Privacy statement
(As of February 2025)
Thank you for your interest in our website www.qfbeteiligung.de. We are aware that protecting your privacy when using our websites is important to you. It is therefore a matter of course for us to comply with legal regulations on data protection.
In the following, we will inform you about the collection and other processing (e.g. storage, retrieval, modification, transfer) of personal data using our website. Personal data is all data that relates to you personally, e.g. name, address, email addresses, user behavior.
If we process personal data as part of using our website or if we use contracted service providers for individual functions, offers or services on our website relating to data processing or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes, in particular which data is processed in the process. In doing so, we also state the intended storage period or, in any case, the defined criteria for the storage period and the relevant legal basis for the respective processing.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect data from access by third parties.
I. Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
QF Beteiligungs GmbH
Matthiashofstrasse 28-30
52064 Aachen
II. Collection and storage of personal data as well as type, purpose, legal basis and duration of their use
§ 1 When you visit the website
When using the website for informational purposes only, i.e. if you do not otherwise provide us with information, we only collect the personal access data in so-called server log files, which your browser transmits to our server. The following data is collected as part of the server log files:
• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request comes
• Browser
• Operating system and its interface
• language and version of the browser software.
This data is evaluated exclusively to ensure trouble-free operation of the site in terms of stability and security and to improve our offering and is then discarded. The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest results from the above-mentioned purposes for data collection.
The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the website. There is therefore no option for the user to object.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.
§ 2 When using other services, functions and offers on our website
In addition to the purely informational use of our website, we offer functions that you can use if you are interested. To do this, you must usually provide further personal data, which we use to provide the respective service and to which the above-mentioned principles of data processing apply. The functions are described in more detail below.
(1) Contact form
If you send us inquiries via the contact form, we will store your details from the enquiry form, including the contact details you provided there, for the purpose of processing the enquiry and in case of follow-up questions. We will not share this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected.
(2) Request by e-mail, telephone or fax
If you contact us by email, telephone or fax, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular statutory retention periods — remain unaffected.
§ 3 Storage period
Unless a specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion takes place after these reasons cease to apply.
§ 4 Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no level of data protection comparable with the EU can be guaranteed in these countries. For example, US companies are required to disclose personal data to security authorities without you, as the person concerned, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
§ 5 Visitor Tracking
To record the number of visitors, length of stay and source of website visitors, we use the “Plausible Analytics” tool. Plausible Analytics only collects summarized and freely available information that does not allow any conclusions to be drawn about individual visitors. Individual visitors are not identifiable and no cookies are set or used. For more information about how data is collected, see data policy from Plausible Analytics.
Plausible Insights OÜ
Västriku tn 2, 50403, Tartu, Estonia
III. Hosting
External hosting
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our host will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.
We use the following host:
Webflow, Inc.
398, 11th Street, 2nd Floor
San Francisco, CA 94193
USA
More information about Webflow's privacy policy: https://webflow.com/privacy
Conclusion of an order processing contract
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our host.
IV. Linking to our social media presence
Our website contains hyperlinks to our social media presence:
• Facebook
• Instagram
When you visit our site, no personal data is initially passed on to the providers of the social network. Only when you click on the link and thus reach our page of the corresponding social network, does the provider of the social network receive the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned under II. §1 of this declaration will be transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By clicking on the link, personal data from you is therefore transmitted to the respective provider of the social network and stored there (with US providers in the USA). Since the provider collects data using cookies in particular, we recommend that you delete all cookies using your browser's security settings before clicking on the link.
We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information about the deletion of the collected data by the social network provider.
The provider of the social network stores the data collected about you as user profiles and uses them for advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display appropriate advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although to exercise this right, you must contact the respective provider of the social network as responsible for data protection law. Through the links, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest results from the stated purposes.
The data transfer takes place regardless of whether you have an account with the social network provider and are logged in there. If you are logged in, your data collected by us will be directly assigned to your existing account with the respective provider. If you click on the link and link to the page, for example, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but in particular before clicking on the link, as this allows you to avoid being associated with your profile with the provider.
For more information on the purpose and scope of data collection and processing by the social network provider, please see the privacy policies of these providers provided below. There you will also find further information about your rights in this regard and settings options to protect your privacy.
Addresses of the respective providers and URLs with their privacy policies:
facebook: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
However, according to Facebook, the collected data is also transferred to the USA and other third countries. For more information, see: https://de-de.facebook.com/privacy/explanation
Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
However, according to Facebook, the collected data is also transferred to the USA and other third countries. For more information, see: https://de-de.facebook.com/privacy/explanation
V. Integration of YouTube videos
This website includes videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our websites on which YouTube is integrated, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited.
