Privacy Statement
Privacy Policy of Amfileon AG
I. Information on the responsible party and data protection coordinator
The responsible party in terms of data protection law is:
Amfileon AG
Management Board: Dr. Sebastian Helmensdorfer and Dr. Maximilian Schreyer
Elsenheimerstr. 47a
D – 80687 Munich
Phone: +49 (0) 89 693 132 479
E-mail:
II. general information on data processing
Amfileon AG processes personal data in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 (“General Data Protection Regulation”, DSGVO) and the German Federal Data Protection Act (BDSG).
Amfileon AG shall use all customer and prospective customer data (surname, first name, telephone number, address, e-mail address and, in addition, in the case of clients, account/custody account number(s), tax number and, where applicable, VAT number; hereinafter “Customer Data”) in principle only
– to carry out pre-contractual measures,
– for the fulfillment of its contractual obligations towards the customer concerned, and/or
– for the fulfillment of other legal, in particular supervisory obligations (Art. 6 para. 1 lit. b), c) DSGVO).
In addition, processing may also take place to protect the legitimate interests of Amfileon AG, for example for the purposes of claims management, legal defense or direct advertising for its own services (e.g. newsletters), unless this conflicts with the Customer’s overriding interests, fundamental rights or freedoms (Art. 6 para. 1 lit. f) DSGVO); in this respect, the Customer has a right of objection.
As a matter of principle, Amfileon AG does not pass on any customer data to third parties. For the aforementioned purposes, Amfileon AG also discloses customer data to third parties (employees, external service providers such as IT service providers, financial accounting, product partners as well as account- and deposit-keeping institutions) in exceptional cases within the scope of data protection law permissibility.
Amfileon AG shall treat as confidential and observe data secrecy any information of clients and interested parties which is not publicly known and which it has received in connection with the initiation or conclusion of a contract. It will oblige the employees or vicarious agents engaged in the execution of such a contract or the provision of services to maintain confidentiality with regard to the confidential information and personal data and to comply with the statutory data protection provisions.
Any processing of customer data and/or its disclosure to third parties for purposes other than those mentioned above shall only be carried out on the basis of the customer’s proper consent (Art. 6 para. 1 lit. a) DSGVO).
The provision of customer data is basically voluntary. Something else only applies if the collection of the corresponding data is required by law or is necessary for the fulfillment of the obligations arising from the mandate relationship. The processing of identification data is required by law if Amfileon AG is obliged to carry out a money laundering audit, as is the processing of the VAT identification number for invoice recipients in other EU countries (§ 14a para. 1 sentence 3 UStG).
The processing of client data may be necessary as a result of the client relationship, for example for the proper provision of investment services. Insofar as clients and interested parties are not willing to provide Amfileon AG with the requested client data, it may not be possible for Amfileon AG to establish the client relationship or conclude any other contract. To the extent that existing Clients are not willing to provide Amfileon AG with the requested Client Data, it may not be possible for Amfileon AG to properly safeguard their interests.
Amfileon AG stores and processes personal customer data as long as it is necessary for the fulfillment of its contractual and legal obligations. It should be noted that the business relationship with the customers is a continuing obligation that is intended to last for several years. As soon as the Customer has provided Amfileon AG with personal data and Amfileon AG has established a contractual relationship (e.g. asset management contract) with the Customer on this basis and has provided (securities) services, there are archiving, documentation and information obligations under commercial law, tax law and supervisory law to which Amfileon AG is bound and which also include Customer data. Such periods range from two to ten years.
If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted on a regular basis, unless its (temporary) further processing is necessary for the preservation of evidence within the statute of limitations (up to 30 years), as far as there is an overriding legitimate interest of Amfileon AG for such storage beyond the legal retention periods according to Art. 6 para. 1 lit. f) DSGVO.
