Privacy Notice for the Website and App of WealthFuse GmbH (Realist)

Status: 07.10.2025

This Privacy Notice informs you, in accordance with Art. 13 and 14 GDPR, about which personal data WealthFuse GmbH (hereinafter also "Realist" or "we") collects when you use our website (realist-invest.com) and our Realist App, and how we process this data.

It is addressed to all user groups, website visitors, app users, and registered customers, and explains the purpose and scope of data processing in an understandable form.

Note: Account registration is only possible via our App, not directly on the website.

In the following, we describe both the website-related and app-related processing operations, including the use of cookies and analytics tools, planned newsletter and marketing measures, and your data protection rights.

Controller: The Controller responsible for the data processing is WealthFuse GmbH, Rheinsberger Str. 76/77, 10115 Berlin. Contact: info@wealthfuse.de

Data Protection Officer: We have appointed a Data Protection Officer. You can contact us with data protection inquiries at any time by email at info@wealthfuse.de.

We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Notice. Please note that data transmission on the Internet (e.g., when communicating by email) may have security gaps; complete protection of data against access by third parties is not possible. However, we protect your data through current technical and organisational measures, in particular through TLS encryption during transmission.

1. Purposes and Legal Bases for Data Processing

We process personal data only within the legally permissible framework. Depending on the type of processing, we rely on the following legal bases of the GDPR:

1.1 Consent (Art. 6 (1) lit. a GDPR)

If you have given us consent, we process your personal data for the respective stated purposes on the basis of Art. 6 (1) lit. a GDPR. Giving consent is always voluntary and can be withdrawn by you at any time with effect for the future. If consent is withdrawn, this does not affect the lawfulness of the data processing up to the time of withdrawal. If we process special categories of personal data (Art. 9 GDPR), this will only occur with your explicit consent or based on another legal permission norm.

1.2 Performance of a Contract (Art. 6 (1) lit. b GDPR)

We process data that is necessary for the initiation and performance of a contract with you, based on Art. 6 (1) lit. b GDPR. This includes, in particular, the processing of your data to provide our App and the financial services offered through it within the framework of the user agreement concluded with you. For example, we require certain information to create your customer account and to enable you to access our platform and services. If you use our services, this data processing is necessary to fulfil our contractual obligations to you.

1.3 Legal Obligations (Art. 6 (1) lit. c GDPR)

In cases where we are subject to legal obligations, we process your data on the basis of Art. 6 (1) lit. c GDPR. Such obligations may arise, for example, from commercial and tax law retention requirements (e.g., §§ 147 AO, 257 HGB) or, if applicable, from financial market laws such as anti-money laundering regulations. Particularly when you use our financial services, it may be necessary to collect certain data to fulfil legal requirements (e.g., identity verification according to the Money Laundering Act or reporting to supervisory authorities). Within this framework, we process your data only to the extent required by law, such as for carrying out identity and age checks, fraud and money laundering prevention, or for fulfilling tax control and reporting obligations.

1.4 Legitimate Interest (Art. 6 (1) lit. f GDPR)

Insofar as it is necessary to protect our legitimate interests, we process data on the basis of Art. 6 (1) lit. f GDPR. In doing so, we always ensure that no overriding interests or fundamental rights on your part oppose this. Our legitimate interests lie in particular in the following purposes:

  • Secure operation and protection of our IT systems and services (ensuring IT security, prevention of misuse and criminal offences).
  • Enforcement of rights and defence of our rights (e.g., in legal disputes).
  • Responding to inquiries and general customer communication outside of contractual relationships (non-commercial correspondence).
  • Product optimisation and further development of our App, website, and services (e.g., through internal analyses, error correction, testing new functions).
  • Direct marketing and market research regarding the functionality and performance of our offers, insofar as this is permissible without consent.

If you would like further information on our balancing of interests in a specific case or wish to object to processing based on legitimate interest, you can contact us at any time. (Details on the right to object can be found in section 5) .

