Privacy Notice

The entity responsible for the collection and processing of personal data in the EU is:

Moonfare GmbH

Schlesische Str. 33/34

10997 Berlin

Germany

Phone: +49 30 220 560 771

Email: [email protected]
‍

For details of the entity responsible for the collection and processing of personal data outside the EU, please see the local country sections at the end of this notice.

‍

You can contact our data protection officer at:  

mip Consult GmbH 

Attorney-at-law Asmus Eggert 

Wilhelm-Kabus-Str. 9

10829 Berlin 

[email protected]

www.sofortdatenschutz.de

We process personal data that we receive from you while using our website and, if applicable, in the course of our business relationship. 

In the case of purely informational use of our website, i.e. if you do not register or otherwise submit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to present our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software and notification of successful retrieval. 

If you undergo certain verification checks and submit identity information such as your identity card or passport, we process your personal data contained in these documents. 

Furthermore, we receive your personal data if you contact us via a contact form, chat or email, and through any associated documentation that you complete when subscribing for an interest in Moonfare. The personal data that we collect in these circumstances are, for example, name, address, e-mail address, telephone number, date of birth, passport details or other national identifier, driving license, your national insurance or social security number and income, employment information and details about your investment or retirement portfolio(s), and, if applicable, any data contained in the message that you send us.

‍

‍

Data collected in the United Kingdom / European Union / European Economic Area (UK/EU/EEA) is primarily processed in the UK/EU/EEA. Data collected by our subsidiaries is generally processed at the subsidiary's registered office (e.g., in the UK, USA, Hong Kong and Singapore) and in the EU/EEA. In some cases, especially when using our website, data is processed in the USA.

Depending on the services used, we might transfer your personal data to our group members, members of Moonfare’s partnership and related parties, and to third party service providers in countries or territories outside of the UK/EU/EEA or outside the country in which our subsidiaries are based, which may not be subject to an adequacy decision by the UK Secretary of State or the EU Commission under Article 45 of the GDPR or the UK GDPR, in each case as applicable, and therefore may not have similarly strict data protection and privacy laws. Where we transfer personal data to other members of our group or our service providers, we have put in place data transfer agreements and safeguards such as the European Commission approved standard contractual clauses (and UK equivalent) to ensure that the recipients are bound by legally enforceable obligations to provide the transferred personal data a standard of protection that is at least comparable to the protection required under the laws applicable to the personal data.

Note: Please note - especially if you give us consent - that the protection of personal data in the USA, Hong Kong and Singapore does not correspond to the level of data protection required by the UK/EU/EEA. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.

In accordance with Art. 15 GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where they are being processed, to access the personal data. In this case, we will provide you with the stored personal data. You also have the right to the information specified in detail in Art. 15 para 1 GDPR. However, the aforementioned right is not unlimited; the right to obtain a copy of your personal data shall not adversely affect the rights and freedoms of others under Art. 15 para 4 GDPR.

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and to completion of incomplete personal data in accordance with Art. 16 GDPR.

You have the right to obtain the erasure of personal data concerning you without undue delay in accordance with Art. 17 GDPR. The right to erasure (“right to be forgotten”) is not unrestricted. In particular, erasure cannot be demanded, if we need to process your personal data further in order to perform our contract, to fulfil a legal obligation or to assert, exercise or defend legal claims. The requirements and restrictions of the right to deletion are set out in detail in Art. 17 GDPR.

You have the right, in accordance with Art. 18 GDPR, to request that the processing of your personal data be restricted if one of the conditions of Art. 18 para 1 GDPR is met. In this case, we may continue to store this data, but may process it only under strict conditions. The conditions and restrictions of the right to restrict processing are set out in detail in Art. 18 GDPR.

Pursuant to Art. 20 GDPR, you have a right to data portability. You may request to receive the personal data provided by you, which we process in an automated process on the basis of the contract existing between us or your consent, in a structured, common and machine-readable format. In addition, you may request us to transmit this data directly to another responsible party, insofar as this is technically feasible. The requirements and restrictions of the aforementioned rights can be found in detail in Art. 20 para 3 and 4 GDPR.

You can withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal only takes effect for the future and does not affect the legality of the processing carried out based on the consent up to the withdrawal.

Information about your right to object according to Art. 21 GDPR 

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1 (e)GDPR (data processing in the public interest) and Art. 6 para 1 (f) GDPR (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 (4) GDPR.

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims.

In individual cases and where we have obtained your consent to do so (unless any applicable legal exemption to obtaining such consent applies), we may process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes. 

Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to the above-mentioned address or email.

The above notifications and measures requested by you will be made available to you free of charge in accordance with Art. 12 para 5 GDPR.

You have a right to complain to a data protection supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR or any other applicable data protection laws, without prejudice to any other administrative or judicial remedy. We would, however, appreciate the chance to deal with your concerns before you approach the relevant data protection or other supervisory authority so please contact us in the first instance.

In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

‍

You must provide the personal data that is required for the use of our website for technical or IT security reasons in order to use our website. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise we will not be able to process your request.

When you enter into a business relationship with us, you must provide the personal data that is required for the establishment, performance and termination of a business relationship or that we are required to collect by law. Without this data, we usually have to refuse to conclude a contract or can no longer fulfill an existing contract and may have to terminate it.

For the creation of a Moonfare account we collect the following data: First and last name, phone number, email address, country and investment preference. The registration process takes place in two stages. When you submit the form, we send you an email asking you to confirm the registration and to set a secure password. We then use a questionnaire to collect information about your professional background and verify your identity.

We log the registration in order to be able to provide proof of the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. The logging of the registration process is based on our legitimate interests according to Art. 6 para. 1 (f) GDPR.

The Questionnaire is an important part of our assessment process to determine whether potential investors are suitable for Moonfare's financial products and is based on applicable securities laws and regulations.

