Privacy Policy of ACATIS Investment Kapitalverwaltungsgesellschaft mbH

Your rights under Art. 12ff. DSGVO

You should know which data we collect, process and use about you and for what purpose. This is your right and corresponds to the requirements of the basic data protection regulation (EU-DSGVO) dated 27.04.2016, valid as of the 25.05.2018, as well as the Federal Data Protection Act (BDSG-2018). Therefore please find below an overview both of the personal data stored from you and of the data protection organisation of ACATIS Investment Kapitalverwaltungsgesellschaft mbH (hereinafter also referred to as "ACATIS"). This will enable you to exercise your "basic right to informational self-determination".


Responsible party

ACATIS Investment Kapitalverwaltungsgesellschaft mbH

Phone.: +49 69 9758 3777

Fax: +49 69 9758 3799



Data Protection OfficerKarin Scharfenberg
Competent supervisory
authority for data protection
The Hessian Data Protection Commissioner

Prof. Dr. Michael Ronellenfitsch

Gustav-Stresemann-Ring 1

65189 Wiesbaden

Phone.: +49 611 14080

Fax.: + 49 611 1408-900



Section A: General statements

1. Data origin and categories

ACATIS Investment Kapitalverwaltungsgesellschaft mbH receives personal data from clients and other business partners in the course of initiating and fulfilling contracts. As part of our management activities, we also receive data on the custodian banks you have selected. Furthermore, we process personal data from publicly accessible sources, e.g. telephone directories, Internet.

Possible data categories:

1. Names/Contact details
2. Identity card data
3. Bank details
4. Creditworthiness data
5. Asset data
6. Order data
7. Invoice data
8. Payment data
9. Tax data
10. Curriculum vitae
11. Qualification data
12. Insurance data
13. Marital status and situation
14. Interests/preferences/special circumstances of life
15. Plans and goals for the personal and professional future
16. Company contact details


2. Processing purposes

We process your personal data in accordance with the EU DSGVO for a specific purpose and limited to the necessary extent.

Conceivable processing purposes

1. Initiation and conclusion of contracts
2. Fulfilment of the contract in general
3. Master data maintenance
4. Preparation of an investment strategy
5. Preparation of a concept of suitability
6. Order processing
7. Payment transactions on behalf of customers
8. Order processing
9. Telephone recording
10. Electronic communication
11. Strengthening customer loyalty
12. Sending a newsletter
13. Book-keeping
14. Prevention of criminal offences
15. Compliance with overriding legal regulations, in particular those for financial services institutions (e.g. KWG, WpHG, various EU regulations and directives)
16. Protection of legal claims

3. Legal basis of the processing

Due to the conditions of the EU DSGVO, the processing of personal data by ACATIS Investment Kapitalverwaltungsgesellschaft mbH is legal.

Accepted legal bases

1. Consent
2. Initiation of contract
3. Contract, contract-like relationship of trust
4. Legal obligation, overriding legal provisions, public interest
5. Balancing of interests, legitimate interest

4. Recipient of data

The employees of ACATIS Investment Kapitalverwaltungsgesellschaft mbH process the corresponding personal data to fulfil their contractual and legal obligations. This happens within the employment relationship - the data does not leave our sphere of influence. In addition, entities outside ACATIS Investment Kapitalverwaltungsgesellschaft mbH (third parties) receive personal data based on a defined legal basis. These bodies only receive the data they need for the respective task.

Possible data receivers

1. Public authorities (BaFin, Bundesbank, tax authorities, etc.)
2. Custodian bank/account managing institution, financial services institution, comparable institutions and contract processors
3. External accounting
4. Distribution service providers
5. Other contractually bound vicarious agents
6. Other bodies for which you have given us your consent to the transfer of data

5. Transfer to “third countries”

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment or securities orders), if it is required by law (e.g. tax reporting obligations) or if you have given us your consent. If service providers are used in third parties, they are obliged to comply with the data protection level in Europe in addition to instructions in writing agreeing to the EU standard contract clauses.

6. Deletion periods

We process (and store) your personal data in order to fulfil our contractual and legal obligations or for the purpose for which you provide us with the data. As soon as the processing purpose ceases, these data are regularly deleted, unless their temporary further processing is necessary for the following purposes:

- Compliance with commercial and tax retention periods: The German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG) to mention a few. The periods for storage and documentation specified there range from two to ten years.

- Preservation of evidence under the statute of limitations. According to §§ 195ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

7. Your rights under the Basic EU Data Protection Regulation

1. (Preliminary) information

You are reading this right now.

2. Information

Upon request you will receive a compilation of your personal data stored by us.

3. Correction

You have the right to have erroneously collected data corrected without delay.

4. Deletion

We delete your data as soon as their processing is no longer necessary. However, there are exceptions, see the following paragraph.

5. Restriction of the

Your data will no longer be used by us if the purpose of processing no longer applies, but we are not yet allowed to delete it due to overriding legal regulations.

6. Data transferability

Upon request, you will receive your data in a suitable form for transfer to a third party.

7. Revocation

If you have given us your consent to process your personal data for certain processing purposes, you can revoke this consent at any time without giving any reasons.

8. Objection

If data processing is in the public interest or was justified on the basis of a balance of interests ("overriding legitimate interest"), you can object to the processing of your personal data for contractual purposes.

9. Complaint

If you believe that the processing of your personal data by ACATIS Investment Kapitalverwaltungsgesellschaft mbH is unlawful, you have the right to complain to the supervisory authority of your place of residence.

8. Are there any obligations to provide and process data?

In particular, we are obliged under the provisions of money laundering law to identify you before establishing the business relationship, for example, on the basis of your identity card and to collect and record your name, place of birth, date of birth, nationality and address. In order for us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. As a financial services institution subject to supervision by the Federal Financial Supervisory Authority, we are legally obliged to process certain data when providing financial services (e.g. financial portfolio management, investment advice).
As part of our business relationship, you must therefore provide the personal data required for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without these data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it. If you do not provide us with the necessary information and documents, we may not establish or continue the business relationship you have requested.

9. Is there automatic decision making (including profiling)?

In principle, we do not use fully automated decision making in accordance with Article 22 DSVO for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.

10. Electronic communication

If you send us a message by e-mail, the processing is usually required as a pre-contractual or contractual measure. Furthermore, you give us your voluntary consent to the processing of your required personal data for the purpose of contacting us. For this purpose, a valid e-mail address is required, which serves to assign your inquiry and answer it. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions.

11. Consequences of revocation of consent and objection

If you revoke a necessary and already given consent, we will no longer process your personal data. If you object to data processing in the public interest or on the basis of a balance of interests, we will no longer process your personal data, unless we can prove compelling reasons for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.

Section B: Website-Relevant Information

1. Collection of general information when you visit our website

When you view our website, general information is automatically collected by means of a cookie. This information (log files or server log files) describes the type of web browser, the operating system used, the domain name of your Internet service provider and the like. This data is collected by the Internet service that hosts our website. They are technically necessary in order to correctly display the contents of the website and are always collected when you are on the Internet. They are processed in particular for the following purposes:

1.     To ensure a trouble-free connection of the website.
2.     To ensure a smooth use of our website.
3.     Evaluation of system security and stability.

According to the Internet host, the log file data is deleted after a maximum of 14 days.

Due to our legitimate interest, this processing of your personal data is permitted. We do not use your data to draw conclusions about you personally. The recipients of the data are only ACATIS Investment Kapitalverwaltungsgesellschaft mbH as the responsible party and the Internet host.

2. Use of website analysis services

You will find our privacy policy for the use of Google Analytics (is currently not used) in the imprint.

With your consent, we use open source software Matomo to analyse and statistically evaluate the use of the website. Cookies are used for this purpose. The information obtained about website use is transmitted exclusively to our servers and summarised in pseudonymous usage profiles. We use the data to evaluate the use of the website. The data collected is not passed on to third parties.

The IP addresses are anonymised (IP masking) so that an attribution to individual users is not possible.

The data is processed on the basis of Art. 6 Para. 1 S. 1 lit. a DSGVO. We are thus pursuing our legitimate interest in optimising our website for our external presentation.

You can revoke your consent at any time by deleting the cookies in your browser or changing your data protection settings.

3. Device width recognition

This website is programmed in HTML5 and offers you the advantage of a responsive design. Using the computer language used, we have created several pages of the same content, allowing you to view our offer on different devices (desktop computer, tablet, smartphone). Cookies are not used for device width recognition! Your device only transfers technical data and browser information, from which the programming derives a percentage for the display. This information is not linked and stored with personal information, but is queried anew with each visit. Your device will not be recognized, so there is no need to worry about data protection.  

4. SSL-Encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS. This way, we also protect the data described in point 1 of this section.

5. Newsletter

If you have consented, we will regularly send you our newsletter or comparable information to the e-mail address that you give us for this purpose. Subscribers may also be notified by e-mail of circumstances relevant to the service or registration (e.g. changes to the newsletter offer or technical circumstances).

For an effective registration we need a valid e-mail address. In order to verify that you are actually registering, we use a double opt-in procedure. For this we log the order of the newsletter, the dispatch of our confirmation mail your answer to it. We do not collect any further data. The data will be used exclusively for sending the newsletter and will not be passed on to third parties.

You can revoke your consent to receive the newsletter at any time. In each newsletter you will find a corresponding link. You can also contact us at the end of this data protection notice.

6. Electronic communication

Send us a message using the contact form and give us your voluntary consent to the processing of your required personal data for the purpose of contacting us. For this purpose, a valid e-mail address is required, which serves to assign your inquiry and answer it. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

7. Use of Google Maps

This website uses Google Maps API to display geographical information visually. When using Google Maps, Google also collects processes and uses data about the use of map functions by visitors. You can find more information about Google's data processing in the Google Privacy Policy. There you can also change your personal data protection settings in the Data Protection Center.
Detailed instructions for managing your own data in connection with Google products can be found here.

8. Embedded YouTube videos

We embed YouTube videos on some of our websites. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the operator of the corresponding plug-ins. When you visit a page with the YouTube plug-in, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you're on your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.

When a YouTube video is started, the provider uses cookies that collect information about user behavior. If you want to prevent this, you must block the saving of cookies in your browser.

Further information on data protection at "YouTube" can be found in the provider's data protection declaration at:

9. Validity of this data protection declaration

Our data protection declaration should always comply with current legal requirements and reflect changes in our services, e.g. when introducing new services. The latest data protection declaration therefore applies to your next visit.

Status of the data protection declaration: May 25, 2018

10. Questions about data protection

If you have any questions regarding the data protection of ACATIS Investment Kapitalverwaltungsgesellschaft mbH, our data protection officer can help you:

Karin Scharfenberg
ACATIS Investment Capital Management Company Ltd.
Phone: +49 69 9758 3792    
Fax: +49 69 9758 3799

The competent supervisory authority depends on your state of residence, your work or a suspected breach of data protection. A list of supervisory authorities (for the non-public sector) and their addresses can be found at: