Privacy Policy

Data Protection Information
for the AURELIUS website

We, Aurelius Advisory ltd, provide the AURELIUS website under the web address [www.aurelius-group.com]. In context with our website and the services provided on our website, we process personal data.

The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR).

In Section A of this Data Protection Information we provide you with information about the controller responsible for the processing of your personal data.

In Section B you find information about the processing of your personal data.

In Section C you find more detailed information on the use of cookies or similar technologies.

In Section D you further find information on your rights regarding the processing of your personal data.

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation. You will find more detailed information about this in Section E.

TABLE OF CONTENTS

A. Information on the controller

B. Information on the processing of personal data

I.        Informational use of our website

II.       Use of web analysis technologies (Matomo)

III.       Our email newsletter

IV.       Use of third-party provider plug-ins (e.g. video player plug ins)

C. Information on the use of cookies or similar technologies

I.        General information on cookies

II.       Management of the cookies used on our website

III.       Cookies used on our website

D. Information on the rights of data subjects

I.        Right of access

II.       Right to rectification

III.       Right to erasure (”right to be forgotten”

IV.       Right to restriction of processing

V.       Right to data portability

VI.       Right to object

VII.      Right to withdraw consent

VIII.     Right to lodge a complaint with a supervisory authority

E. Information about the technical terms of the General Data Protection Regulation used in this Data Protection Information

F. Effective date of and changes to this Data Protection Information

A. Information on the controller

Aurelius Investments Limited

6th Floor 33 Glasshouse Street, London W1B 5DG, England, UK

info@aurelius-group.com

+44 20 74400480

B. Information on the processing of personal data

I. Informational use of our website

When the use of our website is purely informational, certain information is sent to the web server of our website from your device for technical reasons, for example your IP address. We process this information in order to provide our website content requested by you and to ensure the security of the IT infrastructure used to provide our website. Information necessary for the correct provision of the requested website content and to ensure the security of the IT infrastructure used to provide our website is stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to ensure correct display of the website content you accessed and in order to identify and mitigate automated traffic to protect our website from bad bots.

In order to provide the search functions of our website, we process data that you enter into search forms on our website in order to provide you with search results for the search terms that you have entered.

In order to provide the data protection setting functions for our website (e.g. for granting or withdrawing consent for the use of certain cookie-based technologies), information about your data protection settings is stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to take account of your data protection settings when using our website.

You receive more detailed information on this below:

1. Details on the personal data which are processed

Categories of personal data processed Personal data included in the categories Sources of the dataObligation of the data subject to provide the data Storage duration
HTTP DataProtocol data which accrue when visiting our website via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: These include IP address, type and version of your internet browser, operating system used, site accessed, last site accessed before visiting the site (referrer URL), date and time of visit.User of our websiteThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the content of our website requested by you.The data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.
Content Provision DataData used to correctly display the website content accessed by the user: This includes information on which contents have already been displayed and do no longer need to be displayed upon the access of further pages on our website. This data is stored in cookies on your device (Section C) and can be read during your visit to our website.User of our websiteThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, certain content will be displayed too often and may interrupt your browsing experience.We process the data only temporarily for the period of the visit of our website. (You can find information on the validity period of the cookies stored on your device in Section C.III.)
Security DataData used to identify and mitigate automated traffic to protect our website from bad bots: This includes information related to the calculation of our service provider Cloudflare’s proprietary bot score and a session identifier. This data is stored in cookies on your device (Section C) and can be read during your visit to our website.User of our websiteThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, the protection of our website against bad bots does not work properly.We process the data only temporarily for the period of the visit of our website. (You can find information on the validity period of the cookies stored on your device in Section C.III.)
Search Function DataData that accrue by using the search functions of our website: These include all information that you enter as search terms in the respective search form on our website.User of our websiteThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, you cannot use the search functions of our website.The data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.
Data Protection Setting DataData on data protection settings you have made for our website: This includes information on whether you have given your consent and, if so, what consent you have given at what time. This data is stored in cookies on your device (Section C) and can be read during your visit to our website.User of our websiteThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot take your consents for our website into account. This means that we may not be able to provide you with certain functions of our website that require consent.We process the data only temporarily for the period of the visit of our website. (You can find more information on the validity period of the cookies stored on your device in Section C.III.)

