A. Collected Data
We undertake to collect, process and use the personal data of our clients in accordance with the applicable German data protection laws, in particular in accordance with the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The collection, storage, processing and use of data serves mainly the purpose of establishing and implementing the contractual relationship and maintaining and proving compliance with the statutory requirements of the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG) and the German Money Laundering Act (Geldwäschegesetz – GWG).
Reference is also made to third-party websites on our website. These are usually identified by declaration of the internet address. We have no influence on the content and design of these websites of other providers and are thus unable to extend the content of this data privacy statement to include such third-party websites.
We collect the following types of information:
• Data which we gain due to your visit to our website (see point 1. below),
• Data which we gain due to your use of our services (see point 2. below).
1. Data which we gain due to your visit to our website
You can in principle visit our website without us knowing who you are. Only for statistical and internal system related purposes do we, in addition to your shortened IP address, also collect the time of access, the quantity of transferred data, which of the pages you visited on our website, which website you accessed our website from and which browser you use. If this information should allow conclusions to be drawn with regards to personal data, this is naturally subject to the legal regulations governing data security. No personalisation of data occurs.
Our website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on your computer and which allow for analysis of your use of the website. Information generated by cookies about your use of this website (including your IP address, which is however anonymised in such a way that you can no longer be associate with a connection) is transferred to a Google server in the USA and stored there.
Google will use this information to evaluate your use of the website, to compile reports about activities on the website for the website operator and provide other services relating to use of the website and internet use. Google may also possibly pass on this information to third parties if required by law or if these third parties process this data on behalf of Google. Google will not under any circumstances associate your IP address with other data of Google. You can prevent installation of cookies by making the appropriate browser software settings; we would however like to draw your attention to the fact that in this case, it is possible that you will not be able to fully use all of functions of this website. By using this website, you agree to processing of data collected about you via Google in the manner described above and for the purpose specified above.
The Opt-out browser Add-on for Google Analytics gives website visitors more control over which data about visited websites is collected by Google Analytics. You can opt out of data collection via Google Analytics effective in the future by installing an Opt-out Add-on (http://tools.google.com/dlpage/gaoptout?hl=de) for your browser.
Furthermore, we use Google Analytics to evaluate data from AdWords and the DoubleClick cookie for statistical purposes. If you wish to opt out of this, you can deactivate this via the ad manager (http://www.google.com/settings/ads/onweb/?hl=de).
As an alternative to the browser Add-on or in browsers on mobile devices, please click on the following link to prevent collection by Google Analytics on this website in the future (Opt-out only works in this browser and only for this domain). By doing so, an Opt-out cookie will be stored on your device. If you delete your cookies in this browser, you will have to click on this link again. (Please click on the link: Opt Out of Google Analytics).
Our web representation uses the “+1″ button of the Google Plus social network which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). You can recognise the button by the symbol “+1″ on a white background.
If you visit a website of our web representation which contains a button like this, your browser will establish a direct connection with Google servers. The content of the “+1″ button is transferred directly from Google to your browser and integrated in the website from this. For this reason, we have no influence on the scope of data which Google collects with the button, although we assume that your IP address will be included.
If you are a member of Google Plus and do not want Google to collect data about you via our web representation and to link this to the membership data you have saved with Google, you must log out of Google Plus before visiting our web representation.
Our web representation uses Social Plugins (“Plugins”) of the social network facebook.com, which us operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can recognise the plugins by one of the Facebook logos (a white “f” on a blue tile or a “thumbs up” symbol) or they may be identified with the words “Facebook Social Plugin”. You can view a list of the Facebook Social Plugins and see what they look like here: https://developers.facebook.com/docs/plugins/
If you visit a website of our web representation which contains a plugin like this, your browser will establish a direct connection with Facebook servers. The content of the plugin is transferred directly from Facebook to your browser and integrated in the website from this. For this reason, we have no influence on the scope of data which Facebook collects with the aid of this plugin and would thus like to inform you of our level of knowledge with regards to this.
By integrating the plugin, Facebook gains the information that you have visited the respective page of our web representation. If you are logged in to Facebook, Facebook can associate the visit to your Facebook account. If you interact with the plugin, for example by pressing the Like Button or making a comment, the respective information is transferred from your browser directly to Facebook and stored there. If you are not a member of Facebook, the possibility exists despite this that Facebook will learn your IP address and save it.
