Data Protection

As of: 09.04.2024

1. Foreword

Regardless of whether you are a client, prospective client, applicant or visitor to our website: we, Flossbach von Storch AG. (hereinafter referred to as: "Flossbach von Storch", "we") take the protection of your personal data very seriously. But what does this mean in practice?

The following information tells you which personal data we collect from you and what format we process it in. It also gives you an overview of your rights under applicable data protection law. We will also tell you who your contacts are should you have any questions.

2. Who are we?

Flossbach von Storch is one of the leading independent asset managers in Germany – and is still owner-operated by its founders and senior executives. You can find out more about us by reading our company portrait.

As a data controller pursuant to applicable data protection law, we

Flossbach von Storch AG,
Ottoplatz 1, 50679 Cologne, Germany
Tel.: +49 221 33 88 - 0

represented by the Executive Board

Dr. Bert Flossbach, Dr. Tobias Schafföner, Dr. Till Schmidt, Marcus Stollenwerk, Kurt von Storch

take all measures under applicable data protection law necessary to protect your personal data.

Should you have any questions about this privacy statement, please contact our data protection officer

2B Advice GmbH
Joseph-Schumpeter-Allee 25, 53227 Bonn, Germany
Tel.: +49 228 9261 65 - 120,
Fax: +49 228 9261 65 - 109

3. Scope of application of the privacy statement

The processing of personal data as defined by the legislator refers to processes such as the collecting, recording, organising, arranging, storing, changing or modifying, selecting, querying, using, disclosing by transmission, dissemination or other form of provision, comparing or linking, restricting, deleting or destroying of personal data.

Personal data is all information related to an identified or identifiable natural person.

This privacy statement refers to the personal data of clients, prospective clients, applicants or visitors.

This privacy statement applies to our website

4. Collecting and processing of personal data

The following explains which data about you we collect and process and for what purposes. Your data will only ever be stored to the extent required by retention obligations and retention periods or for as long as the stated purposes apply.

4.1 Accessing the website

When visiting the website, accessing or viewing any of the files stored on the website this will be logged. This information is logged in order to pursue our legitimate interest (under Art. 6 (1) (f) of the General Data Protection Regulation (GDPR)) in guaranteeing a smooth connection and in optimising our websites and to ensure that the system is robust. The data will not be used to draw conclusions about you as an individual.

The following information will be logged:

  • name of the accessed file,
  • date and time of access,
  • amount of data transferred,
  • confirmation that the file has been accessed successfully,
  • web browser and requesting domain,
  • anonymised IP addresses of the device sending the request.

4.2 Requests for contact

the steps necessary to initiate a contract in response to your enquiry (Art. 6 (1) (b) or (f) of the GDPR). Typical purposes are responding to queries about our products in the areas of financial portfolio management, investment and acquisition brokerage and to give investment advice / initiate contact with clients and to conclude contracts / process applications / maintain business relationships.

The following data may be collected:

  • Surname, first name and salutation
  • Contact details
  • Information which you share with us about your interests and wishes

4.3 Registering for the newsletter

When you register for our newsletter online, we will ask you to provide your explicit consent for us to use your email address to send our newsletter to you on a regular basis. Once you have registered, you will receive an initial email to confirm your email address.

You can revoke your consent with effect for the future at any time. You also have the right to object to your personal data being processed for marketing purposes at any time and free of charge.

The legitimacy with which your data has been processed until the point at which you revoke your consent will not be affected by this. With every subsequent newsletter, you have the option to use the corresponding link to unsubscribe from this newsletter.

Please note that our newsletter contains promotional content, as we use it to advertise our products and services. Your consent to the use of your email address is given on a completely voluntary basis and, should you not wish to give your consent, this will have no wider implications on other aspects of the business relationship.

The use of your email address to send our newsletter is based on your consent (Art. 6 (1) (a) of the GDPR).

4.4 Registering for private areas

There is an option to register for private areas of our website. If a user registers for private areas of our website, this is done on a voluntary basis for the purpose of direct communication and the execution of orders between the contractual parties.

As part of this process, your personal information will be processed in order to fulfil an agreement to which you are a party or to initiate additional agreements in accordance with the terms of use of the distributor portal (Art. 6 (1) (b) of the GDPR).

4.5 Registering for the Flossbach von Storch Postbox online platform

There is also an option to register for the Flossbach von Storch Postbox online platform. If a user registers with the Flossbach von Storch Postbox online platform, this will be on a voluntary basis for the purpose of securely sharing confidential documents, particularly the regular asset reports. When the portal is used, data of this kind is recorded to track error statuses guaranteeing comprehensive customer service when troubleshooting during the log-in process.

The following data ‒ and the following data only ‒ are stored for this purpose: 

  • session data,
  • system events.
  • log-in data.

Your personal data will be processed in order to safeguard legitimate interests and fulfil an agreement to which you are a party or to initiate additional agreements in accordance with the Postbox terms of use of (Art. 6 (1) (b) and (f) of the GDPR).