2. Details on the processing of the personal data

Purpose of processing the personal data Categories of personal data processedAutomated decision-makingLegal basis and, where applicable, legitimate interestsRecipient
Provision of content of our website requested by the user: For this purpose, data are temporarily processed on our web server. For this purpose, information necessary to ensure the correct display of the website content is also stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to ensure correct display of the website content you accessed.HTTP Data Content Provision DataNo automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the content of our website requested by the user.Hosting Provider
Ensuring the security of the IT infrastructure used for the provision of our website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks): For this purpose, data are temporarily stored in log files on our web server and automatically evaluated. For this purpose, information about your consent is also stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to identify and mitigate automated traffic to protect our website from bad bots.HTTP Data Security Data Search Function DataNo automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is ensuring the security of the IT infrastructure used for the provision of our website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks).Hosting Provider
Providing the search functions of our website: For this purpose, data are temporarily processed on our web server.HTTP Data Search Function DataNo automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the search functions of our website requested by the user.Hosting Provider
Provision of data protection setting functions for our website: Certain features of our website (e.g. the use of certain cookie-based technologies) require your consent. We provide data protection setting functions for our website to enable you to give and, if necessary, withdraw your consent. For this purpose, information about your consent is stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to determine whether you have given your consent and, if so, what consents you have given.HTTP Data Data Protection Setting DataNo automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of data protection setting functions for our website.Hosting Provider Data Protection Setting Function Provider

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

RecipientRecipient’s roleTransfers to third countries and/or international organisationsAdequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USA  ProcessorUSAThere is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list
Hosting Provider: Cloudflare, Inc. 101 Townsend St., San Francisco, CA 94107, USAProcessorUSAThere is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As Cloudflare, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list
Data Protection Setting Function Provider: CookieYes Limited 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United KingdomProcessorUnited KingdomThere is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the United Kingdom. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2021/1772/oj

II. Use of web analysis technologies (Matomo)

Upon your consent, we use so-called ”web analysis technologies“ on our website.

Web analysis enables the collection and evaluation of information about the activities of users of our website. The information obtained serves us to improve our website and to better achieve the goals of our website (e.g. increase in page views).

When you visit our website, the web analysis tool used (Matomo) collects information about your use of our website and stores it in a device-related profile. In order to be able to assign this information to your device, your device is assigned a unique ID which is linked to the device-related profile. This ID is stored in cookies  (Section C ) on your device. During your visit to our website, your device can be recognised there on the basis of the ID assigned to it.

You will find more detailed information on this in the following:

1. Details on personal information which are processed

Categories of personal data processed Personal data included in the categoriesSources of dataObligation of the data subject to provide the data Storage duration
Web Analysis HTTP DataProtocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when using the web analysis tool used on our website: These include IP address, type and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), date and time of the visit.User of our websiteThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot carry out a web analysis.IP anonymisation is activated on our website for the use of the web analysis tool. This means that the IP address transmitted via the browser for technical reasons is anonymised before being stored by shortening the IP address (by deleting the last octet of the IP address). Moreover we only process the protocol data temporarily for the duration of the visit to our website.
Web Analysis Device DataData that is assigned to your device by the web analysis tool used on our website: This includes a unique ID to (re)identify your device. It also includes certain parameters relevant for web analysis. This data is stored in cookies on your device (Section C) and can be read when visiting our website.User of our websiteThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot carry out a web analysis.We store the unique ID for the duration of your consent. We only process parameters relevant for web analysis temporarily for the period of your visit to our website. We delete this data when you withdraw your consent. (For information on the period of validity of the cookies stored on your device, please refer to Section C.III.)
Web Analysis Profile DataData generated by the web analysis tool used on our website and stored in a device-related profile: This includes data about the use of our website, in particular page visits, frequency of visits and time spent on the pages visited. This is also included the unique ID assigned to your device.Generated by us-We store the unique ID for the duration of your consent. We store information about the use of our website for a period of 24 months from collection. We delete this data when you withdraw your consent.

