Privacy Policy of CORESTATE Capital Holding S.A.

In this document we would like to inform you about the processing of your personal data in connection with your visit to the website
“https://corestate-capital.com” (the “Website”). The protection of privacy and your personal data is very important to us.

1. RESPONSIBLE BODY
The person responsible within the meaning of the General Data Protection Regulation (“GDPR”) with regard
to the processing of personal data in connection with the website (unless otherwise stated in this data protection
statement; cf. Section 3(II) below) is

CORESTATE Capital Holding S.A. 4, rue Jean Monnet
L-2180 Luxembourg
Phone: +352-26-637220
Fax: +352-26-637245
E-Mail: info@corestate-capital.com
Website: https://corestate-capital.com

2. DATA PROTECTION OFFICER
You can reach our data protection officer under the following contact options:

Data Protection Officer
CORESTATE Capital Group
Friedrich-Ebert-Anlage 35-37 | Tower 185
60327 Frankfurt am Main, Germany
E-mail: datenschutz@corestate-capital.com
Phone: +49 69 3535630-139

Any person concerned can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

3. PROCESSING OF YOUR DATA
(I) PROCESSING OF DATA FOR INFORMATIONAL USE OF THE WEBSITE ONLY
If you only use the website for information purposes, i.e. if you do not actively provide us with information, we do not collect any personal data (subject to the further information in this data protection statement), with the exception of data that your browser automatically transmits, in particular to enable you to visit the website. This includes e.g:

– IP-Address of the requesting computer
– Date and time of access
– Amount of data transferred in each case
– Browser type and browser version
– Operating system used
– Referrer URL

The aforementioned processing of personal data is basically carried out for the purpose of enabling the use of the website (establishing a connection) or to improve the attractiveness and usability of the website and to detect any technical problems and faults on the website at an early stage.

Individual data (information concerning the browser; see above) is stored in individual cases for a maximum period of four weeks. Insofar as the processing of the aforementioned data involves personal data, the corresponding processing of this data is based on Art. 6 para. 1 sentence 1 lit. f DSGVO (legitimate interest; the legitimate interest follows from the aforementioned purposes).

(II) CONTACT FORMS
If you contact us via the contact forms provided on the website, the personal data you provide in this context (such as your name, e-mail address) will be processed in order to respond to your enquiry.

The legal basis for the processing of the aforementioned personal data is Art. 6 para. 1 sentence 1 lit. f DSGVO (legitimate interests; the legitimate interest results from the fact that the action desired by the user (e.g. answering an enquiry) can only be carried out through appropriate data processing). If the contact is aimed at the conclusion of a contract, Art. 6 para. 1 sentence 1 lit. b DSGVO (fulfilment of contract or pre-contractual measures) is (additionally) the legal basis for the processing.

Please note that, with regard to individual contact forms on the website, not only CORESTATE Capital Holding S.A. processes the corresponding personal data, but also technical service providers (contract processors) of CORESTATE Capital Holding S.A. if necessary. (cf. section 4 below) and the following companies affiliated with CORESTATE Capital Holding S.A. if a corresponding enquiry concerns one of these companies:

– Corestate Capital Group GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany, Tel.: 0049 (0)69 3535630-0, E-Mail: datenschutz@corestate-capital.com

– Corestate Capital Advisors GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany, Tel.: 0049 (0)69 3535630-0, E-Mail: datenschutz@corestate-capital.com

– Corestate Capital Investors (Europe) GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany, Tel.: 0049 (0)69 3535630-0, E-Mail: datenschutz@corestate-capital.com

In this case (i) you will be notified in direct connection with the relevant contact form that your request will (also) be sent to one of the aforementioned companies, and (ii) the respective company is (also) responsible for the relevant data processing in connection with your requests via the contact form. The information in this data protection statement under paragraphs 2 and 4 to 7 apply to these companies with regard to the aforementioned processing of personal data regarding a contact form accordingly.

(III) COOKIES
The website partly uses so-called cookies. Cookies are small text files which are stored on your computer by your browser.

We use so-called session cookies to recognize that you have already visited individual pages on our website. Session cookies are only stored for the duration of access to the website and are automatically deleted when the browser is closed or the website is left. These cookies do not contain any personal data, but merely identify the browser used to access the website. They serve to make the offer on the website more user-friendly, more effective and safer and to make navigation through the website easier for you.

We also use so-called temporary cookies. These make it possible to store specific information related to the device on the user’s access device (PC, smartphone, etc.), even after a session. For example, they can be used to maintain page settings for future visits to the website. These cookies remain stored on your end device for a maximum period of four weeks (usually for a shorter period). These cookies enable us to recognize your browser on your next visit.

