Top

Privacy policy of E-SEC GmbH

E-SEC GmbH (hereinafter referred to as “Provider”, “We” or “E-SEC”) processes personal data exclusively in accordance with the general data processing principles of the EU General Data Protection Regulation (Regulation (EU) 679/2016 - “GDPR”) and complies with the statutory provisions of the GDPR and the German Federal Data Protection Act.

1. Information on the processing of personal data by using the website

Where personal data are collected via the provider’s website, the provider processes such data for the intended purpose and in accordance with the statutory provisions.

Each access to the website is stored in a log file in which the following data are stored:

  • IP address of accessing computer
  • name and URL of retrieved file
  • date and time of retrieval
  • transmitted data volume
  • website from which the access is made
  • browser used and, where applicable, the operating system of the computer (or device) used and the name of the user’s access provider
  • message whether the retrieval was successful.

The data stored in the log file are evaluated by the provider in anonymous form and exclusively for statistical purposes and to improve the website. They will not be disclosed to third parties. The data are therefore no longer available for further processing.

When accessing the website, temporary cookies (referred to as session cookies) are used to facilitate navigation. These cookies do not contain any personal data and expire after the session. Additional information can be found in the Cookie Policy.

The provider offers users the opportunity to contact E-SEC in general as part of the website. If you want to use these offers, you will be asked to enter personal data that are required to process your request. You are free to decide whether to use these offers and enter your data. You consent to the processing of these data by submitting your personal data, as otherwise the use of these offers is not possible.

The data collected from you will be stored and processed exclusively for the purpose of processing your request.

In the ordinary course of business, the provider also processes personal data such as

  • data of legal representatives and employees of companies with which the provider is in business contact or initiates a business contact (business contacts) - in particular, name, business address or other business contact information (telephone, fax, e-mail address),
  • data permissibly received from its customers, for example for the forwarding of orders or for the performance of contracts - in particular, order data, e.g., payment orders, data from the performance of our contractual obligations such as payment transaction data,
  • data received in the context of the provider’s business relationship with its service providers,
  • data permissibly obtained from publicly accessible sources such as commercial registers, which the provider may process.

The provider reserves the right to amend this Privacy Policy. In such event, we will inform you on this website.

You have a general right of access to information, to rectification, to erasure, to restriction of processing, to data portability and a right to object to the provider.

The controller within the meaning of the GDPR is E-SEC GmbH, represented by its general manager, Mr Daniel Maier.

Contact information of E-SEC GmbH

E-SEC GmbH
Fürstenwall 172a/6. OG
40217 Düsseldorf
Germany
E-mail: info(at)e-sec.io

2. Information to be provided to data subjects (Articles 13 and 14 GDPR)

The provider uses personal data to meet its legal and (pre-)contractual obligations, which also includes data submitted to the provider by data subjects. For information about data processing and your rights and to comply with our duty to provide information (Articles 13 and 14 GDPR), please find below details about the individual circumstances:

a) Purpose of processing and legal basis

(i) to comply with contractual obligations (Article 6(1)(b) GDPR): The processing of personal data is carried out in the context of the performance of our contracts with our service providers or for the performance of pre-contractual measures and for invoicing purposes.

(ii) to balance interests (Article 6(1)(f) GDPR): In the case of business contacts or employees of business partners of our clients, we process – to the extent necessary – your data to protect our legitimate interests or the legitimate interests of third parties. Examples:

  • contacting securitisation firms by e-mail /telephone in the context of performing of our business relationship,
  • information to and active support of interested parties, customers and sales partners via the internet, e-mail and telephone,
  • information about products/services and their changes,
  • contacting clients as part of marketing campaigns,
  • addressing marketing information to specific target groups,
  • steps taken to buy, sell or exchange securities or other assets,
  • information about account and custody account balances and other data required by clients or their service providers (e.g., asset managers),
  • steps taken for business management and the further development of services and products to attract new clients and distribution partners via the internet, e-mail and telephone,
  • transmission of reports relating to serviced securitisation firms and their assets,
  • recording of securities master data in a data storage system,
  • assertion of legal claims and possible defence in legal disputes,
  • providing e-mail communication,
  • data exchange and customer support within E-SEC.

(iii) job applicant data
We need to process certain information about you to process your job application. We will only ask for information that is necessary to process your application:

  • surname and first name
  • e-mail address
  • telephone number
  • school degree
  • availability
  • your experience in job years
  • your salary expectations
  • additional information you choose to provide

(iv) for compliance with a legal obligation (Article 6(1)(c) GDPR): As an investment services firm, we are subject to various legal obligations, i.e., statutory requirements (e.g., German Securities Trading Act, German Money Laundering Act) as well as regulatory requirements (e.g., by the European Securities and Markets Authority (“ESMA”)). The purposes of the processing include, among others, identity and reliability checks, fraud and money laundering prevention, compliance with control and reporting obligations under tax law as well as reporting obligations under supervisory law and the monitoring of investment regulations, the assessment and management of risks in the company, the guaranteeing of IT security and IT operations and measures to ensure building and facility security (such as access controls). In addition, we may record the content of telephone conversations when serving clients.

b) Intention to transfer personal data to recipients in a third country or to an international organisation

Data will be transmitted to entities in countries outside the European Union or the European Economic Area (referred to as third countries) if required by law, if you have given us your consent or for the purposes of the legitimate interests under data protection law except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

c) Recipients of the data

The data will be processed within E-SEC and Chartered Investment Germany GmbH, Fürstenwall 172a/6. OG, 40217 Düsseldorf, Germany.

