Privacy Policy

This privacy policy is made on behalf of Moonfare and its affiliates identified above. The Moonfare legal entity with which you do business is the controller for purposes of this policy and is committed to protecting and respecting your privacy.

Where we use the terms “we”, “us” and “our” in this Data Privacy Policy, we are referring to Moonfare.

When you provide (or have provided) us with your Personal Data, Moonfare acts as:

• (a)  for the purpose of EU data protection legislation, a “controller”; and/or
• (b)  for the purpose of Hong Kong data protection legislation pursuant to the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong),
  a “data user”; and/or
• (c)  for the purpose of Singapore data protection legislation, an “organisation” pursuant to the Personal Data Protection Act 2012 (No. 26 of 2012)
  

In simple terms, this means that:

• we are the “controller” or “use” the Personal Data that you provide for our business purposes 
• we take reasonable steps to safeguard your personal information
• we make certain decisions on how to use and protect your Personal Data
  – but only to the extent that we have informed you about the use or are otherwise permitted by law to do so

The types of Personal Data we process, hold and share depends on the product or service you have with us and the nature of your investment, including to comply with anti-money laundering and know your customer laws.  This can include or be related to:

• contact information (private or professional): full name, postal address, e-mail address, phone number
• identification information: e.g. identity (identity card, social security number, passport information, etc.), place and date of birth, nationality, gender, photo
• economic, financial and tax information: e.g. tax ID and tax status, income and other revenues, value of your assets
• education and employment information: e.g. employer’s name, employment, education level, remuneration
• banking and financial information: e.g. bank account details, product and services used, credit card details, money transfers, assets, declared investor profile, credit history
• banking and financial information: e.g. bank account details, product and services used, credit card number, money transfers, assets, declared investor profile incl. investment experience, investment activity, risk tolerance and transaction history
• transaction data including full beneficiary names, address and details including communications on bank transfers of the underlying transaction
• data about your preferences (data which relate to your use of our products and services)
• activity and interaction on the Platform, our other apps and our social media pages, (connection and tracking data such as cookies, connection to online services, IP address, geolocation data), call, chat, email, interview, phone conversation and information about your device (IP address, technical specifications and uniquely identifying data)
• login credentials used to connect to our Platform and apps
• accounts at other institutions such as private banks or family offices of whom you may be a client
• only upon obtaining your explicit prior consent: biometric data such as fingerprint, voice pattern or face pattern which can be used for identification and security purposes and health data for insurance contracts; all such data is processed on a strict need-to-know basis
  

The Personal Data collected about you will help us provide you with a better service and facilitate our business relationship.

• We may combine Personal Data that you provide to us with Personal Data that we collect from, or about you, in some circumstances
• This will include Personal Data collected in an online or offline context (see below)

We collect, and have collected, Personal Data about you from a number of sources, including from you directly:

Personal Data that you give us:

• from the forms and any associated documentation that you complete when subscribing for an interest in Moonfare. This can include information about your name, address, date of birth, passport details or other national identifier, driving licence, your national insurance or social security number and income, employment information and details about your investment or retirement portfolio(s)
• when you undergo certain verification checks and submit identity information such as your identity card or passport, to us
• when you provide it to us in correspondence and conversations
• when you make transactions with respect to Moonfare
• when you purchase securities from us and/or tell us where to send money
  

Personal Data we obtain from others:

• publicly available and accessible directories and sources
• professional partners such as private banks or family offices of whom you may be a client
• bankruptcy registers
• tax authorities, including those that are based outside the EEA if you are subject to tax in another jurisdiction
• governmental and competent regulatory authorities to whom we have regulatory obligations
• credit agencies
• fraud prevention and detection and anti-money laundering agencies, organisations and service providers

We may collect, process, use or disclose your Personal Data for the following reasons or purposes:

1. Contract

It is necessary to take steps at your request prior to entering into a contract and to perform our contractual obligations with you to:

• evaluate (e.g. based on your investment experience) if we can offer you our Funds
• administer, manage and set up your investor account(s) to allow you to purchase your holding (of interest) in our Funds and assist you in particular by answering your requests
• meet the resulting contractual obligations we have to you
• facilitate the continuation or termination of the contractual relationship between you and Moonfare
• facilitate the transfer of funds, and administering and facilitating any other transaction, between you and Moonfare
  