YouTube can also store various cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability and prevent fraud attempts.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of presenting our online offerings in an appealing way. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. ADSGVO; consent can be withdrawn at any time.
For more information on how to handle user data, please see YouTube's privacy policy at: https://policies.google.com/privacy?hl=de
VI. Integration of Google Maps
This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), GordonHouse, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Web Fonts for the purpose of uniformly displaying fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.
Google Maps is used in the interest of presenting our online offerings in an appealing way and making it easy to find the locations we have specified on the website. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. ADSGVO; consent can be withdrawn at any time.
Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on how to handle user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.
VII. Your rights
If your personal data is processed, you have the following rights vis-à-vis us with regard to the personal data concerning you:
Right to information, Art. 15 GDPR:
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by him. If there is such processing, you can request the following information from the person responsible:
• the purposes for which the personal data are processed;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed, in particular recipients in third countries or international organizations; in the latter cases, you may request to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer;
• the planned duration of storage of personal data concerning you or, if specific information is not possible, criteria for determining the storage period;
• the existence of a right to correct or delete personal data concerning you, a right to restrict processing by the person responsible or a right to object to this processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• all available information about the origin of the data if the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Right to rectification, Art. 16 GDPR:
You have the right to correct and/or complete the data controller if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
Right to deletion, Art. 17 GDPR:
a) Obligation to delete
You can request that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
• The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
• You withdraw your consent on which the processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
• You object to processing in accordance with Article 21 (1) GDPR (see Section VIII) and there are no overriding legitimate reasons for processing, or you object to processing in accordance with Article 21 (2) GDPR.
• The personal data concerning you was processed unlawfully.
• The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
• The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
b) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have deleted all links to this personal data or copies or replications of this personal data from them have requested personal data.
c) Exemptions
The right to deletion does not exist insofar as processing is necessary
• to exercise the right to freedom of expression and information;
• to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right referred to in section a) is likely to make impossible or seriously impair the achievement of the objectives of this processing, or
• to assert, exercise or defend legal claims.
Right to restrict processing, Art. 18 GDPR:
You can request that the processing of personal data concerning you be restricted under the following conditions:
• if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
• the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
• the person responsible no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or
• if you have filed an objection to processing in accordance with Article 21 (1) GDPR (cf. section VIII) and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data — apart from storage — may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If you have obtained a restriction of processing in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
Right to information, Art. 19 GDPR:
If you have asserted the right to correct, delete or restrict processing against the person responsible, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the person responsible to be informed about these recipients.
Right to data portability, Art. 20 GDPR:
You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
• the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
• processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected as a result.
Your right to delete remains unaffected.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.
Right to object, Art. 21 GDPR
You have the right to object on a case-by-case basis and a right to object to the processing of data for advertising purposes. For more information, please see Section VIII of this Privacy Policy.
Right to withdraw the declaration of consent under data protection law:
You can withdraw your consent to the processing of your personal data at any time by contacting the person responsible. Please note that the revocation is only effective for the future. The lawfulness of the processing carried out on the basis of consent up to the withdrawal is not affected.
Automated decision in individual cases, including profiling, Art. 22 GDPR:
You have the right not to be subject to a decision based exclusively on automated processing — including profiling — which has legal effect on you or significantly affects you in a similar way. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to protect your rights and freedoms and your legitimate interests, or
(3) is made with your express consent.
In cases (1) and (3), the controller takes appropriate measures to protect the rights and freedoms and your legitimate interests, which include at least the right to obtain action from the person responsible, to express his own point of view and to challenge the decision.
Decisions based exclusively on automated processing must also not be based on special categories of personal data in accordance with Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
Right to lodge a complaint with a supervisory authority, Art. 77 GDPR:
You also have the right to complain to a data protection supervisory authority about the processing of your personal data. You can address your complaint to the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. The supervisory authority with which the complaint has been lodged will inform you, as the complainant, of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
VIII. Right of objection in accordance with Article 21 GDPR
Right to object on a case-by-case basis:
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you based on Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f) GDPR (data processing to protect the legitimate interests of the person responsible or a third party); this also applies to profiling based on these provisions. If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to the processing of data for advertising purposes
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection in the above cases can be made informally and should, if possible, be sent by email with the subject “Objection” to:
QF Beteiligungs GmbH
Matthiashofstrasse 28-30
52064 Aachen
IX. Data security
By taking all technical and organizational options, we make every effort to store your personal data in such a way that it is not accessible to third parties. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection when the browser's address line changes from “http://” to “https://” and by the lock icon in your browser line.
If SSL or TLS encryption is activated, the data that you submit to us cannot be read by third parties.
QF Beteiligungs GmbH
Matthiashofstraße 28-30
52064 Aachen