We are aware of the trust you are placing in us. Therefore, we would like to provide comprehensive information to you on how we handle your personal data at Aquila Group (which refers to Aquila Capital Holding GmbH and the companies affiliated with it within the meaning of §§ 15 et seqq. of the German Stock Corporation Act (AktG)) as well as information on your rights under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). In particular, we would like to inform you on the type of data we collect when you visit and/or use our website and on how we use this data. If we have received personal data from you through other communication channels (e.g. by e-mail), the following Privacy Notice applies as well.
Given that our website and the technologies on which it is based, as well as our business processes are subject to continuous development, the Privacy Notice may need to be changed too. All future changes will be published on this website.
II. Use of the website and data protection
1. Name and contact data of the controller of the website
We, Aquila Capital Holding GmbH, represented by the managing directors Roman Rosslenbroich und Dr. Dieter Rentsch, Valentinskamp 70, 20355 Hamburg (Tel.: +49 40 875050-100 / receptionist, Fax: +49 40 87 5050-129) as the provider of this website, are the controller within the meaning of Art. 4 (7) GDPR.
2. Contact data of the Group Data Protection Officer
The Group Data Protection Officer of Aquila Group can be reached as follows:
Aquila Capital Holding GmbH
c/o the data protection officer
Valentinskamp 70, 20355 Hamburg
3. Processing of personal data in the context of informational use of our website
a. Description and scope of data processing
If you only use our website for informational purposes and you have not consented to the setting and use of any optional cookies, we do not collect any personal data aside from the data transmitted by your browser via basic cookies that are stored on your end device which are necessary to enable you to visit and functionally use the website.
That data is:
- Date and time of your request
- Duration of your visit
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status / HTTP status code
- Website & provider from/by which the request is made
- Operating system
- Language and version of the browser software
- IP address.
In addition to the aforementioned data, additional data may be collected and processed if you consent to the storage of optional cookies or the use of similar technologies on your computer and processing of such data when you visit and use our website. For more details on the processing of data via cookies, see II. Clause 5 of this Privacy Notice.
b. Purpose and legal basis of data processing
The legal term ‘personal data’ refers to all information relating to an identified or identifiable natural person.
We process personal data soley
• with your consent (Art. 6 (1) lit. a GDPR),
• to perform a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6 (1) lit. b GDPR),
• to comply with a legal obligation (Art. 6 (1) lit. c GDPR) or
• where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 (1) lit. f GDPR).
If you apply for an open position in our company, we will, additionally, process your personal data to decide on whether to hire you (§ 26 (1) sentence 1 BDSG).
c. Duration of data storage
Unless otherwise stated in the following, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations.
d. Disclosure to third parties
To facilitate the purposes described we may exchange your data with third parties. In this context we may provide access to your information to third parties that support our provision of services to you. Examples are third parties used to manage our web servers and to analyse data who may be able to access your data in this context. A data processing agreement is concluded in this case.
If you make your personal data available to us for the purpose of potential future cooperation, potential investments and/or to enable us to contact you, we may disclose this data to affiliated companies (as defined in Sections 15 et seqq. of the German Stock Corporation Act), if there is a legitimate interest on our part and your interests, fundamental rights and freedoms do not outweigh.
Otherwise, we only provide your personal data to third parties if we are obligated to do so by compulsory legal regulations, if you ask us to do so or have consented to the disclosure, or after the data has been anonymised or pseudonymised.
e. Data Transfer to third countries
Our data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met.
Unless otherwise stated below, we use the EU standard contractual clauses as appropriate safeguards for the transfer of personal data to third countries. You have the possibility to obtain a copy of these EU standard contractual clauses or to inspect them. To do so, please contact us at the address given under II. Clause 2
If you consent to the transfer of personal data to third countries, the transfer is made on the legal basis of Art. 49 (1) lit. a GDPR.
4. Collection of personal data during the use of our website features
a. Google Tag Manager
We use the Google Tag Manager of the provider Google Ireland Limited (Ireland, EU) on our website. The Google Tag Manager is used to manage our website tags via an interface. The Google Tag Manager is a cookie-free domain to which the IP address is transmitted for technical reasons. The Google Tag Manager merely ensures that other tags are triggered, which in turn may collect data without accessing this data themselves. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
The legal basis for the transfer of the IP address is Article 6 (1) lit. f GDPR. Our legitimate interest serves as the administration of our website services and the triggering of other tags.
For more information on data processing, please visit: https://support.google.com/tagmanager/answer/7157428.
b. Contact form
We process your personal data provided in the contact form in order to contact you and to process your request. If your request is directed towards the conclusion or performance of a contract with us, Art. 6 (1) lit. b GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons making enquiries. The legal basis for data processing is then Art. 6 (1) lit. f GDPR. This data will not be passed on without your consent. Data transmitted via the contact form will remain with us until you request us to delete it or there is no longer any need to store the data. Mandatory legal provisions – in particular retention periods – remain unaffected.
