Privacy Policy
Data Protection Information
for the AURELIUS website
We, Aurelius Advisory ltd, provide the AURELIUS website under the web address [www.aurelius-group.com]. In context with our website and the services provided on our website, we process personal data.
The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR).
In Section A of this Data Protection Information we provide you with information about the controller responsible for the processing of your personal data.
In Section B you find information about the processing of your personal data.
In Section C you find more detailed information on the use of cookies or similar technologies.
In Section D you further find information on your rights regarding the processing of your personal data.
The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation. You will find more detailed information about this in Section E.
TABLE OF CONTENTS
A. Information on the controller
B. Information on the processing of personal data
I. Informational use of our website
II. Use of web analysis technologies (Matomo)
C. Information on the use of cookies or similar technologies
I. General information on cookies
II. Management of the cookies used on our website
III. Cookies used on our website
D. Information on the rights of data subjects
III. Right to erasure (”right to be forgotten”
IV. Right to restriction of processing
VII. Right to withdraw consent
VIII. Right to lodge a complaint with a supervisory authority
F. Effective date of and changes to this Data Protection Information
A. Information on the controller
6th Floor 33 Glasshouse Street, London W1B 5DG, England, UK
info@aurelius-group.com
+44 20 74400480
B. Information on the processing of personal data
I. Informational use of our website
When the use of our website is purely informational, certain information is sent to the web server of our website from your device for technical reasons, for example your IP address. We process this information in order to provide our website content requested by you and to ensure the security of the IT infrastructure used to provide our website. Information necessary for the correct provision of the requested website content and to ensure the security of the IT infrastructure used to provide our website is stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to ensure correct display of the website content you accessed and in order to identify and mitigate automated traffic to protect our website from bad bots.
In order to provide the search functions of our website, we process data that you enter into search forms on our website in order to provide you with search results for the search terms that you have entered.
In order to provide the data protection setting functions for our website (e.g. for granting or withdrawing consent for the use of certain cookie-based technologies), information about your data protection settings is stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to take account of your data protection settings when using our website.
You receive more detailed information on this below:
1. Details on the personal data which are processed
| Categories of personal data processed | Personal data included in the categories | Sources of the data | Obligation of the data subject to provide the data | Storage duration |
| HTTP Data | Protocol data which accrue when visiting our website via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: These include IP address, type and version of your internet browser, operating system used, site accessed, last site accessed before visiting the site (referrer URL), date and time of visit. | User of our website | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the content of our website requested by you. | The data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved. |
| Content Provision Data | Data used to correctly display the website content accessed by the user: This includes information on which contents have already been displayed and do no longer need to be displayed upon the access of further pages on our website. This data is stored in cookies on your device (Section C) and can be read during your visit to our website. | User of our website | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, certain content will be displayed too often and may interrupt your browsing experience. | We process the data only temporarily for the period of the visit of our website. (You can find information on the validity period of the cookies stored on your device in Section C.III.) |
| Security Data | Data used to identify and mitigate automated traffic to protect our website from bad bots: This includes information related to the calculation of our service provider Cloudflare’s proprietary bot score and a session identifier. This data is stored in cookies on your device (Section C) and can be read during your visit to our website. | User of our website | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, the protection of our website against bad bots does not work properly. | We process the data only temporarily for the period of the visit of our website. (You can find information on the validity period of the cookies stored on your device in Section C.III.) |
| Search Function Data | Data that accrue by using the search functions of our website: These include all information that you enter as search terms in the respective search form on our website. | User of our website | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, you cannot use the search functions of our website. | The data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved. |
| Data Protection Setting Data | Data on data protection settings you have made for our website: This includes information on whether you have given your consent and, if so, what consent you have given at what time. This data is stored in cookies on your device (Section C) and can be read during your visit to our website. | User of our website | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot take your consents for our website into account. This means that we may not be able to provide you with certain functions of our website that require consent. | We process the data only temporarily for the period of the visit of our website. (You can find more information on the validity period of the cookies stored on your device in Section C.III.) |
2. Details on the processing of the personal data
| Purpose of processing the personal data | Categories of personal data processed | Automated decision-making | Legal basis and, where applicable, legitimate interests | Recipient |
| Provision of content of our website requested by the user: For this purpose, data are temporarily processed on our web server. For this purpose, information necessary to ensure the correct display of the website content is also stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to ensure correct display of the website content you accessed. | HTTP Data Content Provision Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the content of our website requested by the user. | Hosting Provider |
| Ensuring the security of the IT infrastructure used for the provision of our website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks): For this purpose, data are temporarily stored in log files on our web server and automatically evaluated. For this purpose, information about your consent is also stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to identify and mitigate automated traffic to protect our website from bad bots. | HTTP Data Security Data Search Function Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is ensuring the security of the IT infrastructure used for the provision of our website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks). | Hosting Provider |
