Privacy Policy
1. Responsible party
Unless and insofar as otherwise communicated in individual cases (e.g. in this or other privacy policies, forms or, if applicable, contracts that you conclude with one of our group companies), the following party shall be responsible for data processing:
General:
SOLIT Group AG (“SOLIT”)
Hauptstrasse 15
8274 Tägerwilen
SWITZERLAND
UID CHE-416.529.343
E-mail: info@solit-group.com
Phone: +41 (0) 71 667 09 09
For data processing in connection with flexgold:
SOLIT Management Suisse GmbH (“SOLIT Suisse”)
Hauptstrasse 15
8274 Tägerwilen
SWITZERLAND
UID CHE-453.629.262
E-mail: info@solit-kapital.ch
Phone: +41 (0) 71 667 09 09
The present Privacy Policy also applies to data processing carried out in connection with a local legal obligation by one of our group companies or in connection with the performance or execution of a contract that you conclude with them. In these cases, the group company in question is the data controller for the related data processing. To the extent provided for in this Privacy Policy, several group companies may also act as joint data controllers (see Clause 3, Joint responsibility). With regard to data processing for which local legal systems have their own data protection regulations, the data protection regulations applicable in this legal system shall apply, e.g. local regulations on employee data protection or with regard to advertising measures.
2. Contact details of our data protection officer
If the data subject has any questions about this Privacy Policy, he/she may contact the corporate data protection officer (GDPR territory) or the data protection advisor (Switzerland):
SOLIT Group AG
Hauptstrasse 15
8274 Tägerwilen
E-mail: privacy@solit-group.com
3. General information on data proccessing
Within the framework of our business and website operations, we process personal data (“personal data” or “data”). When we refer to “website”, we mean our main websites www.solit-group.com, www.solit-kapital.ch, www.solit-kapital.de as well as the sub-pages of our group linked to them, including our group companies and digital products that we provide (“website”). The processing also includes disclosure by transfer to third parties and, where applicable, to so-called third countries outside Switzerland, the European Union (“EU”) and the European Economic Area (“EEA”). Where we transfer data outside Switzerland, the EU or the EEA, we have marked this accordingly. The reference to a legal basis of the GDPR shall, where applicable, also apply in each case as a reference to the justification required under Swiss law should data processing otherwise unlawfully infringe the personality of a data subject.
4. Joint processing
We process personal data jointly within the SOLIT group of companies for the purpose of effective internal management of personal data and corporate systems. For this purpose, we transfer your data to group companies affiliated with us or process the data in systems that are jointly operated with the companies affiliated to us.
You can view the stakeholders of our group of companies here: https://www.solit-kapital.de/solit-gruppe/.
The legal basis for joint data processing is our overriding legitimate interest in effective management and IT infrastructure pursuant to Art. 6, Clause 1 f) GDPR. We are jointly responsible with our affiliated companies for the processes that are subject to joint data processing. Accordingly, we have bindingly defined the internal competences and responsibilities in a contract. The specific processes that fall under joint processing are marked accordingly below.
The information obligations of the GDPR shall be fulfilled by the respective company with which you were first in contact. We have set up a joint office for the fulfilment of data subject rights:
Data Protection Department, privacy@solit-group.com
However, you can also contact us at any time with enquiries or to assert your data protection rights at the contact addresses listed in Clause 2. We will then forward your request internally for processing.
5. Data processing
The details of data processing, the data concerned, processing purposes, legal bases, recipients and, if applicable, transfers to third countries are listed below:
a) Log file of website visit
We log your website visit. In doing so, we process:
- name(s) of our accessed website(s);
- date and time of access;
- the data volume transferred;
- the browser type and version;
- the operating system you are using;
- the referrer URL (the previously visited website);
- your IP address;
- the requesting provider.
The legal basis for data processing is our overriding legitimate interest in the ongoing provision and security of our website pursuant to Art 6, Clause 1 f) GDPR. The log file is deleted after seven days, unless it is required to prove or clarify specific legal violations that became known within the retention period.
b) Hosting
To ensure our online presence, we use the services of web hosting providers who process the above-mentioned data and all data to be processed in connection with the operation of this website (log file during website visits) on our behalf.
