website who are also Xing users have the option to assign accessing of the aforementioned Content and functions to the users' profiles there. Xing Privacy Statement: https://www.xing.com/app/share?op=data_protection.
15. Integration of external links