| Providing the search functions of our website: For this purpose, data are temporarily processed on our web server. | HTTP Data Search Function Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the search functions of our website requested by the user. | Hosting Provider |
| Provision of data protection setting functions for our website: Certain features of our website (e.g. the use of certain cookie-based technologies) require your consent. We provide data protection setting functions for our website to enable you to give and, if necessary, withdraw your consent. For this purpose, information about your consent is stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to determine whether you have given your consent and, if so, what consents you have given. | HTTP Data Data Protection Setting Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of data protection setting functions for our website. | Hosting Provider Data Protection Setting Function Provider |
3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations
| Recipient | Recipient’s role | Transfers to third countries and/or international organisations | Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations |
| Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USA | Processor | USA | There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list |
| Hosting Provider: Cloudflare, Inc. 101 Townsend St., San Francisco, CA 94107, USA | Processor | USA | There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As Cloudflare, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list |
| Data Protection Setting Function Provider: CookieYes Limited 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom | Processor | United Kingdom | There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the United Kingdom. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2021/1772/oj |
II. Use of web analysis technologies (Matomo)
Upon your consent, we use so-called ”web analysis technologies“ on our website.
Web analysis enables the collection and evaluation of information about the activities of users of our website. The information obtained serves us to improve our website and to better achieve the goals of our website (e.g. increase in page views).
When you visit our website, the web analysis tool used (Matomo) collects information about your use of our website and stores it in a device-related profile. In order to be able to assign this information to your device, your device is assigned a unique ID which is linked to the device-related profile. This ID is stored in cookies (Section C ) on your device. During your visit to our website, your device can be recognised there on the basis of the ID assigned to it.
You will find more detailed information on this in the following:
1. Details on personal information which are processed
| Categories of personal data processed | Personal data included in the categories | Sources of data | Obligation of the data subject to provide the data | Storage duration |
| Web Analysis HTTP Data | Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when using the web analysis tool used on our website: These include IP address, type and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), date and time of the visit. | User of our website | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot carry out a web analysis. | IP anonymisation is activated on our website for the use of the web analysis tool. This means that the IP address transmitted via the browser for technical reasons is anonymised before being stored by shortening the IP address (by deleting the last octet of the IP address). Moreover we only process the protocol data temporarily for the duration of the visit to our website. |
| Web Analysis Device Data | Data that is assigned to your device by the web analysis tool used on our website: This includes a unique ID to (re)identify your device. It also includes certain parameters relevant for web analysis. This data is stored in cookies on your device (Section C) and can be read when visiting our website. | User of our website | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot carry out a web analysis. | We store the unique ID for the duration of your consent. We only process parameters relevant for web analysis temporarily for the period of your visit to our website. We delete this data when you withdraw your consent. (For information on the period of validity of the cookies stored on your device, please refer to Section C.III.) |
| Web Analysis Profile Data | Data generated by the web analysis tool used on our website and stored in a device-related profile: This includes data about the use of our website, in particular page visits, frequency of visits and time spent on the pages visited. This is also included the unique ID assigned to your device. | Generated by us | - | We store the unique ID for the duration of your consent. We store information about the use of our website for a period of 24 months from collection. We delete this data when you withdraw your consent. |
2. Details on the processing of personal data
| Purpose of the processing of personal data | Categories of personal data processed | Automated decision-making | Legal basis and, where applicable, legitimate interests | Recipient |
| Web Analysis: Web analysis enables the collection and evaluation of information about the activities of users of our website. When you visit our website, the web analysis tool used by us collects information about your use of our website and stores it in a device-related profile. In order to be able to assign this information to your device, a unique ID is assigned to your device, which is linked to the device-related profile. This ID is stored in cookies (Section C) on your device. During your visit of our website, your device can be recognised there on the basis of the ID assigned to it. The aim of the analysis is to examine where the users of our website come from, which areas of our website are visited and how often and for how long which page and categories are viewed. The information obtained is used to improve our website and to better achieve the goals of our website (e.g. increase in page views). | Web Analysis HTTP Data Web Analysis Device Data Web Analysis Profile Data | No automated decision-making takes place. | Art. 6 (1) (a) GDPR (consent) | Hosting Provider |
3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations
| Recipient | Recipient’s role | Transfers to third countries and/or international organisations | Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations |
| Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USA | Processor | USA | There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list |
III. Our email newsletter
On our website we offer you the possibility to register for our personalised email newsletter. When you subscribe to the email newsletter, certain information is collected, such as your email address. We process this information to confirm your subscription and to provide the personalised email newsletter. We also store and use this information for evidence purposes for the possible assertion, exercise or defence of legal claims.
