Data protection

Valid from: April 3, 2023

Data protection declaration of DEALCIRCLE GmbH

The provisions of the EU General Data Protection Regulation (hereinafter referred to as GDPR) apply throughout Europe. We would like to inform you about the processing of personal data by our company in accordance with this regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this privacy policy, you can send them at any time to the email address provided in points 2 or 3.

Overview

Data processing by DEALCIRCLE GmbH can essentially be divided into two categories:

1. scope of application

Data processing by DEALCIRCLE GmbH can essentially be divided into two categories:

For the purpose of contract processing, all data required for the execution of a contract with DEALCIRCLE GmbH will be processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent necessary.

When you visit the DEALCIRCLE GmbH website/platform, various information is exchanged between your device and our server. This may also include personal data. The information collected in this way is used, among other things, to optimize our website.

This privacy policy applies to the following offers:

our online offering available at www.dealcircle.de and www.amber.deals;‍

whenever reference is made to this privacy policy in any of our offerings (e.g., websites, subdomains, mobile applications, web services, or integrations into third-party sites), regardless of how you access or use them.

All these offers are also referred to collectively as "services".

2. responsible person

The data controller - i.e. the party that decides on the purposes and means of processing personal data - in connection with the Services is

DEALCIRCLE GmbH
Speersort 1
20095 Hamburg
datenschutz@dealcircle.de

3. data protection officer

You can contact our data protection officer as follows:

Contact form:

https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg

4. data security

We have established an information security management system in our company in order to develop the measures required by Art. 32 GDPR and thus achieve a level of protection appropriate to the risk.

Data processing in detail

In this section of the privacy policy, we inform you in detail about the processing of personal data in the context of our services. For the sake of clarity, we organize this information according to certain functionalities of our services. During normal use of the services, different functionalities and therefore also different processing operations may be carried out consecutively or simultaneously.

1. general information on data processing

Unless otherwise specified, the following applies to all processing operations described below:

a. No obligation to provide

There is no contractual or legal obligation to provide personal data. You are not obliged to provide data.

b. Consequences of non-provision

In the case of required data (data that is marked as mandatory when it is entered), failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.

c. Consent

In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (possibly for part of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes that we pursue with this processing.

d. Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.

The admissibility requirements are regulated by Art. 44 -49 GDPR.

e. Hosting with external service providers

Our data processing is largely carried out with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and also process personal data on our behalf in accordance with our instructions. These service providers either process data exclusively within the EU or we have ensured an adequate level of data protection with the help of the EU standard data protection clauses.

f. Transmission to state authorities

We only transfer personal data to state authorities (including law enforcement authorities) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) GDPR) or if it is necessary for the assertion, exercise or defense of legal claims (legal basis Art. 6 para. 1 f) GDPR).

g. Storage period

We do not store your data for longer than we need it for the respective processing purposes. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its temporary storage is still necessary. Reasons for this may include the following:

Compliance with commercial and tax law retention obligations
Preservation of evidence for legal disputes within the framework of statutory limitation periods
We may also continue to store your data if you have expressly consented to this.

h. Data categories

This section describes how we process your personal data when you access our services. In particular, we would like to point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet.

Account data: Login/user ID and password
Personal master data: Title, salutation/gender, first name, last name, date of birth
Address data: Street, house number, address additions if applicable, postal code, city, country
Contact data: Telephone number(s), fax number(s), email address(es)
Registration data: Information about the service you registered for; times and technical information about registration, confirmation, and logout; data provided by you during registration
Order data: Products ordered, prices, payment and delivery information
Access data: Date and time of your visit to our service; the page from which the accessing system reached our site; pages accessed during use; session identification data (session ID); in addition, the following information from the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system, and similar technical information.
Application data: resume, references, evidence, work samples, certificates, images

2. calling up the website/application

Google Fonts

We use Google Fonts from Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. Google Fonts are used without authentication and no cookies are sent to the Google Fonts API. If you have an account with Google, none of your Google account data will be transmitted to Google when you use Google Fonts. Google only records the use of CSS and the fonts used and stores this data securely. You can find out more about these and other questions at https://developers.google.com/fonts/faq?tid=231548945379.

You can find out what data is collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

3. Newsletter / Email Alerts

What happens to your personal data in connection with a subscription to our newsletter is described here:

4th application

In an ongoing application process, we process your personal data in the following ways:

5. Customer support/appointment requests

You can find out how we process your personal data when you contact our customer service here:

6. data processing in the context of establishing contact and initiating/concluding contracts

If you contact us via the online form or by e-mail, we will save the information you provide in order to answer your request and to be able to ask possible follow-up questions.