The aforementioned cookies are used as far as possible to carry out the electronic communication process or to provide certain functions requested by you (e.g. shopping cart function). The legal basis for the corresponding processing of personal data is Art. 6 para. 1 sentence 1 lit. f DSGVO (legitimate interest; the legitimate interest results from the above-mentioned purposes, in particular optimisation of the use of the website).
As a rule, you can configure your browser so that no cookies are stored or a message always appears before a new cookie is created. However, deactivating cookies may prevent you from (fully) using all the functions of our website.

If other cookies or cookie-like tools (e.g. tools for analysing your surfing behaviour) are used on or in connection with the website, these are dealt with separately in this data protection statement (see in particular below under paragraph 3(V)).

(IV) IT THEMES SECURITY
This website uses the tool “iThemes Security”. In this context, in particular, the IP addresses of visitors to the website are processed in order to detect malicious activity and protect the website from certain types of attacks. The IP addresses are only stored in one of our local databases and are not passed on to third parties. The legal basis for the corresponding processing of personal data is Art. 6 para. 1 sentence 1 lit. f DSGVO (justified interest; the justified interest consists in the fact that we must protect the website against attacks by third parties).

(V) GOOGLE TOOLS
GOOGLE ANALYTICS
The website uses – (with a view to your visit to the website), if you give your consent when visiting the website (for the first time) – Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is enabled on the Website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

This website uses IP anonymization in the aforementioned sense.

You can prevent the storage of cookies (after given consent) by an appropriate setting of your browser software. However, we would like to point out that in this case you may not be able to use all the functions of the website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
You receive more information about Google Analytics here:

http://www.google.com/analytics/terms/de.html, http://www.google.de/intl/de/policies/privacy/
and at Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA.
We have concluded a data processing agreement with Google (cf. also below under paragraph 4).

GOOGLE MAPS
On this website you are able to use contents of the service “Google Maps” of Google. Google sets a cookie each time you access “Google Maps” in order to process user settings and data when the page on which “Google Maps” is integrated is displayed. As a rule, this cookie is not deleted by closing the browser, but only expires after a certain period of time, unless you manually delete it beforehand. If you do not agree with this processing of your data, it is possible to deactivate the “Google Maps” service and thus prevent the transmission of data to Google. You have to deactivate the Java-Script function in your browser. However, we would like to point out that in this case you cannot use “Google Maps” or can only use it to a limited extent. However, the data processing described above will only be carried out (with regard to your visit to the website) if you give us your consent to do so when you visit the website (for the first time) (if you do not give such consent, Google Maps content will not be available on the website or will only be available to a limited extent).

Further information on the purpose and scope of data collection and processing by Google can be found in Google’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy:

http://www.google.de/intl/de/policies/privacy

GOOGLE ADS
We use the Google Ads offer from Google to draw attention to our attractive offers with the help of advertising media (so-called Google Ads) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We pursue with it the interest to show you advertisement which is of interest for you, to make our web page more interesting for you and to achieve a fair calculation of advertising costs.

These advertising media are delivered by Google via so-called “Ad Servers”. For this purpose we use Ad Server Cookies, which can be used to measure certain parameters such as the display of ads or clicks by users. If you access our website via a Google advertisement, Google Ads stores a cookie in your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may recognize that the user clicked on the ad and was directed to that page. Each Ads customer is assigned a different cookie. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media, in particular we cannot identify the users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out and store your IP address.

You can prevent participation in this process in a number of ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any third-party ads; b) by disabling the interest-based ads of the providers that are part of the “About Ads” self-regulatory campaign via the link http://www.aboutads.info/choices, which willbe deleted if you delete your cookies; c) by permanently disabling Firefox, Internetexplorer or Google Chrome in your browsers via the link http://www.google.com/settings/ads/plugin. We draw your attention to the fact that in this case you may not be able to make full use of all the functions of this offer.

GOOGLE WEBFONTS
This page uses so-called web fonts provided by Google for the uniform display of fonts. The Google web fonts are installed locally on our server (to this extent, data processing may take place as described in paragraph 3(I) above; see also there the information regarding the relevant legal basis). A connection to Google servers does not take place.

INTEGRATION OF YOUTUBE VIDEOS
On this website we may include YouTube videos of the online video platform “YouTube” of the operator YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, which are stored on servers of Youtube and can be played directly from our website (YouTube, LLC is a subsidiary of Google).

