Privacy Policy
Welcome to the website of Picus Capital GmbH. The protection of personal data is important to us. We only process personal data in compliance with the applicable data protection requirements, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz– BDSG). Below we would like to provide you with all the information you need to review and exercise your rights. In this Privacy Policy, you will find all information on the processing of your personal data in connection with our website and when you contact our customer service department.
- Information about the controller
- Name and contact details of the controller
Picus Capital GmbH
Karlstraße 12
80333 Munich
E-mail: info@picuscap.com - Contact details of the data protection officer
Data Protection Officer
Picus Capital GmbH
Karlstraße 12
80333 Munich
E-mail: dataprivacy@picuscap.com
- Name and contact details of the controller
- Information about the processing of personal data
- Visiting our website
When you visit our website, we process personal information to provide you with the website and its content and to ensure the security of our IT infrastructure. We also process personal data to provide you with a cookie dashboard.
- Visiting our website
You will find more detailed information on this below:
Providing content
When you visit our website, data are temporarily processed on our web server to provide you with the website content you have accessed.
We process HTTP data for this purpose.
The legal basis of this processing is Article 6(1)(f) GDPR. Our legitimate interest is providing the website content you have accessed.
As part of this processing, we transfer your data to the following categories of recipients: iS-Fun Internet Services GmbH, Badhausweg 8, 76307 Karlsbad, Germany.
Please refer to Section D for information on the periods for which the various categories of personal data are stored.
Security of IT infrastructure
We temporarily store log files on our web service and analyse these to ensure the security of the IT infrastructure used to provide the website, in particular for the detection, elimination and evidential documentation of disruptions (e.g. DDoS attacks).
We process HTTP data for this purpose.
The legal basis of this processing is our legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest is ensuring the security of the IT infrastructure used to provide the website, in particular to detect, eliminate and document evidence of disruptions (e.g. DDoS attacks).
Please refer to Section D for information on the periods for which the various categories of personal data are stored.
Cookie dashboard
We provide you with a function for managing your cookie settings for the website (hereinafter: “cookie dashboard”). When you visit the website again, we determine whether you have already given your consent, for example, and activate cookies and related analytics and tracking tools according to your preferences. For this purpose, data from absolutely necessary cookies are also temporarily processed on our web server. You can find more detailed information on the content and purposes of the cookies and similar technologies used in our cookie dashboard [Please insert link to the cookie-dashboard/cookie banner].
For this purpose, we process the data that you provide to manage your cookie settings for this website and data that are assigned to your terminal device when you use the cookie settings management function. This includes, for example, your consent and, where applicable, your individual selection for the use of cookies on your terminal device.
The legal basis of this processing is our legitimate interest (Art. 6(1)(f) GDPR) in managing the cookie consents your have given for this website.
As part of this processing, we transfer your data to the following categories of recipients: Borlabs, Rübenkamp 32, 22305 Hamburg, Germany.
Please refer to Section D for information on the periods for which the various categories of personal data are stored.
- Web analytics technologies
If you have given us your consent to do so, we use web analytics technologies on our website. This allows us to collect and analyse information about your activities on our website. For this purpose, we create a profile that we assign to your terminal device. When you visit our website, we can recognise your terminal device. The information obtained is used to improve our website and better achieve other objectives (e.g. improving our visibility on the Internet).
You will find more detailed information on this below:
Google Analytics
If you visit our website and have given us your consent to do so, we collect information about your use of our website by means of the web analytics tool Google Analytics and store it in a terminal device-related profile. This enables us to improve our website and better achieve the objectives of our website. In order to be able to assign this information to your terminal device, we assign a unique ID to your terminal device, which is linked to the terminal device-related profile. This data is stored in cookies on your terminal device and can be read when you visit our website. During your visit to our website, we can recognise your terminal device there on the basis of the ID assigned to it. The aim of these analytics is to investigate where the users of our website come from, which areas of our website they visit and how often and for how long they look at which page and categories.