2. Details on the processing of personal data

Purpose of the processing of personal data Categories of personal data processedAutomated decision-making Legal basis and, where applicable, legitimate interestsRecipient
Web Analysis: Web analysis enables the collection and evaluation of information about the activities of users of our website. When you visit our website, the web analysis tool used by us collects information about your use of our website and stores it in a device-related profile. In order to be able to assign this information to your device, a unique ID is assigned to your device, which is linked to the device-related profile. This ID is stored in cookies (Section C) on your device. During your visit of our website, your device can be recognised there on the basis of the ID assigned to it. The aim of the analysis is to examine where the users of our website come from, which areas of our website are visited and how often and for how long which page and categories are viewed. The information obtained is used to improve our website and to better achieve the goals of our website (e.g. increase in page views).Web Analysis HTTP Data Web Analysis Device Data Web Analysis Profile DataNo automated decision-making takes place.Art. 6 (1) (a) GDPR (consent)Hosting Provider

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

RecipientRecipient’s roleTransfers to third countries and/or international organisationsAdequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USAProcessorUSAThere is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list

III. Our email newsletter

On our website we offer you the possibility to register for our personalised email newsletter. When you subscribe to the email newsletter, certain information is collected, such as your email address. We process this information to confirm your subscription and to provide the personalised email newsletter. We also store and use this information for evidence purposes for the possible assertion, exercise or defence of legal claims.

When using the newsletter subscription and unsubscription form from our newsletter on our website, certain information is sent from your device to the web server of our website for technical reasons, for example your IP address. We process this information to provide the newsletter subscription and unsubscription form on our website and to ensure the security of the IT infrastructure used to provide the newsletter subscription and unsubscription form.

You will find more detailed information on this below:

1. Details on personal data which are processed

Categories of personal data processed Personal data included in the categoriesSources of the dataObligation of the data subject to provide the dataStorage duration
Newsletter Form HTTP DataProtocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the subscription and unsubscription form for our newsletter on our website is accessed: These include IP address, type and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), date and time of the visit.User of our websiteThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the newsletter subscription and unsubscription form .The Data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.
Newsletter Subscription DataData we collect during the subscription for the newsletter: These include the following mandatory information: Email address These include the following optional information: First name, last name, company name, newsletter topicsNewsletter subscribersThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the mandatory information is not provided, we cannot provide you with a newsletter.We store these data as long as you are registered for our newsletter. In addition, we store these data for evidence purposes for the assertion, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribed and in the event of any legal disputes until such have been concluded.
Newsletter Opt-In DataProtocol data which accrue during subscription and unsubscription of the newsletter: These include date and time of subscription to the newsletter, date and time when registration notification is sent in the double opt-in procedure, date and time of the confirmation of the registration in the double opt-in procedure as well as the IP address of the device used for the confirmation, date and time of any possible unsubscription from newsletter.Newsletter subscribersThe provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide you with a newsletter.We store these data as long as you are registered for our newsletter. In addition, we store these data for evidence purposes for the assertion, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribed and in the event of any legal disputes until such have been concluded.

2. Details on the processing of personal data

Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interestsRecipient
Provision of the newsletter subscription and unsubscription form on our website: For this purpose, HTTP Data are processed temporarily on our web server. For this purpose, HTTP data is temporarily processed on our web server.Newsletter Form HTTP DataNo automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the newsletter subscription and unsubscription form on our website requested by the user.Hosting Provider Email Newsletter Provider
Ensuring the security of the IT infrastructure used for the provision of the form, in particular for the detection, elimination and conclusive documentation of disruptions (e.g. DDoS attacks): For this purpose, Data are temporarily stored and evaluated in log files on our web server.Newsletter Form HTTP Data  No automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is ensuring the security of the IT infrastructure used to provide the form, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).Hosting Provider Email Newsletter Provider
”Double opt-in” procedure to confirm the subscription: For this we send an email message requesting confirmation to the email address provided when registering for the newsletter. Any subscription only becomes effective when the subscriber has confirmed the email address by accessing the confirmation link in the email.Newsletter Subscription Data Newsletter Opt-In DataNo automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the legally secure documentation of your consent to the newsletter.Email Newsletter Provider
Sending of the newsletter to the newsletter subscriber. We use the optional information provided during subscription to address our newsletter recipients by name and company and to tailor the newsletter contents to the areas of interests which our newsletter recipients chose.Newsletter Subscription Data Newsletter Opt-In DataNo automated decision-making takes place.Art. 6 (1) (a) GDPR (consent)Email Newsletter Provider
Storage and processing for evidence purposes for any assertion, exercise or defence of legal claimsNewsletter Subscription Data Newsletter Opt-In DataNo automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the assertion, exercise or defence of legal claims.Email Newsletter Provider
Assertion, exercise or defence of legal claims, including cooperation with external lawyersNewsletter Subscription Data Newsletter Opt-In DataNo automated decision-making takes place.Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the assertion, exercise or defence of legal claims.Courts Lawyers

