Thank you for your interest in our website. The protection of your personal data is very important to us. In accordance with Article 13 of the General Data Protection Regulation (GDPR), we would like to inform you below which personal data we process on this website, for what purposes and on what legal basis we do so.
CBR Service GmbH, Imkerstraße 4, 30916 Isernhagen, Germany, phone: +49 (5136/9711-0), email: [email protected] is responsible for the data collection and processing described below.
It is not necessary for you to provide us with personal data simply to visit our website. We only store and use usage data (browser type and version used, operating system, IP address and date and time of the visit). The legal basis for the processing of usage data is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimized display.
We use the following cookie when the page is accessed: NEXT_LOCALE: This cookie is necessary for language selection. The use of the cookie serves to safeguard our legitimate interest in the functionality of the website within the meaning of Art. 6 para. 1 lit. f GDPR.
Other cookies are set in the Investor Relations Portal. These are described in more detail under 2.5.
Under "Write to us" or "Contact" you have the option of sending us individual inquiries by email. We store and use the data provided in connection with an email inquiry exclusively for the purpose of responding to your inquiry. The legal basis for processing your data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If it is an inquiry aimed at concluding a contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR. We delete your data if it is no longer required and there are no legal obligations to retain it. With regard to processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object at any time. To do so, please contact [email protected].
We use the processor Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland) for email communication. Data processing is carried out on our behalf on servers in data centers in Europe.
We offer you the opportunity to apply to us and the companies affiliated with CBR Service GmbH via our applicant portal. If you decide to apply, you will be provided with separate data protection information as part of the application process.
Under the Investor Relations link in the "Publications" section, information is made available to investors ("qualified institutional buyers" within the meaning of Rule 144A of the U.S. Securities Act of 1933 or "qualified investors" within the meaning of EU Regulation 2003/71/EC).
For access, it is necessary to contact the IR team by e-mail. The IR team checks the plausibility of the investor status based on the e-mail address and the first name and surname provided by the interested party. If the investor status appears plausible, the interested party is created as a new user (first name, surname, e-mail address) and receives an e-mail with instructions on the steps required to finalize the registration.
The first name, surname and e-mail address are stored until the user informs us that they no longer wish to access the portal or wishes their data to be deleted. The legal basis for the processing is our legitimate interest in restricting access to certain company information and avoiding violations of capital market law (Article 6(1)(f) GDPR).
We use the processor Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland) for the registration process. The data is processed on our behalf on servers in data centers in Europe.
We use the following necessary cookies:
First-party cookies (duration:session):
_Secure-next-auth.session-token: This cookie is necessary to recognize which website visitor is logged in.
_Secure-next-auth.callback-url: This cookie is necessary for the assignment of a log-in.
-Host-next-auth.csr-token: This cookie is required to prevent cross-site request forgery attacks.
Third-party cookies (duration: session):
x-ms-cpim-trans: This cookie is set by Microsoft and is required to track transactions (number of authentication requests to Azure AD B2C) and the current transaction.
x-ms-cpim-cache: This cookie is set by Microsoft and is required to manage the request status.
x-ms-cpim-csrf: This token is used by Microsoft for IT security and serves to protect against so-called CSRF (cross-site request forgery) attacks.
x-ms-cpim-sso: This cookie is set by Microsoft to manage a single sign-on session.
x-ms-cpim-slice: This cookie is set by Microsoft to forward requests to the corresponding production instance.
The cookies we use serve to safeguard our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the implementation of the purposes described in each case. Further information on cookies in general and the existing right to object can be found under 2.1.2.
When you first log in, after entering your email address, the initial password provided by us and the change to a password of your choice, you will be asked to confirm a disclaimer regarding the qualification of the publications via a checkbox. A further checkbox is used to request confirmation that you are an investor. After ticking the checkboxes and clicking the "Submit" button, the confirmations are saved in local storage. This processing is necessary to ensure that you can access the information you have requested without having to repeatedly request confirmations. The legal basis for the processing is our legitimate interest in avoiding repeated confirmation requests when visiting our website multiple times (Article 6(1)(f) GDPR). The cookies/local storage entries we use serve to safeguard this legitimate interest in the implementation of the purposes described within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on cookies in general and the existing right to object can be found under 2.1.2.
We transfer your data to third parties who support us in the operation of the website and the associated processes. The transfer takes place exclusively within the framework of strictly instruction-bound order processing in accordance with Art. 28 GDPR.
We use the Microsoft Azure Cloud from the service provider Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland) to host our website. Data processing takes place exclusively within the EEA. We have a data processing agreement with Microsoft.
In addition, we use a content management system from Contentful GmbH (Ritterstraße 12-14, 10969 Berlin, Germany) to provide our website. Requests for the display of content on our website are transmitted to the service provider so that it can make the content available to you. For this purpose, Contentful receives your IP address and, if applicable, browser data. Data processing takes place exclusively within the EEA. There is an order processing contract with Contentful.
When processing your personal data, the GDPR grants you the following rights as a data subject
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right of access to this personal data and to the information listed in detail in Art. 15 GDPR.
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data. You also have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to processing, for the duration of any review.
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.
If data is collected on the basis of Art. 6 para. 1 lit. f (data processing to safeguard legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defense of legal claims.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you infringes data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Our external data protection officer will be happy to provide you with information on the subject of data protection using the following contact details: Dr. Uwe Schläger, datenschutz nord GmbH, Konsul-Smidt-Straße 88, 28217 Bremen, e-mail: [email protected].