Privacy Policy

5.1

Within Ridge Capital, access to your data is only granted to those persons who need it to fulfill our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes. We limit the disclosure of your personal data to what is necessary in accordance with data protection regulations. In some cases, the recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own responsibility under data protection law and are also obliged to comply with the requirements of the GDPR and other data protection regulations. We inform you in detail about the specific recipients of your data in the following paragraphs 2.2 ff. and in the relevant areas in sections II., III. and IV. of this privacy policy.

5.2

We will only pass on your data to third parties in the following situations:

• if you have given your express consent to the transfer in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR;
• if the disclosure is permitted by law and is necessary for the performance of a contractual relationship with you or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR;
• if there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR;
• if we are legally obliged to transfer data to state authorities (e.g. tax authorities, supervisory authorities and law enforcement authorities);
• if the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary to safeguard legitimate company interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
• if, in accordance with Art. 28 GDPR, we use external service providers, so-called processors, who have been obliged to handle your data with care.

5.3

This website and our platform are hosted by several external service providers. We use external hosting to fulfill a contract or to carry out pre-contractual measures on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, external hosting is used to provide you with a technically functioning and user-friendly website or platform and to ensure the security, efficiency and speed of our systems (legitimate interest) on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. In order to ensure the protection of your personal data collected on our website or platform, we have concluded order processing contracts with the external hosting service providers. Your data will only be processed to the extent necessary to fulfill the hosting service and our instructions regarding your data will be followed. The hosting is provided by:

• Squarespace Ireland Limited regarding our website https://www.ridgeimpact.com, information from Squarespace Ireland Limited, House, Ship Street Great Dublin 8, D08 N12C, company registration number 527641: https://de.squarespace.com/datenschutz, https://de.squarespace.com/dpa/
• Cashlink Technologies GmbH regarding our platform https://www.ridge-account.com for the brokerage of financial instruments (securities, investments, etc.), information from Cashlink Technologies GmbH, Sandweg 94, Haus C, 60313 Frankfurt am Main: https://cashlink.de/privacy-policy/

5.4

We use external service providers, in particular for IT security, for marketing measures and to support our website. The recipients of your personal data receive them as processors and are strictly bound by our instructions when handling your personal data.

5.5

We act as a tied agent within the meaning of Section 3 (2) WpIG in the brokerage of financial instruments pursuant to Section 2 (2) No. 3 WpIG exclusively for the account and under the liability of Effecta GmbH, Florstadt (hereinafter also referred to as 'Effecta'). Ridge Capital is registered with BaFin as a tied agent: BaFin register of tied agents (register number: 80178715). We pass on the personal data required for the establishment and fulfillment of contracts for financial instruments (securities, investments, etc.) to Effecta and the respective issuer of the financial instrument and, if necessary, to banks, custodians of the digital safe deposit box (wallet), custodian institutions or other custodians and/or trustees and crypto securities registrars. We are authorized to pass on data in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, Ridge Capital, as a contractually bound intermediary, is obliged to grant Effecta access to the business documents at any time, insofar as this is required by supervisory law. In addition, Ridge Capital, as a contractually bound intermediary, has granted Effecta a comprehensive right to issue instructions in order to ensure management and control options in accordance with Section 40 WpIG and Section 80 WpHG. As a contractually bound intermediary, Ridge Capital is also obliged to grant Effecta access to personal data relating to Effecta's internal auditing and compliance.

5.6

We are obliged to tolerate audits and inspections of our business premises by the German Federal Financial Supervisory Authority (BaFin) at any time and to cooperate in these audits, during which BaFin may also inspect personal data at any time and review processes.

6.1

We sometimes use service providers who process your personal data outside the European Union and the European Economic Area (in so-called third countries). We will inform you in detail about the external service providers we use and the third countries in which personal data is processed in the relevant area in sections II. and III. of this privacy policy.

