Data Privacy Statement

for the Federal Gazette, the Company Register, the Publication Platform and the Shareholder Forum.

1. General

The

Bundesanzeiger Verlag GmbH
Amsterdamer Str. 192
50735 Cologne

Tel.: +49 (0) 2 21 / 9 76 68-0
Fax: +49 (0) 2 21 / 9 76 68-278
E-mail: service(at)bundesanzeiger.de

operates this website for purposes of offering information and services.

We will process your personal data exclusively in accordance with the provisions of Data Privacy Legislation as amended. Please refer to a glossary under "Definitions" for data privacy terminology. The following provisions will inform you about the type, extent and purpose of collection, processing and use of personal data. This Data Privacy Statement applies exclusively to our Web pages. Should links on our Web pages take you to other Web pages, please refer to those pages for information on how your data will be handled there.

Your personal data will, wherever possible, be encrypted by digital security systems to protect them from damage, erasure or unauthorised access, using technical and organisational measures.

2. Collection and utilisation of personal data

We collect, process and store the personal data you are making available (for example: your name, address and phone number or e-mail address, also data needed for accounting) to the extent they are needed for processing of requests and orders (e.g. chargeable retrievals of original register data, orders for publication or information services, or newsletters) or for technical website administration or mandatory reasons. Article 6 (1) a), b), c), e) and f) GDPR provides the legal basis for processing such data. To facilitate this task it may at times be necessary to transmit your data to service providers commissioned to process orders and accounts. Over and above this, we shall not disclose your personal data to third parties unless under mandatory regulations, for collection of fees and payments, or at your request.

Your registered and accounting data (e.g. bank account details) will always be encrypted before transfer into our systems. This will protect communication between yourself and our Web server and prevent data abuse. We use SSL / TLS (Secure Socket Layer / Transport Layer Security) for encryption - a recognised and widely used encryption protocol in the Internet which is also used, for instance, by banks or online shops for business over the Internet and is considered secure as amended. We will not in general collect or process credit card details. For Company Register payments by credit card the process will refer you to payment provider EVO Payment International’s form. Credit card details will there be safely collected and processed in accordance with Payment Card Industry Data Security Standard (PCI DSS). You will be safely returned to the Company Register’s website after completion of your payment.

3. Use of personal data

Your personal data will, to the extent required for justification, structuring of content or changes to a contractual or official user relationship (master data), be processed exclusively for such purposes. We reserve the right of recourse to authorised remedial action and legal grounds.

We may ask you for certain personal information should you contact us via e-mail, fax or by phone. We will ask only for data required for proper processing of your contact enquiry, including at least your surname and first name, your e-mail address and phone number. The legal basis pursuant to Article 6 (1) c), e) and f) GDPR will be a legitimate interest in processing. You may also in the course of your contact enquiry offer additional voluntary data. We will store the data and use them in responding to your contact enquiry. Voluntary provisioning of such data will signify your consent to their use as defined above. We will log your consent to the collection and use of data. The legal basis for data processing pursuant to Article 6 (1) a) GDPR includes consent by affected parties.

Your name and address must, for instance, be disclosed to accounting service providers for invoicing for chargeable services. Unless with your consent or mandatory, your personal data will not be disclosed to third parties not in a contractual or usage relationship.
We are permitted in specific cases and on request of authorised bodies to release master data for purposes of law enforcement, aversion of danger by police authorities of the states, execution of statutory tasks by Federal and State authorities for the protection of the constitution, Federal Information services, military counter-intelligence, or for assertion of intellectual property rights.

We will carefully examine any such requests using the means available to us and will not disclose your data unless our statutory obligation is abundantly clear. The legal basis of data processing pursuant to Article 6 (1) c) and e) GDPR would in such cases be compliance with our statutory obligations and pertinent special legislation.

4. Collection and processing of non-personal data

a. Browser data

Information that your Internet browser transmits to us will, for technical reasons and for reasons of maintaining and improving functionality, be automatically collected and stored here and we will transmit such data to third parties to the extent required. Our legitimate interest pursuant to Article 6 (1) f) GDPR in processing such data would be operational reliability of the website.

