Privacy policy

Privacy information for ASSETPHYSICS

I. General

1. Scope

This data protection information relates to the following operations:

• Use of our website(s) and all other websites linking to it
• Use of our external sites

2. Person in charge

We take the protection of your personal data and the legal obligations that serve to protect it very seriously. The legal requirements require comprehensive transparency about the processing of personal data. Only if you are sufficiently informed about the purpose, type and scope of the processing is the processing comprehensible for you as a data subject.

The controller within the meaning of the General Data Protection Regulation (GDPR) is the

cunio Technologies GmbH
Brüsseler Straße 1-3
60327 Frankfurt am Main

Phone: +49 69 484 485 518
E-mail: support@assetphysics.com

Hereinafter referred to as “Controller” or “we”.

You can contact the Data Protection Officer at:

Sascha Kremer
Disch-Haus
Brückenstraße 21
50667 Cologne

3. Definitions

The terms used in this Privacy Policy (e.g., data categories, purposes, and legitimate interests, as well as terms from the GDPR) are explained in the “Definition” section (VI.).

4. General information on data processing

We process personal data only to the extent permitted by law. Disclosure of personal data will only take place in the cases described below. The personal data is protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption).

Unless we are legally obliged to store or disclose it to third parties (in particular law enforcement authorities), the decision as to which personal data we process by us, for how long and to what extent we disclose it, if any, depends on the process for which we process your data and which of our services you use in the individual case.

5. Storage period

The personal data will be deleted as soon as the purpose of the processing no longer applies or as soon as a reason for deletion in accordance with Art. 17 (1) GDPR applies (e.g. you have revoked a consent given to us). In exceptional cases, we may nevertheless continue to process your personal data if an exception to the obligation to delete applies, in particular pursuant to Art. 17 (3) GDPR or from another law (e.g. there is a statutory obligation to store data).

Insofar as we need to provide information about the storage period of cookies and similar technologies, you will find the information in our , that you  can access.

6. Automated decision-making in individual cases, including profiling

Automated decisions in individual cases, including profiling, are not made.

7. Rights of data subjects

As a data subject, you have the right to information in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR and the right to data portability in accordance with Art. 20 GDPR. You have the right to complain to a data protection supervisory authority (Art. 77 GDPR).

The data protection supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom
of Information, Gustav-Stresemann-Ring 1
, 65189 Wiesbaden

However, they are free to complain to another data protection supervisory authority.

8. Obligations of the controller to notify

We will notify all recipients to whom your personal data has been disclosed of any rectification or deletion of your personal data or any restriction of processing pursuant to Art. 16, Art. 17 (1) and Art. 18 GDPR, unless the notification is impossible or involves disproportionate effort. We will inform you about the recipients if you request it.

9. Obligation to provide

Unless otherwise explained in the information on the legal bases, you are not obliged to provide personal data. If we base the processing on Art. 6 (1) sentence 1 (b) GDPR, your personal data is necessary for the performance of a contract or for the conclusion of a contract. If you do not provide the personal data, it will not be possible to perform or conclude a contract. If you do not provide the data in the cases of Art. 6 (1) sentence 1 (a) and (f) GDPR, it is not possible to use the offers affected by this.

10. Data transfer to third countries

Data transfers to third countries outside the European Union (EU) and the European Economic Area (EEA) are only permitted in compliance with the special requirements of Artt. 44 et seq. GDPR. If such a transfer to a third country occurs during the processing of your personal data, we refer to the transfer to a third country and the basis for the transfer below.

General information on the basis of transmission:

If the transfer is based on an exception under Art. 49 GDPR , you will find the details at the respective point.

If the transfer is based on an adequacy decision within the meaning of Art. 45 GDPR , you can find an overview of the adequacy decisions here:

• Overview of adequacy decisions

If the transfer is based on so-called standard data protection clauses of the EU Commission within the meaning of Art. 46 (2) (c) GDPR, you can find the EU Commission’s Implementing Decision 2021/914, which contains the contractual clauses, here:

• Standard data protection clauses of the EU Commission

If the transfer is based on binding corporate rules (BCRs) within the meaning of Art. 46 (2) (b) GDPR, you can find an overview of the published BCRs here:

• Overview of binding corporate data protection rules

11. Right to object

Pursuant to Art. 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation if the processing is carried out on the basis of Art. 6 (1) sentence 1 (f) GDPR. If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such purposes in accordance with Art. 21 (2) GDPR. The objection can be made in any form and should be addressed to the contact details mentioned above.