6.2

Some of the service providers we use process your personal data in the USA. The EU has concluded a data protection framework with the USA (EU-US Data Privacy Framework / EU-US Privacy Shield), which came into force on July 10, 2023. This means that a comparable level of protection for personal data is offered in the USA as in the EU if the service provider participates in the self-certification process of the US Department of Commerce. You can find out whether a service provider we use is certified by clicking on the following link: https://www.dataprivacyframework.gov/s/participant-search. If the service providers we use are not certified, there is a risk that your personal data will be processed in the USA without adequate legal protection. In this case, we will transfer your personal data to the USA on the basis of your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

13.1

For the purpose of the technical provision of the website or platform, it is necessary for us to process certain automatically transmitted information so that our website or platform can be displayed to you and you can use it. This information is automatically collected each time our website or platform is accessed and automatically stored in so-called server log files. These are:

• Browser type and browser version;
• operating system used;
• Website from which access is made (referrer URL);
• Host name of the accessing computer;
• Date and time of access;
• IP address of the requesting computer.

The storage of the aforementioned access data is necessary for technical reasons in order to provide a functional website or platform and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your person. In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to make our website or platform available to you without restriction.

13.2

Beyond the aforementioned purposes, we use server log files exclusively for the needs-based design and optimization of our website purely statistically and without drawing any conclusions about your person. This data is not merged with other data sources, nor is it analyzed for marketing purposes.

13.3

The access data collected in the context of the use of our website or platform will only be stored for the period for which this data is required to achieve the aforementioned purposes.

13.4

If you visit our website or platform to find out about our range of products and services or to use them, the basis for the temporary storage and processing of access data is Art. 6 para. 1 sentence 1 lit. b GDPR (legal basis), which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website or platform and to ensure the security of our systems.

14.1

If you contact us by post, e-mail or telephone, your request and other personal data (e.g. name, address, e-mail address, telephone number) will be processed for the purpose of handling your request. You provide us with your data voluntarily. However, we cannot communicate with you and carry out pre-contractual or contractual measures without the provision of your data.

14.2

This data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR) and/or on our legitimate interests in the effective processing of the inquiries addressed to us and external communication (Art. 6 para. 1 sentence 1 lit. f GDPR).

14.3

The personal data you send to us by post, e-mail or telephone will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

15.1

If you send us inquiries via the contact form, your message/message (comment) including the contact data you provide there (e.g. your e-mail address, your first name and surname) will be stored and processed by us for the purpose of processing and answering the inquiry and in the event of follow-up questions. We do not pass this data on to third parties unless this is necessary in the context of processing and answering your contact request (e.g. to the respective issuer) or you have given us your consent to do so.

15.2

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR (legal basis). In addition, we process the personal data to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the appropriate response to customer/contact inquiries.

15.3

The data you enter in the contact form will remain with us until the purpose for data storage/processing no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.

15.4

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to answer your request. Personal data that we absolutely need to communicate with you is marked accordingly as mandatory information in the contact form.

15.5

To provide our contact form, we use 'Typeform', a service of TYPEFORM, S.L., Calle de Pallars 108 (Aticco), 08018 Barcelona, Spain. In order to guarantee the protection of your personal data, we have concluded an order processing contract with Typeform. Typeform will only process your data to the extent necessary to provide the contact form and follow our instructions regarding your data. For information on the handling of your personal data by our external service provider, please refer to the privacy policy directly on the Typeform website. Information from the third-party provider: https://admin.typeform.com/to/dwk6gt, https://www.typeform.com/help/a/what-happens-to-my-data-360029581691/

16.1

If you would like to receive our newsletter, we require a valid e-mail address from you. We will check whether you are the owner of the e-mail address provided or whether its owner has authorized you to receive the newsletter. By registering for the newsletter, we save your IP address and the date and time of registration. This serves as protection in the event that a third party misuses an e-mail address and subscribes to our newsletter without the knowledge of the authorized person.

16.2

In the context of registering for the newsletter, we only process the data you provide. The data is processed exclusively for sending the newsletter and will not be passed on to third parties.

16.3

The legal basis for processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

16.4

You can revoke your consent to the storage of data, the e-mail address and its use for sending the newsletter at any time. Revocation can be made via a link in the newsletter itself or by notification to us by e-mail or to the controller named at the beginning of this privacy policy.

16.5

After you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this privacy policy.

17.1

We use the CRM tool 'HubSpot' from HubSpot Inc, 25 First Street, Cambridge, MA 02141, USA to store contact data, process leads and manage customer relationships. We have concluded an order processing contract with HubSpot. HubSpot will only process your data to the extent necessary to provide the CRM service and follow our instructions regarding your data.

