Legal

Privacy Policy

Last updated: 12.05.2026

1. Data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

finvantage GmbH
Musterstraße 1
12345 Musterstadt
Email: datenschutz@finvantage.de

2. Data we collect

We collect and process the following categories of personal data:

  • Account data: name, email address, password (hashed)
  • Profile data: address, date of birth, nationality, phone number
  • Financial data: investment details, portfolio information, transaction data
  • KYC documents: identity verification documents
  • Usage data: log files, IP address, browser type, access times
  • Communication data: messages sent via the contact form

3. Purpose and legal basis

We process your personal data for the following purposes:

  • Contract performance (Art. 6(1)(b) GDPR): providing and maintaining your account and our services
  • Legitimate interest (Art. 6(1)(f) GDPR): security measures, fraud prevention, service improvement
  • Legal obligation (Art. 6(1)(c) GDPR): tax reporting, regulatory compliance
  • Consent (Art. 6(1)(a) GDPR): marketing communications (only with explicit opt-in)

4. Data storage and hosting

All data is stored exclusively in German data centers (AWS Frankfurt, eu-central-1). No data is transferred outside the European Economic Area. We do not use external CDNs, tracking tools or third-party analytics services.

5. Data security

We implement the following technical and organizational measures:

  • TLS 1.3 encryption for all data in transit
  • AES-256-GCM encryption for sensitive data at rest (TINs, bank details, KYC documents)
  • Argon2id password hashing
  • Mandatory two-factor authentication
  • Immutable audit logs for all access to sensitive data
  • Daily encrypted backups with 30-day retention

6. Your rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): request a copy of all data we store about you
  • Right to rectification (Art. 16 GDPR): correct inaccurate personal data
  • Right to erasure (Art. 17 GDPR): request deletion of your data (implemented via anonymization to preserve audit trails)
  • Right to data portability (Art. 20 GDPR): receive your data in a machine-readable format
  • Right to object (Art. 21 GDPR): object to processing based on legitimate interest
  • Right to withdraw consent: withdraw any consent given at any time

To exercise your rights, contact us at datenschutz@finvantage.de.

7. Cookies

We use only technically necessary cookies: a session cookie for authentication and a CSRF protection cookie. We do not use tracking cookies, advertising cookies or third-party cookies. No consent is required for technically necessary cookies.

8. Data retention

We retain personal data for as long as your account is active or as needed to provide our services. After account deletion, personal data is anonymized (not deleted) to preserve audit trail integrity. Financial records are retained for the legally required period (typically 10 years under German commercial law).

9. Third-party services

We minimize the use of third-party services. All fonts, scripts and stylesheets are self-hosted. We do not share your data with third parties unless legally required or with your explicit consent.

10. Supervisory authority

You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority is:

The State Commissioner for Data Protection and Freedom of Information
of the respective federal state of our registered office.

This website uses only technically necessary cookies (session, CSRF protection, language preference). No tracking, no advertising, no third-party cookies.

Learn more in our privacy policy