Data protection and data security

Protecting your privacy and your personal data is important to us. We only want to collect personal data relating to you with your knowledge/consent, meaning that we would like to provide you with information below on the data that we may process and the purposes that we use this data for.

Our data privacy information...

  • ... for visitors of our website

    Data privacy Version dated: May 2020

    Protecting the privacy of our customers and business partners is extremely important to us. The data made available to us relating to you as an individual is collected, processed and used in accordance with the statutory provisions. The employees of HANSAINVEST Hanseatische Investment-GmbH (“HANSAINVEST” or “we” for short) will treat the personal data that you make available to us when you visit our website as confidential. Insofar as this is technically possible and reasonable/where it makes sense, services can be used anonymously.

    HANSAINVEST has prepared this data privacy statement to describe how, and for which purposes, which personal data relating to users of the site is collected, processed and used. The data privacy statement also provides an overview of reasonable precautionary measures taken to ensure the security of your personal data.

    What is the purpose and scope of application of this data privacy statement?

    This data privacy statement applies to all personal data that is collected, processed and used by HANSAINVEST when you visit the site. The content of this data privacy statement may be subject to additional conditions or disclaimers or other contractual provisions that you have entered into with HANSAINVEST, such as data privacy statements or customer information, as well as mandatory applicable laws and provisions.

    What information do we collect from you and for what purposes?

    When you visit the site, our web server will automatically record details of your visit (for example your IP address, the website that you are visiting us from, the type of browser software used and the individual sub-pages of the website that you actually access, including the date and duration of your visit).

    In addition, we collect, process and use personal data that you make available via the site, for example if you enter personal details (e.g. name, gender, address, e-mail address, telephone/fax number) on a registration page or if you subscribe to an e-mail newsletter.

    HANSAINVEST collects, processes and uses your personal data:

    • in order to further develop and improve the website
    • for technical administration and development purposes relating to the site
    • for customer and user administration and marketing,
    • in order to provide you with information on our products and services.  

    To whom do we disseminate your information?

    We can disseminate your information to government authorities or institutions, supervisory authorities or other individuals, in each case in accordance with applicable laws, provisions, a court decision or an official enquiry, or in accordance with, and for the purposes of, guidelines of (supervisory) authorities or similar proceedings, where this is necessary or permitted based on the applicable law.

    Which security measures have we implemented in order to protect your information that is collected via the site?

    We have taken the necessary technical and organisational measures to protect your personal data that is collected via the site from unauthorised access, misuse, loss or destruction.

    • All instances of access and attempted access are logged as a preventative security measure.
    • Data will not be disseminated to third parties without the consent of the data subject in the absence of any statutory provisions to the contrary.
    • All employees of HANSAINVEST are subjected to written data secrecy obligations.

    The data protection officer and the internal audit department perform checks on a regular basis to ensure that the data protection provisions are being adhered to.

    How do we handle electronic mail sent to and from HANSAINVEST?

    All electronic mail sent to and from HANSAINVEST is protected - in our systems - by adequate technical and organisational measures and may only be accessed by individuals that are not directly involved in the communication in justified cases and in accordance with applicable laws and provisions (e.g. court decision, suspected criminal behaviour, breach of supervisory law obligations); this information is only accessed by certain individuals in defined functions (e.g. legal, compliance, audit).

    What should you bear in mind when sending data via the Internet?

    The Internet is not considered a safe environment in general, and information sent via the Internet (such as information sent to or from the site or via electronic mail) may be viewed by unauthorised third parties, which may result in the disclosure of the information, the alteration of its content or technical failure. Even if both the sender and the recipient are in the same country, information sent via the Internet may be transmitted across international borders and may be disseminated to a country with a lower level of data protection than in your country of residence.  

    Please note that we assume no responsibility or liability for the security of your information while it is being transmitted to HANSAINVEST via the Internet. In order to protect your privacy, we would like to remind you that you can use other means of communication with HANSAINVEST where you consider this to be appropriate.

    Use and meaning of cookies on our website

    Essential cookies (also functional cookies)

    We use so-called essential (functional) cookies on our website, which are necessary for the operation of the website and enable the use of offered services. These cookies do not contain any personal data and are only used to establish a relation between the user and the data.

    This category of cookies includes the cookie with the name "1frontend", which enables users to use the newsletter, for example. Here user-related content must be assigned to the correct user.
    Another essential cookie is "HI-AntispamQuestion" which is required for the contact form.  This cookie also does not contain any personal data.


