Most recent update: 25 May 2018
ThomasLloyd Global Asset Management GmbH (‘ThomasLloyd’, ‘we’, ‘us’, ‘our’) is the operator of the website www.thomas-lloyd.com (‘website’).
According to the EU General Data Protection Regulation (‘GDPR’), personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Accordingly, personal data include data relating personally to you, such as your name, postal address or email address, or all data originating from your use of the website or processed technical data that can be attributed to you, such as IP address, operating system or browser of your end device or your user behaviour collected by so-called cookies.
The controller for collecting and processing your personal data upon your visit to and use of the website www.thomas-lloyd.com is
ThomasLloyd Global Asset Management GmbH
Hanauer Landstr. 291b, 60314 Frankfurt am Main, Germany
You will find further information about ThomasLloyd Global Asset Management GmbH at https://www.thomas-lloyd.com/en/impressum/
2. Data protection officer
If you have questions, concerns or suggestions about data protection regarding the website www.thomas-lloyd.com, you can contact our data protection officer at any time:
c/o ThomasLloyd Global Asset Management (Schweiz) AG
8001 Zurich, Switzerland
You can also exercise your rights as a data subject by contacting the data protection officer. You will find more information on this in section 8.
3. Automatic data processing for visits to our website (purposes of the processing and legal basis)
Visiting our website www.thomas-lloyd.com and using it for purely informational purposes is possible without you having to provide (through registration or transmission in online forms) personal data, such as your name, postal address or email address, or us to collect such personal data.
In order to view our website and use it in a manner that is user friendly, effective, stable and secure, we nevertheless automatically collect and process (pseudonymous) technical data necessary for this purpose in cooperation with your end device and your browser.
3.1. Automatic data processing and processing by the web server
In order to display the individual pages belonging to our website, the following personal data, which are transmitted by your browser, are automatically collected and processed by our web servers:
- IP address of the end device you are using to connect
- name and URL of the file accessed
- date and time of the access
- data volume transmitted
- notification if the filed was successfully accessed
- recognition data (type, version and language) of the browser used and operating system of the end device of yours accessing the page
- URL of the website that referred you to us, if the access occurred through a link, and additionally the search term if the access occurred via a search engine, and
- name of your internet access provider
The legal basis for this data processing is point (b) Article 6(1) GDPR. The data processing is necessary to take steps prior to entering into a
contract in response to a request which you have made, as such steps prior to entering a contract include visiting websites.
The (pseudonymous) technical communication data which are collected and processed to enable the use of the website (to establish a connection) are stored temporarily in so-called server logfiles. We use server logfiles for internal, system-related purposes, especially for technical administration and to guarantee the stability and security of our web servers and website – for example, the stored IP address can be used to identify and track unauthorised or improper attempts to access our web servers. We further use logfiles for statistical purposes to pseudonymously capture and analyse connections to our internet website and its contents and as a basis for designing and optimising our website to be more accessible, user friendly and effective. The legal basis for this processing of server logfiles is point (f) Article 6(1) of the GDPR, which allows the processing of personal data in the scope of our ‘legitimate interests’ in so far as your rights, freedoms or interests are not overridden. Our legitimate interests consist in administering our website easily and securely and in measuring, analysing and improving our website.
When you visit or use our website, we further store so-called cookies on your end device. Cookies are small text files which are saved on your hard drive and assigned to the browser you are using, and which send certain information to the site that placed the cookie (in this case, us). Cookies cannot run programs, infect your end device with viruses or cause any other harm to your end device. They serve solely to make the website more user friendly, effective, stable and secure, which lies in our legitimate interest.
You can adjust your browser settings so that you are notified if cookies are set or to allow cookies only in individual cases, to prevent cookies from being accepted in specific cases or generally and to activate the automatic erasure of cookies upon closing your browser. Deactivating cookies may, however, limit the functionality and offerings of our website.
