Privacy Policy

The oceanis GmbH (“oceanis”) Privacy Policy provides an overview of the kind of personal data being collected, the manner in which this data is used or transmitted and the way in which you may obtain information about the data provided to oceanis.

Maintaining the privacy of your data is a top priority at oceanis. oceanis considers it essential to establish high standards of data privacy protection for all users of the oceanis Platform and to continually improve these standards. We therefore adhere and comply with the applicable statutory requirements of the Federal Republic of Germany and the European Union in all data processing procedures. One of our main concerns in this regard, is allowing you to determine to what extent oceanis processes your data and to decide the way in which you will share your personal data with us.

1. Controller

As controller, oceanis is responsible for processing and use of your personal data. If you wish to partially or fully opt-out of the collection, processing or use of your data pursuant to this Privacy Policy, you may send an opt-out notice by letter or email to the following postal or email address, respectively:

oceanis GmbH
Caffamacherreihe 7
20355 Hamburg

2. Collection, Processing and Use of Personal Data

In order to provide you with our services, it is necessary for us to collect, process and use your personal data as specified below.

2.1 Personal data

Personal data shall mean any information concerning the personal or material circumstances of an identified or identifiable natural person. This includes, in particular, information which can be traced back to your identity, such as your name, telephone number, mailing address or email address. Statistical data collected when users visit our website and which cannot be directly linked to your identity is, for instance, not considered/classified as personal data.

2.2 Collection, Processing and Use of your Personal Data

Maintaining the privacy of your data is one of our top priorities. Therefore, we strictly adhere to the statutory provisions when collecting, processing and using your personal data. We collect, store and process your data to offer you a better user experience on our website, to provide you with the technical services that, among others, enable investments in Notes and, if applicable, to comply with our rights and obligations as Trustee. We may additionally use your data for the purpose of keeping you informed via engaging, relevant newsletters which you may opt to receive, for our own marketing purposes, and for fraud prevention. We also collect, process and use your personal data for purposes of verifying your identity.

2.2.1. Visiting our Website

Every time our website is used, we collect the access data which your browser automatically transmits to make your visit to the website possible. These access data comprise in particular:

  • IP address of enquiring device
  • Date and time of enquiry
  • Address of the website called up and of the website enquiring
  • Information on the browser and operating system used
  • Online identifiers (e.g. device identifiers, session IDs)

The processing of these access data is necessary in order to make the visit to the website possible and to ensure the permanent functionality and security of our systems. The legal basis for the foregoing processing is Article 6 para. 1 sentence 1 lit. b GDPR.

The access data are in addition saved for the foregoing purposes in internal logfiles, in order to develop our website further with regard to the usage patterns of our visitors (e.g. if the proportion of mobile devices on which the pages are called up rises) and in order to administer our website in a general way. The legal basis is Art. 6 para 1 sentence 1 lit. f of the General Data Protection Regulation (GDPR). Our legitimate interest is to further improve our website and our services we offer through it.

The information saved in the logfiles allows no direct conclusion to be drawn about you as a person – in particular, we save the IP addresses only in abbreviated, anonymised form. The logfiles are saved for 30 days and archived following subsequent anonymisation.

2.2.2 Registration via oceanis’s Platform

You have the possibility of registering for our login area, in order to use our website’s full range of functions. We have highlighted with an identification mark the data which you are required to supply:

  • Name of Company
  • First name and last name of the respective authorised person to represent the company
  • Email address of the respective authorised person to represent the company

Without these data a registration is not possible. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. b GDPR.This personal data is stored in order to set up your user account and enable you to gain access to the oceanis Platform.

2.2.3 Potential and Active Investments

We collect, process and use your personal data throughout the contractual term of the terms of use of the oceanis Platform and/or of the trust agreement, if applicable, for purposes of providing the technical services of the oceanis Platform in relation to the selection and bidding of projects. The oceanis Platform particularly enables potential and active financiers to get an overview of the potential projects and initiator an overview of potential and active financiers. For these purposes, oceanis collects basic data and subscription application data on the basis of Article 6 para. 1 sentence 1 lit. b GDPR about you.

2.2.4 Identity verification

Obliged entities under German Anti Money Laundering legislation (e.g. credit institutions) and under comparable national regulations are required to obtain information about the identity and address of their customers. This process contributes to prevent the misuse of their services for unlawful activities such as identity theft, identity fraud or money laundering. Verifying the identity of a customer (or “knowing your customer” –“KYC”) is a legal requirement and an essential aspect of risk management practices. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. c GDPR

2.2.5 Use of your Data for Marketing Purposes

In addition to processing your data to enable registration or to process an investment, we will use your data to send you information via letter about products, services and marketing campaigns that may be of interest to you on the basis of Article 6 para. 1 sentence 1 lit. f GDPR (where your consent is not required). Our legitimate interest is to market our services. You may partially or fully opt out of the use of your personal data for marketing purposes at any time without incurring any costs other than the transmission costs at standard rates. Sending a written message to our postal or email address, indicated in section 1 above, is sufficient for this purpose.

We will use your data to send you information about our products, services and marketing campaigns that may be of interest to you via email or SMS on the basis of your consent, Article 6 para.1 sentence 1 lit. a GDPR.

2.2.6 Newsletters

You have the possibility of ordering our Newsletter, in which we tell you regularly of the latest news about our products and campaigns.

For ordering the Newsletter we use the so-called double opt-in procedure within our registration form for our login area, i.e. we shall only send you the Newsletter by email if you confirm, by clicking a link in our message email, that you are the holder of the email address provided. Should you confirm your email address, we shall store your email address, the time of registration and the IP address used for the registration for such time until you cancel the Newsletter. This storage serves only the purpose of sending you the Newsletter and being able to provide your registration. You can cancel the Newsletter again at any time. A link to this effect is placed in every Newsletter. A message to the contact details given above or in the Newsletter (e.g. by email or letter) is of course likewise sufficient for this. The legal basis of the processing is Article 6 para. 1 sentence 1 lit. a GDPR.

In our Newsletter we use established technologies by which the interactions with the Newsletter can be measured (e.g. opening of the email, links clicked). We use these data in pseudonymised form for general statistical evaluations and to optimise and develop our contacts and customer communication further. This is done with the aid of graphics which are embedded in the Newsletter (so-called pixels). These data are collected only in a pseudonymised way, and in addition the data once collected are not combined with your personal data. The legal basis for this is our foregoing legitimate interest under the terms of Art. 6 para.1 sentence 1 lit. f GDPR. Via our Newsletter, we share subjects with our customers which are of maximum relevance to them. If you do not wish your user pattern to be analysed, you can cancel the Newsletter or disable graphics in your email program in a standard way. We wish via our Newsletter to share subjects with our customers which are of maximum relevance to them and to understand better what our readers are actually interested in.

2.2.7 Notifications

In order to complete your registration as a user of the Platform and keep you updated with the status of your investment, we will communicate with you via email, SMS or letter, using the addresses and phone number provided. Users are hereby expressly informed that, in principle, the possibility of unauthorised third parties being able to view, read, manipulate and/or delete electronically transmitted data cannot be excluded.

Legal Basis for this is Art. 6 para.1 sentence 1 lit. b GDPR, as contacting you serves purposes of our contractual relationship.

2.2.8 Market and Opinion Research

To improve our services, we will also use your data for general market and opinion research. We will, of course, use your data only for statistical purposes and in an anonymised form. Your responses to survey questions will not be published or disclosed to third parties without your consent. We will not store your responses to our surveys in combination with your email address or other personal data.

You may partially or fully opt out of your data being used for market and opinion research at any time by sending a written message to our postal address or email address, indicated in section 1 above. All survey emails automatically include a link to unsubscribe from further mailings.

Legal Basis for this is Art. 6 para. 1 sentence 1 lit. f, as it is our legitimate interest to understand our target audience and improve our business.

3. Use of Cookies

You are not required to accept the use of cookies to visit our website. However, please note that you may not be able to use certain site features if you disable the use of oceanis’s cookies.

3.1 General Information about Cookies

Cookies are small text files stored in your computer, cell phone or other device the first time you visit oceanis’s website. They help us to recognise you as a user the next time you visit our website using the same device and web browser. We use cookies, for example, to analyse the number of users and their frequency of visits, as well as to present our services to you in the most convenient, efficient and interesting manner, thus continually improving the quality of our service, while tailoring the platform to your individual requirements.

3.2 Cookies used by oceanis

For a part of our service it is necessary for us to insert cookies. Cookies are not inserted to execute programs or to load viruses into your computer. Instead the main purpose of cookies is to provide a product or service especially tailored to yourself and to make use of our services as time-saving as possible.

We use our own cookies in particular

  • for log-in identification
  • for load distribution

To note that information placed on our website has been displayed to you - so that on your next visit to the website it does not need to be displayed again.

In this way we wish to enable you to use our website in a convenient and individual way. These services are based on our foregoing legitimate interest, and the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR

We further use cookies and comparable technologies (e.g. web beacons) of partners for analytical and marketing purposes. This is described more precisely in the following sections.

3.3 How can you prevent the Receipt of Cookies?

You can change your browser settings to prevent cookies from being accepted, unless you have approved them. In most cases, the help function in the menu bar of your web browser will explain how to reject new cookies and how to disable cookies you have already received.

We recommend always logging out fully after you have used a computer which has multiple users and is set up to accept cookies.