2.  Compliance with law

It is necessary for compliance with an applicable legal or regulatory obligation to which we are subject to:

• undertake our client and investor due diligence, and on-boarding checks, carry out an assessment of appropriateness to provide investment brokerage services to each client
• prevent and detect money laundering and financing of terrorism and comply with regulation relating to sanctions and embargoes through our Know Your Customer (KYC) process (to identify you, verify your identity, screen your details against sanctions lists and determine your profile which might be carried out by third party service providers)
• verify the identity and addresses of our investors (and, if applicable their beneficial owners)
• record transactions for accounting purposes
• record conversations for regulatory purposes
• comply with requests from duly authorized local or foreign financial, tax, administrative, criminal or judicial authorities, law enforcement, state agencies
  or public bodies
• surveillance and investigation
• carry out audit checks
• maintain statutory registers
• manage, prevent and detect fraud
• sanctions
  

3.  Our legitimate interest

For our legitimate interests or those of a third party to:

• manage and administer your holding in any Funds in which you are invested, and any related accounts on an ongoing basis
• assess and process any applications or requests made by you
• open, maintain or close accounts in connection with your investment in, or withdrawal from, Moonfare
• send updates, information and notices or otherwise correspond with you in connection with your investment in Moonfare
• address or investigate any complaints, claims, proceedings or disputes
• provide you with, and inform you about, our investment products and services and to improve them, perform client satisfaction and opinion surveys
• monitor and improve our relationships with investors
• comply with applicable regulatory obligations
• manage our risk and operations
• comply with our accounting and tax reporting requirements
• comply with our audit requirements
• assist with internal compliance with our policies and process
• ensure appropriate group management and governance
• keep our internal records
• prepare reports on incidents / accidents
• protect our business against fraud, breach of confidence, theft of proprietary materials, and other financial or business crimes (to the extent that this is not required of us by law)
• analyse and manage commercial risks
• seek professional advice, including legal advice
• enable any actual or proposed assignee or transferee, participant or sub-participant of the partnership’s or Funds’ rights or obligations to evaluate proposed transactions
• facilitate business asset transactions involving Moonfare partnership or Fund-related vehicles
• monitor communications to/from us using our systems
• protect the security and integrity of our IT systems
  

In any case, our legitimate interest remains proportionate and we verify according to a balancing test that your interests or fundamental rights are preserved. Should you wish to obtain more information about such balancing test, please contact us using the contact details provided below. 

4.   Your consent

We rely on explicit consent to enhance your user experience on the Platform to:

• track & analyse Platform activity and engagement with Moonfare media and publications
• send you marketing and promotional messages related to the alternative investments industry and related Moonfare products
  

Monitoring as described at (3) above

We monitor communications where the law requires us to do so. We will also monitor where we are required to do so to comply with our regulatory rules and practices and, where we are permitted to do so, to protect our business and the security of our systems.

Your Personal Data will be shared with:

1.  Moonfare fund operations, legal & compliance, finance, and account services teams

We share your Personal Data as described above with certain Moonfare team members and related parties. This is for:

• managing our relationship with you (including recordkeeping related to former clients)
• any other purposes set out in this Privacy Policy
  

2.  Administrator, Fund Manager, Investment Advisor, Professional partners such as private banks or family offices of whom you may be a client

• delivering the services you require
• managing your investment
• supporting and administering investment-related activities
• complying with applicable investment laws and regulations (e.g. know your customer)
  

3.   Tax authorities and local regulators

• to comply with applicable laws and regulations
• where required by EEA tax authorities (who, in turn, may share your Personal Data with foreign tax authorities)
• where required by foreign tax authorities, including outside of the EEA
  

4.  Service providers, including IT providers, security services providers and financial services administrators

• delivering and facilitating the services needed to support our business relationship with you
• supporting and administering investment-related activities
  

5.  Our lawyers, auditors and other professional advisors

• providing you with investment-related services
• to comply with applicable legal and regulatory requirements
  

6.  In certain circumstances, we will share some or all of your Personal Data with:

• competent regulatory, prosecuting and other governmental agencies or litigation counterparties, in any country or territory
• organisations and agencies – where we are required to do so by law
• Moonfare Ambassadors – where a user has been referred to the Platform by another user in their role as Ambassador (this includes binary information about whether or not an investment on the Platform has happened)
• third parties – where we have obtained your specific consent to do so in relation to certain promotional offers or other limited time programs that may be available on the Platform from time to time. We may also share Personal Data in the context of a merger, acquisition, sale of assets, or other corporate reorganization.