Disclosure to Third Parties and Processors: As part of our activities, we work with various external service providers (e.g., in the areas of hosting, analytics, marketing). Personal data is only passed on to external entities in compliance with the aforementioned legal bases, i.e., e.g., for contract performance, legal obligation, based on a legitimate interest, or another permission. If we use service providers as processors, your data will only be transferred based on a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR, which ensures that the service providers process the data only on our behalf and according to our instructions. Any agreements concluded on joint controllership will also be implemented in accordance with legal requirements. In the following, we name specific recipients only to the extent necessary for understanding the processing operations ("Need-to-know").

2. Data Processing when Using the Website and App

In the following, we describe which data is collected when using our website and App, for what purpose, and on what legal basis.

2.1 Website Hosting and Access Data (Webflow)

Each time you visit our website, certain access data is automatically collected and transmitted by your browser to our server or to the server of our hosting service provider. Our website is provided via the service Webflow (Provider: Webflow, Inc., 398 11th Street, San Francisco, CA 94103, USA). Webflow acts as a processor for us and logs page views in so-called log files, which may contain the following information in particular: IP address of the requesting device, date and time of access, page/file accessed and amount of data transferred, the previously visited page (referrer URL), browser and operating system used, and a message about the successful retrieval. Your device automatically transmits this data so that the website can be displayed.

Webflow collects and stores these server log data on our behalf to enable connection to the website and for security reasons (e.g., to detect attempted attacks); without this data, you may not be able to use our website without errors in some parts. The access data mentioned are temporarily stored and automatically deleted after a limited period (an exact storage period, typically a few days, depends on the requirements of security and server configuration).

Purposes: The processing of this technical information is based on our legitimate interest (Art. 6 (1) lit. f GDPR) for the following purposes:

  • To technically enable the website delivery and connection establishment,
  • To ensure the stability and security of the website and our IT systems (incl. error detection, debugging, and prevention of misuse),
  • To continuously improve the performance and user-friendliness of our website and adapt it to the needs of users (internal analyses, quality controls), and
  • To create statistics on access paths and website usage (e.g., to find out which pages are particularly popular).

Insofar as the collection of certain data is not strictly technically necessary for the provision of the website, such data collection takes place only with your consent (Art. 6 (1) lit. a GDPR), for example in the case of optional analytics cookies. Details on this can be found in the next section on cookies and analytics.

Legal Basis: The processing of access data for the provision of the website and for security purposes is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, as we have a legitimate interest in the reliable, secure, and efficient presentation of our web offering.

Note on Webflow: Webflow stores strictly necessary cookies or similar technologies on your device for technical purposes to provide the display of the website and certain functions (e.g., navigation, language settings) and to ensure security. The use of Webflow is in our interest of a professional web presence. We have concluded a DPA with Webflow, and Webflow uses EU standard contractual clauses to ensure a lawful data transfer. Webflow is also certified under the EU–US Data Privacy Framework (DPF), thereby committing to adhere to European data protection standards even when processing data in the USA. Further information can be found in Webflow's Privacy Policy.

2.2 Cookies and Analytics Services (Google Analytics)

Our website uses cookies and comparable technologies (e.g., tracking pixels) to provide certain functions and to statistically evaluate usage. Cookies are small text files that are stored on your device. Some cookies are necessary for the website to function technically (e.g., for display or basic features); others serve to evaluate user behaviour or for marketing purposes and are only set with your consent. You can select which cookies you allow via our cookie settings. Furthermore, you can configure your browser to block cookies entirely or partially. Please note, however, that without necessary cookies, the functionality of the website may be restricted.

Google Analytics: We use the analytics tool Google Analytics on our website (and possibly in our App), a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics enables us to evaluate the behaviour of website visitors to improve our offer (e.g., which pages are visited for how long). The service uses cookies and similar technologies that are stored on your device to collect information about your use of the website, such as page views, interactions, device type, browser, approximate location (country/region), and technical identifiers. This usage data is usually transferred to and stored on Google servers, possibly also in the USA. However, we have configured Google Analytics with activated IP anonymisation, so that your IP address is truncated within the EU/EEA before it is transferred to Google servers in the USA. This prevents the direct personal identifiability of the IP address. Google uses the collected information on our behalf to evaluate the use of the website, compile reports on website activity, and provide us with other services related to website usage and internet usage. We have concluded a Data Processing Agreement with Google.