12. Withdrawal of consent(s)

In accordance with Art. 7 para. 3 sentence 1 GDPR, you have the right to revoke your consent(s) at any time with effect for the future informally (e.g. by post or e-mail). The lawfulness of the processing(s) carried out on the basis of the consent(s) before the revocation remains unaffected. Upon your withdrawal, we will delete the personal data processed on the basis of the consent(s) if there is no other legal basis for their processing. The revocation can be made in any form and should be addressed to the contact details mentioned above.

II. Interaction of data protection information and the cookie policy and the consent tool

The data protection information informs you about data processing on the basis of the regulations of the GDPR and, if applicable, the BDSG. If the provisions of the TDDDG are relevant for individual circumstances, you will find the information in the consent tool [LINK] and in the cookie policy. This also applies to the information on storing or reading data on your device.

III. Use of our website(s)

The use of the website(s) and its functions regularly requires the processing of personal data. Unless otherwise indicated, the following remarks apply to all websites that we operate and that link to this data protection information.

Please note that links on our website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address bar of your browser. We are not responsible for compliance with data protection regulations and the secure handling of your personal data on these websites operated by third parties.

Provision of the website
Purpose of processing: Advertising and personalized marketing measures, information security
Legal basis: Art. 6 (1) sentence 1 (f) GDPR
Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer retention, promotion of sales activities, operation, integrity and security of digital products
Categories: Connection data, usage data
Recipients of the data: IT service providers
Intended transfer to a third country: None

User account (premium reader)
Purpose of processing: Advertising and personalized marketing efforts, order fulfillment and contract management
Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer retention,
promotion of sales activities, operation, integrity and security of digital products
Categories: Connection data, content data, master data if applicable, and contact details if applicable
Recipient of the data: (IT) service provider
Intended transfer to third countries: None

User account for authors (including registration and admission)
Purpose of processing: Advertising and personalized marketing measures, order fulfillment and contract management, business partner maintenance, identity and/or credit checks, user, prospect and/or customer support, project management including collaboration in the project
Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer retention,
promotion of sales activities, operation, integrity and security of digital products
Categories: Connection data, content data, master data if applicable, and contact details if applicable
Recipients of the data: (IT) service providers
Intended transfer to a third country: None

Contact
Purpose of processing: User, prospect and/or customer support
Legal basis: Art. 6 (1) sentence 1 (f) GDPR, Art. 6 (1) sentence 1 (b) GDPR (if the request leads to a later conclusion of a contract or concerns an existing contract)
Legitimate interests: Integration of desired or required functionalities, promotion of sales activities, analysis and optimization of own offers, services and advertising measures, customer acquisition, customer loyalty, customer recovery
Categories: Connection data, content data, master data if applicable, and contact details if applicable
Recipients of the data: IT service providers
Intended transfer to a third country: None

Integration of external content (photos, videos, podcasts and posts)
Purpose of processing: General advertising and personalized marketing efforts
Legal basis: Art. 6 (1) sentence 1 (f) GDPR
Legitimate interests: Integration of desired or required functionalities, design, operation and availability of digital products, customer acquisition, customer loyalty, customer recovery
Categories: Connection data, usage data if applicable
Recipients of the data: IT service providers
Intended transfer to a third country: Depending on the services used, see Cookie Policy or Consent Tool for details.

Consent management
Purpose of processing: Legal Affairs and Compliance Measures, Information Security
Legal basis: Art. 6 para. 1 sentence 1 letter c, f GDPR
Data categories: if applicable, master data, if applicable, contact data, usage data, connection data
Legitimate interests: Prevention of criminal offences, administrative offences and other detrimental acts, integration of desired or required functionalities
Recipients of the data: IT service providers
Intended third-country transfer: None

Analysis and performance measurement
Purpose of processing: Analysis and performance measurement as well as optimization of products and/or services, advertising and personalized marketing measures
Legal basis: Art. 6 (1) (f) GDPR
Legitimate interests: Analysis and optimisation of own offers, services and advertising measures, promotion of sales activities, advertising and image improvement, market and opinion research
Categories: Usage data, connection data, content data if applicable
Recipients of the data: IT service providers
Intended transfer to a third country: For details, see Cookie Policy or Consent Tool.

IV. Notes on external sites

The use of the external pages and their functions regularly requires the processing of personal data. Unless otherwise indicated, the following remarks refer to all external sites that we operate and that link to this data protection information.

