Data Protection Declaration
HQ Trust GmbH (hereinafter referred to as “HQ Trust” or “we”, “us” or “our”) takes the protection of your personal data very seriously. With this Data Protection Declaration, we wish to provide you with comprehensive information on how we handle your personal data. This Data Protection Declaration applies to the handling of your personal data when you visit our website and within the context of our business relationship.
Who is responsible and who can I contact?
HQ Trust is responsible for the processing of your personal data as described in the following. With regard to all data protection matters, you can contact the following addressee:
HQ Trust GmbH
Harald Quandt Haus
Am Pilgerrain 17
61352 Bad Homburg v. d. Höhe
Tel. +49 6172 402 850
Fax +49 6172 402 859
Our data protection officer can be reached at the following address
HQ Trust GmbH
Harald Quandt Haus
Data Protection Officer
Am Pilgerrain 17
61352 Bad Homburg v. d. Höhe
Tel. +49 6172 402 850
Fax +49 6172 402 859
2. What data do we process and where do they come from?
We collect and process your personal data depending on the specific processing situations. Here you can find a list of the data relating to the specific processing situation.
2.1. What data do we process when you visit our website?
If you are using the online services provided by HQ Trust on the website https://hqtrust.de/, we process, among others:
- data on the use of the website provided (e.g. IP address, browser used, time of the call up, content called up, duration of use), as well as further technical data comparable to the data listed.
2.2. What data do we process when you use HQ Trust Safe?
If, following registration, you use HQ Trust Safe which we have set up for the safe storage, sending and receipt of data and which can be reached via the members' area on our website, we process, among others:
- the data listed under Point 2.1,
- data on identification (user name and password),
- settings relating to choice of language and
2.3. What data do we process when you get in touch with us?
When you get in touch with HQ Trust, we generally process only the personal data necessary for establishing contact, in particular:
- data relating to you personally (first name and surname),
- data on the contact (postal address, telephone number, e-mail address, fax number).
2.4. What data do we process in the context of an ongoing business relationship?
In the context of the establishment and maintenance of an ongoing business relationship with you, we process the following personal data,
(i) which we have received from you, for example:
- your personal details (e.g. first name and surname, data and place of birth, nationality, marital status, gender),
- data relating to the contact (e.g. postal address, telephone number, e-mail address, fax number),
- data on your professional situation (e.g. details of employment, details of self-employment),
- data on tax registration (e.g. Tax Ref. No.),
- data on personal identification and authentication (e.g. ID card data, sample signature),
- data on your financial situation (e.g. level of assets, income level),
(ii) data which we receive from sources in the public domain, such as:
- public registers (e.g. land charge register, commercial register and register of associations),
- other information relating to you from the press and other officially-accessible sources, including retrievable information from the internet and such
(iii) as we have compiled on you in the context of our business relationship, such as:
- data on the services commissioned and products ordered (e.g. investment advice, depot advice, management of wealth),
- data on the fulfilment of your contractual obligations (e.g. data on the brokered financial products, data on the result of consulting) or
- data for documentation purposes (e.g. advisory report)
We would be pleased to provide you with specific information on your personal data which we process. Please use the contact address given under Point 1.
3. For what purposes do we process your data and on what legal basis?
We process your personal data exclusively in compliance with, and on the basis of, the terms of the General Data Protection Regulations (“GDPR”) and the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). In certain situations, we also process your personal data to comply with statutory stipulations or on the basis of your express consent.
3.1. Based on your consent
Provided you have issued us with consent to process your personal data, we shall process your personal data in the context of and on the basis of this consent. Consent may apply, for example, to the passing on of data to partner companies or the analysis of your data for specific advertising measures.
Consent is always provided on a voluntary basis. Refusal to provide consent or a revocation of same will have no negative consequences for you.
3.2. To meet contractual obligations
We generally process your personal data in the context of a contractual relationship, in the context of advice on investment decisions or the brokering of financial services and products and to execute your orders, including the necessary pre-contract measures.
In this regard, the purpose of the processing is determined on the basis of the commissioned services, the product ordered or your order. In some cases, we also have to transfer data to Group companies or other bodies in Non-Member States (states outside of the European Union or the European Economic Area, e.g. Switzerland, USA) for these purposes.
