Data Protection
Thank you for showing an interest in our website. Protecting your privacy is very important to us. portagon GmbH takes great care in protecting your data and keeping it confidential. Your personal data are exclusively collected and processed in compliance with the statutory provisions, in particular the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other national data protection laws of the Member States, as well as other data protection laws.
portagon GmbH
Bleidenstraße 6
60311 Frankfurt am Main
www.portagon.com
kontakt@portagon.com
Tel: +49 (0) 69 / 710 403 19
Fax: +49 (0) 69 / 505 027 103
Managing Directors: Jamal El Mallouki, Johannes Laub
Contact Details for the Data Protection Officer
Dr. Jörg Buschbaum
datenschutz@portagon.com
Personal Data
Personal data are specific details about the personal or factual circumstances of an identified or identifiable natural person. Examples include your name, address, date of birth, username, password, email address and payment details. Below is an explanation of how we process your personal data.
Provision of the Website and Creation of Log Files
You can visit our website at any time without having to register or provide personal details. However, each time you visit our website, our system automatically collects data and information from the computer system of the device you are using.
Description and Scope of Data Processing
The following data are collected automatically when a page is opened:
- Browser type and version
- Operating system used
- The website from which you were referred (referrer URL)
- The website you are visiting
- The date and time of access
- Your Internet Protocol (IP) address
The collection of data for the provision of the website and the storage of that data in log files is essential for the website’s operation.
Legal Basis for Data Processing
Article 6(1)(f) GDPR represents the legal basis for temporary storage of data and log files.
Purpose of data processing
The system needs to temporarily store the IP address in order to allow the user’s computer to access the website. For this reason, the user’s IP address must remain stored for the entire session. The purpose of storage in log files is to ensure that the website remains functional and stable. The data also help us to optimise the website and to ensure that our information technology systems remain secure. The data are not assessed for marketing purposes in this context. These purposes also account for our legitimate interests in data processing according to Article 6(1)(f) GDPR.
Storage Period
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. As regards collection of data for the provision of the website, this is the case when the session in question has ended. The data stored in log files will be deleted after three days have elapsed, at the latest.
Contact Form and Email Contact
Description and Scope of Data Processing
By sending a contact request via our contact form, the data entered in the input screen will be sent to us and stored. Your consent to processing of the data is obtained in the process of sending a contact request, and you will be referred to this privacy policy.
You are not legally or contractually obliged to provide this personal data, nor it is necessary for the purposes of entering into a contract. You are not obliged to provide us with personal data. However, failure to provide mandatory personal data will prevent us from being able to contact you via the contact form.
Alternatively, you can contact us using the given email address, in which case the user’s personal data that are sent with the email are stored.
Your data will not be passed on to third parties.
Legal Basis for Data Processing
Your consent provides the legal basis for processing of the data that are sent via the contact form (Article 6(1)(a) GDPR). The legal basis for processing of the data that are sent in the course of submitting an email is Article 6(1)(f) GDPR. Our legitimate interest lies in responding to the sender’s contact request. If the email contact is for the purpose of entering into a contract, an additional legal basis for the processing is Article 6(1)(b) GDPR.
Purpose of Data Processing
Personal data from the input screen or from an email are processed solely in order to help us process the contact request.
Storage Period
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. As regards the personal data from the contact form input screen and those sent by email, this is the case when the respective conversation with you has ended. The conversation is over when it is clear from the circumstances that the situation in question has been fully resolved. This does not apply if deletion would breach legal or contractual obligations, in particular regarding retention periods.
Participation in the Partner Programme
Description and Scope of Data Processing
You can register for our Partner Programme via our website. We will receive and process the data requested via the registration screen. At the time of registration, the system also automatically collects and saves the date and time of your registration in order to record the confirmation of the inclusion of portagon’s Terms and Conditions in the partner contract.