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

RecipientRecipient’s roleTransfers to third countries and/or international organisationsAdequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USAProcessorUSAThere is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list
Email Newsletter Provider: The Rocket Science Group LLC d/b/a Mailchimp 675 Ponce De Leon Avenue, Northeast Suite 5000 Atlanta, GA 30308, USAProcessorUSAThere is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As The Rocket Science Group LLC d/b/a Mailchimp is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list
LawyersControllerThere is no transfer to third countries and/or international organisations-
CourtsControllerThere is no transfer to third countries and/or international organisations-

IV. Use of third-party provider plug-ins (e.g. video player plug-ins)

So-called ”third-party provider plug-ins” are embedded in our website, with which you can use functions on our website offered by third-party providers. The plug-ins are embedded in our website by way of a ”2-click solution”. With this solution, the relevant plug-in is not activated directly when our website is accessed, but only once you click on the activation button provided for the relevant plug-in.

If you activate a third-party provider plug-in, you use a function offered by the provider of the respective plug-in under their own responsibility, which is only visually embedded in the presentation of our website. When activating the respective plug-in, the provider of the respective plug-in may receive personal data from you. When activating the respective plug-in, the provider of the respective plug-in may also use cookies (à Section C).

You receive more detailed information on this below:

1. Third-party provider plug-ins embedded in our website

The following third-party provider plug-ins are embedded in our website, with which you can use the functions on our website offered by third-party providers:

Plug-inThird-party providerFurther information of the provider of the plug-in
Vimeo (Video Player)Vimeo.com, Inc.
330 West 34th Street, 10th Floor
New York, New York 10001, USA
More detailed information on the function can be found in the provider’s description:
https://vimeo.com/features/video-player?mkc=368ip_fm_adfree
Additional information on data processing by the provider can be found in the Data Protection Information of the provider:
https://vimeo.com/privacy

2. Processing of personal data by provider of the third-party provider plug-in

The third-party provider plug-ins are embedded in our website by means of a ”2-click solution”. With this solution, the relevant plug-in is not activated directly when our website is accessed, but only once you click on the activation button provided for the relevant plug-in.

It is ensured with the 2-click solution that your internet browser does not initially connect to the servers of the provider of the relevant plug-in when you access our website. When you access our website, the provider of the relevant plug-in therefore initially cannot collect any personal data regarding you via this plug-in. The relevant plug-in is only activated in case you click on the button provided for activating this plug-in. Once activated, a connection is established to the servers of the provider of the relevant plug-in. The provider of the relevant plug-in can also receive personal data from you when the relevant plug-in is activated. The activation of the relevant plug-in can be compared technically with clicking on a link to an external website, with the difference that the content requested in the process does not appear in a new window/tab of your internet browser, but are visually embedded in our website. The data exchange initiated by you by activating and using the relevant plug-in only takes place between your internet browser and the servers of the provider of the relevant plug-in. If you activate a third-party provider plug-in, you therefore use a function offered by the provider of the relevant plug-in under its responsibility, which is visually embedded in the layout of our website.

When the relevant plug-in is activated, the provider of this plug-in can (comparable to accessing an external website via a link) in particular receive your IP address and the address (URL) of the website, from where you carried out the activation. The provider of the activated plug-in can also receive information from any cookies of the relevant provider stored in your internet browser. The provider of the relevant plug-in can therefore, due to the activation of this plug-in initiated by you, already receive at least the information that our website has been accessed from the IP address allocated to you at the time of access. If you are registered as a user with the relevant third-party provider, the provider of the relevant plug-in can also typically allocate the data it received to your user account. We emphasise that we do not have any knowledge about the personal data the provider actually obtains. We also do not have any knowledge about specific purposes of the processing of data collected by the provider of the relevant plug-in or about any further details of the data processing of the relevant provider. In particular, we also do not know whether the relevant provider only processes the data collected to provide the function of the relevant plug-in (e.g. to share certain content or to make a comment) or, beyond this, for any other purposes (e.g. to create usage profiles or to personalise advertising).

3. Data transfer to third countries without an appropriate level of security

It is possible that by using a plug-in activated by you, personal data is transferred to third countries for which there is no so-called adequacy decision by the European Commission and no appropriate safeguards are provided for. To that extent there is the risk that there is no appropriate level of security for the transferred data. This means that your personal data which the third-party provider receives from you may not be subject to a level of security comparable to the General Data Protection Regulation. This in particular means there may not be compliance with the principles for the processing of personal data laid down in Art. 5 GDPR. It may also be the case that no enforceable rights or effective remedies are available to you with respect to the processing of personal data.