Based on legal requirements (e.g. German Banking Act, Money Laundering Act, Securities Trading Act, tax laws) as well as banking supervisory requirements (e.g. of the European Central Bank, the European Banking Authority, the Deutsche Bundesbank and the German Federal Financial Supervisory Authority -BaFin), we are obliged to establish your identity. 

For the purpose of identification, we process the personal data you provide (name, date of birth, address, e-mail address, telephone number) for verification. Finally, during the identification procedure, photos of you and your identification document (passport, ID card) are taken via the camera of your device. 

The identification procedure is carried out on our behalf by "NECT" (Nect GmbH, a company with its registered office at Großer Burstah 21, 20457 Hamburg, Germany), who specialize in this area. The data processing by NECT is carried out as a service provider/contract processor and NECT is also obliged to comply with all applicable data protection regulations.

We would like to point out that it is not possible to become a customer with us without such identification procedure. A personal identification on site is not possible, also sending a copy of an ID card is not sufficient. The reason for this is the legal regulations.

You can find more information about the data processing within the identification procedure in the Privacy Notice of NECT: https://nect.com/en/data-protection/

Moonfare uses multi-factor authentication provided by "Okta" (Okta UK Limited, a company with its registered office at 20 Farringdon Road, ECIM 3HE, United Kingdom). 

Multi-factor authentication verifies the user’s identity in multiple steps using different methods and provides another layer of security on top of the login credentials. For multi-factor authentication, Okta accesses the username and password of the person logging in and creates a cookie with a security token. With the help of this security token, Okta checks whether the respective person has access rights for the respective app. 

The legal basis for the use of this cookie is Art. 6 para. 1 (b) GDPR and our interest in the data security of our platform Art. 6 para. 1 (f) GDPR.

Within this process the collected data is also transferred by Okta to the USA. Please note that the protection of personal data in the USA does not correspond to the level of data protection required by the UK/EU/EEA. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government agencies. Thus, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this. 

You can find out more about Okta’s privacy policy here: https://www.okta.com/privacy-policy/ .

We use "Aircall" (Aircall SAS, a company with its registered office at 11-15 rue Saint Georges, 75009 Paris, France) to record and analyze order-related telephone calls and electronic communications with potential customers and existing customers.

We are required by regulatory obligations to record telephone calls and electronic communications (so-called taping) that directly relate to the conclusion of a transaction with you or that are intended to result in such a transaction. The legal basis for this is Art. 6 para 1 sentence 1 lit. c GDPR; Sec. 83 para 3 Securities Trading Act (WpHG); Art. 16 para 7 Markets in Financial Instruments Directive (MiFID II). The legal basis for analyzing the call is Art. 6 para. 1 (b) GDPR.

Within this process the collected data is also transferred by Aircall to the USA. Please note that the protection of personal data in the USA does not correspond to the level of data protection required by the UK/EU/EEA. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government agencies. Thus, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this. The legal basis for the data transfer to the USA is Art. 6 para 1 sentence 1 lit. a GDPR. We will ask for your consent right before the recording. 

In this context, we store the correspondence associated with the order (e-mail and recorded telephone call). This includes the processing of the following data: First and last name, company, position, telephone number, e-mail address, birth date, transaction-related information, e.g. number of transaction, investment preference, bank information, etc. We also process data relating to the monitoring of the business relationship, such as usage, login, and device information about users and prospective users (connection data, technical and aggregate usage data, such as user agent, IP addresses and approximate location information based on those IP addresses, device data (such as type, operating system, device ID, browser version, locale used, and language settings), activity logs, and session records.

We have entered into a data processing agreement with Aircall in accordance with Art. 28 GDPR. In this contract, Aircall contractually undertakes to ensure the security of the information, systems and services with the help of appropriate technical and organizational measures.

You can find more detailed information on data processing in Aircall's Privacy Notice at:https://aircall.io/privacy/

We use "Zoom" (Zoom Video Communications Inc., a company with its registered office at San Jose, 55 Almaden Boulevard, 6^th Floor, CA 95113, USA) to record order-related video calls and electronic communications with potential customers and existing customers. 

We are required by regulatory obligations to record video calls and electronic communications (so-called taping) that directly relate to the conclusion of a transaction with you or that are intended to result in such a transaction. The legal basis for this is Art. 6 para 1 sentence 1 lit. c GDPR; Sec. 83 para 3 Securities Trading Act (WpHG); Art. 16 para 7 Markets in Financial Instruments Directive (MiFID II).

The legal basis for the data transfer to the USA is Art. 6 para 1 sentence 1 lit. a GDPR. We will ask for your consent right in front of the recording. 

In this context, we store the correspondence associated with the order (e-mail and recorded video call). This includes the processing of the following data: First and last name, telephone number, e-mail address, transaction-related information, e.g. investment preference, bank information, etc. We also process usage, login, and device information about users and prospective users (connection data, technical and aggregate usage data, such as user agent, IP addresses and approximate location information based on those IP addresses, device data (such as type, operating system, device ID, browser version, locale used, and language settings), activity logs, and session records. 

We have entered into a data processing agreement with Zoom in accordance with Art. 28 GDPR. In this contract, Zoom contractually undertakes to ensure the security of the information, systems and services with the help of appropriate technical and organizational measures.

For further details, we refer you to the "Zoom Global Data Processing Addendum", which you can access at https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf

In Exhibit A of this document, you can find, among other things, a list of personal data collected by Zoom. Exhibit B describes the data security and control requirements provided, and Exhibit C contains the wording of the data processing contract.

‍

We use cookies on our website. Cookies are small text files, usually consisting of letters and numbers, which are stored on the user's computer when visiting certain Internet pages. 

Some of these cookies are essential for our website to function, while other cookies help us improve our website by giving us insight into how you use the website. 

