Privacy notice for communications partners

Please find enclosed information about our processing of your personal data and your claims and rights arising from data protection regulations in accordance with Article 13 GDPR.


1. Who is responsible for data processing and who can I contact?

Lupus alpha Asset Management AG

Speicherstraße 49-51

60327 Frankfurt am Main


If you have any questions about data protection, please contact:


We have appointed the following Data Protection Officer:

Verimax GmbH, Warndtstr. 115, 66127 Saarbrücken


2. What sources and data do we use?

We process personal data (Art. 4(2) GDPR) that we receive from you in the context of managed e-mail traffic or the initiation or conclusion of a contract. In addition, we process personal data - as far as necessary for the specific contractual relationship - which we collect on a legal basis or on the basis of our own legitimate interest from other agencies (e.g. situation-related queries from private investors or institutional clients). Relevant personal data includes, in particular, your master data (first name, surname, address and other contact details). Telephone calls with trading, portfolio management and contract staff will be recorded for regulatory reasons.


3. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).


3.1 To fulfil contractual obligations

(Art. 6(1)(b) GDPR)

The processing of personal data is carried out for the purpose of contract initiation, contract conclusion and contract execution and related ancillary obligations.


3.2 Based on your consent

(Art. 6(1)(a) GDPR)

If you have given us consent for the processing of personal data for certain purposes, the lawfulness of such processing is confirmed on the basis of your consent. Consent can be revoked at any time after it has been granted. This also applies to the revocation of declarations of consent that were given to us before the validity of the GDPR, i.e. before 25 May 2018.

Please note that revocation only applies to the future. Processing that took place before the revocation is not affected.


3.3 Based on legal requirements

(Art. 6(1)(c) GDPR in conjunction with § 24 BDSG)

In addition, as a business enterprise, we are subject to various legal obligations, i.e. legal requirements. Processing is carried out in particular

  • to comply with legal requirements (e.g. tax matters, regulatory requirements (MIFID, Bafin) etc.),
  • for the fulfilment of legal information obligations.


4. Who receives my data?

Within the company, the entities (e.g. the respective departments) receiving your data are the ones that need it to fulfil our contractual and legal obligations.

In addition, we also use different service providers to fulfil our contractual and legal obligations. You can request a list of the processors and other service providers we use, with whom we have developed long-term business relationships, In addition, we may transfer your personal data to other recipients outside the company, insofar as this is necessary for the fulfilment of contractual and legal obligations. These may include, for example:

  • Credit institution;
  • Tax Authorities, Courts
  • Auditors, supervisory authorities, etc.


5. How long will my data be stored?

If necessary for the purposes mentioned above (No. 3), we process and store your personal data for the duration of the initiation and the execution of the contract.

In addition, we are subject to various storage and documentation obligations arising, among other things, from the Commercial Code (HGB) and the Tax Code (AO). The storage periods are up to ten years according to these obligations.

The storage period is also assessed according to the statutory limitation periods, which generally amount to 3 years but may, for example, be up to thirty years under §§ 195 et seq. of the German Civil Code (BGB).


6. Is data transferred to a third country or to an international organisation?

Data is not transferred to third countries (states outside the European Economic Area - EEA).


7. What data protection rights do I have?

Each data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to data portability under Art. 20 GDPR and a right to object under Art. 21 EU GDPR. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). For example: the Hesse State Representative for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden


8. Is there an obligation for me to provide data?

In the context of our business relationship, you only have to provide personal data that is necessary for the establishment, execution and termination of the business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to execute the relevant contract with you.