Instagram
Purpose of processing: Advertising and personalized marketing efforts, analysis and performance measurement, and optimization of products and/or services
Legal basis: Art. 6 (1) sentence 1 (f) GDPR
Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer loyalty, customer recovery
Categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data
Recipients of the data: Platform Operators and Media (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”)
Intended transfer to a third country: In individual cases, the USA and other third countries (standard data protection clauses and adequacy decisions)

LinkedIn (Profile)
Purpose of processing: Advertising and personalized marketing efforts, analysis and performance measurement, and optimization of products and/or services
Legal basis: Art. 6 (1) sentence 1 (f) GDPR
Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer loyalty, customer recovery
Categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data
Recipients of the data: Platform Operators and Media (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”))
Intended transfer to a third country: In individual cases, the USA and other third countries (standard data protection clauses and adequacy decisions)

V. Information on Joint Controllers

In the cases listed below, we are joint controllers with another body within the meaning of Art. 4 No. 7, 26 GDPR. You are free to contact each of the joint controllers directly with your request. Depending on the specific agreement on the rights of data subjects with the other body, we will forward your request to the other body.

Operation of our Instagram page(s)
In the context of the operation of our Instagram page(s), there is joint responsibility with Meta Platforms Ireland Limited., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).
The essence of the agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.
Facebook is responsible for implementing your rights as a data subject.
Facebook informs you about your rights as a data subject at: https://www.facebook.com/legal/terms/information_about_page_insights_data

Operation of the LinkedIn page(s)
As part of the operation of our LinkedIn page, there is joint responsibility with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
The essence of the agreement can be found here: https://legal.linkedin.com/pages-joint-controller-addendum
LinkedIn is responsible for implementing your rights as a data subject.
LinkedIn informs you about your rights as a data subject at www.linkedin.com/legal/privacy-policy.

VI. Definitions

The terms used in this data protection information (e.g. data categories, purposes and legitimate interests, as well as terms from the GDPR) are explained in the section “Definition“.

From the GDPR
This privacy policy uses the terms of the legal text of the GDPR. You can view the definitions (Art. 4 GDPR) e.g. under eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679 .

Additional definitions

Categories
When we specify the categories of data processed, we mean in particular the following data:

• Master data (e.g. names, addresses, dates of birth)
• Contact details (e.g. e-mail addresses, telephone number, messenger services)
• Content data (e.g. text inputs, photographs, videos, contents of documents/files)
• Contract data (e.g. subject matter of the contract, terms, customer category)
• Payment data (e.g. bank details, payment history, use of other payment service providers)
• Usage data (e.g. history on our website, use of certain content, access times, contact or order history)
• Connection data (e.g. device information, IP addresses, URL referrers)
• Location data (e.g. GPS data, IP geolocation, access points)
• Diagnostic data (e.g. crash logs, performance data of the website/app, other technical data for analysis of faults and errors)
• Applicant and employee data (e.g. employment history, working hours, vacation periods, periods of incapacity for work, appraisals, training and further education, social data, bank details, social security number, health insurance/health insurance number, salary expectations and salary data as well as the tax identification number, evidence and documents, working hours, public offices held, social security data, professional data Integration Management)

Purposes of data processing
In the following sections, we specify the purposes pursued as purpose categories in order to improve comprehensibility and
readability. This is in the nature of things.
Unless otherwise stated, the purposes are to be understood as follows:

• Advertising and personalized marketing measures: Includes, for example, the opening of public and, if applicable, access-restricted websites, apps and/or external pages for general information about our products/services (e.g. general website for our company, press pages, social media pages), personalized communication with users, interested parties and/or customers (e.g. newsletters), display of (personalized) recommendations and advertising measures (e.g. personalized newsletters, display of advertising on other websites). websites, search engines, social media pages and/or apps as well as in advertising networks in general), merging and linking data (possibly with the involvement of other parties such as publishers in advertising networks) in order to guarantee commission claims for advertising materials.
• Security and emergency management: all processes that serve to ensure the relevant safety requirements and the prevention and/or treatment of accidents and emergencies in the respective context are recorded, such as access control, video surveillance, logging, evacuation, personal rescue and damage limitation
• Analysis and performance measurement as well as optimization of products and/or services: Includes, for example, opinion polls and votings, comparative tests (so-called A/B testing), analysis and (usually aggregated) evaluation of user, prospect and/or customer behavior in the online and/or offline area (e.g. through click paths, mouse movements and heat maps), analysis and evaluation of the success of general and, if necessary, personalized marketing measures, needs-based design of our (digital) products and services on the basis of the analyzed demand and/or usage behavior.
• Order fulfillment and contract management: This includes all processing operations that are necessary for the fulfilment of the relevant orders/contracts, such as the processing of master and contact data for the fulfilment of orders placed by the customer, payment processing including any necessary disclosure of data to payment service providers, the processing of returns, and the licence check.
• Operation and further development of internal IT systems: Includes, among other things, user management, authentication and technical logging, as well as IT support and the further development and adaptation of systems and the associated processing of personal data. This applies regardless of whether the IT systems are operated by the controller itself or by a service provider (processor).
• Recruiting: This includes, among other things, personnel marketing and processes in the context of the initiation of employment, such as the processing of applications (digital and analogue), communication with applicants, the conduct of job interviews, assessment center procedures and trial work, the establishment of talent pools, as well as the documentation of the outcome of applications.
• Business partner care: All processes that serve to analyze and select suitable business partners, as well as to maintain existing business relationships, are recorded.
• Warranty, guarantee, goodwill and general service: Includes esp. the handling of warranty, guarantee and goodwill cases, as well as any information on updates, improvements and recalls.
• Identity and/or credit check: The purpose of the processing is to verify the identity of the data subject, insofar as this is necessary for the respective transaction and/or to check the creditworthiness and/or solvency of an interested party or contractual partner.
• Information: Processing operations that serve to protect against dangers and to secure IT systems, as well as to achieve the protection goals of confidentiality, availability and integrity of data, systems and processes (e.g. differentiation between human access and bot access, detection and defence against abusive access, security-relevant analysis of the use of digital products and services) are covered.
• Logistics and fleet management: Includes, among other things, the planning, management and control of our logistics, including external logistics service providers, and the management of our vehicle fleet, including the fulfilment of legal obligations
• User, prospect and/or customer support: Includes, for example, contact forms, chat systems including chat bots and callback options, as well as the general handling of various inquiries (e.g. advice, service, complaints).
• Human Resources and Human Resources Management: This includes all processes for the implementation of employment or processes that have a close connection to employment, such as onboarding, personnel administration, the fulfilment of employer obligations, personnel development including training and further education, voluntary employer benefits, personnel planning and controlling, occupational health management, company social counselling, co-determination, measures to terminate employment, Investigative and disciplinary measures and offboarding.
• Project management including collaboration in the project: Coordination and implementation of projects, project planning, project scheduling management, exchange of information in the context of projects, cooperation in the context of projects
• Legal Affairs and Compliance Measures: Covers, for example, the assertion, exercise and enforcement of legal claims and processes for compliance with legal requirements (e.g. in the context of consent management under data protection law) and for the prevention and/or clarification and prosecution of legal violations.
• Event: All processes that are necessary for the implementation of offline and online events and events are recorded (e.g. registration, participant management, implementation of the event, processing of personal preferences and needs, data processing in the context of video conferences and/or instant messaging services), photo, sound and/or video documentation of events, issuance of certificates of participation.
• Administration: Transactions are recorded, in particular Basic functions of operational activities include such as communication, accounting, accounting and reporting, documentation and archiving, knowledge and contact management.

Legitimate interests
In the following sections, in order to improve comprehensibility and readability, we specify our legitimate interests within the meaning of Art. 6 (1), sentence 1 (f) GDPR as categories. This is in the nature of things.
Unless otherwise stated, the stated legitimate interests are to be understood as follows:

• Promotion of sales activities: B. Promotion of our sales by evaluating the demand of our customers, analysis of the interests and the purchasing and demand behavior of our prospects, users and/or customers.
• Promotion of economic interests:B. Measures to reduce costs and save costs, avoidance/reduction of significant additional costs, general increase in earnings (especially through outsourcing to service providers) and avoidance of competitive disadvantages.
• Advertising and image improvement, market and opinion research: Opinion polls, votings, product and/or service ratings and other reviews, as well as the integration of these results.
• Analysis and optimisation of our own offers, services and advertising measures: analysis of user, prospect and/or customer behaviour in order to optimise processes, services and products, needs-based design of our products, services and marketing measures and direct customer contact.
• Design, operation and availability of digital products: includes, for example, the integration of general functions of websites, apps and other digital products.
• Operation, integrity and security of digital products: in particular, defense against requests that overload the service (denial of service attacks) or excessive use of bots to destabilize a platform, IT security measures such as storing log files and, in particular, IP addresses for a longer period of time in order to detect and ward off misuse, even beyond the extent required by law.
• Direct advertising (personalized marketing): in particular, direct approaches to prospects and customers that are not based on consent, such as product recommendations based on previous demand behavior, including the processing of data in preparation for direct advertising (e.g. customer segmentation, affinity ratings).
• Integration of desired or required functionalities: Integration of functionalities that are in the interest of the customer, are played out at the request of the customer and/or are necessary for the provision of the service (e.g. the integration of contact options on websites or in apps or e.g. the possibility of the user saving configurations (e.g. language selection)).
• Assertion, exercise or defence of legal claims:B. Preservation of evidence, to clarify the facts of the case in the event of a foreseeable legal dispute.
• Customer acquisition, customer loyalty, customer recovery: B. Operation of a customer relationship management (CRM) for prospective customer and customer support.
• Freedom of expression, press and broadcasting: in particular processing that previously fell under the so-called media privilege.
• Protection of the body and health of the persons concerned
• Promotion of legitimate interests in a group of companies: Performance of organisational, procedural or entrepreneurial tasks from the cooperation of several affiliated companies (see the explanations in recital 48 GDPR).
• Prevention of criminal offences, administrative offences and other detrimental acts: in particular fraud prevention, preventive measures within the framework of an internal control system, measures to clarify risks after such suspected cases or other indications of possible actions to the detriment of the controller or other persons
• Reduction of default risks: Identification of economic, technical, procedural or organizational risks to the company that may lead to a total or partial failure of the company, parts of the company or products or services of the company
• Employee support: Integration or implementation of services and activities that are in the interest of the employees, such as satisfaction surveys, voluntary events and activities, birthday lists, sending greeting cards, etc.
• Employee retention: Integration or implementation of services and activities in order to achieve long-term loyalty of employees to the employer, such as promotion of personal development, birthday lists, sending birthday gifts
• Other legitimate interests: Where relevant, these interests are explained separately in the respective places.