17.2

The use of the CRM tool serves our legitimate interest in the efficient management of customer relationships and the optimization of our sales processes in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

17.3

HubSpot processes your personal data in the USA. HubSpot is certified under the EU-US Data Privacy Framework. For more information, please refer to HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy

18.1

We use cloud services for the storage and processing of data. We have concluded order processing contracts with the respective providers. The providers will only process your data to the extent necessary to provide the cloud service and follow our instructions regarding your data.

18.2

The use of cloud services is based on our legitimate interest in the efficient and secure storage and processing of data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

19.1

We use search engine optimization (SEO) measures to improve the visibility of our website in search engine results. In this context, we use tools and services that may process personal data such as IP addresses and usage data.

19.2

The use of SEO measures is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

20.1

You can register on our platform to use additional functions. We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

20.2

For important changes, for example to the scope of the offer or in the event of technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

20.3

The processing of the data entered during registration is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time. An informal notification by e-mail to us is sufficient for this. The legality of the data processing already carried out remains unaffected by the revocation.

20.4

The data collected during registration will be stored by us for as long as you are registered on our platform and will then be deleted. Statutory retention periods remain unaffected.

21.1

In the context of the brokerage of financial instruments (securities, investments, etc.), we process personal data that are necessary for the establishment and fulfillment of a contractual relationship.

21.2

In particular, we process the following personal data:

• Personal details (e.g. first name, surname, date of birth, place of birth, nationality, marital status);
• Contact details (e.g. address, e-mail address, telephone number);
• Identification data (e.g. ID card data, passport data);
• Authentication data (e.g. signature specimen);
• Tax data (e.g. tax identification number, tax residency);
• Order and transaction data (e.g. payment instructions, order history);
• Data on knowledge and experience in financial instruments;
• Data on financial situation (e.g. income, assets);
• Data on investment objectives and risk tolerance;
• Documentation and correspondence data.

21.3

The processing of the aforementioned data is necessary for the performance of a contract or for the implementation of pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

21.4

In addition, the processing is necessary for compliance with legal obligations (e.g. Money Laundering Act, Securities Trading Act, Securities Institutions Act) in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.

21.5

We pass on the personal data required for the establishment and fulfillment of contracts for financial instruments to Effecta GmbH, Florstadt, and the respective issuer of the financial instrument and, if necessary, to banks, custodians, custodian institutions or other custodians and/or trustees and crypto securities registrars.

21.6

We use Cashlink Technologies GmbH, Sandweg 94, Haus C, 60313 Frankfurt am Main, as a technical service provider for our platform. Cashlink acts as a processor and processes your data exclusively in accordance with our instructions. For more information, please refer to Cashlink's privacy policy: https://cashlink.de/privacy-policy/

21.7

For the purposes of identity verification and the fulfillment of due diligence obligations under the Money Laundering Act, we may use identity verification service providers. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. c GDPR.

21.8

The personal data processed in the context of the brokerage of financial instruments will be stored for the duration of the business relationship and beyond in accordance with the statutory retention and documentation obligations arising from the German Commercial Code (HGB), the German Fiscal Code (AO), the Money Laundering Act (GwG), the Securities Trading Act (WpHG) and the Securities Institutions Act (WpIG).

22.1

For the security of your account, we offer two-factor authentication (2FA). When you use 2FA, additional technical data is processed.

22.2

The processing of this data is necessary for the performance of a contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR and to protect the security of your account in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

22.3

The 2FA data includes device-specific information such as device type, operating system and app version.

22.4

The 2FA data is stored for as long as you use the two-factor authentication feature and will be deleted when you deactivate 2FA.

22.5

The app does not collect any additional personal data beyond what is required for the authentication process.

22.6

The app does not share personal data with third parties.

22.7

The app uses industry-standard encryption to protect the data processed during authentication.

22.8

You can deactivate two-factor authentication at any time in your account settings.

23.1

In addition to the specific processing situations described above, we may process your personal data for the following purposes: to assert, exercise or defend legal claims; to prevent and detect fraud; for internal administrative purposes within the Ridge Capital group of companies.

23.2

The legal basis for this processing is our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR or, where applicable, a legal obligation in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.

12.1

We use cookies and similar technologies on our website or platform. Cookies are small text files that are stored on your terminal device (laptop, tablet, smartphone, etc.) by your browser when you visit our website or platform.

12.2

Cookies do not cause any damage to your terminal device, they do not contain viruses, Trojans or other malware. Information is stored in the cookie that is related in each case to the specific terminal device used. However, this does not mean that we gain direct knowledge of your identity.

