Privacy Statement

Privacy Policy

The protection of your personal data is very important to HQ Trust GmbH (‘HQ Trust‘ or ‘we‘, ‘us‘, or ‘our‘). The purpose of this privacy policy is to explain to you in detail what we do with your personal data. This privacy policy applies to the processing of your personal data when you visit our website and in the context of our business relationship.

1. Who is responsible and who can I contact?

HQ Trust is responsible for the processing of your personal data as described below. For all data protection queries, please contact us at the following address:

HQ Trust GmbH
Harald Quandt Haus
Am Pilgerrain 17
61352 Bad Homburg v. d. Höhe
Tel. +49 6172 402 850
Fax +49 6172 402 859

Our data protection officer can be reached at the following address

HQ Trust GmbH
Harald Quandt Haus
Data Protection Officer
Am Pilgerrain 17
61352 Bad Homburg v. d. Höhe
Tel. +49 6172 402 850
Fax +49 6172 402 859

2. What data do we process and where does it come from?

We collect and process various types of personal data, depending on the specific processing situation.
Below is a list of data types categorized according to specific processing situation.

2.1. What data do we process when you visit our website?

If you use the internet services provided on the HQ Trust website at, we will collect:

data on the use of the internet pages provided (e.g. IP address, browser, time the page was accessed, content accessed, duration of visit), as well as other technical data that is similar to the data specified here.

2.2. What data do we process when you use HQ Trust Safe?

The HQ Trust Safe service is used to safely send, receive, and store data and can be accessed via a protected area on our website. If, after registering, you use this service, the data we process includes:

  • the data specified under point 2.1 above
  • data used to identify you (user name and password)
  • language settings
  • correspondence

2.3. What data do we process when you contact us?

When you contact HQ Trust, we routinely process only the personal data that is necessary for the contact, particularly:

  • data about you (first name and last name),
  • contact data (postal address, telephone number, email address, fax number).

2.4. What data do we process in the course of an ongoing business relationship?

In the course of establishing and conducting an ongoing business relationship we process personal data
(i) that we have received from you, such as:

  • information about you (e.g. first and last name, date and place of birth, nationality, marital status, gender),
  • contact data (e.g. postal address, telephone number, email address, fax number),
  • data on your professional situation (e.g. information about your employment, details of your self-employment),
  • tax identification information (e.g. tax identification number),
  • identity verification and authentication information (e.g. passport/ID card details, sample signature),
  • data on your financial situation (e.g. assets, income),

(ii) that we have obtained from public sources, such as:

  • public registers (e.g. land registers, commercial register and register of associations),
  • Other information about you from the press and other publicly available sources, including information that is publicly available on the internet and that,

(iii) which we produce about you in connection with our business relationship, for example:

  • data on services commissioned and products ordered (e.g. investment advice, securities account advice, asset management),
  • data concerning the performance of our contractual obligations (e.g. data on financial products brokered, data on the outcome of advisory discussions) or
  • data for documentation purposes (e.g. record of investment advice)

We would be happy to provide specific information about the personal data processed in connection with you. Please contact us at the address given under point 1.

For what purposes do we process your data and what is the legal basis for this?

We process your personal data exclusively in accordance with and on the basis of the applicable provisions of the General Data Protection Regulation (‘GDPR‘) and the Federal Data Protection Act (‘BDSG‘). In certain situations we also process your personal data in order to comply with statutory requirements or on the basis of your explicit consent.

3.1. Your consent

If you have specifically consented to the processing of your personal data, we will process your personal data within the scope of and on the basis of this consent. Consent may be to the sharing of data with partner companies, for example, or the evaluation of your data for personalized advertising.

Your consent is always voluntary. Refusal to give consent or withdrawal of consent will not have negative consequences for you.

Compliance with contractual obligations

We routinely process your personal data as part of an existing contractual relationship with you relating to the provision of advice on investment decisions or the brokering of financial products and services and the execution of your orders, including the necessary precontractual measures.