If you are a member of Facebook and do not want Facebook to collect data about you via our web representation and to link this to the data you have saved with Facebook, you must log out of Facebook before visiting our web representation.
Functions of the Twitter service are integrated in our website. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the “Re-Tweet” function, the websites you visit will be linked to your Twitter account and disclosed to other users. Data will also be transferred to Twitter in terms of this. Please note that we, in our capacity as the website provider, obtain no knowledge of the content of the transferred data or its use by Twitter. Further information regarding this can be found in the data privacy statement of Twitter at http://twitter.com/privacy. You can change your privacy settings on Twitter in account settings at http://twitter.com/account/settings.
So-called Social Icons (e.g. from YouTube, LinkedIn or Xing) are integrated in our website. These are only integrated in our website as a link to the respective services. After clicking on the integrated graphic symbol, you will be redirected to the respective provider, i.e. only then will the user information be transferred to the respective provider. Please find information about the handling of your personal data when using these websites in the respective data protection regulations of the provider.
2. Processing of personal data
We may store the following types of information from clients or potential clients:
• Name, address and contact details, in particular, telephone number and e-mail address
• Date of birth and gender
• Occupation and employment data
• Identity card/passport number
• National tax identification number
• Information about your income and assets, including information about your assets and liabilities, account balances, tax and annual financial statements
• Trading history and performance
• Other, similar information
• Your transactions and postal, electronic and telephone correspondence with us
We obtain this information from your use of our services or your business relationship with us, including our websites, apps, account opening applications, demo account opening applications, webinar subscriptions, newsletter subscriptions and information provided as part of ongoing client communications. We may obtain this information related to you from third parties, in particular from cooperation partners or publicly available sources.
We initially use and process the personal data provided for processing of the contract and for processing of your enquiries and requests. Personal data is constituted by details about your personal and material circumstances such as your name, your address or your e-mail address and your investment experience. Data like this will only be collected by us if you voluntarily and explicitly make it available to us and in this way show us that you agree to its use and processing. It is a matter of course for us that only those data are collected which are necessary for the implementation of these offers. If we ask you for further data, we do so exclusively for the purpose for example of facilitating communication with you or improving our services. In addition, we use your address and contact data, including your phone numbers and e-mail address, for marketing purposes.
We may share your personal information with intermediaries, service providers and cooperation partners who provide services on our behalf or who have solicited you to our company. It is in our legitimate interest to use your personal data in this way in order to provide our services to you.
We transmit the data collected by the client to third parties in order to fulfil the tasks and obligations resulting from the business relationship. The data collected from the client is forwarded in particular in order to enable the execution of transactions with financial instruments, to open custody accounts, to place orders or to carry out other investment or settlement measures and to provide you with the necessary technical support when opening an account and during business transactions within the scope of our business relationship. In this context the data provided by the client(s) upon establishment of the commercial relationship (basic personal data such as, e.g. name, address, date of birth, marital status, profession, communication details such as, e.g. phone number, email address, basic contract data such as, e.g. portfolio details, transaction data, bank details, deposit number, authorisations, risk profile, investment preferences, skills and experience, financial circumstances or comparable data), the investment and product decisions and the resulting account and/or deposit transactions including tax data, exemption orders for capital gains, saving and payout schedules, deposit structures or comparable data are transmitted.
A forwarding of the aforementioned data may also be required if we delegate the performance of individual services and activities (e.g. IT services, information events, newsletters, agency and/or consultancy services) to a third party. In all cases of forwarding, we ensure by means of order data processing that appropriate technical and organisational measures are taken to ensure and comply with banking secrecy and data protection with regard to personal client data.
The client also releases us from banking secrecy with regard to the aforementioned uses of data. However, this does not constitute a general release from banking secrecy.
If necessary, we will obtain the client’s consent in individual cases for all data transactions concerning the client that are not covered by the aforementioned or other legally permissible data uses.If you would like to subscribe to our newsletter, you must provide your e-mail address to which we can send the newsletter as well as your first name and surname. By providing your e-mail address, you provide your consent to our using this to send you the newsletter and to us sending you information about our products and services. We will save your e-mail address and the first name and surname provided – if you are not a client of our company – until you cancel your subscription to the newsletter. Saving of this data only serves the purpose of allowing us to send you a personalised newsletter. We also save your IP address and the time when you register or provide confirmation in order to prevent misuse of your personal data.