III. rights of the data subject
General data protection rights
Clients and interested parties have the right to receive, free of charge, information about the data stored about them. They can revoke declarations of consent at any time with effect for the future, without the lawfulness of the processing carried out on the basis of the consent up to the revocation being affected. In addition, they have the right to rectification or deletion or to restriction of processing, the right to data portability and the right to object to the processing of customer data at any time. The aforementioned rights are to be asserted against Amfileon AG. Amfileon AG reserves the right to fulfill the aforementioned rights only to the extent required by law. A restriction of the processing and/or deletion of Customer Data may be refused if the purposes of the data processing, regulatory and other legal obligations of Amfileon AG or the necessity of the data for the assertion, exercise or defense of legal claims of Amfileon AG so require.
Profiling
Systems of automated decision making (e.g. profiling) are not applied at Amfileon AG.
Right of Complaint
The Customer has the right to complain to the data protection supervisory authority responsible for Amfileon AG. An obligation of the Customer to provide personal data does not exist in principle until the conclusion of the contractual relationship. However, without these data the conclusion of the contractual relationship and its fulfillment is not possible for Amfileon AG.
Data protection information for applicants
Data protection information for applicants at Amfileon AG
With the following information, we would like to give you an overview of the processing of your personal data as an applicant for a job offer or as part of an unsolicited application.
I. Who is responsible for data processing in the application process?
The controller within the meaning of the GDPR is
Amfileon AG
Elsenheimerstr. 47a
D – 80687 Munich
You can find further information about our company, details of the authorized representatives and other contact options in our imprint on our website: https://amfileon.com/impressum/
If you have any questions about the processing of your personal data as part of the application process, you can contact at any time.
You can reach the data protection officer at the email address
Data protection:
II. What data do we process as part of the application process?
In the application process, we only process the personal data that you send us with your application. As a rule, this is the following data:
Surname, first name and date of birth; contact details (telephone number, e-mail address); application data such as CV, cover letter and references; details of health status or severe disability, if applicable; an application photo, if applicable; account details in the event of reimbursement of travel expenses; any other information you provide during the interview.
In any case, we require the following data for a comprehensive assessment of your application: Surname, first name, telephone number, e-mail address, CV. All other information is voluntary.
III For what purposes and on what legal basis is the data processed?
We process the data you provide to check your application and your suitability for the advertised position and to carry out the application process. The legal basis in this respect is § 26 BDSG.
It may also be necessary to process your data for the defense or enforcement of legal claims. Our legitimate interest also lies in this purpose. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
If your application documents contain special categories of personal data pursuant to Art. 9 para. 1 GDPR, we will process these as part of the application process to exercise rights or fulfill obligations under labor law, social security law and social protection. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with Art. Art. 9 para. 2 lit. b GDPR and Section 26 para. 3 BDSG.
IV. When do we delete your data?
Your data will be deleted no later than 6 months after the end of the application process for the position for which you have applied, unless we have hired you.
In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. There the data will be deleted after two years.
If we have concluded an employment contract with you, your application data will be included in your personnel file.
V. To which recipients will your data be passed on?
Your application data will only be passed on to those positions or persons in the company who need it to carry out the application process and to review the application.
In addition, your application data may be passed on to processors in accordance with Art. 28 GDPR.
Data will not be transferred to a third country.
VI Your rights as a data subject
As a data subject, you are entitled to the following rights. If you wish to exercise these rights, please contact: .
– Right to information in accordance with Art. 15 GDPR
– Right to rectification in accordance with Art. 16 GDPR
– Right to erasure of your data in accordance with Art. 17 GDPR
– Right to restriction of data processing in accordance with Art. 18 GDPR
– Right to data portability in accordance with Art. 20 GDPR
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (f) of Art. 6(1) GDPR in accordance with Art. 21(1) GDPR. The objection must be justified in this case.
VII Right to lodge a complaint with a supervisory authority
If you are of the opinion that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 para. 1 GDPR. This also includes the data protection supervisory authority responsible for Amfileon AG.
VIII. Existence of automated decision-making
Automated decision-making pursuant to Art. 22 (1) and (4) GDPR – including profiling – does not take place.