During the Partner Programme, we will also process the following data pertaining to you:
- Bank details
- Partner status
- Date of completion of portagon training courses
- Number of contacts provided, details of contacts provided (names, contact details of potential customers, additional information provided)
- Commission paid out, outstanding commission claims
Legal Basis for Data Processing
Data processing as part of registration and under an existing partner contract is required to create and execute the partner contract between you and portagon. The legal basis for data processing is therefore letter (b) of the second sentence of Article 6(1) GDPR. We also process the system data relating to your registration on the basis of letter (f) of the first sentence of Article 6(1) GDPR. Our legitimate interest lies in maintaining the functionality and security of the website and our IT systems.
Purpose of Data Processing
Data processing serves to establish and fulfil the partner contract between you and ourselves and – with regard to the data collected automatically by the system – to ensure that the website and our IT systems remain secure and functional.
Storage Period
If you choose not to enter into a partner contract after registering, we will delete the data collected from you via the registration screen within six months of your decision to reject the partner contract. If a partner contract exists, the data are retained for as long as is necessary to create, fulfil and process the partner contract, i.e. at least for the duration of the partner contract. After termination of the partner contract, the data will be deleted if deletion does not breach legal retention obligations such as those in the German Commercial Code and the German Fiscal Code. These legal obligations provide for a retention period of six or ten years.
Data Obtained by portagon through a Partner Referral
Description and Scope of Data Processing
We receive contact data of interested parties and potential customers from partners. Depending on which data you, as an interested party/potential customer, have provided to a partner, this may include:
- Name of your company
- Contact details (name, email address, telephone number, company address)
- Amount of capital required
- Planned use for the capital
- Partner’s assessment of the interested party/potential customer’s understanding of crowdinvesting
Confirmation that a demo/on-site appointment has been carried out - Name of the referring partner
- Signed consent form for data processing
Legal Basis for Data Processing
By signing a relevant declaration from us, you have given your consent to the referring partner to be contacted and for your data to be processed as described. The legal basis is therefore letter (a) of the first sentence of Article 6(1) GDPR. If the contact process is also used to establish a contract between you and ourselves and to implement the relevant pre-contractual measures, letter (b) of the first sentence of Article 6(1) GDPR provides an additional legal basis for data processing.
Purpose of Data Processing
The purpose of data processing is to fulfil your request for information about portagon’s offers and services and possible use of our services.
Storage Period
We will store your data until you withdraw your consent to being contacted by portagon. In the event of withdrawal, we will block your contact details if you no longer wish us to contact you. If you do not enter into a contract with portagon and we have no contact with you for over 18 months, we will delete your data.
Application Procedure
Description and Scope of Data Processing
You can apply online via our website. When you send the application form, the data entered in the input screen and any attachments (e.g. CV) are sent to us, saved and processed. Depending on your details, these may also include a special category of personal data within the meaning of Article 9(1) GDPR (e.g. information on any existing severe disability). We use the applicant management system Recruitee, a service provided by Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, the Netherlands (“Recruitee”) to organise and process the applications. For this purpose, your personal data will be stored and processed on servers in the Netherlands. Recruitee has been carefully selected and considers compliance with applicable data protection regulations to be a high priority. Recruitee processes your personal data on the basis of an order processing contract with us. Recruitee may only process the data in line with our instructions and not for its own purposes. You can find more information about Recruitee’s privacy policy here.
Legal Basis for Data Processing
The legal basis for the processing of personal data is the implementation of pre-contractual measures required to establish an employment relationship and, provided that you enter into an employment relationship with us, the establishment and implementation thereof in accordance with Article 6(1)(b) GDPR. Should the specific categories of data be communicated voluntarily, they will be processed on the basis of Article 9(2)(a) GDPR.
Purpose of Data Processing
The processing of personal data assists the application and personnel selection processes and is used to establish and realise any employment relationships.
Storage Period
If we unfortunately have to reject your application, we will delete your data no later than six months after doing so. If an employment relationship is established, we will store personal data for at least the duration of the existing employment relationship and for any legal retention periods (e.g. from the Working Time Act) or contractual retention periods (e.g. when using a company pension scheme as a form of deferred compensation while in receipt of the benefits) that extend beyond this. Data that are no longer necessary for the respective purpose will be deleted immediately.
