Privacy Policy

Privacy Policy

I. Introduction

We are aware of the trust you are placing in us. Therefore, we would like to provide comprehensive information to you on how we handle your personal data. In particular, we would like to inform you about the type of data we collect when you visit and/or use our website and how we use this data. If we have received personal data from you through other communication channels (e.g., by e-mail), the following Privacy Notice applies as well.

Given that our website and the technology on which it is based, as well as our business processes, are subject to continuous development, the Privacy Notice may need to be changed too. All future changes will be published on this website.

II. Use of the website and data protection

1. Name and contact data of the controller of the website

We, Aquila Capital Holding GmbH, represented by the managing directors Roman Rosslenbroich and Dr. Dieter Rentsch, Valentinskamp 70, 20355 Hamburg (Tel.: +49 40 875050-100 / receptionist, Fax: +49 40 87 5050-129) as the provider of this website, are the controller within the meaning of Art. 4(7) GDPR.

2. Contact data of the data protection officer

Aquila Capital Holding GmbH is part of Aquila Capital (meaning Aquila Capital Holding GmbH and its affiliated companies in the sense of Art. 15 et. seq. Stock Corporation Act (AktG)). The data protection officers of Aquila Capital can be reached as follows:

Aquila Capital Holding GmbH
c/o the data protection officer
Valentinskamp 70, 20355 Hamburg or

3. Restriction of the scope of this Privacy Notice for visits to our website

Our Privacy Notice only applies to our content which is stored on our servers. It expressly does not cover any links to websites of third parties in our offerings

4. Processing of personal data in the context of informational use of our website

a. Description and scope of data processing

If you only use our website for informational purposes and you have not consented to the setting and use of any optional cookies, we do not collect any personal data aside from the data transmitted by your browser via basic cookies that are stored on your end device which are necessary to enable you to visit and functionally use the website. 

That data is:

  1. Date and time of your request
  2. Duration of your visit
  3. Time zone difference compared to Greenwich Mean Time (GMT)
  4. Content of the request (specific page)
  5. Access status / HTTP status code
  6. Website & provider from/by which the request is made
  7. Browser
  8. Operating system
  9. Language and version of the browser software
  10. IP address

In addition to the aforementioned data, additional data may be collected and processed if you consent to the storage of optional cookies on your computer and processing of such data when you visit and use our website. For more details on the processing of data via cookies, see II. Clause 9 of this Privacy Notice.

b. Purpose and legal basis of data processing

The mentioned data is processed in order to enable you to visit and functionally use the website. We may use some of the mentioned data in order to create aggregated/anonymised use statistics, for example, or to identify and trace unauthorised attempts to access our web servers or to create general profiles regarding the use of our website in aggregated/anonymised form and only to improve user navigation and optimise our products and services. Our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes. We do not create or process behavior profiles relating to a specific person from the aforementioned information.

c. Duration of data storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended or after 1 year. 

5. Using the “Contact Us” feature

We process your personal data (time stamp of request, your contact data such as names and mail address and any further information you choose to include in the request) provided in the contact form in order to contact you and to process your request (Art. 6 (1) lit. b GDPR). This data may be passed on to affiliated companies, if this is necessary to solve your request. Data transmitted via the contact form will remain with us until we have solved your request or you request us to delete it or there is no longer any need to store the data. Mandatory legal provisions – in particular retention periods – remain unaffected.

6. Vimeo

Our website uses plugins from Vimeo to integrate and display video content. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When calling a page with an integrated Vimeo plugin, a connection to the servers of Vimeo is established. This will tell Vimeo which of our pages you have accessed. Vimeo will know your IP address even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.

Notes on legal bases:

If we ask you for your consent for the use of Vimeo, the legal basis for the processing of data is the consent in accordance with Art. 6 (1) lit. a. GDPR.

Vimeo can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand. Details on the handling of user data can be found in Vimeo’s data protection declaration at:

7. Disclosure to third parties

To facilitate the purposes described, we may exchange your data with third parties. In this context we may provide access to your information to third parties that support our provision of services to you. Examples are third parties used to manage our web servers and to analyse data who may be able to access your data in this context. A data processing agreement is concluded in this case.

