Acatus Data Privacy Policy

In this Data Privacy Policy we, Acatus GmbH, are informing you of the way in which your personal data are processed when you use our website (https://acatus.com/).

Personal data means any information relating to an identified or identifiable natural person. They include particularly all information making it possible to conclude your identity, for instance your name, telephone number, address or email address. Statistical data, which we collect for example when someone visits our website, do not fall under the meaning of personal data.

You can print out this Data Privacy Policy or save it by using your browser’s usual functions.

Contact

The personal contact and so-called Controller for the processing of your personal data under the terms of the EU General Data Protection Regulation (GDPR) when you visit this website is:

Acatus GmbH
Rosenstr. 17
10718 Berlin

telephone+49 30 403660600
emaildatenschutz

For any questions concerning matters of data protection in connection with our products or the use of our website you can also contact our Data Protection Officer at any time. They can be reached under the above postal address and under the email address given above (mark your communication: “FAO Data Protection Officer”).

1. Data processing on our website

1.1 Accessing our website

Every time our website is used, we collect the access data which your browser automatically transmits to make your visit to the website possible. These access data comprise in particular:

  • IP address of enquiring device;
  • date and time of enquiry;
  • address of the website called up and of the website enquiring;
  • information on the browser and operating system used;
  • online identifiers (e.g. device identifiers, session IDs).

The processing of these access data is necessary in order to make the visit to the website possible and to ensure the permanent functionality and security of our systems. In order to further develop our website with regards to the usage patterns of our visitors (e.g. if the proportion of mobile devices on which the pages are called up rises) and in order to administer our website in a general way, the access data are saved for the foregoing purposes also in internal logfiles. The legal basis is Art. 6, Paragraph 1, Clause 1, Point (b) and (f) of the GDPR.

The information saved in the logfiles allows no direct conclusion to be drawn about you as a person – in particular, we save the IP addresses only in abbreviated, anonymised form. The logfiles are saved for 30 days and archived following subsequent anonymisation.

1.2 Making contact

You have various possible ways to contact us. These may include the contact form, email, live chat or the call-back function. For this purpose, we collect the following data, as the case may necessitate respectively for the different means of communication:

  • first name and surname;
  • email address;
  • details of our interaction with you;
  • telephone number.

Additionally, the following data are processed in the process:

  • IP address of enquiring device;
  • date and time of enquiry.

In this context, we process data solely for our communication with you. The legal basis is Art. 6, Paragraph 1, Point (b) of the GDPR. The data which we collect are automatically erased after full processing, unless we still need to keep your enquiry for the fulfilment of contractual or legal duties (Cf. Section: “Period of storage”).

1.3 Registration

In order to use our website’s full range of functions, you have to register for our login area. We have highlighted with an identification mark the data which you are required to supply for setting up an account. We collect the following data:

  • company information (e.g. company name, address, website);
  • contact information (first name and surname, position, email address, telephone number, fax).
  • Moreover, to provide you with information about relevant investment opportunities, the following data are obtained on an optional basis during registration:
  • information about your company’s investment interests (e.g. asset classes, tenor, yield requirements, country, region, risk class).

Additionally, the following data are processed during registration:

  • IP address of enquiring device;
  • date and time of enquiry.

Your data are solely used for the administration of your account and, unless we still need to keep your information for the fulfilment of other contractual or legal duties (Cf. Section: “Period of storage”), erased after fulfilment of this purpose. The legal basis for this processing is Art. 6, Paragraph 1, Point (b) of the GDPR. Deregistration is possible at any time via the profile section of our website.

1.4 Identification

Further, we are required by law to take precautions against criminal offenses such as money laundering. To do so, we are required to process additional information as part of our identification process before you can make your first order. The legal basis for this is §11 Art. 1, Paragraph 1 und Paragraph 2, Clause 4 of the GWG. In this regard, the following data are required to identify you:

  • commercial register number / founding documents;
  • legal form of your company;
  • names of the members of the representative body or the names of the legal representatives, which in case that they are legal persons must also be identified under the provision of the respective categories of information set out above.

This identification process must be completed only once. Subsequent orders do not require a repeated processing of these information. Data hereby collected are used solely for the processing of orders and functionality of your account. We are required to keep these information for as long as your account is active. Following deregistration and, unless we still need to keep your information for the fulfilment of other contractual or legal duties (Cf. Section: “Period of storage”), we erase them accordingly.

1.5 Orders

During an order process, we collect the following compulsory information needed for handling the contract:

  • tax domicile and other tax-related documents and information;
  • details of our interactions with you and the products and services you use;
  • any records of phone calls between you and us;
  • identifiers we assign to you, such as your client or account number, including for accounting purposes.
  • Additionally, the following data are processed in the order process:
  • IP address of enquiring device;
  • date and time of enquiry.