Opting out of sharing creditworthiness information with affiliates

Moonfare may share your information about your creditworthiness with our affiliates. You may opt out of such disclosures by contacting us at [email protected]. We will process your request within a reasonable time after receipt.

Where we collect Personal Data from you, we will indicate if:

• provision of the Personal Data is necessary for our compliance with a legal obligation; or
• it is purely voluntary and there are no implications for you if you do not wish to provide us with it.
  

Unless otherwise indicated, you should assume that we require the Personal Data for business and/or compliance purposes and the purposes as set out in this Privacy Policy. 

Some of the Personal Data we request, or have requested, is necessary for us to perform our contract with you and/or to comply with our legal obligations, and if you do not wish to provide us with this Personal Data, it will affect our ability to provide our services to you and manage your investment.

We intend to use your Personal Data in direct marketing, however we may not do so unless we have received your consent (which includes an indication of no objection) for such purposes. In this respect, please note that:

(i) your name, contact details, product information, financial background, and demographic data held by us may be used by us in direct marketing from time to time;

(ii)   the following classes of services, products and subjects may be marketed: financial, investment, and related services and products;

(iii)  the above services, products, and subjects may be provided by or solicited by Moonfare and/or third party financial institutions with whom Moonfare contracts, including financial service providers, such as banks, securities contractors, and investment contractors;

(iv)  in addition to marketing the above services, products and subjects itself, we also intend to provide the data described in (i) above to all or any of the persons described in paragraph (iii) above for use by them in marketing those services, products and subjects, and we require your written consent (which includes an indication of no objection) for such purpose;

(v)   in connection with (iv) above, we may receive money or other property in return for providing the data to the persons described in (iii) above for use by them in direct marketing (including revenue / benefit sharing arrangements between us and such persons).

If you do not wish Moonfare to use or provide to other persons your Personal Data for use in direct marketing as described above, you may exercise your right to opt-out, without charge, by notifying us through the contact information provided below.

By providing your information to us, you agree to the transfer, storage and processing of your Personal Data by our group members, members of Moonfare’s partnership and related parties and third party service providers in countries and territories outside of the EEA, Hong Kong or Singapore in connection with the purposes specified in this Privacy Policy.  This may include transfers to the United States.

We will transfer your Personal Data to our group members, members of Moonfare’s partnership and related parties, and to third party service providers in countries or territories outside of the EEA or outside of Hong Kong or outside of Singapore, which may not have similarly strict data protection and privacy laws, and you agree to such transfer outside of the EEA, Hong Kong or Singapore. 

Where we transfer Personal Data to other members of our group, or our service providers, we have put in place data transfer agreements and safeguards using European Commission approved terms.

Where we transfer Personal Data collected in Singapore to other members of the group, members of Moonfare’s partnership and related parties and third party service providers in countries or territories outside of Singapore, we will take steps to ensure that the recipients are bound by legally enforceable obligations to provide the transferred Personal Data a standard of protection that is at least comparable to the protection required under Singapore laws. 

Please contact us if you would like to know more about these agreements or receive a copy of them. Please see below for our contact details.

With the exception of the limited instances described above, we do not generally rely
on obtaining your consent to process your Personal Data.

If we do, you have the right to withdraw this consent at any time.Please contact us or send us an email at [email protected] at any time if you wish to do so.

We keep your Personal Data for as long as it is required by us for our legitimate business purposes, to perform our contractual obligations, or where such longer period as is required by law or regulatory obligations which apply to us.

• we will generally retain Personal Data about you throughout the life cycle of any investment you are involved in
• some Personal Data will be retained after your relationship with us ends
• you have the right to define guidelines for the storage, erasure and communication of your personal data after your death.
  

