Thank you for your interest in our website. Osborne Clarke values the privacy of those who provide personal information to us. This privacy policy (the “Policy”) describes which personal data we collect when using our website and the services and functions contained therein and for which purposes we use these. Furthermore we inform you about your rights in relation to personal Information and how to exercise them.

In this policy we use the terms:
“we”, “us”, “our” (or other similar terms) refer to Osborne Clarke Rechtsanwälte Steuerberater Partnerschaft mbB, Innere Kanalstraße 15, 50823 Köln as the owner of the Osborne Clarke Website;

“Personal Information” is any information relating to an identified or identifiable natural person;

“you” and “your” (and other similar terms) refer to visitors of the Osborne Clarke website, www.www.osborneclarke-fintech.com.

We are subject to the regulations of the General Data Protection Regulation (DS-GVO), the Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). Accordingly, we are in particular entitled to collect and use personal data to the extent necessary to enable you to use our website (“website”) including all services and functions contained therein.

Data Controller contact information

Each OC Member Firm and each Network Firm is a Data Controller:

UK, USA & Network Firms

Osborne Clarke LLP
One London Wall
London EC2Y 5EB
Email:  Privacy.UK@osborneclarke.com

Germany

Osborne Clarke Rechtsanwälte Steuerberater Partnerschaft mit beschränkter Berufshaftung
Innere Kanalstr. 15
D-50823 Köln
Email:  DPO.Germany@osborneclarke.com

Spain

Osborne Clarke Espana S.L.P Av.
Diagonal 477 planta
20 08036 Barcelona
Email:  DPO.Spain@osborneclarke.com

Italy

Osborne Clarke Studio Legale
Corso di Porta Vittoria 9
20122 Milan
Email:  Privacy.Italy@osborneclarke.com

Belgium

Osborne Clarke cvba
Marnixlaan 23 Avenue Marnix
1000 Brussels
Email:  Privacy.Belgium@osborneclarke.com

France

Osborne Clarke SELAS
163 boulevard Malesherbes
75017 Paris
Email:  Privacy.France@osborneclarke.com

Hong Kong

Osborne Clarke
Suite 3501
35/F, Cambridge House
Taikoo Place
Quarry Bay
Hong Kong
Email:  Privacy.HK@osborneclarke.com

Netherlands

Osborne Clarke N.V.
IJdok 29
1013 MM Amsterdam
Email:  Privacy.Netherlands@osborneclarke.com

Sweden

Osborne Clarke Advokatfirma AB
Grev Turegatan 30
114 38 Stockholm
Email:  Privacy.Sweden@osborneclarke.com

Singapore

OC Queen Street (Singapore)
1 Raffles Place #04-61
One Raffles Place Tower 2
Singapore 048616
Email:  DPO.Singapore@osborneclarke.com

China

Zhang Yu & Partners
Suite 708 West Wing
Shanghai Centre
1376 Nanjing Road West
Shanghai PRC 200040
Email: Privacy.China@oclegalchina.com

Your rights in relation to personal Information and how to exercise them

Under certain circumstances you have the following rights:

• the right to ask us to provide you, or a third party, with copies of the Personal Information we hold about you at any time and to be informed of the contents and origin, verify its accuracy, or else request that such information be supplemented, updated or rectified according to the provisions of local law;
• the right to request erasure, anonymisation or blocking of your Personal Information that is processed in breach of the law;
• the right to object on legitimate grounds to the processing of your Personal Information. In certain circumstances we may not be able to stop using your Personal Information, if that is the case, we’ll let you know why;
• withdrawal of consent. When Personal Information is processed on the basis of consent an individual may withdraw consent at any time.

To exercise such rights and if you have any questions about how we collect, store and use Personal Information, then please contact us by post (Osborne Clarke Rechtsanwälte Steuerberater Partnerschaft mbB, Innere Kanalstraße 15, 50823 Köln) or by e-mail at the address fintech@osborneclarke.com. After final answering of your inquiry, we delete your inquiry with a period of three years after the end of the respective calendar year.

You also have the right to lodge a complaint at any time with a supervisory authority, in particular a supervisory authority in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is in breach of data protection legislation.

What basis do we have for processing your Personal Information?

