Thank you for showing an interest in our website. Protecting your privacy is very important to us. portagon GmbH takes great care in protecting your data and keeping it confidential. Your personal data are exclusively collected and processed in compliance with the statutory provisions, in particular the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other national data protection laws of the Member States, as well as other data protection laws.
Baseler Str. 10
60329 Frankfurt am Main
Tel: +49 (0) 69 / 2547 413 0
Fax: +49 (0) 69 / 2547 413 90
Directors: Jamal El Mallouki, Johannes Laub
Contact details for the data protection officer
Dr Jörg Buschbaum
Personal data are specific details about the personal or factual circumstances of an identified or identifiable natural person. Examples include your name, address, date of birth, username, password, email address and payment details. Below is an explanation of how we process your personal data.
Provision of the website and creation of log files
You can visit our website at any time without having to register or provide personal details. However, each time you visit our website, our system automatically collects data and information from the computer system of the device you are using.
Description and scope of data processing: The following data are collected automatically when a page is opened:
- browser type and version,
- operating system used,
- the website from which you were referred (referrer URL),
- the website you are visiting,
- the date and time of access,
- your Internet Protocol (IP) address.
The collection of data for the provision of the website and the storage of that data in log files is essential for the website’s operation.
Legal basis for data processing: Article 6(1)(f) GDPR represents the legal basis for temporary storage of data and log files.
Purpose of data processing: The system needs to temporarily store the IP address in order to allow the user’s computer to access the website. For this reason, the user’s IP address must remain stored for the entire session. The purpose of storage in log files is to ensure that the website remains functional and stable. The data also help us to optimise the website and to ensure that our information technology systems remain secure. The data are not assessed for marketing purposes in this context. These purposes also account for our legitimate interests in data processing according to Article 6(1)(f) GDPR.
Storage period: The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. As regards collection of data for the provision of the website, this is the case when the session in question has ended. The data stored in log files will be deleted after three days have elapsed, at the latest.
Contact form and email contact
You are not legally or contractually obliged to provide this personal data, nor it is necessary for the purposes of entering into a contract. You are not obliged to provide us with personal data. However, failure to provide mandatory personal data will prevent us from being able to contact you via the contact form.
Alternatively, you can contact us using the given email address, in which case the user’s personal data that are sent with the email are stored.
Your data will not be passed on to third parties.
Legal basis for data processing: Your consent provides the legal basis for processing of the data that are sent via the contact form (Article 6(1)(a) GDPR). The legal basis for processing of the data that are sent in the course of submitting an email is Article 6(1)(f) GDPR. Our legitimate interest lies in responding to the sender’s contact request. If the email contact is for the purpose of entering into a contract, an additional legal basis for the processing is Article 6(1)(b) GDPR.
Purpose of data processing: Personal data from the input screen or from an email are processed solely in order to help us process the contact request.
Storage period: The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. As regards the personal data from the contact form input screen and those sent by email, this is the case when the respective conversation with you has ended. The conversation is over when it is clear from the circumstances that the situation in question has been fully resolved. This does not apply if deletion would breach legal or contractual obligations, in particular regarding retention periods.
Participation in the Partner Programme
Description and scope of data processing: You can register for our Partner Programme via our website. We will receive and process the data requested via the registration screen. At the time of registration, the system also automatically collects and saves the date and time of your registration in order to record the confirmation of the inclusion of portagon’s Terms and Conditions in the partner contract.
During the Partner Programme, we will also process the following data pertaining to you:
- Bank details
- Partner status
- Date of completion of portagon training courses
- Number of contacts provided, details of contacts provided (names, contact details of potential customers, additional information provided)
- Commission paid out, outstanding commission claims.
Legal basis for data processing: Data processing as part of registration and under an existing partner contract is required to create and execute the partner contract between you and portagon. The legal basis for data processing is therefore letter (b) of the second sentence of Article 6(1) GDPR. We also process the system data relating to your registration on the basis of letter (f) of the first sentence of Article 6(1) GDPR. Our legitimate interest lies in maintaining the functionality and security of the website and our IT systems.
Purpose of data processing: Data processing serves to establish and fulfil the partner contract between you and ourselves and – with regard to the data collected automatically by the system – to ensure that the website and our IT systems remain secure and functional.
