This privacy statement describes how E3 Holding AG, Zeppelinring 36, 88400 Biberach, Germany, (“E3”, “we” or “us”), in its capacity as controller within the meaning of the EU General Data Protection Regulation (“GDPR”), the German Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) and other data protection laws (collectively referred to as “applicable data protection laws”), processes personal data and other information collected from you (the “user”, or “you”).
1. Overview of E3’s processing activities and definitions
“Personal data” within the meaning of this privacy statement refers to information defined as such in the GDPR, and to any information relating to a directly or indirectly identified or identifiable natural person. This includes your name, your IP address, your e-mail address or your telephone number.
“Processing” within the meaning of the GDPR means any operation performed on your personal data, including the first-time collection, storage, adaptation or alteration, or any other use of your personal data.
We process your personal data depending on how we have got in touch with you and the nature of our business relationship. On the one hand, using our website www.[●] (“website”) and its functions regularly requires the processing of certain personal data. On the other hand, we process information that we receive from you or from third parties when providing information, products or services.
2.1 Categories, purposes and legal bases of personal data processing
The data collected in log files and cookies is device and usage information that may include specific information about your website visit (date and time of the visit, device, browser, operating system, truncated IP address, language and similar information) as well as information about the use of features, functions or notifications stored on the device.
Log files are collected to record averted attacks or malicious website visits and gather forensic information, enhancing the security and stability of our website. They help us to improve and maintain our website, fix technical errors and detect, prevent and mitigate malicious or fraudulent activities on our website.
2.2 Legal basis for data processing
The legal basis for the processing of data collected by means of log files or technical or functional cookies is our legitimate interest (Art. 6 (1) (f) of the GDPR) in ensuring that the website is secure, or in monitoring and maintaining its performance. The legal basis for the processing of data collected by means of other cookies, in particular those for analysis and marketing purposes, is your consent (Art. 6 (1) (a) of the GDPR), solicited from you through the cookie banner, which you can revoke any time.
3. Processing of personal data when contacting us or using our website’s contact form
3.1 Categories and purpose of personal data processing
If you use the contact form on our website or contact us by e-mail or in any other way, e.g. to obtain information about any investment opportunities, we will process the mandatory data requested in the contact form (name, company, e-mail address, postcode) as well as the personal data provided by you in free-format text or associated with the chosen communication method.
This data is processed for the purpose of processing and answering your query and any follow-up questions, to prevent misuse of the contact form and to ensure the security of our information technology systems.
3.2 Legal basis for data processing
If your query is related to the performance of a contract with us (or the initiation of such a contract), processing is based on Art. 6 (1) (b) of the GDPR. In other cases, especially in the case of general queries and other communication with you, data processing is based on our legitimate interests (Art. 6 (1) (f) of the GDPR), which are to process your query and to protect our information technology systems.
4. Processing of personal data in the context of business relationships
4.1 Categories and purpose of personal data processing
As part of our business activities, we process personal data that we collect directly from you. This especially refers to data relating to our business partners, investors, investments, service providers or their representatives, and includes, above all, the following data categories:
- personal and contact details, including name, address, telephone number, e-mail address, and identification documents;
- data related to the function you perform, including job title, tasks or department;
- financial data, including bank details and account information;
- information in connection with registrations or newsletter subscriptions on our website;
- information about visits on our website and the use of our products and services.
- As part of our business activities, e.g. within due diligence reviews, we may receive personal data about you from our business partners which falls into the following categories:
- personal and contact data, including name, work telephone number, and work e-mail address;
- data related to the function you perform, including job titles, tasks, and length of service;
- financial data, including salary details.
In the context of our cooperation with service providers, we may also receive personal data about you from such service providers (e.g. credit reference agencies or other service providers), including information about your creditworthiness.
We use your personal data for various purposes. This includes, in particular,
- responding to your queries;
- entering into and performing contracts with you;
- proposing and presenting investments to you;
- carrying out due diligence reviews in accordance with applicable law, e.g. for obligatory anti-money laundering audits;
- enforcing or defending legal claims;
- if you have given us your consent to do so (e.g. by subscribing to our newsletter), sending you an e-mail with information about our company or with offers that may be of interest to you;
- meeting legal or regulatory requirements.
