Privacy Policy

Thank you for your interest in our company. Privacy is a particularly high priority for the management of Pari Capital GmbH, Walter-Gropius-Str. 15, 80807 Munich, Germany (hereinafter referred to as the “company”). It is fundamentally possible to use the web pages of the company without disclosing any personal data. Where a data subject would like to use particular services of our company via our website, it may nevertheless be necessary to process personal data. If it is necessary to process personal data and if no legal basis exists for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address or phone number of a data subject, is always handled in agreement with the General Data Protection Regulation and in conformity with the nationally specific data protection regulations applicable to the company. By means of this privacy statement, our company would like to inform the public of the nature, scope and purpose of the personal data that we collect, use and process. In addition, this privacy statement informs data subjects of their rights.

The company, as the data controller, has implemented a large number of technical and organisational measures in an effort to provide the most comprehensive level of protection possible for the personal data processed through this website. Nevertheless, security gaps may fundamentally be present in web-based data transmissions, with the result that absolute security cannot be guaranteed. For that reason, every data subject is also entitled to communicate personal data to us by alternative channels, for example by phone.

1. Definition of terms

The privacy statement of the company is based on the terms used by the European legislature and regulators in issuing the General Data Protection Regulation (GDPR). Our privacy statement is intended to be easy to read and understand both for the public and for our customers and business partners. To guarantee this, we would first like to explain the terms used in it.

The terms we use in this privacy statement include the following:

a) Personal data
Personal data means all information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by means of matching with an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing
Processing is any operation conducted with or without the help of automated procedures, or any such sequence of operations in connection with personal data, such as the collection, capturing, organisation, sorting, saving, adjustment or modification, reading out, retrieval, use, disclosure through transmission, dissemination or another form of delivery, comparison or association, limitation, deletion or destruction.

d) Limitation of processing
Limitation of processing is the marking of saved personal data with the goal of limiting its future processing.

e) Profiling
Profiling is any kind of automated processing of personal data which involves using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning working performance, economic situation, health, personal preferences, interests, reliability, behaviour, abode or change of location of that natural person.

f) Pseudonymisation
Pseudonymisation is the processing of personal data such that the personal data can no longer be matched to a specific data subject without reference to supplementary information, provided that supplementary information is kept separately and is subject to technical and organisational measures that guarantee that the personal data is not assigned to an identified or identifiable natural person.

g) Controller or data controller
The controller or data controller is the natural or legal person, public authority, agency or other body which, alone or together with others, decides on the purposes and means of processing personal data. If the purposes and means of this processing are laid down by Union or Member State law, the controller or the specific criteria for their nomination may be envisaged as laid down by Union law or the law of the Member States.

h) Processor
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i) Recipient
A recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, irrespective of whether it is a third party or not. Agencies that potentially receive personal data as part of a specific inquiry under Union or Member State law are however not considered to be recipients.

j) Third party
A third party is a natural or legal person, public authority, agency or other body apart from the data subject, the controller, the processor and the persons with direct responsibility to the controller or processor who are authorised to process the personal data.

k) Consent
Consent is any informed, unambiguously submitted, voluntary expression by the data subject for a specific case, in the form of a declaration or other clearly confirmatory action, by which the data subject indicates that they consent to the processing of their personal data.

2. Name and address of the data controller

The controller under the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions with a data protection character is:

Pari Capital GmbH
Dr. Bernhard Weilharter
Walter-Gropius-Str. 15
80807 Munich
Germany

Phone:     +49 89 99 84 80 0
Fax:    + 49 89 99 84 80 189
email:    Opens window for sending emailinfo@parigroup.com

HRB München 171474
Geschäftsführer:  Jürgen Niedernhuber

VAT ID no.:
DE171802742

3. Name and adress of contact person for data protection

Pari Capital GmbH
Jürgen Niedernhuber
Walter-Gropius-Str. 15
D-80807 München
tel +49 (89) 998 480- 155
mob +49 (170) 890 94 41
fax +49 (89) 998 480- 159
Opens window for sending emailj.niedernhuber@parigroup.com

Any data subject may contact our contact person directly at any time with any queries and suggestions regarding privacy.

