We, Tradias GmbH, take the protection of your personal data and their confidential treatment very seriously. The processing of your personal data is carried out exclusively within the framework of the legal provisions of data protection law, in particular the General Data Protection Regulation (hereinafter referred to as “GDPR”).
This privacy policy informs you about the processing of your personal data and your rights under the GDPR.
1. Name and Contact Details of the Data Controller and the Company Data Protection Officer
This privacy information applies to data processing by:
Responsible party: Tradias GmbH (hereinafter: “Tradias”), Rossmarkt 21, 60311 Frankfurt, Germany.
The data protection officer of Tradias can be reached at the above address or at datenschutz@tradias.de.
2. Collection and Storage of Personal Data as well as the Nature and Purpose of their Use
a) When visiting the website
When you access our website www.tradias.de, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
– IP address of the requesting computer,
– Date and time of access,
– Name and URL of the retrieved file,
– Website from which access is made (referrer URL),
– Browser used and, if applicable, your computer’s operating system and the name of your access provider.
The data mentioned are processed by us for the following purposes:
– Ensuring a smooth connection setup of the website,
– Ensuring comfortable use of our website,
– Evaluation of system security and stability, and
– For further administrative purposes.
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
Furthermore, we use cookies and analysis services when you visit our website. Further explanations can be found under sections 5 and 6 of this privacy policy.
b) When using our contact form or contacting us by e-mail
For any questions, we offer you the opportunity to contact us via a form provided on the website or via an e-mail address provided. It is necessary to provide a valid e-mail address so that we know from whom the request originates and to be able to respond to it. Further information can be provided voluntarily.
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. If the contact aims at initiating a business relationship, the additional legal basis for processing is Art. 6 Para. 1 S. 1 lit. b GDPR.
The personal data collected by us for the use of the contact form or when you contact us by e-mail will automatically be deleted after completion of the request you have made, provided that no further retention need (e.g., initiation of a business relationship) exists.
c) During the Initiation and Execution of a Business Relationship
In the initiation and execution of a business relationship, we particularly collect and process the following types and categories of personal data:
– Last name, first name
– Date of birth, place of birth
– Residential address
– Business address
– Telephone number, fax number
– E-mail address
– Nationality
– ID card data
– Passport data
– IP address
– Profession and professional function
– Educational qualification
– IBAN and BIC
– Securities account number and BIC
– Tax identification number
– Status as a politically exposed person (PeP), family member of a politically exposed person, or a person known to be close in the sense of the Money Laundering Act
– Listing in a sanctions list (UN, HMT, etc.)
– Economic entitlement in the sense of the Money Laundering Act
– Information on planned investment behavior
– Information on investment experience
– Source of funds
– Information on income and assets and, if applicable, evidence thereof
– Wallet addresses (Ethereum addresses)
– Status as a representative of a company
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b GDPR, insofar as it concerns the initiation/execution of a contract with a natural person. In cases of contract initiation/execution with legal entities, the legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR, as data processing is necessary for the fulfillment of the desired contract. Additional legal basis for data processing for fulfilling obligations under the Money Laundering Act is Art. 6 Para. 1 S. 1 lit. c and lit. e GDPR.
d) Data Processing of Service Providers and Suppliers
In the context of cooperation with our service providers or suppliers, we also process personal data. If a service provider or
a supplier is a company, these are the data of the company’s employees with whom we cooperate. For example, we process the (professional) contact information of employees who send us order confirmations.
Data processing of personal data in this context is for the purpose of concluding, executing, or processing the respective agreements with our service providers/suppliers. The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b GDPR, insofar as the service provider or the supplier is a natural person. In the case of a legal entity, the legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR.
3. Transfer of Data
We only transfer your personal data to third parties (recipients) if we are authorized to do so under data protection law. This may be the case, in particular, if:
– You have given us your consent for one or more specific purposes (Art. 6 Para. 1 S. 1 lit. a GDPR);
– The processing is necessary for the performance of a contract with you, or to carry out pre-contractual measures at your request (Art. 6 Para. 1 S. 1 lit. b GDPR);
– The processing is necessary to fulfill a legal obligation to which we are subject (Art. 6 Para. 1 S. 1 lit. c GDPR);
– The processing is necessary to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data prevail (Art. 6 Para. 1 S. 1 lit. f GDPR).
Your personal data may be transferred to the following recipients, in particular:
– To the securities institute Effecta GmbH within the scope of investment brokerage conducted by Tradias under the liability umbrella of Effecta GmbH;
– To the respective issuers or other third parties who use the Tradias platform as a service or are in a business relationship with Tradias in connection with crypto assets or the Tradias platform;
– To specialized service providers for conducting a video identification compliant with anti-money laundering regulations;
– To crypto custodians for the custody of your crypto assets;
– To financial commissioners for the execution of trading transactions;
– To service providers for payment processing (incl. account management and payment of interest and dividends) and for tax registrations;
– To processors commissioned by us according to Art. 28 GDPR, i.e., service providers that process your personal data according to our instructions;
– To other financial institutions, credit agencies, supervisory or tax authorities.