We process web analytics HTTP data, web analytics terminal device data and web analytics profile data for this purpose. Your IP address is rendered anonymous before it is stored. To document your consent, we store a unique ID assigned to you for the duration of your consent.
The web analytics tool used by us generates and stores the web analytics profile. This includes information about your use of our website, in particular page impressions, visit frequency and amount of time spent on the pages accessed as well as the unique ID assigned to your terminal device.
The legal basis of this processing is the consent you have given us in connection with the cookie banner (Article 6(1)(a) GDPR).
As part of this processing, we transfer your data to the following categories of recipients: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04E5W5, Ireland.
We transfer your personal data to processors in the USA for this purpose. You will find information on the transfer of personal data to third countries in Section C.
Please refer to Section D for information on the periods for which the various categories of personal data are stored.
- Contacting us
When you contact us, we process personal data in order to process to your request.
We provide you with more detailed information on this below:
If you contact us, in particular to obtain more information about our range of products and services or to ask questions about existing contractual relationships with us, we process your data in order to response to your request.
We process communication data for this purpose.
The legal basis of this processing is our legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest is processing to your request. If your request relates to a specific contractual relationship or initiating such a contractual relationship, the legal basis is the performance of a contract (Article 6(1)(b) GDPR).
As part of this processing, you transfer your data to the following categories of recipients: e-mail service providers.
Please refer to Section D for information on the periods for which the various categories of personal data are stored.
- Transfer of data to third countries
We will only transfer personal data to recipients who process personal data outside the European Union (referred to as third countries) without your consent in accordance with Article 49(1)(a) GDPR if the recipient has an adequacy decision from the European Commission or appropriate safeguards for this third country. If you consent to the transfer of your personal data to third countries, we will transfer your data to the relevant third country without appropriate data protection safeguards. The transfer of personal data to third countries that do not offer an adequate level of data protection (in particular the USA) involves the risk that the data may be processed for the purposes of third parties without your knowledge and that the data may not be protected against access by third parties. In particular, there may be government access in the USA, for example within the framework of intelligence gathering powers under Section 702 FISA and Executive Order 12333.
- Periods for which your personal data are stored
We store your personal data for different periods of time for various reasons (e.g. technical or legal). In general, we only store your data for as long as the relevant purpose requires.
We store HTTP data and server log files for a maximum period of 3 months, unless there is any security-related event (e.g. a DDoS attack). If there is any security-related event, server log files are stored until the security-related event has been eliminated and clarified in full.
- Use of cookies and similar technologies
You can change your settings regarding the use of cookies and similar technologies on our website via our cookie dashboard [Insert link to the cookie dashboard].
- No obligation to provide personal data
You are not obliged to provide your data. Providing data is required neither by law or contract. However, if you do not provide the data, you may not be able to use all of our services.
- Information on the rights of data subjects
As a data subject, you have the following rights with regard to the processing of your personal data:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right to withdraw consent (Article 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
You can contact us for the purpose of exercising your rights using the contact details in Section A.
Information about special modalities and mechanisms that facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, can be found, if applicable, in the information on the processing of personal data in Section B of this Privacy Policy.
You will find more detailed information below on your rights with regard to the processing of your personal data:
- Right to access
As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 GDPR.
This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15(1) GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15(1)(a), (b) and (c) GDPR).
You can find the full extent of your right to access and information in Article 15 GDPR, which can be accessed using the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
- Right to rectification
As a data subject, you have the right to rectification under the conditions provided in Article 16 GDPR.
This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.
You can find the full extent of your right to rectification in Article 16 GDPR, which can be accessed using the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
- Right to erasure (“right to be forgotten”)
As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 GDPR).
This means that you generally have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17(1) GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17(1)(a) GDPR).
If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17(2) GDPR) .