4. Capture of general data and information

The company’s website captures a range of general data and information each time the website is called up by a data subject or an automated system. This general data and information is saved in the server’s log files. The following can be captured: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the “referrer”), (4) the sub-websites on our websites that are activated by an accessing system, (5) the date and time the website was accessed, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information to aid an emergency response in the event of attacks on our information technology systems.

The company draws no conclusions about the data subject from the use of this general data and information. Rather, this information is needed (1) to deliver the content of our website correctly, (2) to optimise the content of our website as well as advertising for it, (3) to assure the permanent functioning of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information needed for law enforcement in the event of a cyber attack. This data and information captured anonymously is therefore evaluated statistically by the company, and also with the goal of increasing data protection and privacy in our company so that it ultimately provides an optimum level of protection for the personal data we process. The anonymous data in the server log files is saved separately from all personal data disclosed by a data subject.

5. Contact option via the website

To comply with statutory requirements the company’s website contains particulars that enable our company to be contacted swiftly by electronic means as well as direct communication with us, and equally include a general address for electronic mail (e-mail address). Where a data subject makes contact with the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically saved. Such personal data transmitted by the data subject on a voluntary basis to the data controller is saved for purposes of processing or contacting. This personal data is not shared with third parties.

6. Routine deletion and blocking of personal data

The data controller processes and saves personal data for the data subject only for the period that is required to satisfy the purpose for saving or to the extent that was envisaged by the European legislature and regulators or another legislature, in laws or regulations to which the data controller is subject.

If the purpose of saving ceases to apply or if a retention period specified by the European legislature and regulators or another responsible legislature expires, the personal data is blocked and deleted as a routine matter and in accordance with the statutory requirements.

7. Rights of the data subject

a) Right to confirmation
Every data subject has the right granted by the European legislature and regulators to demand confirmation from the data controller on whether personal data relating to them is processed. If a data subject would like to exercise this right to confirmation, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

b) Right to information
Every data subject whose personal data is processed has the right granted by the European legislature and regulators to receive information free of charge from the data controller on what personal data relating to them is saved, and to receive a copy of that information. The European legislature and regulators has furthermore granted the data subject disclosure of the following information:

  • The processing purposes
  • The categories of personal data that is processed
  • The recipients or categories of recipients to which the personal data has been disclosed or remain to be disclosed, in particular recipients in third countries or at international organisation
  • If possible the planned period for which the personal data will be saved, or, if that is not possible, the criteria for determining this period
  • The existence of a right to correction or deletion of personal data relating to them or to limitation of processing by the controller, or of a right to object to this processing
  • The existence of a right to complain to a supervisory authority
  • If the personal data has not been collected from the data subject: all available information on the origin of the data
  • The existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) of GDPR and — at least in these instances — pertinent information on the logic applied as well as the scope and intended effects of such processing for the data subject

The data subject furthermore has a right to information on whether personal data has been transmitted to a third country or an international organisation. Where this is the case, the data subject moreover has the right to receive information on the appropriate guarantees in connection with the transmission.

If a data subject would like to exercise this right to information, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

c) Right to correction
Every data subject whose personal data is processed has the right granted by the European legislature and regulators to demand immediate correction of incorrect personal data relating to them. The data subject in addition has the right, taking into account the purposes of processing, to demand the completion of incomplete personal data, including by means of a supplementary declaration.

If a data subject would like to exercise this right to correction, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

d) Right to deletion (right to be forgotten)
Every data subject whose personal data is processed has the right granted by the European legislature and regulators to demand that the controller delete the personal data relating to them without delay, provided one of the following reasons applies and to the extent that processing is not required:

  • The personal data was captured or otherwise processed for purposes for which they are no longer required.
  • The data subject revokes their consent on which processing was based pursuant to Art. 6 (1) point a of GDPR or Art. 9 (2) point a of GDPR, and there is no other legal basis for processing.
  • The data subject objects to processing pursuant to Art. 21 (1) of GDPR and there are no overriding proper reasons for processing, or the data subject objects to processing pursuant to Art. 21 (2) of GDPR.
  • The personal data was processed unlawfully.
  • Deletion of the personal data is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data was captured for the provision of information society services pursuant to Art. 8 (1) of GDPR.