4. Duration of Storage of Personal Data
We will store your personal data for as long as necessary to provide the commissioned services or products or requested information and to manage and execute our business relationship with you. If you have requested us not to contact you, we will retain this information for as long as necessary to fulfill this request.
In addition, we are legally obliged to retain certain types of personal data for specific periods (e.g., due to commercial or tax law retention obligations). Your personal data will be deleted promptly if they are no longer necessary for these purposes.
5. Cookies
We use cookies on our site. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses, Trojans, or other malware.
The cookie stores information that arises in connection with the specific device used. However, this does not mean that we immediately become aware of your identity.
The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what inputs and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.
The data processed by cookies are necessary for the mentioned purposes to protect our legitimate interests and those of third parties according to Art. 6 Para. 1 S. 1 lit. f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely disabling cookies may mean that you cannot use all the functions of our website.
6. Recording of Telephone Calls
We are legally obliged to record securities-related telephone conversations with our traders and customers. To ensure that all telephone calls are recorded, we do not differentiate between trader lines and other telephone connections. However, the conversations may only be listened to under strict conditions, such as at the request of the Federal Financial Supervisory Authority. In addition, it is ensured that access is only possible by authorized persons (a member of the executive board together with a representative of Compliance or the Internal Audit) and is deleted at the latest after five years.
7. Analysis Tools (Google Analytics)
To design our website to meet your needs, we create pseudonymous user profiles using Google Analytics. Google Analytics uses targeting cookies, which are stored on your device and can be read by us. This way, we can recognize returning website users and count them, and learn how often our website was accessed by different users.
When individual pages of our website are called up, the following data are stored:
– Three bytes of the IP address of the calling system (“anonymizeIP”)
– The called website
– The website from which the called page of our website was accessed (referrer)
– The subpages that are called up from the called page
– The time spent on the website
– The frequency of accessing the website
As already mentioned, the IP addresses are not stored in full but are masked (e.g., 192.168.1.***). This way, assigning the shortened IP address to the calling device is no longer possible. We also use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you become a new customer with us and have consented to the tracking analysis, we can also determine from which channel and/or which campaign you found your way to us.
8. Social Media
We do not use social media plugins on our website. If our website contains symbols of social media providers (e.g., Facebook), we only use these for passive linking to the pages of the respective providers.
We maintain publicly accessible profiles in various social networks. Visiting these profiles triggers a wide range of data processing operations. Below we provide an overview of the personal data we collect, use, and store when you visit our profiles.
When visiting our profiles, your personal data are collected, used, and stored not only by us but also by the operators of the respective social network. This also occurs if you do not have a profile in the respective social network. The individual data processing operations and their scope vary depending on the operator of the respective social network and are not necessarily applicable to the processing activities carried out by Tradias.
Details about the collection and storage of your personal data and the nature, scope, and purpose of their use by the operator of the respective social network can be found in the privacy statements of the respective operator:
Privacy policy for the social network Twitter, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA: https://www.twitter.com/de/privacy
Privacy policy for the social network Facebook, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland: https://www.facebook.com/about/privacy
Privacy policy for the social network Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA: https://help.instagram.com/155833707900388
Privacy policy for the social network YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland: https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_de_eu.pdf
If you use our profiles in social networks to contact us (e.g., by creating your own posts, reacting to one of our posts, or sending private messages to us), the data you provide will be processed by us solely for the purpose of contacting you. The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. If the contact aims at initiating a business relationship, the additional legal basis for processing is Art. 6 Para. 1 S. 1 lit. b GDPR.
9. Rights of the Data Subject
You have the right:
– According to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, limitation of processing or objection, the existence of a right to lodge a complaint, the source of your data if they were not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about their details;
– According to Art. 16 GDPR, to demand the immediate correction of incorrect or completion of your personal data stored by us;
– According to Art. 17 GDPR, to
demand the deletion of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims;
– According to Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse their deletion, and we no longer need the data, but you need them for asserting, exercising, or defending legal claims, or you have objected to the processing according to Art. 21 GDPR;
– According to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request the transmission to another controller;
– According to Art. 7 Para. 3 GDPR, to revoke your once given consent to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future, and
– According to Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the supervisory authority responsible for Tradias in Wiesbaden.
10. Right to Object
If your personal data are processed based on legitimate interests according to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which is implemented by us without specifying a particular situation.
If you wish to exercise your right of revocation or objection, an e-mail to datenschutz@tradias.de is sufficient.
11. Data Security
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser during website visits. Usually, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we instead revert to 128-bit v3 technology. You can recognize whether an individual page of our website is transmitted encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulations, partial or complete loss, destruction, or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
12. Currency and Amendment of this Privacy Policy
This privacy policy is currently valid and has the status of December 2021.
Due to the further development of our website and offers above or due to changed legal or official requirements, it may be necessary to change this privacy policy.
The current privacy policy can be viewed and printed at any time on the website at https://www.tradias.de/datenschutz.