Our Privacy Policy
The data controller for processing data in connection with the website www.elvaston.com is Elvaston Capital Management GmbH, Kurfürstendamm 214, 10719 Berlin,
Phone: +49 30 887 142 70, Fax: +49 30 887 1427 27, Email: info@elvaston.com .
You can contact our Data Protection Officer at datenschutz@elvaston.com.
1. Automatically Collected Data During Website Visits
We collect data automatically transmitted by your browser to our web server during internet use, such as your IP address, the URLs of the websites from which you arrived, the browser used, browser language, the operating system and interface, the access device used, the date and time of access, the pages accessed on our website, and the time spent on our website. The legal basis for processing this data is Article 6(1)(f) GDPR, based on our legitimate interests, which include:
- Enabling access to and visits to the website,
- Continuously improving the website and tailoring offers to user needs,
- Conducting internal quality control,
- Detecting, addressing, and preventing errors, disruptions, or misuse,
- Creating statistics on access channels and website usage.
2. Contacting Us
You can contact us via contact forms on our website, by email, or by phone. In this context, we process your data to communicate with you and to handle your inquiry.
For this purpose, our website contact form requests your inquiry details and contact information.
The legal basis for processing this data is Article 6(1)(b) GDPR where your details are required to respond to your inquiry or to initiate or perform a contract, and otherwise Article 6(1)(f) GDPR based on your and our legitimate interest in responding to your inquiry.
Data collected for this purpose is generally deleted after your inquiry has been fully processed, unless it is required for other purposes (e.g., for the performance of a contract). Where the correspondence constitutes business records within the meaning of commercial or tax law, we retain it for the legally prescribed periods (generally six years).
3. Cookies, Analysis, and Tracking
We use cookies, web beacons, or similar technologies when you visit our websites or use our offerings.
Cookies are small text files stored on your computer or mobile device by your browser, enabling recognition of your device, potentially across multiple websites. Cookies do not contain personal data. Some cookies are deleted after the browser session ends (session cookies). Others remain on your device, allowing us or our service providers to recognize your browser on subsequent visits (persistent cookies).
You can prevent the use of cookies through your browser settings; however, certain areas of the website or offerings may then not function as intended.
Web beacons are small graphic files ("pixels") that may be embedded in our website and used to capture user behavior. Similar technologies include HTML5 cookies or other local (browser or device) storage methods, which — comparable to cookies — store data in your browser or device to recognize it during a session or on subsequent visits.
Service providers we engage may use cookies, in particular for web analytics (see below). This is done on the basis of your consent, where you have provided it via the cookie banner.
3.1 Legal Bases
Tools and cookies necessary for website operation (Section 3.2) are used based on your and our legitimate interests pursuant to Article 6(1)(f) GDPR in operating the website, and pursuant to Section 25(2)(2) TDDDG.
Other tools, in particular for analytics and marketing purposes (Section 3.3), are used on the basis of your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG, obtained via the cookie banner (see below).
Where different legal bases apply to individual tools or procedures, this is explicitly indicated below.
You may withdraw or adjust your consent at any time via the "Cookie Settings" link.
Further information on the cookies used (e.g., their storage duration) can be found in the Consent Management Tool (Section 3.2.1).
3.2 Necessary Tools and Cookies
3.2.1 Cookie Banner / Consent Management
For the purpose of consent management, we use a Consent Management Tool ("CMT") provided by Objectis Ltd. ("CookieScript"), Laisvės st. 60, LT-05120 Vilnius, Lithuania, which also displays the cookie banner.
When you visit our website, our CMT sets a cookie that stores the consents granted for individual services and controls the activation or deactivation of the respective functionalities. The data collected is stored until you delete the cookie.
The CMT is used to obtain the required consents and to document them in accordance with our obligation to demonstrate compliance. The legal basis is Article 6(1)(c) GDPR.
3.2.2 Google Tag Manager
We use the Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager is used to manage tracking tools and other services, known as website tags. The Google Tag Manager does not use cookies. The legal basis is Article 6(1)(f) GDPR, based on our legitimate interest in integrating and managing multiple tools and services on our website in a straightforward manner.
3.3 Analytics and Marketing Tools
3.3.1 Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses cookies and similar technologies to analyze and improve our website based on your usage behavior. Google will process the information obtained to evaluate your use of the website, to compile reports on website activity for us, and to provide other services related to website and internet usage. By analyzing which features our visitors use and which pages they visit, we gain a better understanding of what our visitors find useful. This information allows us to create more relevant experiences and to inform business decisions. Details regarding the technologies used by our visitors (e.g., app, operating system, or browser version) can help us identify and resolve technical issues. The data generated in this context may be transferred by Google to a server in the United States for analysis and stored there. For such data transfers to the United States, we have concluded Standard Contractual Clauses with Google pursuant to Article 46(2)(c) GDPR in order to ensure an adequate level of data protection.
We have concluded a data processing agreement with Google for the use of Google Analytics.
In particular, the following data is processed by Google Analytics: anonymized IP address; referrer URL (previously visited page); pages accessed (date, time, URL, title, time spent); links clicked to other websites; achievement of certain goals (conversions) where applicable; technical information: operating system; browser type, version, and language; device type, brand, model, and resolution; approximate location (country and, where applicable, city, based on anonymized IP address); device information (including advertising ID where applicable); location information (e.g., city). If you have consented and are logged into your Google account when visiting our site with personalized advertising enabled, Google may also create anonymized statistics for us based on your account data ("Google Signals").
For further details, please refer to Google's privacy information.
4. Data Recipients
In addition to the recipients mentioned in Section 3, we may engage further external service providers and, where necessary, grant them access to personal data for the performance of their services.
We will grant these service providers access to personal data only to the extent necessary for the performance of their tasks. We comply with all applicable data protection requirements and oblige our service providers to do the same where required. Service providers may only process personal data on our behalf and not for their own purposes, and must treat the data confidentially. To this end, we have concluded data processing agreements pursuant to Article 28 GDPR.
Where we use services whose providers are located in, or process personal data in, third countries outside the European Economic Area for which the European Commission has not issued an adequacy decision pursuant to Article 45 GDPR, we have taken appropriate measures to ensure an adequate level of data protection for any such data transfers. These include in particular the Standard Contractual Clauses of the European Union or binding corporate rules. Where this is not possible, we base the data transfer on your explicit consent.
In particular, we use Webflow Inc., 398 11th Street, Floor 2, San Francisco, CA 94103, as our service provider for the hosting and technical operation of our website. We have concluded a data processing agreement with Webflow. Webflow is certified under the EU/US Data Privacy Framework.
5. Data Subject Rights, Right to Lodge a Complaint, Right to Object
In addition to the right to withdraw any consent you have provided to us, you are entitled — subject to the applicable legal requirements — to the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR, and the right to data portability under Article 20 GDPR.
You have the right, at any time, to object to the processing of your personal data carried out on the basis of Article 6(1)(f) GDPR, for reasons arising from your particular situation (Article 21(1) GDPR). Where we process your personal data on the basis of Article 6(1)(f) GDPR for direct marketing purposes, you have the right to object at any time without providing any reasons (Article 21(2) GDPR).
Additionally, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR.
Last updated: 03/2026