The purpose of processing is determined by the service commissioned, the product ordered, or your instruction. In some cases, these purposes also require us to transfer data to group companies or to other bodies in third countries (states that are outside the European Union or the European Economic Area such as Switzerland and the United States).

Details of the purpose of the processing and other applicable conditions can be found in the provisions of the contract in question.

3.3. Legitimate interest

We may also process your personal data to safeguard our legitimate interests, provided that these are not overridden by your interests or by basic rights and freedoms that necessitate the protection of your personal data.

Subject to a decision on the balancing of interests to be made in each individual case, in the following non-exhaustive list of processing scenarios we routinely presume that our legitimate interest takes precedence:

  • Managing client relationships
  • Providing information about HQ Trust products by email, provided you have not objected to receiving such communications or revoked your consent
  • Analysis of the use of our web pages
  • Ensuring IT security
  • Preventing and investigating criminal offenses
  • Collaboration with government agencies
  • Measures to guarantee undisturbed possession of our premises

3.4. Statutory obligations

As a financial services provider, we are subject to numerous legal obligations; we cannot comply with these obligations unless we process your personal data. These legal obligations include the statutory requirements of the German Tax Code (AO), the Act Establishing the Federal Financial Supervisory Authority (FinDAG), the Anti-Money Laundering Act (GwG), the German Banking Act (KWG), and the German Securities Trading Act (WpHG). Other legal obligations arise from regulatory requirements such as those imposed by the German Federal Financial Supervisory Authority (‘BaFin‘). For example, we have to collect, process, and in some cases pass on to public bodies data to verify your identity and check your age, to prevent fraud and money laundering, and to meet control and reporting requirements under tax law.

Who do we share your data with?

Where necessary, HQ Trust passes, or provides access to, your personal data to bodies that assist in the performance of our contractual and statutory duties or have a legitimate interest in such. Data is not transferred if there is no legal basis for this or if your interests or basic rights and freedoms outweigh the interest in disclosure.

In accordance with the obligations set out in a contract concluded with you, we also share your data with HQ Asset Servicing GmbH for the purpose of investment accounting.

You may occasionally have questions on tax-related matters in connection with the provision of our services. At your behest, and on the basis of consent explicitly provided prior to transfer, we will share your personal data with our affiliated company Pilgerrain Vermögenstreuhand GmbH for the purpose of providing advisory services.

For the performance of our contractual obligations and the provision of our products and services, we also share personal data with commissioned processors who process your data on behalf of HQ Trust. Commissioned processors are in particular companies who provide services in the area of information technology, telecommunications, teleservices, logistics, sales, and marketing. If you have entered into an agreement with us in respect of advice and the brokering of financial services provided by third parties, we use processors to enable us to fulfill our statutory duties in connection with the provision of advice or the brokerage of financial services. Processors are contractually obliged to process the data exclusively for the purposes specified by HQ Trust and to either erase or return the data when the engagement ends.

We also send your personal data to bodies to whom we are entitled to provide information based on the explicit consent you have voluntarily given us. Personal data may be shared with third parties in connection with the provision of third party services on our website. More detailed information can be found under 6.

5. Do we transfer your data to third countries?

Your personal data is only ever transferred to a third country within the scope of a contract entered into between you and us concerning the provision of advice on investment decisions and the brokerage of financial products and services, so far as this is necessary for fulfillment of our contractual obligations e.g. to execute an individual financial transaction, ordered by you, through a bank based in a third country.

Third countries are countries that are outside the European Union and the European Economic Area. We will routinely ensure through appropriate guarantees, for example through the standard contractual clauses of the European Commission, that personal data is transferred to a third country only if the third country has a level of protection that is equal to that provided by the GDPR.