Our website uses plugins from Vimeo to integrate and display video content. The provider of the video portal is Vimeo Inc. (USA). When calling a page with an integrated Vimeo plugin, a connection to the servers of Vimeo is established and Vimeo may set its own cookies. This will tell Vimeo which of our pages you have accessed. Vimeo will know your IP address even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.
Vimeo can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand.
When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Details on the handling of user data can be found in Vimeo’s data protection declaration at: https://vimeo.com/privacy.
Notes on legal bases:
Your data is processed on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR. Your consent is controlled via our consent management and can be revoked at any time.
a. Description and scope of data processing
If you want to, you can suppress the storage of cookies in general through your web browser or you can decide if you want to be asked if a cookie should be stored or not. However, if you do not accept any cookies, some pages may not be displayed correctly anymore.
- Language and country
- Browser settings and installed plug-ins
- Data on the use of our website.
This website uses the following cookies:
- Transient cookies (temporary use)
- Persistent cookies (use for a limited time)
Transient cookies are deleted automatically when you close your browser. They specifically include session cookies. Session cookies store a “session ID” which allows to allocate various requests from your browser to a joint session. This allows the website to recognize your computer when you return to the website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are deleted automatically after a specified period which may vary depending on the type of the cookie. You can delete the cookies at any time in the security settings of your browser.
More information on how cookies work can be found on the following website: https://www.allaboutcookies.org.
b. Purpose and legal basis of data processing
c. Duration of storage objection and elimination options
d. Customise cookie settings
When calling up our website, we offer you the possibility to individually adjust the optional cookies via the “Settings” item in the cookie banner. Your consent to optional cookies is voluntary, not necessary for the use of this website and can be revoked at any time. You can adjust the cookie settings here at any time.
In addition, the banner helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 (1) lit. c in conjunction with Art. 7 (1) GDPR).
6. Google Analytics
Some of this data is information stored on the end device you are using. In addition, further information is also stored on your end device via the cookies used. Such setting of cookies, storage of information by Google Analytics or access to information already stored in your end device as well as the processing of data by us will only take place with your consent. Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet. In doing so, pseudonymous user profiles can be created from the processed data.
The setting of cookies and the further transmitting and processing of personal data described here takes place with your consent. The legal basis for the setting of cookies and data processing in connection with the Google Analytics service is therefore § 25 (1) TTDSG and Art. 6 (1) a GDPR. You can revoke this consent via our Cookie Settings at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Google Ireland transmits data to Google LLC and its servers located in the United States, which is deemed a third country where the data protection standards do not meet the same standards as set by the GDPR. Google Ireland respectively uses the EU standard data protection clauses as appropriate safeguards for these transfers of personal data in third countries, which can be found at the following link: https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/ and has performed a Transfer Impact Assessment for the transfer.
The data on user actions is stored for a period of 2 months to enable us to reach the purposes for which we collected the data and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.
7. Your rights
III. General data processing at Aquila Group (data protection information according to Art. 13 GDPR)
The privacy, protection and processing of your personal data is very important to Aquila Group. In the following we would like to inform you about the processing of your personal data within Aquila Group and your rights regarding personal data protection. Which specific personal data will be processed and/or used significantly depends on the specific existing business relationship we have with you, the occasion and the purpose of the processing or other factors.
1. Name and contact data of the controller
Controller within the meaning of GDPR and/or other European data protection laws or regulations, is the legal entity within Aquila Group, with which you maintain a business relationship, that collects personal data from you or to which you provide personal data.
The responsible company of Aquila Group with legal seat in Hamburg, Germany, can be reached as follows:
Valentinskamp 70, 20355 Hamburg, Germany
Phone.: +49 40 875050-100
The responsible companies of Aquila Group with legal seat in Spain can be reached as follows:
Paseo de la Castellana, 259D, Torre Espacio, 28046 Madrid, Spain
Phone.: +34 91 511 90-50
The responsible companies of Aquila Group with legal seat in Greece can be reached as follows:
Artemidos 1, 15125 Maroussi, Athens, Greece
The responsible companies of Aquila Group with legal seat in Norway can be reached as follows:
Haakon VIIs Gate 2, 0161 Oslo, Norway
The responsible companies of Aquila Group with legal seat in Netherlands can be reached as follows:
Schiphol Boulevard 215, 1118 Schiphol, Netherlands
The responsible companies of Aquila Group with legal seat in Italy can be reached as follows:
Via Mike Bongiorno 13, 20124 Milano, Italy
The responsible companies of Aquila Group with legal seat in Portugal can be reached as follows:
Av. Fontes Pereira de Melo 14, 11 piso, 1050-121 Lisbon, Portugal
The responsible companies of Aquila Group with legal seat in the UK can be reached as follows:
20th Floor, Leaf B, Tower 42, 25 Old Broad Street, London EC2N 1HQ
Phone: +44 2082085400
The responsible companies of Aquila Group with legal seat Switzerland can be reached as follows:
8001 Zurich, Switzerland
2. Contact data of the Group Data Protection Officer of Aquila Group
The data protection officer of Aquila Group can be reached as follows:
Aquila Capital Holding GmbH
c/o Data Protection Officer
Valentinskamp 70, 20355 Hamburg
3. Purpose of personal data processing and legal basis
We process personal data in accordance with the relevant rules and regulations, in particular with GDPR.