By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.

We only use cookies that are not necessary for the website to function ("non-essential cookies") if you have given your consent via our cookie banner. You can return to our privacy information at any time and withdraw your consent or make changes. 

Alternatively, you can prohibit the storage of cookies individually via the settings of your browser (the help page of the browser will tell you how to set the cookie handling). You can find help on cookie management in the most common browsers at the following addresses:

• Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Chrome: https://support.google.com/accounts/answer/61416?hl=en
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies
• Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
• IE: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

‍

‍

Google Analytics 

We use the web analytics service Google Analytics from Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) hereinafter "Google". 

The web analytics service Google Analytics uses cookies. The information generated by the cookies about the use of our website is usually transmitted to a Google server in the USA and stored there. There are privacy risks associated with the processing of your data in the USA, see above. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a GDPR.

Google processes the data for us to evaluate the use of our website by the website visitors, to create reports about the activities within our website and to provide further services connected with the use of our website. In doing so, pseudonymous usage profiles of the website visitors are created from the processed data.

During your visit to the website, the following information is collected, among other things:

• Pages viewed,
• Achievement of contact targets, such as contact requests or newsletter sign-ups,
• Your use of our website, for example clicks and time spent on one of our pages,
• Your approximate location (country),
• Your IP address (in shortened form, so that no clear assignment is possible),
• Technical information such as browser type, internet provider used, terminal device and screen resolution,
• Via which website or advertising medium you came to us.

Google Analytics stores cookies in your browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognise you on future visits to the website.

We use Google Optimize a service provided by Google ("Google Optimize"). Google Optimize analyzes the use of different variants of the website, so that we are able to adjust the user experience to the behavior of the website users. Google Optimize is a tool embedded in Google Analytics and uses cookies.

The IP address received in this way is anonymized immediately after processing. In exceptional cases, the full IP address is transmitted to a Google server in the USA and encrypted there. The transmitted IP address is not merged with other data from Google.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other, non-personal data remain stored in aggregated form for an unlimited period of time. The IP address transmitted by your browser will not be merged with other data from Google.

We use Google Signal a service provided by Google ("Google Signal"). Through this, any existing Google Analytics functions (advertising reports, remarketing, cross-device reports and reports on interests and demographic characteristics) are updated, to result in the summary and anonymisation of your data, should you have permitted personalised ads in your Google Account.

The special aspect of this is that it involves cross-device tracking. That means your data can be analysed across multiple devices. Through the activation of Google signals, data is collected and linked to the Google account. For example, it enables Google to recognise when you look at a product on a smartphone and later buy the product on a laptop. Due to activating Google signals, we can start cross-device remarketing campaigns, which would otherwise not be possible to this extent. Remarketing means, that we can show you our products and services across other websites as well.

Moreover, further visitor data such as location, search history, YouTube history and data about your actions on our website are collected in Google Analytics. As a result, we receive improved advertising reports and more useful information on your interests and demographic characteristics. These include your age, the language you speak, where you live or what your gender is. Certain social criteria such as your job, your marital status or your income are also included. All these characteristics help Google Analytics to define groups of persons or target audiences.

Those reports also help us to better assess your behaviour, as well as your wishes and interests. As a result, we can optimise and customise our products and services for you. By default, this data expires after 26 months. Please consider, that this data is only collected if you have agreed to personalised advertisement in your Google Account. The retained information is always exclusively summarised and anonymous data, and never any data on individual persons. You can manage or delete this data in your Google Account.We use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within the European Union or European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

You can prevent the storage of cookies either by rejecting them in our cookie banner or by setting your browser accordingly; users can also prevent the collection of the data generated by the cookie and the transmission to Google as well as the processing of this data by Google by downloading and installing a browser opt-out plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.

Further information on data processing by Google, setting and objection options can be found on the Google website at https://policies.google.com/technologies/partner-sites.

‍

Google Ads 

We use the Google Ads service of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) hereinafter "Google".

The processing of data within the scope of this service also takes place in the USA. The processing of your data in the USA is associated with privacy risks, see above. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, Art. 49 (1) p. 1 lit. a GDPR.

Google Ads is an internet banner advertising service that allows us to display ads in both Google search engine results and the Google advertising network. Google Ads allows us to pre-define certain keywords that will display an ad in Google's search engine results only when the user performs a keyword-relevant search. In the Google advertising network, our ads are displayed on topic-relevant websites by means of an automatic algorithm and in compliance with the keywords we have previously defined. 

The purpose of our use of Google Ads is to advertise our website by displaying advertisements on the websites of third-party companies and in the search engine results of Google and, if applicable, to display third-party advertisements on our website.

If you access our website via a Google ad, a so-called conversion cookie is stored on your computer by Google. A conversion cookie loses its validity after thirty days and is not used for your identification, but it is tracked whether certain subpages of our website were called. Through the conversion cookie, both we and Google can track whether you have reached our website via an ad, completed an action (e.g., a purchase) or cancelled.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via ads. We use this information to measure the success of our ads and to optimize our ads for the future. Neither our company nor other advertisers of Google Ads receive information from Google by means of which the data subject could be identified.

Instead of using our cookie banner, you can also prevent the setting of cookies by means of an appropriate setting in your internet browser. Such a setting of the internet browser used would also prevent Google from setting a conversion cookie on your computer. In addition, a cookie already set by Google Ads can be deleted at any time via the browser. Furthermore, it is possible to object to interest-based advertising by Google. To do this, you must call up the link www.google.de/settings/ads from any of the Internet browsers you use (on any device) and make the desired settings there. 

If you wish to object to interest-based advertising by Google, you can use the opt-out options provided by Google: http://www.google.com/ads/preferences.

Further information and Google's applicable privacy policy can be found at https://policies.google.com/technologies/partner-sites.

‍

Use of Matomo

We use the web analysis service Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

Cookies are stored on your computer for this evaluation. We store the information collected in this way exclusively on our servers in Germany, i.e. third parties have no access to this data.

If you agree to web analysis using Matomo, the following data is collected when you call up individual pages of our website:

• Shortened IP address of the calling system of the user,
• the requested web page,
• the website from which the user accessed the website (referrer),
• the sub-pages that are called up from the web page called up,
• the time spent on the website,
• the frequency of the call of the web page.

You can prevent the storage of cookies either by rejecting them in our cookie banner or by deleting any existing cookies on your computer. The prevention of the storage of cookies is also possible through appropriate settings in your browser. 

This website uses Matomo with IP anonymization. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a specific person. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

The Matomo program is an open-source project. You can obtain information from the third-party provider on data protection at http://matomo.org/privacy-policy.

‍

Use of Hotjar

This website uses features of the web analytics service Hotjar. The provider is Hotjar Inc. with its registered office at Level 2, St. Julian's Business Centre, 3, Elia Zammit Street, St. Julian's STJ 1000, Malta.

We use Hotjar to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and to make it more interesting for you as a user. On behalf of the operator of this website, Hotjar will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The information generated by the cookie about your use of the website will be transmitted to and stored by Hotjar on servers in the United States.

We use Hotjar's anonymization feature on this website. This shortens your IP address and ensures that the analytics data is not personally identifiable. We do not merge the data with other personal data.

We only use the tool in case of your consent, which you can give via the cookie banner, legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. You can also opt out of the analysis function by simply activating the standard "Do not Track" function in your browser. In this case, we will not process your personal data in the manner described here. An explanation of how you can activate the "Do not Track" function can be found under this link: www.hotjar.com/legal/compliance/opt-out/.

‍

reCAPTCHA

We use the "reCAPTCHA" function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), in order to be able to recognize whether entries in forms are made by humans and not by automatically acting software tools (so-called "bots"). 

The data processed includes IP address, information on operating systems, devices and browsers used, language settings, location, mouse movements, interactions with ReCaptcha on other websites, cookies if applicable and results of manual recognition processes (e.g. selection of images according to certain criteria). 

There are corresponding risks associated with the processing of your data by Google in the USA. By giving your consent via our cookie banner, you agree to the processing of your data (here your IP address) in the USA despite potential access by US authorities.

The privacy information can be found at https://policies.google.com/technologies/partner-sites.

‍

Facebook Pixel

We use on the basis of your consent (via our cookie banner) the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (parent company: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).

With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our website as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel based on our legitimate interests in the analysis, optimization and economic operation of our website and our company in order to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our website or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The Facebook pixel is part of our website as JavaScript code and sets cookies on your device. If you log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. The data collected about you is anonymous for us, so it does not offer us any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook for market research and advertising purposes. 

By giving your consent via our cookie banner, you consent to the processing of your data by the Facebook pixel. Therefore the legal basis for the use of the Facebook pixel is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

The collected data is also transferred by Facebook to the USA and other third countries. Please note that the protection of personal data in the USA and third countries does not correspond to the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government authorities. Thus, there is a risk that these governmental entities may be able to access the personal data without the data transmitter or the recipient being able to effectively prevent this. If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account. 

The processing of the data is carried out under the joint responsibility of Facebook and us in accordance with Art 26 of the GDPR. The primary responsibility for the processing of personal data in the context of the plugins lies with Facebook and all obligations under the GDPR with regard to the processing of personal data are fulfilled by Facebook (in particular the information obligations pursuant to Article 12 et seq. GDPR, ensuring the rights of data subjects pursuant to Article 15 et seq. GDPR, notification of data breaches pursuant to Articles 33, 34 GDPR).

You can find Facebook’s privacy information at https://www.facebook.com/about/privacy/. 

You can opt-out of the Facebook Pixel’s collection and use of your data to display Facebook Ads. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads.

‍

Cloudflare 

We use the service “Cloudflare”. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website through Cloudflare’s network. This enables Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. In doing so, Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described herein.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

‍

CDNJS

We use CDNJS to properly deliver the content on our website. CDNJS is a service of Cloudflare, Inc., which acts as a content delivery network (CDN) on our website. A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc. whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the purposes stated above and to maintain the security and functionality of CDNJS.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. GDPR.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.

Cloudflare Insights

We have integrated Cloudflare Insights on our website. Cloudflare Insights is a service provided by Cloudflare, Inc. which develops cloud-based software that allows website and application owners to track the performance of their services. 

Cloudflare Insights provides the ability to determine statistical evaluations of the technical performance of our services (e.g., the duration of a particular database query, the stability and accessibility of our servers, or the response time of our servers). For this purpose, application and browser data are collected and stored in the browser by means of cookies.

The use of Cloudflare Insights is based on our consent according to Art. 6 para. 1 lit. a. GDPR.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

For more information about security and data protection at Cloudflare, please click here: https://www.cloudflare.com/privacypolicy/.

‍

Hubspot 

‍

We use the Hubspot service of HubSpot Inc., 25 First Street, 2^nd Floor, Cambridge, MA 02141, USA, on our websites for the purposes described below.

‍

Hubspot is a web-based customer relationship management software solution (CRM system) that we use to cover various aspects of our online marketing. We use Hubspot for email marketing, in particular newsletter distribution, contact management (e.g. user segmentation & customer relationship management/CRM), chat, operation of landing pages and contact forms, social media publishing and reporting.

‍

Hubspot processes your personal data when you interact with our landing page moonfare.com, e.g. when you use our registration forms there. Information collected when you use our landing page includes information about your computer and your visits to our landing page, such as your IP address, geographic location, browser type, length of visit, Internet service provider (ISP), pages visited and files viewed on our site (e.g., HTML pages and graphics), operating system, clickstream data, access times, and addresses of websites from which you linked to our site. This data is used to compile general statistics on the use of the landing page. We may link this automatically collected data to other personally identifiable information such as name, email address, address, and phone number.

‍

You can view Hubspot’s privacy policy here: https://legal.hubspot.com/privacy-policy.

‍

The legal basis for this processing is your consent pursuant to Art. 6 para 1 sentence 1 lit. a GDPR, Art. 49 para 1 sentence 1 lit. a GDPR. Consent given can be withdrawn at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected. The withdrawal can be made to the contact details above.

‍

In the context of processing via HubSpot, data may be transferred to the USA. We have concluded an data processing agreement with Hubspot. In addition, by concluding standard contractual clauses with us, HubSpot Inc has undertaken to ensure the European data protection principles and the European level of data protection also in the context of data processing taking place in the USA. However, if you choose to consent to the use of Hubspot we would like to point out that the European Court of Justice (CJEU) stated in its Schrems II ruling that the protection of personal data in the USA does not meet the requirements in the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government authorities. Therefore, there is a risk that these government agencies may access the personal data without Hubspot, you or us being able to effectively prevent this.

‍

We use the following Hubspot services:

‍

Hubspot Analytics

HubSpot uses cookies or similar technologies (such as web beacons and JavaScript) to analyze trends for us, track users’ movements around the site and gather aggregate demographic information about users. The legal basis for this processing is your consent pursuant to Art. 6 para 1 sentence 1 lit. a GDPR, Art. 49 para 1 sentence 1 lit. a GDPR.

‍

You can find more details about our use and management of cookies in the “Cookies” chapter of this privacy information. You can manage your cookie settings by clicking on the “Change cookie consent” link in the footer of the website.

‍

Hubspot Chat

We use the live chat and chatbot function offered by Hubspot. A chat is basically a directly conducted online conversation between humans. A chatbot, on the other hand, is software that automatically answers users’ questions or informs them of messages, if applicable, during a chat without human interaction. 

‍

When you use chat functions, we process your personal data provided in the chat for the purposes of the chat as well as for the purpose of further customer support and information about interesting products, offers, services and/or related actions by us. The legal basis for this processing is your consent pursuant to Art. 6 para 1 sentence 1 lit. a GDPR, Art. 49 para 1 sentence 1 lit. a GDPR.

‍

Hubspot Newsletter Service

We use the newsletter function offered by Hubspot. In the following, we inform you about our newsletter as well as the registration, mailing and evaluation procedure and inform you about your rights of objection. If you subscribe to our newsletter, you agree to receive the newsletter and you agree to the described procedure.

‍

Newsletter content: We send newsletters, e-mails and other electronic notifications, e.g. whitepapers, with promotional information (hereinafter “newsletter”) only on the basis of the recipient’s consent or on the basis of legal permission. If we specifically describe individual newsletters as part of the registration process, this description is decisive for the consent of a newsletter subscriber. If no separate description is provided, our newsletters will contain information about our products, offers and promotions as well as information about our company.

‍

Double-Opt-In: The registration for our newsletter takes place in the so-called double-opt-in procedure. This means that after you have registered for the newsletter, we will send you an e-mail in which we ask you to confirm your registration. This confirmation serves to ensure that only persons who have access to the specified e-mail address register for our newsletter. We log the registrations to the newsletter in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.

‍

According to its own information, Hubspot uses the data to optimize or improve its own services. However, the newsletter service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties. 

‍

To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to provide a first and last name, company, telephone number, for the purpose of personal address in the newsletter.

‍

The newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from Hubspot’s server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and your reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

‍

The sending of the newsletter and the measurement of success are based on the consent of the recipients according to Art. 6 para 1 sentence 1 lit. a GDPR, Art. 49 para 1 sentence 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG or on the basis of the legal permission according to § 7 para. 3 UWG. The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para 1 sentence 1 lit. f GDPR and serves as proof of consent to receive the newsletter. 

‍

You can unsubscribe from receiving our newsletter at any time, i.e. withdraw your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and have cancelled this subscription, their personal data will be deleted.

‍

LinkedIn Insight Tag

The “LinkedIn Insight Tag” of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland is used on our website. 

This is a JavaScript code that sets a cookie on your device that enables the collection of, among other things, the following data: IP address, device and browser properties and page events (e.g. page views). The use of cookies is based on your consent.

This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days.

We learn via the “LinkedIn Insight Tag” about which LinkedIn ad or interaction on LinkedIn you came to our website. This allows us to better control the display of our advertising. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. We can use this data to display targeted advertising outside our website without identifying you as a website visitor.

By giving your consent via our cookie banner, you consent to the processing of your data by LinkedIn. Therefore, the legal basis for the use of LinkedIn is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR. 

Please note that the data may be stored and processed by LinkedIn so that a connection to the respective user profile is possible and LinkedIn may use the data for its own advertising purposes. In addition, the data is also processed in the USA. Please note that the protection of personal data in the USA does not correspond to the level of data protection required by the EU. 

The processing of the data is a joint responsibility of LinkedIn and us pursuant to Art. 26 GDPR. The primary responsibility for the processing of personal data via the Insight Tag lies with LinkedIn and all obligations under the GDPR are fulfilled with regard to the processing of personal data by LinkedIn (in particular the information obligations pursuant to Article 12 et seq. GDPR, safeguarding of data subject rights pursuant to Article 15 et seq. GDPR, notification of data breaches pursuant to Articles 33, 34 GDPR). The joint responsibility agreement pursuant to Art. 26 GDPR can be found at: https://legal.linkedin.com/pages-joint-controller-addendum

For more information, please see LinkedIn's privacy policy at: https://de.linkedin.com/legal/privacy-policy.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To disable the Insight tag on our website ("opt-out") click https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

‍

Twitter Ad

We use "Twitter Ads" on our website, a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (hereinafter referred to as: "Twitter"). Based on your consent Art. 6 (1) lit. a GDPR Twitter Ads stores and processes information about your user behavior on our website.