Where we have made the personal data public and are obliged to erase the personal data, we, taking account of available technology and the cost of implementation, are also obliged to take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data (Article 17(2) GDPR).
The right to erasure (“right to be forgotten”) does not by exception apply if the processing is necessary for one of the reasons listed in Article 17(3) GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17(3)(a) and (e) GDPR).
You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 GDPR, which can be accessed using the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
- Right to restriction of processing
As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 GDPR.
This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18(1) GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18(1)(a) GDPR).
Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4(3) GDPR).
You can find the full extent of your right to restriction of processing in Article 18 GDPR, which can be accessed using the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
- Right to data portability
As a data subject, you have a right to data portability under the conditions provided in Article 20 GDPR.
This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means (Article 20(1) GDPR).
You can find information as to whether an instance of processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR in the information regarding the legal basis of processing in Section B of this Privacy Policy.
In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20(2) GDPR).
You can find the full extent of your right to data portability in Article 20 GDPR, which can be accessed using the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
- Right to object
As a data subject, you have a right to object under the conditions provided in Article 21 GDPR.
At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.
More detailed information on this is given below:
- Right to object on grounds relating to the particular situation of the data subject
As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
You can find information as to whether an instance of processing is based on Article 6(1)(e) or (f) GDPR in the information regarding the legal basis of processing in Section B of this Privacy Policy.
In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You can find the full extent of your right to objection in Article 21 GDPR, which can be accessed using the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
- Right to object to direct marketing
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B of this Privacy Policy.
If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.
You can find the full extent of your right to objection in Article 21 GDPR, which can be accessed using the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
- Right to withdraw consent
Where an instance of processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, as a data subject, you have the right, pursuant to Article 7(3) GDPR, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.
You can find information as to whether an instance of processing is based on Article 6(1)(a) or f Article 9(2)(a) GDPR in the information regarding the legal basis of processing in Section B of this Privacy Policy.
- Right to lodge a complaint with a supervisory authority
As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 GDPR.
- Information about the terminology used in this Privacy Policy
The terms used in this Privacy Policy generally have the meaning given to them in the General Data Protection Regulation. In addition, we use other terms which are explained below together with the most important terms of the General Data Protection Regulation:
- “Communication data” means data that we process in connection with your customer service request, in particular your contact details and the messages we exchange.
- “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- “Data subject” means the identified or identifiable natural person, to whom the personal data relate.
- “HTTP data” means protocol data generated for technical reasons via the Hypertext Transfer Protocol (Secure) (HTTP(S)) when the website is visited. These include your IP address, type and version of your Internet browser, the operating system used by you, the page accessed by you, the page previously visited by you (referrer URL) and the date and time of your visit.
- “Opt-in data” means data that you provide to manage cookie consents for this website and data that is assigned to your terminal device when using the cookie consent management function. This includes your consent and, where applicable, your individual selection for the use of cookies on your terminal device.
- “Personal data” or “data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- “Profile data” means data generated by the web analytics tool and stored in pseudonymised usage profiles. These include information in the use of the website, in particular page impressions, visit frequency and the amount of time spent on the pages accessed with assignment of individual visitor’s unique visitor ID contained in the terminal device data.
- “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- “Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
- “Terminal device data” means data that are assigned to your terminal device by the web analytics tool. This includes a unique ID for the recognition of returning visitors.
- “Third country” means a country which is not a Member State of the European Union (“EU”) or member country of the European Economic Area (“EEA”).
- “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- “Web analytics HTTP data” means data generated for technical reasons via the Hypertext Transfer Protocol (Secure) (HTTP(S)) when the web analytics tool is used. These in particular include your IP address, type and version of your Internet browser, the operating system used by you, the page accessed by you, the page previously visited by you (referrer URL) and the date and time of your visit.
- Status of and changes to this Privacy Policy
This Privacy Policy was last modified on [26.10.2022].
We regularly adjust this Privacy Policy due to technical developments and/or changes in statutory or regulatory requirements.