Storage period: If you choose not to enter into a partner contract after registering, we will delete the data collected from you via the registration screen within six months of your decision to reject the partner contract. If a partner contract exists, the data are retained for as long as is necessary to create, fulfil and process the partner contract, i.e. at least for the duration of the partner contract. After termination of the partner contract, the data will be deleted if deletion does not breach legal retention obligations such as those in the German Commercial Code and the German Fiscal Code. These legal obligations provide for a retention period of six or ten years.
Data obtained by portagon through a partner referral
Description and scope of data processing: We receive contact data of interested parties and potential customers from partners. Depending on which data you, as an interested party/potential customer, have provided to a partner, this may include:
- Name of your company
- Contact details (name, email address, telephone number, company address)
- Amount of capital required
- Planned use for the capital
- Partner’s assessment of the interested party/potential customer’s understanding of crowdinvesting
- Confirmation that a demo/on-site appointment has been carried out
- Name of the referring partner
- Signed consent form for data processing.
Legal basis for data processing: By signing a relevant declaration from us, you have given your consent to the referring partner to be contacted and for your data to be processed as described. The legal basis is therefore letter (a) of the first sentence of Article 6(1) GDPR. If the contact process is also used to establish a contract between you and ourselves and to implement the relevant pre-contractual measures, letter (b) of the first sentence of Article 6(1) GDPR provides an additional legal basis for data processing.
Purpose of data processing: The purpose of data processing is to fulfil your request for information about portagon’s offers and services and possible use of our services.
Storage period: We will store your data until you withdraw your consent to being contacted by portagon. In the event of withdrawal, we will block your contact details if you no longer wish us to contact you. If you do not enter into a contract with portagon and we have no contact with you for over 18 months, we will delete your data.
Legal basis for data processing: The legal basis for the processing of personal data is the implementation of pre-contractual measures required to establish an employment relationship and, provided that you enter into an employment relationship with us, the establishment and implementation thereof in accordance with Article 6(1)(b) GDPR. Should the specific categories of data be communicated voluntarily, they will be processed on the basis of Article 9(2)(a) GDPR.
Purpose of data processing: The processing of personal data assists the application and personnel selection processes and is used to establish and realise any employment relationships.
Storage period: If we unfortunately have to reject your application, we will delete your data no later than six months after doing so. If an employment relationship is established, we will store personal data for at least the duration of the existing employment relationship and for any legal retention periods (e.g. from the Working Time Act) or contractual retention periods (e.g. when using a company pension scheme as a form of deferred compensation while in receipt of the benefits) that extend beyond this. Data that are no longer necessary for the respective purpose will be deleted immediately.
Admission to the talent pool: If you cannot be offered a suitable position at the time of your application, the data that you have provided and submitted during the application process may still be collected, processed and used in the talent pool even after the process is complete. We do this so that we can contact you for professional purposes and potentially consider you for a future appointment. Your explicit consent is required to use your data in this way.
Storage period of data in the talent pool: If you expressly wish to be included in our talent pool, we will store your data until further notice, but for no longer than 12 months. After this period expires, your data will be deleted automatically and you will not receive a separate notification about this.
Use of strictly necessary cookies
You can change your browser settings so that you are informed about the placement of cookies and can decide whether to accept each of them or to refuse certain cookies or all cookies. Our website’s functionality may be restricted if you do not accept cookies. The following links show you how to change the settings in the following popular browsers:
Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Legal basis for data processing: If personal data are processed using cookies, the legal basis is Article 6(1)(f) GDPR.
The user data collected by cookies are not used to create user profiles.
Storage period: “Transient cookies” are automatically deleted when you close the browser. These include session cookies in particular. They save a “session ID”, which can be used to assign various queries from your browser to the shared session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser. Permanent cookies are automatically deleted after a specific period of time, which may vary depending on the cookie. You can delete cookies in your browser’s security settings at any time.
Our website uses the consent technology of ConsentManager to obtain your consent to store certain cookies on your device or to use certain technologies and to record these in compliance with data protection regulations. This technology is provided by Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter referred to as “ConsentManager”).
Use of Google Analytics
|_ga||Contains a randomly generated user ID to map the data relating to the website’s use by recurring visitors and to collate data from previous visits||2 years|
|_gat||Prevention of data transfers during use||1 day|
|_gid||Contains a randomly generated user ID to map the data relating to the website’s use by recurring visitors and to collate data from previous visits||1 day|
The information generated by the cookies, such as the time, location and frequency of your visits to the website, including your IP address, is sent to Google and stored there. This website uses Google Analytics with the extension “_gat._anonymizeIp”, which means that Google truncates your IP address in Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser through Google Analytics is not combined with other data from Google, according to information provided by the latter. On behalf of this website’s operator, Google will use this information to evaluate your use of the website, compile reports on website activities and provide the website operator with other services related to use of the website and the Internet. Google may also transfer this information to third parties if this is required by law or if third parties process this data on Google’s behalf.