The remarketing function is JavaScript code that sets a cookie on your device based on your consent, which enables the collection of the following data, among other things, and in particular the visits to our website as well as data about the use (e.g. all interactions regarding the displayed advertising such as clicking on links, retweets or likes) in pseudonymous, non-personal form. If you visit Twitter after visiting our website, we may show you advertisements. 

If you are logged into Twitter, Twitter can assign the visit to your account. Even if you are not logged in to Twitter, it is possible that Twitter will learn and store your IP address and other identifiers. The information collected by the remarketing function about the use of our website is transmitted to a Twitter server in the USA and stored there. Please note that the protection of personal data in the USA does not correspond to the level of data protection required by the EU.

You can find more information on how to prevent this function on Twitter itself at https://help.twitter.com/de/safety-and-security/privacy-controls-for-tailored-ads . You can find more information on data processing by Twitter at https://twitter.com/de/privacy .

‍

Microsoft Advertising 

‍

The website uses the remarketing function "Bing Ads" of Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. ("Microsoft Advertising"). 

In this context, Microsoft Bing Ads stores a cookie on your computer if you have accessed our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a previously determined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user's identity is disclosed.

By giving your consent via our cookie banner, you consent to the processing of your data by Microsoft. Therefore the legal basis for the use of Microsoft Advertising is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

If you do not want information about your behavior to be used by Microsoft as explained above, you can refuse the required setting of a cookie in our banner or by browser setting that generally disables the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by following the link below: http://choice.microsoft.com/de-DE/opt-out to declare your objection. For more information on data protection and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.

‍

Heap Analytics 

‍

We use the web analytics tool "Heap Analytics" by Heap Inc, 225 Bush St #200, San Francisco, CA 94104, USA, based on your consent. Heap Analytics uses cookies to enable an analysis of your use of the website. The cookies are only set if you have consented within the framework of the so-called "cookie banner". Therefore, the legal basis for the use of Heap is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

Heap also processes data from you in the USA. We would like to point out that there is currently no adequate level of protection for the transfer of data to the USA. This may pose various risks to the lawfulness and security of data processing. 

As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or data transfer there, Heap uses so-called Standard Contractual Clauses according to Art. 46 para.2 and 3 GDPR. 

More information about the Standard Contractual Clauses can be found at: https://help.heap.io/data-privacy/heap-and-data-privacy/using-heap-to-comply-with-data-privacy-legislation/ . 

You can learn more about the data processed by Heap in the Privacy Policy: https://heap.io/privacy?tid=331657198431   

‍

Click Cease

This website uses functions of the web analytics service Clickcease, 18th Haarba'a Steet, Tel Aviv, Israel. The service is used to analyze and prevent click fraud in relation to our advertisements placed on Google. Click fraud occurs when clicks on advertisements are generated by automated tools or multiple clicks on advertisements are presumably not due to genuine user interest.  

The legal basis for the use of the service is Art. 6 (1) lit. f GDPR. There is a legitimate interest in protecting against click fraud and averting financial damage caused by click fraud.

Clickcease uses "cookies" and thereby collects, stores and processes information that your browser automatically transmits to us. This includes: Browser type/browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and the IP address. Clickcease searches this data for conspicuous behavior and, if necessary, transmits suspicious data to Google to protect us from click fraud. In this process, it is possible that the collected data is processed and stored outside the European Union.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Further information and the privacy policy of Clickcease can be found at https://www.clickcease.com/privacy.html.

‍

Instana

We use Instana, a service provided by Instana, Inc, 3 E 3rd Ave, #200, San Mateo, CA 94401, USA (hereinafter referred to as Instana).

By giving your consent via our cookie banner, you consent to the processing of your data by Instana. Therefore the legal basis for the use of Instana is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

Instana uses "cookies" that are stored on your computer to analyze how users visit Service-Bund's website. The information generated includes IP addresses and user behavior data. The data is collected to analyze the user's browsing activity and to improve system performance and the usability of Service-Bund's website.

Instana may also use this data in an anonymous form to analyze the data and improve the Instana service. Instana is not able to link this information to any individual. Instana may share this information with third parties when required by law or when those third parties process the information on Instana's behalf. You can prevent the collection and transfer of personal data (especially your IP address) and the use of this information by disabling JavaScript in your browser or installing a tool such as "NoScript".

For more information about Instana's privacy policy, please visit: https://www.instana.com/privacy-policy/.

‍

SolarWinds Pingdom 

Our website also uses SolarWinds Pingdom, a service provided by Pingdom AB, Kopparbergsvägen 8, 72213 Västeras, Sweden.

By giving your consent via our cookie banner, you consent to the processing of your data by Pingdom. Therefore the legal basis for the use of SolarWinds Pingdom is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

Pingdom uses, among other things, cookies that are stored on your computer and that enable an analysis of the use of the website. In the course of use, data, such as in particular the IP address and activities of users, may be transmitted to and stored on a Pingdom AB server. You can prevent the collection and forwarding of personal data (in particular your IP address) as well as the processing of this data by disabling the execution of Java Script in your browser or installing a tool such as "NoScript". 

Further information on data protection when using Pingdom can be found at the following link: www.pingdom.com/legal/privacy-policy.

‍

Zapier 

We use the automation software "Zapier" from Zapier Inc., 548 Market Street 6241, San Francisco, CA 94104, USA on our platform.

By giving your consent via our cookie banner, you consent to the processing of your data by Zapier. Therefore the legal basis for the use of Zapier is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

Zapier also processes data from you in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. 

