Privacy Policy

Mandatory information according to GDPR

Privacy policies of Svea Kuschel + Kolleginnen GmbH

Your rights according to Art. 12ff. GDPR

Svea Kuschel + Kolleginnen GmbH  offers consulting in pension plan, Income and Family protection and investment brokerage. PEH Vermögens-management GmbH, who is also our liability umbrella is in charge of our wealth management.

Protection of your privacy is very important to us. This is your right and amongst the regulations of the EU General Data Protection Regulation (GDPR) from 27.04.2016 and effective of 25.05.2018, such as the Federal Data Protection  Act (Bundesdatenschutzgesetz – BDSG-2018).  Below you will find extensive information about how we handle your data.

Contact Persons

Accountable body

Svea Kuschel + Kolleginnen Finanzdienstleistungen für Frauen GmbH

Represented by managing director Constanze Hintze

Seidlstraße 28

D-80335 München

Tel.: 089 / 12 19 01 – 60

Fax: 089 / 12 19 01 – 61

E-Mail: info(at)

Data protection officer

Svea Kuschel + Kolleginnen GmbH has a data protection officer (TÜV).

Seidlstrasse 28

80335 Munich

He can be contacted via E-Mail: datenschutz(at)

Data protection is monitored by this authority

Der Hessische Datenschutzbeauftragte

Postfach 31 63

65021 Wiesbaden

Tel. 0611/1408-0

Fax 0611/1408-900 oder -901

E-Mail: poststelle(at)


Section A: General Statements

  1. Data origin and categories

Svea Kuschel + Kolleginnen GmbH receives personal data from clients and other business partners in the course of contract initiation and fulfillment. As part of our administrative work, we also receive details of the custodian banks you have selected. Furthermore, we process personal data from publicly available sources, eg. B. directories, Internet.

Possible data categorie

1.        Name/Contact data

2.        ID data

3.        Bankdetails

4.        Credit data

5.        Asset data

6.        Order data

7.        Billing data

8.        Payment data

9.        Tax data 

10.       CV

11.       Qualification data

12.       Insurance data

13.       Marital status and situation

14.       Interests / Preferences / Special Living Conditions

15.       Plans and goals for the personal and future career

16.       Company contact information


  1. Processing purposes

We process your personal data according to the EU GDPR marked and limited to the necessary extent.

Conceivable processing purposes

1.        Contract initiation and conclusion

2.        General fulfillment of the contract

3.        Master data maintenance

4.        Creating an investment strategy

5.        Creation of a pension plan

6.        Order settlement

7.        Payment transactions on behalf of the customer

8.        Order processing

9.        Telephone recording

10.       Completion of electronic communication

11.       Strengthening customer loyalty

12.       Sending a newsletter

13.       Accounting / Debt Collection

14.       Prevention of crime

15.       Fulfillment of higher-level legislation, in particular those for financial services institutions (eg. KWG, WpHG, various EU regulations and directives)

16.       Protection of legal claims

17.       Personnel search and management



  1. Legal basis of processing

Due to the terms of the EU-GDRP the processing of personal data by Svea Kuschel and Kolleginnen GmbH is legal. 

Accepted legal basis

1.        Consent

2.        Contract initiation

3.        Contract, contract-like relationship of trust

4.        Legal obligation, overriding legislation, public interest

5.        Balance of interests


  1. Data recipients 

The employees of Svea Kuschel and Kolleginnen GmbH process the corresponding personal data in order to fulfill their contractual and legal obligations. This happens within the employment relationship – the data does not leave our catchment area. In addition, positions outside the Svea Kuschel and Kolleginnen GmbH (third parties) receive personal data based on a defined legal basis. These parties only receive the data they need for the respective task.

Possible data recipients

1.        Public bodies (BaFin, German central bank, tax authorities, etc.)

2.        Custodian / account-holding institution, financial services institutions, similar institutions and processors

3.        external accounting

4.        Shipping service provider

5.        other contractually bound vicarious agents

6.        other bodies for which you have given us your consent to the transfer of data.


  1. Transfer to third countries

A transfer of data to countries outside the EU or the EEA (so-called third countries) only takes place, as far as this is necessary for the execution of your orders (eg payment or securities orders), it is required by law (eg tax reporting obligations) or you give us your consent to have. If service providers are deployed in a third party, they are obliged to comply with the data protection level in Europe in addition to written instructions through the agreement of the EU standard contractual clauses. 

  1. Deletion periods                                                          

We process (and store) your personal data in order to fulfill our contractual and legal obligations or for the purpose for which you provide us with the data. As soon as the processing purpose is removed, this data is deleted on a regular basis, unless its temporary processing is necessary for the following purposes.

– Fulfillment of commercial and tax retention periods: The Commercial Code (HGB), the German Tax Code (AO), the Banking Act (KWG), the Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The deadlines for storage and documentation are two to ten years.

– Preservation of evidence under the statute of limitations. According to §§ 195ff of the Civil Code (BGB) these limitation periods may be up to 30 years, whereby the regular limitation period is three years.  

  1. Your rights under the EU General Data Protection Regulation
1.     (Preliminary) Information You are reading this right now.
2.     Information  Upon request you will receive from us a compilation of the personal data category stored about you.
3.     Correction You have the right to promptly correct incorrectly recorded data.
4.     Deletion We delete your data as soon as the processing is no longer necessary. There are exceptions, however, cf. following paragraph.
5.     Restriction of processing We will no longer use your data if the purpose of processing ceases, but we are not yet allowed to delete it due to higher-level legal provisions.
6.     Data portability Upon request you will receive your data in a suitable form for transfer to a third party.

7.     Revocation


8.     Objection

If you have given us permission to process your personal information for specific processing purposes, you may revoke it at any time without notice.

If the data processing is in the public interest or based on a balance of interests (“predominant legitimate interest”), you may object to the processing of your personal data for contractual purposes.

9.     Complaint If you believe that the processing of your personal data by Svea Kuschel GmbH is unlawful, you have the right to complain to the supervisory authority of your domicile.


  1. Are there any obligations to provide and process data? 

In particular according to the money laundering regulations, we are obliged to identify you prior to the establishment of the business relationship, for example by means of your identity card. Also to record your name, place of birth, date of birth, nationality and your address. In order for us to be able to fulfill this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and immediately notify us of any changes resulting from the business relationship. As a financial services institution subject to supervision by the Federal Financial Supervisory Authority, we are required by law to process certain data when providing financial services (such as financial portfolio management, investment advisory, investment and agency brokerage). As part of our business relationship, you must therefore provide the personal information necessary to enter into a business relationship and perform the related contractual obligations, or that we are required to collect by law. Without this data, we will generally have to be able to refuse to conclude the contract or to execute the order or to be unable to complete an existing contract and to terminate it if necessary. If you do not provide us with the necessary information and documents, we may not take up or continue the business relationship you have requested.

  1. Is there automatic decision making (including profiling)?

In principle we do not use fully automated decision-making in accordance with Article 22 of the DSVO to justify and implement the business relationship. If we use these procedures in individual cases we will inform you about this separately, if required by law.

  1. Electronic Communication

If you send us an e-mail processing is usually required as a pre-contractual or contractual action. In addition, for the purpose of contacting you, you give us your voluntary consent to process your required personal data. This requires the specification of a valid e-mail address, which serves to allocate your request and answer it. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions. If a contractual relationship is established, the statutory deletion period is 10 years.

  1. Consequences of the revocation of a consent and an objection

If you revoke a necessary and already given consent, we will no longer process your personal data. If you object to data processing in the public interest or on the basis of a balance of interests, we will no longer process your personal data, unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the Processing serves the assertion, exercise or defense of legal claims.

If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.  


Section B: Relevant Information for the website

  1. Basic information on data processing and legal bases

1.1. This Privacy Policy explains the nature, scope and purpose of the processing of personal information within our online offering and the related websites, features and content (collectively referred to as “online offer” or “website”). The privacy policy applies regardless of the domains, systems, platforms, and devices (for example, desktop or mobile) on which the online offering is run.

1.2. The terms used, such as “Personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1.3. Users’ personal information processed through this online offering includes inventory data (e.g., customer names and addresses), usage data (e.g., the web pages visited for our online offering, interest in our products), and content data (e.g., contact form submissions).

1.4. The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, prospects and other visitors to our online offering. “Users” are to be understood gender-neutral.