As a general principle, we do not retain your Personal Data for longer than we need it.

We will usually delete your Personal Data (at the latest) after you cease to be an investor in any Fund and if there is no longer any legal or regulatory requirement or business purpose for retaining your Personal Data.

We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of Personal Data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the requirements of EU data protection legislation and other applicable laws.

You have certain data protection rights, including:

• the right to access your Personal Data (right of access)
• the right to restrict the use of your Personal Data (right to restriction of processing)
• the right to have incomplete or inaccurate Personal Data corrected (right to rectification)
• the right to ask us to stop processing your Personal Data (right to object, please see below)
• the right to require us to delete your Personal Data in some limited circumstances (right to erasure)
  

If you have a relationship with Moonfare GmbH, you also have the right in some circumstances to request for us to “port” your Personal Data in respect of such relationship in a portable, re-usable format to other organisations (where this is possible).

You furthermore have the right to lodge a complaint with a supervisory authority.

If you are located in the EU we would also like to explicitly note your right to object to processing of your Personal Data, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para 1f GDPR (data processing based on balancing of interests) according to Art 21 GDPR.

Please contact us through the methods outlined at “Contact us” below in relation to the requests above.

Moonfare uses data collected by cookies and javascript libraries to improve your browsing experience, analyse Platform traffic, deliver personalised advertisements, and increase the overall performance of our Platform.

By using the website, you’re agreeing to our data collection policy as described below. If you want to update your preferences, you can do so by clicking “Website Data Collection Preferences” at the bottom of this page.

How do we collect data on our website?

We use a variety of tools on our website that collect data using both cookies and javascript libraries.

Cookies are small text files that store Internet settings from the websites you visit. They are widely used to make website features work, operate more efficiently, or improve your experience on the Platform. 

Cookies are also used to remember your preferences or personalize the content so that it is more relevant to you.

Javascript libraries are snippets of codes we run on the page that are executed when certain actions take place.

The table below outlines how we use this data by category.

Categories

• Functional
  Purpose: To monitor the performance of our Platform and to enhance your browsing experience. For example, these tools enable you to communicate with us via live chat.
  

• Marketing & Analytics
  Purpose: To understand user behavior in order to provide you with a more relevant browsing experience or personalize the content on our Platform. For example, we collect information about which pages you visit to help us present more relevant information.
  

• Advertising
  Purpose: To personalize and measure the effectiveness of advertising on our Platform and other websites. For example, we may serve you a personalized ad based on the pages you visit on our Platform.
  

• Essential
  Purpose: Moonfare uses browser cookies that are necessary for the Platform to work as intended. For example, we store your website data collection preferences so we can honor them when you return to our Platform. You can disable these cookies in your browser settings but if you do the Platform may not work as intended.

Personal Data is collected for the following purposes and using the following services:

Analytics:

Analytics services enable the owner to monitor and analyze web traffic and can be used to keep track of user behavior. These services include:

• Google Analytics (Google Ireland Limited)
• Google Optimize
• Hotjar Form Analysis & Conversion Funnels (Hotjar Ltd.)
• HubSpot Analytics (HubSpot, Inc.)
• Matomo
• Heap Analytics (Heap Inc.)
• Webflow, Inc.
• Databox
• Zoho PageSense
  

Heat Mapping and Session Recording:

Heat mapping services are used to display the areas of a page where users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of user behavior. These services may record sessions and make them available for later visual playback. These services include:

• Hotjar Heat Maps & Recordings (Hotjar Ltd.)
  

Interaction with Online Survey Platforms:

This type of service allows users to interact with third-party online survey platforms directly from the pages of moonfare.com. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if the users do not actively use the service. These services include:

• Hotjar Poll & Survey widgets (Hotjar Ltd.)
  

Platform Services and Hosting:

These services have the purpose of hosting and running key components of moonfare.com, therefore allowing the provision of moonfare.com from within a unified platform. Such platforms provide a wide range of tools to the owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored. These services include:

• Webflow, Inc.
  

