Privacy Policy

Data protection notices in accordance with Art. 13, 14 and 21 DSGVO for the website, external pages and other processing operations of Institutional Investment Partners GmbH

 I. General
     1. Person responsible
     2. Definitions
     3. Information on Data Processing
     4. Storage Period
     5. Automated Decision in individual cases including Profiling
     6. Rights of affected Persons
     7. Notification Obligations of the responsible Person
     8. Obligation to provide
     9. Right of Objection
II. Data Processing in Connection with the Use of our Website
III. Information on external Sites
IV. Data processing on our career site (karriere.2ig.de)
V. Other Data Processing Operations outside our Website and external Pages
VI. Information on the Storage Period of consent-based Cookies and similar Technologies
VI. Virtual events

I. General

  1. Person responsible

We, the Institutional Investment Partners GmbH, take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency regarding the processing of personal data. Only if you are sufficiently informed about the purpose, nature and scope of the processing, the processing is comprehensible for you as an affected person.

Our data protection declaration therefore explains in detail what personal data is processed by us when you use our website (www.2ip.de), all other websites that refer to it and in the other cases that may be explained here (for definitions, see I.2.).

The responsible party within the meaning of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and other data protection regulations is

Institutional Investment Partners GmbH
Hamburger Allee 45
60486 Frankfurt am Main
Tel.: +49 (0) 69 484485500

E-Mail: datenschutz@2ig.de

Hereinafter referred to as the “responsible” or “we“.

You can reach the data protection officer at:

Sascha Kremer
Disch-Haus
Brückenstraße 21
50667 Cologne

Please note that links on our website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.

  1. Definitions

From DSGVO
This privacy policy uses the terms of the legal text of the DSGVO. You can view the definitions (Art. 4 DSGVO), for example, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679.

Additional definitions:

Cookies and similar technologies

Cookies are text files that are stored or read by a website on your terminal device. They contain combinations of letters and numbers in order, for example, to recognize the user and his settings when he reconnects to the website that set the cookie, to enable him to remain logged in to a customer account or to statistically analyze specific user behavior.

The WebStorage technology makes it possible to store variables and values locally in the user’s browser cache. The technique includes both the so-called “sessionStorage“, which remains stored until the browser tab is closed, and “localStorage“, which is stored in the browser cache until the cache is cleared by the user. The localStorage technique makes it possible, among other things, to recognize the user and his or her settings when our website is called up.

Data categories
When we specify the categories of data processed, we are referring in particular to the following data: master data (e.g., names, addresses, dates of birth), contact data (e.g., e-mail addresses, telephone numbers, messenger services), content data (e.g., text entries, photographs, videos, contents of documents/files), contract data (e.g., subject matter of contract, terms, customer category), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. history on our website, use of certain content, access times, contact or order history), connection data (e.g. device information, IP addresses, URL referrers), location data (e.g. GPS data, IP geolocation, access points).

  1. Information on Data Processing

We process personal data only to the extent permitted by law. Personal data is only passed on in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption).

Unless we are required by law to store or disclose personal data to third parties (in particular law enforcement agencies), the decision as to which personal data we process and for how long, and the extent to which we disclose it, depends on which functions of the website you use in each individual case.

  1. Storage Period

The personal data will be deleted as soon as the purpose of processing ceases to apply or a prescribed storage period expires, unless there is a necessity for the continued storage of the personal data for the conclusion or performance of a contract. Insofar as we have to inform about the storage period of cookies and similar technologies, you will find the details at the end of this privacy policy.

Personal data that we process as part of an application (see below) is stored for a period of six months after completion of the application process.

  1. Automated Decisions in individual Cases including Profiling

Automated decisions in individual cases including profiling do not take place.

  1. Rights of affected Persons

As an affected person, you have the right of information according to Art. 15 DSGVO, the right of rectification according to Art. 16 DSGVO, the right of erasure according to Art. 17 DSGVO, the right of restriction of processing according to Art. 18 DSGVO and the right of data portability according to Art. 20 DSGVO. With regard to the right of information and the right of erasure, the restrictions from §§ 34, 35 BDSG apply.

You have the right to complain to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).

The data protection supervisory authority responsible for us/ for our head office is:

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden

However, you are free to complain to another data protection supervisory authority. You can find a list of supervisory authorities at: https://www.bfdi.bund.de/ (under Infothek/Addresses and Links).

