Privacy Policy

Privacy Policy of MainSky Asset Management AG


We want you to know what data we collect, process and use about you and for what purpose. This is your right and complies with the requirements of the EU Data Protection Basic Regulation (EU-DSGVO) of 27.04.2016, valid from 25.05.2018, and the Federal Data Protection Act (BDSG-2018). Therefore we give you here an overview of the personal data stored by you as well as the data protection organization of MainSky Asset Management AG. Thereby we want to enable you to exercise your "basic right to informational self-determination".

Contact Person

Responsible office
MainSky Asset Management AG
Reuterweg 49, 60323 Frankfurt am Main
Tel: 069-15049680-0, Fax: 069-15049680-29

Data Protection Coordinator
A data protection officer was not appointed because the legal requirements for this are not fulfilled. Every person concerned can contact us directly at any time with all questions and suggestions regarding data protection.

Data protection coordinator
MainSky Asset Management AG
Reuterweg 49, 60323 Frankfurt am Main
Tel: 069-15049680-0

Responsible supervisory authority regarding data protection.
The supervisory authority responsible for our company in data protection matters is

The Hessian Commissioner for Data Protection and Freedom of Information
Postfach 3163, 65021 Wiesbaden
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Tel: 0611-1408-0, Fax: 0611-1408-900

Section A: General Statements

1. Data origin and categories

MainSky Asset Management AG receives personal data from clients and other business partners in the course of contract initiation and fulfillment. Within the scope of our administrative activities we also receive data from the custodian banks selected by you. Furthermore we process personal data from publicly accessible sources, e.g. telephone directories, internet.

Possible data categories

  1. Names/Contact details
  2. Identity card data
  3. Bank details
  4. Creditworthiness data
  5. Asset data
  6. Order data
  7. Invoice data
  8. Payment details
  9. Control data
  10. curriculum vitae
  11. Qualification data
  12. Insurance data
  13. Marital status and situation
  14. Interests/preferences/special life circumstances
  15. Plans and goals for the personal and professional future
  16. Company contact details
2. processing purposes

We process your personal data in accordance with the EU-DSGVO for specific purposes and limited to the necessary extent.

Conceivable processing purposes

  1. Contract initiation and conclusion
  2. Fulfilment of contract
  3. Master data maintenance
  4. Creation of an investment strategy
  5. Creation of a suitability concept
  6. Order processing
  7. Payment transactions on behalf of customers
  8. Order processing
  9. Phone recording
  10. Handling of electronic communication
  11. Strengthening customer loyalty
  12. Sending a newsletter
  13. Applications
  14. Prevention of criminal offences
  15. Compliance with higher-level legal regulations, especially those for financial services institutions (e.g. KWG, WpHG, various EU regulations and directives)
  16. Protection of legal claims
3. Legal basis of the processing

We process your personal data in accordance with the Basic Data Protection Regulation (EU-DSGVO) and the Federal Data Protection Act (BDSG).

  • Insofar as the processing of personal data is carried out for the purpose of fulfilling contractual obligations with you, Art. 6 para. 1 lit. b. DSGVO is the corresponding legal basis..
  • Insofar as necessary, we process your data beyond the actual fulfilment of your contract in order to protect the legitimate interests of us or third parties (Art. 6 para. 1 lit. f. DSGVO).
  • Insofar as you have given us your consent to process personal data for specific purposes, the processing will be based on your consent (Art. 6 para. 1 lit. a. DSGVO).

In addition, we are subject to various legal obligations (Money Laundering Act, Tax Act, etc.) as well as banking supervisory regulations. For this purpose (Art. 6 para. 1 lit. c DSGVO) data processing may also be necessary.

4. Recipient of data

Within MainSky Asset Management AG those departments receive your data, which need them to fulfill our contractual and legal obligations. Also contract processors employed by us (Art. 28 DSGVO) may receive data for these purposes. Depending on the nature of the contractual relationship entered into, data may be transferred to other recipients, for example public bodies or institutions (BaFin, Bundesbank, tax authorities, etc.) if there is a legal obligation.

5. Transfer to third-party countries

A data transfer to countries outside the EU or the EEA (so-called third countries) takes place in accordance with Art. 44 ff. DSGVO, data will only be transferred to countries outside the EU or EEA (so-called third countries) if this is necessary to execute your orders (e.g. payment or securities orders), if it is required by law (e.g. tax reporting obligations) or if you have given us your consent. If third party service providers are used, they are obliged to comply with the level of data protection in Europe in addition to written instructions by the agreement of the EU standard contract clauses.