Tag Management:

This type of service helps the owner to manage the tags or scripts needed
on moonfare.com in a centralized fashion. This results in the users’ data flowing through these services, potentially resulting in the retention of this data. These services include:

• Google Tag Manager
  
  

Displaying Content from External Platforms:

This type of service allows you to view content hosted on external platforms directly from the pages of moonfare.com and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when users do not use it. These services include:

• Google Fonts, by Google, LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, https://www.google.com/fonts. For Google’s privacy policy, visit https://policies.google.com/privacy and an opt-out option is available at https://adssettings.google.com/authenticated
  

Interaction with Data Collection Platforms and Other Third Parties:

This type of service allows users to interact with data collection platforms or other services directly from the pages of moonfare.com for the purpose of saving and reusing data. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if the users do not actively use the service. These services include:

• Hotjar Recruit User Testers (Hotjar Ltd.)
  

Managing Data Collection and Online Surveys:

This type of service allows moonfare.com to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse data from any responding users. The Personal Data collected depend on the information asked and provided by the users in the corresponding online form. These services may be integrated with a wide range of third-party services to enable
the owner to take subsequent steps with the data processed – e.g. managing contacts, sending messages, analytics, advertising and payment processing. These services include:

• Hotjar surveys (Hotjar Ltd.)
• Typeform
  

Registration and Authentication:

By registering or authenticating, users allow moonfare.com to identify them and give them access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, moonfare.com will be able to access some data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service. These services include:

• Webflow, Inc.
  
  

User Database Management:

This type of service allows the owner to build user profiles by starting from an email address, a personal name, or other information that the user provides to moonfare.com, as well as to track user activities through analytics features. This Personal Data may also be matched with publicly available information about the user (such as social networks’ profiles) and used to build private profiles that the owner can display and use for improving moonfare.com. Some of these services may also enable the sending of timed messages to the user, such as emails based on specific actions performed on moonfare.com. These services include:

• HubSpot CRM (HubSpot, Inc.)
  

Communication with Users:

These types of services allow the owner to schedule online meetings with users and conduct audio/video conferences for customer interviews, which may be recorded. These services include:

• Calendly
• Zoom
  

Prevention of Spam:

We use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to prevent spam. The legal basis for use is Article 6 (1) f (lawfulness of processing) of the GDPR, as there is a legitimate interest in protecting this website from bots and spam. reCAPTCHA is a free service that protects websites against spam and abuse. It uses advanced risk analysis techniques to keep people and bots apart. By using reCAPTCHA, data will be transmitted to Google using Google to determine whether the visitor is human or spam. To see what data Google collects and what this data is used for, visit https://policies.google.com/privacy?hl=en.

Google’s Terms of Service and Products can be found at https://policies.google.com/?hl=en.

Okta Multi-factor Authentication:

Moonfare uses okta multi-factor authentication, a very secure and sophisticated authentication process. Multi-Factor-Authentication verifies the user’s identity in multiple steps using different methods and provides another layer of security on top of the login credentials. For Multi-Factor Authentication, okta accesses the username and password of the person logging in and creates a cookie with a security token. The legal basis for the use of this cookie is Sec. 6 para. 1 lit. b GDPR. With the help of this security token, okta checks whether the respective person has access rights for the respective app. Within this process the collected data is also transferred by okta to the USA. Please note that the protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government agencies. Thus, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this. You can find out more about okta’s privacy policy here: https://www.okta.com/privacy-policy/.

Information Security

Moonfare has reasonable technical, organizational and administrative measures to safeguard your personal information commensurate with the sensitivity of the data we process, and limits access to your personal information as described in this privacy policy.  However, no information security program can prevent all cybersecurity attacks or fraud, and we urge you to remain vigilant in monitoring your accounts and to let us know immediately of any suspicious activity in connection with your Moonfare accounts.  

Accessibility

We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us using the contact Information below.

We take your concerns very seriously. We encourage you to bring it to our attention if you have any concerns about our processing your Personal Data.

This Privacy Policy was drafted with simplicity and clarity in mind. We are, of course, happy to provide any further information or explanation needed. Our contact details are below.

If you want to make a complaint, you can also contact the body regulating data protection in your country, where you live or work, or the location where the data protection issue arose.  A list of the EU data protection authorities is available by clicking this link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Please contact us if you have any questions about this Privacy Policy or the Personal Data we hold about you.