Details of the purpose and the further conditions of processing can be found in the terms of the respective contract.
3.3. Based on legitimate grounds
Furthermore, the processing of your personal data ensues to safeguard our legitimate interests provided your interests or rights and freedoms requiring the protection of your personal data take precedence.
Subject to a deliberation process in the individual case, we regularly proceed on the assumption that our legitimate grounds predominate within the context of the following non-exhaustive enumeration of processing situations:
- Support of existing clients;
- Information on products of HQ Trust by e-mail provided you have not objected to being addressed in this way or have not withdrawn any consent you may have issued;
- Analysis of the use of our website;
- Ensuring IT security;
- Prevention and investigation of criminal acts;
- Cooperation with state authorities;
- Measures to safeguard our owner's rights.
3.4. Based on statutory obligations
As a financial services provider we are also subject to numerous statutory compliance obligations which require the processing of your personal data. The statutory obligations include, among others, the mandatory requirements of the Fiscal Code (Abgabenordnung), the Financial Services and Markets Act (Finanzdienstleistungsaufsichtsgesetz), the Money Laundering Act (Geldwäschegesetz), the German Banking Act (Kreditwesengesetz) and the Securities Trading Act (Wertpapierhandelsgesetz). Further legal obligations arise from regulatory decrees, for instance, those of the Federal Financial Supervisory Authority (Bundesanstalt for Finanzdienstleistungsaufsicht -"BaFin"). For example, we must collect and process data for the verification of identity and confirmation of age, to prevent fraud and money laundering and to meet control and reporting obligations arising from tax laws and, where so required, pass it on to public bodies.
4. To whom do we pass on your data?
Where necessary, HQ Trust passes on your personal data to those bodies, or makes access available to those bodies which support us in meeting our contractual or legal obligations, or which have a legitimate interest in them. No transfer takes place where no specific legal basis for the transfer applies or where your interests or rights and freedoms take precedence.
In keeping with the obligations arising from contracts concluded with you, we may transfer your personal data for accounting purposes to an external accounting company.
Questions on tax-related themes may arise for you in relation to the provision of our services.
On your instructions and on the basis of your express consent issued prior to the transfer, we transfer your personal data for the purpose of the execution of consultancy services to Pilgerrain Vermögenstreuhand GmbH with whom we are associated.
In order to meet our contractual obligations and provide our services and products, we also pass your personal data on to order processors who process your personal data on behalf of HQ Trust. Processors are, in particular, companies providing services in the area of IT, telecommunication, telemedia, logistics, distribution and marketing. In particular, within the framework of a contract concluded with you regarding consultancy and the brokering of third-party financial services, we use processors to meet our statutory obligations with regard to consulting on or brokering of financial services. Processors are contractually obliged to process the data exclusively for the purposes specified by HQ Trust and to optionally delete or return the data when the contract comes to an end.
Furthermore, we transfer your personal data to those bodies for which you have furnished us with express and voluntary consent. In the context of the making available of third-party services on our website, personal data may be passed on to third parties, either partially or in full. Further information can be found under Point 6.
5. Do we pass your data on to third countries?
A transfer of your personal data to a third country ensues only in the context of a contract concluded between you and us regarding advice on investment decisions and brokering of financial services and products, where this is necessary for the fulfilment of our contractual obligations, e.g. the execution of an individual financial transaction on your instructions by a bank based in a third country.
Third countries are countries outside of the European Union or the European Economic Area. Within the framework of the transfer of personal data to a third country, we regularly ensure by suitable guarantees – for example the conclusion of standard contracts of the European Commission – that a transfer of data to a third country ensues only on the basis of a level of protection commensurate with GDPR.
6. What type of cookies and tracking technologies do we use?
You can limit the use of tracking technology by altering the settings on your browser. You can decide on the access you wish to grant us on your device and whether and for how long cookies may be stored on your device. You can delete cookies already stored at any time. Please note that the deactivation of all cookies may impact negatively on the functionality of our website.
