Please note this is a convenience translation only and the legally binding document is the German version.

Privacy Policy

The protection of your personal data is important to us. Therefore, Spinoza Capital will treat your data carefully

The following statements provide information on the processing of personal data and your data protection rights. Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

A data subject is any natural person whose personal data Spinoza Capital processes. This may be, for example, clients, agents or advisors of clients, interested parties, applicants or other third parties. This privacy statement is primarily intended for the data subjects whose data is processed by Spinoza Capital in the context of its asset management and investment advisory activities.

The data controller is:

Spinoza Capital GmbH
Opernturm, 16. Stock
Bockenheimer Landstraße 2-4
D-60306 Frankfurt am Main

Phone: +49 69 5095 894 44
www.spinozacapital.com
info@spinozacapital.com

If the data subject has any questions about this privacy statement or about data protection in general, he or she is welcome to contact the data protection officer of Spinoza Capital GmbH - Mr Benedikt Schöps - at the address given above or at datenschutz@spinozacapital.com.

1. What data do we process?

We process personal data that we receive from our clients, the custodian banks or other third parties as part of our business relationship, such as surname, first name, e-mail, address, telephone number, IP address and browser data. In addition, we process - to the extent necessary for the provision of our service - personal data that we obtain from publicly accessible sources (e.g. commercial and association registers, press, Internet) in a permissible manner.

Finally, in addition to the data already mentioned, further anonymised usage data is processed that arises because of the use of the website. Due to the anonymisation, Spinoza Capital cannot assign this data to an individual person.

2. Purpose of data processing and legal basis

Spinoza Capital is a financial services institution pursuant to § 1 (1a) of the German Banking Act (Kreditwesengesetz, KWG) and has a licence pursuant to § 32 KWG. The focus is on fund management and traditional asset management for private clients. In addition, Spinoza Capital also has a licence to provide investment advice (§ 1 para. 1a sentence 2 no. 1a KWG) and to broker financial instruments (investment and acquisition brokerage within the meaning of § 1 para. 1a sentence 2 nos. 1, 2 KWG).

The data processing by Spinoza Capital as the responsible entity serves the purpose of providing the above-mentioned financial services as well as the necessary ancillary services. We process personal data in accordance with the applicable legal provisions. In the area of data protection law, these are in particular the EU General Data Protection Regulation (Datenschutzgrundverordnung, DSGVO), the German Federal Data Protection Act and the instructions of the data protection supervisory authorities applicable to us.

Personal data is processed in particular:

a) For the fulfilment of contractual obligations (Art. 6 para. 1 letter b DSGVO). The processing of personal data is carried out for the execution of the respective financial service and brokerage contracts as well as all necessary measures associated therewith, including the subsequent support and the fulfilment of information obligations. Further details can be found in the respective contract documents and accompanying information.

b) On the basis of a balancing of interests (Art. 6 para. 1 letter f DSGVO). Unless your interests in the protection of your personal data prevail, your data will also be processed to protect the legitimate interests of us or third parties. This also includes the possible processing in your interest. Possible legitimate interests may include: Assertion of legal claims and defence in legal disputes, ensuring IT security, prevention and investigation of criminal offences, measures for business management and further development of services and products, measures for building and investment security, transfer within the group for internal administrative purposes, transfer between us and the sub-broker to enable information of the customer, transfer of securities account information for billing purposes or for customer care.

c) Due to legal requirements (Art. 6 para. 1 letter c DSGVO) As a financial services institution, Spinoza Capital is subject to various legal obligations pursuant to Section 1 (1a) of the German Banking Act (KWG). These include, for example, the applicable tax laws, the German Commercial Code, the German Fiscal Code, the German Money Laundering Act, the German Securities Trading Act and the German Banking Act. We are also subject to the regulatory requirements of various supervisory authorities such as the state data protection authorities or the Federal Financial Supervisory Authority (BaFin). In this respect, the purposes of processing also include, among other things, identity verification, fraud and money laundering prevention, accounting, the assessment and management of risks, the fulfilment of enquiries and requirements of national or foreign supervisory or law enforcement authorities, as well as the fulfilment of control and reporting obligations under tax law. This also includes the documentation of advisory meetings. For this purpose, in certain cases we record the content of telephone calls or video conferences via e.g. Zoom, MS Teams or Google Meet.