Contact us by email at [email protected]

Contact us in writing using this address:

Moonfare

℅ Asmus Eggert, Data Protection Officer

Karl-Liebknecht-Str. 34

10178 Berlin

Germany

We keep this Privacy Policy under regular review.

THIS PRIVACY POLICY WAS LAST UPDATED ON 18 January 2022.

We are pleased that you are interested in us and that you wish to apply or have already applied for a position with Moonfare. We would like to provide you with information below on the processing of your personal data regarding your application.

Who is responsible for data processing?

The entity responsible for the processing of personal data is:

Moonfare GmbH

Karl-Liebknecht-Str. 34

10178 Berlin

Germany

Phone: +49 30 220 560 771

‍Email: [email protected]

‍

You can contact our data protection officer at:

mip Consult GmbH

Attorney-at-law Asmus Eggert

Wilhelm-Kabus-Str. 9

10829 Berlin

‍[email protected]

‍www.sofortdatenschutz.de

What personal data do we collect?

When you apply for a job at Moonfare, we will ask you to provide us with personal information about yourself so we can evaluate your application. If this information is not provided, our ability to consider you as a candidate may be limited. You may also provide us with your personal information that we have not specifically requested (for example your CV or cover letter may contain information about your hobbies and social preferences). All information is provided on a voluntarily basis and you determine the extent of information that you provide to Moonfare.

The kind of personal information we collect about you may include:

• Name, identity and contact details – such as your name, address, email address, telephone, location (optional), other contact information and personal preferences

• Employment details - such as details of your employment background, including position, work experience, employment references, salary and other compensation requests

• Background information– such as your educational background including qualifications, school, degrees, certificates and skills

• Information about your current and desired levels of remuneration

• Video and audio recordings of the interview if you agree

• Any other information in your application or obtained from the interview that you choose to share with us - such as personal preferences, hobbies, social preferences, etc.

Why do we process personal data and on what legal basis?

To process your application, we may process your identifiers, professional, employment and/or education information. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) of the German Federal Data Protection Act (“BDSG”).

To communicate with you about your application, the current status and respond to questions you may have about the application process, we process your identifiers, professional, employment and/or education information related to you and the specific communications with you. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG.

To conduct reference checks, we process your identifiers, professional or employment information, and education information. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG.

To assess your suitability for the position for which you have applied, we may process your identifiers, location, professional or employment information and/or education information. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG.

For carrying out the obligations and exercising specific rights of the data controller or of the data subject in the field of employment and social security and social protection law. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG. To the extent we process special category data, we rely on the additional legal basis of Art. 9(2)(b) GDPR in conjunction with Section 26(3) BDSG.

For carrying out satisfaction surveys and interview trainings (for example, to manage and improve the recruitment process), we process video and audio recordings of the interview as well as its transcription. The legal basis for this processing is Art. 6(1)(a) GDPR, if consent has been given.

To respond to legal processes such as subpoenas, to pursue legal rights, defend litigation, or comply with requests of government or public authorities, we may process your identifiers, protected classifications/special category data, professional or employment information to the extent it is relevant to such legal purposes. The legal basis for this processing is Art. 6(1)(c) and Art. 6(1)(f) GDPR. In such cases, our legitimate interest is in asserting or defending claims.

How long will my data be retained?

If your application for employment is unsuccessful, we will hold your data on file for 6 (six) months after the end of the relevant recruitment process. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic based) and retained during your employment.

If we obtain consent from you to record the interview, we will store the video and audio files for 2 years from the time of collection.

Who can access my data?

Your application data will be screened by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department responsible for the respective open position. There a decision will be made on the further procedure. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application procedure.

In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT service and hosting provider, recording and transcription services. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.

