Privacy Policy

How we protect and handle your personal information

Last updated: January 15, 2025

1 Who We Are & How to Reach Us

Soliprax operates as a personal financial planning consultation service under BaFin supervision (ID: 10159257). We're based at Max-Planck-Straße 27a, 50858 Köln, and we take your privacy seriously because trust forms the foundation of good financial advice.

This privacy policy explains exactly what personal information we collect, why we need it, how we protect it, and what rights you have regarding your data. We've written this in plain language because legal documents shouldn't require a law degree to understand.

If you have questions about anything in this policy, don't hesitate to contact us at info@soliprax.org. We're here to help, and that includes being transparent about our data practices.

2 Information We Collect & Why We Need It

Financial planning requires understanding your situation, which means we need certain personal information. Here's what we collect and why:

Information Type Why We Need It Legal Basis
Contact details (name, email, phone) To communicate with you about your financial planning Contract performance
Financial information (income, assets, debts) To provide personalized financial advice Contract performance
Website usage data To improve our website and services Legitimate interests
Communication records BaFin compliance and service quality Legal obligation

We only collect information that's necessary for providing financial advice or required by German financial regulations. We don't gather data just because we can — every piece of information serves a specific purpose.

3 How We Use Your Information

Your personal information helps us provide better financial advice. Here's specifically how we use it:

  • Creating personalized financial plans based on your goals and situation
  • Communicating with you about your financial planning journey
  • Meeting our regulatory obligations under BaFin supervision
  • Improving our services based on aggregated, anonymous feedback
  • Protecting against fraud and ensuring account security

We never use your information for marketing purposes without explicit consent. Financial planning is about trust, not sales pitches. If we develop new services that might interest you, we'll ask permission before sharing information about them.

4 Your Data Protection Rights

Under GDPR, you have significant control over your personal information. Here are your rights and how to exercise them:

Right to Access

Request a copy of all personal data we hold about you, including how we use it

Right to Correct

Update incorrect or incomplete information in your records

Right to Delete

Request deletion of your data when it's no longer needed (subject to legal requirements)

Right to Restrict

Limit how we process your information in certain circumstances

Right to Portability

Receive your data in a standard format to transfer to another service

Right to Object

Stop processing based on legitimate interests or direct marketing

To exercise any of these rights, simply email us at info@soliprax.org. We'll respond within 30 days and guide you through the process. Some requests may require identity verification for security purposes.

5 Data Security & Protection Measures

Financial information requires serious security. We protect your data using multiple layers of protection that meet or exceed German banking standards:

  • Encryption: All data is encrypted in transit and at rest using AES-256 standards
  • Access controls: Only authorized staff can access client information, with activity logging
  • Secure infrastructure: Our systems are hosted in certified German data centers
  • Regular security audits: Third-party security assessments ensure our defenses stay current
  • Staff training: All team members receive ongoing data protection training

While we take extensive precautions, no system is completely immune to security risks. If we ever discover a data breach that affects your information, we'll notify you and relevant authorities within 72 hours, as required by GDPR.

6 Data Sharing & Third-Party Services

We don't sell your personal information to anyone. Ever. However, providing financial advice sometimes requires working with trusted partners:

  • Regulatory authorities: BaFin may require access to records during audits or investigations
  • Legal advisors: Our lawyers may need information to defend your interests or comply with court orders
  • Technology providers: Cloud hosting and security services that sign strict data processing agreements
  • Financial institutions: Only when you explicitly authorize us to communicate on your behalf

Any third party that handles your information must meet the same privacy standards we follow. We review these relationships annually and require contractual commitments to data protection.

7 Data Retention & Deletion

We keep your information only as long as necessary for providing services or meeting legal requirements:

  • Active client records: Retained during our service relationship plus 7 years for regulatory compliance
  • Communication logs: Kept for 6 years as required by BaFin regulations
  • Website analytics: Anonymized after 14 months, deleted after 26 months
  • Marketing contact lists: Deleted immediately upon unsubscribe request

After retention periods expire, we securely delete your information using certified data destruction methods. You can request earlier deletion in most cases, though some records must be kept for regulatory compliance.

8 Cookies & Website Analytics

Our website uses minimal tracking to improve your experience. Here's what we collect and why:

  • Essential cookies: Required for website functionality, security, and contact forms
  • Analytics cookies: Help us understand which pages are most helpful to visitors
  • Performance cookies: Monitor website speed and identify technical issues

We don't use advertising cookies or cross-site tracking. You can disable non-essential cookies through your browser settings without affecting core website functionality. Our contact forms and scheduling tools will still work perfectly.

9 International Data Transfers

Your personal information generally stays within Germany and the European Economic Area. When we occasionally need to transfer data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for multinational service providers

Most of our service providers operate within the EU, so international transfers are rare. When they do occur, your data receives the same level of protection required by European privacy laws.

Questions About Your Privacy?

We believe transparency builds trust. If anything in this policy is unclear or if you have specific concerns about how we handle your information, please reach out. We're here to help you understand exactly how your data is protected.

10 Changes to This Privacy Policy

We may update this privacy policy to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we'll notify you by email and post the updated policy on our website at least 30 days before the changes take effect.

Minor updates that don't affect your rights or how we handle your information may be made without advance notice. We'll always indicate the revision date at the top of this policy so you can see when it was last updated.

Your continued use of our services after changes take effect means you accept the updated policy. If you don't agree with the changes, you can terminate our service relationship and request deletion of your information, subject to legal retention requirements.