The legal basis for data processing is our overriding legitimate interest in the provision of our website pursuant to Art. 6 Clause 1 f) GDPR.
c) Contact
If you contact us, e.g. also via one of the contact forms provided on the website (e.g. simple contact form, material orders, enquiry as a sales partner), we process the following data from you for the purpose of processing and handling your enquiry: name, contact details (including address details, if applicable) – if provided by you – and your message.
The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations pursuant to Art. 6 Clause 1 b) GDPR and/or our overriding legitimate interest in processing your enquiry pursuant to Art. 6 Clause 1 f) GDPR. The personal data collected by us to contact you will be automatically deleted after the request you have made has been concluded.
Contact data management shall be carried out within the framework of joint responsibility pursuant to Clause 3.
d) Contact for job applications
If you contact us to send us your application as an employee, e.g. by e-mail or via contact form, the data you provide (e.g. name, e-mail address, desired place of employment, etc.), your message and the application documents submitted will be processed exclusively for the purpose of processing and handling your application request.
The legal basis for data processing is primarily, as far as applicable, § 26 BDSG (Federal Date Protection Act). Accordingly, the processing of data in connection with the decision on the establishment of an employment relationship is permissible. The personal data collected to contact applicants will be deleted after the rejection or until the position is filled.
Should the data be necessary for legal prosecution, if applicable, after the application process has been completed, data processing and the associated storage may take place in order to safeguard our legitimate interests pursuant to Art. 6 Clause 1 f) GDPR, namely for the assertion and/or defence of claims. If an application is successful, we may subsequently store your data, if and to the extent suitable, for the purpose of executing the employment relationship.
e) Customer account
In connection with the opening and use of a client account (log-in to a protected user area), we process your inventory data (name, nationality, address, e-mail address, bank details) and your usage data (user name, password). This enables you to manage your orders and contracts and to identify you as a client. The legal basis for this data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
The information related to the customer account shall be deleted after deletion of the same.
f) Contract processing
We process your order data to settle the contractual relationship between you and us.
The legal basis for the data processing is the fulfilment of our contractual obligations pursuant to Art. 6 Clause 1 b) GDPR and, in individual cases, the fulfilment of our legal obligations pursuant to Art. 6 Clause 1 c) GDPR.
We transmit your address data to the company commissioned with the delivery. If necessary for the processing of the contract, we also transmit your e-mail address or your telephone number to the company commissioned with the delivery in order to coordinate a delivery date (“notification”).
We transmit your transaction data (first name, surname, address, date of order, payment method, date of dispatch and/or receipt, amount and payee, bank details or credit card details, if applicable) to the payment service provider commissioned to process the payment.
If you conclude a contract with us that includes the safe custody of valuables or fractional ownership (“joint ownership”), we shall pass on your data to a trust company for the administration of the deposits or the safe custody of the valuables.
Data processing in connection with safe custody shall be carried out within the scope of joint responsibility pursuant to Clause 3.
g) flexgold
flexgold is a product that offers the possibility to purchase and sell co-ownership of bullions. The offer is provided via a mobile app or web app, which can be downloaded from the app stores initially indicated or operated via browser. The applicable provisions and details of the product can be found in the respective current General Terms and Conditions. The services are provided by SOLIT Suisse. The following personal data is processed in connection with the provision of the product and the associated proper course of business:
- technical data when you download the mobile app and install it on your end device, e.g. end device, time of download, browser type, IP address, time of registration, etc.;
- information that we receive from you as part of the on-boarding process, e.g. registration data, profile data, log-ins, user name, e-mail address, phone number, personal details, date of birth, creditworthiness data if applicable, nationality, address details, etc. This also includes information that we need to comply with regulatory requirements, e.g. as part of the fight against fraud and money laundering (KYC, AML, AMLA) as well as application data (if necessary in a corresponding form) in case you wish to obtain a new product or make a new investment or submit an application for another service;
- biometric data (fingerprint, facial recognition), provided you give us your consent, i.e. provided you choose one of these options as part of the authentication process and provide us with this information by taking the corresponding action;
- contractual data: for proper business processing, we require further information which we obtain from you on forms (e.g. account details, information on bullions you have purchased, Form A, Form K, etc.), if we wish to make a payment, if you wish to purchase new products, deliver existing ones or cancel them, etc. We may also require specific documents (e.g. foreign notarisations), powers of attorney or details of third parties that you disclose to us;
- account information: in connection with the product, the user of the product will make various account transactions. For this purpose, he/she will also open a user account on which the corresponding credit balances of the user are booked. In addition, the user provides us with bank account details which we require when we make transfers in connection with the purchase or sale of or changes to your currency or precious metal inventory in favour of the user, as well as in the event of a termination of the contract or for additional payments of services. Furthermore, for our part, we manage transactions that are received and recorded in our own account (a so-called nostro account), as well as your receipts into our account, e.g. if you have successfully passed the on-boarding process;
- information on transactions carried out in connection with the acquisition or sale of precious metal inventories and ownership rights or interests therein;
- details of the respective currency and precious metal inventories;
- details of additional services such as planned orders, drawn savings plans or payout plans, and new assets and investments;
- details of settings made, such as in particular exchange rate data (e.g. desired currency, metal weight, exchange rates, etc.), in your dashboard, but also details of your profession, your investment preferences, information on your precious metal inventory, manual holdings or physical holdings, including the location of the selected warehouse;
- information on collateralisation of our claims (e.g. liens);
- information including address data on delivery or handing over of bullions.