Our website uses the following kinds of cookies:
- Temporary cookies are automatically deleted when you close your browser. This particularly includes the so-called session cookies. Session cookies store a so-called session ID which allow different requests from your browser to be attributed to the same session. This allows your end device to be recognised if you visit multiple webpages from our website or return to our website before closing your browser.
- Persistent cookies are automatically deleted after a proscribed period of time, which can differ from cookie to cookie. You can delete cookies at any time in the security settings of your browser. Persistent cookies serve to recognise you at your next visit to our website and/or if you return to our website after having closed your browser.
Most of the cookies we use are session cookies. They are automatically deleted after the end of your visit or when you close your browser. The persistent cookies which we use remain stored on your end device until you delete them. These cookies make it possible for us to recognise your browser at your next visit.
Cookies that are necessary for us to carry out the technical communication procedures, for continuous use of our website and/or to make available certain features and offerings of our websites desired by you (for example, logging in to a personal account) are stored on the basis of point (f) Article 6(1) of the GDPR, which allows the processing of personal data in the scope of our ‘legitimate interests’ in so far as your rights, freedoms or interests are not overridden. Our legitimate interests consist in providing our website without technical error and in an optimal form.
3.3. Use of Google Analytics
This website uses Google Analytics, a web analysis service offered by Google, Inc., Mountain View, USA (‘Google’). Google Analytics uses so-called cookies, text files which are stored on your end device and which make it possible to analyse your use of the website. Information generated by the cookies about your use of this website is usually transmitted to a Google server in the United States, where it is stored. If IP anonymisation has been activated on this website, your IP address will nevertheless first be truncated within Member States of the European Union or in other contract states to the agreement on the European Economic Area. Only in exceptional cases is your complete IP address transmitted to a Google server in the United States, where it is then truncated. On behalf of the operator of this website, Google will use this information to analyse your use of this website, prepare reports about activities on the website and to provide further services to the website operator connected to the use of the website and of the internet.
The IP address transmitted by your browser in the framework of Google Analytics will not be linked to other Google data.
You can prevent cookies from being saved to your device by using the corresponding setting in your browser software; we would like to explicitly state, however, that in this case you may not be able to completely use all of this website’s features. You may further prevent the data that is generated by the cookie and the data relating to your use of the website (including your IP address) from being collected or processed by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Alternately, you may prevent Google Analytics from capturing your data by clicking on this link. This sets an opt-out cookie that prevents your data from being collected in the future when you visit this website.
We use Googe Analytics in order to regularly analyse and evaluate the use of our website. The statistics we gain thereby allow us to make our website and its offerings more accessible, user friendly, effective and interesting and to thus to permanently improve and optimise it.
The legal basis for this processing of Google Analytics is point (f) Article 6(1) of the GDPR, which allows the processing of personal data in the scope of our ‘legitimate interests’ in so far as your rights, freedoms or interests are not overridden. Our legitimate interests consist in measuring, analysing and improving our website and our own offerings. In this regard, Google is our processor in accordance with Article 28 GDPR. For exceptional cases in which personal data are transmitted into the United States, Google has declared itself subject to the EU-US Privacy Shield, which you can read here: https://policies.google.com/privacy/frameworks?hl=de.
4. Collecting and processing personal data you have made available (purposes of the processing and legal basis)
Using certain features and offerings of our website, such as the contact form or login to your personal account, makes it necessary to collect and process personal data (with * marked required fields). such as your name or email address. We process such personal data on our website only if you provide that data yourself, in particular in the framework of a registration or an online form.
4.1. Contact form
If you send an inquiry to us via our contact form on our website, we require at least your name and email address (required fields marked with *) in order to process and respond to your request. The legal basis for this data processing is point (b) Article 6(1) GDPR. The data processing is necessary to take steps prior to entering into a
contract in response to a request which you have made, as such steps prior to entering a contract include contact requests.