When using the newsletter subscription and unsubscription form from our newsletter on our website, certain information is sent from your device to the web server of our website for technical reasons, for example your IP address. We process this information to provide the newsletter subscription and unsubscription form on our website and to ensure the security of the IT infrastructure used to provide the newsletter subscription and unsubscription form.
You will find more detailed information on this below:
1. Details on personal data which are processed
| Categories of personal data processed | Personal data included in the categories | Sources of the data | Obligation of the data subject to provide the data | Storage duration |
| Newsletter Form HTTP Data | Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the subscription and unsubscription form for our newsletter on our website is accessed: These include IP address, type and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), date and time of the visit. | User of our website | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the newsletter subscription and unsubscription form . | The Data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved. |
| Newsletter Subscription Data | Data we collect during the subscription for the newsletter: These include the following mandatory information: Email address These include the following optional information: First name, last name, company name, newsletter topics | Newsletter subscribers | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the mandatory information is not provided, we cannot provide you with a newsletter. | We store these data as long as you are registered for our newsletter. In addition, we store these data for evidence purposes for the assertion, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribed and in the event of any legal disputes until such have been concluded. |
| Newsletter Opt-In Data | Protocol data which accrue during subscription and unsubscription of the newsletter: These include date and time of subscription to the newsletter, date and time when registration notification is sent in the double opt-in procedure, date and time of the confirmation of the registration in the double opt-in procedure as well as the IP address of the device used for the confirmation, date and time of any possible unsubscription from newsletter. | Newsletter subscribers | The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide you with a newsletter. | We store these data as long as you are registered for our newsletter. In addition, we store these data for evidence purposes for the assertion, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribed and in the event of any legal disputes until such have been concluded. |
2. Details on the processing of personal data
| Purpose of the processing of personal data | Categories of personal data processed | Automated decision-making | Legal basis and, where applicable, legitimate interests | Recipient |
| Provision of the newsletter subscription and unsubscription form on our website: For this purpose, HTTP Data are processed temporarily on our web server. For this purpose, HTTP data is temporarily processed on our web server. | Newsletter Form HTTP Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the newsletter subscription and unsubscription form on our website requested by the user. | Hosting Provider Email Newsletter Provider |
| Ensuring the security of the IT infrastructure used for the provision of the form, in particular for the detection, elimination and conclusive documentation of disruptions (e.g. DDoS attacks): For this purpose, Data are temporarily stored and evaluated in log files on our web server. | Newsletter Form HTTP Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is ensuring the security of the IT infrastructure used to provide the form, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks). | Hosting Provider Email Newsletter Provider |
| ”Double opt-in” procedure to confirm the subscription: For this we send an email message requesting confirmation to the email address provided when registering for the newsletter. Any subscription only becomes effective when the subscriber has confirmed the email address by accessing the confirmation link in the email. | Newsletter Subscription Data Newsletter Opt-In Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the legally secure documentation of your consent to the newsletter. | Email Newsletter Provider |
| Sending of the newsletter to the newsletter subscriber. We use the optional information provided during subscription to address our newsletter recipients by name and company and to tailor the newsletter contents to the areas of interests which our newsletter recipients chose. | Newsletter Subscription Data Newsletter Opt-In Data | No automated decision-making takes place. | Art. 6 (1) (a) GDPR (consent) | Email Newsletter Provider |
| Storage and processing for evidence purposes for any assertion, exercise or defence of legal claims | Newsletter Subscription Data Newsletter Opt-In Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the assertion, exercise or defence of legal claims. | Email Newsletter Provider |
| Assertion, exercise or defence of legal claims, including cooperation with external lawyers | Newsletter Subscription Data Newsletter Opt-In Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the assertion, exercise or defence of legal claims. | Courts Lawyers |
3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations
| Recipient | Recipient’s role | Transfers to third countries and/or international organisations | Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations |
| Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USA | Processor | USA | There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list |
| Email Newsletter Provider: The Rocket Science Group LLC d/b/a Mailchimp 675 Ponce De Leon Avenue, Northeast Suite 5000 Atlanta, GA 30308, USA | Processor | USA | There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As The Rocket Science Group LLC d/b/a Mailchimp is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list |
| Lawyers | Controller | There is no transfer to third countries and/or international organisations | - |
| Courts | Controller | There is no transfer to third countries and/or international organisations | - |
C. Information on the use of cookies or similar technologies
We use cookies in connection on our website. In doing so, we use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser.