The videos are integrated in the so-called extended data protection mode, i.e. personal data about you as a user is only transferred to YouTube when you play the videos. We have no influence on this data transmission. This data transfer takes place regardless of whether YouTube provides a user account that you are logged into, or whether there is no user account. If you are logged into Google at the same time, your data will be directly assigned to your account. If you do not wish to be associated with your profile on YouTube, you must log out before playing the video (or refrain from consenting to such data processing when you access the website (for the first time); see below). YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

In addition, the first time the website is opened, a message window opens, which also contains information about YouTube content on the website. Only if you give your consent in this context will the above data processing take place (if you do not give your consent, YouTube content will not be available at all on the website or will only be available by actively retreiving the content).
Further information on the purpose and scope of data collection and processing by YouTube can be found in the Privacy Policy of Youtube. There you will also find further information about your rights and settings to protect your privacy: https://www.google.de/intl/de/policies/privacy.

FURTHER INFORMATION ON THE TOOLS REFERRED TO IN PARAGRAPH 3(V)
The legal basis for the aforementioned processing of your personal data in connection with Google Analytics, Youtube and Google Maps is Art. 6 Para. 1 S. 1 lit. a DSGVO (consent; you can revoke the corresponding consent at any time with effect for the future).

The legal basis for the aforementioned processing of your personal data in connection with Google Ads is Art. 6 Para. 1 S. 1 lit. f DSGVO (legitimate interests). The legitimate interest here is that we have a legitimate economic interest in understanding whether, and how (often) the website is used or how we can successfully advertise. At the same time, the interests of website users are not or only to a very limited extent affected in this context (since the data processed in this context are difficult to classify and no particularly critical data are processed). Against this background, our legitimate interests outweigh the interests of the user.

Personal data may be processed by you in the USA in connection with the aforementioned tools (see above). Google is committed to complying with the EU-U.S. Privacy Shield Agreement on the collection, use and retention of personal data from EU member states, published by the U.S. Department of Commerce. Google has declared through certification that it adheres to the relevant privacy shield principles. The EU Commission assumes that the United States will provide adequate legal protection for personal data transferred from the EU to self-certified organisations in the United States under the Privacy Shields. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework

(VI) USE OF SOCIAL MEDIA PLUGINS
On our pages, plugins from social networks are used (e.g. from Facebook, Twitter, Instagram, XING, LinkedIn; more information about the tools used can be found below).

You can recognize these plugins on the website by the respective social media logos. Some of the tools we use (Twitter, Facebook, Instagram, LinkedIn, Matterport) would generally (without the precautions we take) immediately transmit certain personal data to the providers of these plug-ins when you visit the website. To prevent this, we only use plugins from such providers in conjunction with the so-called “Avada” solution. This application prevents the plugins integrated on the website from transferring data to the respective provider of the corresponding plugins the first time the user enters the website.

Only when you activate the respective plugin by clicking the corresponding button will a connection to the provider’s server be established. As soon as you activate the plugin, the respective provider usually receives the information that you have visited the website with your IP address. In this case, if you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to the website to your user account if necessary.

Activating the plugin as described above constitutes consent to the aforementioned processing of personal data (you give your consent by pressing the corresponding button; Art. 6 Para. 1 S. 1 lit. a DSGVO; you will find further information in the immediate vicinity of the corresponding buttons). You can revoke this consent at any time with effect for the future.

FACEBOOK
The website uses share plugins from the social network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins are recognizable by one of the Facebook logos (e.g. white “f” on a blue tile, the terms “like” or a “thumb up” sign). When a user clicks on a corresponding Facebook plugin by pressing the corresponding button, his browser establishes a direct connection to the Facebook servers (see the details above under “Using social media plugins”).

LINKEDIN
On our website a share plugin of LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA is integrated. LinkedIn is a social network that allows users to connect with existing business contacts and make new business contacts.

When a user clicks on a corresponding LinkedIn plugin, his browser establishes a direct connection to the LinkedIn servers (see the details above under “Using social media plugins”).

For privacy matters outside the United States, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible. Further information on the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins . LinkedIn’s current privacy policy can be found at https://www.linkedin.com/legal/privacy-policy

XING
The website uses a so-called “share button” of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. If you press the corresponding button, a connection to the Xing servers will be established via your browser. A storage of your personal data concerning the call of this web page is not made thereby. In particular, XING does not store any IP addresses. Neither will your usage behaviour be evaluated. You can read the current information on data protection regarding the Xing share button and other relevant information at https://www.xing.com/app/share?op=data_protection.