  1. Notification Obligations of the Responsible

We will notify all recipients – to whom your personal data has been disclosed – of any rectification or erasure of your personal data or restriction of processing in accordance with Articles 16, 17(1) and 18 of the GDPR, unless such notification is impossible or involves a disproportionate effort. We will inform you of the recipients if you request this.

  1. Obligation to provide

Unless otherwise explained below in the information on the legal basis, you are not obliged to provide personal data. However, in the cases of Art. 6 (1) (b) DSGVO, the personal data is necessary for the performance of a contract or for the conclusion of a contract. If you do not provide the personal data concerned, the performance or conclusion of the contract is not possible. If you do not provide the data in the cases of Art. 6 para. 1 lit. a, f DSGVO, the use of the affected parts of our website is not possible.

  1. Right of Objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) DSGVO. If personal data are processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing.

In accordance with Art. 7 (3) p. 1 DSGVO, you have the right to revoke your consent at any time with effect for the future informally by mail or e-mail. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this. Upon your revocation, we will delete the personal data processed on the basis of the consent if there is no other legal basis for its processing.

Objection and revocation can be made form-free and should be directed to the contact details above.

You can revoke certain consent(s) on our careers site directly via our cookie consent tool. Please note that you must do this on every terminal device on which you have visited our website and consented to data processing.

 

II. Data Processing in Connection with the Use of our Website

The use of the website and its functions regularly requires the processing of personal data.

Provision of the Website

Purpose of processing: Functionality and optimization of the website, as well as ensuring the security of our information technology systems for purely informational use of our website (without the use of additional functions); integration and display of functions and content (e.g. graphics) that we do not provide ourselves.

Legal basis: art. 6 para. 1 letter f DSGVO.

Data categories: Connection data

Recipients of the data: IT service provider

Intended third country transfer: None

Do we store or read personal data on your end device based on your consent? No

 

Contact

Purpose of processing: processing of your contact request.

Legal basis: Art. 6(1)(f) DSGVO; if applicable, Art. 6(1)(b) DSGVO (if the request concerns pre-contractual measures or an existing contract).

Data categories: Master data, contact data, content data, usage data if applicable, connection data, contract data if applicable (depending on the type of request).

Recipients of the data: None

Intended third country transfer: None

Do we store or read personal data on your end device based on your consent? No

 

Google Fonts

Purpose of processing: More personalized design of our website through fonts loaded from Google servers.

Legal basis: Art. 6 para. 1 letter f DSGVO.

Data categories: Usage data, connection data

Recipients of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland.

Intended third country transfer: None

Do we store or read personal data on your end device based on your consent? No

 

Google Maps

Purpose of processing: integration of interactive maps and map function of Google Maps.

Legal basis: Art. 6 para. 1 letter f DSGVO.

Data categories: Usage data, connection data, location data.

Recipients of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland.

Intended third country transfer: None

Do we store or read personal data on your end device based on your consent? No

 

Vimeo

Purpose of processing: Integration of videos via the video plugin of Vimeo; Personalization of our website.

Legal basis: Art. 6 para. 1 letter a DSGVO.

Data categories: Usage data, connection data, location data if applicable.

Recipients of the data: Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

Intended third country transfer: USA and other third countries (based on the EU Commission’s standard data protection clauses, Article 46(2)(c) DSGVO or, where applicable, on the basis of adequacy decisions (Article 45 DSGVO)).

Do we store or read out personal data on your end device based on your consent? Yes (for details, please see the overview at the end of this statement)

 

III. References to external Pages

LinkedIn (Profile)

Purpose of processing: We have set up a page about our company on the “LinkedIn” platform at the address https://de.linkedin.com/company/institutional-investment-partners-gmbh. When you access this page, LinkedIn processes personal data from you. We receive statistics on the use of this page derived from this data.

Legal basis: Art. 6 para. 1 letter f DSGVO.

Data categories: Master data, contact data, content data, usage data, connection data, location data if applicable.

Recipients of the data: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (as joint data responsible pursuant to Art. 26 DSGVO – the essence of the agreement can be found at https://legal.linkedin.com/pages-joint-controller-addendum)

Intended third country transfer: In individual cases, USA.

Do we store or read out personal data on your end device based on your consent?: No

Data subject rights: LinkedIn is responsible for implementing your data subject rights. LinkedIn will inform you about your data subject rights at https://www.linkedin.com/legal/privacy-policy. You can also assert your rights against us, we will then forward your request to LinkedIn immediately.