1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that users’ data will only be processed if they have a legal permit. That is, especially if the data processing for the provision of our contractual services (eg processing of orders) as well as online services required or required by law, the consent of the user exists, as well as based on our legitimate interests (ie interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 (1) lit. DSGVO, in particular in the range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services.

1.6. Please note that the legal basis of the consents Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the performance of contractual measures Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing in order to fulfill our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing in order to safeguard our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.

1.7. Our website is hosted by the company Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The privacy policy of Hetzner Online AG is available at

  1. Safety measures

2.1. We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

2.2. The security measures include in particular the encrypted transmission of data between your browser and our server (SSL encryption).

  1. Disclosure of data to third parties and third providers

See section A 5 Transmission to third countries

  1. Contact

4.1. When contacting us (via contact form or e-mail), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b) DSGVO processed.

4.2. User information can be stored in our Customer Relationship Management System (“CRM System”) or similar request organization.

  1. Collection of access data and log files

5.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO Data on every access to the server on which this service is located (so-called server log files). Access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, successful retrieval message, browser type and version, the user’s operating system, referrer URL (previously visited page), IP address, and the requesting one provider.

5.2. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 30 days and then deleted. Data whose further retention is required for evidential purposes are excluded from the erasure until the final clarification of the incident. 

  1. Cookies & reach measurement

6.1. Cookies are information transmitted by our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

6.2. We use “session cookies”, which are only stored for the duration of the current visit on our online presence (for example, to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). In a session cookie a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies can not save other data. Session cookies will be deleted when you have finished using our online offer and you are e.g. log out or close the browser.

6.3. The use of cookies in the context of pseudonymous range measurement informs users in the context of this privacy policy.

6.4. If users do not want cookies stored on their machine, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

6.5. You may opt for the use of cookies for distance measurement and promotional purposes through the Network Advertising Initiative’s opt-out page ( and, in addition, the US website ( ) or the European website (

  1. Blog and pages with comments

7.1. We provide functions on our website that offer users the opportunity to comment on individual articles or pages, which requires registration by specifying an e-mail address and a freely selectable username (pseudonym). The comments (along with usernames) are visible to everyone and can themselves be commented on by third parties.

7.2. If an affected person makes a comment, the IP address of the person concerned will be sent to us and stored in addition to the submitted comment, the specified e-mail address and the selected username. The legal basis for this is Art. 6 (1) lit. f DSGVO. The storage is required for security reasons. In addition, the data in case of infringing comments from our company may be needed for legal defense purposes. A passing on of the E-Mail address and the IP address to third parties takes place only, if a legal disclosure obligation exists or this is necessary for our legal defense. The submitted comments can be changed or deleted by the affected person at any time.

  1. Privacy for applications

Persons may submit applications to us electronically (for example by e-mail or via an application form provided on the website). In this case, the collected and processed personal data are collected for the purpose of carrying out the application process and thus for the potential initiation of an employment relationship. The legal basis for this is Art. 6 (1) lit. b DSGVO. If there is an employment contract with us then the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. Unless an employment contract is concluded, a cancellation takes place within two months of notification of the rejection decision, provided that this does not conflict with any other legitimate interests of our company. Such a legitimate interest, for example, is a burden of proof in proceedings under the General Equal Treatment Act (AGG).

  1. Newsletter

9.1. With the following information, we will inform you about the contents of our newsletter as well as the registration, shipping and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.

9.2. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the content of a newsletter is concretely described in the context of an application for the newsletter, it is decisive for the consent of the user. Incidentally, our newsletters contain information about our products, offers, promotions and our company.

9.3. Double opt-in and logging: Registration for our newsletter is done in a so-called double opt-in procedure. That After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. Registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the logon and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged.

9.4. The newsletter is sent by means of a separate shipping solution within our CRM.

9.5. Credentials: To subscribe to the newsletter, please provide us with your e-mail address and your name, for personal address in the newsletter.

9.6. Statistical Survey and Analysis – The newsletters contain a so-called “web-beacon”, i. a pixel-sized file, which is retrieved from the server of the shipping service provider when the newsletter is opened. In the course of this call, technical information, such as information about the browser and your system, as well as your IP address and time of the retrieval are collected. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

9.7. The use of the shipping system, the implementation of statistical surveys and analyzes as well as logging of the registration process, are based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users.

9.8. Termination / Withdrawal – You can terminate the receipt of our newsletter at any time, ie. Revoke your consent. At the same time, your consent to its dispatch by the shipping service provider and the statistical analyzes expire. A separate revocation of the shipment by the shipping service provider or the statistical evaluation is unfortunately not possible. A link to cancel the newsletter can be found at the end of each newsletter. If the users have only subscribed to the newsletter and terminated this registration, their personal data will be deleted.

10. Integration of services and content from third parties 

10.1. We use content or service offers from third-party providers within our online offer based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. Services such as Include videos or fonts (hereinafter referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the device of the user and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information on the use of our online offer, as well as being linked to such information from other sources.

10.2. The following illustration provides an overview of third-party providers and their content, along with links to their data protection declarations, which provide further information on the processing of data and, in part. already mentioned here, options for objection (so-called opt-out) include: 

10.3.1 Use of social plugins from Facebook, Instagram, Pinterest

So-called social plugins (“plugins”) from social networks are used on our website. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook, Google, Twitter or Instagram servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the respective provider (possibly to the USA) and stored there. If you are logged in to one of the services, the providers can assign your visit to our website to your profile in the respective social network. If you interact with the plugins, for example by pressing the “Like” or the “Share” button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social network and displayed to your contacts there. This serves to protect our legitimate interests in an optimal marketing of our offer, which predominate in the context of a balance of interests, in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

The purpose and scope of the data collection and the further processing and use of the data by the provider as well as a contact option and your rights and setting options to protect your privacy can be found in the privacy policy of the provider.

If you do not want the social networks to assign the data collected via our website directly to your profile in the respective service, you must log out of the corresponding service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. B. with the script blocker “NoScript” ( 

10.3.2 Our online presence on Facebook, Instagram, Pinterest, LinkedIn

Our presence on social networks and platforms enables better, active communication with our customers and prospects. We provide information about our products and ongoing special promotions.

When you visit our online presence in social media, your data can be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used to e.g. Place advertisements inside and outside of the platforms that presumably correspond to your interests. For this purpose, cookies are generally used on your end device. The visitor behavior and the interests of the users are stored in these cookies. According to Art. 6 para. 1 lit. f. GDPR to safeguard our legitimate interests, which predominate in the context of a balance of interests, in an optimized presentation of our offer and effective communication with customers and interested parties. If you are asked for your consent (consent) to data processing by the respective social media platform operators, e.g. with the help of a checkbox, the legal basis for data processing is Art. 6 Para. 1 lit. a GDPR. As far as the aforementioned social media platforms are headquartered in the USA, the following applies: For the USA, the European Commission has passed an adequacy decision. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here. The detailed information on the processing and use of the data by the providers on their pages as well as a contact option and your rights and settings options to protect your privacy, in particular options for objection (opt-out), can be found in the privacy policy of the providers linked below. If you still need help with this, you can contact us.

Facebook: data processing is based on an agreement between jointly responsible persons in accordance with Art. 26 GDPR, which you can see here:


Opposition option (opt-out):


11. Right to information

See section A 7: Your rights under the EU General Data Protection Regulation

12. Deletion of data

See section A 7: Your rights under the EU General Data Protection Regulation

13. Right to object

See section A 7: Your rights under the EU General Data Protection Regulation

14. Right to be informed

If you have asserted the right to correction, deletion or restriction of processing, we are obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves as impossible or involves a disproportionate effort. In this respect, 

15. Right to data portability (data portability)

See section A 7: Your rights under the EU General Data Protection Regulation

16. Right to lodge a complaint with the supervisory authority

See section A 7: Your rights under the EU General Data Protection Regulation

17.Changes to the privacy policy

17.1. We reserve the right to change the data protection declaration in order to adapt it to changes in the legal situation or in the event of changes to the service and data processing. However, this only applies to explanations of data processing. If user consent is required or parts of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the user.

17.2. Users are asked to inform themselves regularly about the content of the data protection declaration.

Section C: Final provisions

  1. Validity of this data protection declaration

Our data protection declaration should always correspond to the current legal requirements and reflect changes in our services, e.g. B. when introducing new services. The latest data protection declaration therefore applies to your next visit.

  1. Questions about data protection

If you have any questions about data protection at Svea Kuschel + Kolleginnen GmbH, our data protection officer can help you.

Status of the data protection declaration: August 10, 2018