Admission to the Talent Pool
If you cannot be offered a suitable position at the time of your application, the data that you have provided and submitted during the application process may still be collected, processed and used in the talent pool even after the process is complete. We do this so that we can contact you for professional purposes and potentially consider you for a future appointment. Your explicit consent is required to use your data in this way.
Storage Period of Data in the Talent Pool
If you expressly wish to be included in our talent pool, we will store your data until further notice, but for no longer than 12 months. After this period expires, your data will be deleted automatically and you will not receive a separate notification about this.
Indeed
You can also apply to us via Indeed. To enable the “Apply via Indeed” feature, your personal user data must be processed by Indeed Ireland Operations Limited, 124 St. Stephen’s Green, Dublin 2, Ireland (referred to here as “Indeed”). If you apply for one of our vacancies via the Indeed portal, Indeed will collect your CV and other application documents and information that you provide voluntarily. This data will be made available to us for checking. You can therefore share your data stored at Indeed with us and, for example, make the CV you uploaded to Indeed available to us. To enable you to use this function, we have included an “Apply via Indeed button” on our careers website. Even if you do not use this function, Indeed will process personal data because your IP address needs to be provided to Indeed to enable the button to be displayed. Indeed may also use cookies. You can find more information about Indeed’s terms of use here and you can find Indeed’s privacy policy here.
Cookies – Use of Strictly Necessary Cookies
Description and Scope of Data Processing
We use cookies on various pages to make our website attractive and to enable certain functions. These are small text files that are stored on your device.
You can change your browser settings so that you are informed about the placement of cookies and can decide whether to accept each of them or to refuse certain cookies or all cookies. Our website’s functionality may be restricted if you do not accept cookies. The following links show you how to change the settings in the following popular browsers:
Legal Basis for Data Processing
If personal data are processed using cookies, the legal basis is Article 6(1)(f) GDPR.
Purpose of Data Processing
The processing is designed to make our website attractive to visitors and to enable certain functions. Some of the functions on our website are not available without the use of cookies. These require the browser to be recognised even after you click through to a different page.
The user data collected by cookies are not used to create user profiles.
Storage Period
“Transient cookies” are automatically deleted when you close the browser. These include session cookies in particular. They save a “session ID”, which can be used to assign various queries from your browser to the shared session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser. Permanent cookies are automatically deleted after a specific period of time, which may vary depending on the cookie. You can delete cookies in your browser’s security settings at any time.
Consent to the Use of Cookies that are not Strictly Necessary
Our website uses the consent technology of Usercentrics to obtain your consent to store certain cookies on your device or to use certain technologies and to record these in compliance with data protection regulations. This technology is provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).
When you access our website, a connection is made to the Usercentrics servers to obtain your consent and other declarations regarding the use of cookies. Usercentrics then saves a cookie in your browser so that it can assign the given or withdrawn consent to you. The data collected in this way will be stored until you ask us to delete it, you delete the Usercentrics provider cookie yourself or otherwise the reason for storing the data ceases to apply. Mandatory legal retention obligations remain unaffected.
Usercentrics is used to obtain the legally required consent to the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.
Use of Google Analytics
Description and Scope of Data Processing
Provided that you have given us your consent, we use Google Analytics, a web analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”), on our website. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonym user ID and thus analyse a user’s activities across different devices. Google Analytics uses cookies – text files which are stored on your computer and which enable analysis of your use of the website. This includes the following cookies in particular:
| Name | Provider | Provider | Use time |
| _ga | Contains a randomly generated user ID to map the data relating to the website’s use by recurring visitors and to collate data from previous visits | 2 years | |
| _gat | Prevention of data transfers during use | 1 day | |
| _gid | Contains a randomly generated user ID to map the data relating to the website’s use by recurring visitors and to collate data from previous visits | 1 day |
The information generated by the cookies, such as the time, location and frequency of your visits to the website, including your IP address, is sent to Google and stored there. This website uses Google Analytics with the extension “_gat._anonymizeIp”, which means that Google truncates your IP address in Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser through Google Analytics is not combined with other data from Google, according to information provided by the latter. On behalf of this website’s operator, Google will use this information to evaluate your use of the website, compile reports on website activities and provide the website operator with other services related to use of the website and the Internet. Google may also transfer this information to third parties if this is required by law or if third parties process this data on Google’s behalf.