Zapier uses standard contractual clauses (SCC) in accordance with Art. 46 (2) and (3) of the GDPR as the basis for data processing for recipients located in third countries or a data transfer there. These are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to the destination countries. Through these clauses, Zapier commits to comply with the European level of data protection. You can find the resolution and the corresponding standard data protection clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

The conditions of data processing and the concluded SCC can be found at https://zapier.com/help/account/data-management/standard-contractual-clauses-at-zapier .

You can find more information about data processing in Zapier's Privacy Policy: https://zapier.com/privacy .

‍

Wingify

This site performs analyses of user behavior via so-called A/B testing. In doing so, we can show you our websites with slightly varied content, according to a profile assignment that has been made. This allows us to analyze our offer, improve it regularly and make it more interesting for you as a user. 

By giving your consent via our cookie banner, you consent to the processing of your data by Wingify. Therefore the legal basis for the use of Wingify is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

Cookies are stored on your computer for this evaluation. We automatically store the collected information on a server in Germany. You can prevent the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we point out that you may not be able to use the website in full. Preventing the storage of cookies is possible through the setting in your browser.

Before the analyses are carried out, the IP addresses are processed in abbreviated form, so that a direct reference to a person can be excluded. The IP address transmitted by your browser is not merged with other data collected by us.

You can object to the use of A/B testing by entering the internet address of our website in the field on the following website of the provider Wingify (VWO) and activating the link generated afterwards: https://vwo.com/opt-out/ .

The service provider of the analysis is Wingify Pvt Ltd (VWO). Information on the data protection of the third-party provider is available here: https://vwo.com/privacy-policy/ .

‍

Quora Pixel

We use the "Quora Tracking Pixel" of Quora Inc., 650 Castro Street, Suite 450, Mountain View, CA 94041, USA ("Quora") on our websites.

This allows us to track user behavior after they have been redirected to our websites by clicking on a Quora ad. This allows us to track the effectiveness of Quora ads for statistical and market research purposes. The data collected in this way is anonymous to us, meaning that we do not see any personal data about individual users.

However, this data is stored and processed by Quora. Therefore, based on our knowledge of the situation, we inform you: Quora may link this information to your Quroa account and use it for its own promotional purposes, in accordance with Quora's Privacy Policy: https://www.quora.com/about/privacy. A cookie may also be stored on your computer for these purposes.

The legal basis for the use of this service is Art. 6(1) sentence 1(a) GDPR. To disable tracking via Quora Pixel, please go to this page.

Disabling the pixel tracking feature affects the ability to personalize ads and content. This setting is tied to your cookies and only applies to the browser for which you opted out unless you are logged into the Quora platform.

‍

Segment

We use the Segment Persona’s service of Segment.io Inc., 100 California Street Suite 700 San Francisco, CA 94111, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA. 

Segment.io helps us to manage the data collected by the third-party providers and stores data in pseudonymous usage profiles. These usage profiles are used to analyze visitor behavior, to validate user interactions in our own data environment and are evaluated to improve our offer. 

The processing of your data in the USA is associated with privacy risks, see above. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, Art. 49 (1) p. 1 lit. a GDPR.

The data will be deleted when the purpose of its collection has ceased to apply and there is no obligation to retain it. Further information is available in Segment's privacy policy at https://segment.com/legal/privacy/.

‍

‍

You can find us on social networks and platforms, so that we can also communicate with you there and inform you about our services. 

We point out that your data may be processed outside the European Union / European Economic Area and that the data is usually processed for market research and advertising purposes. Profiles can be created from the usage behaviour and resulting interests of the users. These profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the computers of the users, in which the usage behaviour and the interests of the users are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.

We only link to our company profiles on the respective social networks on our website. However, please note that when you click on a link to the social networks, data is transmitted to their servers. If you are logged in to the respective social network at this time with your username and password, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can store this information in your user account.

In principle, we have no influence on the data processing of the social networks. However, we receive statistics from them about the use and visits of our company profile in their social network (e.g. information about the number of views, interactions such as likes and comments as well as summarized demographic and other information or statistics). For more information about the data processed by the social networks, please see the respective privacy notices linked below.

Insofar as we receive your personal data in the context of our social media profiles (e.g. in the context of a communication), you are entitled to the rights mentioned in this privacy notice. You can address your requests regarding data processing within the scope of our company profiles to us via the contact data mentioned above.

If you also wish to exercise rights against the provider of the social network, the easiest way to do so is to contact the respective network directly. The network knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the privacy notice linked below. We will also be happy to support you in exercising your rights, insofar as this is possible for us.

The processing of your personal data is generally based on your consent in accordance with Art. 6 para 1 sentence 1 lit. a GDPR. The legal basis is also Art. 6 para 1 lit. b GDPR if we receive and process your data as part of a contract-related inquiry. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 para 1 lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.

For information on the respective processing and the objection options, we refer to the privacy notice of the networks linked below:

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), We operate our Facebook page on the basis of a shared personal data processing agreement with Facebook - Privacy Information: https://www.facebook.com/about/privacy/ , Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and making new business contacts - privacy information https://www.linkedin.com/legal/privacy-policy , opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .
• Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland), microblogging service - privacy information: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization‍
• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany), social network for maintaining existing business contacts and making new ones - privacy information/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
  

The transfer of your personal data to the recipients listed above may involve the transfer of personal data to another country. In particular, due to our global business model, this may include transfers of your personal data to and from countries where a Moonfare subsidiary is located, including (but not limited to) Luxembourg, the United Kingdom, as well as other countries outside the European Economic Area, such as Hong Kong, Singapore and the United States. Please click here for a list of countries where we have a local office.

To ensure that your personal data is always subject to an adequate level of protection, we ensure that all cross-border transfers of your personal data are made in accordance with the safeguards required under the GDPR (in particular, appropriate contractual arrangements), in addition to any other safeguards required by applicable laws and regulations.