Where we are authorised to do so, the following entities may further be recipients of personal data:

public bodies and institutions (e.g., Federal Financial Supervisory Authority, ESMA, tax authorities, Federal Central Tax Office) or investigating authorities in the event of a legal or official obligation.

securitisation firms, advisors, institutional investors, custodians, comparable institutions and group companies, as well as processors on behalf of a controller to whom we transfer personal data to perform the business relationship with you or with our clients.

d) Duration of storage of your data

We will process and store your personal data as long as required by the purposes of processing and necessary to comply with our contractual and legal obligations.

If the data are no longer necessary in relation to the purposes for which they were processed or to comply with contractual or legal obligations, they are regularly erased, unless their – temporary – storage or further processing is necessary for the following purposes:

compliance with retention periods under commercial and tax laws: these include the German Commercial Code, the German Fiscal Code, the German Money Laundering Act and the German Securities Trading Act as well as other regulatory legal bases. The periods specified therein for retention or documentation range from two to ten years.

retention of evidence under the statute of limitations. According to Sections 195 et seqq. German Civil Code, these limitation periods may be up to 30 years, with the regular limitation period being three years.

e) Your rights as data subject

In general, you as a data subject have the right of access (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability (Article 20 GDPR) and the right to object to processing (Article 21 GDPR). With respect to the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 Federal Data Protection Act apply. In addition, you have a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 Federal Data Protection Act).

f) Existence of automated decision-making (including profiling)

There is no automated decision-making process.

g) Obligation to provide data

In the context of the joint business relationship, the client must provide those personal data that are necessary to establish and perform a business relationship and to comply with the associated contractual obligations or to the collection of which the provider is required by law. Without these data, the provider will usually have to refuse to enter into a contract or perform the order, or will no longer be able to perform an existing contract and may have to terminate it. In particular, under anti-money laundering regulations, the provider is obligated to identify the potential contractual partner prior to establishing the business relationship, for example by means of an identity card, and to collect and record the name, place of birth, date of birth and nationality as well as residential address and identification data. For the provider to be able to comply with this legal obligation, the client must submit to the provider the necessary information and documents in accordance with Section 11(6) German Money Laundering Act and notify the provider of any changes arising in the course of the business relationship without undue delay. Should the client fail to provide the information and documents required by the provider, the provider may not enter into or continue the business relationship with the client.

3. Information about your right to object (Article 21 GDPR)

a) Individual right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) (processing necessary for the performance of a task carried out in the public interest) or (f) (processing based on balancing of interests) of Article 6(1) GDPR; this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR (profiling is, however, not currently performed by the provider). If you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

b) Right to object to processing of data for direct marketing purposes

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing (profiling is, however, not currently performed by the provider). If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

The objection may be made without adherence to a specific form to info(at)e-sec.io.

4. Third-party services

Currently, we do not use any third-party services.

5. Self-hosted services

a) Matomo

This website uses Matomo, an open source, self-hosted software to collect anonymous usage data for this website.

Website visitor behaviour data are collected to detect problems such as pages not found, search engine problems or unpopular web pages. Once the data are processed (number of visitors seeing error pages or just one web page etc.), Matomo generates reports for website owners to react accordingly (layout changes, new content etc.)

Matomo processes the following data:

  •     cookies
  •     anonymised IP addresses by removing the last 2 bytes (such as 198.51.0.0 instead of 198.51.100.54)
  •     pseudo-anonymised location (based on the anonymised IP address
  •     date and time
  •     title of the page accessed
  •     URL of the page accessed
  •     URL of the previous page (where allowed by the previous page)
  •     screen resolution
  •     local time
  •     files accessed and downloaded
  •     external links
  •     duration of page load
  •     country, region, city (with low accuracy due to IP address)
  •     main browser language
  •     user agent of browser
  •     interactions with forms (but not their content)

Indirect data collection
Server logs

When using this website, the access is recorded by the website host. This log contains your IP address, which indirectly identifies you through your ISP. The recording of this data is mandatory by law and necessary for security purposes. There is no way to opt out, but the data will never be used for other purposes.

Basis of legitimate interest

The data processing is based on the principle of legitimate interest.

The processing of data helps us find out what is working on our site and what is not. For example, it helps us find out if the website content is well received or how we can improve its structure. Our team benefits from this information and will be able to react accordingly. Due to the data processing, you will therefore benefit from a website that is continually improving.

Your data will exclusively be used to improve website usage.

Rights of data subjects

Since Matomo collects data based on legitimate interest, you may exercise the following rights:

  •     right of access and right to data portability: you may request all your data at any time.
  •     right to erasure and right to rectification: you may request that we erase all your data completely at any time.
  •     right to object and right to restriction of processing: You may object to data collection at any time by checking DoNotTrack or the following box in your browser: