Privacy Policy

1. Controller

2. Data We Collect

2.1 Website Visit (Automatic)

• IP address (anonymised after 24 hours)
• Browser type and version, operating system
• Referrer URL (page from which you arrived)
• Date and time of access
• Pages visited and time spent

2.2 Inquiries via Contact / Access Form

• First and last name
• Email address
• Phone number (optional)
• Country / country of residence
• Investor type (professional / qualified / institutional)
• Investment volume and interest details
• Content of your message

2.3 KYC Process (for Investors)

• Identity documents (passport, national ID)
• Proof of residence
• Proof of investor status (for qualified investors)
• Information on the economic origin of investment funds

KYC data is processed by our certified KYC/AML service provider and is not used for marketing purposes.

3. Purposes of Processing

• Providing and optimising the website
• Responding to inquiries and communicating with interested parties
• Conducting KYC/AML checks as required by law
• Processing investor access and investment agreements
• Compliance with legal obligations (Anti-Money Laundering Act, tax law)
• Analysing website usage to improve our services (aggregated / anonymised)

4. Legal Basis for Processing

• Art. 6(1)(a) GDPR — Consent (e.g. cookies, newsletter)
• Art. 6(1)(b) GDPR — Contract performance and pre-contractual measures (investor inquiries)
• Art. 6(1)(c) GDPR — Compliance with legal obligations (KYC/AML, tax)
• Art. 6(1)(f) GDPR — Legitimate interests (website operation, security, fraud prevention)

5. Retention Periods

• Server log files: 7 days, then automatic deletion
• Contact inquiries: 3 years after completion of communication
• KYC documents: 5 years after end of business relationship (legal obligation)
• Investment contracts: 10 years (statutory retention requirement)
• Analytics data: 14 months (Google Analytics default, IP anonymisation active)

6. Data Sharing

We do not share your data with third parties without your consent, unless this is necessary for contract performance or required by law. Data may be shared with:

• KYC/AML service providers — for legally required identity and anti-money laundering checks
• Lawyers and tax advisors — in connection with contract structuring
• Authorities — where required by law (e.g. financial supervisors, law enforcement)
• IT service providers — hosting and platform technology (data processing agreements per Art. 28 GDPR)

Transfer to third countries (outside EU/EEA) only occurs on the basis of an EU Commission adequacy decision or appropriate safeguards (standard contractual clauses).

7. Cookies & Analytics

Technically Necessary Cookies

These cookies are required for the operation of the website and cannot be disabled. They do not store any personal data.

Google Analytics 4

We use Google Analytics 4 (Google LLC, USA) to analyse website usage. IP addresses are anonymised before transmission. Processing is based on your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via our cookie settings.

More information: Google Privacy Policy

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — you can request information about your stored data
• Right to rectification (Art. 16 GDPR) — correction of inaccurate data
• Right to erasure (Art. 17 GDPR) — "right to be forgotten"
• Right to restriction (Art. 18 GDPR) — restriction of processing
• Right to data portability (Art. 20 GDPR) — receive data in machine-readable format
• Right to object (Art. 21 GDPR) — object to certain processing activities
• Right to withdraw consent (Art. 7(3) GDPR) — at any time with effect for the future

To exercise your rights, contact us at: [email protected]

You also have the right to lodge a complaint with the competent data protection supervisory authority. For Berlin: Berliner Beauftragter für Datenschutz und Informationsfreiheit.

9. Privacy Contact

We respond to data protection requests within 30 days in accordance with Art. 12 GDPR.