Data portection policy

We are pleased that you are visiting our website. Any processing of your data should be carried out in such a way that it is understandable and comprehensible for you. Therefore, we provide you with an overview of all essential circumstances concerning the processing of your data. We have prepared this information with the aim of making it as comprehensible as possible. Should you nevertheless have any questions of understanding, please do not hesitate to contact us. This also applies to all other questions concerning the processing of your data.

All laws and regulations from the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”) referred to in this information can be read free of charge at EU GDPR and BDSG.

This data protection information addresses people of all genders. Insofar as only one form has been chosen, this is done for ease of reading.

This privacy policy applies to the website of SG Assets GmbH, which is accessible under the domain www.sgassets.de and its various subdomains (“our website”).

As the controller, the SG Assets GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed.

Definitions
This Data protection policy is based on the notions used by the European Directive and Ordinance when issuing the GDPR. Our Data Protection Policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this Data protection policy:

Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing
Restriction of processing is the flagging of stored personal data with the aim of limiting its future processing.

Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

Third party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent
Consent is any indication of intention given voluntarily by the data subject for the specific case in an informed and unambiguous manner in the form of a statement or other unambiguous affirmative action by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

This Data Protection Policy complies with the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behavior when visiting a website. Information for which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by anonymization, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose. Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal in individual cases for the assertion, exercise or defense of legal claims and if there are legal retention obligations.

We only share your personal data that we process on our website with third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis in the individual case (e.g. consent or safeguarding legitimate interests). In this context, third parties are not persons affiliated with SG Assets GmbH in the sense of §§ 15ff. AktG (German Stock Corporation Act). In addition, we disclose personal data to third parties in individual cases if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement agencies, lawyers, auditors, courts, etc. Insofar as we use service providers for the operation of our website who process personal data on our behalf within the scope of commissioned processing pursuant to Art. 28 DSGVO, they may be recipients of your personal data. For more information on the use of processors as well as web services, please refer to the overview of individual processing operations.

Cookies are small files that are sent by us to the browser of your end device when you visit our website and stored there.

You can revoke this consent at any time by changing the cookie settings and blocking or deleting the cookies.

The data protection policy as of March 2023 in detail:

I. Name and Adress of the responsible party

The responsible party within the meaning of the DSGVO and other national data protection laws of the EU member states as well as other data protection regulations is:

SG Assets GmbH
Konrad-Adenauer-Allee 18
53721 Siegburg

Germany

+49 2241 24071-10

info@sgassets.de
www.sgassets.de

II. Name and Adress of the data portection officer

Operator of this website and responsible for the collection, processing and use of your personal data in the sense of the DSGVO and the BDSG is:

SG Assets GmbH
Konrad-Adenauer-Allee 18
53721 Siegburg

A data protection officer is currently not appointed due to the size of the company.

III. Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the data controller:

1. Right to information

You may request confirmation from the controller as to whether personal data concerning you are being processed by us.

If such processing is taking place, you may request information from the controller about the following:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. any available information on the origin of the data, if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

3. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of the processing, but you need it for the assertion, exercise or defense of legal claims; or
  4. if you have objected to the processing pursuant to Art. 21 (1) of the GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.

If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to deletion

a) Obligation to delete

You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:

  1. the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. you revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR and there is no other legal basis for the processing.
  3. you object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
  4. the personal data concerning you have been processed unlawfully.
  5. the deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. the personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) of the GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary to

  1. for the exercise of the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
  5. for the assertion, exercise or defense of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, given that

  1. the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR and
  2. the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) sentence 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated dicision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or
  3. is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to cases referred to in 1. and 3. above, the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

IV. General information on data processing

1. Scope of the Processing of personal data

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) sentence 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) p. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) p. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or locked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be locked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

V. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer. The following data is collected in this process:

  1. information about the browser type and the version used 
  2. the operating system of the user
  3. the internet service provider of the user
  4. the IP address of the user
  5. date and time of access
  6. web pages from which the user’s system accesses our website
  7. web pages that are accessed by the user’s system via our website

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p.1 lit. f GDPR.

3. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

4. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

VI. Use of cookies

1. Description and scope of data processing

As already mentioned at the beginning, our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. We also use cookies on our website that enable an analysis of the user’s surfing behavior. In this way, for example, data on the frequency of page views or the use of website functions can be transmitted. The user data collected in this way is pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users. When calling up our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this data protection policy. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 p. 1 lit. f GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 p. 1 lit. f GDPR.

4. Duration of storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

VII Email contact

1. Description and scope of data processing
A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:

  1. email address
  2. surname
  3. first name
  4. telephone/cell phone

At the time of sending the message, the following data will also be stored:

1. IP address of the user
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection policy. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the email will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

3. Purpose of the Data Processing
The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage
Data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored while contacting us will be deleted in this case.

VIII. Plugins used 

Matomo Cloud

Type and scope of processing
We use the open-source software tool Matomo (formerly PIWIK) on our website. The software sets a cookie in your browser (for cookies, see already above). If individual pages of our website are called up, the following data is stored:

  • Two bytes of the IP address of the user’s calling system (anonymized IP address) 
  • The website called up
  • The website from which the user accessed the accessed website (referrer)
  • The subpages accessed from the accessed website
  • The time spent on the website
  • The frequency with which the website is accessed

Purpose and legal basis
We process your data with the help of the analysis software Matomo for the purpose of evaluating the use of individual components and contents of our website on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You give your consent by setting the use of cookies (cookie banner/Consent Manager), with which you can also declare your revocation at any time with effect for the future pursuant to Art. 7 para. 3 of the GDPR. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be fully available.

Storage period
The specific storage period is influenced by us and theoretically lasts as long as we have no more storage space available.