IV. Data processing on our career site (karriere.2ig.de)

Applications
Purpose of processing: Processing of your application and implementation of the application procedure; consideration of your application by our affiliated companies, provided that express consent has been given.
Legal basis: Art. 88 (1) DSGVO in conjunction with. § Section 26 (1) p. 1 BDSG; for applications to affiliated companies, Art. 6 (1) a DSGVO in conjunction with Art. 7 DSGVO, Section 26 (2) BDSG.
Data categories: Master data, contact data, content data, contract data and, if applicable, special categories of personal data within the meaning of Art. 9 (1) DSGVO (depending on the specific job advertisement and the information you provide; only the data relating to your application that you provide to us and that we are permitted to process in the context of job applications will be stored).
Recipients of the data: rexx systems GmbH Headquarters, Süderstrasse 75-79, 20097 Hamburg; only if you expressly consent to this, will the data be passed on to affiliated companies for application procedures there.
Intended third country transfer: Switzerland on a case-by-case basis (based on the adequacy decision (Art. 45 DSGVO)).
Do we store or read personal data on your end device based on your consent? No

Matomo
Purpose of processing: Statistical evaluation, optimization and needs-based design of our careers site.
Legal basis: Art. 6 para. 1 letter a DSGVO.
Data categories: Usage data, connection data
Recipients of the data: rexx systems GmbH Headquarters, Süderstrasse 75-79, 20097 Hamburg, Germany.
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? Yes (details can be found in the overview at the end of this statement)

Job Alert
Purpose of processing: notification of new job offers; proof of your consent; ensuring the security of our information technology systems.
Legal basis: Art. 6 para. 1 lit. a, f DSGVO.
Data categories: Contact data, content data and connection data, if applicable.
Recipients of the data: IT service provider, if applicable.
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No

Cookie consent service
Purpose of processing: When you access our website, certain information is stored on your end device or read out if this is absolutely necessary for the operation of our website. This includes information processed by our cookie consent service to ensure that only those cookies and similar technologies are set or read that are technically absolutely necessary to operate our website or to which you have consented.
Legal basis: Art. 6 para. 1 lit. c, f DSGVO.
Data categories: Usage data, connection data.
Recipients of the data: rexx systems GmbH Headquarters, Süderstrasse 75-79, 20097 Hamburg, Germany.
Intended third country transfer: None.
Do we store or read personal data on your end device based on your consent? No

V. Other Data Processing Operations outside our Website and our external Pages

Guest WLAN

Purpose of processing: use of our guest WLAN; ensuring the security of our information technology systems. This is at the same time our legitimate interest.

Legal basis: Art. 6 para. 1 letter f DSGVO.

Data categories: Connection data

Recipients of the data: None

Intended third country transfer: None

Do we store or read personal data on your terminal device based on your consent? No

VI. Information on the Storage Period of consent-based Cookies and similar Technologies

In the following, we inform you about the names and functioning duration of the cookies and similar technologies used by the above-mentioned plugins and services – in case of your consent – according to the following scheme:

Service: vimeo
Cookie/similar technology: player (1 year)
Cookie/similar technology: vuid (2 years)

Access to a cookie/similar technology is generally only possible from the Internet address from which the cookie is set. This means that we do not have access to the cookies of the providers used (above). They do not have access to our cookies. Third parties have access neither to our cookies nor to those of the providers used. Access by third parties can only be obtained through technical attacks, which we cannot control and for which we are not responsible.

Service: Matomo

_pk_id*
Domain name: karriere.2ig.de
Expiration: 13 months

Registers a unique ID for a website visitor that logs how the visitor uses the website. The data is used for statistics.

_pk_ref*
Domain name: karriere.2ig.de
Expiration: 6 months
This cookie is used as a reference to the anonymous tracking session on the site.

_pk_ses*
Domain name: karriere.2ig.de
Expiration: 30 minutes
This cookie stores a unique session ID.

MATOMO_SESSID
Domain name: karriere.2ig.de
Expiration: This session cookie is deleted again when the browser is closed

VII. Virtual events

Registration and implementation of our virtual events
Purpose of processing: registration for our virtual events; preparation and implementation of the virtual events. Proof of your registration; sending of presentation documents; invitation for future events, if applicable. The processing of the data also serves our legitimate interest in ensuring the security of our information technology systems.
Legal basis: Art. 6 para. 1 lit. b, f DSGVO.
Data categories: Master data, contact data, content data, contract data and connection data (depending on the respective webinar and the provision of voluntary data).
Recipients of the data: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”)]
Intended third country transfer: USA and other third countries (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 lit. c DSGVO).
Do we store or read personal data on your end device based on your consent? No

Stand: June 2021