The legal basis for this processing is Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR. Your data are solely used for the administration of your account and the processing of orders. We are required to keep these information for as long as your account is active. Following deregistration and, unless we still need to keep your information for the fulfilment of other contractual or legal duties (Cf. Section: “Period of storage”), we erase them accordingly.

1.6 Newsletter

You have the possibility of ordering our newsletter, in which we tell you regularly of the latest news about our products and campaigns.

For ordering the newsletter we use the so-called double opt-in procedure, i.e. we shall only send you the newsletter by email if you confirm, by clicking a link in our message email, that you are the holder of the email address provided. Should you confirm your email address, we shall store your email address, the time of registration and the IP address used for the registration until you cancel the newsletter. This storage serves principally the purpose of sending you the newsletter and being able to provide for your registration.

Deregistration from the newsletter is possible at any time, e.g. via the deregistration link at the end of every newsletter. Alternatively, you can direct your request for deregistration to the contact details set out above. Following deregistration, and unless we still need to keep your enquiry for the fulfilment of contractual or legal duties (Cf. Section: “Period of storage”), we keep your personal information solely in static and anonymous form.

In our newsletter, we use technologies usual in the market by which the interactions with the newsletter can be measured (e.g. opening of the email, links clicked).

We use these data for general statistical evaluations and to optimise and develop our contacts and customer communication further. This is done with the aid of graphics which are embedded in the newsletter (so-called pixels). We use the collected data to create a user profile that allows us to provide you with a personalised newsletter. By recording information such as which links you use in our newsletter, we can better understand your personal preferences. Information thereby collected are used together with data on your usage of our website. We do not use these personal data without your prior consent upon subscription. The legal basis for this processing is Article 6, Paragraph 1, Point (a) of the GDPR.

You can withdraw your consent to this form of tracking at any point. In this case, however, you will not be able to make use of all the functions provided in the newsletter. You can withdraw your consent via the link at the end of every newsletter. Alternatively, you can direct your request to the contact details set out above. Following your withdrawal, we keep your personal information solely in static and anonymous form.

1.7 Surveys

If you take part in one of our surveys, we shall use your data for market and opinion research. We shall use them only in anonymised form and for internal purposes. In the exceptional case that data are not evaluated anonymously, your data will be collected only with your consent. You can withdraw your consent at any point. Unless we still need to keep your enquiry for the fulfilment of contractual or legal duties (Cf. Section: “Period of storage”), we erase your data following the completion of this purpose. The GDPR does not apply to anonymous surveys and in the exceptional case of evaluations with a personal reference. The legal basis is the said declaration of consent under Art. 6, Paragraph 1, Clause 1, Point (a) of the GDPR.

1.8 Job applications

You can use our website to apply for vacant jobs via our job-application management system www.personio.de. The purpose of the data collection is to allow us to administer the selection of applicants for possible employment. For receiving and processing your application we collect the following data:

  • first name and surname;
  • email address;
  • application documents (e.g. references, CV, interview notes, assessment of candidates’ qualities);
  • earliest date for taking up the job;
  • desired salary.

Additionally, the following data are processed during the submission process:

  • IP address of enquiring device;
  • date and time of enquiry.

The legal basis for the processing of your application documents is Art. 6, Paragraph 1, Clause 1, Point (b) and Art. 88, Paragraph 1 of the GDPR in combination with Section 26, Paragraph 1, Clause 1 of the German Data Protection Act (BDSG).

1.9 Insertion of our own cookies

For a part of our service it is necessary for us to insert cookies. A cookie is a small text file which is saved by your browser on your device. Cookies are not inserted to execute programs or to load viruses into your computer. Instead, the main purpose of cookies is to provide an optimal product or service to you and allow you to make use of our services as efficiently as possible.

We use our own cookies in particular

  • for log-in identification;
  • for load distribution;
  • to store your language settings;
  • to note that information placed on our website has been displayed to you – so that on your next visit to the website it does not need to be displayed again.

In this way, we wish to enable you to use our website in a convenient and individualised form. These services are based on our foregoing legitimate interest, and the legal basis is Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR.

We further use cookies and comparable technologies (e.g. web beacons) of partners for analytical and marketing purposes. This is described more specifically in the following sections.

1.10 Setting of cookies for analytical purposes

To improve our website, we use cookies and comparable technologies (e.g. web beacons) for the statistical collection and analysis of general usage patterns, using access data.

The legal basis for the data processing described in the following section is Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR, based on our legitimate interest in the needs-based design and continual optimisation of our website.