12.3

We use technically necessary cookies to make our website or platform more user-friendly. Some elements of our website or platform require that the calling browser can be identified even after a page change. These technically necessary cookies are automatically deleted after a defined period. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.

12.4

In addition, we use cookies that enable an analysis of your surfing behavior (analysis cookies). These cookies are only set with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

12.5

The data collected using technically necessary cookies is not used to create user profiles.

12.6

You can configure your browser settings to inform you about the setting of cookies and individually decide on their acceptance, accept cookies for specific cases or generally exclude them, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our website or platform may be restricted.

13.1

This website or platform uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

13.2

Google Analytics enables us to analyze the behavior of visitors to our website or platform. In doing so, we receive various usage data such as page views, length of visit, operating systems used and the origin of the user. This data is assigned to the respective end device of the user via the user ID.

13.3

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of our website or platform is generally transmitted to and stored on a Google server in the USA.

13.4

IP anonymization is activated on our website or platform. As a result, your IP address will be shortened by Google within member states of the European Union or in other states that are parties to the Agreement on the European Economic Area before being transmitted to the USA.

13.5

We use Google Analytics only with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

13.6

Google is certified under the EU-US Data Privacy Framework. For more information on data protection at Google, please visit: https://policies.google.com/privacy

13.7

We have concluded an order processing contract with Google for the use of Google Analytics.

14.1

We use HubSpot tracking on our website. The provider is HubSpot Inc, 25 First Street, Cambridge, MA 02141, USA.

14.2

HubSpot uses cookies and similar technologies that enable an analysis of the use of our website. The information generated by the cookies about your use of our website is transmitted to and stored on a HubSpot server.

14.3

We use HubSpot tracking only with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

14.4

HubSpot is certified under the EU-US Data Privacy Framework. For more information, please refer to HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy

15.1

Our website uses the visitor action pixel from Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

15.2

This enables user behavior to be tracked after the user has been redirected to our website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us.

15.3

We use the Facebook pixel only with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

15.4

Meta is certified under the EU-US Data Privacy Framework. For more information, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

16.1

Our website uses the LinkedIn Insight Tag from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

16.2

The LinkedIn Insight Tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser properties and timestamp. This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days.

16.3

We use the LinkedIn Insight Tag only with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

16.4

LinkedIn is certified under the EU-US Data Privacy Framework. For more information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

18.1

We may use affiliate tracking technologies on our website. Affiliate tracking is used to correctly attribute orders placed through affiliate links to the respective affiliate partner.

18.2

We use affiliate tracking only with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

19.1

Our website uses a cookie consent tool to obtain your consent to the storage of cookies and similar technologies on your terminal device and to document this in compliance with data protection requirements. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c GDPR (legal obligation) in conjunction with Art. 7 para. 1 GDPR, as we are obliged to prove your consent.

20.1

We use the "Page Insights" function of the respective social media platforms to receive anonymized statistical data about the use of our social media pages.

20.2

This data includes information on the types of actions taken on our pages, page views, post interactions, reach, video views, follower demographics and other statistical information.

20.3

We use this information to make our content and activities on our social media pages more attractive for users. The legal basis for this processing is our legitimate interest in the optimization of our social media presence in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

20.4

We and the social media provider are jointly responsible for the processing of Page Insights data. We have concluded joint controller agreements with the respective social media providers where applicable.

21.1

When you visit our social media pages, the social media providers process your data for market research and advertising purposes. Usage profiles may be created based on your usage behavior.

21.2

The social media providers use cookies and other tracking technologies regardless of whether you have an account with the social media provider and are logged in.

21.3

Detailed information on the processing and use of data by the social media providers, as well as your rights and options for protecting your privacy, can be found in the privacy policies of the respective providers.

21.4

If you would like to object to the data collection by social media providers, please use the opt-out options provided by the respective social media providers.

22.1

In the context of our social media presence, we may process the following data:

• User names and profile information visible on the respective social media platform;
• Content of messages and inquiries you send to us via social media;
• Comments and reactions to our posts;
• Information you share publicly on our social media pages;
• Statistical and anonymized usage data provided by the social media platforms.

This processing is based on our legitimate interest in maintaining an effective social media presence and communicating with our audience in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Where we process your data based on your inquiry or message, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.