You can block the storage of cookies by adjusting your browser software settings. However, we should point out that doing so may prevent you from using all of the features on this website to their fullest extent.
Google also offers a deactivation add-on for the most popular browsers, which gives you more control over which data Google will collect concerning the websites you visit. The add-on informs Google Analytics’ JavaScript (ga.js) that no information about website visits should be sent to Google Analytics. However, the Google Analytics deactivation add-on for browsers does not prevent information from being sent to us or to other web analysis services that we may use. For more information about installing the browser add-on, please click on the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Opt-out cookies prevent your data from being collected when you visit this website in future. To prevent data from being collected by Universal Analytics across different devices, you must opt out on all systems used.
Legal Basis for Data Processing
The legal basis for the use of Google Analytics is your consent (Article 6(1)(a) GDPR).
Purpose of Data Processing
The purpose of data processing is to analyse the behaviour of our users anonymously and to improve our website on the basis of these findings.
Storage Period
The data provided by us and linked to cookies, user IDs or advertising IDs will be automatically deleted after 14 months. Data for which the retention period has expired are automatically deleted once a month. For more information on terms of use and privacy, visit https://www.google.com/analytics/terms/gb.html and https://policies.google.com/privacy?hl=gb&gl=gb.
Use of Google Dynamic Remarketing
Description and Scope of Data Processing
Provided that you have given your consent, we use Google’s remarketing function on our website. The application is used to analyse the behaviour and interests of visitors to our website in order to display targeted advertising related to their interests. Google uses cookies that can recognise visitors to a website when they visit other websites belonging to Google’s advertising network. These websites can then show users advertisements that relate to content that they have previously accessed on websites that use Google’s remarketing function.
Google uses the following cookies for this purpose:
| Name | Provider | Purpose | Use time |
| IDE | Google (DoubleClick) | Contains a randomly generated user ID to recognise visitors across different websites and to show personalised advertising | 1 year |
| test_cookie | Google (DoubleClick) | Test of whether the user’s browser allows cookies to be enabled | 15 minutes |
| ads/ga-audiences | Google (AdWords) | Used to re-engage visitors who might switch to the customer’s website based on their online behaviour | Session |
You can disable personalised advertisements from Google via your device settings. Go to https://support.google.com/ads/answer/1660762#mob for instructions on how to do this. More information about privacy related to personalised advertisements can be found at https://support.google.com/adspolicy/answer/143465.
Legal Basis for Data Processing
The legal basis for the use of Google Analytics is your consent (Article 6(1)(a) GDPR).
Purpose of Data Processing
The purpose of the data processing is to show visitors to our website targeted ads that reflect their interests.
Storage Period: 14 Months
Use of HubSpot
Description and Scope of Data Processing
On our website, we use a customer relationship management system provided by HubSpot Germany GmbH (c/o Design Offices, Koppenstraße 93, 10243 Berlin, Germany), hereinafter referred to as “HubSpot”.
Provided that you have given us your consent, HubSpot uses cookies and “web beacons” which are stored on your computer and make it possible to analyse how you use the website. This includes the following tools:
| Name | Provider | Purpose | Use time |
| _hstc | HubSpot | Contains the domain, user token, timestamps of first, last, and current visits, current session count | 13 months |
| hupspotutk | HubSpot | Records user identities when using web forms to de-duplicate contacts | 13 months |
| _hssc | HubSpot | Tracks sessions and contains the domain, the number of page views per session and session start timestamps to determine whether the session count and timestamps in the _hstc cookie need to be increased | 30 minutes |
| _hssrc | HubSpot | Identifying browser session restarts | Session |
| _ptq.gif | HubSpot | Recording of devices and marketing channels used by users | Session |
The information generated by these cookies and web beacons, such as the time, location and frequency of your visit to the website, including your IP address and the pages accessed, is sent to HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) and stored there. HubSpot also reserves the right to forward data to other HubSpot Group companies.
Furthermore, HubSpot collects the data you enter when you fill out information request and appointment coordination forms (except if you use the aforementioned contact form or the email contact) or you agree to receive marketing communications via email (newsletters and automated emails, e.g. providing downloads).