4.6 Registering for teleconferences, web conferences and livestreams

We also offer the option of registering for teleconferences, web conferences and livestreams. Participation is on a voluntary basis for the purpose of communicating directly and holding conferences.

Your personal information will be processed to safeguard legitimate interests in the holding of conferences in the best possible way and to fulfil an agreement to which you are a party or to initiate additional agreements in accordance with the terms of use of the telephone and web conferences (Art. 6 (1) (b) and (f) of the GDPR).

4.6.1 GoToMeeting/LogMeIn

We use GoToMeeting/LogMeIn software for online meetings, video conference and web conferences. This may involve transferring data to the USA. The current standard EU contractual clauses have therefore been concluded with the provider in order to guarantee a suitable level of data protection.

The "LogMeIn International Privacy Policy" can be found at

4.7 Cookies und Analysetools

Our Cookie Guideline provides information about how personal data is processed using cookies and similar technologies on our website.

4.8 Registration for the Flossbach von Storch Private Asset Management client portal

You also have the option of registering for the Flossbach von Storch Private Asset Management client portal. The client portal is based on the software-as-a-service application FinaDesk from the provider FinaSoft. This registration is voluntary and serves the protected exchange of confidential documents, particularly regular asset reports. In addition, you can view and display your portfolio managed by us. During use, data is recorded that is used to trace error statuses in order to ensure comprehensive customer service in terms of troubleshooting during the login process. 

Only the following data is stored for this purpose: 

  • Session data
  • System events 
  • Login data 

Your personal data is processed to safeguard our legitimate interests in the use and further development of the customer portal and to fulfil a contract in which you are a contractual partner or to initiate further contracts in accordance with the terms of use (Article 6 (1) (b) and (f) of the General Data Protection Regulation).

4.9 Electronic signature services

We use Adobe Sign software from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Saggart D24, Dublin, Ireland ("AdobeSign") for the digital signature of contracts and documents. For this purpose, Adobe Sign processes the data entered by you when using the service, usage data from your end device and transaction-related data. The processing of your personal data by Adobe Sign takes place within the framework of GDPR. The legal basis is Art. 6 (1) (b) and (f) of the General Data Protection Regulation. Further information on data processing by Adobe Sign can be found in Adobe's data protection centre.

4.10 Use of Myra

We use the "Myra" tool from Myra Security GmbH to ensure a high level of security for our website and to protect our systems from unauthorised access. Myra helps us to protect our website against cyber-attacks and contributes to the stability and security of our IT infrastructure. As part of this use, data required for the functioning of the security system may be processed. This may include information such as IP addresses or other data collected as part of security protocols. Data processing is carried out based on our legitimate interest in securing our IT systems and the integrity of our website (Art. 6 (1) (f) GDPR). Further information on data protection and how Myra works can be found at:

5. Where we transfer your data to and why

5.1 Use of data within the company

Within Flossbach von Storch, only people in positions who need access to your personal data to fulfil our contractual or statutory obligations or to safeguard our legitimate interests will have access to it.

5.2 Use of data within the group of companies

In order to offer you the best possible level of service, we occasionally share data with Flossbach von Storch Invest SA, Luxembourg, Flossbach von Storch AG, Switzerland. As part of data processing subject to instructions on behalf of Flossbach von Storch AG, Germany, and Flossbach von Storch AG, Switzerland, we collect data which is recorded via the respective country websites. This data is then provided to the corresponding companies in order to pursue the stated purposes.

We thereby ensure that the applicable statutory data protection regulations are adhered to and that your personal data is protected to an appropriate extent at all times.

For this reason, we have taken corresponding measures with Flossbach von Storch Invest SA, Luxembourg, and Flossbach von Storch AG, Switzerland, to ensure that data protection regulations are adhered to.

We have concluded corresponding agreements with the individual companies to ensure that the personal data shared within the Group always remains protected.

In accordance with these agreements and applicable data protection law, we will only share personal data with other companies in the group of companies for the purposes set out in this privacy statement.

In doing so, we support these companies both in their operations as well as with respect to their adherence to the technical and organisational measures which we also employ to ensure that your personal data is secure. Where possible, we use pseudonymisation and anonymisation measures to protect your data. An adequacy resolution of the EU Commission is in place with regard to the transfer of data to Switzerland to ensure that the personal data processed there is protected to the same extent as within the EEA.

5.3 Use of data outside of the company

We take the protection of your personal data very seriously and will only pass on information about you where statutory provisions require us to do so, when you have consented to this or in order to fulfil contractual obligations.

5.3.1 Disclosure due to a statutory obligation

For the following recipients, there may be a statutory obligation to disclose your personal data:

  • public bodies or supervisory authorities such as the German Federal Financial Supervisory Authority (BaFin), tax authorities, customs authorities;
  • judicial and law enforcement authorities such as the police, courts, public prosecutor;
  • lawyers or notaries, such as in legal disputes;
  • auditors.