By voluntarily providing us with further contact information, you make it easier for us to respond to your inquiry and to establish contact with you. The legal basis for this purpose is point (f) Article 6(1) of the GDPR, which allows the processing of personal data in the scope of the controller’s ‘legitimate interest’ in so far as your rights, freedoms or interests are not overridden. Our legitimate interests consist in more easily processing your contact request.
4.2. Logging in to your personal account
You can also log in as a customer to your personal customer account at the website www.thomas-lloyd.com. There you have the opportunity to manage your master data and password, among other things. You can also view, among other thing, your inbox, your contracts and documents awaiting your signature.
4.3. Login to broker account
You can also log in as a broker to your personal customer account at the website www.thomas-lloyd.com. There you have the opportunity to manage your master data and password, among other things. You can also view, among other thing, your inbox, your contracts and documents awaiting your signature.
4.4. Email newsletter
You can further register on our website for our email newsletter in the form provided for this purpose. With your consent, ThomasLloyd Global Asset Management (Schweiz) AG processes the personal data provided to us through the form in order to send you an email newsletter with information about products and events of the ThomasLloyd Group of companies.
Providing your email address is absolutely necessary for us to send you our newsletter. The legal basis for this data processing is point (a) Article 6(1) of the GDPR. We process these data with your consent. You may withdraw the consent you have given at any time and unsubscribe from the email newsletter. This is possible in the link contained in every newsletter, by writing to the contact information given in the imprint or by sending an email to firstname.lastname@example.org.
You can furthermore voluntarily share private data with us to enable us to personally contact you via other modes of contact. The processing of the data voluntarily shared with us by you takes place on the legal basis of sentence 1 point (f) Article 6(1) of the GDPR. According to this provision, processing is allowed when necessary for the purposes of our legitimate interests. Our legitimate interest consists in improving the quality of our advising and being able to contact you more easily if we have questions about your inquiry.
For registration for our newsletter, we use the so-called double opt-in procedure. This means that we send you an email to the email address you provided after you register in which we ask you to confirm that you would like to receive the newsletter. If you do not confirm your registration within [24 hours], your information is automatically deleted. We moreover store your IP address and time of your registration and confirmation, respectively. The purpose of the procedure is to verify your registration and, if necessary, to be able to clarify a possible misuse of your personal data. We moreover store your IP address and time of your registration and confirmation, respectively. The purpose of the procedure is to verify your registration and, if necessary, to be able to clarify a possible misuse of your personal data.
5. Recipients of personal data
The personal data collected by us in the scope of your visit and purely informational use of our website www.thomas-lloyd.com (see section 3.1.), as well as the personal data collected by us in the scope of the use of certain features and offerings of our website, such as the contact form or the login to a personal customer account, are principally not disclosed to other recipients or transferred in any other way. An exception applies to compulsory transfers of personal data to government institutions and authorities, to private rights holders on the basis of legal requirements or decisions of a court or authority, or the necessary disclosure to government institutions and authorities for the purposes of legal action or criminal prosecution in the case of attacks against our legal interests.
In operating our website and delivering and carrying out individual website features and offerings, we nevertheless make partial use of external technical and other service providers, as well as companies within the group, to support us in delivering our services. In so far as necessary, these service providers engaged by us process your personal data in the scope of your respective request in accordance with our instructions regarding the purposes named in this data protection notice. They are contractually obligated to strictly comply with this data protection notice, with valid legal provisions for data protection and our directions (so-called data processor referred to in Article 28 of the GDPR). The same applies for possible subcontractors, to the extent that our data processors use the services of such subcontractors with our previous agreement.
We engage data processors, in particular, to host our website and to process contact form requests.
6. Processing of personal data in ‘third countries’
The personal data collected by us are processed exclusively within the EU and Switzerland. A transfer of personal data into other ‘third countries’, meaning to countries outside of the EU and the EEA, does not take place. For Switzerland, an adequacy decision of the European Commission in accordance with Article 45 of the GDPR exists, which establishes that an adequate level of data protection exists in Switzerland.
