E-SEC GmbH (hereinafter referred to as “Provider”, “We” or “E-SEC”) processes personal data exclusively in accordance with the general data processing principles of the EU General Data Protection Regulation (Regulation (EU) 679/2016 - “GDPR”) and complies with the statutory provisions of the GDPR and the German Federal Data Protection Act.
1. Information on the processing of personal data by using the website
Where personal data are collected via the provider’s website, the provider processes such data for the intended purpose and in accordance with the statutory provisions.
Each access to the website is stored in a log file in which the following data are stored:
The data stored in the log file are evaluated by the provider in anonymous form and exclusively for statistical purposes and to improve the website. They will not be disclosed to third parties. The data are therefore no longer available for further processing.
The provider offers users the opportunity to contact E-SEC in general as part of the website. If you want to use these offers, you will be asked to enter personal data that are required to process your request. You are free to decide whether to use these offers and enter your data. You consent to the processing of these data by submitting your personal data, as otherwise the use of these offers is not possible.
The data collected from you will be stored and processed exclusively for the purpose of processing your request.
In the ordinary course of business, the provider also processes personal data such as
You have a general right of access to information, to rectification, to erasure, to restriction of processing, to data portability and a right to object to the provider.
The controller within the meaning of the GDPR is E-SEC GmbH, represented by its general manager, Mr Daniel Maier.
Contact information of E-SEC GmbH
Fürstenwall 172a/6. OG
2. Information to be provided to data subjects (Articles 13 and 14 GDPR)
The provider uses personal data to meet its legal and (pre-)contractual obligations, which also includes data submitted to the provider by data subjects. For information about data processing and your rights and to comply with our duty to provide information (Articles 13 and 14 GDPR), please find below details about the individual circumstances:
a) Purpose of processing and legal basis
(i) to comply with contractual obligations (Article 6(1)(b) GDPR): The processing of personal data is carried out in the context of the performance of our contracts with our service providers or for the performance of pre-contractual measures and for invoicing purposes.
(ii) to balance interests (Article 6(1)(f) GDPR): In the case of business contacts or employees of business partners of our clients, we process – to the extent necessary – your data to protect our legitimate interests or the legitimate interests of third parties. Examples:
(iii) job applicant data
We need to process certain information about you to process your job application. We will only ask for information that is necessary to process your application:
(iv) for compliance with a legal obligation (Article 6(1)(c) GDPR): As an investment services firm, we are subject to various legal obligations, i.e., statutory requirements (e.g., German Securities Trading Act, German Money Laundering Act) as well as regulatory requirements (e.g., by the European Securities and Markets Authority (“ESMA”)). The purposes of the processing include, among others, identity and reliability checks, fraud and money laundering prevention, compliance with control and reporting obligations under tax law as well as reporting obligations under supervisory law and the monitoring of investment regulations, the assessment and management of risks in the company, the guaranteeing of IT security and IT operations and measures to ensure building and facility security (such as access controls). In addition, we may record the content of telephone conversations when serving clients.
b) Intention to transfer personal data to recipients in a third country or to an international organisation
Data will be transmitted to entities in countries outside the European Union or the European Economic Area (referred to as third countries) if required by law, if you have given us your consent or for the purposes of the legitimate interests under data protection law except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
c) Recipients of the data
The data will be processed within E-SEC and Chartered Investment Germany GmbH, Fürstenwall 172a/6. OG, 40217 Düsseldorf, Germany.
Where we are authorised to do so, the following entities may further be recipients of personal data:
public bodies and institutions (e.g., Federal Financial Supervisory Authority, ESMA, tax authorities, Federal Central Tax Office) or investigating authorities in the event of a legal or official obligation.
securitisation firms, advisors, institutional investors, custodians, comparable institutions and group companies, as well as processors on behalf of a controller to whom we transfer personal data to perform the business relationship with you or with our clients.
d) Duration of storage of your data
We will process and store your personal data as long as required by the purposes of processing and necessary to comply with our contractual and legal obligations.
If the data are no longer necessary in relation to the purposes for which they were processed or to comply with contractual or legal obligations, they are regularly erased, unless their – temporary – storage or further processing is necessary for the following purposes:
compliance with retention periods under commercial and tax laws: these include the German Commercial Code, the German Fiscal Code, the German Money Laundering Act and the German Securities Trading Act as well as other regulatory legal bases. The periods specified therein for retention or documentation range from two to ten years.
retention of evidence under the statute of limitations. According to Sections 195 et seqq. German Civil Code, these limitation periods may be up to 30 years, with the regular limitation period being three years.
e) Your rights as data subject
In general, you as a data subject have the right of access (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability (Article 20 GDPR) and the right to object to processing (Article 21 GDPR). With respect to the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 Federal Data Protection Act apply. In addition, you have a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 Federal Data Protection Act).
f) Existence of automated decision-making (including profiling)
There is no automated decision-making process.
g) Obligation to provide data
In the context of the joint business relationship, the client must provide those personal data that are necessary to establish and perform a business relationship and to comply with the associated contractual obligations or to the collection of which the provider is required by law. Without these data, the provider will usually have to refuse to enter into a contract or perform the order, or will no longer be able to perform an existing contract and may have to terminate it. In particular, under anti-money laundering regulations, the provider is obligated to identify the potential contractual partner prior to establishing the business relationship, for example by means of an identity card, and to collect and record the name, place of birth, date of birth and nationality as well as residential address and identification data. For the provider to be able to comply with this legal obligation, the client must submit to the provider the necessary information and documents in accordance with Section 11(6) German Money Laundering Act and notify the provider of any changes arising in the course of the business relationship without undue delay. Should the client fail to provide the information and documents required by the provider, the provider may not enter into or continue the business relationship with the client.
3. Information about your right to object (Article 21 GDPR)
a) Individual right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) (processing necessary for the performance of a task carried out in the public interest) or (f) (processing based on balancing of interests) of Article 6(1) GDPR; this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR (profiling is, however, not currently performed by the provider). If you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
b) Right to object to processing of data for direct marketing purposes
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing (profiling is, however, not currently performed by the provider). If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
The objection may be made without adherence to a specific form to info(at)e-sec.io.
4. Third-party services
Currently, we do not use any third-party services.
5. Self-hosted services
This website uses Matomo, an open source, self-hosted software to collect anonymous usage data for this website.
Website visitor behaviour data are collected to detect problems such as pages not found, search engine problems or unpopular web pages. Once the data are processed (number of visitors seeing error pages or just one web page etc.), Matomo generates reports for website owners to react accordingly (layout changes, new content etc.)
Matomo processes the following data:
Indirect data collection
When using this website, the access is recorded by the website host. This log contains your IP address, which indirectly identifies you through your ISP. The recording of this data is mandatory by law and necessary for security purposes. There is no way to opt out, but the data will never be used for other purposes.
Basis of legitimate interest
The data processing is based on the principle of legitimate interest.
The processing of data helps us find out what is working on our site and what is not. For example, it helps us find out if the website content is well received or how we can improve its structure. Our team benefits from this information and will be able to react accordingly. Due to the data processing, you will therefore benefit from a website that is continually improving.
Your data will exclusively be used to improve website usage.
Rights of data subjects
Since Matomo collects data based on legitimate interest, you may exercise the following rights: