Privacy Policy
Data protection information in accordance with Art. 13, 14 and 21 GDPR
for the website, external pages and other processing operations of Institutional Investment Group GmbH
I. General information
1. Responsible person
2. Definitions
3. Information on data processing
4. Storage duration
5. Automated decisions in individual cases including profiling
6. Rights of affected persons
7. Notification obligations of the controller
8. Obligation to provide
9. Objection and cancellation
II. Data processing in connection with the use of our website
III. Notes on external pages
IV. Data processing on our careers page (karriere.2ig.de)
V. Other data processing operations outside our website and our external pages
VI. Information on the storage duration of consent-based cookies and similar technologies
I. Allgemeines
1. Responsible person
We, Institutional Investment Group GmbH, take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency regarding the processing of personal data. Only if you are sufficiently informed about the purpose, type and scope of the processing is the processing comprehensible for you as the data subject.
Our privacy policy therefore explains in detail which personal data we process when you use our website (www.2ig.de), all other websites that refer to it and in any other cases explained here (for definitions, see I.2.).
The controller within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other data protection regulations is
Institutional Investment Group GmbH
Brüsseler Straße 1-3
60327 Frankfurt am Main
Tel.: +49 (0) 69 484 485 500
E-Mail: datenschutzZEICHENFOLGE@2ig.de
Hereinafter referred to as ‘controller’ or ‘we’.
You can reach the data protection officer at
Sascha Kremer
Disch-Haus
Brückenstraße 21
50667 Köln
Please note that links on our website may take you to other websites that are not operated by us, but by third parties. Such links are either clearly labelled by us or are recognisable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and the secure handling of your personal data on these websites operated by third parties.
2. Definitions
From the GDPR
This privacy policy uses the terms of the legal text of the GDPR. You can view the definitions (Art. 4 GDPR) at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679, for example.
Additional definitions:
Cookies and similar technologies
Cookies are text files that are stored on or read from your device by a website. They contain combinations of letters and numbers, e.g. to recognise the user and their settings when they reconnect to the website that set the cookie, to enable them to remain logged in to a customer account or to statistically analyse specific user behaviour.
The WebStorage Technology makes it possible to store variables and values locally in the user’s browser cache. The technology includes both the so-called ‘sessionStorage’, which remains stored until the browser tab is closed, and the ‘localStorage’, which is stored in the browser cache until the cache is emptied by the user. The localStorage technology makes it possible, among other things, to recognise the user and their settings when they visit our website.
Data categories
When we specify the categories of data processed, this refers in particular to the following data: Core data (e.g. name, address, date of birth), Contact details (e.g. e-mail addresses, telephone number, messenger services), Content data (e.g. text entries, photographs, videos, contents of documents/files), Contract data (e.g. subject matter of the contract, terms, customer category), Payment data (e.g. bank details, payment history, use of other payment service providers), Usage Data (e.g. history on our website, use of certain content, access times, contact or order history), Connection data (e.g. device information, IP addresses, URL referrer), location data (e.g. GPS data, IP geolocalisation, access points).
3. Information on data processing
We process personal data only to the extent permitted by law. Personal data is only passed on in the cases described below. Personal data is protected by appropriate technical and organisational measures (e.g. pseudonymisation, encryption).
Unless we are legally obliged to store or pass on data to third parties (in particular law enforcement authorities), the decision as to which personal data we process and for how long and to what extent we disclose it depends on which functions of the website you use in each individual case.
4. Storage period
The personal data will be deleted as soon as the purpose of the processing no longer applies or a prescribed storage period expires, unless there is a need for further storage of the personal data for the conclusion or fulfilment of a contract. If we are required to provide information about the storage period for cookies and similar technologies, you will find the relevant details at the end of this privacy policy.
Personal data that we process as part of an application (see below) will be stored for a period of six months after completion of the application process.
5. Automated decisions in individual cases including profiling
Automated decisions are not made in individual cases, including profiling.
6. Rights of data subjects
As a data subject, you have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure.
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).
The data protection supervisory authority responsible for us/for our head office is
The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
However, you are free to lodge a complaint with another data protection supervisory authority. You can find a list of supervisory authorities at: https://www.bfdi.bund.de/ (under Infothek/Anschriften und Links)
7. Notification obligations of the controller
We will notify all recipients to whom your personal data has been disclosed of any rectification or erasure of your personal data or restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR, unless this notification is impossible or involves a disproportionate effort. We will inform you about the recipients if you request this.
8. Obligation to provide
Unless otherwise explained below in the information on the legal bases, you are not obliged to provide personal data. In the cases of Art. 6 para. 1 letter b GDPR, however, the personal data is required for the fulfilment or conclusion of a contract. If you do not provide the personal data concerned, it will not be possible to fulfil or conclude the contract. If you do not provide the data in the cases of Art. 6 (1) (a), (f) GDPR, it is not possible to use the affected parts of our website.
9. Objection and revocation
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
In accordance with Art. 7 para. 3 sentence 1 GDPR, you have the right to withdraw your consent informally by post or email at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. Upon your revocation, we will delete the personal data processed on the basis of your consent if there is no other legal basis for their processing.
Objections and revocations can be made informally and should be addressed to the contact details given above.
You can revoke certain consent(s) on our ‘Careers page’ directly via our cookie consent tool. Please note that you must do this on every end device on which you have visited our website and consented to data processing.
II. Data processing in connection with the use of our website
The use of the website and its functions regularly requires the processing of personal data.
Provision of the website
Purpose of processing: Functionality and optimisation of the website, as well as ensuring the security of our information technology systems when using our website for purely informational purposes (without using additional functions); integration and display of functions and content (e.g. graphics) that we do not provide ourselves.
Legal basis: Art. 6 para. 1 letter f GDPR.
Data categories: Connection data
Recipient of the data: IT service provider
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No
Contact
Purpose of the processing: Processing of your contact enquiry.
Legal basis: Art. 6 para. 1 letter f GDPR; if applicable, Art. 6 para. 1 letter b GDPR (if the enquiry concerns pre-contractual measures or an existing contract)
Data categories: Master data, contact data, content data, possibly usage data, connection data, possibly contract data (depending on the type of enquiry)
Recipient of the data: None
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No
Vimeo
Purpose of the processing: Einbindung von Videos über das Video-Plugin von Vimeo; Persönlichen Gestaltung unserer Website.
Legal basis: Art. 6 Abs. 1 Buchst. a DSGVO
Data categories: Nutzungsdaten, Verbindungsdaten, ggf. Standortdaten
Recipient of the data: Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA
Intended third country transfer: USA und andere Drittländer (auf Basis der Standarddatenschutzklauseln der EU-Kommission, Artikel 46 Absatz 2 Buchstabe c) DSGVO oder ggf. auf Grundlage von Angemessenheitsbeschlüssen (Artikel 45 DSGVO))
Do we store or read personal data on your end device based on your consent? Ja (Einzelheiten hierzu finden Sie in der Übersicht am Ende dieser Erklärung)
III. Notes on external pages
LinkedIn (profile)
Purpose of processing: We have set up a profile on the ‘LinkedIn’ platform at the address https://de.linkedin.com/company/institutional-investment-group-2ig has set up a page for our company. When you visit this page, LinkedIn processes your personal data. We receive statistics about the use of this page, which are derived from this data.
Legal basis: Art. 6 para. 1 letter f GDPR
Data categories: Master data, contact data, content data, usage data, connection data, location data if applicable
Recipient of the data: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (as joint controller pursuant to Art. 26 GDPR – the essence of the agreement can be found at https://legal.linkedin.com/pages-joint-controller-addendum)
Intended transfer to third countries: In individual cases USA and other third countries (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 lit. c) GDPR)
Do we store or read personal data on your end device based on your consent? No
Data subject rights: LinkedIn is responsible for implementing your data subject rights. LinkedIn will inform you about your data subject rights at https://www.linkedin.com/legal/privacy-policy. You can also assert your rights against us; we will then forward your request to LinkedIn immediately.
IV Data processing on our careers page (karriere.2ig.de)
Applications
Purpose of processing: Processing your application and carrying out the application procedure; consideration of your application by our affiliated companies, provided explicit consent has been given.
