Privacy policy

 

Responsible Entity

The entity responsible for data processing on this website, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws, is:

wealthAPI GmbH
Fanny-Zobel-Straße 9
12435 Berlin

Link to Legal Notice (Impressum): https://wealthapi.eu/en/data-security/

This privacy policy is dedicated to natural persons (individual users) who visit this website; for a comprehensive overview of external services and third-party integrations tailored specifically for our B2B business clients, please refer to our dedicated Trust Center.

Data Protection Officer

ou can contact our designated Data Protection Officer, who oversees our compliance with privacy laws and serves as a point of contact for your privacy concerns, at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Eifelstraße 55
93057 Regensburg
Germany

E-Mail: kontakt@buglundkollegen.de

Rights of the Data Subject

As a person whose data is being processed (a “data subject”), you are entitled to the following rights under the EU General Data Protection Regulation (GDPR):

Right of Access (Art. 15 GDPR):

You have the right to request comprehensive information regarding which personal data we have stored about you, the specific purposes for which it is processed, the categories of recipients who have received or will receive this data, and the planned duration of storage.

Right to Rectification (Art. 16 GDPR):

You may demand the immediate correction of any inaccurate personal data or the completion of any incomplete data we hold about you to ensure your information is correct and current.

Right to Erasure / ‘Right to be Forgotten’ (Art. 17 GDPR):

Under certain conditions, you can request that your personal data be deleted—for example, if the data is no longer necessary for the original purpose, or if you have withdrawn your consent and there is no other legal basis for processing.

Right to Restriction of Processing (Art. 18 GDPR):

You have the right to request that we limit how we process your data, such as when you contest the accuracy of the data, or if the processing is unlawful but you oppose erasure and instead request a restriction on its use.

Right to Data Portability (Art. 20 GDPR):

You can request to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, or request that we transmit that data directly to another controller where technically feasible.

Right to Object (Art. 21 GDPR):

You have the right to object at any time to the processing of your personal data if such processing is based on our “legitimate interests” or is carried out for a task in the public interest; we will then cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Withdrawal of Consent (Art. 7 GDPR):

If you have granted us explicit consent to process your data, you have the right to revoke this consent at any time with future effect, without providing a reason.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR):

Without prejudice to other legal remedies, you have the right to file a formal complaint with a data protection regulatory authority, particularly in the member state of your habitual residence, place of work, or the location of the alleged infringement.

Hosting and Server Log Files

To operate and maintain our website reliably and securely, we utilize third-party hosting services providing infrastructure, computing capacity, storage, and technical maintenance.

In this context, we or our hosting provider process inventory, contact, content, contract, usage, and communication data of visitors and customers based on our legitimate interest in providing an efficient and secure online presence (Art. 6 Para. 1 lit. f GDPR), governed by a data processing agreement (Art. 28 GDPR).

Contacting Us

You have the option of contacting us by email, telephone, contact form, or letter, which may involve the processing of personal data. We process your data for the purpose of handling and processing your inquiry. We will not pass on your data to third parties without your consent.

The legal basis for processing is our legitimate interest in the effective processing of your request in accordance with Art. 6 Para 1 lit. f GDPR.

When you contact us by email, we store your email address and the information contained in the email. If you use the contact form, your IP address will be pseudonymized in addition to the information provided in the contact form. If you contact us by letter, your return address and the content of the letter will be stored. If you contact us by telephone, we will collect personal data depending on the individual case.

We will store your data until you request us to delete it or until the purpose of processing (the processing of your request) has been fulfilled.

Newsletter Subscription

You have the option of subscribing to our email newsletter, which we use to inform you about our company’s offers. We use the Mailchimp service to register and send the newsletter.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 Para 1 lit. a GDPR. You can revoke your consent at any time with future effect, for example by using the “unsubscribe” link in each newsletter email or by contacting the data controller.

When you subscribe, we may send you a double opt-in email to verify your email address. In addition to the data entered in the registration form, we process your IP address and the time of registration.

The purpose of data processing is exclusively to send our newsletter.

The data stored in connection with the newsletter will be stored until you unsubscribe from the newsletter. Data that we have stored for other purposes remains unaffected by this.

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you information about similar goods or services to those you have already purchased by email, unless you have objected to this. Data processing is based on our legitimate interest pursuant to Art. 6 Para 1 lit. f GDPR in conjunction with §7 (3) UWG (German Unfair Competition Act).

Job Applications

When you apply for a job with us, your personal data will be processed. The legal basis for processing is Art. 6 Para 1 lit. b GDPR in connection with the implementation of pre-contractual measures. If your data is required after completion of the application process to defend against legal claims, processing will be based on our legitimate interest in a duty of proof pursuant to Art. 6 Para 1 lit. f GDPR, for example in connection with the Equal Treatment Act.

We process the data you have provided us with in your application and the data we need to assess your suitability for the position in question.

The purposes of the processing are to manage your application, assess your suitability for the vacant position, and contact you in connection with your application or possible alternative positions.

We delete your data after six months. If you have agreed to be included in the applicant pool, we delete it after two years. If your application leads to employment, we store your data for the duration of your employment with us.

Duration of Storage

When you use our website for informational purposes only, we store your personal data for the duration of your visit. This data is automatically deleted when you leave the website.
If you actively use the website, e.g. to contact us, we initially store your personal data for the duration of processing your request. In addition, we store the data for as long as this is necessary to safeguard or enforce possible legal claims. The standard limitation period is 12 to 36 months, but in individual cases it can be up to 30 years.
After the limitation period has expired, your data will be deleted, provided that there is no legal obligation to retain it. Such obligations arise in particular from the German Commercial Code (Sections 238, 257 (4) HGB) or the German Fiscal Code (Section 147 (3), (4) AO) and generally range from two to ten years.