4.2 Legal basis for data processing
If you have consented to the processing of your personal data, we base the data processing on your consent in accordance with Art. 6 (1) (a) of the GDPR.
However, we may also have to process your personal data (i) to perform a contract with you or to perform pre-contractual measures (Art. 6 (1) (b) of the GDPR), (ii) to comply with our legal obligations (Art. 6 (1) (c) of the GDPR), or (iii) to protect our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (Art. 6 (1) (f) of the GDPR).
5. Disclosure of your data to third parties
5.1 Categories of recipients and legal basis
We may disclose your personal data to affiliated companies within the meaning of section 15 of the German Stock Corporation Act (Aktiengesetz – “AktG”) for the purposes explained above. This only happens if it is necessary either for the performance of a contract with you (Art. 6 (1) (b) of the GDPR) or within our legitimate interests in using the data for E3 Group’s internal administrative purposes (Art. 6 (1) (f) of the GDPR).
We may also disclose your personal data to law enforcement and government agencies, legal and other external advisors in accordance with applicable data protection legislation. The legal bases for such processing are compliance with E3’s legal obligations (Art. 6 (1) (c) of the GDPR), or our legitimate interests (Art. 6 (1) (f) of the GDPR) such as exercising or defending legal claims.
We may also share your personal data if our company is sold, in whole or in part, in which case potential acquirers may have access to your data as part of a due diligence process. The legal basis for this is our legitimate interest (Art. 6 (1) (f) of the GDPR) in selling our company, or parts of it.
5.2 Data transfer to third countries
When data is transferred to companies or bodies in countries outside the European Economic Area (“EEA”) (“third countries”), we ensure that your rights and freedoms are adequately protected and safeguarded by means of appropriate contracts (Art. 46 (2) (c) of the GDPR) or binding corporate rules (Art. 46 (2) (b) of the GDPR), unless the EU Commission has decided that the third country in question ensures an adequate level of data protection (Art. 45 (1) of the GDPR). In individual cases, data may be transferred based on your consent (Art. 49 (1) (a) of the GDPR) or if the transfer is necessary to perform a contract with you (Art. 49 (1) (b) of the GDPR) or a contract with a third party that is in your interest (Art. 49 (1) (c) of the GDPR), or for the establishment, exercise or defence of legal claims (Art. 49 (1) (e) of the GDPR), or if it is otherwise necessary for important reasons of public interest (Art. 49 (1) (d) of the GDPR). Data may be transferred, in particular, in case of commissioned data processing by third-party service providers. Detailed information on the transfer of data to third countries is available upon request.
6. Storage of your data
We process and store your data for the duration of the business relationship (including initiation and performance of a contract) and/or as long as this is necessary to fulfil the processing purposes described above. Your personal data will be deleted or completely anonymised as soon as the purpose of the data processing and, if applicable, the storage of the data ceases to apply.
We will not delete or completely anonymise your data if (and for as long as) we are bound to retain your data to fulfil legal or official obligations, e.g. statutory retention obligations, including obligations as set out in the German Commercial Code (Handelsgesetzbuch – “HGB”) or the German Fiscal Code (Abgabenordnung – “AO”), which stipulate retention periods of between six and ten years. Nor will we delete or completely anonymise your data if (and as long as) we retain your data to document claims within the applicable limitation period (usually three years, in individual cases up to 30 years).
7. Your rights
In accordance with the applicable data protection laws and subject to compliance with the conditions set out therein you have the following rights:
- You have the right to access your personal data we have processed.
- You can request that we correct the data concerning you if it is inaccurate or incorrect.
- You can also request the deletion of your personal data and the transfer to yourself or a third party.
- In certain cases, you can also object to the processing of your data and request that we restrict the processing of your data.
- If you have consented to the processing of your personal data, you can revoke your consent at any time with future effect.
- You also have the right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR).
If you have any questions, comments or requests regarding this privacy statement or the processing of your personal data, please contact us at email@example.com.
9. Links to websites of other providers
Our website may contain links to websites of other providers not covered by this privacy statement. If visits of such websites require the collection, processing or use of personal data, please read the privacy information of the respective providers.
10. Amendments to the privacy statement
We reserve the right to amend this privacy statement at any time in compliance with the applicable data protection regulations. Last amended: December 2022.