1. Data Protection Overview
We process personal data (e.g., name, email address, message content, IP address, and device/browser information) in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.

Data Controller within the meaning of the GDPR:
Arcadia Equity GmbH
Schauerstraße 7, 80638 Munich, Germany
Email: contact@arcadiaequity.de
Phone: +49 179 6343669‍

• Consent (Article 6(1)(a) GDPR);
• Performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR);
• Legal obligation (Article 6(1)(c) GDPR);
• Vital interests (Article 6(1)(d) GDPR);
• Public interest / official authority (Article 6(1)(e) GDPR);
• Legitimate interests (Article 6(1)(f) GDPR), provided your interests or fundamental rights do not override these interests.

Processing of special categories of personal data (e.g., health data, religious beliefs) occurs only with explicit consent or in legally permitted cases (Article 9 GDPR). We do not engage in profiling or automated decision-making. In case of a personal data breach, we will notify the relevant supervisory authority and affected individuals as required by Articles 33 and 34 GDPR. Appropriate technical and organizational measures are in place to protect your data (Article 32 GDPR).

2. Scope
This privacy policy applies solely to the use of this website. When you follow links to external websites, their own privacy policies apply.

3. Data Retention
We store personal data only as long as necessary to fulfill the purposes of processing, or as required by law. For example, accounting and tax-related records (e.g., invoices) may be retained for up to 10 years in accordance with statutory retention obligations.

4. Sharing of Data
Your personal data will only be shared with third parties if:

• You have given explicit consent (Article 6(1)(a) GDPR);
• It is necessary to fulfill a contract with you (Article 6(1)(b) GDPR);
• There is a legal obligation to do so (Article 6(1)(c) GDPR);
• It is necessary to establish, exercise, or defend legal claims (Article 6(1)(f) GDPR).

We may also use service providers (processors) who process data on our behalf under a data processing agreement (Article 28 GDPR) and only according to our instructions.

5. Hosting and Third-Party Services
Our website is hosted by IONOS SE (Germany). When you visit our website, IONOS may process technical access data (e.g., IP address, access time, requested page, device and browser information) to ensure website delivery, stability, and security. We have concluded a Data Processing Agreement (DPA) with IONOS to ensure GDPR-compliant processing.

For details, please refer to the privacy policy of our hosting provider.

6. Cookies
We use cookies and similar technologies to improve website functionality and user experience.

• Essential (session) cookies are used to operate the website and are typically deleted when you close your browser.
• Preference cookies may store settings (e.g., language or display preferences) for convenience.

Some cookies may process personal data (e.g., online identifiers). You can restrict or disable cookies in your browser settings at any time. Please note that disabling cookies may affect website functionality.

If we use non-essential cookies (e.g., analytics/marketing cookies), we will request your consent before setting them.

7. Contact
If you contact us, we process the personal data you provide (e.g., name, email address, and message content) solely to respond to your inquiry and for related communication.

• Consent (Article 6(1)(a) GDPR), where applicable; and/or
• Legitimate interest in responding to inquiries (Article 6(1)(f) GDPR); and/or
• Pre-contractual measures / contract performance (Article 6(1)(b) GDPR), if your request relates to a potential or existing business relationship.

We do not share this data with third parties unless required to process your request or unless you have explicitly consented.

8. Data Security
Our website uses SSL/TLS encryption (indicated by the lock icon in your browser’s address bar) to secure data transmission. We implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, loss, or destruction. These measures are regularly reviewed and updated.

9. Your Rights
Under the GDPR, you have the right to:

• Access your personal data (Article 15 GDPR);
• Request rectification (Article 16 GDPR);
• Request deletion (Article 17 GDPR);
• Request restriction of processing (Article 18 GDPR);
• Object to processing (Article 21 GDPR);
• Withdraw consent at any time (Article 7(3) GDPR), without affecting the lawfulness of processing before withdrawal;
• Lodge a complaint with a supervisory authority (Article 77 GDPR).

To exercise your rights, please contact us at: contact@arcadiaequity.de