Privacy notice for investors of Amadeus FiRe AG

25 May 2018

Amadeus FiRe AG attaches great importance to the protection and security of your personal data.  We process your personal data in compliance with the applicable data protection provisions.  You can find the legal bases in particular in the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).  The following provisions inform you in this respect in accordance with Articles 12, 13 and 21 GDPR about how we handle the personal data concerning you as an investor of Amadeus FiRe AG.

Personal data means any information relating to an identified or identifiable natural person (here-inafter: “data subject”); a natural person is deemed identifiable if he or she can be identified directly or indirectly (for example, by being attributed to an online identifier).  This includes information such as name, address, telephone number and date of birth.

I. Data controller

Data controller within the meaning of the General Data Protection Regulation:
Amadeus FiRe AG
Hanauer Landstraße 160
D-60314 Frankfurt am Main
Phone: (+49) 69 96876-150
Fax: (+49) 69 96876-199
Email: info@amadeus-fire.de

II. Data protection officer

Amadeus FiRe AG
Data Protection Officer
Hanauer Landstraße 160
D-60314 Frankfurt am Main
Email: datenschutzbeauftragter@amadeus-fire.de

III. Purposes and legal bases of the processing of data

1. As part of the weighing of interests (point (f) of Article 6(1) GDPR)
   To the extent necessary, we process your data to safeguard our legitimate interests, for example, to get in contact with you as an investor or inform you of important developments of our business.
2. Based on your consent (point (a) of Article 6(1) GDPR)
   To the extent that you have given us your consent regarding the processing of your personal data for particular purposes (for example, to contact you by email or telephone for advertising purposes), such processing based on your consent is lawful.  Any consent given may be revoked at any time.  This also applies to the revocation of any consent given to us before the General Data Protection Regulation entered into force, i.e. before 25 May 2018.  Please note that the revocation will only have effect for the future.  This means that it will not affect any processing activities carried out prior to the revocation.
3. Based on statutory requirements (point (c) of Article 6(1) GDPR) or in the public in-terest (point (e) of Article 6(1) GDPR)
   Furthermore, we process your personal data as part of the statutory provisions imposed on us as a stock corporation, in particular, based on the applicable provisions of stock corporation law and the securities market regulations applicable to us as a listed company (for example, obligations to publish information).

IV. Categories of recipients

Within our company, access to your data is given to those people or departments that need your data for the performance of our contractual and statutory obligations. The service providers and vicarious agents employed by us may also be provided with data for these purposes if they maintain confidentiality and comply with all provisions and agreements regarding data protection. This concerns the following categories of businesses: IT service providers, telecommunications service providers, auditors and legal advisors, as well as any service providers commissioned by us in connection with the organisation and holding of general meetings. We enter into appropriate data protection agreements that provide for an adequate level of data protection with all companies commissioned by us that process data on our behalf. In particular cases, your data may also be disclosed to public authorities such as the German Federal Financial Supervisory Office (BaF-in). Please note with regard to the disclosure of data to recipients outside our company that we will only disclose information about you where this is required by law or if you have given your consent.

V. Transfer to third countries

We do not transfer your personal data to countries outside the EU and/or the EEA or to international organisations.

VI. Duration of storage

We initially store your personal data for as long as their storage is required for the respective purpose of use (see above).  This also includes the initiation of a contract (pre-contractual legal relationship) and the implementation of a contract.  Furthermore, if the situation arises, we store your personal data until the legal claims, if any, arising out of our relationship with you have become time-barred in order to be able to use such data for evidentiary purposes, if necessary.  The limitation period generally varies from 12 to 36 months and may even be as long as 30 years.

We erase your personal data upon expiry of the limitation period unless we have a statutory obligation to retain your data, for example, under the German Commercial Code (HGB) (Sections 238, 257(4) German Commercial Code (HGB)) or under the German Tax Code (AO) (Section 147(3) and (4) German Tax Code (AO)). Such obligations to retain may exist for a period of up to ten years.

VII. Your rights as a data subject

As a data subject, you have the following rights that you can assert against us if the statutory requirements are met:
 

• Right of access:  Within the limits defined by Article 15 GDPR, you may obtain from us at any time confirmation as to whether or not we process personal data concerning you; where this is the case, you additionally have the right, again within the limits defined by Article 15 GDPR, to obtain access to such personal data and certain other information (inter alia, the purposes of the processing, the categories of personal data concerned, the categories of recipients, the envisaged storage period, the source of the data, the use of auto-mated decision-making and, where personal data is transferred to third countries, the ap-propriate safeguards) and a copy of your data.  The restrictions stipulated in Section 34 German Federal Data Protection Act (BDSG) apply.
• Right to rectification:  Pursuant to Article 16 GDPR, you may demand that we rectify any personal data concerning you that we have stored if such data is not applicable or in-correct.
• Right to erasure:  If the requirements stipulated in Article 17 GDPR are met, you may demand that we erase personal data concerning you without undue delay.  A right to erasure does not exist if, for example, the processing of the personal data is necessary (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (for example, statutory retention obligations) or (iii) for the establishment, exercise or defence of legal claims.  In addition, the restrictions stip-ulated in Section 35 German Federal Data Protection Act (BDSG) apply. 
• Right to restriction of processing:  If the requirements stipulated in Article 18 GDPR are met, you may demand that we restrict the processing of your personal data. 
• Right to data portability:  If the requirements stipulated in Article 20 GDPR are met, you may demand that we deliver to you the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format.
• Right of revocation:  You have the right to withdraw the consent you have given to the processing of personal data at any time with effect for the future.
• Right to object:  If the requirements stipulated in Article 21 GDPR are met, you may ob-ject to the processing of personal data concerning you; as a result, we must stop pro-cessing your personal data.  The right to object exists only within the limits defined in Arti-cle 21 GDPR.  Furthermore, our interests may conflict with the discontinuation of the pro-cessing, giving us the right to process your personal data despite your objection
• Right to lodge a complaint with a supervisory authority:  If the requirements stipulated in Article 77 GDPR are met, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the al-leged infringement if you believe that the processing of personal data relating to you in-fringes the GDPR.  The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.  The supervisory authority responsible for us is:
  Hessische Datenschutzbeauftragte
  Gustav-Stresemann-Ring 1
  D-65189 Wiesbaden.
• Other concerns: Our data protection officer will be happy to help you with any further questions or concerns regarding data protection.  Any inquiries in this regard or exercise of your above rights should, if possible, be made in writing to our above-stated address or be addressed directly to our data protection officer, for example by email to datenschutz@amadeus-fire.de.

 

VIII. Scope of your obligations to provide data

As a general rule, you are not obliged to disclose your personal data to us.  If you do not do so, however, we will be unable to provide you with our contractual services or to reply to your inquiries.  Likewise, we will be unable to make use of your contractual services.  Any personal data not absolutely necessary for the aforesaid processing purposes is marked as voluntary information.

IX. Automated decision-making/profiling

We do not use any automated decision-making or profiling (automated analysis of your personal circumstances).

X. Further information regarding data protection

Amadeus FiRe attaches great importance to the protection of personal data also outside website-specific data processing.  Therefore, to the extent applicable to you, please also note our “Privacy notice for job applicants at Amadeus FiRe” and our “Privacy notice regarding the use of our website”, which are available here.

XI. Amendments

We reserve the right to amend this privacy notice at any time.  Amendments, if any, will be made known inter alia by publication of the amended privacy notice on our website.  Except to the extent otherwise provided, such amendments take effect immediately.

Last revised in May 2018