Cookie opt-out

3.4 Interest-based Advertising

In order to provide you with interesting and customised offers, this website uses interest-based online advertising. For this purpose, we use so-called retargeting technology that is based on cookies. This allows us to address visitors to our platform who showed interest in our products on websites of our partners. We will only collect anonymised and pseudonymised data and will not merge usage profiles with personal data. In the event that you should not wish to receive interest-based advertising, you may prevent this by selecting the respective settings under the hyperlink

This site offers an opt-out mechanism for internet-based advertising in a bundled way. The website of TRUSTe, Inc, 835 Market Street, San Francisco, CA 94103-1905, USA (“TRUSTe”) allows you to either deactivate all advertisements across-the-board, or alternatively, block individual advertisement providers. Please note that after deletion of all of your browser’s cookies or usage of another browser at a later stage, the opt-out cookie must be reset.

For more information about interest-based advertising and opt-out options, please visit

The legal basis for the data processing described in the following section is Art. 6 para. 1 sentence 1 lit. f GDPR, grounded on our legitimate interest in providing you with personalised advertising.

3.4.1 Google Analytics

This website uses Google Analytics, a web-analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies and similar technologies to analyse and improve our website on the basis of your usage pattern. The data accrued in this context may be transmitted by Google for analysis to a server in the USA and stored there. Should personal data be transmitted to the USA, Google has acceded to the EU-US Privacy Shield . Your IP address will be abbreviated prior to the analysis of usage statistics, however, so that no conclusions can be drawn about your identity. For this purpose, Google Analytics has been extended on our website to include the code “anonymizeIP”, in order to guarantee an anonymised capture of IP addresses.

Google will process the information so gained in order to evaluate your use of the website, to assemble reports on the website activities for the website operators, and to supply further services connected with website use and internet use.

As set out above, you can so configure your browser that it rejects cookies, or you can prevent the capture of the data generated by cookies and relating to your use of our website (including your IP-address) and the browser add-on provided by Google.

You will find more detailed information on this matter in the Privacy Statement of Google Analytics.

3.4.2 Typeform

This website uses Typeform, a service of TYPEFORM SL (C/ Can Rabia 3-5, 4th floor, 08017 – Barcelona, Spain), in order to better understand users’ needs and to optimize this service and experience. Typeform is a service provider that helps us collect our users' feedback and satisfaction score and this enables us to build and maintain our service. Typeform SL uses their own and third-party cookies to analyze performance and learn where respondents are coming from. Cookie data is anonymous and contains no personal information. Once your information enters Typeform’s systems, it’s secured with multiple levels of encryption to guarantee the confidentiality of the information they contain.

For further details, please see the ‘Terms & Conditions’ section of Typeform's admin support site.

4. Security

oceanis has taken numerous security precautions to reasonably and adequately protect your personal data. Physical, technical and procedural protections are in place to secure our databases and restrict access to the information only to authorised persons complying with this Privacy Policy. Sensitive data is sent to oceanis exclusively using encrypted transmission (SSL/TLS technology). oceanis performs regular security checks on its system to shore up potential weak spots and ward off attacks.

You should never share your passwords with unauthorised third parties and you should change them regularly. Every time you leave the Platform, you should log out of your session and close your browser window to prevent unauthorised users from accessing your oceanis user account.

5. Right of Access to Information

You have the right at any time to require us to provide information about the processing of your personal data (right of access). When providing you with this information we shall explain the data processing and supply an overview of the data relating to your person which are stored. Should data stored with us be inaccurate or no longer up-to-date, you enjoy the right to have these data corrected (right to rectification). You can also require the erasure of your data (right to erasure or right to be forgotten). Should the erasure exceptionally not be possible due to other legal regulations, the data processing will be restricted, so that in future they are only available for this statutory purpose. You can also have the processing of your data restricted, i.e. if you believe that the data which we have saved are not correct (right to restriction of processing). You also have the right of data portability, i.e. that we send you on request a digital copy of the personal data which you have provided (right to data portability).

To exercise your rights as set out here, you can communicate with the foregoing contact details at any time. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.

You also have the right to object to the data processing based on Article 6 para.1 sentence 1 lit. e or f GDPR. Finally, you have the right to complain to a regulatory authority to which we are subject. You can exercise this right at a regulatory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Hamburg where oceanis is located the competent regulatory authority is:

Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg, Germany

6. Right to withdraw consent and object to processing activities

Under Article 7 sec. 3 GDPR you have the right at any time to withdraw to us any consent which has once been given. This will have as a consequence that in future we no longer continue the data processing based on this consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Insofar as we process your data on the basis of legitimate interests under Article 6 para. 1 sentence 1 lit. f GDPR, you have the right under Article 21 GDPR to object to the processing of your data and to mention grounds relating to your particular situation that in your opinion speak in favour of prevailing legitimate interests. Where personal data are processed for direct marketing purposes, you have a general right of objection which will also be implemented by us without your stating reasons.