The processing of personal data is necessary for the performance of a contract with you (Art. 6 (1) lit. b. GDPR).
The processing of personal data is necessary for the purposes of the legitimate interests pursued by you or by a third party (Art. 6 (1) lit. f. GDPR).
If you have declared your consent in the processing of personal data for certain purposes, we process such data on the basis of your consent (Art. 6 (1) lit. a. GDPR.
In addition, we are subject to a large number of legal obligations (money- laundering act, tax law etc.) as well as regulatory regulations. For this purpose we can use and process your personal data (Art. 6 (1) lit. c. GDPR).
4. Recipients or categories of recipients of the personal data
Your personal data will be transmitted within Aquila Group to all entities which need these data for contractual and/or regulatory purposes. For these purposes we also may transmit your personal data to processors (Art. 28 GDPR) if applicable. To comply with certain contractual obligations we may transmit personal data to other recipients, e.g. public authorities or organisations in case of legal obligations. A transfer of personal data to third parties with a registered office in a third country will only take place with your consent or in order to fulfil our contractual obligations pursuant to Art. 44 et seq GDPR.
5. Duration of storage
After collection, your data will be stored for as long as necessary to fulfil the purpose for which it was collected, taking into account the statutory retention periods.
we are subject to miscellaneous safekeeping and documentation obligations that may arise from e.g. German Commercial Code or General Fiscal Code. Pursuant to the provisions of these laws, personal data must generally be retained for a period of ten years. In addition, the statutory period of limitations within the meaning of §§ 195 et seq. German Civil Code (BGB) shall apply in relation to the duration of storage period. Thus, the maximum period of limitation term is up to 30 years. However, retention periods according to legal regulations of other countries may also apply.
6. Automated decision-making including profiling
Your personal data will be partially processed automatically, to analyse certain personal aspects (profiling). Profiling is used in the following areas: We are subject to certain legal and regulatory requirements, e.g. anti-money laundering, terrorist financing and asset risk offenses. Concurrently, these measures are for your protection.
7. Your Rights
IV. Data Subject Rights
As a data subject within the meaning of the GDPR, you have various rights vis-à-vis the responsible entity of Aquila Group with regard to your personal data, which we inform you about below. You can also find details about your rights in Art.15-21 of the GDPR:
- Right to information according to Art. 15 GDPR:
You have the right to request information about your personal data processed by the controller. In particular, about the processing purposes, the categories of personal data and about recipients or categories of recipients to whom the personal data have been disclosed. Furthermore, you have the right to obtain information about the planned duration of storage.
- Right to rectification pursuant to Art. 16 GDPR:
You have the right to request without delay the correction of inaccurate or the completion of your personal data stored by the controller.
- Right to deletion according to Art. 17 GDPR
You have the right to request the deletion of your data under the conditions specified in Art. 17 GDPR.
- Right to restriction according to Art. 18 GDPR
In specific cases specified in the GDPR, you have the right to request the restriction of the processing of your personal data.
- Right to data portability according to Art. 20 GDPR
In specific cases set out in the GDPR, you have the right to receive and transfer all personal data concerning you to another controller (right to data portability).
In particular, you have a
- Right of objection according to Art. 21 GDPR
In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Article 6 (1) lit. e or f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing pursuant to Art. 21 (2) and (3) GDPR.
as well as a
- Right of revocation according to Art. 7 para. 3 GDPR
Insofar as we process your data on the basis of your consent (Art. 6 (1) lit. a or Art. 9 (2) GDPR), you have the right to revoke this consent at any time with effect for the future, without this affecting the lawfulness of the consent valid until then. The revocation is – like the granting of consent itself – possible orally or in text form.
You also have a
- Right of appeal pursuant to Art. 77 GDPR
You have the right to complain to a data protection supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of the responsible controller.