If you make your personal data available to us for the purpose of potential future cooperation and/or to enable us to contact you, we may disclose this data within Aquila Capital, if there is a legitimate interest on our part and your interests, fundamental rights and freedoms do not outweigh. Otherwise, we only provide your personal data to third parties if we are obligated to do so by compulsory legal regulations, if you ask us to do so or have consented to the disclosure, or after the data has been anonymized or pseudonymized.

We only transfer data to third parties established in a third country with your consent or to fulfil our contractual obligations pursuant to Art. 44 GDPR et seqq.

8. Data security, TLS encryption with https

Aquila Capital takes diligent precautions to protect your data against manipulations, loss, destruction and against access by unauthorised persons. We continuously improve our security measures in accordance with the development of technology. The employees of Aquila Capital are obligated to maintain data confidentiality in accordance with the provisions of the GDPR.

We use https to transmit data in a tap-proof manner on the internet (data protection through technology design Article 25 (1) GDPR). Through the use of TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the https scheme (instead of http) as part of our Internet address.

9. Technologies used

Parts of this website may use technologies that are widely used on the internet, such as JavaScript, Java, Flash or ActiveX, to allow us to present the information requested in a form that is more convenient for you. We do not use these technologies in any way to spy on personal data or manipulate data on your computer.

10. Cookies

a. Description and scope of data processing

We need certain information to enable us to design our websites based on user needs. To collect this information, we also use cookies. Cookies are meant to facilitate the use of the internet and communication. Cookies are stored on your PC or another end device to anonymously identify the device and to support the application when you return to our websites.

If you want to, you can suppress the storage of cookies in general through your web browser or you can decide if you want to be asked if a cookie should be stored or not. However, if you do not accept any cookies (including functionally necessary), some pages may not be displayed correctly anymore.

We use cookies on our website to store the following parameters, for example:

  1. Language and country
  2. Browser settings and installed plug-ins
  3. Data on the use of our website.

This website uses the following cookies:

Transient cookies (temporary use)

Persistent cookies (use for a limited time)

  1. Cookie Consent Settings 
  2. Google Analytics

Transient cookies are deleted automatically when you close your browser. They specifically include session cookies. Session cookies store a “session ID” which allows to allocate various requests from your browser to a joint session. This allows the website to recognize your computer when you return to the website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are deleted automatically after a specified period which may vary depending on the type of the cookie. You can delete the cookies at any time in the security settings of your browser.

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

More information on how cookies work can be found on the following website:

b. Purpose and legal basis of data processing

The purpose of using technically necessary cookies is to enable and simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies is not used to create user profiles other than in an aggregated and anonymized form.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f. GDPR. Legal basis for the setting of optional cookies on your end device and the connected processing of personal data using optional cookies (marketing, statistics, etc.) is your consent based on § 25 TTDSG and Art. 6 (1) lit. a. GDPR.

c. Duration of storage objection and elimination options

Cookies are stored on the user’s computer and via them data is transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to use all functions of the website to their full extent.

d. Customise cookie settings

When calling up our website, we offer you the possibility to individually adjust the optional cookies via the “Settings” item in the cookie banner. Your consent to optional cookies is voluntary, not necessary for the use of this website and can be revoked at any time. You can adjust the cookie settings here at any time.

By clicking on “Accept” in the cookie banner or “Accept All” in the settings, you also consent to your data being processed in the USA in accordance with Art. 49 Para. 1 S.1 lit a GDPR. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and monitoring purposes, possibly without the possibility of legal recourse. If you click on “Only Functional Cookies”, the transfer described above will not take place. 

11. Google Analytics

We use the Google Analytics service (Google Analytics 4) of the provider Google Ireland Limited (Google Ireland/EU) on our website.

Google Analytics is a web analytics service that allows us to collect and analyse data about the behaviour of visitors to our website. Google Analytics sets and uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), shortened IP addresses, device identifiers (browser, internet provider, end device, screen resolution) and information about interaction with our website (e.g. session duration, clicks, bounce rate, from which channel you have reached our website, etc.).

Some of this data is information stored on the end device you are using. In addition, further information is also stored on your end device via the cookies used. Such setting of cookies, storage of information by Google Analytics or access to information already stored in your end device as well as the processing of data by us will only take place with your consent.

Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet. In doing so, pseudonymous user profiles can be created from the processed data.

The setting of cookies and the further transmitting and processing of personal data described here takes place with your consent. The legal basis for the setting of cookies and data processing in connection with the Google Analytics service is therefore § 25 (1) TTDSG and Art. 6 (1) a GDPR. You can revoke this consent via our Cookie Settings at any time with effect for the future.

The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Google Ireland transmits data to Google LLC and its servers located in the United States, which is deemed a third country where the data protection standards do not meet the same standards as set by the GDPR. Google Ireland respectively uses the EU standard data protection clauses as appropriate safeguards for these transfers of personal data in third countries, which can be found at the following link: and has performed a Transfer Impact Assessment for the transfer. 

We only use Google Analytics with IP anonymisation activated. This means that the IP address of users is shortened by Google Ireland within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other data. Further information on the use of data for advertising purposes can be found in Google’s privacy policy at:

The data on user actions is stored for a period of 14 months (Google Analytics 4) to enable us to reach the purposes for which we collected the data, in particular to get an overview of the behaviour throughout the year and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.

12. Your rights

Your rights with regard to data processing are outlined in section IV. of this Privacy Policy. 

III. General information and specific data processing at Aquila Capital (data protection information according to Art. 13 GDPR)

The privacy, protection and processing of your personal data is very important to Aquila Capital. In the following we would like to inform you about the processing of your personal data within Aquila Capital and your rights regarding personal data protection. Which specific personal data will be processed and/or used significantly depends on the specific existing business relationship we have with you, the occasion and the purpose of the processing or other factors. In this respect, you will find in this section data protection information relating to specific processing activities.

1. Name and contact data of the controller

Controller within the meaning of GDPR and/or other European data protection laws or regulations, is the legal entity within Aquila Capital, with which you maintain a business relationship, that collects personal data from you or to which you provide personal data.

The responsible company of Aquila Capital with legal seat in Hamburg, Germany, can be reached as follows:

Valentinskamp 70, 20355 Hamburg, Germany
Tel.: +49 40 875050-100

The responsible companies of Aquila Capital with legal seat in Spain can be reached as follows:

Paseo de la Castellana, 259D, Torre Espacio, 28046 Madrid, Spain
Tel.: +34 91 511 90-50

The responsible companies of Aquila Capital with legal seat in Greece can be reached as follows:

Artemidos 1, 15125 Maroussi, Athens, Greece

The responsible companies of Aquila Capital with legal seat in Norway can be reached as follows:

Haakon VIIs Gate 2, 0161 Oslo, Norway

The responsible companies of Aquila Capital with legal seat in Netherlands can be reached as follows:

Schiphol Boulevard 215, 1118 Schiphol, Netherlands

The responsible companies of Aquila Capital with legal seat in Italy can be reached as follows:

Via Mike Bongiorno 13, 20124 Milano, Italy

The responsible companies of Aquila Capital with legal seat in Portugal can be reached as follows:

Av. Fontes Pereira de Melo 14, 11 piso, 1050-121 Lisbon, Portgual

+351 211 328 420

2. Contact data of the data protection officer of Aquila Capital  

The data protection officer of Aquila Capital can be reached as follows:

Aquila Capital Holding GmbH

c/o data protection officer

Valentinskamp 70, 20355 Hamburg

In addition, Aquila Capital has implemented local contact persons for its relevant locations abroad, who can be contacted under the details specified in section III. 1 of this Privacy Policy.

3. Purpose of personal data processing and legal basis

We process personal data in accordance with the relevant rules and regulations, in particular with GDPR.

The processing of personal data is necessary for the performance of a contract with you (Art. 6 (1) lit. b. GDPR).

The processing of personal data is necessary for the purposes of the legitimate interests pursued by you or by a third party (Art. 6 (1) lit. f. GDPR).

If you have declared your consent in the processing of personal data for certain purposes, we process such data on the basis of your consent (Art. 6 (1) lit. a. GDPR.

In addition, we are subject to a large number of legal obligations (money- laundering act, tax law etc.) as well as regulatory regulations. For this purpose we can use and process your personal data (Art. 6 (1) lit. c. GDPR).

Depending on the specific business relationship we have with you, we may collect and use personal data from our customers to send important information or updates on Aquila Capital products and services. This includes, in particular, important security information or significant changes to products, services or this Privacy Policy. The legal basis for processing data for these purposes is the legitimate interest of Aquila Capital to adapt and correct legal innovations or product errors, to comply with legal obligations and to offer high-quality product support. The collection and use of this data may be mandatory for compliance with existing legal regulations. Insofar as we collect or use data for purposes of advertising and customer retention, for example for performance reports, analyses and market-relevant assessments as well as invitations to specific events, following prior consent, there is a right of revocation for this consent at any time with effect for the future. The revocation can – just like the consent – be made orally, in writing or in text form.

4. Recipients or categories of recipients of the personal data

Your personal data will be transmitted within Aquila Capital to all entities which need these data for contractual and/or regulatory purposes. For these purposes we also may transmit your personal data to processors (Art. 28 GDPR) if applicable. To comply with certain contractual obligations we may transmit personal data to other recipients, e.g. public authorities or organisations in case of legal obligations. A transfer of personal data to third parties with a registered office in a third country will only take place with your consent or in order to fulfil our contractual obligations pursuant to Art. 44 et seq GDPR.

5. Duration of storage

Where required, we process and store your personal data for the period of our business relation or until the revocation of your consent. E.g., the retention period of personal data within the Know Your Costumer process is 5 years. The retention period begins upon conclusion of the calendar year in which the business relationship is terminated. In all other cases, it begins upon conclusion of the calendar year in which the respective information was gathered (see Sec. 8 para 4 Money Laundering Act). 

Furthermore, we are subject to miscellaneous safekeeping and documentation obligations that may arise from e.g. German Commercial Code or General Fiscal Code. Pursuant to the provisions of these laws, personal data must generally be retained for a period of ten years. In addition, the statutory period of limitations within the meaning of §§195 et seq German Civil Code (BGB) shall apply in relation to the duration of storage period. Thus, the maximum period of limitation term is up to 30 years.

6. Automated decision-making including profiling

We do not use automated decision-making within the meaning of Art. 22 GDPR for establishing and fulfilling the business relationship with you. We do not use procedures based solely on automated processings. Your personal data will be partially processed automatically, to analyse certain personal aspects (profiling). Profiling is used in the following areas: We are subject to certain legal and regulatory requirements, e.g. anti-money laundering, terrorist financing and asset risk offenses. Concurrently, these measures are for your protection.

7. Your Rights

Your rights with regard to data processing are outlined in section IV. of this Privacy Policy.


As a data subject within the meaning of the GDPR, you have various rights vis-à-vis the responsible entity of Aquila Capital with regard to your personal data, which we inform you about below. You can also find details about your rights in Art.15-21 of the GDPR:

  • right of access

You have the right to request information about your personal data processed by the controller. In particular, about the purposes of processing, the categories of personal data and about recipients or categories of recipients to whom the personal data have been disclosed. Furthermore, you have the right to obtain information about the planned duration of storage.

  • right to rectification or erasure,

You have the right to request the correction of incorrect data or the completion of your personal data stored by the controller without delay. You have the right to request the erasure of your data under the conditions specified in Art. 17 GDPR.

  • right to restriction of processing,

In specific cases set out in the GDPR, you have the right to request the restriction of the processing of your personal data.

  • right to withdraw the consent

Insofar as we process your data on the basis of your consent you have the right to revoke this consent at any time with effect for the future, without this affecting the lawfulness of the consent valid until then. The revocation is – like the granting of consent itself – possible orally or in text form.

  • right to object to processing,

Insofar as personal data are processed based on legitimate interests pursuant to Art. 6  (1) lit. f GDPR, you have the right to object to the processing of your personal data, insofar as there are grounds for doing so that arise from your particular situation.

  • right to data portability

In specific cases set out in the GDPR, you have the right to receive and transfer all personal data concerning you to another controller (right to data portability).

You can contact us or our data protection officer to assert your rights (for contact details see section II.1 and 2).

You also have the right to complain with a data protection supervisory authority about our processing of your personal data.