Data processing by Google Analytics only takes place with your consent (Art. 6 (1) lit. a GDPR), which you can give via our cookie banner or settings. You can withdraw or adjust a given consent at any time via our cookie settings; alternatively, you can also prevent the setting of Google Analytics cookies through appropriate settings in your browser.

Specific Notes: Google is certified under the EU–US Data Privacy Framework, thereby committing to adhere to European data protection principles. To ensure an adequate level of data protection, we have also concluded the Standard Contractual Clauses approved by the EU Commission with Google. Further information on data protection at Google can be found in the Google Privacy Policy. We typically store usage data collected with Google Analytics for a period of 14 months to detect longer-term trends; after that, they are automatically deleted (or earlier if you withdraw your consent). Google Analytics does not store direct identification data such as names or email addresses of our visitors.

(Note: If you use our App, similar analytics services (e.g., Firebase Analytics) may be used there to evaluate user behaviour in the App. This also only happens with your prior consent, which you can give and withdraw in the App settings. Currently, we do not use separate analytic tools for the App outside of the anonymous statistics provided by the App Stores).

2.3 Registration and Customer Account in the App

If you decide to create a customer account in our Realist App, we collect the data that is necessary for account creation and the use of our services. First, you must create a personal account in the App; for this purpose, we process the following registration data in particular (entered by you within the App):

  • Identification and Contact Data: e.g., your full name, your email address, and a password you have chosen (which is stored encrypted). We often also ask for your mobile phone number for account verification, as logging into the App is usually protected by confirming a code via SMS or App notification.
  • Profile Data: If applicable, additional information such as your date of birth, residential address, or preferred language, if necessary for the use of our financial services.

Note: At the moment, we only collect the most necessary basic data upon registration (name, contact); further personal data (such as address or ID data) are only requested when this becomes necessary for the use of certain financial services (e.g., before a first investment or for regulatory reasons). Registration in the App is voluntary, but without a customer account, you cannot fully use our investment platform. We use the registration data to set up your account, verify your identity (if necessary), and give you access to the App and our services. If we are legally obliged to check your identity, particularly in the financial sector (e.g., according to the Money Laundering Act), we may request further information or proof of identity from you (e.g., copy of an ID document or confirmation via video-ident procedure). In such cases, we will inform you separately; the processing of this additional data is then based on Art. 6 (1) lit. c GDPR (legal obligation) in conjunction with the relevant statutory provisions.

Legal Basis: The processing of your registration and profile data is primarily for the purpose of carrying out pre-contractual measures and fulfilling the user agreement (Art. 6 (1) lit. b GDPR) that you conclude with us by creating an account and using the App. Without this data, we cannot provide the account. Insofar as we collect data to fulfil legal obligations in the financial sector (e.g., age verification or tax data), this is based on Art. 6 (1) lit. c GDPR. Furthermore, certain information (such as voluntary profile information) may be based on your consent if you provide us with such additional data; in these cases, you can withdraw your consent at any time with effect for the future.

Security: All registration data provided by you is transmitted encrypted and stored securely in our backend database (hosted with AWS, see 2.6). We take technical measures to protect this sensitive data from unauthorised access (e.g., hashing of passwords, access controls).