6. What type of cookies and tracking technologies do we use?

We use various third-party software tools to provide and maintain our website and to analyze how it is used. These tools are routinely based on cookies, web beacons or similar technologies (collectively referred to below as ‘tracking technologies‘). Tracking technologies help us to learn how you use our services (e.g. the pages you display or the links you click on and other actions you perform using our services), give us information about your browser and online usage patterns (e.g. IP address, protocol data, browser type, browser language, referring sites/sites from which you came to our website and URLs, pages viewed, whether you have opened an email, links clicked on etc.) and information on the devices you use to access our services. Tracking technologies enable us to link the devices you have used to access our services with one another in such a way that we can recognize you on any of the various devices you use and can contact you if necessary. Content that you have accessed on one device may lead to advertisements that are relevant to you or content that is relevant to you being shown on another device.

You can limit the use of tracking technologies by changing your browser settings. You can decide what level of access to your devices you allow us and how long cookies can be stored on your device. You can delete any cookies that have already been stored at any time. Please note that you may not be able to use the full functionality of our website if you deactivate all cookies.

6.1. What are cookies?

A cookie is a small text file that is generated by the website’s host server when an internet page is accessed. It is placed on the user’s device (desktop computer, laptop, tablet, smartphone, other web-enabled device) via the browser. Cookies are used to store information about the user and retrieve it the next time the internet page is visited.

6.2. Why do we use cookies?

Cookies help us to understand how our website is used. They enable us to analyze trends, manage the website, track the way a user moves around our website, and collect demographic information about our user base as a whole. They allow you to navigate efficiently between pages, note your preferences and settings on our internet pages, and generally improve your browsing experience. Cookies also help to make sure that you are shown advertisements that are relevant and of interest to you.

We process the data collected by the tracking technologies to (i) to record certain information so that you don’t get asked again for the same information during your visit or when you next visit the website, (ii) to be able to show you personalized content, including advertising, (iii) to recognize you if you visit us on a difference device, (iv) to be able to monitor the functionality and performance of our internet pages, (v) to collect aggregated KPIs relating to the total number of visitors, overall traffic, use, and demographic patterns on our website, (vi) to diagnose and resolve technical problems, and (vii) to be able to implement enhancements and improvements to our website.

6.3. What types of cookie do we use on our website?

The cookies used on our website can generally be divided into the following categories: strictly necessary cookies, analytical/performance cookies, functionality cookies, marketing cookies, and social media cookies.

6.3.1. Strictly necessary cookies

Our website cannot function without these cookies. They enable you to navigate around our website pages and use their functions. Without these cookies we would be unable to provide certain services that are necessary for the full use of our website.

6.3.2. Analytical cookies

We use these cookies to gather information on how users use our internet pages e.g. which pages are visited and read most frequently, or how users get from one link to the next. The information collected by this type of cookie is not associated with an individual user but is grouped together with the information from other users and processed in an aggregated form. The cookies provide us with analytical data on how our websites work and how we can improve them.

6.3.3. Functional cookies

The cookies enable us to save specific selections you have made and to adapt our internet pages so that they offer you greater functionality and content. These cookies may be used, for example, to save your choice of language or country.

6.3.4. Marketing cookies

These cookies enable us to show you personalized advertising. They can also limit the number of advertisements you are shown and measure the effectiveness of a specific advertising campaign.

Such cookies may also save information about other websites you have visited and make the data available for access by other organizations, e.g. for marketing partners. This means that after visiting our website you may be shown advertisements relating to our products and services on other websites.

6.3.5. Social media cookies

To facilitate the sharing of content on the internet, some of our internet pages may contain small software applications from third party providers e.g. Facebook, Twitter, LinkedIn or Google+ that enable the sharing of data. These cookies are placed on your device not by us, but by the third-party provider. We have no control over these cookies. For further information, you should therefore visit the websites of these third-party providers.

6.4. How long are cookies stored on my devices?

The length of time that cookies are stored depends on whether they are ‘persistent’ or ‘session’ cookies. Session cookies are deleted when you leave the website that has set the cookie. Persistent cookies stay on your device after you have finished browsing, until they are deleted or expire.