The same applies if we contact you directly to present you with investment opportunities that are relevant to you. In this case, we obtain the contact details from publicly accessible and non-confidential sources.

data category	intended purpose	legal basis	Legitimate interest, if applicable	storage period
Personal master data, contact details, email content	Processing inquiries, presenting projects	Article 6(1)(b) and (f) of the GDPR	Customer loyalty, improvement of our service	1 year, archiving 10 years
Personal master data, contact details	Contract initiation and conclusion	Article 6(1)(b) GDPR		Legal retention periods 10 years

7. tracking

Below we describe how your personal data is processed using tracking technologies to analyze and optimize our services and for advertising purposes.

The description of the tracking procedures also includes information on how you can prevent or object to data processing. Please note that the so-called "opt-out", i.e. the rejection of processing, is usually stored via cookies. If you use our services via a new end device or in a different browser or if you have deleted the cookies set by your browser, you must declare your refusal again.

The tracking procedures described only process personal data in pseudonymous form. A connection with a specific, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, does not take place. With regard to the categories of data processed, please refer to Google Analytics.

Tracking to analyze and optimize our services and their use as well as to measure the success of advertising campaigns and optimize the display of advertising

Purposes of the processing

The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and adapt them to the needs of users and to correct errors. It is also used to statistically determine key values about the use of our services (reach, intensity of use, surfing behavior of users) - on the basis of uniform standard procedures - and thus obtain market-wide comparable values.

Tracking to measure the success of advertising campaigns serves to optimize our ads for the future and to enable marketers and advertisers to optimize their ads accordingly. The purpose of tracking to optimize the display of advertising is to show users advertising tailored to their interests, to increase the success of the advertising and thus also the advertising revenues.

Legal basis of the processing

Protection of legitimate interests in accordance with Art. 6 para. 1 a) GDPR

The tracking methods used in detail

8. cookies

This website uses cookies. We use cookies to personalize content and ads, to provide social media features, and to analyze traffic to our website. We also share information about your use of our website with our social media, advertising, and analytics partners. Our partners may combine this information with other data you have provided to them or that they have collected as part of your use of their services. By clicking the Accept button, you consent to the selected cookies. Your consent can be revoked at any time with future effect.

Cookies are small text files that are used by websites to make the user experience more efficient.

By law, we can store cookies on your device if they are strictly necessary for the operation of this site. We need your permission for all other types of cookies.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

You can change or withdraw your consent at any time from the cookie declaration on our website.

Find out more about who we are, how you can contact us and how we process personal data in our privacy policy.

Your consent applies to the following domains: dealcircle.com

Your consent ID: vsUayEpTaqN1+63kDfFfaUVYIDrDIB+hAg1NKW9Tc3UDi2lNtxf1zw== Date of consent: Tuesday, June 30, 2020, 9:52:13 p.m. GMT+5:30

Your current status: Allow cookies.
Change your consent | Withdraw your consent
The cookie statement was last updated on 8/29/20 by Cookiebot:

Necessary (2)

Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name	supplier	purpose	procedure	Type
Cookie consent	Cookiebot	Stores the user's consent status for cookies on the current domain.	1 year	HTTP cookie
PHP SESSION ID	test.dealcircle.com	Maintains the user's state across all page requests.	session	HTTP cookie

Statistics (4)

Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

Name	supplier	purpose	procedure	Type
_ga	test.dealcircle.com	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years	HTTP cookie
_gat	Google Tag Manager	Used by Google Analytics to limit the request rate	1 day	HTTP cookie
_gid	test.dealcircle.com	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day	HTTP cookie
collect	Google	Used to send data to Google Analytics about the device and behavior of the visitor. Tracks the visitor across devices and marketing channels.	session	Pixel Tracker

rights of affected persons

1. right of objection

You have the right to object, on grounds relating to your particular situation, at any time with future effect to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

You can exercise your right to object free of charge.

You can reach us using the contact details listed under I.2.

2. right to information

You have the right to know whether personal data concerning you is processed by us, what personal data this may be, and further information in accordance with Art. 15 GDPR.

3. right of rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4. right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Art. 17 (1) GDPR applies and the processing is not necessary for one of the purposes specified in Art. 17 (3) GDPR.