2.4 Use of the App and Our Services

In the context of the ongoing use of your Realist investment account, we process further data that arises during the use of the App and when using our financial services. Which data this is exactly depends on the specific functions and offers you use. Essentially, the following categories of data may arise:

  • Transaction and Portfolio Data: If you make investment decisions via our App (e.g., invest in certain assets, create or change a direct indexing portfolio), the data generated in the process is processed. This includes, for example, order data (selected investment products, amounts, times), your portfolio holdings, performance data, and history data of your investments. This information is required to provide you with the respective financial products, manage your investments, and offer transparency about your asset development.
  • No Payment Data: Currently, no payment service provider is integrated into our App, meaning we do not collect bank account or credit card data from you as part of the usage. Any deposits or withdrawals related to investments take place outside our platform or are handled by partner banks. Should a payment system be integrated in the future, we will inform you in advance accordingly and only process payment data in accordance with the then-applicable data protection provisions.
  • Usage and Device Data: When using the App, technical information and usage data arise, similar to a website visit. We collect, for example, device information (device type, operating system, unique device identifiers), App event data (such as logins, clicks, functions used), and possibly error messages or crash reports. This data helps us to provide the App functions, ensure the security of your account (e.g., detection of a new device), and technically further develop our offer. For example, we use device and usage data to improve user-friendliness, correct errors, or adapt new features to common devices. In some cases, we also use external tools for this purpose (e.g., crash reporting services or performance monitoring), of course, also only under a DPA and within the EU, if possible.
  • Communication Data in the App: If our App offers functions such as push notifications (e.g., notification about successful execution of an order or new offers), we process the necessary data for this (such as a push token of your device). You only receive push messages if you have agreed to receive them in the App; you can change this at any time in the App settings. Furthermore, our system logs such notifications (time, type of message) to prove the sending and, if necessary, to detect delivery problems.

All the aforementioned data is used exclusively to provide you with the functions and services of our platform, ensure contract fulfilment, and continuously improve our service.

Legal Basis: Insofar as the processing of this usage data is necessary for the provision of the contractual service (e.g., transaction data for the execution of your order), we rely on Art. 6 (1) lit. b GDPR. This also includes account management and the technical measures that are necessary for safe and proper operation. Furthermore, certain evaluations (e.g., pseudonymised usage analyses for product improvement or logging for security purposes) may be based on our legitimate interest according to Art. 6 (1) lit. f GDPR; in such cases, we ensure that your rights are adequately protected (e.g., through pseudonymisation, restriction of access, and strict purpose limitation of the data). If necessary, we will also obtain your consent, should the use of the data go beyond the purposes necessary for the contract.

Disclosure and Partners: We generally treat your App data confidentially. Within our company, only authorised entities have access (e.g., customer support or technology, where necessary). Data is only passed on to external recipients insofar as it is necessary for the execution of your investments, e.g., to partner brokers or banks that carry out transactions (in such cases, you will be informed about the respective partners, and they will only receive the information necessary for this, e.g., order data), or if there is a legal obligation (e.g., reporting to the financial authority for certain investment transactions). Here too: We conclude contracts with all service providers to ensure data protection and data security (see end of section 1).

2.5 Contacting Us and Support Inquiries

If you contact us, for example by email to our support address, by telephone, or via a contact form, we process the data you provide to deal with the inquiry. Usually, your email address and the content of your message are sufficient for this; depending on the contact method, further details may arise (such as your name, telephone number, or, for mail, your address). We use this data exclusively to process your request and to reply to you.

Examples: If you ask a question about our products via email, we store and use your email address and inquiry content to answer the question. Or if you report a problem, we use the information you provided to reproduce and correct the error.

Legal Basis: The processing of contact data is based on Art. 6 (1) lit. b GDPR (if the inquiry is related to a contract or pre-contractual information, e.g., questions from a registered customer) or on Art. 6 (1) lit. f GDPR, our legitimate interest in responding efficiently to inquiries and providing good customer support. We have a legitimate interest in processing incoming messages and managing our communication. Should your contact be based on consent given by you (e.g., if you allow us to call you back in a web form), then Art. 6 (1) lit. a GDPR is the legal basis; you can also withdraw this consent at any time.

We only store contact inquiries for as long as it is necessary for the processing of the respective concern. In some cases, it may be useful for evidentiary reasons or in the event of follow-up questions to keep the communication about a process (e.g., documentation of a complaint). Such correspondence will be deleted at the latest when the purpose has been fulfilled and no statutory retention periods (e.g., from commercial or tax law) oppose deletion.