Furthermore, we can also inform you about current news in the app. In connection with flexgold, various third-party providers are involved, e.g. in connection with the monitoring of the use of the funds paid in, in connection with the operation of the app, for the purpose of safe custody of the inventories and, where applicable, in connection with the implementation of regulatory processes (e.g. KYC process, audit).
h) Shop system and customer data management using Salesforce
In order to provide our shop system and manage our customer data, we use systems furnished by Salesforce.com Sàrl, Ernst-Nobs-Platz 1, 8004 Zurich, Switzerland or by Salesforce.COM Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany (“Salesforce”). The data we process in the context of providing you with your customer account and transacting your purchases is therefore processed by us in Salesforce systems.
We do not pursue any additional purposes by process your data with Salesforce systems. The legal basis of the processing therefore corresponds to the aforementioned legal bases under Clauses 5 e) and f).
Salesforce is a corporation with worldwide branch offices. The parent company of the group is salesforce.com, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. Data may therefore be transferred to the U.S. within the scope of data processing at Salesforce. The EU Commission has not issued an adequacy decision regarding data transfers to the U.S. However, according to its own information, Salesforce ensures an appropriate level of data protection through so-called Binding Corporate Rules (BCR). These are binding internal data protection rules that have been approved by a European supervisory authority. Moreover, Salesforce ensures an adequate level of data protection through the EU standard contractual clauses. We will provide you with a copy of the standard contractual clauses upon request. To request these, please contact privacy@solit-group.com. Customer data management via Salesforce is carried out within the framework of joint responsibility pursuant to Clause 3.
i) Content Management Systems (CMS)
We use the CMS WordPress of Automattic Inc, 60 29th Street Suite 343 San Francisco, CA 94110 USA (“Automattic USA”). The responsible party for data processing at Automattic is Aut O’Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland (“Automattic Ireland”). However, it cannot be ruled out that a data transfer to Automattic USA could take place. The CMS is hosted in Europe on SOLIT’s and SOLIT Suisse’s own servers. When processing data, an appropriate level of data protection maintenance shall be ensured.
https://automattic.com/de/privacy/
j) Newsletter
We offer to send you an e-mail newsletter in order to provide you with regular information about our company and offers. With your newsletter registration, we process the data you entered during registration (e-mail address as well as other voluntary information). To prevent misuse, we will send you an e-mail after your registration in which we ask you to confirm your registration (double opt-in procedure). To ensure that we can verify the registration process in a legally compliant manner, your registration is logged. This concerns the time of registration and confirmation as well as your IP address.
The legal basis for sending the newsletter is your consent pursuant to Art. 6 Clause 1 a GDPR. The data processing in connection with sending the confirmation e-mail for your registration and the associated data logging is carried out pursuant to Art. 6 Clause 1 f) GDPR due to our legitimate interest regarding the verification of your proper registration.
If you provide us with your consent, we shall also evaluate whether you have opened the newsletter and the scrolling and clicking behaviour in the newsletter. This is done to optimally adapt our newsletter to your interests and improve the content of our newsletter.
The legal basis for the analysis of the newsletter is your consent pursuant to Art. 6 Clause 1 a) GDPR.
