Privacy
Privacy Statement
We are pleased that you have chosen to visit our websites and are grateful for your interest in our work. The topic data protection is of utmost importance to us. We respect and protect your private sphere and comply with all applicable legal provisions. For this reason, we ask you to take note of the following information. This is an English translation of our data protection statements, it shall be used only for information purposes; in case of doubt, the German version shall apply.
- In the section “Data Protection Notice for our Websites” we inform you of the gathering of personal data that occurs when visiting our websites.
- In the section “General Data Protection Declaration” we inform you how we process your personal data, which rights you have, how you can exercise these rights, and other pertinent information about our data processing procedure.
If you have any questions or recommendations concerning data protection at Deutsches Aktieninstitut, you can reach us via email at datenschutz(at)dai.de.
Your Deutsches Aktieninstitut data protection team
Data protection notice for our websites
Deutsches Aktieninstitut takes the protection of your personal data very serious. We treat your personal data in a confidential manner and in accordance with the legal data protection regulations as well as this data protection notice.
We would like to note that the transmission of data on the internet could be subject to security vulnerabilities that lay outside our sphere of influence. The complete protection of your data from third party access is not possible with the use of the internet.
1. Scope of application
This data protection notice applies to the following internet services and the accompanying subdomains: www.dai.de, www.dcgk.de and www.meritum-preis.de.
2. Information about the collection of personal data on our websites
2.1 In the following we are informing you about the gathering of personal data that occurs when using our websites.
2.2 More information about the processing of collected personal data, that occurs for example when participating in one of our events, is available under the general data protection notice.
2.3 The use of our websites is usually possible without the disclosure of personal data.
2.4 Personal data (such as name, address, or email address) collected on our websites by means of a contact form can only be disclosed on a voluntary basis. This occurs for example when registering for an event, when contacting the office, or when completing a purchase order of a publication. Specific contact information, such as salutation, first and last name, and email address are mandatory fields as they are necessary for communication purposes. These mandatory fields are marked separately on our online forms.
2.5 Also when you are using our websites for informational purposes only and do not attempt to contact us through them, the website provider collects and stores specific information about your visit in so-called Server-Log files, which your browser automatically transmits to us. This information is technologically necessary to display our websites to you and guarantee stability and security.
The stored data includes:
- IP-Address
- Date and time of the request
- Time difference to Greenwich Mean Time (GMT)
- Contents of the request (specifically the site that is requested)
- Access rights/ HTTP - Status code
- Transmitted data volume
- Website from which the request stems
- Browser
- Operating system and its interface
- Language and version of the browser software
The legal basis for the storage of this data is Article 6 (1), sentence 1, (f) of the EU GDPR. This stored data is not retraceable to a specific person. A merger of this data with other data sources will not occur. We reserve the right to retrospectively verify data if we identify concrete indications of illegal activity.
3. Encryption and Contact Forms
The data gathered in all of our websites’ existing contact forms is transmitted in encrypted form. Thus, the trustworthiness and integrity of the contact contents are continuously ensured.
4. Data protection notice for the use of cookies
Our website partially utilizes so-called cookies. Cookies are small text files that are deposited on your computer and stored by your browser. They help make our offer more user-friendly, effective, and secure. Cookies do not harm your computer and do not contain any viruses. Most of our utilized cookies are so-called “Session-Cookies.” These are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser if you visit us again. You can adjust your browser settings to notify you about the placement of cookies, require your permission for cookies in each individual case, accept cookies in specific cases or generally disallow them, and automatically delete cookies when closing your browser. When deactivating cookies, the functionality of a website can be limited.
5. Data protection notice for the use of Matomo (formerly Piwik)
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region they came. We also record various log files such as IP address, referrer, browser and operating system used and can measure whether our website visitors perform certain actions such as clicks or purchases.
Legal Basis
We use this analysis tool on the basis of Art. 6 para. 1 lit. f GDPR, according to which we as the website operator have a legitimate interest in analysing user behaviour in order to optimise our website.
If you have given your consent to the setting of statistics cookies in the cookie banner and thus activated Matomo, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You can revoke your consent at any time by deleting the cookies set in your browser or changing your data protection settings.
IP anonymisation
We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you.
Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
6. Data protection notice for the use of social media
We use social media plug-ins from various social networks (currently LinkedIn and X). With the help of these plug-ins, you can, for example, share content or recommend products.
By integrating the plug-ins, the social network can receive the information that you have accessed the corresponding page of the operator. If you are logged in to the social network, it can assign the visit to your account. By using the plug-in, the corresponding information is transmitted from your browser directly to the social network and stored there.