We will only process personal Information where we have a lawful reason for doing so. The lawful basis for processing Personal Information by us will be one of the following:

• the data subject has given consent to the processing of his or her personal information for one or more specific purposes

• the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract
• the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation)
• the processing is necessary for the pursuit of our legitimate business interests (including that of the delivery and the promotion of our services)
• processing is necessary for the establishment, exercise or defence of legal claims

What Personal Information do we collect and process?

We aim to be transparent about why we process Personal Information.

• Visit our website

As soon as you visit our website, we automatically collect and store certain usage data. This includes the IP address assigned to your computer, which we need for the transmission of the contents of our website retrieved by you to your computer (e.g. texts, images and files made available for download, etc.). This data processing takes place in order to enable the use of the website.

We also collect and store information about the use of the website, such as, for example: Date and time of access, type of browser used, browser version used, operating system used, URL of the previously visited website and the amount of data sent. We use this data for data security purposes (e.g. to identify and track unauthorized access attempts and access to the web server) as well as for the purpose of identifying and tracking misuse.

We hold this information for a maximum of one month. In addition, we delete or make anonymous the usage data including the IP addresses immediately as soon as they are no longer required for the aforementioned purposes.

The processing of the data is carried out on the basis of legal regulations which permit data processing because it is necessary for the provision of the website to you (Art. 6 para. 1 letter b DSGVO), or because we have a legitimate interest in ensuring the safety and functionality of the service and its proper use, without this being in the overriding interest of the persons concerned (Art. 6 para. 1 letter f DS-GVO).

• Setting user-own contents

We offer you the opportunity on our website to make comments on content and to submit them to us for publication on the website. To publish your comments on our website, we also need your name and e-mail address. You can also voluntarily enter your homepage. We use this information to process this service and to publish the user’s own content.

The data is processed on the basis of legal regulations that permit data processing because it is necessary for the provision of this functionality to you (Art. 6 para. 1 lit. b DS-GVO).

• Subscription to newsletters

If you have given us your consent to receive newsletters, we will use your e-mail address to send you the newsletter by e-mail on the basis of your consent (Art. 6 para. 1 lit. a DS-GVO).

We verify your agreement to receive our newsletter by e-mail by using the so-called double opt-in procedure. This means that we ask you to actively confirm your agreement to receive the newsletter by e-mail to the e-mail address you provide in the course of the subscription before we start sending it. We use the information about the confirmation to document and, if necessary, prove your consent.

You can revoke your consent at any time with effect for the future by sending us an e-mail to fintech@osborneclarke.com.

The revocation of consent does not affect the legality of the processing based on the consent. If you revoke your consent, we will delete this data and no longer send you newsletters.

• contact inquiries

You can send us contact requests via the website. Your e-mail address will be forwarded to us. You can decide yourself which additional data you make available to us when contacting us (e.g. the content of the message). We process these data to answer your inquiry. The processing of the data is carried out on the basis of legal regulations which allow the data processing because it is necessary for the processing of your request (art. 6 par. 1 lit. b DSGVO). After final answering of your inquiry, we delete your inquiry with a period of three years after the end of the respective calendar year.

• Cookies

Cookies are text files containing information. They are stored on your computer and do no damage there. We use cookies to increase the functionality of our website and to simplify your visit to our website. Through the use of cookies, we can provide login data as a personal preset the next time you visit our website, which makes it possible, for example, to store your password for registration in the press area. We therefore use so-called “session cookies” to maintain a login session. Session cookies are small information units in which a randomly generated identification number, the so-called session ID, is stored. These are stored on your computer. In addition, a session cookie stores information about its origin and the storage period. These cookies cannot store any other data. If you log out of the press area, the session cookies used will be deleted.

The processing of the data is carried out on the basis of legal regulations which permit data processing because it is necessary for the intended and comprehensive provision of the website and the functionalities offered thereon (Art. 6 para. 1 lit. b DSGVO),

You can also view our website without cookies. Most Internet browsers automatically accept cookies. You can prevent cookies from being stored on your hard disk by selecting “do not accept cookies” in your browser settings. Please refer to the instructions of your browser manufacturer to find out how this works in detail. You can delete cookies already set on your computer at any time. If you do not accept cookies, however, this can lead to functional limitations of our services.

