In order to be able to make our website and the services rendered via the website available to you, we collect and process the following data relating to you automatically when you visit our website:
- date and time of your access
- your IP address
- the address of the website via which you accessed our website
- the websites that you switch to while you are on our website
- information about your internet browser (browser type and version)
- the operating system of the device by way of which you access our website and ser-vices
- your internet service provider
The legal basis for the processing of your data in order to make our website and services available to you is Article 6(1) sentence 1 (f) GDPR. We have a legitimate interest in processing your data so that we can offer our website and the services rendered via our website without technical problems, securely and tailored to your needs. The data of the server log files are stored separately from other data. We store this information, but without your IP address, in log files for security reasons and erase it after 15 days. The data in the log files are stored separately from other data about you. The data are stored for a longer period only if necessary in the individual case (e.g. in the event of a concrete suspicion of misuse or fraud). In such cases, the respective log files are stored until the matter has been investigated and any subsequent necessary measures have been completed. To be able to make our website and the services rendered via the website (including those specified below) available, we use service providers that process your data specified in this Privacy Policy only on our account and in accordance with our instructions (processors as defined in Article 28 GDPR) and which have implemented the appropriate technical and organisational measures to protect your rights.
This includes in particular the service provider Microsoft Deutschland GmbH Walter-Gropius-Straße 5, 80807 Munich, Germany, and arsmedium zwei GmbH Bucher Straße 103, 90419 Nuremberg, Germany, which are involved in hosting the website, including related services.
2. Use of cookies
When you visit our website, we also collect and use data from you so that you can use our website and services more conveniently. We also use a so-called session cookie. Cookies are small text files that are stored on your device via your internet browser. You can find out more about the term and function of cookies and other data protection and technical terms below under “Help with data protection terms”. The legal basis for the use of session cookies in the context of our website and services is Art. 6 para. 1 sentence 1 lit. f. GDPR. GDPR. We have a legitimate interest in using this so that we can offer our website and the services provided via it in a technically optimized manner. The session cookie is deleted after you leave our website. You can also generally deactivate the use of cookies in your browser settings. Without the use of cookies, however, some functions of this website may not work or may not work as conveniently for you as usual.
Consent manager
We have integrated the consent management tool “consentmanager” (www.consentmanager.net) from consentmanager AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website in order to request consent for data processing or the use of cookies or comparable functions. With the help of “consentmanager”, you have the option of giving or refusing your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content and statistical analysis. You can use “consentmanager” to give or refuse your consent for all functions or give your consent for individual purposes or individual functions. You can also change the settings you have made at a later date. The purpose of integrating “consentmanager” is to allow the users of our website to decide on the aforementioned matters and to offer the possibility of changing settings already made during the further use of our website. In the course of using “consentmanager”, personal data and information about the end devices used, such as the IP address, are processed. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. f) GDPR. Art. 6 para. 3 sentence 1 lit. a) in conjunction with. Art. 7 para. 1 GDPR and alternatively lit. f). By processing the data, we help our customers (the controller according to the GDPR) to fulfill their legal obligations (e.g. obligation to provide evidence). Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and other functionalities. “consentmanager” stores your data for as long as your user settings are active. One year after the user settings have been made, you will be asked for your consent again. The user settings made are then stored again for this period. You can object to the processing. You have the right to object on grounds relating to your particular situation. To object, please send an email to info@consentmanager.net. The consensu.org domain used by the “consentmanager” is managed by IAB Europe. The “consentmanager” uses the domain to offer Hamburg Commercial Bank support for the IAB TCF standard. However, IAB Europe does not read cookies.
Use of video portal
Vimeo
We use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011. Vimeo, Inc. (“Vimeo”) uses cookies and similar tracking technologies on the Vimeo Embeddable Video Player. By using the player, you consent to the placement and use of cookies and similar technologies on your device. This Cookie Policy is part of the Vimeo Privacy Policy. By selecting and agreeing to the cookies, you consent to the integration of Vimeo. We use plugins from the provider Vimeo on some of our websites. When you access the web pages of our website that have such a plugin, a connection to the Vimeo servers is established and the plugin is displayed. This tells the Vimeo server which of our web pages you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deactivating the use of Vimeo. As Vimeo is based in the USA, it is possible that your data will be transferred to the USA. Vimeo is certified in accordance with the EU-U.S. Data Privacy Framework. The EU Commission has adopted an adequacy decision on the EU-U.S. Data Privacy Framework. This means that the EU Commission recognizes that data transfers to the USA to companies that comply with the EU-U.S. Data Privacy Framework offer an adequate level of protection for personal data from the EU. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Further information on data processing and information on data protection by Vimeo can be found at https://vimeo.com/privacy
Use of web analysis
Matomo web analysis
Our website uses the open source web analysis service “Matomo” InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.). We use IP anonymization for the analysis with Matomo. This means that your IP address is shortened before the analysis so that it can no longer be clearly assigned to you. We have configured Matomo in such a way that Matomo does not store any cookies in your browser. The purpose of the Matomo component is to analyze the flow of visitors to our website. Among other things, Wire uses the data and information obtained to evaluate the use of this website in order to compile online reports that show the activities on our website. The legal basis for the use of this analysis tool is your consent in accordance with Art. 6 para. 1 lit. a.) GDPR. You can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on your information technology system. In addition, a cookie already set by Matomo can be deleted at any time via an Internet browser or other software programs. You also have the option of objecting to and preventing the collection of data generated by Matomo relating to your use of this website. To do this, you must set “Do Not Track” in your browser. However, if you set the opt-out cookie, you may no longer be able to use our website to its full extent.