7. Period of storage
We generally store your personal data for only as long as is necessary to fulfil the purpose of the respective data processing or if you request that we delete your personal data for other legitimate reasons (see Article 17 of the GDPR). After these storage periods have expired or if you have made a legitimate request for us to delete your data, we assess in each case whether certain personal data is still required for (other) legitimate purposes and, if not, whether other contractual or legal periods for preserving the data do not stand in the way of an erasure of the personal data. In these cases, we will continue to store the pertinent personal data as long as is necessary to fulfil this (other) legitimate purpose or for the period of the respective contractual or legal period for preserving the data. The data will however be made unavailable for other purposes and then permanently deleted after the respective last contractual or legal period for its preservation has expired.
We store the technical communication data contained in the logfiles (see section 3.1.) for purposes of easily and securely administering our website and for measuring, analysing and improving our website for no more than six months.
The session cookies set by us are deleted when you close your browser. We delete the persistent cookies used by us after no more than six months (on cookies, see section 3.2.). The personal data collected by Google Analytics are immediately deleted upon the anonymisation of the IP address (see section 3.3.).
The personal data collected through our contact form (see section 4.1.) are stored by us for six months in order to process and respond to your inquiry and for the case of possible follow-up questions.
The data linked to your customer account/broker account (on this point, see sections 4.2 and 4.3) are stored as long as your user account exists. You can delete your user account at any time by sending us an email at email@example.com or sending a message to the address given in our imprint.
The data collected for purposes of sending out the newsletter (see section 4.4) are stored as long as is necessary for the newsletter to be sent out. If you unsubscribe from the newsletter, your data are deleted.
8. Your rights (rights of data subject)
To the extent that legal conditions in accordance with Article 15 et seq. of the GDPR are given, you have the following rights regarding the personal data stored by us (so-called rights of data subject):
- You have the right to obtain from us at any time confirmation as to whether and what categories of personal data concerning you are stored with us, the purposes for which they are being processed and which recipients or categories of recipients receive these data, if applicable. Furthermore, you have the right to obtain from us the additional information about your personal data referred to in Article 15 of the GDPR (right of access).
- In accordance with legal provisions, you moreover have a right to rectification (Article 16 of the GDPR), a right to erasure (Article 17 of the GDPR) and a right to restriction of processing (for data to be made unavailable) (Article 18 of the GDPR) of your personal data.
- In accordance with Article 20 of the GDPR you further have the right to obtain the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format; you have the right to transmit those data or have them transmitted to another controller (right to data portability).
- You have the right to withdraw the consent you have given at any time.
- You moreover have the right to object to data processing in the case of processing that lies in the legitimate interests of the controller or a third party in accordance with point (f) Article 6(1) of the GDPR where the legal conditions in accordance with Article 21 of the GDPR are given.
To exercise your data subject rights you can contact us at any time at firstname.lastname@example.org.
Additionally, you have the right to lodge a complaint with a supervisory authority for data protection if you are of the opinion that the processing of your personal data breaches data protection law.
9. Data security
We employ comprehensive technical and organisational measures to protect the personal data of yours which we store and process against misuse, accidental or intentional manipulation, loss, access by unauthorised persons and other data security risks. We continually improve our precautions for data security according to developments in technology. The transmission of personal data occurs by means of encryption according to the latest technology.
Our employees are obligated to protect your confidentiality and to comply with the relevant provisions regarding data protection.
We would like to point out that there can be gaps in security for the transmission of data over the internet (for example, through email communication). It is therefore not possible to ensure complete protection against access by third parties.
10. Changes to the data protection notice
We can change this data protection notice at any time to adapt to changed circumstances of fact or of law, and we will publish the most recent version of this data protection notice at this site. You can recognise when this data protection notice was last changed by the indication of date (‘Most recent update’) at the beginning of the notice.