Controller
The controller of personal data is Recovery Support GmbH (HRB Frankfurt 137 281, USt-IdNr DE328 471 062, hereafter “the Controller”, “we”). Registered office: Mainzer Landstraße 47, 60329 Frankfurt am Main, Germany. Branch offices: Wilhelminakade 173, 3072 AP Rotterdam (Netherlands); Boulevarden 13, 9000 Aalborg (Denmark). This Notice describes how we handle personal data in compliance with the General Data Protection Regulation (EU 2016/679) and the German Federal Data Protection Act (BDSG-neu).
Data we collect
When you submit our enquiry form you provide:
- your name, e-mail address and telephone number;
- an indicative range for the amount lost;
- during subsequent correspondence — the name of the platform involved, transaction details, broker correspondence and other case circumstances.
Automatically, when you visit the site, we collect your IP address, browser data, UTM parameters and cookies.
Purposes of processing
- preliminary assessment of recovery prospects;
- responding to your enquiry and conducting any subsequent engagement;
- preparation and performance of an engagement letter, if you instruct us;
- compliance with the Fifth Anti-Money-Laundering Directive (AMLD5) and KYC procedures.
Legal bases (Art. 6 GDPR)
Processing is carried out on the basis of your consent (Art. 6(1)(a)), the performance of a contract with you (Art. 6(1)(b)), compliance with a legal obligation (Art. 6(1)(c)) and our legitimate interest in the orderly provision of consultancy services (Art. 6(1)(f)).
Recipients
Personal data is shared only to the extent necessary to achieve the purpose: with partner advocates in the Netherlands, Germany and Denmark in the event of litigation; with banks for chargeback proceedings; with European regulators (AFM, BaFin, DFSA, CySEC) where complaints are filed; and with infrastructure providers (hosting, secure mail) under written Data Processing Agreements. We do not sell your data and we do not disclose it to advertising networks.
International transfers
Where data is transferred outside the EEA, the transfer takes place under the EU Standard Contractual Clauses (SCC 2021/914), an adequacy decision of the European Commission or another mechanism provided for in Chapter V of the GDPR.
Retention
Data of enquiries that do not become engagements is deleted within 24 months. Data of clients who instruct us is retained for 7 years after the closure of the file, in compliance with German bookkeeping law (Handelsgesetzbuch §257) and AMLD5.
Your rights
Under Articles 15–22 GDPR you have the right to access your data, to have it rectified or erased, to object to processing, to request portability and to withdraw consent. Requests are addressed to privacy@aureliusandcole.eu and answered within 30 calendar days.
Cookies and analytics
The site uses cookies for session continuity and aggregate analytics. Details are set out in our Cookie Policy. Analytics and marketing cookies are loaded only after your explicit consent through the consent banner.
Complaints to the supervisory authority
If you consider that your rights as a data subject have been infringed, you may lodge a complaint with the Hessian Commissioner for Data Protection and Freedom of Information (datenschutz.hessen.de), or with the supervisory authority of your country of residence within the EU.
Changes
This Notice may be updated. The current version is always available on this page; the date is shown at the top.