HubSpot will use this information to evaluate your use of our website, compile reports on website activities for us and provide other services related to use of the website and the Internet. HubSpot may also transfer this information to third parties if this is required by law or if third parties process this data on HubSpot’s behalf.
The companies in the HubSpot Group are subject to the standard contractual clauses.
If you generally do not wish for your data to be collected by HubSpot, you can disable the storage of cookies at any time via your browser settings.
Legal Basis for Data Processing
The legal basis for the use of HubSpot’s cookies and web beacons is your consent (Article 6(1)(a) GDPR).
Purpose of Data Processing
The purpose of data processing is to improve our website and to provide users with targeted email marketing communications.
Storage Period
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. As regards the personal data from forms and data sent via email in connection with email marketing communications, this is the case when the respective conversation with you has ended. The conversation is over when it is clear from the circumstances that the situation in question has been fully resolved or the user’s subscription has been deactivated. This does not apply if deletion would breach legal or contractual obligations, in particular regarding retention periods.
For more information on terms of use and privacy, visit https://legal.hubspot.com/privacy-policy.
Using Google Tag Manager
Google Tag Manager is used on this website. Google Tag Manager is a Google system that manages the JavaScript and HTML tags used to implement the services referred to above. In particular, the system controls which tags are to be executed and when, based on your consent. The Tag Manager does not enable cookies itself and does not collect any data or other information about you or your device. The services it controls enable the cookies listed above.
Transfer of Personal Data
portagon GmbH will not share your data with third parties unless you have given your express consent to such disclosure beforehand or the transfer is required or permitted by law. The exception to this is portagon GmbH’s service partners, which are required to execute the contractual relationship and have been commissioned by us to process personal data in accordance with our instructions under an order processing contract. portagon GmbH will not sell your data to third parties or otherwise pass it on to third parties for advertising purposes. portagon GmbH employees are obliged to maintain confidentiality and to comply with data protection regulations.
Automated Decision-making, Including Profiling
Automated decision-making, including profiling, does not take place.
Rights of the Data Subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
Right of Access
According to Article 15 GDPR, you have the right to request information about your personal data that are being processed by us; in particular, you may request information about the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom your personal data have been or will be disclosed, the envisaged period for which your personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing or to object to such processing, the existence of the right to lodge a complaint, the source of your data, where the personal data are not collected by us, and about the existence of automated decision-making, including profiling, and any meaningful information about the details thereof.
Right to Rectification
Under Article 16 GDPR, you have the right to obtain, without undue delay, the rectification or completion of inaccurate personal data stored by us.
Right to Erasure
Under Article 17 GDPR, you have the right to have your personal data that we store erased, provided that processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Right to Restriction
Under Article 18 GDPR, you have the right to restrict processing of your personal data, provided that one of the following applies: you contest the accuracy of your personal data, the processing is unlawful and you oppose the erasure of the data, we no longer need the data but you require it for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR.
Right to Data Portability
Under Article 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request transmission of those data to another controller.
Right to Lodge a Complaint
Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority for your habitual place of residence, your place of work or our registered office for this purpose. In this instance, the competent supervisory authority is: the Hessian Data Protection Commissioner.
Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing purposes.
Right of Withdrawal
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before withdrawal. You can submit a withdrawal of consent to the email address provided during registration/ordering or to datenschutz@portagon.com or by post using the address given above.
Security of Data Transfer
We employ the widely used Secure Socket Layer (SSL) process in conjunction with the highest encryption level supported by your browser during your visit to the website. This is usually 256-bit encryption. As soon as encryption is activated, the address bar of the browser turns green.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. All of our employees who may come into contact with personal data give a written undertaking that they will comply with data protection regulations and keep themselves informed about the legal requirements.
Change to our Privacy Policy
We reserve the right to amend this Privacy Policy from time to time to ensure that it always meets current legal requirements or to incorporate changes to our services into the Privacy Policy, such as when new services are introduced. The most up-to-date Privacy Policy applies each time you revisit our website.
Last updated: March 2023