Google Analytics

This website uses Google Analytics, a web-analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies and similar technologies to analyse and improve our website based on your usage pattern. The data accrued in this context may be transmitted by Google for analysis to a server in the USA and stored there. Should personal data be transmitted to the USA, Google has acceded to the EU-US Privacy Shield. Your IP address will be abbreviated prior to the analysis of usage statistics, however, so that no conclusions can be drawn about your identity. For this purpose, Google Analytics has been extended on our website to include the code “anonymizeIP”, in order to guarantee an anonymised capture of IP addresses.

Google will process the information so gained in order to evaluate your use of the website, to assemble reports on the website activities for the website operators, and to supply further services connected with website use and internet use.

As set out below, you can so configure your browser that it rejects cookies, or you can prevent the capture of the data generated by cookies and relating to your use of our websites (including your IP-address) and the processing of this data by Google by downloading and installing the browser add-on provided by Google. As an alternative to the browser add-on or if you browse our website from a mobile device, you can use this opt-out link. This will prevent the collection of your data by Google Analytics on this website (the opt-out link

will only work in this browser and only for this domain). If you delete your cookies in this browser, you have to click on the link again.

You will find more detailed information on this matter in the Privacy Statement of Google Analytics.

1.11 Setting of cookies and comparable technologies for online advertising

We also use cookies and comparable technologies for advertising purposes. Some of the access data accrued during the use of our website are used for interest-based advertising. By analysing and evaluating these access data, we can display personalised advertising to you on our website and on the websites of other providers. That means advertising which reflects your actual interests and needs.

The legal basis for the data processes described in the following section is Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR, grounded on our legitimate interest in providing you with personalised advertising.

In the following section we would like to explain these technologies, and the providers employed for the purpose, in more detail.

The data so collected include in particular:

  • the IP address of your device;
  • the date and time of the access;
  • the identification number of a cookie;
  • the device identification of mobile devices;
  • technical information on the browser and the operating system.

The data so collected are saved only in pseudonymous form, however, so that no direct conclusions can be drawn about you personally.

In the following descriptions of the technology which we employ you will find instructions on how to object to our analysis procedures and advertising campaigns by means of a so- called opt-out cookie. Please note that after the deletion of all cookies in your browser or the later use of another browser and/or profile, another opt-out cookies must be placed.

You can express your objection through settings on two websites: Truste or your Online Choices, which provide objection facilities by many advertisers in bundled form. Both sites make it possible to disable all advertisements at once for the providers listed, using opt-out cookies, or alternatively to make the settings for each provider individually.

2. Further transmission of data

Data which we have collected are passed on only if:

  • You have given an express declaration of consent for this, pursuant to Art. 6, Paragraph 1, Clause 1, Point (a) of the GDPR;
  • Further transmission is necessary, pursuant to Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR, for bringing, exercising or defending legal claims, and no reason exists to suppose that you have a predominant and properly protected interest in preventing your data from being passed on;
  • We have a legal duty to pass on your data pursuant to Art. 6, Paragraph 1, Clause 1, Point (c) of the GDPR; or
  • This is legally permissible and requisite, pursuant to Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR, for the handling of contracts with yourself or for the execution of precontractual actions which are being carried out at your request.

A part of the data processing can be handled via service providers. Along with the service providers stated in this Data Privacy Policy, these may include in particular computer centres which store our website and databases, IT service providers which maintain our systems, and consultancy firms. Should we pass data on to our service providers, these data may only be used for performance of their tasks. We select and commission these service providers carefully. They are bound contractually to follow our instructions, have suitable technical and organisational measures for the protection of the rights of data subjects, and are monitored by ourselves on a regular basis.

Further transmission may also be made in connection with requests by government authorities, decisions of the courts and legal proceedings if it is necessary for prosecution or execution at law.

2.1 Amazon Web Services

Acatus stores and processes data, including your personal data, in a cloud infrastructure provided by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, Washington 98109, USA (“AWS”). Via these AWS servers your device will be connected with the contents in our website. The servers which we use are located inside the European Union. In addition, we have concluded a contract with AWS which meets the requirements stipulated by the standard clauses of the European Commission. The legal basis is Art. 6, Paragraph 1, Clause 1, Point (f) of the GDPR, grounded on our legitimate interest in storing the contents of our website securely and reliably through external service providers while reducing our own expenditure of resources for the provision of our website’s EDP infrastructure.