6.1. What are cookies?
Cookies are small text files sent by the host server of the website when the website is used and which are stored on the user’s device (desktop computer, laptop, tablet, smart phone, other internet-enabled devices) by the browser used. Cookies are used to store information on the user so that it can be retrieved when the website is called up again.
6.2. What are cookies used for?
Cookies help us to understand how our website is used, analyse trends, administer the website, trace the steps taken by a user on our website, collect demographic information on our user base as a whole, allow you to navigate efficiently between websites, make a note of your preferences and settings on our website and fundamentally enhance your surfing experience. Cookies also contribute to ensuring that you can be shown advertising which matches your interests and is relevant for you.
We process the date collected using tracking technologies so that we can (i) note information so that you don’t need to enter it again during your visit to our site, or when you next visit our website, (ii) make personalised content, including advertising, available to you,(iii) recognise you across a range of devices, (iv) monitor the functionality and performance of our website, (v) collect aggregated key data with regard to overall number of visitors, overall traffic, use and demographic patterns on our website, (vi) diagnose and eliminate technical problems and (vii) implement other planning and improvements to our website.
6.3. What types of cookies are used on our websites?
As a rule, the cookies used on our websites fall into one of the following categories: necessary cookies, statistics cookies, functional cookies, marketing cookies or cookies belonging to social networks.
6.3.1. Necessary cookies
These cookies are indispensible for the functioning of our website and allow you to navigate our website and use its functions. Without these cookies, certain services necessary for the complete use of our website cannot be provided.
6.3.2. Statistics cookies
Using these cookies, we collect information on how visitors use our website, e.g. the sites most frequently called up and read or how users get from one link to the next. All information collected by this type of cookie does not relate to the individual user, rather is consolidated and processed with information of other users in aggregated form. The cookies supply us with analytical data on how our website is functioning and how we can improve it.
6.3.3. Functionality cookies
These cookies allow us to store a certain selection made by you and adapt our website so that it offers you further functions and content. These cookies can be used, for example, to store your chosen language or country.
6.3.4. Marketing cookies
These cookies are used to allow us to show you specific advertising. These cookies are also used to limit the number of pop-ups and measure the effectiveness of a certain advertising campaign.
Cookies of this kind can also store information on other sites you have visited and retain this data for call-up by other organisations, e.g. for advertising partners. As a result, when you have visited our website, you can receive advertising and ads on other offers and services from other websites.
6.3.5. Cookies from social networks
In order to facilitate the exchange of content in the internet, some of our websites may contain small software applications from third party providers, e.g. Facebook, Twitter, LinkedIn or Google+, to facilitate the exchange of data. Here, the cookies are not stored on your device by us but rather by the third party providers. We have no control over these cookies. Therefore, for further information you should visit the website of the third party providers.
6.4. How long are cookies stored on my appliances?
The duration of storage is primarily dependent on whether the cookies in question are “persistent” or “session” cookies. Session cookies are deleted when you leave the website which set the cookie. Persistent cookies remain on your device, even when you have finished surfing, until such time as they are deleted or expire.
6.5. Third-party cookies
Some of the cookies stored on your appliance originate with us. When you visit our websites, other cookies are stored on your device by third-party providers previously linked on our website by us. These third-party providers make a particular function or service available to us in connection with our websites. While we can control the choice of third party providers, we have no influence on the use of the cookies by a third-party providers. Some third-party providers may use advertising cookies.
In the context of the provision of our website, cookies of the third-party providers Google and Facebook are used. The use by the individual third-party providers is explained in the following.
6.5.1. “Google Tag Manager”
Our website uses Google Tag Manager, a service to imbed online advertising tools of Google Inc. (1600 Amphitheatre Parkway Mountain View, California 94043, USA) (hereinafter referred to as “Google“). The service does not store cookies on your system or collect personal data in any form. However, it can be used to imbed further Google services, as well as all tracking and advertising tools.
6.5.2. “Google Analytics”
Our website uses Google Analytics, a web analysis service of Google, which permits us to analyse the use of our website which is also in our legitimate interest. This facilitates the cross-device collection of data from multiple devices, sessions and interactions and the assignment to a user.