You can block the storage of cookies by adjusting your browser software settings. However, we should point out that doing so may prevent you from using all of the features on this website to their fullest extent.
Legal basis for data processing: The legal basis for the use of Google Analytics is your consent (Article 6(1)(a) GDPR).
Purpose of data processing: The purpose of data processing is to analyse the behaviour of our users anonymously and to improve our website on the basis of these findings.
Use of Google Dynamic Remarketing
Google uses the following cookies for this purpose:
|IDE||Google (DoubleClick)||Contains a randomly generated user ID to recognise visitors across different websites and to show personalised advertising||1 Year|
|test_cookie||Google (DoubleClick)||Test of whether the user’s browser allows cookies to be enabled||15 minutes|
|ads/ga audiences||Google (AdWords)||Used to re-engage visitors who might switch to the customer’s website based on their online behaviour||Session|
You can disable personalised advertisements from Google via your device settings. Go to https://support.google.com/ads/answer/1660762#mob for instructions on how to do this. More information about privacy related to personalised advertisements can be found at https://support.google.com/adspolicy/answer/143465.
Legal basis for data processing: The legal basis for the use of Google Analytics is your consent (Article 6(1)(a) GDPR).
Purpose of data processing: The purpose of the data processing is to show visitors to our website targeted ads that reflect their interests.
Storage period: 14 months
Use of HubSpot
Description and scope of data processing: On our website, we use a customer relationship management system provided by HubSpot Germany GmbH (c/o Design Offices, Koppenstraße 93, 10243 Berlin, Germany), hereinafter referred to as “HubSpot”.
|_hstc||HubSpot||Contains the domain, user token, timestamps of first, last, and current visits, current session count||13 months|
|hupspotutk||HubSpot||Records user identities when using web forms to de-duplicate contacts||13 months|
|_hssc||HubSpot||Tracks sessions and contains the domain, the number of page views per session and session start timestamps to determine whether the session count and timestamps in the _hstc cookie need to be increased||30 minutes|
|_hssrc||HubSpot||Identifying browser session restarts||Session|
|_ptq.gif||HubSpot||Recording of devices and marketing channels used by users||Session|
The information generated by these cookies and web beacons, such as the time, location and frequency of your visit to the website, including your IP address and the pages accessed, is sent to HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) and stored there. HubSpot also reserves the right to forward data to other HubSpot Group companies.
Furthermore, HubSpot collects the data you enter when you fill out information request and appointment coordination forms (except if you use the aforementioned contact form or the email contact) or you agree to receive marketing communications via email (newsletters and automated emails, e.g. providing downloads).
HubSpot will use this information to evaluate your use of our website, compile reports on website activities for us and provide other services related to use of the website and the Internet. HubSpot may also transfer this information to third parties if this is required by law or if third parties process this data on HubSpot’s behalf.
The companies in the HubSpot Group are subject to the standard contractual clauses.
If you generally do not wish for your data to be collected by HubSpot, you can disable the storage of cookies at any time via your browser settings.
Legal basis for data processing: The legal basis for the use of HubSpot’s cookies and web beacons is your consent (Article 6(1)(a) GDPR).
Purpose of data processing: The purpose of data processing is to improve our website and to provide users with targeted email marketing communications.
Storage period: The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. As regards the personal data from forms and data sent via email in connection with email marketing communications, this is the case when the respective conversation with you has ended. The conversation is over when it is clear from the circumstances that the situation in question has been fully resolved or the user’s subscription has been deactivated. This does not apply if deletion would breach legal or contractual obligations, in particular regarding retention periods.
Use of Demodesk
Scope of processing of personal data
The following personal data will be processed by Demodesk:
- Desired appointment
- Email address
- Phone number
- Contract billing and payment data
- Technical data (session URL, screen resolution, etc.)
- Audio and video transmissions
- Personal calendar data (e.g. data concerning the host and guest)
You can find more information about data processing by Demodesk here: https://demodesk.com/legal/privacy-policy
Provision of your personal data is voluntary. However, if you do not provide us with the data marked as mandatory, we will not be able to offer you the aforementioned services and, in particular, we will not be able to hold video conferences using the tool. If you would prefer not to schedule appointments with us via Demodesk, you can contact us by email or phone.