Categories of Recipients

We work with various external parties in the course of our business activities. Personal data will only be passed on to these recipients if this is necessary to fulfill contractual obligations, we are legally obliged to do so (e.g. to tax authorities), there is a legitimate interest within the meaning of Art. 6 Para 1 lit. f GDPR, you have given your consent in accordance with Art. 6 Para 1 lit. a GDPR, or another legal basis permits the transfer of data.
If we use service providers as processors, personal data will only be transferred on the basis of a valid contract for order processing. In the event of joint responsibility, a contract for joint processing will be concluded in accordance with Art. 26 GDPR.

You can find more detailed information on the recipients used in the course of this privacy policy or you can contact us using the contact details provided above.

Data Transfer to Third Countries

Personal data will only be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) if this is necessary or legally permissible, if you have given us your express consent, or within the scope of order processing.
If service providers in a third country are used, we oblige them to comply with the level of data protection applicable in the EU by means of appropriate safeguards, usually the EU standard contractual clauses. If an adequacy decision has been issued by the European Commission, we base the data transfer on this. Further information on this can be obtained via the contact options listed above.

Processing within the Business Relationship

We may process the personal data of our customers, prospects, suppliers, vendors, and partners for communication, planning, contract fulfillment, marketing, administration, and security purposes.

The legal basis for processing the data provided is our legitimate interest pursuant to Art. 6 Para 1 lit. f GDPR and the performance of a contract pursuant to Art. 6 Para 1 lit. b GDPR.

Within the scope of the business relationship, we process, among other things, contact information, billing information and payment data, other necessary information in a project or contractual relationship, or information that is voluntarily provided to us.

Borlabs Cookie

We use the “Borlabs Cookie” service on our website to manage our visitors’ cookie settings. The provider is Borlabs GmbH Rübenkamp 32 22305 Hamburg, Germany. Borlabs Cookie is hosted on our own servers, so no data is passed on to third parties.

The legal basis for the use of Borlabs Cookie is the fulfillment of a legal obligation pursuant to Art. 6 Para 1 lit. c GDPR.

The data processed by Borlabs Cookie includes your consent preferences, consent status, and cookie settings, whereby the service sets cookies in your browser to store these preferences.

The purpose of data processing is to manage user consent for cookies and to store user settings regarding cookie use.

Google Ireland LLC Services

The legal basis for the use of this service is your consent in accordance with Art. 6 Para 1 lit. a GDPR. You can revoke your consent at any time with future effect.

The data processed by Google Ireland includes your IP address, browser and device information, location data, time of visit, information about your interaction with the website, and cookies are set.

If you are logged into a Google account, this data can be linked to a user profile.

The purpose of data processing is to analyze and evaluate user behavior in order to optimize the website and marketing measures.

The standard data retention period is 14 months.

It cannot be ruled out that personal data may be transferred to unsafe third countries (USA) where the level of data protection is lower than in the EU. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens’ data in the USA. We have concluded a data processing agreement (DPA) with Google, which ensures that personal data is only processed in accordance with our instructions and in compliance with the GDPR.

Information about the cookies set can be found at: https://policies.google.com/technologies/cookies

You can prevent the processing of your data by clicking on this link: https://tools.google.com/dlpage/gaoptout

Google Analytics

We use the Google Analytics service on our website to analyze user behavior.

For more information about Google Analytics’ privacy policy, please visit: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008,3544742,2986333,&sjid=1881441919987619365-EU

Google Tag Manager

We use the Google Tag Manager service on our website to efficiently manage website tags.

For more information about Google Tag Manager’s privacy policy, please visit: https://policies.google.com/privacy

Google Recaptcha

We use the “Google reCAPTCHA” service on our website to protect ourselves from spam and automated abuse.

The purpose of data processing is to verify user interactions and protect the website from spam and abuse.

YouTube

We use the video service “YouTube” on our website.

The purpose of data processing is to provide video content and integrate it into our website.

According to Google’s privacy policy, the storage period for data processed by YouTube varies depending on the type of data and user settings. By default, activity data (such as videos viewed, search history, etc.) is automatically deleted after 36 months (3 years) for new accounts or users who have not previously set a storage period. Users can manually set this storage period to 3 months, 18 months, or have the data stored permanently. Detailed information can be found at: https://policies.google.com/privacy?hl=de#inforetaining

Social Media–Profile

We maintain online profiles on the following social networks (hereinafter referred to as “social media”) in order to communicate with customers, interested parties, and the general public and to draw attention to our services:

• LinkedIn (LinkedIn Ireland Unlimited Company)
• Xing (New Work SE)

For information on the scope and purpose of data processing, please refer to the applicable data protection regulations of the networks:

• LinkedIn: https://de.linkedin.com/legal/privacy-policy?
• Xing: https://privacy.xing.com/de/datenschutzerklaerung

Processing is carried out on the basis of Art. 6 Para 1 lit. f GDPR, as we have a legitimate interest in contemporary public relations work. If consent is required, processing is carried out on the basis of Art. 6 Para 1 lit. a GDPR.

If you transmit additional data (e.g., personal messages) to the services, your consent is generally required for this. Please note that we have no influence on data processing by social media providers. If you have any questions or wish to assert your rights as a data subject (e.g., information, deletion), please contact the respective platform operator directly.

You can subscribe to or unsubscribe from our social media profiles at any time. If you do not want social media service operators to collect data about your visit to our profiles, please use the deactivation options (e.g., log out, ad tracker blocking) in your user account or install the appropriate browser add-ons.