d) Following consent by the data subject (Art. 6 para. 1 letter a DSGVO) If you have given your consent to the processing of personal data for specific purposes, your consent forms the legal basis for the processing. Insofar as the conclusion of contracts or products to be brokered necessitate the processing of special categories of personal data, processing shall only take place if consent has been given (Art. 9 DSGVO). As a matter of principle, we obtain consent if you are a client of asset management. Only after consent has been given may we transmit your personal data (e.g. your securities account data) to the intermediary looking after you. Consent given can be revoked at any time. This also applies to declarations of consent that were granted under "old law" prior to the application of the DSGVO. The revocation of consent does not affect the lawfulness of the data processing operations carried out until the revocation.

3. Recipients of the data

Only those bodies and persons will have access to your data who need it to fulfil their contractual and legal obligations or to perform their respective tasks, or who have a legitimate interest, unless your interest is overridden. In particular, data may also be passed on to processors commissioned by us in accordance with Art. 28 DSGVO. These may be companies in the following areas in particular: Investment advice, investment brokerage, IT services, data destruction, logistics, printing services, telecommunications.

Data is only passed on to third parties and exchanged with third parties if this is necessary to fulfil an obligation and necessary ancillary obligations, if we are obliged to do so due to legal provisions, if you have consented or if a legitimate interest requires this. Possible recipients of your personal data may include insurers, reinsurers, credit institutions, investment companies, financial services institutions, securities trading companies, lawyers, tax advisors, auditors, arbitration bodies or the Federal Financial Supervisory Authority (BaFin).

4. Storage period

As a matter of principle, your data will only be stored for as long as is necessary for the fulfilment of our contractual and legal obligations, whereby, depending on the product and type of brokerage, this also includes the subsequent information obligations and support and the processing and initiation of a contract.

Depending on the type of personal data, the specific retention periods are based on various contractual and statutory retention and documentation obligations. These result in particular from the obligation to properly store documents, for example § 257 of the German Commercial Code (Handelsgesetzbuch, HGB). Further deadlines result, for example, from the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (Geldwäschegesetz, GwG) and the German Securities Trading Act (Wertpapierhandelsgesetz, WpHG). The periods specified there for storage and documentation are two to ten years.

Finally, the storage period also depends on the statutory limitation periods, which according to §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB) are generally three years, but in certain cases can be up to thirty years.

5. Third countries

The transfer of data to a country outside the European Union or outside the EEA is generally not provided for. In individual cases, data may be transferred to a third country if the data subject (e.g. a customer) is resident in a third country.

In any case, a transfer to a third country will only take place if this does not contradict Art. 44 DSGVO and is necessary for the execution of the specific brokerage activity or is provided for by law or if you have given your express consent. Data subjects will be informed separately about the intended transfer to a third country if there is a legal obligation.

6. Details on cookies, tracking and other technologies

6.1. Provision of the website and creation of log files

Scope and duration of data processing

As soon as you visit our website, our system automatically collects data and information from the computer system of the calling end device, regardless of registration. The following data is collected and stored for a limited period of time for our own security purposes:

• Information about the browser type and version
• http status code/access status
• Time zone difference to Greenwich Mean Time (GMT)
• The user's operating system
• The user's IP address
• Date and time of the visit
• Duration of the visit
• Websites from which the user's system accesses our website
• Service provider of the user
• Websites accessed by the user's system via our website, device type and device brand

As soon as you end the session, the data is deleted. If the data is stored beyond this, it is anonymised and evaluated for optimisation purposes.

