Privacy Policy
Realport

1. General

Personal data is processed in the operation of the Realport websites (realport.co and realport.net domains) and the use of services offered through these websites (“Website”). This privacy policy informs you about the nature, scope and purpose of the processing of your personal data by the data controller pursuant to Art. 13 and 14 of the General Data Protection Regulation (GDPR).

It is based on the definitions of the GDPR, in particular according to Art. 4.

The controller for the collection, processing and use of personal data is: Realport Broker GmbH
Lennéstraße 5
10785 Berlin
Germany

Realport Broker GmbH is supported by Realport AG, Lennéstraße 5, 10785 Berlin, Germany (“Realport”, “we”), for the technical provision of our services. Regarding the processing of data within the scope of our services, written agreements according to the GDPR are in place between Realport Broker GmbH and Realport AG.

Our Data Protection Officer is Intelliant GmbH, located in Berlin, Germany. You can reach our Data Protection Officer at any time writing to [email protected].

2. Details of data processing

The type, scope and purpose of the processing of personal data depend on which Realport services are used. We will process specific personal data required for each particular service and depending on the respective group of data subjects (e.g. customers, Website visitors).

2.1. Website Services

The data subjects with regards to the services provided through the Realport website are all Website visitors.

2.1.1. Provision of the Website

In order to make the Website available, to enable basic functions and trouble-free operation, it is technically necessary to process personal data. Although these are basically device data, with this data it may possible to link them to the visitors. For example, the IP addresses of the used terminals, identifiers of the used terminals, the operating systems and the browser are processed solely in order to establish a connection between the terminal and the server hosting the Website and to display the contents in the intended layout.

Processing
website provision
Purpose
  • Establishing the technical connection between the visitor's terminal device and our website (conducting the session).
  • Maintaining and improving the functionality of the website
  • Maintaining and improving the information security or data security (confidentiality, availability and integrity) of the website (data storage in log files)
Categories of data
  • IP address of the accessing system
  • Type of browser used by the end device and version
  • Internet service provider of the accessing system
  • date, time and type of the access
  • third-party websites from which the user's system accesses our website
  • Third-party websites that are accessed by the user's system via our website
Categories of recipients
  • Website Hosting –
    • Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States – exclusively European server location
    • FastComet Inc., 350 Townsend St., Suite 300 - #846, San Francisco, CA 94107, United States – exclusively European server location in Frankfurt, Germany
Storage period or its criteria
  • Session: data deletion at the end of the respective session
  • Log files: data deletion after 7 days or anonymization
Legal basis
  • Art. 6 para. 1 b) and f) GDPR (contract performance and legitimate interest)

2.1.2. Webfonts

When a page is requested, the visitor’s browser loads the required web font into the visitor’s browser cache to display the texts and fonts correctly.

If your browser does not support web fonts, a default font will be used instead.

Processing
webfonts
Purpose
  • Present our online services in a uniform and attractive form
Categories of data
  • IP address of the accessing system
Categories of recipients
  • Font hosting –
    • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States, “Google
Third-country data transfer
  • in the USA to Google
  • An agreement has been concluded with Google based on the EU standard data protection clauses, which ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPR
Storage period or its criteria
  • CSS requests cached for 1 day
  • Font files cached for 1 year
Legal basis
  • Art. 6 para. 1 f) GDPR (legitimate interest)

2.1.3. Range Measurement & Optimization of Our Offer

This Website uses cookies for range measurement and optimization of our offer. The cookies are transmitted either from us or from third-party servers to the visitor's browser.