If you do not want social networks to collect data about you via the website, you must log out of these networks before visiting our website and deactivate the social media plug-ins. Even if you are not logged in to the social networks, data from websites with active social media plug-ins can be sent to these networks. An active plug-in sets a cookie with an identifier each time the website is called up. Since your browser sends this cookie with every connection to a network server, the network could use it to create a profile of which web pages the user belonging to the identifier has called up. It would then be possible to assign this identifier to a person again, for example, when logging on to the social network later.
Thus, it is also possible for X to record your visits to these websites and assign them to your X profile via X buttons or widgets embedded in the websites and the use of cookies. Based on this data, content or advertising can be offered tailored to you.
For more information on data processing by social networks, your rights in this regard and setting options for protecting your privacy, please refer to the data protection notices of the respective networks:
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland):
X (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland):
8. Usage of our contact information for advertisement emails
We hereby prohibit the use of our contact information, published as a part of our duty to publish an imprint, for not expressly requested advertisement and information materials. The operators of the websites reserve the right to take legal action in the event of receiving non-solicited advertising material, possibly in the form of spam mails.
General data protection notice
In the following we will inform you, in terms of the General Data Protection Regulation (GDPR),
- what personal information we obtain,
- how we obtain and use this data,
- what rights you have with regards to your personal data under the applicable law,
- who is responsible for the data processing, and
- who you can turn to with questions
1. What information we use and where we obtain it?
Personal data is all data, that pertains to your personal being, including but not limited to your name, address, or email address. For the data processing in Deutsches Aktieninstitut the following personal information can be recorded:
- Salutation
- Title
- First and last name
- Professional title
- Occupational function
- Company name
- Department
- Postal address
- Electronic contact information (email address, telephone, fax)
- Bank connection information
- Birth date and place of birth
- Photographic, audio or video recordings
Also the personal data considered particularly sensitive in the category “political opinion” or “trade union membership” referred to in Article 9 EU GDPR could be recorded for data processing. For example, this could be the case when conclusions can be drawn from the data with regard to your political party affiliation or union membership.
We also record sensitive data from other categories such as religious affiliation of (former) employees and legal representatives of Deutsches Aktieninstitut within the scope of statutory provisions.
Within the framework of our business relationships or the initiation thereof we receive personal data from you or your business. For example, in the scope of membership of your company in Deutsches Aktieninstitut or your participation in an event hosted by our firm. This also applies to information ascertained through contacting for other matters. Within the framework of active business relationships or follow-up to contacting through personal contact, by telephone, or written contact additional personal data could emerge, such as electronic copies of correspondence or telephone numbers could be stored in the call journal of a phone system.
For contacting on our part, we also process personal data that we can permissibly find in publicly accessible sources (for example commercial registries and media) and from third parties.
We also obtain personal data from you, when you access our website. (See the Data Protection Notice for Websites)
2. For what purposes do we process your personal data?
We process the collected personal data for different purposes, which are ultimately a result of our articles of association that can be found at www.dai.de/en/who-we-are/articles.html. We particularly advocate for the strengthening of the capital market, offer a platform to its actors, and contribute to the development of the essential framework.
- Data processing group “Membership”: If you are a member of Deutsches Aktieninstitut or an employee, more specifically the legal representative of a member firm, we process your data for the management and implementation of the membership. We keep in contact, conduct surveys, and provide you, if not explicitly wished otherwise, with information such as our semi-annual report “Kurvenlage,” exclusive news for members, and other relevant information such as invitations to conferences, committee meetings, and other events. If you are a member of the Executive Board of Deutsches Aktieninstitut, we will publish your name and your company on our website at https://www.dai.de/praesidium-und-vorstand. As a member of the Executive Committee, we will also publish your portrait photo there.
- Data processing group “Events”: We organize conferences and other public and internal events and invite to these events. Our events take place as face-to-face, online or hybrid events. We process your data as an event participant in order to carry out the event. This is how we are able to make name tags or provide you with relevant event documents or the link to online participation. Furthermore, we also include you on participant and signature lists by listing your name, function, and company. If you speak during an online conference and it is recorded, your contribution will be included in the recording, verbally and possibly also in pictures. We document individual face-to-face events photographically and publish selected photos in our semi-annual report “Kurvenlage” as well as in our “News für Mitglieder.” If not explicitly wished otherwise, we will also invite you to future events of Deutsches Aktieninstitut.
- Data processing group “Surveys”: In this field we process your data in order to carry out surveys.
- Data processing group “Press”, “Science” and “Politics”: We are in contact with you as a person in the political field, more specifically as a member of the press or science. We provide you with information about our political work, our publications, and send you our event invitations.
- Data processing group “Customer” and “Service Provider”: We process your data as far as is necessary for contractual performance.
- Data processing group “Publications”: We process your information in order to send you our semi-annual report “Kurvenlage” or other publications such as press releases or invitations for events.
