Legal Responsibilities & Commitments

(Footer / Legal Section)

FCP Financial operates fully in compliance with the legal and regulatory frameworks of the Federal Republic of Germany and the European Union. We observe all applicable laws, directives and standards governing financial management, data protection, transparency, anti-money laundering, and corporate governance.

Our Core Commitments:

Ensuring full transparency, integrity and accountability in all financial operations and client relationships.
Complying with EU financial governance rules, BaFin (Federal Financial Supervisory Authority, where applicable), and other relevant German regulatory frameworks.
Adhering to GDPR (General Data Protection Regulation) and the German Federal Data Protection Act (BDSG) in all data processing and privacy matters.
Preventing conflicts of interest, and conducting all advisory processes with independence, impartiality, confidentiality, and professional conduct.
Upholding sustainable finance practices, aligned with ESG / EU Taxonomy principles, to support long-term value creation.

Data Protection, Privacy & Cookie Policy:

We collect and process personal data only when there is a lawful basis (e.g., user consent, performance of a contract, or legal obligation) as per Art. 6 GDPR.
Users are informed transparently about data collection, use, duration of storage, transfer recipients, and their data subject rights (access, rectification, deletion, objection, withdrawal of consent).
Users can withdraw their consent at any time, and the process to revoke consent is as easy as giving it.
Cookies are used only with valid consent (except strictly necessary cookies), and users can manage their cookie preferences.
For log files (e.g. IP addresses, browser metadata), temporary storage is maintained only for as long as necessary to secure operations and prevent abuses, then deleted or anonymized.

Data Transfers & Cross-Border Rules:

Transfers of personal data outside the EU / EEA are permitted only if the recipient country offers an adequate level of protection, or appropriate safeguards (e.g. standard contractual clauses, binding corporate rules) are in place.
Where no adequacy decision exists, a Transfer Impact Assessment (TIA) is conducted, and additional technical or organizational measures may be required.

Data Processors & Sub-contracting:

When we engage processors (e.g. cloud providers), we ensure Data Processing Agreements (DPAs) are in place per Art. 28 GDPR, requiring confidentiality, security measures, and compliance obligations.
Processors may only act under our documented instructions and must assist us in responding to data subject requests, breach notifications, audits, etc.

Data Protection Officer (DPO) & Oversight:

If required by GDPR / BDSG rules (e.g. large scale processing, special categories of personal data), FCP will appoint a Data Protection Officer, who reports to highest management and acts as liaison with supervisory authorities.
We maintain records of data processing activities, conduct Data Protection Impact Assessments (DPIAs) when necessary, and regularly audit compliance internally.

Rights of Data Subjects:

Individuals interacting with our website or services have the following rights:

Right to access their personal data, correct inaccuracies, request deletion or restriction of processing.
Right to object to certain processing (e.g. for legitimate interest).
Right to data portability, where applicable.
Right to withdraw consent at any time without detriment.
Right to lodge a complaint with a relevant supervisory authority (e.g. German State Data Protection Authorities or federal authority).

Liability, Sanctions & Audit:

Breach of GDPR or BDSG may lead to administrative fines, restrictions on processing operations, or bans imposed by supervisory authorities.
Supervisory authorities have investigatory and enforcement powers, including audits, corrective orders, fines, and temporary or permanent bans.
FCP commits to prompt notification of data breaches to data subjects and authorities as required by GDPR (within 72 hours, where feasible)