2.6 IT Infrastructure and Hosting (AWS)

Our entire platform, both the website and the backend systems of the App, is operated on secure servers. For the hosting of our databases, application servers, and storage resources, we use Amazon Web Services (AWS) as a technical service provider. The servers are predominantly located in data centres within the European Union (e.g., Frankfurt/Main region for AWS), so that personal data is normally stored and processed in the EU. AWS is a cloud infrastructure provider of Amazon Web Services EMEA SARL (Luxembourg) or Amazon Web Services, Inc. (USA). We have concluded a Data Processing Agreement with AWS, which includes EU Standard Contractual Clauses to ensure an adequate level of data protection. Amazon.com, Inc. is also certified under the EU–US Data Privacy Framework, so that data transfer to the USA can take place in compliance with European data protection standards; however, this is not intended.

Purposes and Legal Basis: The involvement of AWS for hosting is based on our legitimate interest in a reliable and scalable IT infrastructure (Art. 6 (1) lit. f GDPR). Hosting the data on external servers enables us to provide you with the services with high performance and fail-safety. Of course, we remain legally responsible for the data; AWS has no independent usage rights to the stored information and processes it exclusively on our behalf. Data transmission between the App/website and the AWS servers is encrypted (TLS) to protect it from unauthorised access.

3. Storage Duration and Deletion of Data

We generally only store personal data for as long as it is necessary to fulfil the respective purposes or as long as we are legally obliged to do so. In particular, the following principles apply:

  • Website Usage Data (Log files) are, as described above, only held briefly and then automatically deleted (unless a security incident requires longer retention).
  • Cookies are stored, depending on their type, either only for the session (temporary cookies) or for a duration defined by us. Many analytics cookies expire automatically after 30 days to a few months, provided you do not delete them beforehand. More precise information can be found in our cookie consent tool.
  • Account and Profile Data: Your master data as a registered customer (name, contact details, etc.) remain stored with us as long as your user account is active. If you delete your account or terminate the user agreement, we will first block your personal data in the account and delete it after any retention periods have expired.
  • Business-relevant data may have to be stored for up to 10 years (statutory requirements according to HGB, AO), e.g., account opening documentation or transaction history that flows into accounting documents. We will archive such data until the end of the retention period and then delete it.
  • Transaction and Investment Data: Data on individual investment transactions are kept for at least the legally prescribed duration. This can be up to 5 or 10 years due to tax or financial regulatory requirements. Here too, the data will be deleted or anonymised after the period expires, provided they are no longer needed for contract performance or legal obligations.
  • Support and Communication Data: We store correspondence and support tickets for as long as it makes sense for processing the request and subsequent questions. If there is no further need for clarification, we generally delete the correspondence after 2 years at the latest. Statutory retention (e.g., for business letters according to HGB) may require longer storage periods in individual cases.
  • Newsletter Data: Your email address for newsletter dispatch remains stored as long as you are subscribed to the newsletter. After unsubscribing (opt-out), your email will be deleted for newsletter dispatch. To ensure that you do not receive any further newsletters after withdrawal, your email can be blocked in a so-called blacklist. We use this blacklist exclusively for the purpose of preventing future mailings; the data contained therein will not be used for other purposes and will be regularly checked for continued necessity. You can object to this storage in individual cases if your interests outweigh our legitimate interest in preventing unwanted emails.

In principle, your data will be deleted as soon as the purpose of the processing ceases to apply and no other legal basis (e.g., statutory retention obligations) is involved. If you exercise your right to erasure or withdraw consent, we also check whether further storage is legally still required or permitted. If this is not the case, we will immediately delete the data concerned within the framework of the statutory provisions. In the latter cases, such as statutory retention obligations, the data is not deleted but blocked for further access and finally deleted after the periods have expired.

4. Marketing and Advertising

We would like to inform our users and interested parties about new offers, products, and promotions. In doing so, we naturally comply with data protection and competition law requirements. In this section, we explain how we send newsletters and which marketing measures (in particular online advertising) we use, as well as the choices you have.