Provided one of the above reasons applies and a data subject would like to arrange the deletion of personal data that is stored by the company, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard. The Data Protection Officer of the company or another employee will arrange for the request for deletion to be met without delay.

If the personal data was made public by the company and if our company as the controller pursuant to Art. 17 (1) of GDPR is obliged to delete the personal data, the company will take appropriate measures including of a technical nature, bearing in mind the available technology and the implementation costs, to notify other data controllers which process the disclosed personal data that the data subject has demanded the deletion of all links to this personal data or of copies or replications of this personal data from these other data controllers, to the extent that processing is not necessary. The Data Protection Officer of the company or another employee will arrange the necessary action on a case by case basis.

e) Right to limitation of processing
Every data subject whose personal data is processed has the right granted by the European legislature and regulators to demand that the controller limit processing if one of the following conditions is met:

  • The correctness of the personal data is disputed by the data subject, in connection with a period that enables the controller to check the correctness of the personal data.
  • Processing is unlawful, the data subject declines deletion of the personal data and instead demands the limitation of use of the personal data.
  • The controller no longer requires the personal data for purposes of processing, but the data subject requires it to assert, exercise or defend legal claims.
  • The data subject has objected to processing pursuant to Art. 21 (1) of GDPR and it has not yet been established whether the proper reasons of the controller override those of the data subject.

Provided one of the above conditions is met and a data subject would like to demand the limitation of personal data that is stored by the company, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard. The Data Protection Officer of the company or another employee will arrange the limitation of processing.

f) Right to data portability
Every data subject whose personal data is processed has the right granted by the European legislature and regulators to receive the personal data relating to them that was provided to a controller by the data subject in a structured, conventional and machine-readable format. They in addition have the right to transfer this data to another controller without hindrance by the controller to whom the data subject supplied the personal data, provided processing is based on consent pursuant to Art. 6 (1) point a of GDPR or Art. 9 (2) point a of GDPR or on a contract pursuant to Art. 6 (1) point b of GDPR and processing is performed by means of automated procedures, to the extent that processing is not necessary for the performance of a task that is in the public interest or in the exercise of public authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) of GDPR, the data subject has the right to obtain transmission of the personal data directly from one controller to another, provided this is technically feasible and to the extent that to do so does not prejudice the rights and freedoms of other persons.

To assert the right to data portability, the data subject may contact the Data Protection Officer appointed by the company or another employee at any time.

g) Right to objection
Every data subject whose personal data is processed has the right granted by the European legislature and regulators, on grounds relating to their particular situation, to object at any time to the processing of personal data relating to them, carried out on the basis of Art. 6 (1) points e or f of GDRP. The same applies to profiling based on these provisions.

In the event of an objection the company will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or processing takes place to assert, exercise or defend legal claims.

If the company processes personal data to conduct direct advertising, the data subject has the right to object at any time to the processing of the personal data for purposes of such advertising. The same applies to profiling where it is conducted in connection with such direct advertising. If the data subject objects to the company to processing for purposes of direct advertising, the company will no longer process the personal data for those purposes.

In addition the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data that relates to them by the company for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) of GDPR, unless such processing is necessary to satisfy a task that is in the public interest.