6. Deletion periods

We process (and store) your personal data to fulfill our contractual and legal obligations or for the purpose for which you provide us with the data. As soon as the processing purpose ceases to apply, this data is regularly deleted, unless its temporary further processing is necessary for the following purposes.

  • Fulfilment of commercial and tax law retention periods: The German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the Money Laundering Act (GwG) and the Securities Trading Act (WpHG). The periods of retention or documentation stipulated therein range from two to ten years.
  • Preservation of evidence within the scope of the statute of limitations. According to §§ 195ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
7. Your rights according to EU data protection basic regulation

very person concerned has the right to

  • Information about processing of personal data according to Art 15 EU-DSGVO,
  • Revocation of a granted consent according to Art. 7 EU-DSGVO
  • Correction according to Art. 16 EU-DSGVO,
  • Deletion according to Art. 17 EU-DSGVO,
  • Restriction of processing according to Art 18 EU-DSGVO,
  • Objection to processing on the basis of a legitimate interest according to Art. 21 EU-DSGVO and
  • Data transferability according to article 20 EU-DSGVO.

The restrictions according to §§ 34 and 35 BDSG apply to the right of information and deletion. In addition, you are entitled to lodge a complaint with the Hessian data protection supervisory authority (Art. 77 EU-DSGVO in conjunction with § 19 BDSG).

8. Are there obligations to provide and process data?

In particular, we are obliged under money laundering law to identify you before establishing the business relationship, for example by means of your identity card, and to record and record your name, place and date of birth, nationality and residential address. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes that occur during the course of the business relationship. As a financial services institution subject to the supervision of the Federal Financial Supervisory Authority, we are legally obliged to process certain data when providing financial services (e.g. financial portfolio management, investment advice, investment and acquisition brokerage).

Within the scope of our business relationship, you must therefore provide us with those personal data which are necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or be unable to execute an existing contract and may have to terminate it. If you do not provide us with the necessary information and documents, we may not commence or continue the business relationship requested by you.

9. Is there automatic decision making (including profiling)?

We do not use automated decision making according to Art. 22 EU-DSGVO.

10. Data protection for applications and the application process

The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out by electronic means. This is particularly the case if an applicant submits relevant application documents to the data controller by electronic means, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

If the data controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the data controller. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).

11. Right of objection

If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6 Par. 1 S. 1 lit. f DSGVO, you have the right, in accordance with Art. 21 DSGVO, to object to the processing of your personal data if this is done for reasons arising from your particular situation. In the event of an objection, we will no longer process your personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made without formality and should be addressed to

Data Protection Coordinator
MainSky Asset Management AG
Reuterweg 49, 60323 Frankfurt am Main
Tel: 069-15049680-0

Section B: Website relevant information

1. Collection of general information when visiting our website

When you view our website, general information is automatically collected using a cookie. This information (log files or server log files) describes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and similar. This data is collected by the Internet service that hosts our website. They are technically necessary in order to display the contents of the website correctly and are always collected when you move around the Internet. They are processed in particular for the following purposes:

  1. Ensuring that the website can be connected without problems.
  2. Ensuring a smooth use of our website.
  3. Evaluation of system security and stability.

According to the Internet host, the data of the log files are anonymized after 7 days and stored for a maximum of 8 weeks. Anonymous information of this kind can also be statistically evaluated by us in order to optimize our website and the technology behind it.

Due to our legitimate interest, this processing of your personal data is permitted. We do not use your data to draw conclusions about your person. Recipients of the data are only MainSky Asset Management AG as the responsible body and the Internet host.


Our website uses cookies that are stored by the browser on your device and contain certain settings for using the website (e.g. for the current session). Cookies serve to make our website more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted when you close your browser. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies enable us to recognize your browser on your next visit.

In some cases, the cookies are used to simplify website processes by storing settings (e.g. the retention of previously selected options). Insofar as personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 letter b DSGVO either for the execution of the contract or in accordance with Art. 6 Para. 1 letter f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to activate the automatic deletion of cookies when closing the browser.