4.1 Newsletter and Email Marketing

With your consent, we offer you an email newsletter that can regularly inform you about our company, our services (e.g., new features, market updates on your investments), or promotions. You only receive our newsletter if you have expressly consented to it (e.g., by subscribing on the website/App or during registration).

Subscription and Double Opt-in: If you subscribe to the waiting list or the newsletter on the website (by entering your email address), we use your email address exclusively to send you the requested invitation to the App or the newsletter. If necessary, we first send a confirmation email (Double Opt-in) to ensure that you are the owner of the specified address and actually wish to receive the newsletter. Your address will only be added to our active distribution list after this confirmation. We either do not collect any data other than the email (such as name) or only voluntarily, should you wish to provide us with this; such information then serves to personally address you in the newsletter.

Content of the Newsletter: Our newsletters contain interesting information about Realist Invest, e.g., updates on App development, new investment opportunities, event announcements, or marketing promotions. We may also send personal recommendations or content tailored to your profile, provided you are a customer – such as suggestions for suitable investment options. For the personalisation of the newsletter, we may evaluate existing customer data (e.g., which features you use), but only within the permissible framework and to offer you relevant content.

Shipping Service Provider: The newsletters are sent with the support of a specialised email service provider, with whom we have concluded a DPA. Currently, we do not yet use an external newsletter service – the invitation emails to the App are sent directly by us. In the future, we reserve the right to use a service such as Mailchimp, Sendinblue, or similar, which manages your email address and sends the messages on our behalf. In doing so, we would, of course, ensure that the provider is either located in the EU or, if outside the EU, offers suitable guarantees (such as DPF certification or standard clauses).

Tracking in the Newsletter: Our newsletters may contain a so-called tracking pixel or individual links. This allows us to track whether and when a newsletter email was opened and which links were clicked. This success measurement serves to optimise our newsletter offering (legitimate interest in evaluating reading habits). The data is only evaluated by us in aggregated or pseudonymised form; we do not combine it with your personal profile. If you do not want your usage behaviour to be recorded, you can unsubscribe from the newsletter – separate objection to tracking is technically not possible.

Legal Basis: The processing of your email address for newsletter dispatch is based on your consent (Art. 6 (1) lit. a GDPR). You give this through active registration and confirmation. You can withdraw a once-given consent at any time, e.g., by clicking the "Unsubscribe" link at the end of every newsletter or by informally notifying us using the contact details mentioned above. After withdrawal, we will remove your email address from the active distribution list. The lawfulness of the dispatch that has already taken place up to the withdrawal remains unaffected.

Unsubscription and Storage Duration: If you unsubscribe from the newsletter, your data collected for the newsletter will be promptly deleted or blocked. As mentioned above in section 3, we reserve the right to subsequently store your email address in a blacklist to ensure that you do not receive any further mailings from us. This is done on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR to fulfil the legal requirements for proving your objection to advertising. Storage in the blacklist is not time-limited, but serves exclusively the purpose of preventing future advertising emails. You can, of course, object to this if your interests outweigh our interest in individual cases – however, it is usually also in your interest not to receive any further emails.

4.2 Online Advertising and Tracking for Advertising Purposes

To acquire new customers and increase our awareness, we use online marketing measures. This includes advertising via search engines and advertising networks (e.g., Google) on the one hand, and advertising on social networks (e.g., Facebook/Instagram, LinkedIn) on the other. In doing so, we want to address those people as specifically as possible who might be interested in our offers.

Advertising Networks (Google Ads & Co.): We run advertising via the Google advertising network (Google Ads/Display Network) and possibly via other partners. For example, if you access our website via a Google ad, Google sets a cookie on your computer (so-called conversion cookie). This allows us, also via a Google service, to track which users came to us via an ad and performed a specific action (e.g., registration for the waiting list). This tells us the effectiveness of our advertising campaigns. We receive anonymised statistics from Google (no personal profiles), e.g., how many users started a registration after clicking on an ad.