To exercise the right to objection, the data subject may contact the Data Protection Officer of the company or another employee directly. In connection with the use of information society services, notwithstanding Directive 2002/58/EC, the data subject is furthermore at liberty to exercise their right to object by means of automated processes in which technical specifications are used.

h) Automated decisions in individual cases, including profiling
Every data subject whose personal data is processed has the right granted by the European legislature and regulators not to be subjected exclusively to a decision based exclusively on automated processing – including profiling – which produces a legal effect towards them or substantially affects them in a similar manner, provided the decision (1) is not required for the conclusion or fulfilment of a contract between the data subject and the controller, or (2) is permissible on the basis of Union or Member State law to which the controller is subject and this legislation contains appropriate measures to uphold the rights and freedoms as well as the legitimate interests of the data subject or (3) is taken with the express consent of the data subject.

If the decision (1) is required for the conclusion or fulfilment of a contract between the data subject and the controller or (2) is made with the express consent of the data subject, the company will take appropriate measures to uphold the rights and freedoms as well as the legitimate interests of the data subject, which include at least the right to obtain the intervention of a person at the controller, to present their own position and to contest the decision.

If the data subject would like to assert rights relating to automated decisions, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

i) Right to revoke consent under privacy law
Every data subject whose personal data is processed has the right granted by the European legislature and regulators to revoke consent to the processing of personal data at any time.

If the data subject would like to assert their right to revoke consent, they may contact our Data Protection Officer or another employee of the data controller at any time in that regard.

8. Privacy in applications and the application procedure

The data controller collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing may also be by electronic means. That is particularly the case if an applicant transmits the appropriate application documents to the data controller by electronic means, for example by e-mail or using a web form available on the website. If the data controller concludes an employment contract with an applicant, the data transmitted for the purpose of settling the employment relationship are saved in accordance with the statutory requirements. If the data controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notice of rejection was given, unless deletion is in conflict with any other legitimate interests of the data controller. Other legitimate interests in this sense include for example a burden of proof in proceedings under the German Equal Treatment Act (AGG).

9. Legal basis for processing

Art. 6 I point a of GDPR serves as the legal basis for our company for processing operations where we obtain consent for a particular purpose of processing. If the processing of personal data is required to fulfil a contract to which the data subject is party, for example as is the case in processing operations that are needed for a delivery of goods or the provision of another service or consideration, processing is based on Art. 6 I point b of GDPR. The same applies for those processing operations that are required to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation under which processing of personal data becomes necessary, for example to fulfil tax obligations, processing is based on 6 I point c of GDPR. In rare cases the processing of personal data could become necessary to protect vital interests of the data subject or another natural person. That would be the case for example if a visitor to our premises were to be injured and their name, age, health insurance fund data or other vital information needed to be shared with a physician, hospital or other third parties. Processing would then be based on Art. 6 I point d of GDPR. Processing operations could ultimately be based on Art. 6 I point f of GDPR. Processing operations that are not covered by any of the above legal bases take this legal basis if processing is necessary to uphold a legitimate interest of our company or of a third party, provided the interests, fundamental rights and fundamental freedoms of the data subject are not overriding. We are in particular permitted to conduct such processing operations because they have been specifically mentioned by the European legislature. To that extent it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 of GDPR).

10. Legitimate interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I point f of GDPR, our legitimate interest is the conducting of our business activities in the interests of the well-being of all our employees and shareholders.

11. Period for which the personal data is saved

The criterion for the period for which personal data is saved is the respective statutory retention period. After expiry of the period, the data in question is routinely deleted provided it is no longer required to fulfil or initiate a contract.

12. Statutory or contractual regulations on the provision of personal data; necessity for contract conclusion; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is to some extent prescribed by law (e.g. tax regulations) or may arise under contractual arrangements (e.g. particulars of contracting party). For the conclusion of a contract, it may sometimes be necessary for a data subject to provide us with personal data that we then need to process. The data subject is for example obliged to provide us with personal data if our company concludes a contract with them. Non-provision of the personal data would have the consequence that the contract could not be concluded with the data subject. The data subject must contact our Data Protection Officer before providing personal data. Our Data Protection Officer will inform the data subject on a case by case basis whether the provision of personal data is legally or contractually prescribed or is necessary for the conclusion of the contract, whether there is any obligation to provide the personal data, and what the consequences of non-provision of the personal data would be.

13. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.