Maintaining the privacy of your data is a top priority at oceanis. oceanis considers it essential to establish high standards of data privacy protection for all users of the oceanis Platform and to continually improve these standards. We therefore adhere and comply with the applicable statutory requirements of the Federal Republic of Germany and the European Union in all data processing procedures. One of our main concerns in this regard, is allowing you to determine to what extent oceanis processes your data and to decide the way in which you will share your personal data with us.
2. Collection, Processing and Use of Personal Data
In order to provide you with our services, it is necessary for us to collect, process and use your personal data as specified below.
2.1 Personal data
Personal data shall mean any information concerning the personal or material circumstances of an identified or identifiable natural person. This includes, in particular, information which can be traced back to your identity, such as your name, telephone number, mailing address or email address. Statistical data collected when users visit our website and which cannot be directly linked to your identity is, for instance, not considered/classified as personal data.
2.2 Collection, Processing and Use of your Personal Data
Maintaining the privacy of your data is one of our top priorities. Therefore, we strictly adhere to the statutory provisions when collecting, processing and using your personal data. We collect, store and process your data to offer you a better user experience on our website, to provide you with the technical services that, among others, enable investments in Notes and, if applicable, to comply with our rights and obligations as Trustee. We may additionally use your data for the purpose of keeping you informed via engaging, relevant newsletters which you may opt to receive, for our own marketing purposes, and for fraud prevention. We also collect, process and use your personal data for purposes of verifying your identity.
2.2.1. Visiting our Website
Every time our website is used, we collect the access data which your browser automatically transmits to make your visit to the website possible. These access data comprise in particular:
- IP address of enquiring device
- Date and time of enquiry
- Address of the website called up and of the website enquiring
- Information on the browser and operating system used
- Online identifiers (e.g. device identifiers, session IDs)
The processing of these access data is necessary in order to make the visit to the website possible and to ensure the permanent functionality and security of our systems. The legal basis for the foregoing processing is Article 6 para. 1 sentence 1 lit. b GDPR.
The access data are in addition saved for the foregoing purposes in internal logfiles, in order to develop our website further with regard to the usage patterns of our visitors (e.g. if the proportion of mobile devices on which the pages are called up rises) and in order to administer our website in a general way. The legal basis is Art. 6 para 1 sentence 1 lit. f of the General Data Protection Regulation (GDPR). Our legitimate interest is to further improve our website and our services we offer through it.
The information saved in the logfiles allows no direct conclusion to be drawn about you as a person – in particular, we save the IP addresses only in abbreviated, anonymised form. The logfiles are saved for 30 days and archived following subsequent anonymisation.
2.2.2 Registration via oceanis’s Platform
You have the possibility of registering for our login area, in order to use our website’s full range of functions. We have highlighted with an identification mark the data which you are required to supply:
- Name of Company
- First name and last name of the respective authorised person to represent the company
- Email address of the respective authorised person to represent the company
Without these data a registration is not possible. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. b GDPR.This personal data is stored in order to set up your user account and enable you to gain access to the oceanis Platform.
2.2.3 Potential and Active Investments
2.2.4 Identity verification
Obliged entities under German Anti Money Laundering legislation (e.g. credit institutions) and under comparable national regulations are required to obtain information about the identity and address of their customers. This process contributes to prevent the misuse of their services for unlawful activities such as identity theft, identity fraud or money laundering. Verifying the identity of a customer (or “knowing your customer” –“KYC”) is a legal requirement and an essential aspect of risk management practices. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. c GDPR
2.2.5 Use of your Data for Marketing Purposes
In addition to processing your data to enable registration or to process an investment, we will use your data to send you information via letter about products, services and marketing campaigns that may be of interest to you on the basis of Article 6 para. 1 sentence 1 lit. f GDPR (where your consent is not required). Our legitimate interest is to market our services. You may partially or fully opt out of the use of your personal data for marketing purposes at any time without incurring any costs other than the transmission costs at standard rates. Sending a written message to our postal or email address, indicated in section 1 above, is sufficient for this purpose.