These data comprise:

- Browser type and version
- Operating system
- Website from where you arrived (referrer URL)
- Website you are visiting
- Date and time of access
- Your Internet protocol data (IP address)
- Transmitted data volumes
- Access status (files transferred, file not found etc.)

These anonymous data will be stored separately from personal data you may have given, thus preventing tracking of specific persons. Your visits may be analysed for statistical purposes, for optimisation of our Internet presence and our offers. Such data will be erased in our system and those of our service providers after the analysis.

b. Anonymised usage profiles

Unless otherwise indicated here, you will not be required to furnish personal data when using our website. Information will be stored in a log file when a user accesses the abovementioned websites or retrieves a file. We use such information to ensure technical functionality of your visit to our website. We will also use such information for statistical purposes towards improvement of our website design and layout. These data will not be used with reference to a person. Pursuant to Article 6 (1) f) GDPR, our legitimate interest for processing lies in the reliability and functionality of the website.

The following dataset will be stored on each retrieval specifically:
- Name of the retrieved file
- Date and time of retrieval
- Transmitted data volume
- Message whether retrieval was successful
- Description of the type of Web browser used
- Requesting domain
- Country of domain origin

c. Creating a user profile (registration)

You may register on our website and create a user profile. Following your registration on our website we will collect and use the data your Internet browser transmits automatically together with the data below. Depending on processing requirement, this data is identified as mandatory or optional:

- Date and time of registration
- Your first name and surname / company name
- Date of birth
- Your e-mail address
- Your phone number

The legal basis of data processing pursuant to Article 6 (1) a) and e) GDPR is the consent of the affected parties.

5. Use of Cookies and analysis tools

a. Cookies

We use Cookies on our website. Cookies are small text files our Web server sends to your computer to store certain information (e.g. attributes for identification).

If you use our website anonymously, Cookies will be used for statistical analysis of usage, including recording of new and recurring visits. We also use Cookies to assess the extent to which free content is used. To determine this figure our website will send a Unit ID to your browser. This is an anonymous code used exclusively to establish the free content that has been used already.
When you visit our website under your user profile, Cookies will be used to identify your browser for the duration of your visit, including the various Web pages you visited.
Our website can also be used without storing Cookies. You can block the storage of Cookies in your browser settings or tell your browser to inform you when a Web page intends to store Cookies. You will then decide to accept or reject Cookie storage. For our website to remain fully functional it is necessary for technical reasons, however, that storage of temporary Cookies will not be blocked. Even when Cookies are deactivated, our website will send the described Unit ID to your browser to determine the usage of free content. The legitimate interest pursuant to Article 6 (1) f) GDPR is the legal basis here.

Refer to the Help pages in your Internet browser for further information on blocking of Cookies. For example, look under windows.microsoft.com for Windows Internet Explorer and under support.mozilla.com for Firefox.

b. Matomo

Matomo, an Open Source Web Analysis tool (https://matomo.org), will on this website collect and store data for optimisation purposes. These data may be used to create user profiles under pseudonyms. Cookies may be used here. Cookies are small text files stored locally in the website visitor’s Internet browser buffer. Cookies will allow recognition of the returning Internet browser. The data collected by Matomo will not be used to personally identify visitors to this website unless with the consent of the affected party and will also not be linked to personal data via the owner of the pseudonym.

6. Your rights / contact details / objection

Objection and revocation

You may object to the use of your data without prior consent at any time, with future effect.