    On our website, we use Matomo for range measurement, to improve the website and generate statistics. Matomo is an open source software that we run directly on our server. You need a cookie that is used for identification but do not contain any personal data.
    IP addresses are anonymized (for example: and we consider also the Do-Not-Track standard. The collected data will not be passed on to third parties and will not be used for advertising purposes.
    The data processing for statistical and range measurement purposes takes place in accordance with Art. 6 Para. 1 Letter f) GDPR with the extent that is necessary and appropriate to fulfill our interest in range measurement, taking into account your interest in a visit to this website that is at most confidential and unobserved.

    Third party services

    Google Maps

    We use the Google Maps service on our website. This is designed to make it easier for you to travel and navigate to us. You can find more information on Google’s data privacy provisions here:

    To avoid spam, we cooperate with If you use our contact form, your email address and your IP address will be forwarded for verification purposes to this provider. Your data will not be stored. For more information see the privacy terms of


    We use Matomo to record and analyse visitor data ( This is an open source software package that we host ourselves. This means that no data is transmitted to third parties.

    Collection of personal data on our website

    Basically, the data will only be processed with your approval and strictly for the intended purpose.


    You have the option of subscribing to our newsletter via our website. We need various pieces of personal data for your subscription, as well as a declaration from you stating that you agree to receive the newsletter. In order to provide you with targeted information, we also collect and process publicly available personal data.
    As soon as you have signed up for the newsletter, we will send you a confirmation e-mail with a link that you can use to confirm your subscription.
    You can unsubscribe from the newsletter at any time using a link in the newsletter or using the newsletter settings.

    Contact form

    The personal data that you provide us with in the conctext of the contact request will only be used to answer your request and for the related technical administration.
    In answering your quastions, your data will also be processed by processors on our behalf in individual cases. These have been carefully selected and contractually committed in accordance with Article 28 GDPR.
    All personal data that you send us via the contact form will be deleted or anonymized at the latest 90 days after the final reply.

    Order of the fund reports

    The personal data that you send us in the context of a request regarding our fund reports will only be used to answer your enquiry and for the associated technical administration.
    When processing your request, your data will also be processed by processors on our behalf in individual cases. These have been carefully selected and contractually obliged in accordance with Article 28 GDPR.
    All personal data that you send us when ordering our fund reports will be deleted or anonymized at the latest 90 days after the final reply.

    HANSAINVEST cookie policy

    Version dated: May 2020 We, HANSAINVEST Hanseatische Investment-GmbH, Kapstadtring 8, 22297 Hamburg, Germany (“HANSAINVEST” or “we” for short) use this cookie policy to provide you with information on how we use cookies and similar technology on our website (“site”). You can find further information on how we collect, process and use personal data in our data privacy statement.

    Cookies and similar technology

    If you use our site, we may store a cookie or several cookies - small text files that contain a sequence of alphanumeric characters - on your end device. We use both session cookies and permanent cookies. Session cookies are deleted when you close your Internet browser. Permanent cookies remain saved even after you close your Internet browser and can be used by your Internet browser the next time you visit our site. Your Internet browser may offer various options relating to cookies. Please note that if you either delete cookies or opt to disable cookies, you may not be able to use the functions associated with the services offered via our site in full.

    How we use cookies and similar technology

    We use cookies and automatically collect information in order to:

    1. personalise our site and the services we offer via our site, for example in order to save information relating to you so that you do not have to enter it again while using our site or the next time you use our site  and the services offered via our site;
    2. to prepare anonymized user statistics that helps us to maintain the operation and correct errors.

    How can you exercise user rights?

    If permitted by statutory provisions, you can:

    • request information on whether we collect, process or use your personal data,
    • ask us for a copy of your personal data or
    • ask us to rectify incorrect personal data relating to you.

    You can object to the use of your personal data for marketing purposes, or for market or opinion research.  

    Please do not hesitate to contact us if you have any questions or comments regarding data privacy and your rights referred to above, as well as regarding your right to update or erase your personal data:

    HANSAINVEST Hanseatische Investment-GmbH
    data protection officer
    Kapstadtring 8
    22297 Hamburg

    You can also send an e-mail to:


  • ... for customers and prospective customers

    Who is responsible for data processing and who is my point of contact?

    The controller is:
    HANSAINVEST Hanseatische Investment-GmbH
    Kapstadtring 8
    22297 Hamburg
    Phone: +49 40 300 57-0
    Fax: +49 40 300 57-60 70
    e-mail address:

    You can contact our company data protection officer at:
    HANSAINVEST Hanseatische Investment-GmbH
    Data protection officer
    Kapstadtring 8
    22297 Hamburg
    Phone: +49 40 300 57-0
    e-mail address:

    Which sources and data does HANSAINVEST use?