6.5. Cookies of third-party providers

Some of the cookies stored on your device come from us. Other cookies are stored on your device during your visit to our website by third-party providers integrated into our website. These third-party providers provide us with a specific function or a service in connection with our internet pages. We can control the selection of third-party providers, but we have no influence over the use of cookies by the third-party providers. Some third-party providers may use marketing cookies.

The advertising industry in the European Union has developed a system that allows you to object to the use of this type of cookie. For more information, please go to You can obtain more information on the use of third-party cookies on the website of the provider concerned.

Cookies from the third-party providers Google and Facebook are used on our website. The benefit to the individual third-party providers is explained below.

6.5.1. Use of ‘Google Tag Manager’

Google Tag Manager is used on our website. This service integrates online marketing tools provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, California 94043, USA) (‘Google‘). The service does not save cookies on your system or collect personal data in any other way. However, it can be used to link to other Google services, and to all tracking and advertising tools.

6.5.2. Use of ‘Google Analytics’

Our website uses Google Analytics. This is a service provided by Google that allows us to analyze the use of our internet pages, which we do based on the grounds of legitimate interest. The version of Google Analytics used on our site is Universal Analytics. It enables the collection of data across multiple devices, sessions, and interactions, and allows all this data to be linked to a user.

The service requires a Google Analytics cookie to be stored on the device you use to access our website. The cookie is a text file that contains data on your use of our internet pages and sends this data to a Google server. The data is stored and processed on Google’s servers. Google analyzes and evaluates the information relating to your use of our website for us in accordance with our instructions, and then provides this information to us in the form of reports and activity logs.

The data we process using the Google Analytics service is automatically deleted after 56 months. You can object to the processing of your data in connection with ‘Google Analytics’ at any time with future effect by clicking on this link and following the instructions.

6.5.3. Use of Facebook retargeting technology

Our website uses the ‘Facebook Custom Audience’ retargeting technology provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, for sites based in the European Union, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook‘). ‘Facebook Custom Audience’ helps us to show you advertising and content that is of interest to you. That is where our legitimate interest lies.

The technology is implemented in the form of a pixel, that is not visible to the user, being integrated into our website (Pixel method). The pixel enables us to identify you after you have visited our website when you log in to your Facebook account and to show you personalized advertisements and content, so-called ‘Facebook Ads’. When using ‘Facebook Custom Audience’, we collect information about your usage patterns (e.g. which web pages you have visited from our site), technical data about the device you have used, and, where applicable, data about your Facebook user account.

You can object to the processing of your data in connection with ‘Facebook Custom Audience’ at any time with future effect by clicking on this link and following the instructions.

6.6. Can mobile devices determine my location?

If you visit our website from a mobile device with location services switched on, we may be able to collect information about your current location, geocoordinates and geotargeting data, as well as the type of mobile device you are using. However, most mobile devices offer the option to turn off location services in the settings. HQ Trust does not use this service.

6.7. Right to object

You have a right to object to the processing of the data processed under this point 6. You can prevent the processing of this data by changing your browser settings. However, you may then find that the functionality of our internet pages is limited.

7. How long do we store your personal data for?

We process and store your personal data only for as long as is necessary for our processing purposes.

7.1. Storage period in connection with the use of our online services

We will erase personal data that has been collected from you and stored in connection with the use and provision of our online service offerings at any time upon request. We will in any case delete this data within a few days (generally seven days) without being requested to do so, or, at the latest, when any statutory retention periods end.

The personal data that is required for the provision and use of the HQ Trust Safe service is processed for as long as you continue to use the service.

7.2. Storage in connection with our business relationship

Generally, personal data processed in connection with our business relationship is stored only for a maximum of four years after the end of your business relationship with us.

If a longer storage period is required in order to comply with statutory retention and record-keeping duties, or to protect our legitimate interests such as, for example, use in potential legal disputes, your personal data will also be stored and processed after the end of the aforementioned period. So far as possible, we will block your personal data to exclude it from any further processing.