How we look after your Personal Information

We have in place appropriate technical and organisational security measures to protect your Personal Information against unauthorised or unlawful use, and against accidental loss, damage or destruction.

We put in place strict confidentiality agreements (including data protection obligations) with our third party service providers.

How long do we store personal information

It is our policy to retain your Personal Information for the length of time required for the specific purpose or purposes for which it was collected. However, we may be obliged to store some Personal Information for a longer time, among other things due legal obligations under applicable law to retain data for a certain period of time. We will ensure that your personal Information are treated in accordance with this policy. Otherwise, we securely erase your information once this is no longer needed.

information disclosure

On occasion, we may need to share your Personal Information with third parties.  We will only share Personal Information where we are legally permitted to do so.

A disclosure of your personal data without your express prior consent will only take place in addition to the other cases mentioned in this policy if we are entitled or obliged to disclose data due to legal regulations and/or official or court orders. Please note that we may be required to disclose Personal Information under applicable law or regulation, including to law enforcement agencies or in connection with proposed or actual legal proceedings. We reserve the right to pass them on to data processing service providers bound by instructions.

International transfers of Personal Information (including to outsourced service providers)

From time to time, we may need to transfer your Personal Information to other OC Member Firms, who may have offices that are located in territories outside of the European Economic Area (“EEA”), including in the USA, in order to provide you with the services required.

Please note that the legal regimes of some territories outside of the EEA do not always offer the same standard of data protection as those inside the EEA, although we will ensure that your Personal Information is only ever treated in accordance with this Policy.

Where necessary, we have entered into standard European Commission approved form model data protection clauses with other OC Member Firms who have offices that are located in territories outside of the EEA (if a transfer is to the United States a service provider must either enter into the standard European Commission form approved data protection clauses or be Privacy Shield certified), to provide you with the service required and with our external service providers and business partners in relation to services that they may provide that involve processing data from locations outside of the EEA for which we are Data Controller.

Links to other websites

Addresses of the respective providers and URL with their data protection information:

Further information on the purpose and scope of data use can be found in the data protection declarations of the providers. They will also provide you with further information about your rights in this regard and setting options to protect your privacy. To our knowledge, the provider stores this data in user profiles which it uses for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right of objection, you must contact the respective provider.

If you have activated the plug-in, the provider in question will perform the action you have chosen, for example, Facebooks will show that you are sharing our website. In addition, however, further data is also transmitted to the provider and stored there (at US-American providers in the USA). The provider receives the information that you have accessed the corresponding subpage of our website. In order for you to access the site, your IP address, the date and time of the request, the website from which the request came, the language and version of your browser, your operating system and its interface will be transmitted to it, whereby, according to Facebook and Xing, these two providers in Germany only collect an anonymised IP address. The data is transferred regardless of whether you actually have an account with the provider or are logged in there. If you are logged in with the provider, your data will be assigned directly to your account. Providers may also use cookies on your computer to track you.

We are also not aware of the full extent of the data collection, the purposes and the storage periods. However, we will inform you about all data processing that we are aware of.

When you activate the plug-in, data is automatically transferred to the respective provider. Please note that Osborne Clarke is not, and cannot, control or be responsible for the content or privacy and confidentiality practices of any third party websites. You must always carefully review the privacy and confidentiality policy of any third party website that you may visit in order to understand how the operators of that website may collect, store and use your Personal Information.

The Osborne Clarke website, www.osborneclarke.com, may link to other, unaffiliated third party websites. We currently use plug-ins from Facebook, Google+, Twitter, Xing and LinkedIn. We use the tool Shariff. This tool only transmits data to the respective network if you click on the corresponding plug-in, for example by pressing the “f share” button.

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php;

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/intl/de/policies/privacy/

c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

Complaints

While we hope that you will not need to, if you want to complain about our use of personal Information please send an email detailing your complaint to the relevant Privacy Officer at the above email address.

You also have the right to lodge a complaint at any time with a supervisory authority, in particular a supervisory authority in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is in breach of data protection legislation.

Updates to this Policy

This Policy was last updated in May 2018.  The further development of the Internet and our Internet offering may also have an impact on the handling of personal data. Please check back regularly to keep informed of updates to this Policy.