Microsoft Clarity
Beim Besuch dieser Website werden personenbezogene Daten verarbeitet. Dabei verarbeitete Datenkategorien: Daten zur Erstellung von Nutzungsstatistiken. Zweck der Verarbeitung: Anonymisierung und Erstellung von Statistiken und Untersuchung des Nutzungsverhaltens. Die Rechtsgrundlage für die Verarbeitung: Ihre Einwilligung nach Art. 6 (1) a DSGVO. Eine Übermittlung von Daten erfolgt: an den selbständigen Verantwortlichen Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irland. Die Rechtsgrundlage für die Datenübermittlung an Microsoft Ireland Operations Ltd. ist Ihre Einwilligung nach Art. 6 (1) a DSGVO. Dies kann auch eine Übermittlung von personenbezogenen Daten in ein Land außerhalb der Europäischen Union bedeuten. Die Übermittlung der Daten in die USA erfolgt aufgrund Art. 45 DSGVO iVm der Angemessenheitsentscheidung C(2023) 4745 der Europäischen Kommission, da sich der Datenempfänger zur Einhaltung der Grundsätze der Datenverarbeitung des Data Pricacy Frameworks (DPF) verpflichtet hat. Der E-Mail Kontakt zum Datenschutzbeauftragten von Microsoft Ireland Operations Ltd ist unter dem folgenden Link zu finden: Microsoft Privacy. Die Datenschutzerklärung von Microsoft Ireland Operations Ltd.: Privacy Statement.
Search engine advertising
Google Ads
We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behaviour and recognize users. Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features. In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We process your data with the help of Google Ads for the purpose of optimizing our website and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR. As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information will be deleted.
This is the case after the end of the session (contact the controller).
3. contacting us (especially when using the form)
You have the option of contacting us in various ways. These include, in particular, contacting us using the forms on our website or by email. The data processing that takes place when you contact us may serve different purposes, depending on the content of your message. As a rule, we store and process the data provided in order to be able to process the matter for which you have contacted us. The legal basis for processing your data when you contact us is your consent (Art. 6 para. 1 sentence 1 lit. a. GDPR). Something else only applies if the content of your contact directly serves to implement an existing contractual relationship between us. In these cases, we base the processing of your data on Art. 6 para. 1 sentence 1 lit. b. GDPR. Your data stored in connection with the contact will be deleted as soon as it is no longer required and insofar as it is not subject to any statutory retention obligations. We check whether storage is necessary at least once a year. Notwithstanding this, content relating to contractual relationships is stored for at least 6 years or, if it is relevant for tax purposes, for at least 10 years.
4. use of our newsletter
You can subscribe to a free newsletter with advertising information on our website if you have expressly consented to receiving it. To prevent misuse, you will first receive an email with a confirmation link, which you must activate in order to receive the actual newsletter (so-called double opt-in procedure). When you register for the newsletter, your e-mail address, your IP address and the date and time of your registration are transmitted to us and stored and processed by us. Your data will only be used to verify your consent to receive and send the newsletter. Data will not be passed on to third parties. The legal basis for the processing of your data in the context of sending our newsletter is your consent (Art. 6 para. 1 sentence 1 lit. a. GDPR). Your data will be stored for as long as we send you the newsletter. In the event that we no longer send you a newsletter (in particular if you withdraw your consent), we will delete your data no later than 12 months after the last newsletter was sent to you. Please note that you can withdraw your consent at any time and unsubscribe from the newsletter by sending us an email to investor-relations@hcob-bank.com or by clicking on the unsubscribe link included in every newsletter. To send our newsletter, we use the services of mailing service providers who support us in sending the newsletter and process your data exclusively on our behalf and in accordance with our instructions (so-called processors in accordance with Art. 28 GDPR). They have taken appropriate technical and organizational measures to protect your data.
These are currently
- Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin.
- Invitario GmbH, Lerchenfelder Straße 74/1/6, A-1080 Vienna (Austria)
Invitario GmbH
The participant management software is used to plan, coordinate, implement and control activities from event communication to participant management. By registering and signing up for an event that is managed using this tool, you agree to the terms and conditions of Invitario GmbH, Lerchenfelder Straße 74/1/6, A-1080 Vienna. You can find the detailed declaration at: https://invitario.com/datenschutz-website/
Click-Meeting Sp. z o.o.
For meetings or webinars offered by Hamburg Commercial Bank, we use the webinar software from ClickMeeting. If you participate in a digital event, you will receive the corresponding access data from us. By using the offer, the data protection guidelines of ClickMeeting Spółka z ograniczoną odpowiedzialnością with its registered office at ul. Arkońska 6/A4, 80-387 Gdańsk, Poland, company no. (KRS): 0000604194, VAT ID no. (NIP): 5842747535. ClickMeeting processes personal data mainly to enable access to the platform. Details can be found at the following address: https://clickmeeting.com/de/legal
5. fund information portal and trading portal
A fund information and trading portal is linked via our website at https://www.zweitmarkt.de/. This is not operated by us. Please note the data protection information there.