top of page
Data protection policy
1. Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website.
Personal data are all data by which you can be personally identified.
Detailed information on the subject of data protection can be found in our privacy policy listed below this text.
Data Collection on this Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information on the Responsible Party” in this privacy policy.
How do we collect your data?
Your data are collected, on the one hand, by you providing them to us. This may, for example, be data that you enter into a contact form.
Other data are collected automatically or after your consent when visiting the website through our IT systems. These are primarily technical data (e.g. internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior.
If contracts can be concluded or initiated via the website, the transmitted data are also processed for contract offers, orders, or other business inquiries.
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data.
You also have the right to request the correction or deletion of these data.
If you have given consent to data processing, you can revoke this consent at any time for the future.
Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data.
In addition, you have the right to lodge a complaint with the competent supervisory authority.
For this and other questions about data protection, you can contact us at any time.
Analytics Tools and Tools from Third Parties
When visiting this website, your surfing behavior can be statistically evaluated. This happens mainly with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.
2. Hosting
We host the content of our website with the following provider:
WIX
The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter “WIX”).
WIX is a tool for creating and hosting websites.
When you visit our website, WIX helps analyze user behavior, visitor sources, the region of website visitors, and visitor numbers.
WIX stores cookies in your browser that are required for displaying the website and ensuring security (necessary cookies).
The data collected via WIX may be stored on various servers worldwide. WIX’s servers are located, among others, in the USA.
Details can be found in WIX’s privacy policy: https://de.wix.com/about/privacy
According to WIX, data transfer to the USA and other third countries is based on the EU Commission’s Standard Contractual Clauses or comparable guarantees in accordance with Art. 46 GDPR.
Details can be found here: https://de.wix.com/about/privacy-dpa-users
The use of WIX is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation possible of our website.
If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) as defined by the TDDDG.
Consent can be revoked at any time.
The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards in data processing in the USA.
Every company certified under the DPF undertakes to comply with these data protection standards.
Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5626
Order Processing
We have concluded a Data Processing Agreement (DPA) with the aforementioned service provider. This is a legally required contract that ensures that this provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General Notes and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously.
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data are data by which you can be personally identified.
This privacy policy explains which data we collect and what we use them for. It also explains how and for what purpose this happens.
We point out that data transmission over the internet (e.g. communication by email) can have security gaps. Complete protection of data from access by third parties is not possible.
Information on the Responsible Party
The responsible party for data processing on this website is:
Email: contact@smart-invests.com
The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
Storage Duration
Unless a more specific storage period is stated in this privacy policy, your personal data remain with us until the purpose for data processing ceases to apply.
If you make a justified deletion request or revoke your consent to data processing, your data will be deleted, provided we have no other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion takes place after these reasons cease to apply.
General Information on the Legal Basis for Data Processing on this Website
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data under Art. 9(1) GDPR are processed.
In the case of express consent to the transfer of personal data to third countries, processing is also based on Art. 49(1)(a) GDPR.
If you have consented to the storage of cookies or access to information on your end device (e.g. via device fingerprinting), data processing also takes place on the basis of § 25(1) TDDDG. Consent can be revoked at any time.
If your data are required for contract performance or for pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR.
We further process your data if this is necessary for compliance with a legal obligation under Art. 6(1)(c) GDPR.
Data processing may also be based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.
The respective applicable legal basis in each individual case is explained in the following paragraphs of this privacy policy.
Recipients of Personal Data
In the course of our business activities, we work with various external entities. This sometimes makes it necessary to transfer personal data to these external entities.
We only share personal data with external entities when this is necessary for contract fulfillment, when we are legally obliged to do so (e.g. transfer to tax authorities), when we have a legitimate interest under Art. 6(1)(f) GDPR in the transfer, or when another legal basis allows data sharing.
When using processors, we transfer personal data of our customers only on the basis of a valid Data Processing Agreement. In the case of joint processing, a Joint Controller Agreement is concluded.
4. Data Collection on this Website
Cookies
Our internet pages use so-called “cookies.” Cookies are small data packages that do not cause any damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device.
Session cookies are automatically deleted after the end of your visit.
Permanent cookies remain stored on your end device until you delete them yourself or an automatic deletion is carried out by your web browser.
Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for handling payment services).
Cookies have different functions. Numerous cookies are technically necessary since certain website functions would not work without them (e.g. the shopping-cart function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions desired by you (e.g. the shopping-cart function), or to optimize the website (e.g. cookies for measuring web audiences) (necessary cookies) are stored on the basis of Art. 6 (1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services.
If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 (1)(a) GDPR and § 25 (1) TDDDG); consent may be revoked at any time.
You can configure your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser.
When cookies are deactivated, the functionality of this website may be limited.