TWITTER
Our website uses share plugins of the Twitter service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

With the help of this plugin it is possible, for example, to share a contribution or a page of this website via Twitter or to follow us on Twitter. As additional content, individual tweets can be integrated into the website.

When a user clicks on a corresponding Twitter plugin, his browser establishes a direct connection to the Twitter servers (see the details above under “Using social media plugins”). Further information can be found in Twitter’s privacy policy at http://twitter.com/privacy

INSTAGRAM
Our website uses share plugins from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

When a user clicks on a corresponding Instagram plugin, his browser establishes a direct connection to Instagram’s servers (see the details above under “Using social media plugins”).

For more information about the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights and privacy settings in this regard, please see Instagram’s Privacy Policy at https://help.instagram.com/155833707900388/

MATTERPORT
On our site we use components from the video and photo network provider Matterport. Matterport is a service of Matterport, Inc., 352 East Java Drive, Sunnyvale, CA 94089, USA.

When a user clicks on the corresponding Matterport plugin button, his browser establishes a direct connection to Matterport’s servers (see the details above under “Using social media plugins”).

Further information on data protection and Matterport can be found at https://matterport.com/legal/privacy-policy/.

FURTHER INFORMATION ABOUT THE ABOVE MENTIONED TOOLS
The operators of the Twitter, Instagram and Matterport services mentioned in Section 3(VI) above process your personal data (if applicable also) in the USA. Twitter and Matterport have agreed to comply with the EU-US Privacy Shield Agreement on the collection, use and retention of personal data from EU member states, published by the U.S. Department of Commerce. These providers have declared by certification that they adhere to the relevant privacy shield principles. The EU Commission assumes that the United States will provide adequate legal protection for personal data transferred from the EU to self-certified organisations in the United States under the Privacy Shields. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework Instagram ensures an adequate level of data protection in third countries outside the EU (e.g. the US) through the implementation of adequate safeguards, including the so-called standard contractual or data protection clauses approved by the EU Commission with regard to data transfers from the EU to the US. For more information, see https://help.instagram.com/519522125107875. For more information about the standard contract clauses used by Instagram, contact Instagram.

WHATSAPP
The website uses a so-called WhatsApp sharing button. Unlike other social plugins, this is a self-programmed HTML link that creates a native deep link to your WhatsApp application. Data is therefore only transferred to WhatsApp when a user activates the link AND forwards information within his WhatsApp application to a friend (we do not transfer data directly to third parties (in particular the WhatsApp provider) in this context).

4. DISCLOSURE OF DATA TO THIRD PARTIES
The personal data collected within the framework of the use of the website will not be passed on to third parties or transmitted in any other way without your consent – subject to other cases expressly described in this data protection statement.
We may use (technical) service providers who process personal data on our behalf (e.g. IT service providers). These service providers process the corresponding personal data exclusively according to our instructions (contract processors). The legal basis for such data processing is Art. 28 DSGVO (order processing) in conjunction with generally Art. 6 para. 1 sentence 1 lit. f DSGVO (legitimate interest; cf. on the corresponding legitimate interest above).

We may pass on your personal data to third parties if we are legally obliged to do so (e.g. at the request of a court or criminal prosecution authority). The legal basis for such data processing is Art. 6 para. 1 sentence 1 lit. c DSGVO (legal obligation).

5. DURATION OF STORAGE OF YOUR PERSONAL DATA
Insofar as no other storage period results from the other provisions of this data protection statement, we shall store your personal data obtained from you in connection with the use of the website only as long as this is necessary, in particular, to process your enquiries to us or only for the period required to achieve the storage purpose, thereafter only to the extent that we are obliged to do so by mandatory statutory storage obligations. As soon as your data is no longer needed for the purposes described above, they will only be stored during the respective legal retention period and will not be processed for other purposes.

6. YOUR RIGHTS
You have the right to request information from us about the personal data we have stored about you at any time. To the extent that the legal requirements are met, you also have the right to correction, deletion or restriction of the processing of the relevant personal data and the right to object to the processing of your personal data by us and to receive from us the personal data relating to you, which you have provided to us, in a structured, common and machine-readable format (you can transfer this data to other persons or have it transferred).
If you have given your consent to the use of personal data, you can revoke it at any time for the future.
If you are of the opinion that the processing of your personal data by us violates the applicable data protection law, you can complain to the competent data protection supervisory authority.

7. SAFETY FOR YOUR DATA
The data you transmit to us will be protected by suitable technical and organizational means to protect it from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously monitored and improved in line with technological developments and organisational possibilities.