Subject to your consent, we use the application Metaview for our interview to record and transcript the interview. Metaview provides Interview Analytics, Interview Recordings and Transcripts and Interview Coaching services. In case of an invitation to an interview, we will send Metaview your name and email address to set up the interview and the participants on the Metaview application. You will receive a link from Metaview where you will be informed about the processing of the data from the interview and ask for your prior consent. If you do not consent, the interview will not take place through Metaview.  If the interview takes place using Metaview, your data will be transferred to Metaview Global Ltd., 21-33 Great Eastern Street, London, EC2A 3EJ. Such data includes: your consent, identifiers (such as name, email address, phone), content (such as voice and video records and annotated transcript of interview with personalised feedback for interviewer), metadata related to the meeting and telephony or other connectivity data (such as meeting topic, start and end time, participant IP addresses, device/hardware information, phone number). We have concluded a GDPR-compliant data processing agreement with Metaview. For more information, please see Metaviews privacy policy at: https://www.metaview.ai/privacy.

If you provide us with your LinkedIn profile, for example in the application form via website, we will receive your LinkedIn profile and LinkedIn will learn that you applied for a position at Moonfare. For more information, please see LinkedIn's privacy policy at: https://de.linkedin.com/legal/privacy-policy.

Are data transferred to a third country or to an international organization?

Data collected in the European Union / European Economic Area (EU/EEA) is primarily processed in the EU/EEA. Data collected by our subsidiaries is generally processed at the subsidiary's registered office (e.g., in the United Kingdom, USA, Hong Kong and Singapore) and in the EU/EEA. In some cases, especially when using our website, data is processed in the USA.

For data collected in the European Union and transferred to countries without an adequacy decision by the EU Commission according to Article 45 GDPR, as is the case with the USA, we generally agree on EU standard contractual clauses with the recipients of the data and/or obtain your consent for the data transfer.

Depending on the services used, we might transfer your Personal Data to our group members, members of Moonfare’s partnership and related parties, and to third party service providers in countries or territories outside of the EU/EEA or outside the country in which our subsidiaries are based, which may not have similarly strict data protection and privacy laws. Where we transfer Personal Data to other members of our group or our service providers, we have put in place data transfer agreements and safeguards such as the European Commission approved standard contractual clauses to ensure that the recipients are bound by legally enforceable obligations to provide the transferred Personal Data a standard of protection that is at least comparable to the protection required under the laws applicable to the personal data.

Note: If you give us your consent to process your data outside of the EU/EEA please note that the protection of personal data in the USA, Hong Kong and Singapore does not correspond to the level of data protection required by the EU/EEA. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.

What are my data subject rights?

In accordance with Art. 15 GDPR, you have the right of access as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data. In this case, we will provide you with the stored personal data. You also have the right to the information specified in detail in Art. 15 para 1 GDPR. However, the aforementioned right is not unlimited; the limitations of the right can be found in particular in Art. 15 para 4 GDPR.

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and to completion of incomplete personal data in accordance with Art. 16 GDPR.

You have the right to obtain the erasure of personal data concerning you without undue delay acc. Art. 17 GDPR. The right to erasure (“right to be forgotten”) is not unrestricted. In particular, erasure cannot be demanded, if we need to process your personal data further in order to perform our contract, to fulfil a legal obligation or to assert, exercise or defend legal claims. The requirements and restrictions of the right to deletion are set out in detail in Art. 17 GDPR.

You have the right, in accordance with Art. 18 GDPR, to request that the processing of your personal data be restricted if one of the conditions of Art. 18 para 1 GDPR is met. In this case, we may continue to store this data, but may process it only under strict conditions. The conditions and restrictions of the right to restrict processing are set out in detail in Art. 18 GDPR.

Pursuant to Art. 20 GDPR, you have a right to data portability. You may request to receive the personal data provided by you, which we process in an automated process on the basis of the contract existing between us or your consent, in a structured, common and machine-readable format. In addition, you may request us to transmit this data directly to another responsible party, insofar as this is technically feasible. The requirements and restrictions of the aforementioned rights in detail can be found in Art. 20 para 3 and 4 GDPR.

You can withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal only takes effect for the future and does not affect the legality of the processing carried out based on the consent up to the withdrawal.

Information about your right to object according to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1 lit e GDPR (data processing in the public interest) and Art. 6 para 1 lit f GDPR (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.

Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to the above-mentioned address or email.

The above notifications and measures requested by you will be made available to you free of charge in accordance with Art. 12 para 5 GDPR.

You have a right to complain to a data protection supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR, without prejudice to any other administrative or judicial remedy.

To what extent do you apply automated individual decision-making, including profiling?

In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

‍

‍