C. Information on the use of cookies or similar technologies

We use cookies in connection on our website. In doing so, we use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser.

You will find more detailed information on this in the following.

I. General information on cookies

Cookies are small text files with information that can be placed on a user’s device through its browser when a website is visited. When the relevant website is visited again with the same device, the cookie and the information it contains can be retrieved.

1. First-party and third-party cookies

Depending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:

First-party cookiesCookies that are placed and accessed by the operator of the website as the controller or by a processor engaged by the controller
Third-party cookiesCookies that are placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website

2. Transient and persistent cookies

A distinction can be made between transient and persistent cookies depending on how long they remain active:

Transient cookies (Session cookies)Cookies that are automatically deleted when you close your browser
Persistent cookiesCookies that remain stored on your device for a certain period of time after the browser is closed

3. Consent-free cookies and cookies requiring consent

Users’ consent is required for some cookies depending on their function and purpose of use. Thus, a distinction can be made between cookies that require users’ consent and those that do not:

Consent-free cookiesCookies that have as their sole purpose to transmit a message using an electronic communication network
Cookies that are necessary so that the party offering a service that has been expressly requested by a participant or user can provide this service (”strictly necessary cookies”)
Cookies requiring consentCookies for all purposes of use other than the aforementioned

II. Management of the cookies used on our website

1. Granting and withdrawing consents to the use of cookies in the data protection settings of our website

If consent is necessary for the use of certain cookies, we only use these cookies if you have previously granted your consent to this. You can find information as to whether the use of a particular cookie requires consent in the information on the cookies used on our website in Section C.III. of this Data Protection Information.

When you first visit our website, we display a pop-up for data protection settings. In the data protection settings, you can give consent for the use of cookies that require consent and the processing of your personal data enabled thereby. However, you can also continue to use our website without consent. In this case, we will only use cookies for which consent is not required.

You can access the data protection settings of our website at any time via the link contained in this Data Protection Information and in the footer of our website. In the data protection settings, you can withdraw or re-grant the consents you have given at any time.

We store whether and, if applicable, which consents you have given in the form of a (strictly necessary) cookie (so-called ”data protection settings cookie“) on your device. The data protection setting cookie has a limited validity period of 12 months. After the expiration of the validity period, or if you delete the data protection settings cookie manually beforehand, we will display the banner for data protection settings for our website again the next time you visit our website.

You cannot deactivate cookies that are strictly necessary in the data protection settings of our website. However, you can generally deactivate these cookies in your browser at any time.

2. Managing cookies using browser settings

You can also manage the use of cookies in your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this, for example at http://www.allaboutcookies.org/manage-cookies/.

However, we would like to point out that some functions of our website may not work properly or at all if you deactivate cookies in general in your browser.

III. Cookies used on our website

The following cookies may be used on our website:

NameFirst-party / third-partyPurpose of use and contentEffective termConsent necessary?
Data Protection Settings Cookies
cookieyes-consentFirst-partyThis cookie is strictly necessary to provide the data protection settings function for our website (Section B.I). This cookie stores information about whether and, if so, which consents you have given and when, in order to possibly activate the respective processing activities and cookies requiring consent in accordance with your consent and in order to be able to determine whether we require renewed consent from you in the event of changes to processing activities and cookies requiring consent.Persistent:
12 months
No
Content Provision Cookies
preLoaderShownFirst partyThis cookie is strictly necessary to ensure the correct display of the website content accessed by the user (Section B.I). The cookie is set and contains the value “true” once the so called “pre loader” of the website has been displayed to the user (i.e. a loading screen that is displayed upon the first visit while the website content is downloaded). This cookie is used to ensure that the pre loader is only displayed once and does not interrupt the user’s use of our website.Persistent: 1 Month  No
Security Cookies
__cf_bmFirst partyThis cookie is strictly necessary to ensure the security of the IT infrastructure used to provide our website (Section B.I). The cookie contains information related to the calculation of our service provider Cloudflare’s proprietary bot score and a session identifier in order to identify and mitigate automated traffic to protect our website from bad bots. The information in the cookie (other than time-related information) is encrypted and can only be decrypted by Cloudflare. A separate __cf_bm cookie is generated for each website that an end user visits, as Cloudflare does not track users from site to site or from session to session. The __cf_bm cookie is generated independently by Cloudflare, and does not correspond to any user ID or other identifiers that may be used by us on our website.  Persistent: 30 MinutesNo
Web Analysis cookies (for the web analysis tool Matomo) These cookies are used by the web analysis tool Matomo to record and analyse the usage behaviour on our website, in order to improve our website (Section B.III).
_pk_id#First partyThis cookie contains a unique visitor ID and is used to recognise visitors.Persistent: 1 yearYes
_pk_ses#First partyThis cookie contains the value “1” and indicates (if it is already set) that a page request is part of an ongoing browser session.Persistent:
1 day
Yes
Third-party plug-in cookies
If you activate a third-party plug-in, you are using a functionality offered by the provider of the respective plug-in under its own responsibility, which is merely visually embedded in the presentation of our website. When activating the respective plug-in, the provider of the respective plug-in may use cookies (à Section B.IV).
Third-party plug-in cookiesThird partyWe have no knowledge of the specific purposes, content and storage duration of the cookies used by the provider of the plug-in, nor of whether they require consent.

