Processing of personal data
Welcome to Lupus alpha Asset Management AG!
Thank you for your interest in our website and the offers contained therein.
We only process our users’ personal data where this is necessary to provide our content and a functioning website, render our services and for prevention and prosecution purposes.
This Privacy Policy explains to you the type, scope and purpose of the processing of personal data carried out as part of our service. With regard to the terminology used here, such as “processing” or “Controller”, please refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
We observe the legal provisions of the General Data Protection Regulation (GDPR), German Federal Data Protection Act (BDSG), the German Telecommunications Digital Services Data Protection Act (TDDDG) and other data protection regulations as a matter of course.
We provide you with information about our processing of your personal data and your claims and rights arising from data protection regulations in accordance with Article 13 GDPR.
The protection of your personal data (hereinafter referred to as "Data") is an important matter for us. We only collect personal data to a limited extent and where necessary in order to:
- render our services,
- execute contracts (including initiating, concluding, fulfilling and terminating a contract),
- processing and responding to enquiries (contact form),
- safeguard our operations, and
- improve our service.
To ensure that you are fully aware of the processing of personal data on our website, you will find the following explanatory information below.
1. Controller or service provider
The Controller or service provider responsible for processing personal data is:
Lupus alpha Asset Management AG
Speicherstraße 49-51
60327 Frankfurt am Main
Telephone 069 / 36 50 58 - 70 00
Fax: 069 / 36 50 58 - 80 00
E-Mail: datenschutz@lupusalpha.de
2. Contact details of data protection officer
Data Protection Officer of Lupus alpha Asset Management AG:
Verimax GmbH
Warndtstr. 115, 66127 Saarbrücken
E-Mail: dsb.lupusalpha@verimax.de
3. Legal basis
The legal basis for this Privacy Policy is the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TTDDDG). Article 6 of the General Data Protection Regulation is particularly decisive in this regard:
- for the performance of a contract or to take steps prior to entering into a contract; and
- to safeguard a legitimate interest. The interests and fundamental rights and freedoms of data subjects do not outweigh the aforementioned interest.
Our concern as set out in the GDPR (legitimate interest) is to improve our services and website. As the privacy of our users is important to us, your IP address is anonymised when using our website and you remain anonymous to us as a user. The information generated by the Matomo cookie about your use of the website is not passed on to third parties.
4. Processing of traffic data, storage in log files (log files)
Every time our website is accessed, data and information are automatically transferred from the requesting computer’s system to our system. This primarily involves processing the following data:
- Technical information such as the browser type and version being used, screen size, where appropriate, and the size of the browser window
- The operating system of the requesting computer
- The IP address of the requesting computer
- Date and time of access, the volume of data transferred and access status
- Where applicable, the domain name of the website from which the user’s system arrived at our website
- Websites visited by the user’s system via our website
Data is also stored on our system’s ‘log files’. This data is not stored together with the user's other personal data. As visitors to our websites, you are data subjects. The IP address needs to be temporarily processed by the system to enable the website to be delivered to the user’s computer. Non-personal data is stored in log files to ensure and optimise the website's functionality.
5. Applications
5.1 Ways of making contact
You can apply to us via post, fax, email, LinkedIn or XING. Please be aware that in the case of standard e-mail communication, it cannot be guaranteed that the data cannot be intercepted or changed or remain within the European Union (EU)/European Economic Area (EEA). Due to the way in which the Internet works, it is technically possible for an email to be directed via a server in a (non-secure) third country on its way from us to you or vice versa. Data is not transferred to a third country via any other communication channel. We therefore recommend that you use encryption by transferring file attachments by encrypted ZIP archive, for example, and sharing the password with us via another communication channel (e.g. by telephone).
5.2 Legal basis for the processing of personal data
We process the data provided to us for this purpose based on Article 6 (1) Letter b GDPR (to take steps prior to entering into a contract) as well as, with regard to freely transferred data, Article 6 (1) Letter a GDPR (consent).
5.3 Scope and purpose of data processing
We collect the following data during the application process where this is required in individual cases:
- First name and surname(s)
- Date of birth / class year, where appropriate
- Gender
- Nationality, work permit information, where appropriate
- Your contact details: Address(es), telephone number(s), email address(es)
- The data provided by you in your application. This may also include special categories of personal data such as health information, where you have provided this. Data that we have not expressly requested is always provided voluntarily by you. In addition, the provision of such information has no fundamental influence on whether/how your application is considered.
- Application photo, where present in the application documents
- Data about education, career and professional qualifications
- Desired role
- Time commitment
- Desired salary
- Mobility information (driving licence, car)
This data is processed in order to communicate with you and to check whether we can offer you a suitable position.
Further information on data collection during the application process can be found here: privacy notices for employees and applicants.
6. Contact form
When you contact us via the contact form, an email containing the data you entered in the contact form is sent to us. We always process this data exclusively according to the selected topic. It is not processed for any other purposes.