- Data processing group “Contact Information”: We process your data in order to contact you, more specifically to stay in contact with you.
- Data processing group “Codex-Commission”: Since 2013 Deutsches Aktieninstitut manages the office of the Government Commission German Corporate Governance Codex and supports the work of the Government Commission. One of the office activities includes communicating with stakeholders of the German Corporate Governance Codex and if necessary transmitting requests or information from the German Corporate Governance Codex. Another task is organizing conferences for the German Corporate Governance Codex and inviting event participants. More information regarding events and committee meetings can be found under the data processing group: events.
Furthermore, submitted comments will be published on the site www.dcgk.de. Should you be opposed to the publication of your comment, you can send a related revocation to datenschutz(at)dai.de or geschaeftsstelle(at)dcgk.de. Upon reception of this revocation the office will then remove your comment from the website.
3. On what legal basis do we process your data?
We base our data processing on your consent in accordance with Article 6 (1)(a) of the EU GDPR, insofar as you have provided us with it. Given consent can be withdrawn at any given moment. To do so contact us at datenschutz(at)dai.de. In order to meet our previously noted association obligations or contractual obligations we invoke Article 6 (1)(b) of the EU GDPR. To guard our legitimate interests, we process personal data according to a balancing of interests as outlined in Article 6 (1)(f) EU GDPR. In this manner we process data for previously mentioned causes, such as to complete surveys for Deutsches Aktieninstitut and for contacting people for business purposes. This contacting includes that done so with personal data that was made public or that we received from third parties in a permissible manner.
- Data processing group “Membership”: The abovementioned data processing under section 2 is based on your consent, insofar as you have granted it, for the fulfillment of our obligations to our members and based on a predominant legitimate interest as the data processing serves our association’s purpose. Also, we assume that this type of contacting and the transfer of such information is desired by you.
- Data processing group “Events”: For event participants, data processing occurs as a byproduct of the execution of the event based on your consent and for the purpose of completing our duties laid out in the participation contract. Furthermore, your registration for our event indicates to us that you are interested in this type of event. Therefore, we would also like to invite you to future events organized by Deutsches Aktieninstitut and justify this invitation through our legitimate interest as outlined in Article 6 (1)(f) EU GDPR.
- Data processing group “Surveys”: Deutsches Aktieninstitut surveys assist, further, and support the participants of the capital market and the capital market as a whole. The contacted group of a survey for participation in a study is not chosen at random, rather it is based on an inquiry into the appropriate group to contact. We also assume that the recipients would fundamentally like to partake in the survey. For this reason, we again invoke our predominant legitimate interest, in the case that we have not explicitly received your consent.
- Data processing group “Press”, “Science” and “Politics”: In this area we justify our data processing, if your consent is not available, through our predominant legitimate interest detailed in Article 6 (1)(f) EU GDPR. For our political work it is essential to get in contact and exchange views with scientists, the press and political acting persons. Already from your activity, we close on your interest in our work.
- Data processing group “Customer” and “Service Provider”: We process your data insofar as necessary for the performance of a contract and justify this based on Article 6 (1)(b) EU GDPR.
- Data processing group “Publication”: If the legal bases for the sending of mailings is not already given in the explanation of a previous data processing group section, the data processing will be justified based on your consent or our legitimate interests as outlined in Article 6 (1)(f) EU GDPR, since your work or behaviour leads us to assume that the publication as such is of interest to you.
- Data processing group “Contact Information”: If we have not already received your consent, we invoke our legitimate interest as detailed in Article 6 (1)(f) EU GDPR, as we assume that you have a probable willingness.
- Data processing group “Codex-Commission”: Your data will be processed by the office of the Government Commission German Corporate Governance Codex in Deutsches Aktieninstitut. The office of the Government Commission is tasked with various tasks. Thus, Deutsches Aktieninstitut places it’s working infrastructure at the disposal of the Government Commission. Additionally, they aid in the organization and conducting of events of the Government Commission, as well as assisting the Commission members with external communication. Therefore, this data processing, if consent is present, is justified under Article 6 (1)(a). If the data processing is necessary for the completion of a contract, it is justified based on Article 6 (1)(b). Otherwise, it is justified based on legitimate interest to approach persons with a probable interest, more specifically to maintain contact to these people.
4. Who, besides us, has access to your information?
In the scope of our business activity we work together with our service providers, which are operative as processors, as defined in Article 28 EU GDPR, for us in the field of IT services, printing, shipment and accounting, as well as producing of translations and transcripts. They either process data directly (printing and shipment) or have the theoretical possibility to recognize your information in our systems. Therefore, we enter into order processing contracts with these service providers and ensure that also these service providers adopt the necessary technical-organizational measures to protect your personal information, especially if they use services from a third country to fulfil their contractual obligations.