Furthermore, we use Remarketing technologies: This means that if you have visited our website, we can later show you our advertising specifically on other websites. For this purpose, an appropriate advertising cookie from Google or a partner is set when visiting our site, which pseudonymously records your visit. If you later visit a page in the Google Display Network, the cookie recognises that there was an interest in our offer and enables us to display corresponding banners. The display is based on criteria provided by the advertising network, e.g., we can define target groups according to general demographic characteristics or interests, without having knowledge of individual personal data.

Personalised advertising based on your website usage data takes place exclusively with your consent to marketing cookies. If you do not consent to this personalisation or reject it, this has no effect on the general usability of our website; you may still see advertising from us, but it will not be adapted based on your previous use of our website. Please note that even if you object to our own data processing for advertising purposes, third-party providers may still display advertising that is based on their own data. We have no influence on this. However, you can determine in the settings of the respective platforms (e.g., Google) whether you want to receive personalised ads.

Social Media Ads (Facebook, Instagram, etc.): In social networks, we use both classic advertisements and targeting functions to address specific target groups. For example, we can run advertising campaigns on Facebook/Instagram that are shown to people with certain interests or characteristics (these characteristics are determined by the network based on user behaviour there). We do not receive any specific personal data about the individual addressed, but select target group segments (e.g., "Interests: Finance and Investment, Age 25-50, DACH region").

In some cases, we can also use so-called Custom Audiences. For this purpose, exclusively with your prior consent, we transmit certain customer data to the platform in encrypted form (hashed), e.g., email addresses of our registered users. The social network compares these hashes with its user database to find overlaps (match). If a user account matches our provided hashes, we can specifically display advertising to this user (e.g., "User has already registered, show them advertisement X"). Non-matching datasets are discarded by the network. Depending on the design, this processing takes place either on our behalf as a processor of the network or, if the network also uses the data for its own purposes, as a joint controller with us, in which case the user's consent is a prerequisite at the network. We have concluded corresponding supplementary agreements with the major providers (e.g., Meta/Facebook) to protect data protection obligations in joint processes.

We receive aggregated reports from the platforms on the success control of our social media campaigns. In some cases, we also use analysis functions of the networks that use cookies or SDKs in our website/App to recognise whether a user who has seen or clicked on an advertisement has subsequently registered, for example. In this process, limited user data (e.g., a unique ad ID or cookie ID) is shared with the social network, which compares this information with its own data (e.g., your Facebook profile). This allows us to measure the success of the ad vis-à-vis the platform (Conversion Tracking). Such tracking measures on our website are also only carried out with your cookie consent for marketing. If you do not consent to marketing tracking, we do not share any website data collected via cookies with the advertising networks for these purposes. (This does not necessarily affect the general advertising you see on the platforms, but only the use of your data from our website) .

Legal Basis: The use of advertising and tracking cookies on the website for personalised advertising is based exclusively on your consent (Art. 6 (1) lit. a GDPR; § 25 (1) TTDSG). This applies in particular to remarketing via Google & Co. as well as to any Facebook Pixel integrations on our website. You can withdraw this consent at any time via our cookie banner (settings); the lawfulness of the data processing carried out until then remains unaffected.

The placement of advertising in external networks itself (i.e., the display of advertisements on their sites) is generally carried out as part of our legitimate interest in marketing (Art. 6 (1) lit. f GDPR). However, the underlying data processing within the platforms is outside our direct sphere of influence and is governed by the data protection provisions of the respective provider. Our active data transmissions to the advertising partners (e.g., hash comparisons or conversion data) are carried out, as described, only on the basis of your consent or within the framework of a commissioned processing.

Right to Object: You can object to the processing of your data for direct marketing at any time (see also section 5, Right to Object). If, for example, you no longer wish to see personalised advertising from us, you can adjust your cookie settings accordingly (deactivate advertising cookies) and, if necessary, additionally notify us of your objection. Please note that you may still see advertising from us on other channels if it is based on other bases (for example, because the platform selects you as part of a target group without us having transmitted your data for this purpose). To generally reject advertising profiling in certain networks, we recommend that you use the opt-out options directly with the respective platforms (e.g., your Google advertising settings, settings in your Facebook/Instagram account, or industry-wide opt-out pages such as those of the Network Advertising Initiative).