Which cookies and services are used on this website can be found in this privacy policy.
5. Social Media
X (formerly Twitter)
Functions of the service X (formerly Twitter) are integrated on this website.
These functions are provided by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
For the data processing of persons living outside the USA, the entity responsible is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
When the social-media element is active, a direct connection is established between your end device and the X server. X (formerly Twitter) thereby receives information that you have visited this website.
By using X (formerly Twitter) and the “Re-Tweet” or “Repost” function, the websites you visit are linked to your X (formerly Twitter) account and disclosed to other users.
We point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or of its use by X (formerly Twitter).
Further information can be found in the privacy policy of X (formerly Twitter) at: https://x.com/de/privacy.
The use of this service takes place on the basis of your consent under Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses.
Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html.
You can change your privacy settings on X (formerly Twitter) in your account settings under: https://x.com/settings/account.
The company is certified under the “EU–US Data Privacy Framework” (DPF).
The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data-protection standards for data processing in the USA.
Each company certified under the DPF undertakes to comply with these data-protection standards.
Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/2710.
Instagram
Functions of the service Instagram are integrated on this website.
These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When the social-media element is active, a direct connection is established between your end device and the Instagram server. Instagram thereby receives information that you have visited this website.
If you are logged into your Instagram account, by clicking on the Instagram button you can link the contents of this website to your Instagram profile.
This allows Instagram to associate your visit to this website with your user account.
We point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or of its use by Instagram.
The use of this service is based on your consent under Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
Insofar as personal data are collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR).
Joint responsibility applies solely to the collection of data and its transfer to Facebook or Instagram.
Subsequent processing by Facebook or Instagram is not part of the joint responsibility.
Our joint obligations are set out in an agreement on joint processing.
The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing data-protection information regarding the use of the Facebook or Instagram tool and for implementing the tool in a data-protection-compliant manner on our website.
Facebook is responsible for the security of the Facebook or Instagram products.
Data-subject rights (e.g. access requests) concerning the data processed by Facebook or Instagram can be asserted directly with Facebook.
If you assert data-subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://privacycenter.instagram.com/policy/, and
https://de-de.facebook.com/help/566994660333381.
Further information can be found in Instagram’s privacy policy:
https://privacycenter.instagram.com/policy/.
The company is certified under the “EU–US Data Privacy Framework” (DPF).
The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data-protection standards in data processing in the USA.
Each company certified under the DPF undertakes to comply with these data-protection standards.
Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/4452.
6. Newsletter
Newsletter Data
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter.
No other data are collected or only on a voluntary basis.
We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered into the newsletter subscription form is carried out exclusively on the basis of your consent (Art. 6 (1)(a) GDPR).
You can revoke the consent given to the storage of the data, the email address, and its use for sending the newsletter at any time — for example, via the “unsubscribe” link in the newsletter.
The legality of the data-processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe or after the purpose has ceased to apply.
We reserve the right to delete or block email addresses from our newsletter list at our own discretion within the scope of our legitimate interest under Art. 6 (1)(f) GDPR.
Data stored by us for other purposes remain unaffected by this.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider, insofar as this is necessary to prevent future mailings.
The data from the blacklist will be used only for this purpose and not merged with other data.
This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1)(f) GDPR).
Storage in the blacklist is not time-limited. You can object to this storage if your interests outweigh our legitimate interest.
7. Plugins and Tools
YouTube with Enhanced Privacy
This website integrates videos from the YouTube website.
The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our pages on which YouTube is embedded, a connection is established to the YouTube servers.
The YouTube server is thereby informed which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your browsing behavior directly to your personal profile.
You can prevent this by logging out of your YouTube account.
We use YouTube in enhanced privacy mode.
According to YouTube, videos played in enhanced privacy mode are not used for personalizing browsing on YouTube.
Ads displayed in enhanced privacy mode are likewise not personalized.
In enhanced privacy mode, no cookies are set.
However, so-called local-storage elements are stored in the user’s browser, which, similar to cookies, can contain personal data and be used for recognition.
Details on enhanced privacy mode can be found here:
https://support.google.com/youtube/answer/171780.
After activating a YouTube video, further data-processing operations may be triggered, over which we have no control.
The use of YouTube takes place in the interest of an appealing presentation of our online offerings.
This constitutes a legitimate interest within the meaning of Art. 6 (1)(f) GDPR.
If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) as defined by the TDDDG.
Consent can be revoked at any time.
Further information on data protection at YouTube can be found in their privacy policy at:
https://policies.google.com/privacy?hl=de.
The company is certified under the “EU–US Data Privacy Framework” (DPF).
The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data-protection standards in data processing in the USA.
Each company certified under the DPF undertakes to comply with these data-protection standards.
Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5780.
bottom of page