Moreover, personal data will also be disclosed to public bodies such as the authorities, insofar as this is necessary under the applicable law.
Your information will not be disclosed to third parties not aforementioned in this section without your explicit consent and will also not be transmitted to a third state.
- Data processing group “Events”: If you are a participant in one of our public or private events, a disclosure of participant or signature lists to third parties could occur. For example, such lists, that obtain name, function, and company, are provided to speakers of the event organized by Deutsches Aktieninstitut or used for the purpose of admission control at the event itself. For meetings of internal work groups, the participant lists are made available to all members of the work group.Also, selected photos from events as well as names of all guest speakers could be published in our semi-annual report “Kurvenlage” or in the news for our members.
- Data processing group “Codex Commission”: The personal data collected by the office of the Government Commission German Corporate Governance Codex is partially disclosed to the Government Commission German Corporate Governance Codex as well as to the press spokesperson of the Government Commission. This occurs, for example, in the shape of participant lists of conferences pertaining to the Government Commission German Corporate Governance Codex. This process is outlined in the section data processing group “Events.” Furthermore, published submitted comments and personal information of members of the government commission and the press spokesperson will be published on the Government Commission’s website.
5. When do we delete your personal information?
Our relationships are intended to be long term and therefore, a fixed date cannot be stated. For this reason, we keep your information until you have stated a revocation of your information or until the information no longer serves a purpose in completing our association’s objectives or it becomes a legal obligation. Then, a deletion will follow or – if an obligation of storage applies- a limitation of the processing of the information. In this context we would like to draw your attention to the fact that the legal retention obligation as stated in the code of commercial law as well as the tax code may be up to ten years. The civil statutes of limitation that are coming into validity state storage for up to three years since first knowledge and up to thirty years.
6. What rights do you have?
Each affected person has …
- the right to withdraw any consent under Article 7 EU GDPR,
- the right to information under Article 15 EU GDPR,
- the right to rectification of information under Article 16 EU GDPR,
- the right to erasure under Article 17 EU GDPR,
- the right to restriction of processing under Article 18 EU GDPR,
- the right to object against the processing of information under Article 21 EU GDPR,
- the right to data portability under Article 20 EU GDPR, and also
- the right to lodge a complaint – to be submitted to the Hessischen data protection authorities – under Article 77 EU GDPR in connection to §19 of the German Federal Data Protection Act (BDSG)
The limitations of the right to information and the right to erasure found in §§ 34 and 35 of the BDSG apply.
In accordance with the right to object found in article 21 EU GDPR you have the right, based on reasons that emerge in special situations, to revoke your consent to the processing of your data, which resulted from Article 6 (1)(f) EU GDPR (data processing out of justifiable interest), at any time.
In the case of a objection according to Article 21 EU GDPR, we will no longer process your data, unless there are compelling legitimate grounds for the data processing or the data processing serves to establish, exercise, or defend legal claims.
The objection does not have to occur in any specific form and should be sent directly to our data protection team if possible. This can be done via an email to datenschutz(at)dai.de or with the suffix “data protection” to our postal address.
7. Who is responsible for the data processing and who can you contact?
Controller in accordance to Article 4 (7) EU- General Data Protection Regulation (EU GDPR) is:
Deutsches Aktieninstitut e.V.
Senckenberganlage 28
60325 Frankfurt am Main
Phone +49 69 92915-0
Email dai(at)dai.de
If you have any questions or suggestions regarding data protection, you can contact directly our data protection team at datenschutz@dai.de or our mailing address.
You can reach our data protection officer at:
Deutsches Aktieninstitut e.V.
- Data Protection Officer -
Senckenberganlage 28
60325 Frankfurt am Main
Email dsb(at)dai.de
8. To what extent does data have to be made available, and what are the consequences of reduced availability of data?
Fundamentally you are not obliged to make your information available to us. Though, without certain contact information, such as salutation, first and last name, and email address, we will not be able to properly communicate with you. Most of the information sent out (especially invitations to conferences, working groups, and workshops) can only be received if you supply us with an active email address. The shipping of our semi-annual report “Kurvenlage” or invitations to special events of Deutsches Aktieninstitut require your postal information.
Our working groups, workshops, project groups, and event invitations, but also publications and surveys are usually directed at interested special target groups. For this reason, under specific circumstances we cannot take you into consideration without the name of your company, function, etc.
9. To what extent does automated decision making take place?
We categorically do not use any automated decision making in accordance to Article 22 EU GDPR.
10. Can the data protection notice be changed?
We will inform you about potential changes to our activities as well as changes to our data acquisition process through this data protection notice. You can find the current data protection notice at www.dai.de/datenschutz.