The collection and storage of the data is necessary for the provision of our website. We are therefore unable to offer you the option to object.

Purpose and legal basis of data processing

A short-term storage of the IP address by our system is necessary to enable a delivery of the website to the user's terminal device. For this purpose, your IP address must remain stored for the duration of your visit to our website.

The storage in so-called log files takes place to ensure the functionality of our website. In addition, we need the data to optimise our website and to guarantee the security of our information technology systems. These purposes also constitute our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

6.2. Cookies

Cookies are small text files that are stored in the Internet browser or by the Internet browser on the user's hard drive. This cookie contains a characteristic sequence of characters that enables the browser to be uniquely identified when the website is called up again. Cookies cannot execute programs or transmit viruses. Our website does not use cookies.

6.3. Contact forms and contact email

Scope of processing

You can get in touch with us via e-mail as well as via a contact form. If contact is made via the contact form, the data entered in the input mask will be transmitted to us and stored after submission. The following data is stored:

• E-mail address of the user
• Name of the user
• Contact details of the user (e.g. address or telephone or mobile phone number)
• The IP address of the user
• Date and time of registration
• As well as optional and voluntary information

For the processing of the data, your consent is obtained before sending and reference is made to this data protection declaration.

In addition, it is possible to contact us via the e-mail address provided by us. In this case, your personal data transmitted by e-mail will be stored. The data will not be passed on to third parties. The data will be used exclusively for processing your request.

Purpose and legal basis of data processing

Your data will be processed solely for the purpose of dealing with your request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted while sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

6.4. Job Applications

Scope and duration of processing

As soon as you send us your application documents, we will store them. In addition, notes made during telephone interviews or conversations will be added to the documents provided. In addition to your application documents (cover letter, CV, photo), data may also be obtained from other sources. This includes, for example, information you have provided in online portals such as Xing or LinkedIn. If you apply via our application portal, the IP address of your terminal device will also be stored. If no employment relationship is established, your data will be deleted after twelve (12) months at the latest.

Purpose and legal basis of processing

We process personal data as part of an application process in order to carry out a selection procedure or, if an employment relationship is established, to be able to hire you. The legal basis for this is Section 26 (1) in conjunction with Section 26 (8) (2) Para. 8 2 BDSGneu (Federal data protection act new, Bundesdatenschutzgesetz neu). In addition, processing is carried out on the basis of Art. 6 para. 1 lit. b and f DSGVO, insofar as this is necessary for the defence of asserted legal claims against us.

Insofar as special categories of personal data (in particular health data, e.g. a severe disability) are transmitted, the processing is carried out in accordance with Art. 9 (2) lit. b DSGVO. In the context of the application process, the processing serves exclusively to fulfil the obligations incumbent upon us pursuant to Section 164 SGB IX (Strafgesetzbuch).

Data is stored for a period of six (6) months after completion of the application process for the purpose of safeguarding and exercising legal prosecutions and legal claims. This storage is based on our legitimate interest in accordance with Art. 6, Para. 1, lit. f, DSGVO.

In the event of a successful application, the data you provide may be processed by us for the purposes of the employment relationship. Access to your data will only be granted to persons who need it for the proper course of the application procedure.

6.5. Data protection information for online meetings, telephone conferences and webinars via e.g. "Microsoft Teams" or "Zoom"

We would like to inform you below about the processing of personal data in connection with the use of "Microsoft Teams" as well as "Zoom".

We are the data controller for data processing related to the conduct of "online meetings". If you call up the "Microsoft Teams" or "Zoom" website, the respective provider is responsible for data processing. However, accessing the website is only necessary to download the software for using "Microsoft Teams" or "Zoom".

If you do not want to or cannot use the "Microsoft Teams" app or "Zoom" app, you can also do so via your browser. The service will then also be provided via the respective website.

Scope of data processing

When using "Microsoft Teams" or "Zoom", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting". The following personal data is processed:

• User details: e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language
• Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
• Text, audio and video data: You may have the opportunity to use the chat function in an "online meeting". In this respect, the text entries you make are processed to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Microsoft Teams" apps.

