Data Protection Information pursuant to Art. 13 GDPR for the Investor Portal for Climate Certificates in the form of Non-Fungible Tokens ("NFT Climate Certificates")
In order to ensure that you are fully informed about the processing of your personal data within the framework of the Investor Portal for NFT Climate Certificates (hereinafter "Investor Portal"), we provide you with the following data protection information.
-
Controller within the meaning of Art. 4 (8) GDPR and purpose of processing
The data controller in connection with the registration in the Investor Portal is Aquila Capital Holding GmbH ("ACH"), Valentinskamp 70, 20355 Hamburg, info@aquila-capital.com. ACH provides the investor with the technical facilities for using the Investor Portal.
The data controller in respect of the personal data required for the calculation of the of CO2 eq avoidance is Aquila Capital Investmentgesellschaft mbH ("ACI"), Valentinskamp 70, 20355 Hamburg.
The data processing is carried out in order to provide the investor with a climate certificate in the form of an NFT containing the following information:
- Theoretical CO2 eq avoidance for the past business year
- Projected CO2 eq avoidance over the total lifetime of the renewable energy project
- Equivalent average number of european households supplied with electricity by the renewable energy project.
-
Contact details of the Data Protection Officer
Ms Nasim Farbin has been appointed as Group Data Protection Officer for the Aquila Group (meaning ACH and its affiliated companies within the meaning of §§ 15. ff Stock Corporation Act (AktG)). The Group Data Protection Officer can be reached as follows: privacy@aquila-capital.com.
-
What data is processed?
When you visit the login page to the Investor Portal, we collect personal data as follows:
Login data:
You can access the Investor Portal in the login area by entering your e-mail address and a password of your choice.
Investment-related data:
In order to be able to provide you with the NFT Climate Certificate, it is necessary, among other things, to calculate the amount of CO2 eq avoided through your investment in renewable energy projects managed by the Aquila Group. For this purpose, we process your first name and surname as well as the amount invested in the respective project/fund. However, personal data is only affected if the investor is a natural person.
-
Legal basis of the data processing
Login data:
The legal basis for the processing of your personal data in the context of the login follows from Art. 6 (1) sentence 1 lit. f GDPR. The login data is processed in order to enable technical individual access to the NFT Climate Certificate. The service is free of charge and voluntary. The investor is free to log in to the Investor Portal and retrieve the NFT Climate Certificate using his email address and personally chosen password. ACH has a legitimate interest in data processing, as the individualised NFT Climate Certificate cannot otherwise be made available in this form. No conflicting interests of the investor can be identified.You may object to processing on the basis of Art. 6 (1) sentence 1 lit. f GDPR at any time for reasons arising from your particular situation.
Investment-related data:
The free provision of the NFT Climate Certificate is a special voluntary service provided by ACI and ACH. You are free to log in to the Investor Portal and retrieve the NFT Climate Certificate using your e-mail address and personally chosen password. By retrieving the NFT Climate Certificate, you consent to ACI processing your personal data (as far as concerned, see under clause 3.) for the calculation of CO2 eq avoidance under the NFT Climate Certificate. The consent is voluntary and can be revoked at any time with effect for the future at privacy@aquila-capital.com.
-
Transmission of data to third parties
We do not transfer your personal data to third parties. We use the service provider TokenForge GmbH for the technical implementation of the Investor Portal. This service provider receives access to your first and last name as well as your e-mail address. This is necessary to enable the investor personalised access to the Investor Portal. The password is reset via the service provider SendinBlue. This service provider also receives access to your e-mail address in the event of a password reset. The data will not be transferred to a third country.
-
Data deletion
Your login data and investment-related data will be deleted if the portal usage agreement is terminated, the deletion of the data is generally requested by the investor, ACH or ACI excludes the investor from use in accordance with the general terms and conditions or the functions of the portal are no longer provided by ACH. If you no longer wish to use the Investor Portal or wish to have your data deleted, please notify us by email to info@aquila-capital.com so that we can carry out a deletion of your data. Please note that deleting your data from the Investor Portal does not automatically mean that your data will be deleted in general. There may be a need to store the data elsewhere if the data is still required to fulfil contractual services. In the case of statutory retention obligations, deletion only comes into consideration after expiry of the respective retention obligation. Such retention and documentation obligations may arise from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods prescribed there for storage or documentation are two to ten years from the end of the year in which the last action was taken on the tax-relevant documents (usually the last annual financial statement/tax return of the fund). Finally, the storage period also depends on the statutory limitation periods, which, e.g. according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
-
Data subjects' rights
As a data subject, you have the following rights against the data controller:
Right of access pursuant to Art. 15 GDPR
You have the right to request information about your personal data processed by the controller. In particular, about the purposes of processing, the categories of personal data and about recipients or categories of recipients to whom the personal data have been disclosed. Furthermore, you have the right to obtain information about the planned duration of storage.
Right to rectification pursuant to Art. 16 GDPR
You have the right to request the correction of inaccurate or the completion of your personal data stored by the data controller without delay.
Right to erasure pursuant to Art. 17 GDPR
You have the right to request the deletion of your data under the conditions specified in Art. 17 GDPR
Right to restriction according to Art. 18 GDPR
In specific cases set out in the GDPR, you have the right to request the restriction of the processing of your personal data.
Right to data portability pursuant to Art. 20 GDPR
In specific cases set out in the GDPR, you have the right to receive and transfer all personal data concerning you to another controller (right to data portability).
Right of appeal pursuant to Art. 77 GDPR
You have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of the responsible party.
Right to object according to Art. 21 GDPR
If personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data if there are grounds for doing so that arise from your particular situation.