D. Information on the rights of data subjects

As a data subject, you have the following rights with regard to the processing of your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (”right to be forgotten”) (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7 (3) GDPR)

You may contact us for the purpose of exercising these rights using the contact information in Section A.

Where applicable, you find information on any specific modalities and mechanisms which facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, in the information on the processing of personal data in Section B of this Data Protection Information.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

Below you find more detailed information on your rights with regard to the processing of your personal data:

I. Right of access

As a data subject, you have a right to obtain access and information under the conditions provided in Art. 15 GDPR.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Art. 15 (1) GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Art. 15 (1) (a), (b) and (c) GDPR).

You can find the full extent of your right to access and information in Art. 15 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

II. Right to rectification

As a data subject, you have the right to rectification under the conditions provided in Art. 16 GDPR.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Art. 16 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

III. Right to erasure (”right to be forgotten”)

As a data subject, you have a right to erasure (”right to be forgotten”) under the conditions provided in Art. 17 GDPR.

This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Art. 17 (1) GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 (1) (a) GDPR).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Art. 17 (2) GDPR).

The right to erasure (”right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Art. 17 (3) GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Art. 17 (3) (b) and (e) GDPR).

You can find the full extent of your right to erasure (”right to be forgotten”) in Art. 17 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

IV. Right to restriction of processing

As a data subject, you have a right to restriction of processing under the conditions provided in Art. 18 GDPR.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Art. 18 (1) GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Art. 18 (1) (a) GDPR).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Art. 4 (3) GDPR).

You can find the full extent of your right to restriction of processing in Art. 18 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

V. Right to data portability

As a data subject, you have a right to data portability under the conditions provided in Art. 20 GDPR.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means (Art. 20 (1) GDPR).

You can find information as to whether an instance of processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Art. 20 (2) GDPR).

You can find the full extent of your right to data portability in Art. 20 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VI. Right to object

As a data subject, you have a right to object under the conditions provided in Art. 21 GDPR.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.

More detailed information on this is given below:

1. Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f), including profiling based on those provisions.

You can find information as to whether an instance of processing is based on Art. 6 (1) (e) or (f) GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You can find the full extent of your right to objection in Art. 21 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

2. Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B of this Data Protection Information.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Art. 21 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VII. Right to withdraw consent

Where an instance of processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, as a data subject you have the right to withdraw your consent at any time pursuant to Art. 7 (3) GDPR,. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on Art. 6 (1) (a) or Art. 9 (2) (a) GDPR in the information regarding the legal basis of processing in Section B of this Data Protection Information.

VIII. Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Art. 77 GDPR.

The contact details of the supervisory authorities in the EU/EEA are available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

E. Information about the technical terms of the General Data Protection Regulation used in this Data Protection Information

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation.

The full scope of the definitions of the General Data Protection Regulation can be found in Art. 4 GDPR, which can be downloaded from the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

You will find more detailed information on the most important technical terms of the General Data Protection Regulation used in this Data Protection Information below:

”Personal data” means any information relating to an identified or identifiable natural person (”data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

”Data Subject” means the respective identified or identifiable natural person, to which the personal Data refers to;

”Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

”Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

”Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

”Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

”Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

”Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

”International organisation” means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

”Third country” means a country which is not a member state of the European Union (”EU”) or the European Economic Area (”EEA”);

”Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

F. Effective date of and changes to this Data Protection Information

The effective date of this Data Protection Information is February 13, 2024.

It may be necessary to modify this Data Protection Information due to technical developments and/or amendment of statutory or official requirements.

An up-to-date version of this Data Protection Information can be retrieved at any time at [www.aurelius-group/privacy-policy].