Data Protection Policy

GMVV & Co. GmbH has undertaken to protect the privacy of its customers as far as possible even before the General Data Protection Regulation (GDPR) came into force. This includes in particular the protection of personal data.

The personal data obtained as part of the activities of GMVV & Co. GmbH are only collected and used to the extent necessary for the performance of the contractually agreed service. Further information regarding the implementation of the requirements of the GDPR within GMVV & Co. GmbH can be found in the following text.

1. Information about the collection of personal data

(1) Below we inform about the collection of personal data when using our website. Personal data is all data related, e.g., name, address, e-mail addresses, user behaviour.

(2) Responsible acc. Art. 4(7) EU General Data Protection Regulation (GDPR) is Dr. Michele Sciurba and Nicole Thamm, Bergesgrundweg 3, 60599 Frankfurt, Germany, +49 (0) 69 68091920,

(3) When you contact us by e-mail, the information you provide (your e-mail address, your name and telephone number if applicable) will be stored by us to answer your questions. We delete the data that arises in this context after the storage is no longer required, or limit the processing if there are statutory retention requirements.

(4) If we rely on commissioned service providers for individual functions of our offer, we will inform you in detail below about the respective transactions. In doing so, we also name the specified criteria for the storage duration.

2. Your rights

(1) You have the following rights with respect to your personal data concerning you:

  • right to information,
  • right to rectification or erasure,
  • right to restriction of processing,
  • right to object to the processing,
  • Right to data portability.

(2) You also have the right to complain to a a data protection supervisory authority about our processing of your personal data.

3. Collection of personal data when visiting our website

(1) In the merely informative use of the website, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure the stability and security (legal basis is Art. 6(1) sentence 1 lit. f GDPR):

  • IP address,
  • Date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the requirement (concrete page),
  • Access status/HTTP status code,
  • Respective transmitted amount of data,
  • Website from which the request originated,
  • Browser,
  • Operating system and its interface,
  • Language and version of the browser software.

(2) GMVV & Co. GmbH has appointed an external data protection officer, Mr Robert Percy Meiser.

(3) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (here through us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer overall more user-friendly and effective.

(4) Use of cookies:

a) This website uses the following types of cookies, the scope and operation of which are explained below:

– Transient cookies (see b),
– Persistent cookies (c).

b) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser setting according to your wishes, e.g. decline the acceptance of third-party cookies or all cookies. Please be aware that you may not be able to use all features of this site.

4. Which sources and data do we use?

We process personal data that we receive from our clients as part of our business relationship. In addition, we process – as far as necessary for the provision of our service – personal data that we legitimately gain from publicly available sources (e.g. trade and association registers, press, internet) that are transmitted to us by other companies or other third parties.

Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality), credentials (e.g. ID data) and authentication data. In addition, these may include order data, data from the fulfilment of our contractual obligations, documentation data (e.g. call log) as well as other data comparable to the mentioned categories.

5. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA new):

For the fulfilment of contractual obligations (Art. 6 (1)(b) GDPR)

The processing of data is done to provide advisory services and financial intermediation in the execution of our contracts with our clients or to carry out pre-contractual actions, which are carried out on request, and in connection with the trade in raw and cut diamonds. The purposes of data processing are primarily based on the specific requirements of the contracts and may include, but are not limited to, needs analysis, consulting and the execution of transactions.

In the context of balancing interests (Art. 6(1)(f) GDPR)

If necessary, we process your data beyond the actual fulfilment of the contract for the protection of our legitimate interests or of third parties.


– Examination and optimization of requirements analysis procedures in order to address clients

– Guarantee of IT security and IT operation of GMVV & Co. GmbH

– Prevention and investigation of criminal offenses

– Business management and service development measures

On the basis of your consent (Art. 6(1)(a) GDPR)

Insofar as you have given us consent to the processing of personal data for specific purposes, the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent, which were issued to us before the validity of the GDPR, i.e. before May 25, 2018. The revocation of consent does not affect the legality of the data processed until the revocation.

Due to legal requirements (Art. 6(1)(c) GDPR) or in the public interest (Art. 6(1)(e) GDPR)

In addition, we as GMVV & Co. GmbH are subject to various legal requirements and obligations, such as the Money Laundering Act, and the legal requirements of the Industrial Code (GewO) on the basis of the permit pursuant to § 34c (1)(1)(2) and the approval pursuant to § 38 (GewO).

The purposes of processing include, but are not limited to, identity verification, anti-fraud and anti-money laundering checks, the fulfilment of reporting obligations.

6. Who receives your data?

Within GMVV & Co. GmbH, those entities gain access to your data, who need then to fulfil our contractual and legal obligations. Our service providers and vicarious agents may also receive data for these purposes if you have previously signed a corresponding legally binding confidentiality agreement and have concluded a contract processing contract with us. These are companies in the categories of financial services, IT services, logistics, printing services, telecommunications, debt collection, legal advice and consulting as well as sales and marketing.

With regard to the data transfer to recipients outside the GMVV & Co. GmbH, it is first of all to be noted that as GMVV & Co. GmbH we generally maintain secrecy about all client-related facts and valuations, of which we gain knowledge. We only disclose information about our clients if required by law, if you have consented or if we have been expressly authorized to provide information. Under these conditions, recipients of personal data may, for example, be:

– Public bodies and institutions (e.g. Federal Financial Supervisory Authority, European Banking Authority, tax authorities, law enforcement authorities) in the presence of a legal or regulatory obligation.

– Other credit and financial services institutions or similar entities, which we provide with personal information in relation to the conduct of the business relationship with you (e.g. correspondent banks, custodian banks, stock exchanges or credit reference agencies, depending on the contract).

Other data recipients may be the ones for whom you have given us your consent to submit the data.

7. Are data transmitted to a third country or to an international organization?

A transfer of data to offices in countries outside the European Union (so-called third countries) takes place, as far as

– it is necessary for the execution of your orders or for the agreed execution of the contract

– it is required by law or

– you have given us your consent.

In addition, our house does not transfer any personal data to third country or international organizations. For certain tasks, however, we use service providers who usually also use service providers who can have their company headquarters, parent company or data centre in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, our company or service provider may only transfer personal data to a third country or to an international organization, provided that appropriate safeguards are provided (e.g. standard data protection clauses introduced by the Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available. Our company has contractually agreed with these service providers that they must always conclude contract processing contracts with their contract partners to comply with the European data protection level.

8. How long will your data be stored?

We process and store your personal information as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is often designed to continue for years. This includes the initiation and execution of a contract. If the data are no longer required for the fulfilment of contractual or legal obligations, they are deleted on a regular basis, unless their – temporary – processing is necessary for the following purposes:

– Fulfilment of commercial and tax-related retention obligations: The Commercial Code (HGB), the German Tax Code (AO), the German Banking Act (KWG), the Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The deadlines for storage and documentation are two to ten years.

– Preservation of evidence under the legal provisions related to limitation periods. According to §§195 ff. Of the Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

Information about your right of objection under Article 21 General Data Protection Regulation (GDPR)

You have the right to object at any time to the processing of personal data concerning you pursuant to Art. 6(1)(e) GDPR (data processing in the public interest) and Art. 6(1)(f) GDPR (data processing based on a balance of interests).

If you object, we will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

The objection can be form-free and addressed to one of the following contact options:

GMVV & Co. GmbH / Business Consulting

Bergesgrundweg 3, 60599 Frankfurt, Germany

Telephone: +49 (0) 69 68091920


Please use the contact details provided to avoid misunderstandings or to clarify any doubt.