For the dispatch of the newsletter, we use service providers to whom we transmit the aforementioned data.
We use the services provided by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, to send the newsletter.
You can revoke your consent for data processing by Inxmail for our web domain at any time with future effect by unsubscribing from the newsletter.
k) Participation in prize draws
If you participate in a prize draw organised by us, we will process the data you have provided: first name, surname, e-mail address and, if provided by you: address, company, telephone number for the purpose of participation or to contact you if you win the prize. If you are the winner, we will request your surname, first name and address for the purpose of transferring the prize, unless this has already taken place during your registration. In any case, we will inform you of your prize in advance by e-mail. We will forward your surname, first name and address to the company responsible for delivering the prize.
The data processing is carried out for the fulfilment of our obligations within the scope of carrying out the prize draw pursuant to Art. 6 Clause 1 b) GDPR.
l) Webinars
If you participate in a webinar organised by us, we will process your participant data for the purpose of conducting the webinar. We may also make recordings for this purpose, but we will inform you of this in advance. In the case of a free webinar, we process this data based on your prior consent pursuant to Art. 6 Clause 1 a) GDPR; in the case of a webinar for which a fee is charged, for the fulfilment of our contractual obligations pursuant to Art. 6 Clause 1 b) GDPR. To implement our webinars, we use a service provider to conduct video conferences or webinars, who processes the participant data accordingly.
m) Use of cookies
We use so-called cookies on our website. Cookies are small text files that are stored on your respective end device (PC, smartphone, tablet, etc.) and saved by your browser.
Information about the specific cookies we use, their providers and purposes can be found in our consent banner. There you can give your consent to the respective services, revoke the same or subsequently adjust your settings.
Excursus: use of Google services
aa) Google DoubleClick
This cookie is set by Google and saved under the name doubleclick.com. This cookie is used to track how often a user views a particular ad, which helps to measure the success of a campaign and calculate the revenue generated by the campaign. These cookies can only be read by the domain for which they were set; therefore, they do not track data when browsing other websites.
n) Analysis/ Marketing
aa) Google Analytics
We use the Google Analytics tracking tool from Google on our website. We use Google Analytics to evaluate your use of the website, to compile reports on the activities within this website and to provide other services related to the use of the website to improve user-friendliness.
When Google Analytics is used, the interactions of website visitors are primarily recorded and systematically evaluated with the help of cookies.
We use Google Analytics with the extension “anonymizelp”. This shortens IP addresses within the Member States of the EU and the EEA. If a transmission to Google’s servers in the U.S. takes place, the full IP address is only transmitted in exceptional cases and shortened there. A direct personal reference is therefore generally excluded. It is no longer possible to assign the IP address to the computer or terminal device of the website visitor.
The following data is processed using Google Analytics:
- your internet provider;
- 3 bytes of the IP address of the website visitor’s accessed system (shortened IP address);
- the accessed website (incl. click path);
- achievement of “website goals” (conversions, e.g. newsletter subscriptions and unsubscriptions, downloads, purchases);
- your user behaviour (e.g. clicks, dwell time, frequency of call-up, bounce rates);
- your location by region;
- the website from which the user accessed the page on our website (referrer);
- the sub-pages that are accessed from the website;
- further technical information about your browser and the end devices you use (e.g. language settings, screen resolution).
Google states that it will not associate your IP address with any other data held by Google.
bb) Google remarketing/retargeting
We use so-called tracking cookies from Google on our website. When you visit our site, information is stored in permanent cookies about which products you have viewed on our site and through which third-party advertisements and pages users access our website. During a subsequent visit to a partner website, we can have personalised advertising displayed for you based on the items you viewed with us.
cc) Google Ads
We use Google Ads, an online advertising programme from Google, on our website. This involves so-called conversion tracking. If you click on an ad placed by Google, a cookie is set. This cookie loses its validity after 30 days and is not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page. Furthermore, the service records the date and time of your visit, your IP address, referrer URL, browser type, browser language, cookie ID, user behaviour, clicked ads, web request.