Likewise, when you contact us via email, we only process precisely the personal data that you provide us with via email. This generally includes contact details such as email address(es), telephone number(s) and/or a reason for making contact. In some cases it is necessary to enter your first name and surname(s), in others it is not. Where the processing of certain personal data is not necessary, you are free to decide whether or not you wish to enter the information. If you simply want to provide us with anonymous feedback, for example, you can use an email address (without a name reference) and use an alias or refrain from providing a name.
Please note that when communicating via email, it cannot be guaranteed that the data will remain within the EU / EEA. Due to the way in which the Internet works, it is technically possible for an email to be directed via a server in a (non-secure) third country on its way from us to you or vice versa. Data is not transferred to a third country via any other communication channel. We therefore recommend that you use encryption by transferring file attachments by encrypted ZIP archive, for example, and sharing the password with us via another communication channel (e.g. by telephone).
Personal data can also be stored where and for as long as provision is made by European or German legislators in Union regulations, laws or other legislation to which the Controller is subject. This data is automatically erased as soon as it is no longer required for the purpose for which it was collected.
7. Newsletter
We only send the newsletter containing promotional information (hereinafter referred to as the “Newsletter”) with your consent (as a Newsletter recipient) or legal permission. Where the content of the Newsletter is specifically outlined as part of the registration process, this information is a decisive factor in your consent.
Registration for our Newsletter is completed via what is known as a ‘double opt-in’ procedure. This means that after registering, you receive an email in which you are asked to confirm your registration. This confirmation is required to ensure that no-one can register using an unknown email address. Newsletter registrations are logged to demonstrate that the registration process is conducted in accordance with legal requirements. This includes storing the registration and confirmation dates as well as the IP address. Any changes to your Data stored with the Newsletter dispatch service are also recorded.
To register for the Newsletter, we ask you to enter anemail address, first name and surname and the company name. We do this for the following reasons: we process the first name and surname so that we can address you personally. We ask you for the additional data so that we can use internal statistical analyses to improve the content design and layout of the Newsletter, optimise it and improve its usability for you.
Recipient data is used in an anonymised form, i.e. without assigning it to a user, to optimise or improve our services, e.g. to optimise the technology used to send out and display the Newsletter. Your Data is not passed on to third parties.
We may also use usage data, including information about whether a Newsletter has been opened, when it was opened and which links in the Newsletter were clicked, for statistical analysis.
However, the analysis conducted is fundamentally used by our Company on a grouped basis and is therefore anonymised so that we can only see how many users an email was sent to, how many Newsletters have been opened, whether emails were rejected or whether a user has unsubscribed from the mailing list after receiving an email. This analysis helps us to organise and manage the recipient list and identify users’ reading habits. It also enables us to adjust our content or send different content according to the actual interests of our users. The registration process is logged based on our legitimate interests as set out in Article 6 (1) Letter f of the General Data Protection Regulation (GDPR).
You can opt out of receiving our Newsletter, i.e. revoke your consent with future effect, at any time. A link for unsubscribing from the Newsletter can be found at the end of each Newsletter or you can unsubscribe by sending an e-mail to datenschutz@lupusalpha.de. We can store the email addresses we hold for up to three years before erasing them based on our legitimate interests in order to prove previously issued consent. The processing of this Data is limited to the possible defence of any claims. You may submit an individual erasure request at any time, provided that you confirm the prior existence of consent at the same time. Please send erasure requests to datenschutz@lupusalpha.de.
8. Cookies
Our website uses cookies. Cookies are small text files that are stored locally on the cache of the page visitor’s browser. Cookies facilitate recognition of the browser. They help us to make our online presence more user-friendly, effective and secure overall – by speeding up navigation on our website, for example. Cookies also enable us to measure the frequency of page views and general navigation. You can determine how long cookies are stored, when they are erased or whether to generally refuse them in your browser’s settings. Please consult the manual for your software for this purpose. However, please note that you may not be able to use the full functionality of websites if you do not generally accept cookies.
We use cookies to make our website more user-friendly.
Cookie name | Purpose | Storage period |
_pk_testcookie.#.#### | To test whether the browser allows cookies | few seconds |
_pk_id.#.#### | To recognise the browser when revisiting the site | 13 months |
_pk_ses.#.#### | To recognise which page requests belong to the same session | 30 minutes |
CookieConsent | To save the cookie settings made. | 1 year |
fe_typo_user | This cookie is a standard session cookie of TYPO3. It stores the entered access data when a user logs in to a closed area. | 1 Session |
9. Use of Matomo statistical tool (PIWIK)
We use Matomo (formerly Piwik) for web analysis. This is software that is installed on our own server and only processes data that has been stored on our server. Matomo uses cookies to recognise which page views belong to a session and whether you are a first-time or repeat visitor. Your IP address is immediately anonymised before storage so that you remain fully anonymous to us as a user at all times.