We will use your data to send you information about our products, services and marketing campaigns that may be of interest to you via email or SMS on the basis of your consent, Article 6 para.1 sentence 1 lit. a GDPR.
You have the possibility of ordering our Newsletter, in which we tell you regularly of the latest news about our products and campaigns.
For ordering the Newsletter we use the so-called double opt-in procedure within our registration form for our login area, i.e. we shall only send you the Newsletter by email if you confirm, by clicking a link in our message email, that you are the holder of the email address provided. Should you confirm your email address, we shall store your email address, the time of registration and the IP address used for the registration for such time until you cancel the Newsletter. This storage serves only the purpose of sending you the Newsletter and being able to provide your registration. You can cancel the Newsletter again at any time. A link to this effect is placed in every Newsletter. A message to the contact details given above or in the Newsletter (e.g. by email or letter) is of course likewise sufficient for this. The legal basis of the processing is Article 6 para. 1 sentence 1 lit. a GDPR.
In our Newsletter we use established technologies by which the interactions with the Newsletter can be measured (e.g. opening of the email, links clicked). We use these data in pseudonymised form for general statistical evaluations and to optimise and develop our contacts and customer communication further. This is done with the aid of graphics which are embedded in the Newsletter (so-called pixels). These data are collected only in a pseudonymised way, and in addition the data once collected are not combined with your personal data. The legal basis for this is our foregoing legitimate interest under the terms of Art. 6 para.1 sentence 1 lit. f GDPR. Via our Newsletter, we share subjects with our customers which are of maximum relevance to them. If you do not wish your user pattern to be analysed, you can cancel the Newsletter or disable graphics in your email program in a standard way. We wish via our Newsletter to share subjects with our customers which are of maximum relevance to them and to understand better what our readers are actually interested in.
In order to complete your registration as a user of the Platform and keep you updated with the status of your investment, we will communicate with you via email, SMS or letter, using the addresses and phone number provided. Users are hereby expressly informed that, in principle, the possibility of unauthorised third parties being able to view, read, manipulate and/or delete electronically transmitted data cannot be excluded.
Legal Basis for this is Art. 6 para.1 sentence 1 lit. b GDPR, as contacting you serves purposes of our contractual relationship.
2.2.8 Market and Opinion Research
To improve our services, we will also use your data for general market and opinion research. We will, of course, use your data only for statistical purposes and in an anonymised form. Your responses to survey questions will not be published or disclosed to third parties without your consent. We will not store your responses to our surveys in combination with your email address or other personal data.
You may partially or fully opt out of your data being used for market and opinion research at any time by sending a written message to our postal address or email address, indicated in section 1 above. All survey emails automatically include a link to unsubscribe from further mailings.
Legal Basis for this is Art. 6 para. 1 sentence 1 lit. f, as it is our legitimate interest to understand our target audience and improve our business.
3.1 General Information about Cookies
3.2 Cookies used by oceanis
For a part of our service it is necessary for us to insert cookies. Cookies are not inserted to execute programs or to load viruses into your computer. Instead the main purpose of cookies is to provide a product or service especially tailored to yourself and to make use of our services as time-saving as possible.
We use our own cookies in particular
- for log-in identification
- for load distribution
To note that information placed on our website has been displayed to you - so that on your next visit to the website it does not need to be displayed again.
In this way we wish to enable you to use our website in a convenient and individual way. These services are based on our foregoing legitimate interest, and the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR
3.3 How can you prevent the Receipt of Cookies?
You can change your browser settings to prevent cookies from being accepted, unless you have approved them. In most cases, the help function in the menu bar of your web browser will explain how to reject new cookies and how to disable cookies you have already received.
We recommend always logging out fully after you have used a computer which has multiple users and is set up to accept cookies.