Purposes of data processing
The use of Demodesk is intended to allow interested parties and existing customers to book an appointment online for a presentation of our product and to receive a product demo via video conference.
Legal basis for the processing of personal data
The legal basis for data processing is letter f) of the first sentence of Article 6(1) GDPR. Our legitimate interest lies in the purposes for data processing listed under point 2. If we enter into a contract with you, the legal basis for the processing of your data is letter (b) of the first sentence of Article 6(1) GDPR.
If you do not enter into a contract with us, we will store your data for a maximum of 6 months after the scheduled appointment. If you do enter into a contract with us, we will store your data for the duration of the contractual relationship.
Use of Meta Pixel (formerly Facebook Pixel)
We use the Meta Pixel (Facebook Pixel) service on our website.
The legal basis is letter (a) of the first sentence of Article 6(1) GDPR (consent).
If you are registered with Facebook, you can change your ad settings at https://en-gb.facebook.com/ads/settings.
If you are not a Facebook user, you can generally manage your usage-based online advertising preferences at https://www.youronlinechoices.com/uk/your-ad-choices. This gives you the option of deactivating or activating the services of various providers.
Shared responsibility: We share responsibility with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) for collecting and transferring data as part of this process.
The contact details for the company and the Facebook data protection officer can be found here: https://www.facebook.com/about/privacy. Our contact details can be found at the following link: https://www.portagon.com/en/legal-notice/
You can exercise your rights as a data subject against Facebook or against us.
Further information, in particular about how Facebook processes personal data, including its legal basis, and further information about the rights of data subjects can be found here: https://www.facebook.com/about/privacy. We transfer the data under joint responsibility on the basis of the legitimate interest pursuant to Article 6(1)(f) GDPR.
Information about the data security terms can be found here: https://www.facebook.com/legal/terms/data_security_terms and information about processing based on standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
We pass on the data collected for processing to the respective internal offices as well as to other affiliated companies or external service providers depending on the required purposes (display of ads and analysis). Platform/hosting service providers receive access to personal data from a third country (countries outside the European Economic Area). Standard contractual clauses have been agreed with these service providers as an appropriate safeguard pursuant to Article 46 GDPR. Further information about this can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.
Meta Pixel can be disabled at https://www.portagon.com/#cmpscreen and for logged-in users at https://www.facebook.com/settings/?tab=ads#. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Duration of cookies: up to 180 days after the last interaction (this applies only to cookies enabled through this website).
Using Google Tag Manager
Use of the Smartlook tracking tool
You can disable Smartlook data collection by clicking the following link: https://www.smartlook.com/de/opt-out
Use of the newsletter distribution tool SendinBlue
This website uses SendinBlue to send newsletters. The provider is SendinBlue SAS, 55 rue d’Amsterdam, 75008 Paris, France. SendinBlue is a service that can be used to organise and analyse newsletter distribution. The data you enter for receipt of the newsletter (e.g. email address) are stored on SendinBlue’s servers.
Our newsletters, sent with SendinBlue, enable us to analyse the behaviour of our newsletter recipients. Among other things, it is possible to analyse how many recipients have opened the newsletter message and how often each link in the newsletter has been clicked. All the links in the email are tracking links that can be used to count your clicks.
If you do not want SendinBlue to analyse your data, you must unsubscribe from the newsletter. We provide an unsubscribe link in every newsletter message. You can also revoke your consent at any time, effective going forward, by sending an email to the address given in our legal notice.
We will store the data you have provided to us for receipt of the newsletter until you unsubscribe from the newsletter. After you have unsubscribed from the newsletter, your data will be deleted from our servers and from SendinBlue’s servers. Data that have been stored by us for other purposes (e.g. email addresses for the members’ area) will remain unaffected.
Our Facebook pages
Whenever you use our Facebook page, Facebook Inc., Menlo Park, USA (“Facebook”) collects, processes and uses personal data for profiling purposes whether you have a Facebook account or not. Facebook also provides us with evaluations of how our Facebook page is being used, in anonymised form. These include the following evaluations in particular:
Overview: Number of “likes” for the page: The total and new “likes” for the Facebook page; post reach: The total number of individuals who have visited the Facebook page and seen its posts; interaction: The total number of individuals who have interacted with the Facebook page, broken down by interaction type.