5. right to restriction of processing

You are entitled to request a restriction on the processing of your personal data if one of the conditions set out in Art. 18 (1) (a) to (d) GDPR is met.

6. right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us or to have it transmitted directly by us, where technically feasible. This should always apply if the basis for data processing is consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held only in paper form.

7. right to withdraw consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

8. right of appeal

You have the right to lodge a complaint with a supervisory authority.

IV. Glossary

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: The term "cookie" actually comes from the English vocabulary and its original meaning can be translated into German as "Keks". In the context of the World Wide Web, however, a cookie describes a small text file that is stored locally on the user's computer when they visit a website. This file stores data about the user's behavior. If the browser is called up and the corresponding website is visited repeatedly, the cookie is used and provides the web server with information about the user's surfing behavior using the stored data. In this context, cookies are not just cookies, but information that a website stores locally on the visitor's computer in a small text file. This information can be settings already made by the user on a page, but also information that the website has collected from the user completely independently. These locally stored text files can then be read again later by the same web server that created them. Most browsers accept cookies automatically. You can manage cookies using the browser functions (usually under "Options" or "Settings"). In this way, the storage of cookies can be deactivated, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.

Third countries: Country that is not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA)

Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixel: Pixels are also known as tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML e-mails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the server operator to see if and when an e-mail has been opened or a website visited. This function is usually implemented by calling up a small program (Javascript). In this way, certain types of information can be recognized and passed on on your computer system, such as the content of cookies, the time and date of the page view and a description of the page on which the tracking pixel is located.

Services: Our offers to which this privacy policy applies (see scope of application).

Tracking: The collection of data and its evaluation regarding the behavior of visitors to our services.

Tracking technologies: Tracking can take place both via the activity logs stored on our web servers (log files) and by means of data collection from your end device via pixels, cookies and similar tracking technologies.

Processing: Any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as collection, recording, organization, ordering, storage, adaptation or modification, reading out, querying, use, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

b. Recipients of the personal data
recipient category	Affected data	Legal basis for the transfer	Legitimate interest, if applicable
hosting provider	access data	Order processing (Art. 28 GDPR)

c. External content providers that transmit to third countries
Service name	Functionality	Service name	Where applicable, adequacy decision (Art. 45 GDPR)	Where applicable, appropriate safeguards (Art. 46 GDPR)
Google fonts	Display of fonts	Yes		EU-U.S. Privacy Shield https://www.privacyshield.gov/list

a. Information on processing
data category	intended purpose	legal basis	Legitimate interest, if applicable	storage period
email address	Verification of registration (double opt-in procedure), newsletter dispatch	Article 6(1)(a) GDPR		Duration of newsletter subscription
personal master data	Personalization of the newsletter	Article 6(1)(a) GDPR		Duration of newsletter subscription
login details	Traceability of newsletter registration/confirmation/unsubscription	Article 6(1)(f) GDPR	Proof of newsletter registration/confirmation/unsubscription	Duration of newsletter subscription
Usage profile data Newsletter	designing the newsletter to suit the interests of the audience	Article 6(1)(a) GDPR		Duration of newsletter subscription

b. Recipients of the personal data
recipient category	Affected data	Legal basis for the transfer	Legitimate interest, if applicable
HubSpot, Inc. (United States of America, certified in EU-US Privacy Frameworks)	all data mentioned under a.	Order processing (Art. 28 GDPR)

a. Information on processing
data category	intended purpose	legal basis	Legitimate interest, if applicable	storage period
Address details, contact details	Identification, establishing contact, communication for contract initiation	Article 6(1)(b) GDPR		6 months
personal master data	Identification, establishing contact, age verification	Article 6(1)(b) GDPR		6 months
application data	candidate selection	Article 6(1)(b) GDPR		6 months

b. Recipients of personal data
recipient category	Affected data	Legal basis for the transfer	Legitimate interest, if applicable
Microsoft Ireland Operations Ltd (Ireland)	All data mentioned under a)	Order processing (Art. 28 GDPR)
Personio SE & Co. KG	All data mentioned under a)	Order processing (Art. 28 GDPR)

Service name	Functionality	Option to prevent processing (opt-out)	Data transfer to third countries?	Where applicable, adequacy decision (Art. 45 GDPR)	Where applicable, appropriate safeguards (Art. 46 GDPR)
Google Analytics	web analytics	https://tools.google.com/dlpage/gaoptout?hl=de	yes
Google Tag Manager	web analytics		yes		https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active