The data collected using the conversion cookie is used to generate statistics for Ads customers who have opted in to conversion tracking.
dd) Google Tag Manager
This service offers a tag management system. Using Google Tag Manager, tags can be centrally integrated via the user interface. Tags are small pieces of code that track activities. Script code for other tools is integrated via the Google Tag Manager. The Tag Manager can control when certain tags are activated. We use Google Tag Manager for lead generation, network analytics, ensuring a comfortable experience on our website, tag management, website tag management, managing tags and scripts on this website. For this purpose, we do not store any personal data and only use information at an aggregate level to trigger the tags.
Legal basis and revocation
The legal basis for data processing within the scope of the aforementioned Google services is your prior consent pursuant to Art. 6 Clause 1 a) GDPR.
You can revoke your consent at any time with future effect by adjusting your preferences in our consent banner.
ee) Microsoft Advertising (formerly Bing Ads)
We use Microsoft Advertising, an advertising service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “Microsoft USA”) on our website. Our contractual partner is Microsoft Ireland Operations Limited, One Microsoft Place, South County, Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (hereinafter “Microsoft Ireland”), whereby Microsoft USA may act as its order processor. This involves so-called conversion tracking. It cannot be ruled out that information we collect as part of the service may be transmitted to the U.S. According to its own information, Microsoft ensures an appropriate level of data protection via the EU standard contractual clauses. We will provide a copy of the contractual clauses on request. To request these, please contact privacy@solit-group.com.
If you click on an ad served by Microsoft, a cookie will be set and Microsoft will compile statistics on personal information from online identifiers (including cookie identifiers) as well as information about device and browser settings so that Microsoft and we can recognise that users clicked on the ad and which page users were redirected to. This cookie is not used to personally identify users, but – as mentioned – to obtain statistics about our ad placement. However, if you log in via a Microsoft account, Microsoft may know you or be able to draw conclusions about you and process this information for its own purposes. Microsoft is independently responsible for this processing and acts in accordance with its own data protection regulations.
The legal basis for data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR. By giving your consent, you agree to the use described herein, including the transfer of your personal data to Microsoft.
You can revoke your consent at any given time with future effect by deactivating the cookie via your internet browser under User Settings or by adjusting your preferences in our consent banner.
ff) eTracker
We use the eTracker tracking tool from eTracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany, on our website. We use eTracker to evaluate your use of the website, to compile reports on the activities within this website offer and to thus improve user-friendliness.
When eTracker is used, the interactions of website visitors are recorded and systematically evaluated with the help of cookies and a browser fingerprint created specifically for your end device. Details on the cookies used can be found in our consent banner.
The data collected by eTracker is anonymised or pseudonymised as soon as possible. The IP address is shortened and login and device identifiers are converted into a pseudonymous key. A direct reference to a person is therefore generally excluded. The allocation to the called computer or terminal device of the website visitor is no longer possible.
Within the scope of using eTracker, we process the following data:
- information on the end device, operating system and browser used;
- geo-information up to city level;
- the URL called up with the associated page title and optional information on the page content;
- the website from which the accessed individual webpage was reached (referrer site including allocation to search engines and social media sites as well as reading of campaign parameters);
- the subsequent webpages accessed from the accessed website within a single website in the session;
- the length of time spent on the website;
- other interactions (clicks) on the website such as search terms entered, files downloaded, external link views, videos watched, registrations, enquiries, items ordered, etc;
- internet protocol addresses, which are anonymised as soon as possible by default;
- user identifiers: randomly generated values (example: 108bf9a85547edb1108bf9a85547edb1) that can be stored in cookies following user consent;
- device identifiers, if app tracking or app push is used;
- user IDs.
The legal basis for the data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
You can revoke your consent at any time with future effect by adjusting your preferences in our consent banner.
gg) Adjust
We use the Adjust tracking tool from our service provider Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany, in our app. We use Adjust to evaluate your use of the app, to compile reports on the activities within this website offer and thus to control more targeted advertising measures and to improve user-friendliness of our app. When using Adjust, interactions of website visitors are specifically recorded and systematically evaluated.
The legal basis for the data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
You can revoke your consent at any time with future effect by adjusting your preferences in our consent banner. Adjust GmbH is an affiliated company of Adjust Inc., 640 2nd St., San Francisco, CA 94107, USA. It can therefore not be ruled out that no data is transferred to the U.S. during processing. There is no adequacy decision of the EU Commission for data transfers to the U.S. Adjust ensures an adequate level of data protection via the EU standard contractual clauses. We shall provide a copy of the contractual clauses upon request. To request these, please contact privacy@solit-group.com.
hh) LinkedIn Insight Tags
We use the LinkedIn Insight Tags service on our website for analysis, retargeting and marketing purposes. This is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn Ireland”), whereby LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA (hereinafter “LinkedIn USA”), may act as its order processor (hereinafter collectively “LinkedIn”).