2.2 Cooperation with ACON Actienbank AG

We work with ACON Actienbank AG, Dessauerstr. 6, 80992 Munich, and exchange personal data as part of the provision of our service in order to perform reciprocal processing operations. We and ACON Actienbank AG are according to Art. 26 GDPR jointly responsible for your personal data in relation to investment advice within the meaning of Section 1, Paragraph 1a, Sentence 2, Number 1a of the German Banking Act

(Kreditwesengesetz KWG), investment brokerage within the meaning of Section 1, Paragraph 1a, Sentence 2, Number 1 KWG, and placement services within the meaning of Section 1, Paragraph 1a, Sentence 2, Number 1c KWG provided to you and in connection with job applications submitted to us. ACON Actienbank AG acts as a liability umbrella within the meaning of Section 2 Paragraph 10 KWG and as such is responsible for managing the risks associated with and control of the activities and processes outsourced to us. When providing you investment advice, investment brokerage, and placement services, we act in the name and on behalf of ACON Actienbank AG as a tied agent within the meaning of Section 2 Paragraph 10 KWG. Our common purpose is to ensure that the requirements governing the provision of the listed financial services are complied with. In this context the following data is exchanged:

  • transactions-related information: contact details, bank account details, financial reports or similar information about you or your business, subscription orders, information on redemptions, notices, complaints, preferences, feedback, survey responses and other correspondence;
  • applicants’ data: id, first name, surname, date of birth, gender, marital status, application documents (e.g. references, CV), employment contract, certificate of good conduct, as the case may be.

In this respect, we and ACON Actienbank AG have defined in agreements who respectively fulfils which data protection obligations. We will be happy to provide you with the essential content of these agreements on request. You also have the rights described in point 4 against joint controller as far as here described data processing is concerned.

The legal basis for the processing of your data is Art. 6, Paragraph 1, Clause 1, Point (b) of the GDPR.

3. Duration of storage

We store personal data only for as long as is necessary to fulfil contractual or statutory duties for which the data were collected. Unless we still need these data until expiry of the statutory period of limitation for purposes of evidence in civil claims or due to statutory duties of storage, we erase the data immediately.

For purposes of evidence we must still store contact data for three years from the end of the year in which business relations with you end. Any claims will expire, under the normal statutory period of limitation, no earlier than at this time.

Thereafter we must also store some of your data for purposes of book-keeping. We have an obligation to do so under statutory duties of documentation which may arise under the German Commercial Code, the German Tax Code, the German Credit and Loans Act, the German Money Laundering Act, and the German Securities Act. The periods stipulated there for storage of documents are two to ten years.

4. Your rights

You have the right at any time to require us to provide information about the processing of your personal data (right of access). When providing you with this information, we shall explain the data processing and supply an overview of the data relating to your person which are stored. Should data stored by us be inaccurate or no longer up-to-date, you enjoy the right to have these data corrected (right to rectification). You can also require the erasure of your data (right to erasure or right to be forgotten). Should the erasure exceptionally not be possible due to other legal regulations, the data processing will be restricted, so that in future they are only available for this statutory purpose. You can also have the processing of your data restricted, i.e. if you believe that the data which we have saved are not correct (right to restriction of processing). You also have the right of data portability, i.e. that we send you on request a digital copy of the personal data which you have provided (right to data portability).

To exercise your rights as set out here, you can get in contact using the foregoing contact details at any time. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.

You also have the right to object to the data processing based on Art. 6, Paragraph, lit. (e) or (f) of the GDPR. Finally, you have the right to complain to the regulatory authority to which we are subject. You can exercise this right at a regulatory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Berlin, the competent regulatory authority is: Data Protection and Freedom of Information Officer, Friedrichstrasse 219, 10969 Berlin.

5. Right of revocation and objection

Under Article 7, Paragraph 3 of the GDPR you have the right at any time to withdraw any consent which has once been given to us. This will have as a consequence that in future we no longer continue the data processing based on this consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Insofar as we process your data on the basis of legitimate interests under Art. 6, Paragraph 1, lit. f GDPR, you have the right under Art. 21 GDPR to object to the processing of your data and to mention grounds relating to your particular situation that in your opinion speak in favour of prevailing legitimate interests. Where personal data are processed for direct marketing purposes, you have a general right of objection which will also be implemented by us without your stating reasons.

If you wish to make use of your right to withdraw or object, a notification without set form to the contact details above will be sufficient.

6. Data security

We maintain up-to-date technical measures to ensure data security, particularly for the protection of your personal data against dangers during data transmissions and against cognisance by third parties. These are amended in each case to reflect the current state of technology. To secure the personal data which you have provided on our website, we use transport layer security (TLS), which encrypts the information which you have entered.

6.1 Amendments to Data Privacy Policy

We occasionally update this Data Privacy Policy, for instance when we revise our website or in the case of changes to statutory or official regulations.