3.4 Interest-based Advertising
In order to provide you with interesting and customised offers, this website uses interest-based online advertising. For this purpose, we use so-called retargeting technology that is based on cookies. This allows us to address visitors to our platform who showed interest in our products on websites of our partners. We will only collect anonymised and pseudonymised data and will not merge usage profiles with personal data. In the event that you should not wish to receive interest-based advertising, you may prevent this by selecting the respective settings under the hyperlink http://preferences-mgr.truste.io/
This site offers an opt-out mechanism for internet-based advertising in a bundled way. The website of TRUSTe, Inc, 835 Market Street, San Francisco, CA 94103-1905, USA (“TRUSTe”) allows you to either deactivate all advertisements across-the-board, or alternatively, block individual advertisement providers. Please note that after deletion of all of your browser’s cookies or usage of another browser at a later stage, the opt-out cookie must be reset.
For more information about interest-based advertising and opt-out options, please visit www.truste.com/consumer-privacy/about-oba/
The legal basis for the data processing described in the following section is Art. 6 para. 1 sentence 1 lit. f GDPR, grounded on our legitimate interest in providing you with personalised advertising.
3.4.1 Google Analytics
Google will process the information so gained in order to evaluate your use of the website, to assemble reports on the website activities for the website operators, and to supply further services connected with website use and internet use.
As set out above, you can so configure your browser that it rejects cookies, or you can prevent the capture of the data generated by cookies and relating to your use of our website (including your IP-address) and the browser add-on provided by Google.
You will find more detailed information on this matter in the Privacy Statement of Google Analytics.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
You should never share your passwords with unauthorised third parties and you should change them regularly. Every time you leave the Platform, you should log out of your session and close your browser window to prevent unauthorised users from accessing your oceanis user account.
5. Right of Access to Information
You have the right at any time to require us to provide information about the processing of your personal data (right of access). When providing you with this information we shall explain the data processing and supply an overview of the data relating to your person which are stored. Should data stored with us be inaccurate or no longer up-to-date, you enjoy the right to have these data corrected (right to rectification). You can also require the erasure of your data (right to erasure or right to be forgotten). Should the erasure exceptionally not be possible due to other legal regulations, the data processing will be restricted, so that in future they are only available for this statutory purpose. You can also have the processing of your data restricted, i.e. if you believe that the data which we have saved are not correct (right to restriction of processing). You also have the right of data portability, i.e. that we send you on request a digital copy of the personal data which you have provided (right to data portability).
To exercise your rights as set out here, you can communicate with the foregoing contact details at any time. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.
You also have the right to object to the data processing based on Article 6 para.1 sentence 1 lit. e or f GDPR. Finally, you have the right to complain to a regulatory authority to which we are subject. You can exercise this right at a regulatory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Hamburg where oceanis is located the competent regulatory authority is:
Data Protection and Freedom of Information
20459 Hamburg, Germany
6. Right to withdraw consent and object to processing activities
Under Article 7 sec. 3 GDPR you have the right at any time to withdraw to us any consent which has once been given. This will have as a consequence that in future we no longer continue the data processing based on this consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Insofar as we process your data on the basis of legitimate interests under Article 6 para. 1 sentence 1 lit. f GDPR, you have the right under Article 21 GDPR to object to the processing of your data and to mention grounds relating to your particular situation that in your opinion speak in favour of prevailing legitimate interests. Where personal data are processed for direct marketing purposes, you have a general right of objection which will also be implemented by us without your stating reasons.
We occasionally update this Data Privacy Statement, for instance when we revise our website or statutory or official regulations change.
Information regarding data processing of applications
This information shall give you an overview about the processing of your personal data when you apply for a job at oceanis.
In case of a Job Application
Controller according to the General Data Protection Regulation EU (2016/679) (“GDPR”) and other data privacy rules is:
oceanis GmbH („oceanis“)
20355 Hamburg, Germany
Phone: +49 40 226 3847 40
2. Processing of Personal Data
According to Article 4 no. 1 GDPR personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
For the application process we are processing the data that you make available to us. This includes the following data:
- email address
- application documents (CV, engagement letter, etc)
- interview notes
- IP address, when you apply through the online application form
Furthermore, we process the data that you make available to us when you contact us during the application process.
We may use other sources to process data from you, e.g. recruiter, websites or other public available data such as your profiles on professional social networking platforms, such as LinkedIn or Xing.
3. Purpose and legal basis
We process your personal data for the purpose of the selection of job applicants.
The legal basis for data processing is Section 26 Federal Data Protection Act (BDSG) in conjunction with Article 6 para. 1 sentence 1 lit. b General Data Protection Regulation (GDPR) and Art. 88 GDPR. The legal basis for the processing of information that you have given us voluntarily is Section 26 para 2 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. a GDPR and Art. 88 GDPR, your consent. The legal basis for the use of the data from public available sources is Art. 6 para 1 sentence 1 lit. f GDPR The legitimate interest is to receive an overview of your background.
In the event an employment relationship is established we will process the data for the performance of the employment contract according to Section 26 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. b GDPR.
If you are interested in other positions within oceanis or would like us to store your data for future positions, the legal basis for processing your data is Section 26 para 2 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. a GDPR and Art 88 GDPR.
The processing of your personal data may be necessary for the defence against claims from the application process. Legal basis is Art. 6 para 1 sentence 1 lit. f GDPR. The legitimate interest is the burden of proof in a procedure.
4. Recipients, categories of recipients
Within oceanis only those employees have access to your data who are in charge of the application procedure.
We may disclose your personal data also to authorities and/or law enforcement authorities when necessary for the above purposes, when required by law or when necessary to protect our legitimate interests in accordance with applicable law.
5. Retention period
Applicant data will be deleted three months after the end of the specific application procedure. In case of expressed interest also in other positions, the data will be stored for up to 12 months from the last job offer or the last concrete expression of interest.
We may be required to store the data for a longer period if there is a longer legal retention period.
If you start working for us, we will store the data for the duration of the employment relationship. The data processing for the purpose of the employment relationship is subject to another information that you will receive separately.
6. Obligation to provide personal data
Applicants are required to provide data. Without entering data, an application is not possible.
7. Rights of the data subject
As a data subject you have several rights. For assertion of rights you can contact us:
oceanis GmbH („oceanis“)
20355 Hamburg, Germany
Phone: +49 40 226 3847 40
a. Access, rectification, erasure
In accordance with Art. 15 GDPR, you may at any time obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to personal data. Information is provided free of charge.
If your personal data is incorrect or incomplete, you have the right to correct and amend it (Art. 16 GDPR).
You can request the erasure of your personal data at any time, unless we are legally obliged or entitled to further processing of your data (Art. 17 GDPR).
If the legal requirements are met, you can demand a restriction on the processing of your personal data (Art. 18 GDPR).
b. Right to object
You can object to data processing in accordance with Art. 21 GDPR. We will then stop processing your data. This is not the case if we can prove compelling reasons worthy of protection, which outweigh your rights.
c. Right to data portability
Upon request, we will provide you with your personal data transmitted by you in a standard machine-readable data format (Art. 20 GDPR).
d. Right to withdraw consent
If you have given us your consent to process personal data, you can withdraw it at any time with future effect without affecting the legality of the processing carried out on the basis of the consent until withdrawal. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR was valid, i.e. before 25 May 2018.
e. Right to lodge a complaint
You have the right under Article 77 GDPR to lodge a complaint with the supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. In Hamburg where oceanis is located the competent regulatory authority is:
Data Protection and Freedom of Information
20459 Hamburg, Germany
8. Automated decision making
In principle, we do not use automated decision making for the establishment, execution and termination of business relationships. If we use automated decision making, we will inform you separately.