You will find more detailed information on this in the following.
I. General information on cookies
Cookies are small text files with information that can be placed on a user’s device through its browser when a website is visited. When the relevant website is visited again with the same device, the cookie and the information it contains can be retrieved.
1. First-party and third-party cookies
Depending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:
| First-party cookies | Cookies that are placed and accessed by the operator of the website as the controller or by a processor engaged by the controller |
| Third-party cookies | Cookies that are placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website |
2. Transient and persistent cookies
A distinction can be made between transient and persistent cookies depending on how long they remain active:
| Transient cookies (Session cookies) | Cookies that are automatically deleted when you close your browser |
| Persistent cookies | Cookies that remain stored on your device for a certain period of time after the browser is closed |
3. Consent-free cookies and cookies requiring consent
Users’ consent is required for some cookies depending on their function and purpose of use. Thus, a distinction can be made between cookies that require users’ consent and those that do not:
| Consent-free cookies | Cookies that have as their sole purpose to transmit a message using an electronic communication network |
| Cookies that are necessary so that the party offering a service that has been expressly requested by a participant or user can provide this service (”strictly necessary cookies”) | |
| Cookies requiring consent | Cookies for all purposes of use other than the aforementioned |
II. Management of the cookies used on our website
1. Granting and withdrawing consents to the use of cookies in the data protection settings of our website
If consent is necessary for the use of certain cookies, we only use these cookies if you have previously granted your consent to this. You can find information as to whether the use of a particular cookie requires consent in the information on the cookies used on our website in Section C.III. of this Data Protection Information.
When you first visit our website, we display a pop-up for data protection settings. In the data protection settings, you can give consent for the use of cookies that require consent and the processing of your personal data enabled thereby. However, you can also continue to use our website without consent. In this case, we will only use cookies for which consent is not required.
You can access the data protection settings of our website at any time via the link contained in this Data Protection Information and in the footer of our website. In the data protection settings, you can withdraw or re-grant the consents you have given at any time.
We store whether and, if applicable, which consents you have given in the form of a (strictly necessary) cookie (so-called ”data protection settings cookie“) on your device. The data protection setting cookie has a limited validity period of 12 months. After the expiration of the validity period, or if you delete the data protection settings cookie manually beforehand, we will display the banner for data protection settings for our website again the next time you visit our website.
You cannot deactivate cookies that are strictly necessary in the data protection settings of our website. However, you can generally deactivate these cookies in your browser at any time.
2. Managing cookies using browser settings
You can also manage the use of cookies in your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this, for example at http://www.allaboutcookies.org/manage-cookies/.
However, we would like to point out that some functions of our website may not work properly or at all if you deactivate cookies in general in your browser.
III. Cookies used on our website
The following cookies may be used on our website:
| Name | First-party / third-party | Purpose of use and content | Effective term | Consent necessary? |
| Data Protection Settings Cookies | ||||
| cookieyes-consent | First-party | This cookie is strictly necessary to provide the data protection settings function for our website (Section B.I). This cookie stores information about whether and, if so, which consents you have given and when, in order to possibly activate the respective processing activities and cookies requiring consent in accordance with your consent and in order to be able to determine whether we require renewed consent from you in the event of changes to processing activities and cookies requiring consent. | Persistent: 12 months | No |
| Content Provision Cookies | ||||
| preLoaderShown | First party | This cookie is strictly necessary to ensure the correct display of the website content accessed by the user (Section B.I). The cookie is set and contains the value “true” once the so called “pre loader” of the website has been displayed to the user (i.e. a loading screen that is displayed upon the first visit while the website content is downloaded). This cookie is used to ensure that the pre loader is only displayed once and does not interrupt the user’s use of our website. | Persistent: 1 Month | No |
| Security Cookies | ||||
| __cf_bm | First party | This cookie is strictly necessary to ensure the security of the IT infrastructure used to provide our website (Section B.I). The cookie contains information related to the calculation of our service provider Cloudflare’s proprietary bot score and a session identifier in order to identify and mitigate automated traffic to protect our website from bad bots. The information in the cookie (other than time-related information) is encrypted and can only be decrypted by Cloudflare. A separate __cf_bm cookie is generated for each website that an end user visits, as Cloudflare does not track users from site to site or from session to session. The __cf_bm cookie is generated independently by Cloudflare, and does not correspond to any user ID or other identifiers that may be used by us on our website. | Persistent: 30 Minutes | No |
| Web Analysis cookies (for the web analysis tool Matomo) These cookies are used by the web analysis tool Matomo to record and analyse the usage behaviour on our website, in order to improve our website (Section B.III). | ||||
| MATOMO_SESSID | First party | This cookie contains a unique visitor ID and is used to recognise visitors within their relevant browser session. | Transient | Yes |
D. Information on the rights of data subjects
As a data subject, you have the following rights with regard to the processing of your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (”right to be forgotten”) (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7 (3) GDPR)
You may contact us for the purpose of exercising these rights using the contact information in Section A.