Legal basis: Art. 88 para. 1 GDPR in conjunction with. § Section 26 para. 1 sentence 1 BDSG; for applications to affiliated companies Art. 6 para. 1 letter a GDPR in conjunction with Art. 7 GDPR, Section 26 para. 2 BDSG.
Data categories: Master data, contact data, content data, contract data and, if applicable, special categories of personal data within the meaning of Art. 9 para. 1 GDPR (depending on the specific job advertisement and the information you provide; only the data relating to your application that you provide to us and that we are authorised to process in the context of applications will be stored).
Recipient of the data: rexx systems GmbH Headquarters, Süderstrasse 75-79, 20097 Hamburg; data will only be passed on to affiliated companies for their application procedures if you expressly consent to this.
Intended transfer to third countries: In individual cases Switzerland (on the basis of the adequacy decision (Art. 45 GDPR))
Do we store or read personal data on your end device based on your consent? No
Matomo
Purpose of the processing: Statistical analysis, optimisation and needs-based design of our careers page.
Legal basis: Art. 6 Abs. 1 Buchst. a DSGVO
Data categories: Usage data, connection data
Empfänger der Daten: rexx systems GmbH Headquarters, Süderstrasse 75-79, 20097 Hamburg
Beabsichtigte Drittlandübermittlung: Im Einzelfall Schweiz (auf Grundlage des Angemessenheitsbeschlusses (Art. 45 DSGVO))
Do we store or read personal data on your end device based on your consent? Yes (details can be found in the overview at the end of this declaration)
Job-Alert
Purpose of processing: Notification of new job offers; proof of your consent; ensuring the security of our information technology systems.
Legal basis: Art. 6 para. 1 lit. a, f GDPR
Data categories: Contact data, possibly content data and connection data
Recipient of the data: IT service provider, if applicable
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No
Cookie-Zustimmungsdienst
Zweck der Verarbeitung: Wenn Sie unsere Website besuchen, werden bestimmte Informationen auf Ihrem Endgerät gespeichert oder ausgelesen, wenn dies für den Betrieb unserer Website unbedingt erforderlich ist. Dazu gehören Informationen, die unser Cookie-Einwilligungsdienst verarbeitet, um sicherzustellen, dass nur solche Cookies und ähnliche Technologien gesetzt oder ausgelesen werden, die für den Betrieb unserer Website technisch notwendig sind oder denen Sie zugestimmt haben.
Legal basis: Art. 6 para. 1 lit. c, f GDPR.
Data categories: Usage data, connection data.
Recipient of the data: rexx systems GmbH Headquarters, Süderstrasse 75-79, 20097 Hamburg, Germany
Intended third country transfer: In individual cases Switzerland (on the basis of the adequacy decision (Art. 45 GDPR))
Do we store or read personal data on your end device based on your consent? No
V. Other data processing operations outside our website and our external pages
Guest WLAN
Purpose of the processing: Use of our guest WLAN; ensuring the security of our information technology systems. This is also our legitimate interest.
Legal basis: Art. 6 (1) (f) GDPR
Data Categories: Connection Data
Recipients of the data: None
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No
V. Information on the storage duration of consent-based cookies and similar technologies
Below we inform you about the names and functional duration of the cookies and similar technologies used by the above-mentioned plugins and services – if you have given your consent. The information is presented according to the following scheme:
Service: vimeo
Cookie/similar technology: player (1 year)
Cookie/similar technology: vuid (2 years)
Access to a cookie/similar technologies is generally only possible from the Internet address from which the cookie is set. This means that we do not have access to the cookies of the providers used (above). They have no access to our cookies. Third parties have no access to our cookies or those of the providers used. Access by third parties can only be gained through technical attacks, which we cannot control and for which we are not responsible.
Service: Matomo
_pk_id*
Domain name: karriere.2ig.de
Expiry: 13 months
Registers a unique ID for a website visitor that records how the visitor uses the website. The data is used for statistics.
_pk_ref*
Domain name: karriere.2ig.de
Expiry: 6 months
This cookie is used as a reference for the anonymous tracking session on the website.
_pk_ses*
Domain name: karriere.2ig.de
Expiry: 30 minutes
This cookie stores a unique session ID.
MATOMO_SESSID
Domain name: karriere.2ig.de
Expiry: This session cookie is deleted when the browser is closed
Status: June 2024