In order for Google Analytics to be used, a cookie is stored on the device from your visit to our website. The cookie is a text file with contains data on your use of our website and transfers it to a Google server. The data are stored and processed on the Google servers. Google will use the information transferred to analyse and evaluate your use of our website, on our behalf and on our instructions, and make this information available to us in the form of reports and activity notification.
The data we process within the framework of Google Analytics are automatically deleted after 50 months. You can object to the processing of your data in the context of “Google Analytics” at any time with effect for the future by clicking on the following link https://tools.google.com/dlpage/gaoptout?hl=de and following the instructions contained there.
6.5.3. Facebook Retargeting Technology
On our websites we use the retargeting technology “Facebook Custom Audience” from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, when based in the European Union, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Facebook“). “Facebook Custom Audience” helps us to provide you with suitable advertising and content which constitutes legitimate grounds for us.
The technology is implemented in a version by which a pixel, invisible for the user, is imbedded (pixel-technique) and allows us, once you have visited our website, to recognise you again when you use your Facebook account and show you tailored ads and content, known as “Facebook Ads”. Within the framework of the use of “Facebook Custom Audience”, we collect information on your usage patterns (e.g. which of our websites you have visited), technical data on the device used by you and, where appropriate, data on your Facebook user account.
You can object to the processing of your data in the context of “Facebook Custom Audience” at any time, with effect for the future, by calling up the following link https://www.facebook.com/settings/?tab=ads and following the instructions contained there.
6.6. Can mobile devices identify my location?
When you use our website with a mobile device featuring activated localisation, we may be able to collect information on your current device, geo coordinates and geo targeting data as well as the type of mobile device. However, most mobile devices offer the option of deactivating the localisation in the settings. HQ Trust does not use this service.
6.7. Right to object
You have the right to object to the processing of the data under Point 6 here. You can prevent the processing of this data by altering your browser settings. It is possible that you will then only be able to use the websites provided by us to a limited extent.
7. How long do we store your personal data personal data
We process and store your personal data only for as long as is necessary for our processing purposes.
7.1. Duration of storage in the context of the use of our online offers
On request, we will delete your personal data collected and stored within the framework of the use and provision of our online offers at any time and independently, at the earliest within a few days (generally seven days) of expiry of the mandatory retention period.
We process the personal data needed for the provision and use of HQ Trust Safe for as long as you continue to use the service.
7.2. Duration of storage in the context of our business relationship
As a matter of principle, we store your personal data in the context of our business relationship up to a maximum of four years following termination of your business relationships with us.
Where statutory retention and documentation requirements, or the protection of our own legitimate interests, e.g. in the case of possible legal disputes, require a longer retention period, your personal data will continue to the stored and processed even beyond the expiry of the specified time frame. Where possible, we shall block your personal data for further processing.
The retention periods specified in the statutory retention and documentation obligations range between two and ten years and ensue, among other things, from the Fiscal Code, the Money Laundering Act, the German Commercial Code, the German Banking Act and the Securities Trading Act.
8. Your rights
In the following you will find a summary of your rights regarding the processing of your personal data by us:
8.1. Rights to information, erasure, rectification, restriction of processing and data portability
Pursuant to Art. 15 GDPR, you have the right to information in accordance with which you can request confirmation on whether we process your personal data. Where this applies, you have the right to request comprehensive information from us regarding these personal data.
Pursuant to. Art.16 GDPR, you can demand that inaccurate data relating to you be rectified without delay.
According to Article 17 GDPR, you have the right to obtain the erasure of your personal data when they are either (i) no longer required for the purposes for which they were collected, (ii) you have withdrawn your consent to the processing, (iii) you have lodged an objection to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for continued processing, (iv) your personal data have been unlawfully processed, (v) the personal data must be erased for compliance with a legal obligation under Union or Member State law to which HQ Trust is subject, or (vi) the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1).
Pursuant to Article 18 GDPR, you have the right to obtain the restriction of processing where one of the following applies. When you either (i) have contested the accuracy of the personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and instead request restriction of their use, (iii) the data are no longer needed for the purposes of the processing but you require them for the establishment, exercise of defence of legal claims or (iv) you have objected to processing pursuant to Article 21 (1) GDPR pending the verification of whether our legitimate grounds for the processing override yours.