As noted above, Moonfare has appointed a DPO. If you have any questions in relation to Moonfare’s use of your Personal Data as described in this Privacy Notice, or if you would like to submit a request with respect to your rights outlined above, please contact our DPO using the contact details set out at the beginning of this Privacy Notice.

In addition to the contact details above, Hong Kong and Singapore residents may also contact the relevant local office to exercise their rights. Please note that this Privacy Notice does not in any way limit your rights under local data protection laws.

You also have the right to submit a complaint to your local data protection authority or other relevant supervisory authority in those European jurisdictions where a member of the Moonfare group of companies is registered with the national data protection authority (currently Germany). For more information on this topic, please visit the European Commission's website https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-are-data-protection-authorities-dpas-and-how-do-i-contact-them_en 

‍

Hong Kong 

The personal data collected in Hong Kong by Moonfare Group will be processed in accordance with the obligations under the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) as amended in 2012 ('PDPO').

You can access the Hong Kong PDPO here: https://www.elegislation.gov.hk/hk/cap486 

Further information from the local supervisory authority (including how to contact them) is available at: https://www.pcpd.org.hk/index.html 

‍

Singapore 

The personal data collected in Singapore by Moonfare Group is collected, stored, used and/or processed in accordance with the obligations under the Personal Data Protection Act 2012 of Singapore (“PDPA”).

You can access the Personal Data Protection Act 2012 of Singapore here: https://sso.agc.gov.sg/Act/PDPA2012 

Further information from the local supervisory authority (including how to contact them) is available at: https://www.pdpc.gov.sg/ 

‍

UK 

The data collected in the UK by Moonfare Group is collected, stored, used and/or processed in accordance with the obligations under (a) the Data Protection Act 2018, (b) the GDPR, (c) the GDPR as it forms part of the laws of the UK by virtue of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 ("UK-GDPR"), and (d) the Privacy and Electronic Communications Regulations 2003.

You can access the UK Data Protection Act 2018 here:  https://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf 

You can access the UK-GDPR here: https://www.legislation.gov.uk/eur/2016/679/contents 

Further information from the local supervisory authority (including how to contact them) is available at: https://ico.org.uk/ 

‍

USA - California Consumer Privacy Act („CCPA“)

The personal data collected in the USA by Moonfare Group will be processed in accordance with the California Consumer Privacy Act ("CCPA"). 

Under the CCPA, California residents have certain rights regarding the Personal Information that businesses process about them. This includes the rights to request access or deletion of your Personal Information, as well as the right to direct a business to stop selling your Personal Information.

Personal Information disclosed for business purposes:

Moonfare shares and has shared in the preceding 12 months personal information as necessary for specific “business purpose,” as defined by the CCPA (Cal. Civ. Code 1798.140(d)) and specified in the section “How do we share and disclose information to third parties?” This includes sharing personal identifiers, commercial information, internet or other electronic network activity with payment processing providers, customer relationship management, consulting, email, product feedback, and helpdesk services. While Moonfare does not sell Personal Information in exchange for any monetary consideration, we do share Personal Information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). This includes sharing personal identifiers, commercial information, and internet or other electronic network activity with advertising networks, website analytics companies, and event sponsors. Moonfare does not sell Personal Information of consumers who are under 16 years of age.

The CCPA rights 

• Right to opt-out of sale: While Moonfare does not sell personal information in exchange for any monetary consideration, we do share Personal Information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and wish to provide you with control over how your Personal Information is collected and shared. You have a right to direct Moonfare not to sell your Personal Information. With respect to cookies, you can always customize your settings at any time. Please note that we may still use aggregated and de-identified Personal Information that does not identify you or any individual. We may also retain Personal Information as needed to comply with legal obligations, enforce Agreements, and resolve disputes.

• Right to request disclosure: You have the right to request disclosure about what categories of Personal Information Moonfare has sold or disclosed for a business purpose about you and the categories of third parties to whom the personal information was sold or disclosed. You have a right to request disclosure of specific pieces of Personal Information. Below is a complete list of the Personal Information that you can include in your request.
  ‍
  ○ The categories of Personal Information that Moonfare has collected about you.
  ‍
  ○ The categories of sources from which Moonfare collected the Personal Information.
  ‍
  ○ The business or commercial purpose for collecting or selling Personal Information.
  ‍
  ○ The categories of third parties with whom Moonfare shares Personal Information.
  ‍
  ○ The specific pieces of Personal Information Moonfare has collected about you.
  ‍
  ○ The categories of Personal Information that Moonfare disclosed about you for business purpose.
  ‍
  ○ The categories of Personal Information that Moonfare has sold about you, as well as the categories of third parties to whom Moonfare sold your Personal Information.

If you would like to exercise your right to request disclosure, please contact our DPO. 

• Right to request deletion: You have the right to request that Moonfare delete any Personal Information about you that Moonfare has collected from you. Please note that there are exceptions where Moonfare does not have to fulfill a request to delete Personal Information, such as when the deletion of information would create problems with completing a transaction or compliance with a legal obligation. If you would like to exercise your right to delete, please contact our DPO.
• Right to non-discrimination: Moonfare will not discriminate against you (e.g., through denying goods or services or providing a different level or quality of goods o/r services) for exercising any of the rights afforded to you.

How do we handle your requests?

We endeavor to respond to a verifiable consumer request within the required timeframes. If we need more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain why we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

California and Delaware law require Moonfare to indicate whether it honors your browser’s “Do Not Track” settings concerning targeted advertising. Moonfare adheres to the standards set out in this Notice and does not monitor or respond to Do Not Track browser requests.

You can access the CCPA here: https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.81.5.&part=4.&chapter=&article= 

Further information from the attorney general (regulator) (including how to contact them) is available at: https://oag.ca.gov/ 

‍

‍

‍