You can adjust the cookie settings "here

2. Use of website analysis services

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO (legitimate interest). With the tracking measures we use, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use the tracking measures to record the use of our website statistically and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as justified in the sense of the above-mentioned regulation. The respective data processing purposes and data categories can be taken from the corresponding tracking tools.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called cookies. Cookies are text files, which are stored on your computer and that enable an analysis of the use of the website by users. The information generated by cookies on your use of this website is usually transferred to a Google server in the United States, where it is stored.

The storage of Google Analytics cookies and the utilization of this analysis tool are based on Art. 6 Sect. 1 lit. f GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities.



Matomo (formerly Piwik)

This website uses the open source web analysis service Matomo. Matomo uses so-called "cookies". These are text files which are stored on your computer and which enable an analysis of your use of the website. For this purpose the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before being saved.
Matomo cookies remain on your end device until you delete them.

The storage of Matomo-Cookies is based on art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both his web offer and his advertising.
The information generated by the cookie about the use of this website is not passed on to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

If you do not agree with the storage and use of your data, you can deactivate the storage and use here. In this case an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, the Matomo Opt-Out-Cookie will be deleted as well. The Opt-Out must be reactivated when you visit our site again.

You have the possibility to prevent that actions you have taken here are analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improve usability for you and other users.

Your visit to this website is currently recorded by Matomo Web Analytics. Uncheck this checkbox for Opt-Out.

3. Device width detection

This website is programmed in HTML5 and offers you the advantage of a responsive design. With the help of the computer language used, we have created several pages of the same content, which allows you to view our offer on different devices (desktop computer, tablet, smartphone). No cookies are used for device width recognition! Your device only transmits technical data and browser information, from which the programming derives a percentage for the display. This information is not linked and stored with personal information, but queried anew at each visit. Your device will not be recognized.

4. SSL-encryption

This site uses SSL or TLS (Transport Layer Security) encryption for security reasons and to protect the transmission of confidential content. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the scheme "https" (instead of "http") as part of our internet address. If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Newsletter

If you have agreed, we will send you our newsletter or comparable information on a regular basis to the e-mail address you provide us for this purpose. Subscribers can also be informed by e-mail about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical conditions).

For an effective registration we need a valid e-mail address. In order to verify that the registration is actually made by you, we use a "double opt- in" procedure. For this purpose, we log the ordering of the newsletter, the sending of our confirmation mail your answer to it. We do not collect any further data. The data will be used exclusively for sending the newsletter and will not be passed on to third parties.

You can revoke your consent to receive the newsletter at any time. You will find a corresponding link in every newsletter. You can also inform us of your wish by using the contact option at the end of this data protection notice.

6. Contact form and contacting by e-mail

If you send us inquiries via contact form or e-mail, your details from the inquiry form or your e-mail, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. The indication of an e-mail address is required for contact purposes, the indication of your name and your telephone number is voluntary. Under no circumstances will we pass on this data without your consent.

The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f DSGVO and, if applicable, Art. 6 para. 1 lit. b DSGVO, if your request is aimed at the conclusion of a contract. Your data will be deleted after the final processing of your inquiry, provided that there are no legal obligations to keep records.

In the case of Art. 6 para. 1 lit. f DSGVO, you can object to the processing of your personal data at any time.

7. use of Google Maps

We use Google Maps for embedding maps. Here we connect to servers of Google Ireland Ltd. via an interface (API). At least IP address, URL (Internet address) of our website and date/time of use are transmitted to Google. Legal basis for the transmission is our contract with Google Ireland Ltd. ( according to Art. 6 para. 1 lit. b) DSGVO in connection with a contract on joint responsibility according to Art 26 DSGVO, which you can download here: In this respect, visitors enter into a direct user relationship with Google when using Google Maps. Further information on this can be found in Google's detailed privacy policy

8. validity of this privacy policy

We reserve the right to adapt or update this data protection declaration if necessary in accordance with the applicable data protection regulations. In this way, we can adapt it to current legal requirements and take into account changes in our services, e.g. when introducing new services. The most recent version applies to your visit.

Status of the data protection declaration: 01 November 2019

9. Questions about data protection

If you have questions regarding data protection concerning MainSky Asset Management AG, our data protection coordinator can help you:

MainSky Asset Management AG
Data protection coordinator
Reuterweg 49
60323 Frankfurt am Main

Tel: 069-15049680-0, Fax -29

The competent supervisory authority depends on the state of your residence, your work or an alleged data protection violation. A list of the supervisory authorities (for the non-public sector) with their addresses can be found at