If we want to record "online meetings", we will transparently inform you in advance and - if necessary - ask for consent. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case. Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Purpose and legal basis of data processing

We use "Microsoft Teams" and "Zoom" to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings").

Insofar as personal data of employees of Spinoza Capital GmbH are processed, § 26 BDSG is the legal basis for the data processing. If, in connection with the use of "Microsoft Teams" or "Zoom", personal data is not required for the establishment, implementation or termination of the customer relationship, but is nevertheless an elementary component of the use of "Microsoft Teams" or "Zoom", the legal basis for data processing is Art. 6 para. 1 lit. f) DSGVO. In these cases, our interest is in the effective implementation of "online meetings".

In addition, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we have an interest in the effective implementation of "online meetings".

Recipients and disclosure of data

Personal data processed in connection with participation in "Online Meetings" will not be passed on to third parties as a matter of principle unless they are specifically intended to be passed on. Please note that the content of online meetings, as well as personal meetings, is often used to comply with our legal record-keeping obligations.

Other recipients: The provider of "Microsoft Teams" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with "Microsoft Teams".

Data processing outside the European Union

Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centres in the European Union. However, we cannot rule out the possibility that data may be routed via Internet servers located outside the EU. This may be the case if participants in "Online Meeting" are in a third country. However, the data is encrypted during transport via the Internet and thus protected against unauthorised access by third parties.

Deletion of data

We generally delete personal data when there is no need for further storage. A requirement may exist if the data is still needed to fulfil contractual services or legal requirements. In the case of legal storage obligations, deletion will only be considered after expiry of the respective storage obligation.

7. Your data subject rights

Every data subject has the right to information according to Article 15 of the Data Protection Regulation, the right to correction according to Article 16 of the Data Protection Regulation, the right to deletion according to Article 17 of the Data Protection Regulation, the right to restriction of processing according to Article 18 of the Data Protection Regulation and the right to data portability according to Article 20 of the Data Protection Regulation. The restrictions according to §§ 34 and 35 BDSG apply to the right of information and the right of deletion; in addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).

8. Obligation to cooperate

As a matter of principle, you are only required to provide personal data that is necessary for the establishment, implementation, and termination of a business relationship or that we are required to process by law. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it. In some cases, you are obliged to process data due to special legal regulations (e.g. within the scope of identification under money laundering law in accordance with Section 11 (6) of the German Money Laundering Act (GWG)), and we must identify you on the basis of your identity card and collect your master data, e.g. in order to broker contracts for which there is an identification obligation. Depending on the product, the brokerage may not be possible without this information and the desired business relationship may not be established.

9. Profiling

We process your data in part automatically with the aim of evaluating certain personal aspects. We use profiling in asset management and investment advice. Within the scope of the services mentioned above, we are legally obliged to issue a declaration of suitability or to carry out an appropriateness check before issuing an investment recommendation. For this purpose, we must obtain and evaluate information from the client. In doing so, we process data about the client's knowledge and experience in relation to transactions with certain types of financial instruments and investment services, about the client's financial circumstances, his ability to bear losses and about his investment objectives, including his risk tolerance.

10. Right to object

You have the right to object at any time, on grounds relating to your situation, to the processing of personal data concerning you which is carried out based on Article 6(1)(f) of the DSGVO (processing of data on the basis of a balance of interests). This also applies to profiling based on this provision within the meaning of Article 4 No. 4 DSGVO.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

We may also process your data for direct marketing purposes within the scope of the legal provisions. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.

The objection can be made without any formalities. You may choose to send your objection to the above-mentioned data controller or to the above-mentioned data protection officer.

11. Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed in cooperation with professional security specialists and adapted to technological progress.

12. Privacy Policy updates

We reserve the right to update this privacy statement at any time in accordance with applicable data protection regulations. The current status of this statement is June 2021.