The periods arising from the statutory retention and record-keeping requirements are between two and ten years and are stipulated in various pieces of legislation including the German Tax Code, the Anti-German Money Laundering Act, the German Commercial Code, the German Banking Act, and the German Securities Trading Act.

8. Your rights

Below is a summary of your rights regarding our processing of your personal data:

8.1. Rights of access, erasure, rectification, restriction of processing, and data portability

Under Art. 15 GDPR you have a right of access, which means you can ask us to confirm whether we process your personal data. If we do, you have the right to demand more detailed information from us concerning this personal data.

Under Art. 16 GDPR you can demand the immediate correction of any incorrect data relating to you.

Under Art. 17 GDPR you have the right to demand erasure of your personal data if (i) it is no longer required for the purposes for which it was collected, (ii) you have withdrawn your consent to processing, (iii) you have exercised your right to object under Art. 21 (1) GDPR and there are no overriding legitimate grounds for continued processing, (iv) your personal data has been unlawfully processed, (v) the erasure of your personal data is necessary to comply with a legal obligation under European Union or Member State law to which HQ Trust is subject, or (vi) the personal data has been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

Under Art. 18 GDPR you have the right to demand restricted processing where one of the following conditions applies. Such a right exists if (i) you have contested the accuracy of your personal data , (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;, (iii) the personal data is no longer required for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims, or (iv) you have objected to processing pursuant to Article 21(1) pending the verification of whether our legitimate grounds override yours.

Under Art. 19 GDPR you have a right to demand information concerning the recipients of data who have been notified about the rectification or erasure of your personal data or the restriction of its processing.

Under Art. 20 GDPR you have a right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.

If the processing or transfer of your personal data is based on consent you have given, you can revoke this consent at any time with future effect.

You also have the right to lodge a complaint regarding the processing of your data or against a decision made by HQ Trust in respect of one of the rights exercised by you. The complaint must be lodged with the Data Protection Officer for the federal state of Hessen, P.O. Box 3163, 65021 Wiesbaden, Germany.

8.2. Contact

All the rights described under point 8.1 can be exercised informally by letter, fax or email using the contact details provided under 1.

8.3. Right to object pursuant to Art. 21 GDPR

8.3.1. Objection on grounds relating to your particular situation

Under Art. 21 (1) GDPR you have the right to object on grounds relating to your particular situation, at any time to the processing of your personal data if this processing is carried out for purposes of our legitimate interests, including profiling (e.g. for a credit assessment). We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing the data which override your interests, rights and freedoms, or if we need to process the data for the establishment, exercise, or defense of legal claims.

8.3.2. Contact

You can lodge your objection by means of an informal letter, fax, or email, addressed to:

HQ Trust GmbH
Harald Quandt Haus
Am Pilgerrain 17
61352 Bad Homburg v.d.Höhe
Fax +49 6172 402 859

9. No obligation to provide personal data

Generally speaking you are only required to provide us with the personal data we need for our business relationship or which we are legally obliged to collect (e.g. mandatory information about you for identity verification purposes in accordance with the standard due diligence requirements laid down in sections 10 et seq. of the German Anti-Money Laundering Act).

As we cannot, or cannot lawfully, render our services without the provision of the data necessary for the performance of the business relationship or the data we are required by law to collect, we routinely decline to enter into contractual relations if such information is not provided and reserve the right to end any contractual relationship already established, if we are no longer able to provide the services under this Agreement.

10. Automated decision-making and profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, if the decision is not required for the conclusion or the performance of a contract, is not prescribed by mandatory provisions of law, or is not based on your explicit consent.

HQ Trust does not use automated decision-making processes, including profiling, within the meaning of Art. 22 GDPR, unless we have explicitly informed you of them.

Last updated on May 23, 2018


This content is currently only available in German.