    We process personal data that we receive from you personally. We also process personal data that we obtained legitimately from publicly available sources (e.g. commercial registers and registers of associations, the press, the Internet, the media) and that we are permitted to process.

    Relevant personal data can include: Surname, first name, address, other contact details (phone, fax, e-mail address), title, position and date of birth.

    In addition, we process data that we received by being provided with a business card and/or as a result of participation in events.

    We also process personal data that we received because, for example, you signed up for our newsletter and granted your prior consent.

    Why does HANSAINVEST process my data (purpose of the processing) and on what legal basis?

    We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

    a) To fulfil contractual obligations (Article 6 (1b) GDPR) We process personal data (Article 4 (2) GDPR) in order to fulfil our obligations arising from information and service contracts, as well as service contracts in which a specific result is agreed upon (Werkverträge), with you or the individual represented by you, or to perform pre-contractual measures.

    b)  Based on the weighing up of interests (Article 6 (1f) GDPR) If necessary, we will continue to process your data even after the actual performance of the agreement in order to safeguard our legitimate interests or those of third parties.

    • Assertion of legal claims and defence in legal disputes;
    • Ensuring IT security and IT operations;
    • Prevention and investigation of criminal offences.

    c) Based on your consent (Article 6 (1a) GDPR) If you have granted us your consent to the processing of personal data for specific purposes (e.g. when you sign up for our newsletter), then this processing is considered to be legal on the basis of your consent pursuant to Article 6 (1a) GDPR. Consent granted can be revoked at any time. This also applies to the revocation of declarations of consent that you submitted to us before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that revocation is only effective for the future and does not affect any processing operations performed in the past.

    Who gets my data?

    Within HANSAINVEST, the departments that gain access to your data are those departments that need the data to fulfil our contractual and statutory obligations. Service providers, vicarious agents and contract data processors (Article 28 GDPR) commissioned by us may also receive data for these purposes if they comply with their statutory obligations and our written data protection law instructions.

    We are only allowed to disseminate information about you if this is permitted or required on the basis of statutory provisions, if you have granted your consent, if we are authorised to issue information, of if contract data processors commissioned by us similarly guarantee adherence to the requirements set out in the General Data Protection Regulation (GDPR/BDSG).

    Will data be transmitted to a third country or an international organisation?

    Your personal data will not be transmitted to a third country (countries outside of the European Economic Area – EEA).

    How long will my data be stored for?

    We process and store your personal data for as long as is necessary in order to fulfil our contractual and statutory obligations. If the data is no longer required in order to fulfil contractual or statutory obligations, it will be erased at regular intervals, unless its – temporary – further processing is required for the following purposes:

    - To comply with commercial and tax law retention periods: examples include the German Commercial Code (Handelsgesetzbuch), the German Tax Code (Abgabenordnung) and the German Money Laundering Act (Geldwäschegesetz). The retention/documentation periods specified in these pieces of legislation amount to between two to ten years.

    - Conservation of evidence as part of the statutes of limitation. In accordance with sections 195 et seq. of the German Civil Code (BGB), these limitation periods can amount to up to 30 years, with the regular limitation period amounting to three years.  

    What are my data protection rights?

    All data subjects have the right to receive information in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR and the right to data portability pursuant to Article 20 GDPR. The right to information and erasure are subject to the limitations set out in sections 34 and 35 BDSG. In addition, there is a right to lodge a complaint with a responsible supervisory authority (Article 77 GDPR in conjunction with section 19 BDSG).

    You can revoke consent you have granted to the processing of personal data vis-à-vis us at any time. This also applies to the revocation of declarations of consent that you submitted to us before the General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that revocation is only effective for the future. Processing operations performed before the revocation are not affected. 

    You have the opportunity to lodge a complaint with the company data protection officer specified above, or to contact a data protection supervisory authority. The supervisory authority responsible is:

    The Officer for Data Protection and Freedom of Information of the City of Hamburg [Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit]

    Am I obliged to provide data?

    As part of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship, or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the agreement or execute the order, or will be forced to cease with the performance of an existing agreement and possibly to terminate it.

    To what extent is automated individual decision-making used?

    In general, we do not use any fully automated decision-making pursuant to Article 22 GDPR to establish or perform the business relationship. Should we use these procedures in individual cases, we will inform you separately where this is required by law.

    To what extent will my data be used for profiling?

    We do not process your data with the aim of automatically evaluating certain personal aspects.