7. Accessing the Privacy Policy

We occasionally update this Data Privacy Statement, for instance when we revise our website or statutory or official regulations change.

You may access and print this Privacy Policy from any of oceanis’s websites. You may print or download this document by using your browser’s standard features (in most cases: File/Save as). To open this PDF file, you will need Adobe Reader ( or a similar program designed to open PDF files.

Information regarding data processing of applications

This information shall give you an overview about the processing of your personal data when you apply for a job at oceanis.

January 2023

In case of a Job Application

1. Controller

Controller according to the General Data Protection Regulation EU (2016/679) (“GDPR”) and other data privacy rules is:

oceanis GmbH („oceanis“)
Caffamacherreihe 7
20355 Hamburg, Germany

Phone: +49 40 226 3847 40

2. Processing of Personal Data

According to Article 4 no. 1 GDPR personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

For the application process we are processing the data that you make available to us. This includes the following data:

  • name
  • address
  • email address
  • application documents (CV, engagement letter, etc)
  • position
  • interview notes
  • IP address, when you apply through the online application form

Furthermore, we process the data that you make available to us when you contact us during the application process.

We may use other sources to process data from you, e.g. recruiter, websites or other public available data such as your profiles on professional social networking platforms, such as LinkedIn or Xing.

3. Purpose and legal basis

We process your personal data for the purpose of the selection of job applicants.

The legal basis for data processing is Section 26 Federal Data Protection Act (BDSG) in conjunction with Article 6 para. 1 sentence 1 lit. b General Data Protection Regulation (GDPR) and Art. 88 GDPR. The legal basis for the processing of information that you have given us voluntarily is Section 26 para 2 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. a GDPR and Art. 88 GDPR, your consent. The legal basis for the use of the data from public available sources is Art. 6 para 1 sentence 1 lit. f GDPR The legitimate interest is to receive an overview of your background.

In the event an employment relationship is established we will process the data for the performance of the employment contract according to Section 26 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. b GDPR.

If you are interested in other positions within oceanis or would like us to store your data for future positions, the legal basis for processing your data is Section 26 para 2 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. a GDPR and Art 88 GDPR.

The processing of your personal data may be necessary for the defence against claims from the application process. Legal basis is Art. 6 para 1 sentence 1 lit. f GDPR. The legitimate interest is the burden of proof in a procedure.

4. Recipients, categories of recipients

Within oceanis only those employees have access to your data who are in charge of the application procedure.

We may disclose your personal data also to authorities and/or law enforcement authorities when necessary for the above purposes, when required by law or when necessary to protect our legitimate interests in accordance with applicable law.

5. Retention period

Applicant data will be deleted three months after the end of the specific application procedure. In case of expressed interest also in other positions, the data will be stored for up to 12 months from the last job offer or the last concrete expression of interest.

We may be required to store the data for a longer period if there is a longer legal retention period.

If you start working for us, we will store the data for the duration of the employment relationship. The data processing for the purpose of the employment relationship is subject to another information that you will receive separately.

6. Obligation to provide personal data

Applicants are required to provide data. Without entering data, an application is not possible.

7. Rights of the data subject

As a data subject you have several rights. For assertion of rights you can contact us:

oceanis GmbH („oceanis“)
Caffamacherreihe 7
20355 Hamburg, Germany

Phone: +49 40 226 3847 40

a. Access, rectification, erasure

In accordance with Art. 15 GDPR, you may at any time obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to personal data. Information is provided free of charge.

If your personal data is incorrect or incomplete, you have the right to correct and amend it (Art. 16 GDPR).

You can request the erasure of your personal data at any time, unless we are legally obliged or entitled to further processing of your data (Art. 17 GDPR).

If the legal requirements are met, you can demand a restriction on the processing of your personal data (Art. 18 GDPR).

b. Right to object

You can object to data processing in accordance with Art. 21 GDPR. We will then stop processing your data. This is not the case if we can prove compelling reasons worthy of protection, which outweigh your rights.

c. Right to data portability

Upon request, we will provide you with your personal data transmitted by you in a standard machine-readable data format (Art. 20 GDPR).

d. Right to withdraw consent

If you have given us your consent to process personal data, you can withdraw it at any time with future effect without affecting the legality of the processing carried out on the basis of the consent until withdrawal. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR was valid, i.e. before 25 May 2018.

e. Right to lodge a complaint

You have the right under Article 77 GDPR to lodge a complaint with the supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. In Hamburg where oceanis is located the competent regulatory authority is:

Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg, Germany

8. Automated decision making

In principle, we do not use automated decision making for the establishment, execution and termination of business relationships. If we use automated decision making, we will inform you separately.

January 2023