Where applicable, you find information on any specific modalities and mechanisms which facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, in the information on the processing of personal data in Section B of this Data Protection Information.
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
Below you find more detailed information on your rights with regard to the processing of your personal data:
I. Right of access
As a data subject, you have a right to obtain access and information under the conditions provided in Art. 15 GDPR.
This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Art. 15 (1) GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Art. 15 (1) (a), (b) and (c) GDPR).
You can find the full extent of your right to access and information in Art. 15 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
II. Right to rectification
As a data subject, you have the right to rectification under the conditions provided in Art. 16 GDPR.
This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.
You can find the full extent of your right to rectification in Art. 16 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
III. Right to erasure (”right to be forgotten”)
As a data subject, you have a right to erasure (”right to be forgotten”) under the conditions provided in Art. 17 GDPR.
This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Art. 17 (1) GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 (1) (a) GDPR).
If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Art. 17 (2) GDPR).
The right to erasure (”right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Art. 17 (3) GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Art. 17 (3) (b) and (e) GDPR).
You can find the full extent of your right to erasure (”right to be forgotten”) in Art. 17 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
IV. Right to restriction of processing
As a data subject, you have a right to restriction of processing under the conditions provided in Art. 18 GDPR.
This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Art. 18 (1) GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Art. 18 (1) (a) GDPR).
Restriction means that stored personal data are marked with the goal of restricting their future processing (Art. 4 (3) GDPR).
You can find the full extent of your right to restriction of processing in Art. 18 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
V. Right to data portability
As a data subject, you have a right to data portability under the conditions provided in Art. 20 GDPR.
This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means (Art. 20 (1) GDPR).
You can find information as to whether an instance of processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.
In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Art. 20 (2) GDPR).
You can find the full extent of your right to data portability in Art. 20 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
VI. Right to object
As a data subject, you have a right to object under the conditions provided in Art. 21 GDPR.
At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.
More detailed information on this is given below:
1. Right to object on grounds relating to the particular situation of the data subject
As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f), including profiling based on those provisions.
You can find information as to whether an instance of processing is based on Art. 6 (1) (e) or (f) GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.
In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You can find the full extent of your right to objection in Art. 21 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
2. Right to object to direct marketing
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B of this Data Protection Information.
If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.
You can find the full extent of your right to objection in Art. 21 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
VII. Right to withdraw consent
Where an instance of processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, as a data subject you have the right to withdraw your consent at any time pursuant to Art. 7 (3) GDPR,. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.
You can find information as to whether an instance of processing is based on Art. 6 (1) (a) or Art. 9 (2) (a) GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.
VIII. Right to lodge a complaint with a supervisory authority
As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Art. 77 GDPR.
The contact details of the supervisory authorities in the EU/EEA are available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
E. Information about the technical terms of the General Data Protection Regulation used in this Data Protection Information
The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation.
The full scope of the definitions of the General Data Protection Regulation can be found in Art. 4 GDPR, which can be downloaded from the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
You will find more detailed information on the most important technical terms of the General Data Protection Regulation used in this Data Protection Information below:
”Personal data” means any information relating to an identified or identifiable natural person (”data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
”Data Subject” means the respective identified or identifiable natural person, to which the personal Data refers to;
”Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
”Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
”Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
”Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
”Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
”Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
”International organisation” means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
”Third country” means a country which is not a member state of the European Union (”EU”) or the European Economic Area (”EEA”);
”Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
F. Effective date of and changes to this Data Protection Information
The effective date of this Data Protection Information is February 13, 2024.
It may be necessary to modify this Data Protection Information due to technical developments and/or amendment of statutory or official requirements.
An up-to-date version of this Data Protection Information can be retrieved at any time at [www.aurelius-group/privacy-policy].