Processing
Range measurement & optimization of our offer
Purpose
  • Range measurement
  • Optimization of the offered services
  • Online marketing
  • Targeted advertising
  • Collect, manage, document and revoke the consent
Categories of data
  • IP address of the accessing system
  • Type of browser used by the end device and version
  • Internet service provider of the accessing system
  • date, time and type of the access
  • third-party websites from which the user's system accesses our website
  • Third-party websites that are accessed by the user's system via our website
  • More details can be found in the privacy policies of the cookie providers
Categories of recipients
  • Cookie consent management
    • Cookiebot by Usercentrics A/S (Havnegade 39, 1058 Copenhagen, Denmark) "Cookiebot"
  • Cookie providers (see cookie consent management for more details)
    • Google Analytics, Google Search Console, Google Tag Manager -  
      Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States, “Google
    • LinkedIn Pixel -
      LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, “LinkedIn
Third-country data transfer
  • in the USA to Google, LinkedIn
  • An agreement has been concluded with the above-mentioned providers based on the EU standard data protection clauses, which ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPR
Storage period or its criteria
  • depending on type: session, 90 days
Legal basis
  • Art. 6 para. 1 a) GDPR (consent)

As a result, a recognition of the used device is potentially possible. The data of the visitor which is collected through the use of cookies is pseudonymized. Thus, the connection between the collected data and a data subject is no longer possible, neither for us nor for third parties. The data will not be collected together with other data of the visitor. In some cases, the data is anonymized before use, so that the conclusion on the visitors is altogether impossible.

These cookies are only set once you have given us your consent. To grant your consent, we will provide you with a communication field at the beginning of the visit to the Website.

Any given consent can be revoked at any time with future effect in the cookie settings on our Website. The cookie settings can be found under “Manage Cookies” on the Website. The set cookies will be deleted.

2.2. Information Services

The data subjects with regards to the information services are all natural persons interacting with Realport, signing up to receive information from Realport, or requesting and downloading information material (e.g. whitepapers) from Realport. Information services might also include invitations and sign-ups to events, links to news and articles regarding Realport, and suggestions to latest podcast episodes and upcoming webinars.  

The data subjects with regards to the mailing list are the subscribers.

2.2.1. Contact Form, Mailing List, Whitepaper download and Customer Service

To learn more about Realport and to receive more detailed information about Realport’s services, various contact forms on the Website can be used to request further information or sign up for the mailing list. The mailing list is a separate, free information service that can be used independently of any existing customer relationship.

By submitting the contact form, the subscriber consents to be contacted by us via e-mail with more information regarding Realport and its services.

After submitting the contact form, the subscriber will receive an e-mail. This e-mail has a link with which the subscriber must confirm the registration to the mailing list. We can provide further information on our services only after the conformation has taken place (double opt-in).

The subscriber can unsubscribe from the mailing list and therefore withdraw the consent at any time. Each mailing contains information to unsubscribe from the mailing list with future effects. Alternatively, the request to unsubscribe can be sent via e-mail at any time.

For the distribution, management and statistics of the contact forms, as well as the mailing lists we are using service providers.

Processing
Contact form, mailing list, whitepaper download and customer service
Purpose
  • Customer relationship management
  • Answering customer requests and questions
  • Providing product and company related information
  • Informing about events, publications, recordings
  • Providing informative whitepapers and related documents
  • Management and administration of customers, prospects, leads and other requests
Categories of data
  • E-mail address
  • Name
  • Depending on purpose above / optional:
  • Investor type
  • Company name
  • Job title
  • Date, time and type of the contact
  • IP address of the accessing system
  • Type of browser used by the end device and version
Categories of recipients
  • CRM software
    • Pipedrive, Inc., 490 1st Ave South, Suite 800 St. Petersburg, FL 33701, United States, “Pipedrive
Third-country data transfer
  • in the USA to Pipedrive
  • An agreement has been concluded with the above-mentioned providers based on the EU standard data protection clauses, which ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPR
Storage period or its criteria
  • depending on type of request and customer status / min. 3 months after ticket was closed / max. 3 years after end of customer relationship
Legal basis
  • Art. 6 para. 1 b), f) or a) of GDPR (contract performance or legitimate interest or consent)

For information material (e.g. whitepapers) provided on external websites, Realport offers only the redirect through a weblink and is not responsible for any processing of personal data by the provider. Please read the privacy policy of the respective website operator.

2.3. Services for Registered Users

The data subjects with regards to the services we offer for registered users are our customers. Between entering and completing the registration process, data subjects are considered potential customers.

The data subjects with regards to the services offered for registered users are Realport customers (“Investors”). Between entering and completing the registration process, data subjects are considered potential customers.

2.3.1. Renewables Database

The renewables database is based on your RealDealFlow sign up. Therefore, no further personal data is processed. The Renewables Database serves the purpose of optimizing the Realport portfolio of assets and deals based on your interests and indications of hypothetical investments as a professional investor.

Processing
Renewables Database
Purpose
  • Improving the Realport services
  • Optimizing assets and deals according to customer interests and preferences
Categories of data
  • E-mail address
  • Name
  • Company name
  • Investment preferences
Categories of recipients
  • Not applicable
Third-country data transfer
  • Not applicable
Storage period or its criteria
  • Deletion within 3 months after account deletion
Legal basis
  • Art. 6 para. f) of GDPR (legitimate interest)

2.3.2. Investment Platform

Realport offers professional investors various investment opportunities. Therefore, different user roles can register in the Realport application to create a profile, authenticate company representatives and the company account, and request deal room accesses to initiate investments.

While the Realport services are currently geared towards solely non-consumer investors, Realport processes personal data of the different users (natural persons) representing an investor. These user roles include:

  1. Applicant User
  2. Legal Representative / Procura / Opt up Professional
  3. Ultimate Beneficial Owner

The processing of personal data differs slightly for each role:

Applicant User
Legal Representative
Procura
Opt up Professional
Ultimate Beneficial Owner
Data categories
  • Name
  • Email, phone number
  • ID / passport
  • Name
  • Email, phone number
  • Date of Birth
  • Birth City
  • Address
  • Nationality
  • Tax Residency
  • Tax Identification Number
  • Additional tax countries
  • ID / Passport
  • Name
  • Date of Birth
  • Birth City
  • Birth Country
  • Address
  • Nationality
  • Tax Residency
  • Tax Identification Number
  • Voting Shares
Purposes
  • User account creation
  • Identity verification
  • User account creation
  • Identity verification
  • Business Know Your Customer (KYC)
  • Business Know Your Customer (KYC)
Legal basis
  • article 6.1 (b) GDPR
  • article 6.1 (f) GDPR
  • article 6.1 (b) GDPR
  • article 6.1 (c) GDPR
  • article 6.1 (b) GDPR
  • article 6.1 (c) GDPR
Data transfers
German service providers for identification
German service providers for identification and Business KYC
German service providers for Business KYC

The categories of personal data listed above are collected completely in the onboarding process by Realport or its service providers and are processed solely for the purposes of creating and administering user accounts, as well as to perform the identification and the Business KYC.  

Realport collaborates with Solarisbank AG (Anna-Louisa-Karsch-Straße 2, 10178 Berlin, Germany, “Solarisbank”). Due to regulated obligations, partners require a Business KYC process, which is carried out jointly. Further, IDnow GmbH is used by the partners as a service provider for the identification of users. As part of the investor account opening process, in addition to the contract with Realport, a contract is also concluded with Solarisbank. Solaris acts as joint controller with Realport according to Art. 26 GDPR and is independently responsible for any further processing on their side.

In terms of its investment services, Realport does not transfer personal data of Investors and Investor representatives to third countries. In certain cases, if required by the circumstances, personal data of users may be transferred to third countries, for example to maintain customer service or to provide information by e-mail. For these cases, Realport ensures appropriate security measures in the form of data processing agreements in accordance with Art. 28 GDPR and appropriate safeguards in accordance with Art. 46 GDPR.

Realport processes the personal data of the users for the above-mentioned purposes. After termination of the contract and thus after the purposes and legal bases have ceased to exist, all personal data will be deleted immediately, unless there is a legal obligation to retain such data. In this case, the data concerned will be completely removed after these retention periods have expired.

