Data Protection
Privacy Statement in accordance with EU GDPR
1. Name and contact details of the controller
The controller in accordance with the European General Data Protection Regulation (GDPR), other national data protection laws applicable in the Member States of the European Union, and other applicable data protection regulations is:
Palladio GmbH
Klettenbergstrasse 12
60322 Frankfurt/Main
Germany
Tel .: +49 (0) 69 17 53 72 67 – 0
E-mail: mailnoSpam@palladio-partnersnoSpam.com
Website: www.palladio-partners.com
The following section provides information about how your personal data is processed when you use our website.
Please contact our Data Protection Officer if you have any additional data protection questions regarding our website or the services we offer:
Rudolf Fiedler
DPP Data Protection GmbH
E-mail: datenschutznoSpam@palladio-partnersnoSpam.com
2. Scope and purpose of, and legal basis for, processing personal data
We only collect and use users’ personal data to the extent necessary to ensure a functional website, and to provide our content and services. Personal data is generally only captured and used with the consent of the data subject. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and data processing is permitted by law.
2.1 Log file creation
Our system automatically collects system data and information (log files) from computers accessing our websites. This includes the IP address of the user concerned. User IP addresses are anonymized with an “x” in the log files after seven days, and are automatically deleted after nine weeks.
We capture technical information for network security reasons (e.g., to combat attacks) and to improve our website offerings. This constitutes a legitimate interest in data processing in accordance with Article 6 (1) point (f) of the GDPR.
Users do not have the right to opt out since the capture of data and the storage of log files are essential for the provision and operation of the website.
2.2 Use of cookies
We use session cookies to enhance the user-friendliness of our website.
Cookies are text files that are stored in the user’s web browser, or stored by the browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a string of characters that allows the browser to be uniquely identified when the website is reopened. The cookies set by our website are automatically deleted when the user ends the browser session.
Click on the following link to delete our cookies manually.
Cookies are stored on the user’s computer and transmitted by the latter to our website. This means that you, as the user, have full control over how they are used. Users can disable or restrict the transmission of cookies by changing their browser settings. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Disabling cookies for our website means that some website features may not be available in full.
3. Legal basis for the processing of personal data
The legal basis for processing in those cases in which we have obtained the data subject’s consent to the processing of his or her personal data is set out in Article 6 (1) point (a) of the GDPR.
The legal basis for processing in those cases in which processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract is set out in Article 6 (1) point (b) of the GDPR.
The legal basis in those cases in which processing is necessary for compliance with a legal obligation to which our company is subject is set out in Article 6 (1) point (c) of the GDPR.
The legal basis for processing where this is necessary in order to protect the vital interests of the data subject or of another natural person is set out in Article 6 (1) point (d) of the GDPR.
Protecting the company from material or non-material damage
Professionalizing our products and services
Cost optimization
We also process personal data in order to comply with commercial law and tax law retention requirements.
4. Data erasure and duration of storage
The data subject’s personal data will be erased or blocked as soon as the purpose for which it is stored no longer applies, or it is no longer required. Personal data may be stored for the time in which claims can be asserted against our company (statutory limitation periods range from three to thirty years).
In addition, such storage may take place where it has been provided for under Union or Member State regulations, laws, or other rules to which the controller is subject. Such duties of proof and retention arise, inter alia, from the ‒ German Commercial Code (Handelsgesetzbuch - HGB), the German Tax Code (Abgabenordnung - AO) and the German Money Laundering Act (Geldwäschegesetz - GwG). The storage periods in these cases can be up to ten years.
Personal data is also blocked or erased when a storage period provided for by the above-mentioned legal rules expires, unless the data still has to be stored in order to enter into, or perform, a contract.
5. Transfer of personal data to third parties
We may transfer your personal data to other companies within the Group in order to provide you with products and services on the basis of our contractual obligations or our legitimate interests.
The companies concerned are as follows:
Palladio GmbH
Palladio Management GmbH
Palladio (Luxembourg) S.à r.l.
Furthermore, we may be legally obliged to provide personal data to German and international authorities. The legal basis for this is Article 6 (1) point (c) of the GDPR in conjunction with national and international regulations and treaties.
6. Right to object in accordance with Article 21 of the GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on points (e) or (f) of Article 6 (1), including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
7. Rights of the data subject
Our company is committed to ensuring the transparency of all proceedings relating to the processing of personal data. We therefore draw your attention to the fact that, in addition to your right to object, you can exercise further rights where the legal preconditions for these exist:
Right of access (Article 15 of the GDPR)
Right to rectification (Article 16 of the GDPR)
Right to erasure (“right to be forgotten“ ‒ Article 17 of the GDPR)
Right to restriction of processing (Article 18 of the GDPR)
Right of notification (Article 19 of the GDPR)
Right to data portability (Article 20 of the GDPR)
(No) automated individual decision-making, including (Article 22 of the GDPR)
Please e-mail datenschutznoSpam@palladio-partnersnoSpam.com to exercise your rights.
Please note that we shall process your personal data in accordance with Article 6 (1) point (c) of the GDPR so as to be able to process your request and for identification purposes.
8. Consent
You have the right to revoke your declaration of consent at any time with effect for the future. Any revocation does not affect the legality of processing performed on the basis of the consent prior to the revocation. In some cases, we are entitled to continue processing your personal data despite your revocation on another legal basis (e.g., to fulfil a contract).
9. Use of password-protected area
When you visit and use the password-protected area of our website, you will be redirected to the website of our service provider (currently Drooms GmbH). The service provider will process your name, e-mail address, company, and other contact details, data used to analyze user behavior in the password-protected area (access to documents, dwell time, etc.), and other data room activities (such as user, usage, document viewing, login, index, authorization and file processing histories) on our behalf.
Processing personal data is necessary to fulfill our (pre-)contractual and legal obligations under the Sustainable Finance Disclosure Regulation (SFDR ‒ Regulation (EU) 2019/2088) in particular (legal basis: Article 6 (1) points (b) and (c) of the GDPR). This also applies to processing operations that are necessary to perform pre-contractual measures. The information above regarding your rights, data erasure and the data storage period applies with the necessary modifications.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly within the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Competent supervisory authority
Hessen Data Protection Commissioner
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
PoststellenoSpam@datenschutz.hessennoSpam.de