- LinkedIn Insight Tags uses cookies to process the following data from you to use our website:
referrer URL; - IP address;
- device information;
- browser information;
- timestamp.
The legal basis for the data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
You can revoke your consent for data processing by LinkedIn for our web domain at any given time with future effect by adjusting your preferences in our consent banner.
Data may be forwarded to LinkedIn USA and processed there as part of the LinkedIn Insight Tags. There is no EU Commission adequacy decision for data transfers to the U.S. According to its own information, LinkedIn ensures an adequate level of data protection via the EU standard contractual clauses approved by the EU Commission. We shall provide a copy of the contractual clauses upon request. To request these, please contact privacy@solit-group.com.
ii) LinkedIn Analytics
We also use an analysis tool provided by LinkedIn. Here, LinkedIn Ireland acts as our contractual partner, whereby LinkedIn USA may act as their order processor. According to its own information, LinkedIn ensures an appropriate level of data protection via the EU standard contractual clauses approved by the EU Commission.
We use LinkedIn’s conversion tracking technology and retargeting function on our website. By means of this technology, visitors to this website can be served personalised advertisements on LinkedIn. Furthermore, it is possible to generate anonymous reports on the performance of the advertisements as well as information on user behaviour on the website. For this purpose, the LinkedIn InsightTag is integrated on this website, which establishes a connection to the LinkedIn server when you visit this website and are logged into your LinkedIn account at the same time.
If you are logged into your LinkedIn account, it cannot be ruled out that LinkedIn can also draw conclusions about you, whereby personal data of the conversion tracking can be linked to the account. In this case, LinkedIn acts as an independent data controller. See LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy for more information on data collection and use, and the options and rights available to protect your privacy. If you are logged into LinkedIn, you can deactivate the data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising.
The legal basis for the data processing is your consent pursuant to Art. 6 Clauses 1 a) GDPR.Your personal data will be deleted after 3 months.
o) External contents
We use dynamic content (“content”) from third parties to optimise the presentation and offer of our website. When visiting the website, a request is automatically forwarded to the server of the respective content provider via an interface, during which certain log data (e.g. the user’s IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there.
We use external content in connection with the following functionalities:
aa) Integration of YouTube videos
We have integrated YouTube videos from YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube”). YouTube is a Google service and therefore Google Ireland is responsible for data processing at YouTube. The aforementioned applies to Google as well as their own data protection guidelines. When playing the videos, it cannot be ruled out that log data will be transmitted to YouTube servers in the U.S.
The legal basis for the processing is your prior consent pursuant to Art. 6 Clause 1 a) GDPR.
bb) Social plug-ins
We may also include other third-party offers on our website, in particular from social media providers (so-called plug-ins). These offers are deactivated by default. The plug-ins are integrated into our website by means of a button with the logo of the respective third-party provider, whereby you activate them by clicking on the corresponding button. As soon as you activate the plug-in by clicking on it, your data is transmitted to the respective third-party provider and they can determine that you are on our website. If you also have an account with the social media provider in question, it can assign information to you and thus track your use of online offers, regardless of whether or not you are logged in with them at the relevant time.
We currently have the following plug-ins installed on our website:
- Facebook;
- YouTube;
- LinkedIn.
cc) Google Fonts
To make the visit to our website attractive, we use the external fonts provided by Google Fonts. These are loaded from Google servers when you visit the website. In doing so, Google does not store any cookies in your browser. However, according to our information, the IP address of the user’s terminal device is transmitted to Google and saved. This processing is based on your prior consent pursuant to Art. 6 Clause 1 a) GDPR. You will be shown standard fonts unless you give your consent via the consent banner.
It cannot be ruled out that a data transfer to Google USA takes place.
dd) Google Maps
We use the Google Maps service provided by Google on our website to provide you with an interactive map. When the map is displayed, data including your IP address and your location are transmitted to Google servers and saved there.