Recipient categories
In the following section, we list the categories of recipients that we use in our privacy information:

• Banks and other financial service providers
• Authorities and other public bodies
• Persons subject to professional secrecy and their companies/institutions
• (IT)Service provider
• Opponents in legal disputes
• Group companies and other affiliates
• Customers and prospects
• Suppliers
• Recruiter
• Platform operators and media
• Associations, organisations and interest groups
• Landlord
• Insurances
• Contractual partners (without customers)

Cookie Policy

Definition
Cookies are text files that are stored or read on your device by a website. They contain combinations of letters and numbers, e.g. in order to recognise the user and his or her settings when reconnecting to the cookie-setting website, to enable the user to remain logged in to a customer account or to statistically analyse certain usage behaviour.

The WebStorage technology makes it possible to store variables and values locally in the user’s browser cache. The technology includes both the so-called “sessionStorage”, which remains stored until the browser tab is closed, and the “localStorage”, which is stored in the browser’s cache until the cache is cleared by the user. The localStorage technology makes it possible, among other things, to recognize the user and his settings when calling up our website.

In addition to cookies that are absolutely necessary from a technical point of view, cookies are also stored and read with your consent, which control additional functions and services and enable processing operations. In addition to definitions of the purposes, data categories and bases for data transfer to third countries, you will also find data protection information (GDPR, BDSG) on the processing operations controlled by cookies in our data protection information [LINK] .

In the following section, you will find information about the cookies and similar technologies we use (hereinafter referred to as “cookies“), which we display on the basis of your consent within the meaning of § 25 (1) TDDDG.

Analysis and performance measurement

Matomo
Purpose of processing: Analysis and performance measurement as well as optimization of products and/or services
Legal basis: § 25 para. 1 TDDDG
Categories: Connection data, usage data
Recipients of the data: IT service providers
Intended transfer to a third country: In the individual case, New Zealand (adequacy decisions)
Information about cookies and similar technologies:
Duration 13 months

Functional Services

Vimeo
Purpose of processing: Advertising and personalized marketing measures, users, prospect and/or customer support
Legal basis: § 25 para. 1 TDDDG
Categories: Connection data, usage data
Recipients of the data: Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (“Vimeo”)
Intended transfer to a third country: In individual cases, the USA and other third countries (standard data protection clauses and adequacy decisions)
Information about cookies and similar technologies:
Vimeo Cookie Policy

YouTube
Purpose of processing: Advertising and personalized marketing measures, users, prospect and/or customer support
Legal basis: § 25 para. 1 TDDDG
Categories: Connection data, usage data
Recipients of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Irland
Intended transfer to a third country: In individual cases, the USA and other third countries (standard data protection clauses and adequacy decisions)
Information about cookies and similar technologies:
https://policies.google.com/technologies/cookies?hl=de

Spotify (Podcasts)
Purpose of processing: User, prospect and/or customer support, advertising and personalized marketing measures, optimization of products and/or services
Legal basis: § 25 para. 1 TDDDG
Categories: Content data and connection data
Recipients of the data: Spotify AB, Regeringsgatan 19 SE-111 53 Stockholm, Sweden
Intended transfer to a third country: In individual cases, the USA and other third countries (standard data protection clauses and adequacy decisions)
Information about cookies and similar technologies:
https://www.spotify.com/de/legal/cookies-policy/