Privacy Policy

Privacy Policy

CHEPSTOW CAPITAL GmbH

Last updated: February 2026

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR) is:

CHEPSTOW CAPITAL GmbH

Rüttenscheider Str. 84

45130 Essen, Germany

Phone: +49 201 79989858

Email: info@chepstow-capital.com

Website: www.chepstow-capital.com

2. General Information on Data Processing

We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Digital Services Data Protection Act (TTDSG), where applicable. Personal data means any information relating to an identified or identifiable natural person.

We only process personal data where:

• You have given consent (Art. 6(1)(a) GDPR);

• Processing is necessary for the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR);

• Processing is necessary to comply with a legal obligation (Art. 6(1)(c) GDPR); or

• Processing is necessary for the purposes of legitimate interests (Art. 6(1)(f) GDPR), unless your interests override such interests.

3. Website Hosting

Our website is hosted on Google Sites, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit our website, your data is processed on Google’s servers. Google acts as a processor on our behalf. Google may transfer data to the United States. The transfer is safeguarded by the EU-U.S. Data Privacy Framework and Google’s Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

For more information, see Google’s Privacy Policy: https://policies.google.com/privacy

4. Website Access and Server Log Files

When you visit our website, the hosting provider automatically collects and stores information in server log files. The following data may be processed:

• IP address

• Date and time of access

• Browser type and version

• Operating system

• Referrer URL

• Accessed pages

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable website operation). Our legitimate interest lies in ensuring system security, preventing misuse, and maintaining technical stability. Log files are deleted automatically after a short retention period (typically 7–14 days), unless required for security purposes.

5. Contact by Email

If you contact us via email, the personal data transmitted (e.g., name, email address, message content) will be processed.

Legal basis: Art. 6(1)(b) GDPR (if contact relates to contractual matters) or Art. 6(1)(f) GDPR (general inquiries; legitimate interest in responding to inquiries).

Your data will be deleted once your request has been fully processed and no statutory retention obligations apply.

6. Contact Form

If our website provides a contact form, the data you enter (e.g., name, email address, phone number, message) will be processed for the purpose of handling your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in processing inquiries).

The data will be deleted once your request has been fully processed, unless statutory retention obligations apply.

7. Cookies

Our website uses only technically necessary cookies. These cookies are required to ensure the proper functioning of the website.

Legal basis: § 25(2) TTDSG and Art. 6(1)(f) GDPR.

No tracking cookies or marketing cookies are used. You may configure your browser to block cookies. However, certain functions of the website may then be limited.

8. No Analytics / No Tracking

We do not use Google Analytics, tracking technologies, profiling tools, or marketing automation tools. No personal data is transferred to third countries through analytics services.

9. Data Transfers to Third Parties

We only transfer personal data to third parties where this is necessary for contract performance, where we are legally obliged to do so, or where we use service providers (processors) under Art. 28 GDPR.

Our website is hosted by Google (see Section 3). Service providers are contractually bound to process data strictly in accordance with our instructions.

10. Data Retention

Personal data is stored only for as long as necessary for the purpose of processing or as required by statutory retention obligations (e.g., commercial and tax law retention periods of 6 or 10 years). After expiry of such periods, data will be deleted or blocked.

11. Your Rights Under GDPR

You have the following rights:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object (Art. 21 GDPR)

• Right to withdraw consent at any time (Art. 7(3) GDPR)

To exercise your rights, please contact: info@chepstow-capital.com

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for CHEPSTOW CAPITAL GmbH is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)

Kavalleriestraße 2–4, 40213 Düsseldorf, Germany

Website: https://www.ldi.nrw.de

13. Provision of Data

The provision of personal data is neither legally nor contractually required for visiting our website. If you contact us, the provision of personal data may be necessary to process your request.

14. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

15. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorized access, loss, destruction, and manipulation. Our website uses SSL/TLS encryption.