2.3.2.1. Customer service for Investors

For investors, Realport offers a customer support solution with higher service levels and availabilities. To answer requests appropriately and promptly, a professional and established service provider is integrated in the investment platform in the form of a chat tool. To identify the user and deliver individual customer support, the chat tool is already equipped with certain general data of the user. In the chat tool, the user has the option to talk to an agent, to schedule a meeting, to read the FAQs, and to leave a message if all agents are offline.

Processing
Customer Service for Investors
Purpose
  • Provide individual customer support to registered users of investors
Categories of data
  • E-mail address
  • Name
  • Company name
  • Content of chat/request
Categories of recipients
  • Customer service software
    • LiveChat, Inc., 01 Arch St FL 8 Boston, MA, 02110-7500 United States
Third-country data transfer
  • in the USA to LiveChat / User data stored and processed in EU data centers
  • An agreement has been concluded with the above-mentioned providers based on the EU standard data protection clauses, which ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPR
Storage period or its criteria
  • depending on type of request and customer status / min. 3 months after ticket was closed / max. 3 years after end of customer relationship
Legal basis
  • Art. 6 para. 1 b) or  f) of GDPR (contract performance or legitimate interest)

2.4. Application Process

The data subjects with regards to the application process at Realport are all applicants and candidates for positions at Realport.

Processing
Application and recruitment process
Purpose
  • Participation in the application procedure for the vacant position
  • Processing of the application procedure
  • Implementation of pre-contractual measures
Categories of data
  • Any personal data that you provide through our job application form including, but not limited to: Full name, email address, phone number, location, resume/CV, cover letter, picture, degree, educational data LinkedIn profile, visa information
  • Statuses, notes and planning related to your job application, and
  • Email communications.
Categories of recipients
  • Personio GmbH, Rundfunkplatz 4, 80335 München, Germany, "Personio
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, “LinkedIn
Third-country data transfer
  • in the USA to LinkedIn
  • An agreement has been concluded with the above-mentioned providers based on the EU standard data protection clauses, which ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPR
Storage period or its criteria
  • After termination of the purpose
  • Storage period 6 months after termination of the application process.
  • Subsequently, the data is deleted or made anonymous if the applicant is rejected, or transferred to the personnel file if the applicant is hired.
Legal basis
  • Art. 6 para. 1 b) of GDPR (contract performance)

3. Rights of data subjects

If your personal data is being processed, you are data subject as defined by GDPR. Consequently, you have the rights described in articles 15 to 21 GDPR in relation to the controller. In order to exercise your rights or to obtain further information on data protection regarding Realport, please contact our data protection officer by sending an e-mail to [email protected].

3.1. Right of access, Art. 15 GDPR

Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you can request the following information from us: Processing purposes; Category of personal data being processed; Recipients or categories of recipients to whom your data has been or will be disclosed; Planned storage period or, if specific information on this is not possible, criteria for determining the storage period; Existence of a right to rectification, erasure, restriction of processing or objection; Existence of a right to lodge a complaint with a supervisory authority; Origin of your data, if it has not been collected by us; Existence of automated decision-making including "profiling" and, if applicable. meaningful information on their details; transfer of the personal data to a third country or to an international organization; appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

3.2. Right to rectification

In accordance with Art. 16 GDPR, you have the right to demand the correction or completion of your personal data stored by us without delay.

3.3. Right to restriction of processing

Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.

3.4. Right to deletion

Pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

3.5. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against the controller, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

3.6. Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

3.7. Right of objection

According to Art. 21 GDPR, you have the right to revoke your consent at any time. We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to "profiling" insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

3.8. Right to revoke the declaration of consent under data protection law

In accordance with Art. 7 para. 3 GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

3.9. Right to complain to a supervisory authority

Finally, in accordance with article 77 GDPR, you have the right to file a complaint with the supervisory authority responsible for the controller:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstrasse 219
10969 Berlin, Germany

Telephone: 030 13889-0
E-mail: [email protected]
Internet: www.datenschutz-berlin.de

4. Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy from time to time, to the extent permitted by applicable law.  

The latest version of this document is permanently available at https://realport.co/privacy-policy.

Updated: September 2022.