Google Ireland is responsible for data processing at Google Maps. It cannot be ruled out that data may be transferred to Google USA, which may act as an order processor for Google Ireland.
The legal basis for data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
This service offers a translation tool that enables the automatic translation of parts of the website. No tracking takes place through the integration. However, the IP addresses are transmitted, whereby we also ensure that these are shortened.
The legal basis for the data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
p) Social networks in detail
aa) Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Meta”). According to Meta, the data collected is also transferred to the U.S. and other third countries.
We have entered into a Joint Processing Agreement (Controller Addendum) with Meta. This agreement specifies the data processing operations for which we or Meta are responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the U.S. is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
The legal basis for the data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
bb) Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transfer to the U.S. is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For details on how your personal data is handled, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.
The legal basis for the data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
cc) LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the U.S. is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how your personal data is handled, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
The legal basis for the data processing is your consent pursuant to Art. 6 Clauses 1 a) GDPR.
dd) YouTube
We have a profile on YouTube. The provider is Google Ireland, as YouTube is a service of Google. Details on how your personal data is handled can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
The legal basis for the data processing is your consent pursuant to Art. 6 Clause 1 a) GDPR.
6. Data sharing
As explained above, we share your personal data with various recipients:
- Our group companies: a list of our group companies can be found at https://www.solit-kapital.de/solit-gruppe/. Our group companies may use the data for the same purposes as we do. If they act as our processors, we also ensure that the data is only processed as described herein.
- Service providers: as already mentioned under Clause 5 (Data processing), we involve various service providers and use analysis and tracking tools from various service providers. As mentioned above, it is also possible that these service providers use personal data for their own purposes, which is why their own privacy policies are authoritative in this respect. Please inform yourself in particular about the corresponding processing activities of these providers before you give your consent.
- Authorities: we may disclose personal data to supervisory and other regulatory authorities, courts and other authorities if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. These authorities process personal data under their own responsibility.
- Other persons: by this we mean third parties in situations where the inclusion of these third parties arises from the purposes described in this Privacy Policy, e.g. if you acquire joint ownership of certain bullions or you request a corresponding collection.
- As also explained above, certain recipients of your personal data may be located abroad, possibly in a country without adequate legal data protection. If this is the case, we contractually oblige the recipients to comply with the applicable data protection, for which we use the standard contractual clauses adopted by the EU Commission and also accepted by the Swiss Federal Data Protection and Information Commissioner (FDPIC) under certain adaptation conditions, insofar as they are not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on a legal exception.
7. Duration of data storage
We only store personal data for as long as it is necessary for the purposes stated in this Privacy Policy for which it is processed or if you have revoked your consent. Insofar as statutory retention obligations must be observed, the storage period for certain data can be up to 10 years, regardless of the processing purposes; further information can be found under the respective data processing purposes.
8. Your data subject rights
To help you control the processing of your personal data, you have the following rights in connection with our data processing, subject to the applicable data protection law:
- the right to request information from us about whether and which data we process from you;
- the right to have us correct data if it is inaccurate;
- the right to request the deletion of data;
- the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another responsible party;
- the right to withdraw consent insofar as our processing is based on your consent;
- the right to obtain, on request, further information necessary for the exercise of these rights;
- the right to express your point of view in the case of automated individual decisions and to request that the decision be reviewed by a natural person.
If you wish to exercise any of the above rights against us (or against any of our group companies), please contact us via the contact details provided in Clause 2. In order for us to be able to exclude misuse, we must identify you (e.g. with a copy of your identity card, if this is not otherwise possible).
Please note that special conditions, exceptions or restrictions may apply to these rights under applicable data protection law (e.g. to protect third parties or trade secrets). We shall inform you accordingly if necessary. In particular, we need to process and store your personal data in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedom of other data subjects and to safeguard interests worthy of protection, we reserve the right to reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets).
If you do not agree with our handling of your rights or data protection, please let us know by contacting us via the contact details provided in Clauses 2. You also have the right to complain to the data protection supervisory authority in your country; in Switzerland this is the Swiss Federal Data Protection and Information Commissioner (FDPIC).
9. Changes
This Privacy Policy does not form part of any contract and we may amend it at any time. The version published on the https://solit-group.com website is the current version at any given time.
[Last update: June 22th 2023]