We use structural measures (separation of databases and responsibilities) to ensure that the statistical data we process for web analysis purposes does not contain any personal data and cannot be connected with such data at any point.
If your browser is configured to inform our server that you do not wish to be tracked (‘do not track’), your page view will not be recorded by Matomo (even though we would not store any personal data in any case).
Otherwise, you can object to processing at all times if you no longer consent to it in the future. In this case, an ‘opt-out cookie’ is placed in your browser to ensure that Motomo does not collect any session data.
Please note: If you erase all of your cookies, the opt-out cookie will also be erased and you will have to reactivate it as necessary.
At this point, you can decide whether Matomo web analysis cookies can be placed in your browser to enable us to improve the website for you.
10. Your rights
If your personal data is processed, you are a data subject as defined in GDPR and have the following rights against us (the Controller):
10.1. Right of access and right to lodge a complaint
You can request a confirmation from us as to whether we process personal data relating to you.
If such processing is being carried out, you can request access to the following information from us:
- the purposes for processing the personal data;
- the categories of personal data being processed;
- the recipients or categories of recipient to whom the personal data relating to you has been or will be disclosed;
- the envisaged period for which the personal data relating to you will be stored or, if it is not possible to obtain this specific information, the criteria used to determine the storage period;
- the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data relating to you or to object to such processing;
- the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
- whether the personal data relating to you is transmitted to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
If you believe that we have not handled your personal data correctly or carefully enough, please contact our data protection team so that we can rectify any errors quickly or clarify anything that is not clear. You can reach our team by emailing:
datenschutz@lupusalpha.de or via the contact details provided on the Legal Notices page. Where appropriate, we will request additional information in order to confirm your identity.
However, you also have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. The supervisory authority responsible for us is: the Hesse State Representative for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden
10.2. Right to rectification
You have the right to demand rectification and/or completion from the Controller, if the processed personal data relating to you is incorrect or incomplete. The Controller must carry out the rectification without undue delay.
10.3. Right to restriction of processing
You can demand that the processing of personal data relating to you is restricted subject to the following conditions:
- if you contest the accuracy of the personal data relating to you for a period that enables the Controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- the Controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
- if you have objected to processing in accordance with Article 21 (1) GDPR pending verification of whether the legitimate grounds of the Controller override yours.
Where the processing of personal data relating to you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.
10.4. Right to erasure
a) Erasure obligation
You may demand from the Controller the erasure of personal data relating to you without undue delay, and the Controller is obliged to erase this Data without undue delay where one of the following grounds applies:
- The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing is based in accordance with Article 6 (1) Letter a or Article 9 (2) Letter a GDPR, and where there is no other legal basis for the processing.
- You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
- The personal data relating to you has been unlawfully processed.
- The personal data relating to you has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
- The personal data relating to you has been collected in relation to the offer of information society services as set out in Article 8 (1) GDPR.
b) Exceptions
The right to erasure does not apply if processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- for reasons of public interest in the area of public health in accordance with Article 9 (2) Letters h and i as well as Article 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right referred to in Paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
10.5. Instruction
If you have asserted the right to rectification, erasure or restriction of processing against the Controller, the Controller is obligated to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data relating to you has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to request that the Controller inform you about these recipients.
10.6. Right to data portability
You have the right to receive the personal data relating to you that you have provided to the Controller in a structured, commonly used and machine-readable format. You also have the right to transmit that Data to another controller without hindrance from the Controller, where
- the processing is based on consent in accordance with Article 6 (1) Letter a GDPR or Article 9 (2) Letter a GDPR or on a contract in accordance with Article 6 (1) Letter b GDPR, and
- the processing is carried out by automated means.
When exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another where this is technically feasible. This should not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data required to perform a task carried out in the public interest or in the exercise of official authority vested in the Controller.
10.7. Right to object and right of revocation
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data relating to you where this Data is processed based on Article 6 (1) Letter e or f GDPR; this also applies in the case of profiling based on these provisions.
The Controller will no longer process this personal data relating to you unless they can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or where such processing enables the establishment, exercise or defence of legal claims.
Where personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You can raise an objection or issue a revocation to us informally - as justified by Article 21 (1) GDPR - via one of our contact channels. You will incur no costs for exercising your right to object or right of revocation other than the basic rates.
10.8. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for entering into, or performance of, a contract between you and the Controller;
- is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is made with your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) Letter a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases referred to in Paragraphs (1) and (3), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the Controller, to express their point of view and to contest the decision.
11. Data security
We use technical and organisational measures to secure our website and other systems against loss, destruction, access, changes or dissemination of your Data by unauthorised persons.
12. Changes to Privacy Policy
Our Privacy Policy can be adjusted at irregular intervals to ensure that it meets current legal requirements or to implement changes to our services, e.g. when adding new products and services. The new Privacy Policy then automatically applies for your next visit.
Privacy Policy last updated: June 2024