Pursuant to Article 19 GDPR, you have the right to information on the recipients of notification of any rectification or erasure of personal data or restriction of processing.
Pursuant to Article 20 GDPR, you have the right to receive the personal data concerning you which you have provided to us in a structured, commonly-used and machine-readable format and to transmit those data to another controller.
Where the processing or the transmission is based on your expressed consent, you can withdraw this consent with effect for the future at any time.
You have the right to lodge a complaint to the processing of your data or regarding a decision of HQ Trust relating to a right exercised by you with the Hessische Datenschutzbeauftragte, Postfach 3163, 65021 Wiesbaden.
For the assertion of your rights listed under Point 8.1 you can send in informal letter to one of the contact points listed under Point 1 by post, fax or e-mail.
8.3. Right to object pursuant to Art. 21 GDPR
8.3.1. Objection on grounds relating to your particular situation
Pursuant to Article 21 (1) GDPR, you have the right to object to the processing of your personal data at any time for grounds relating to your particular situation when this processing is carried out for our legitimate grounds, including any profiling based on these provisions (e.g. for credit rating). No further processing of your personal data shall then ensue, unless we have been able to demonstrate legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
You can lodge your informal objection by post, fax, or e-mail, addressed to:
HQ Trust GmbH
Harald Quandt Haus
Am Pilgerrain 17
61352 Bad Homburg v.d.Höhe
Fax +49 6172 402 859
9. No obligation to provide personal data
As a matter of principle, you need only provide such data to us as are necessary for our business relationship or which we are obliged by law to collect (e.g. mandatory details on your person for purposes of identity verification pursuant to the general duty of care of Section 10 ff. Money Laundering Act).
As we are unable to furnish our services without the provision of the data necessary for the execution of the business relationship or the data we are obliged by law to collect, or unable to provide them lawfully, we regularly decline to enter into a contractual relationship in this case or reserve the right to terminate an ongoing contractual relationship when we can longer provide the services as laid down in the contract.
10. Automated individual decision-making and profiling
You have the right not to be subject to a decision based solely on automated processing including profiling when the decision is not necessary for the conclusion or the fulfilment of a contract, is not based on mandatory legal stipulations or does not ensue based on your expressed consent.
HQ Trust does not use any process based on automated decision-making including profiling within the meaning of Article 22 GDPR where we have not explicitly informed you of same.
If you wish to receive the newsletter offered on the website, we require your e-mail address and information which allows us to verify that you are the owner of the specified e-mail address and consent to receipt of the newsletter. Further data will not be collected, or will be collected only on a voluntary basis. We use this data exclusively for transmission of the information requested and do not pass it on to third parties.
The processing of the data entered in the Newsletter registration form ensues exclusively on the basis of your consent (Article 6 (1) lit. a GDPR). You can withdraw the consent given to the storage of data, the e-mail address and their use for the transmission of the Newsletter at any time, for example via the link in the Newsletter. The lawfulness of the data processing which has already ensued remains unaffected by the withdrawal.
The data you provide to us for the purposes of receiving the Newsletter will be stored by us until such time as you cancel the Newsletter, and deleted following cancellation of the Newsletter. Data stored by us for other purposes shall remain unaffected.
For the mailing of our Newsletter, we use our service provider (processor) Mailjet.
- Mailjet GmbH Legal Details: https://www.mailjet.de/impressum/
- Mailjet GmbH Data Protection: https://www.mailjet.com/security-privacy/
Mailjet processes your personal data on our behalf. To this end, your data will also be stored by Mailjet. Mailjet offers us analysis options on how the Newsletter is opened and used.
Last updated on 23.08.2019.
Main features of the remuneration schedule of HQ Trust GmbH
Fixed annual salary
For the individual positions at HQ Trust, salary bands are defined for the fixed salary, based among other things on training, experience, perceived value of the position, management responsibility, etc.
Variable profit sharing
Selected employees may be offered a share in the profits of HQ Trust. This profit-sharing scheme will be defined in a way which ensures that no conflict with the interests of clients and business partners can occur.
The remuneration system policies will be reviewed once annually by the management.