Number of “likes”: Number of “likes” for the page: The total number of “likes” for each day, for a period of 28 days; “number of ‘likes’ (net)”: The number of new “likes” after deducting the removed “likes”; the location of the individuals liking the Facebook page: Here you can see how often the Facebook page has been liked, broken down by the origin of the “likes”.
Reach: Post reach: The number of people who saw a post, broken down by paid and organic reach; number of “likes”, comments and shared content; hidden posts reported as spam, “unlikes”: Negative interactions that reduce the number of people reached; total reach: The number of people who viewed a specific activity on the Facebook page.
Visits: Page and tab views: Specifies how often each tab on a Facebook page was viewed; external references: Indicates how often people visited the Facebook page from a website outside of Facebook.
Posts: When Facebook page fans are online: Shows when the people who like the Facebook page are on Facebook; types of post: Shows the success of each type of post based on average reach and interaction; the most popular posts from pages we monitor: Shows interactions with posts from the pages we monitor.
Video: Video views: How many times the videos on the Facebook page were viewed for more than 3 seconds; 30-second views: How many times the videos on the Facebook page were viewed for more than 30 seconds. If the video is shorter than 30 seconds, this counts the people who viewed at least 97% of the video; top videos: The videos on the Facebook page which have been viewed the most, for at least 3 seconds.
People: Facebook page fans: Shows information about the people who like the Facebook page: Gender, age, place of residence and language; persons reached: Shows the people who have viewed a post in the last 28 days; persons interacting: Shows the people (anonymised) who have liked, commented on or shared posts or interacted on the Facebook page within the last 28 days.
When you visit our Facebook page, we and Facebook are jointly responsible for the data processing operations triggered during your visit. In principle, you can assert your rights (of access, rectification, deletion and restriction of processing, and to data portability and to lodge a complaint) against us and against Facebook. We have entered into an agreement with Facebook to share responsibility for data processing (Controller Addendum). This agreement defines the data processing operations that we and/or Facebook are responsible for when you visit our Facebook page. You can view this agreement by visiting the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can change your advertising settings yourself via your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
For information about which data Facebook collects from you, refer to Facebook’s Data Policy, namely the “What kinds of information do we collect?” section https://www.facebook.com/privacy/explanation.
For more information, see https://www.facebook.com/business/a/page/page-insights.
Transfer of personal data
portagon GmbH will not share your data with third parties unless you have given your express consent to such disclosure beforehand or the transfer is required or permitted by law. The exception to this is portagon GmbH’s service partners, which are required to execute the contractual relationship and have been commissioned by us to process personal data in accordance with our instructions under an order processing contract. portagon GmbH will not sell your data to third parties or otherwise pass it on to third parties for advertising purposes. portagon GmbH employees are obliged to maintain confidentiality and to comply with data protection regulations.
Automated decision-making, including profiling
Automated decision-making, including profiling, does not take place.
Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
Right of access: According to Article 15 GDPR, you have the right to request information about your personal data that are being processed by us; in particular, you may request information about the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom your personal data have been or will be disclosed, the envisaged period for which your personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing or to object to such processing, the existence of the right to lodge a complaint, the source of your data, where the personal data are not collected by us, and about the existence of automated decision-making, including profiling, and any meaningful information about the details thereof.
Right to rectification: Under Article 16 GDPR, you have the right to obtain, without undue delay, the rectification or completion of inaccurate personal data stored by us.
Right to erasure: Under Article 17 GDPR, you have the right to have your personal data that we store erased, provided that processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Right to restriction: Under Article 18 GDPR, you have the right to restrict processing of your personal data, provided that one of the following applies: you contest the accuracy of your personal data, the processing is unlawful and you oppose the erasure of the data, we no longer need the data but you require it for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR.
Right to data portability: Under Article 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request transmission of those data to another controller.
Right to lodge a complaint: Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority for your habitual place of residence, your place of work or our registered office for this purpose. In this instance, the competent supervisory authority is: the Hessian Data Protection Commissioner.
Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing purposes.
Right of withdrawal: You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before withdrawal. You can submit a withdrawal of consent to the email address provided during registration/ordering or to email@example.com or by post using the address given above.
Security of data transfer
We employ the widely used Secure Socket Layer (SSL) process in conjunction with the highest encryption level supported by your browser during your visit to the website. This is usually 256-bit encryption. As soon as encryption is activated, the address bar of the browser turns green.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. All of our employees who may come into contact with personal data give a written undertaking that they will comply with data protection regulations and keep themselves informed about the legal requirements.
Last updated: March 2022