5. Your Rights as a Data Subject

As a user of our website/App and as a person affected by our data processing, you have various rights about which we hereby inform you. You can exercise these rights informally at any time using the contact details provided above (or directly through our Data Protection Officer).

Your rights include in particular:

  • Right of Access (Art. 15 GDPR): You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed. If this is the case, you can request access to this data. The access includes information about the categories of processed data, the purposes of the processing, the recipients (or categories of recipients) to whom we have disclosed or will disclose the data, the planned storage duration or the criteria for its determination, as well as information about your other rights. You also have the right to receive a copy of the personal data undergoing processing.
  • Right to Rectification (Art. 16 GDPR): You can demand the immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to demand the completion of incomplete data, including by means of a supplementary statement.
  • Right to Erasure (Art. 17 GDPR): You have the so-called "right to be forgotten". We are obliged to erase your personal data if the requirements of Art. 17 GDPR are met. This is particularly the case if the data is no longer necessary for the purposes for which it was collected, if you withdraw a given consent and there is no other legal basis, or if you object to processing based on a legitimate interest for personal reasons and there are no overriding legitimate grounds for the processing. We will also erase your data in the event of unlawful processing or a legal obligation to erase. Please note: The right to erasure is not absolute; there are exceptions. For example, it does not apply insofar as processing is necessary for compliance with a legal obligation (e.g., statutory retention obligations) or for the establishment, exercise, or defence of legal claims.
  • Right to Restriction of Processing (Art. 18 GDPR): Under certain conditions, you can demand that we only continue to process your data to a restricted extent. This right exists, for example, if you contest the accuracy of the personal data (for the duration of our verification), or if you prefer a restriction instead of erasure in the case of data processing that should actually be erased, or if we are examining your objection request. In the case of a restriction, we mark the affected data and, apart from storage, only process it for narrow exceptional purposes (e.g., for the establishment of legal claims).
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive the data that you have provided to us and which we process automatically on the basis of your consent or for contract performance, in a structured, commonly used, and machine-readable format. If requested and technically feasible, you can also demand that we transmit this data directly to another controller (e.g., another service provider).
  • Right to Object (Art. 21 GDPR): (a) Insofar as we base processing on our legitimate interest, you have the right to object to this processing on grounds relating to your particular situation. We will then no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defence of legal claims. (b) You also have the absolute right to object to the processing of your data for direct marketing purposes at any time. If you object to processing for advertising purposes, we will no longer use your personal data for these purposes (this includes any profiling insofar as it is related to direct marketing). You can address your objection to us informally (e.g., by email); ideally, you should use the contact details provided in the imprint or above.
  • Right to Withdraw Consent (Art. 7 (3) GDPR): If the processing is based on your consent, you can withdraw this consent at any time. You only need to send us a message. You can do this, for example, by sending us an email. Withdrawal applies from the time it is asserted for the future; the lawfulness of the processing up to then remains unaffected. We have already described some specific withdrawal options to you in the corresponding sections of this declaration (e.g., unsubscribe link in the newsletter, cookie settings).
  • Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): Finally, you have the right to lodge a complaint with a data protection supervisory authority. You can do this with the authority responsible for us or with the authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement; the right to complain applies EU-wide. For WealthFuse GmbH, the Berlin Commissioner for Data Protection and Freedom of Information is generally responsible (Address: Alt-Moabit 59-61, 10555 Berlin, Germany, Email: mailbox@datenschutz-berlin.de, Tel: +49 30 13889-0). The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Further Questions? If you wish to exercise one of your rights or have general questions about data protection at Realist, you can contact us at any time. Simply send us an email (to info@wealthfuse.de) or contact us by post. We will promptly review your request and implement it in accordance with statutory requirements. We are also happy to help you if you do not understand explanations in this Privacy Notice or require further information

 

logo

App

Join the Waitlist

Organization

About Us

Data protection

Imprint

|

The value of investments and any income from them may fluctuate and investors may not get back the full amount invested.

@Realist 2025