Privacy Thank you for your interest in our company and our website. Santiago GmbH & Co. KG (hereinafter referred to as "Santiago Advisors") takes the protection of personal data very seriously and respects the privacy of every visitor. For this reason, we would like to provide you with transparent information in the following privacy policy about what data we collect about you and why we need this data when you use our website. This privacy policy also contains information about when we share your personal data with third parties (e.g., our service providers). In addition, it also contains your rights regarding your data and the contact persons you can contact for further information or inquiries. All personal data is processed in strict compliance with applicable data protection laws and this privacy policy. Privacy Policy | Santiago GmbH & Co KG25.02.2025 Who we areThe controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is: Santiago GmbH & Co KG Donkweg 47 47877 Willich Germany +49 (0)2156 496691 info@santiago-advisors.com Contacting the data protection officerThe data protection officer of the controller is: DataCo GmbH Sandstr. 33 80335 Munich Germany +49 89 7400 45840 On this page, we inform you about the processing of your personal data on the website. How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use, or share your personal data if we have a legitimate purpose and legal basis for doing so. What do we mean by legal basis?Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the subsections "Exercising your rights" in the following sections of this privacy policy. Contract (Art. 6 para. 1 sentence 1 lit. b GDPR) - We need to use your data to fulfill a contract you have with us. Alternatively, it is necessary to use your data because we have asked you to do so or you have taken certain steps yourself before entering into this contract. Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) - We must use your data to comply with the law. Vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) - The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm. Public task (Art. 6 para. 1 sentence 1 lit. e GDPR) - The processing of your data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, e.g. for a legal function. Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) - The processing of your data is necessary to support a legitimate interest that we or another party have, only if your own interests do not outweigh these interests. Please note that we may not be able to provide you with our website services if your data is processed for the performance of a contract or a legal obligation and you do not provide the requested data. Sharing of data and international transferAs explained in this privacy policy, we use various service providers to help us provide our services and ensure the security of your data. When we use these service providers, it is necessary for us to share your personal data with them. We have entered into agreements with all service providers to whom we pass on your data that oblige them to protect your data. If your personal data is transferred outside the EU, we will ensure that your personal data receives an equivalent level of protection, either because the country to which your data is transferred has an "adequate" data protection standard according to the European Commission, or by applying another protective measure, such as an extended contractual agreement, i.e., the Standard Contractual Clauses (SCCs) adopted by the European Commission. For example, when we use US service providers, we rely on either the SCCs or the EU-US Data Privacy Framework, depending on the provider. You can request a copy of the SCCs we have entered into with our service providers by sending an email to the email address provided in this Privacy Policy. Your rightsIf your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller: 1. The right to information (Art. 15 GDPR)You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information about this data and the following information:
2. Right to rectification (Art. 16 GDPR)If your personal data is inaccurate or incomplete, you have the right to request that it be corrected or supplemented without undue delay. 3. Right to restriction of processing (Art. 18 GDPR)If one of the following conditions is met, you have the right to request restriction of the processing of your personal data:
4. Right to erasure ("right to be forgotten") (Art. 17 GDPR)If one of the following reasons applies, you have the right to request the immediate erasure of your personal data:
Please note that the above reasons do not apply if processing is necessary:
5. Right to data portability (Art. 20 GDPR)You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request its transfer to another controller. 6. Right to object to certain data processing (Art. 21 GDPR)You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. 7. Right to lodge a complaint with a supervisory authorityWithout prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. A list of the supervisory authorities with local jurisdiction in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html Provision of the website and creation of log files1. Description and scope of data processingEach time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
This data is stored in our system's log files. This does not affect the user's IP addresses or other data that enables the data to be assigned to a user. This data is not stored together with other personal data of the user. This data is not stored together with other personal data of the user. 2. Purpose of data processingThe data is stored in log files to ensure the functionality of the website. The data also helps us to optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. 3. Legal basis for data processingThe legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR. 4. Duration of storageThe data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to assign them to the requesting client. 5. Exercising your rightsThe collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. The user can object to this at . Whether the objection is successful must be determined on the basis of a balancing of interests. Use of cookies1. Description and scope of data processingWhen you visit our website, we use technical tools for various functions, in particular cookies that may be stored on your device. When you visit our website and at any time thereafter, you have the choice of whether to generally allow cookies or which individual additional functions you wish to select. You can make changes in your browser settings or via our consent manager. Cookies are text files or pieces of information in a database that are stored on your hard drive and assigned to the browser you are using, so that certain information can be passed on to the entity that set the cookie. Below we describe the types of cookies we use: We use technically necessary cookies that are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible. The following data is stored and transmitted by the technically necessary cookies:
We use cookies on our website that are not technically necessary. Text files that are not solely for the purpose of the website's functionality, but also collect other data, are considered technically unnecessary cookies. By setting technically unnecessary cookies, the following data is processed:
2. Purpose of data processingThe purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. We require technically necessary cookies for the following applications:
The use of technically unnecessary cookies is for the purpose of improving the quality of our website, its content, and thus our reach and economic efficiency. By setting these cookies, we learn how the website is used and can thus continuously optimize our offering. In particular, these cookies serve the following purposes:
3. Legal basis for data processingThe provisions of the Telecommunications Digital Services Data Protection Act (TDDDG) apply to the storage of information on the end user's terminal equipment and/or access to information already stored on the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, cookies are stored on and accessed from your terminal equipment on the basis of Section 25 (2) No. 2 TDDDG. This storage and access to the information on your terminal equipment serves to facilitate your use of our website and to enable us to offer you our services as requested by you. Some functions of our website do not work without the use of these cookies and therefore cannot be offered. Cookies are generally deleted after the end of the session (e.g., logging out or closing the browser) or after a specified period of time. Information on different storage periods for cookies can be found in the following sections of this privacy policy. If cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. In this case, the basis for the storage and access to information is § 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a), Art. 7 GDPR. You can revoke your consent at any time with effect for the future or grant it again at a later date by configuring your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by making the appropriate settings in your browser software. Please note that the browser settings you make will only apply to the browser you are currently using. If personal data is processed after the information has been stored and accessed on your end device, the provisions of the GDPR apply. You can find information on this in the following sections of this privacy policy. 4. Exercising your rightsYou can revoke your consent to the use of cookies at any time and manage your consent preferences at the following link: www.santiago-advisors.com (pop-up powered by Usercentrics Consent Management). 1. Description and scope of data processingYou can contact us via the email address provided on our website. In this case, the personal data transmitted with the email will be stored. The data will be used exclusively for processing the conversation. 2. Purpose of data processingIf you contact us by email, this also constitutes the necessary legitimate interest in the processing of your data. 3. Legal basis for data processingThe legal basis for processing the data transmitted when sending an email is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in responding to your email enquiry in the best possible way. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. 4. Duration of storageThe data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data sent by email to , this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. The personal data collected additionally during the sending process will be deleted after a period of 14 days at the latest. 5. Exercising your rightsIf the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The objection can be declared as follows: Informal contact by email to info@santiago-advisors.com or to the data protection officer or via the contact form. All personal data stored in the course of the contact will be deleted in this case. Contact form1. Description and scope of data processingOur website has a contact form that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. The following data is stored when the message is sent:
2. Purpose of data processingThe personal data entered in the contact form or sent to the email address provided is used solely for the purpose of processing your enquiry. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. 3. Legal basis for data processingThe legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in providing you with the best possible response to your enquiry submitted via the contact form. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR. 4. Duration of storageThe data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. The personal data collected during the sending process will be deleted after a period of 14 days at the latest. 5. Exercising your rightsIf the user contacts us via the input mask in the contact form, they can object to the storage of their personal data at any time in the following manner: Informal contact by email to info@santiago-advisors.com or to the data protection officer or via the contact form. In this case, all personal data stored in the course of the contact will be deleted. Application by email and application formAn application form is available on our website, which can be used for electronic applications. If an applicant makes use of this option, the data entered in the input mask will be transmitted to us and stored. This data includes:
Alternatively, you can send us your application by email. In this case, we will record your email address and the data you provide in the email. Your data will not be passed on to third parties. The data will be used exclusively for processing your application. 2. Purpose of data processingThe personal data from the application form is processed solely for the purpose of processing your application. If you contact us by email, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process is used to prevent misuse of the application form and to ensure the security of our IT systems. 3. Legal basis for data processingThe legal basis for the processing of your data is the contract initiation at the request of the data subject, Art. 6 para. 1 sentence 1 lit. b Alt. 1 GDPR and § 26 para. 1 sentence 1 BDSG. 4. Duration of storageAfter completion of the application process, the data will be stored for up to 6 months. Your data will be deleted at the latest after 6 months. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions. Any additional personal data collected during the submission process will be deleted after a period of 14 days at the latest. Company profilesInstagram, part of Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland We provide information on our company page and offer Instagram users the opportunity to communicate with us. If you perform an action on our Instagram company profile (e.g., comments, posts, likes, etc.), you may disclose personal data (e.g., your real name or photo from your user profile) publicly. However, as we generally have little or no influence over the processing of your personal data by Instagram, we cannot make any binding statements about the purpose and scope of the processing of your data. We use our company profile on social networks to communicate and exchange information with (potential) customers. In particular, we use our company profile for:
The posts on the company profile may contain the following content:
Every user is free to publish personal data through their activities. Insofar as we process your personal data to evaluate your online behavior, offer you competitions, or carry out lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 (1) (a) and Art. 7 GDPR. The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in responding to your enquiry in the best possible way or in providing you with the information you have requested. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. The data generated by the company's website is not stored in our own systems. We have provided appropriate safeguards in the form of standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR for the processing of your personal data in third countries. A copy of the standard data protection clauses can be requested from us. You can object to the processing of your personal data that we collect when you use our company website at any time and assert your rights as a data subject as set out in the "Your rights" section of this privacy policy. To do so, please send us an informal email to info@santiago-advisors.com; datenschutz@dataguard.de. For information on the processing of your personal data by Instagram and the corresponding options for objection, please refer to the following links:
Use of company profiles on professional networks1. Scope of data processingOur company presence on professional networks such as LinkedIn serves to provide information, communicate with users, and recruit applicants and interested parties. We do not process any personal data outside of the respective platforms. The processing of personal data by the operators of the networks is their sole responsibility. Further information on data processing can be found in the privacy policies of: If you interact on our company pages (e.g., through comments, posts, or likes), personal data such as your name or profile picture may be publicly visible. 2. Legal basis for data processingThe legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in responding to your enquiry in the best possible way and providing you with the information you have requested. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. 3. Purpose of data processingOur company website serves to inform users about our services. Users are free to publish personal data through their activities. 4. Duration of storageThe data generated by the company website is not stored in our own systems. 5. Exercising your rightsYou can object to the processing of your personal data that we collect when you use our company website at any time and assert your rights as a data subject as set out in the "Your rights" section of this privacy policy. To do so, please send us an informal email to the email address provided in this privacy policy. Further information on exercising your rights can be found here: https://www.linkedin.com/legal/privacy-policy HostingThe website is hosted on servers by a service provider commissioned by us. Our service provider is: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. Further information about the processing of personal data by Ionos can be found at: https://www.ionos.com/terms-gtc/privacy-policy/ The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:
This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest in processing this data lies in displaying our website without errors and optimizing its functions. The website server is located in Germany. Integrated third-party servicesWe use various service providers to provide the services offered on our website. In general, we have a legitimate interest in sharing your data with the relevant service providers if these services are essential for providing the basic service offered on the website in order to provide the corresponding website service. If such services are required for additional services, extended functions, or additional purposes, your personal data will only be passed on to service providers if you give your consent. You can revoke your consent to the use of integrated third-party services and manage your consent settings at any time here: www.santiago-advisors.com (pop-up powered by Usercentrics Consent Management). Use of Google Analytics 4 (GA 4) 1. Scope of processing of personal data We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). Google Analytics examines, among other things, how website visitors use our site. Google places cookies on your device for this purpose. During your visit, your user behavior is recorded in the form of "events." This may result in the storage and evaluation of personal data, including:
By default, IP address anonymization is enabled in GA 4. This means that your IP address will be shortened by Google within the member states of the European Union or other signatory states to the Agreement on the European Economic Area. In exceptional cases, the full IP address is transferred to a Google server in the US and shortened there. Google states that the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Further information on data processing by Google can be found here: https://policies.google.com/privacy 2. Purpose of data processing We use GA 4 to evaluate the use of our online presence and to generate reports on the activities on our website. The reports are used to analyze the performance of our website and to display targeted advertising to people who have already expressed an initial interest by visiting our website. 3. Legal basis for the processing of personal data The legal basis for the processing of users' personal data is, in principle, the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. 4. Duration of storage Your personal data will be deleted after 2 months. This deletion takes place automatically once a month. 5. Exercising your rights You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent via our cookie consent tool. You can prevent Google from collecting and processing your personal data by preventing third-party cookies from being stored on your computer, by using the using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser. Further information on Google's options for objection and removal can be found at: https://policies.google.com/technologies/partner-sites You can also prevent Google from collecting the data generated by the cookie and related to your use of the online presence (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de You can disable the use of your personal data by Google using the following link: https://adssettings.google.de Use of Adobe Fonts 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Duration of storage 5. Exercising your rights Use of Usercentrics 2. Purpose of data processing 3. Legal basis for the processing of personal data 4. Duration of storage 5. Exercising your rights This privacy policy was created with the support of DataGuard. |