By registering, you provide you consent to being sent and receiving a newsletter tailored to suit your personal interests. This is achieved by evaluation of user behaviour on the basis of web beacons (tracking pixels) and your e-mail address which are linked to a unique ID. In doing so, we register when you read our newsletter, which links you click on in this and deduce from this your possible personal interests. We link this data with the activities you perform on our website. This information is not consolidated with other information you provide.
For sending our newsletter, we use the SendGrid component. SendGrid is a service provided by SendGrid Inc., 1801 California Street Suite 500, Denver, Colorado 80202, U.S.A. Your data saved during registration for the newsletter (e-mail address and where applicable your name, IP address and the date and the time of your registration) will be transferred to a server of SendGrid Inc. in the USA. Further information about data protection in the case of SendGrid can be found here: https://sendgrid.com/policies/privacy/.
You can object your consent to sending and receiving the newsletter at any time with effect for the future by clicking on the respective button in the newsletter you receive, by e-mail at email@example.com or by using the contact details provided in the newsletter. This will lead to deletion of the collected user data.
We also record telephone and electronic communications (in particular faxes, emails, communication via electronic mailboxes). We are legally obliged to do so with regard to such communication, which is aimed at the issuance of securities orders. We also record further communication for reasons of documentation and evidence and to ensure the quality of our services.
3. Further information on data protection
Right to information and correction
We will be pleased to inform you about your personal data stored on written request. You can also request the stored data to be corrected at any time.
Revocation of granted consents and right of objection
You can revoke your consent to the collection, storage and use of your personal data at any time in writing or electronically with effect for the future under the following contact options.
You can also object to the use of your data for marketing measures at any time without influence on the other business relationship under the following contact possibilities:
Bernstein Bank GmbH
Phone +49 (0)89 2154 310-0
Fax +49(0) 89 2154 310-99
The legality of data processing until revocation or objection remains unaffected by the revocation or objection.
Bernstein Bank GmbH
Right of appeal
You have the right of appeal to the Data Protection Authority, without prejudice to any other administrative or judicial remedy, if you believe that the processing of your personal data is contrary to the law. The Bavarian Data Protection Authority (BayLDA), Promenade 27, 91522 Ansbach, Germany, www.lda.bayern.de. is responsible for this.
Contact details of the data protection officer
We have appointed a data protection officer for our company, who can be contacted at the following contact details:
Phone +49 (0)89 2154 310-0
Duration of data storage
Your personal data will be stored during the business relationship and after its termination for a further ten years and three months unless otherwise stated above.
You can request us to correct individual personal data at any time. You may also request their deletion in accordance with Art 17 GDPR if
• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• you oppose processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for processing or the data subject opposes processing pursuant to Article 21(2).
• the personal data have been processed unlawfully.
• the deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
• the personal data relating to information society services offered have been collected in accordance with Article 8(1) of the GDPR.
We may use your personal information from time to time to create profiles about you so that we can better understand your needs and offer you the best products and services. We may also make decisions about you using automatically generated profiles or automated credit checks, which may affect your ability to use our services. This may be necessary to comply with our legal obligations or because it is in our legitimate interest to use your personal data in this way.
B. Change to the data privacy statement
As a result of the ongoing development of the internet, it will be necessary to adapt this data privacy statement to meet the requirements of the changing situation. Notice will be provided of such change in good time on this website.
C. Security advice
Please note that 100% security cannot be guaranteed with regards to data transfer over the internet. Data transfer via our website in principle takes place via SSL encryption and thus offers a high level of security.
Furthermore, communication by e-mail poses the risk of e-mails being spied out in an unauthorized manner by a third party and confidentiality cannot thus be guaranteed. In addition to this, counterfeiting and falsification cannot be recognized in terms of communication via e-mail. Even if the customer provides an electronic, advanced electronic or qualified electronic signature for their e-mails pursuant to the eIDAS Regulation and the Confidence Services Act, we are not technically able to verify this.