We point out that you may also at any time revoke (even partially) any consent you may have given, with future effect. In this case, send an e-mail to

Data Privacy Officer, Bundesanzeiger Verlag GmbH, Amsterdamer Straße 192, 50735 Cologne, Tel.: +49 (0) 2 21 / 9 76 68-0, dsb(at)bundesanzeiger.de

You also have the following rights:

Article 13, 14 EU-GDPR – Right to information
Article 15 EU GDPR – Right of access: We shall gladly on request inform you about your stored personal data. The information will be in text form. Contact – see below.
Article 16 EU GDPR – Right to rectification
Article 17 EU GDPR – Right to erasure, with restrictions, especially Art. 17 (3) b)
Article 18 EU GDPR – Right to restriction of processing
Article 19 EU GDPR – Notification
Article 20 EU GDPR – Right to data portability
Article 21 EU GDPR – Objection
Article 22 EU GDPR – Automated individual decision-making, including profiling
Article 23 EU GDPR – Restrictions
Article 77 EU GDPR – Right to lodge a complaint

The Bundesanzeiger Verlag processes personal and other data on this website to meet its statutory obligations, to perform its official responsibilities and to exercise its public authority. Legislature has furthermore promulgated various obligations and periods of retention e.g. § 147 Abgabenordnung. Erasure of data will be subject exclusively to these statutory provisions.

Note:

We endeavour to take technical and organisational steps allowing us to store your personal data in a way to render them inaccessible to third parties. Since we cannot guarantee full data security during communication by e-mail, we recommend mailing confidential information by post.

7. Scope

This Data Privacy Statement is applicable to the domains www.bundesanzeiger.de, www.unternehmensregister.de, www.publikations-plattform.de and www.aktionärsforum.de.

8. Amendments and currentness of this Data Privacy Statement

Amendments to the Data Privacy Statement will be published on this website and will apply from the date of publication. The intended use of these data will not change unless by consent.

This Data Privacy Statement is dated 25 May 2018 and currently valid.

9. Definition / Glossary

"Anonymisation" means that personal data will be changed such that personal or material details cannot be assigned to a specific or determinable natural person unless with unreasonably high cost of time, effort and labour.

"Personal data" comprise all information referring to a specific or determinable natural person (“affected person”); a determinable person is a person who can be directly or indirectly identified, especially by linking to identifiers such as name, identification number and other special characteristics describing physical, physiological, genetic, mental, economic, cultural or social identity.

A "Responsible body" is any person or entity collecting, processing or using personal data for own purposes or commissions others to do so.

"Special types of personal data" is defined as data on racial and ethnic origin, political opinions, religious or philosophical convictions, trade union memberships, health or sex life.

"Consent by the affected person" constitutes any clear statement of the person’s wish, given without coercion, relating to a particular case and cognizant of the situation, by way of a statement or other clear action, whereby the affected person demonstrates that he/she agrees to processing of the specific personal data.

A "Recipient" is any person or entity receiving data. A “Third party” is any person or entity external to the responsible body. The affected persons or entities or persons and entities commissioned to collect, process or utilise personal data inland, in another member state of the European Union or in another member country under the Treaty of the European Economic Area are not deemed third parties.

"Collection" is defined as the acquisition of data about the affected person or entity.

A "third party" is a natural or legal person, public authority, institution or body other than the affected person, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

"Pseudonymization" is defined as the substitution of the name and other identifying features with a code designed to exclude or considerably complicate identification of the entity concerned.

"Company" is every natural person and legal entity performing a commercial activity, irrespective of its legal form, including private companies or associations carrying out regular commercial activities.

"Group of companies" is a group comprising a controlling company and its dependent companies.

"Processing" is defined as storing, changing, transmitting, blocking and deleting personal data. The following definitions also apply, irrespective of the processes used:

1. Storage – the acquisition, recording or storing of personal data on data carriers for purposes of further processing or use,
2. Changing – the editing of stored personal data,
3. Transmission – the disclosure to third parties of stored personal data or personal data obtained through data processing, in a manner to allow
    a) passing on the data to a third party or
    b) third parties to view or retrieve the data
4. Blocking – marking stored personal data to restrict their further processing or utilisation,

"Deletion" – rendering stored personal data not recognisable.

10. Amicable online dispute resolution

The European Commission provides a platform for amicable online dispute resolution (OS platform) at http://ec.europa.eu/consumers/odr/. We point out that we do not participate in dispute resolution before a consumer dispute resolution authority.