5.3.2 Disclosure in order to fulfil an agreement

We collaborate with other companies to enable us to fulfil our contractual obligations. This includes:

  • transportation service providers and hauliers;
  • event organisers and training providers if you have registered with us for specific trade fairs or events;
  • banks and financial service providers for handling all financial affairs.

5.3.3 Sharing data with our own service providers

In order to run our business efficiently, ensure that everything runs smoothly and improve our IT security, we use the services of external service providers which may receive personal information from you in order to fulfil the purposes described above, including

  • IT service providers, particularly in the area of firewall/IT security, website hosting,
  • Cloud providers,
  • print and telecommunications service providers, particularly for sending publications or the newsletter by post,
  • debt collection, consultancy or sales companies,
  • service providers assisting with our Customer Relationship Management.

We have concluded corresponding subcontractor agreements to ensure that the service providers adhere to the same data protection standards as we do in-house. Some of the aspects governed by these agreements are as follows:

  • third parties only have access to the data that they need to fulfil the tasks assigned to them;
  • the only employees of the service providers who have access to your data are those who have explicitly undertaken to adhere to data protection regulations;
  • the service providers adhere to technical and organisational measures which ensure that data is secure and protected;
  • the servers on which data is processed for these purposes are hosted in the EU;
  • what happens to the data when the business relationship between the service provider and us has come to an end.

With service providers based outside of the European Economic Area (EEA), we take special security measures (such as the use of special clauses to the agreement) to ensure that the data is handled with the same level of care as in the EEA. We audit all of our service providers on a regular basis to ensure that they are adhering to our specifications.

5.4 Sale of personal data

We will never sell your personal data to third parties!

6. Your rights

You have certain rights with regard to the processing of your personal data. More information can be found in the corresponding provisions of the General Data Protection Regulation (in Articles 15 to 21).

Please send corresponding orders to our email address or contact us in other ways (see point 2 of this privacy statement for further contact details).

6.1 Right to information and rectification

You have the right to receive information from us concerning which of your personal data we are processing.

In the event that this information is not (or no longer) correct, you can demand that we rectify the data and that missing information be added.

6.2 Right to deletion

Under the following circumstances, you can demand that your personal data be immediately deleted:

  • if your personal data is no longer required for the purposes for which they were collected;
  • if you have revoked your consent and there are no other legal grounds for processing the data;
  • if you revoke your consent to processing and there are no overriding legitimate reasons for processing the data;
  • if your data is being processed on an illegitimate basis;
  • if your personal data needs to be deleted in fulfilment of statutory obligations.

Please note that, before your data is deleted, we will need to check whether there is any legitimate reason for processing your personal data.

6.3 Right to restriction/blocking of processing

You can demand that the processing of your personal data be restricted for any of the following reasons:

  • if you dispute the accuracy of the data until we have the chance to verify that the data is accurate;
  • if the data is being processed unlawfully and you merely demand that the use of your personal data be restricted instead of deleted;
  • if we no longer need your personal data for the purposes of processing, but you still require it for the purposes of asserting, exercising or defending legal claims;
  • if you have objected to processing and it has not yet been verified whether your legitimate interests override ours.

6.4 Right to object

6.4.1   Case-by-case right to object

To the extent that processing is carried out in the public interest or on the basis of the balancing of interests, you have the right to object to processing on grounds relating to your particular situation. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing your data which override your interests, rights and freedoms or if your personal data is used to assert, exercise or defend legal claims. The objection shall not contradict the legitimacy with which your data was processed prior to the objection.

6.4.2   Objection to advertising

In cases in which your personal data is used for promotional purposes, you will be able to object to this form of processing at any time. We will then no longer process your personal information for these purposes.

6.5 Right to data portability

You have the right to receive the personal data that you have provided to us for the purposes of processing in a portable and machine-readable format upon request.

6.6 Right to lodge a complaint with a supervisory authority

We will always endeavour to process your queries and claims as quickly as possible in order to safeguard your rights accordingly. However, depending on the number of queries we receive, it may take up to 30 days before we can respond to your concerns. If there is a delay, we will inform you in a timely manner about the reasons for the delay and will discuss further steps with you.

In some cases, we may not be allowed or able to provide you with information. Where permitted by law, we will inform you of the reason why we are refusing to provide the information.

If you are still not satisfied with our answers and response or if you believe we are violating applicable data protection law, you have the right to lodge a complaint with our data protection officer and a supervisory authority. The supervisory authority responsible for us is:

Commission de Surveillance du Secteur Financier (CSSF)
283, route d’Arlon
1150 Luxembourg, Luxembourg

Tel.: +352 26 25 1 - 1
Fax: +352 26 25 1 - 2601

7. Subject to change

Flossbach von Storch AG reserves the right to amend this privacy statement at any time in accordance with legal guidelines. We therefore recommend that you regularly visit our website to check our up-to-date data protection practices.