Legal

Privacy Policy

Last updated: July 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Henrion Advisory GmbH
Friedrich-Karl-Straße 10
68165 Mannheim
Germany
Email: info@henrionadvisory.com

2. General information on data processing

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data regularly takes place only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by law.

Where we obtain the consent of the data subject for processing operations, Art. 6 (1) lit. a GDPR serves as the legal basis. For processing necessary for the performance of a contract or pre-contractual measures, Art. 6 (1) lit. b GDPR serves as the legal basis. Where processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis.

3. Provision of the website and server log files

Each time our website is accessed, our system automatically collects data and information from the accessing computer system. The following data may be collected:

  • IP address of the user (shortened or anonymised where technically possible)
  • date and time of access
  • page or file accessed
  • browser type and version, operating system
  • referrer URL (the previously visited page)

Storage in log files takes place to ensure the functionality and security of the website. The legal basis is Art. 6 (1) lit. f GDPR. This data is not merged with other data sources. The data is deleted as soon as it is no longer required to achieve the purpose of its collection.

4. Contact form and email contact

Our website contains a contact form that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask (name, company, email address, phone number, message) is transmitted to us and stored. Alternatively, contact is possible via the email address provided.

This data is processed to handle the contact request and to initiate a possible mandate or business relationship. The legal basis is Art. 6 (1) lit. b GDPR (pre-contractual measures) and Art. 6 (1) lit. f GDPR (legitimate interest in processing enquiries). The data is deleted as soon as it is no longer required to achieve the purpose of its collection and no statutory retention obligations apply.

Given the confidentiality of the capital and transaction processes we support, we recommend sharing confidential documents only following separate coordination — not via the contact form.

5. Appointment scheduling via Calendly

We use the Calendly service provided by Calendly LLC, 271 17th St NW, Atlanta, Georgia 30363, USA, for scheduling conversations. When you book an appointment via the corresponding buttons, you are redirected to the Calendly website. Calendly processes the data you enter (e.g. name, email address, selected appointment) as well as technical access data.

The legal basis is Art. 6 (1) lit. b GDPR (appointment scheduling as a pre-contractual measure) and Art. 6 (1) lit. f GDPR. Transfers to the USA take place on the basis of the EU Commission's Standard Contractual Clauses or the EU-U.S. Data Privacy Framework, to the extent the provider is certified thereunder. Further information can be found in Calendly's privacy policy: calendly.com/privacy

6. Embedding of YouTube videos

We embed videos from the YouTube service on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When a video is played, a connection to YouTube's servers is established. Personal data (including IP address, device information) may be transmitted to YouTube or Google. If you are logged into your YouTube account, YouTube may associate your browsing behaviour with your personal profile.

The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in an appealing presentation of our offering) or your consent pursuant to Art. 6 (1) lit. a GDPR, insofar as such consent is obtained via a consent solution. Further information: policies.google.com/privacy

7. Web fonts (Google Fonts)

This website uses so-called web fonts provided by Google (Google Ireland Limited) for the uniform display of typefaces. When a page is accessed, your browser loads the required fonts into its cache. Your IP address may be transmitted to Google servers in this process. The legal basis is Art. 6 (1) lit. f GDPR. We recommend that our technical service provider embed the fonts locally in order to avoid transmission to Google.

8. Cookies

Our website does not use tracking or marketing cookies. Technically necessary storage operations (e.g. session information) take place on the basis of Sec. 25 (2) TDDDG and Art. 6 (1) lit. f GDPR. Should consent-requiring services be used in the future, a corresponding consent solution will be implemented.

9. Disclosure of data

Your personal data is only transferred to third parties if this is necessary for the handling of the mandate or business relationship (e.g. to involved advisers or capital partners within a process commissioned by you), if you have consented, if a legal obligation exists, or if this is necessary for the establishment, exercise or defence of legal claims. All mandate-related communication takes place confidentially and selectively.

10. Storage period

We process and store personal data only for the period required to achieve the purpose of storage or to the extent that statutory retention periods (in particular under the German Commercial Code (HGB) and the German Fiscal Code (AO)) apply. Once the purpose ceases to apply or the periods expire, the data is routinely deleted.

11. Your rights as a data subject

You have the following rights vis-à-vis us with regard to your personal data:

  • right of access (Art. 15 GDPR)
  • right to rectification (Art. 16 GDPR)
  • right to erasure (Art. 17 GDPR)
  • right to restriction of processing (Art. 18 GDPR)
  • right to data portability (Art. 20 GDPR)
  • right to object to processing (Art. 21 GDPR)
  • right to withdraw consent given, with effect for the future (Art. 7 (3) GDPR)

An informal notification to the contact details above is sufficient to exercise your rights.

12. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data (Art. 77 GDPR). The competent supervisory authority for Henrion Advisory GmbH is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de

13. Data security

We take appropriate technical and organisational measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. This website is transmitted in encrypted form via HTTPS/TLS.

14. Validity and amendment of this privacy policy

This privacy policy is currently valid (last updated: July 2026). Due to the further development of our website and offerings, or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version is available on this page at any time.

Contact