Data Protection & GDPR Compliance

499X Capital GmbH · Valid as of 30 November 2025

1. Controller
499X Capital
Dr. Christoph Lymbersky
E-Mail: info@499x.capital
is the controller within the meaning of Art. 4 (7) GDPR for all personal data processed in connection with the acquisition of shares, investor onboarding, and ongoing investor relations.

2. Purpose and Legal Basis of Processing
We process your personal data exclusively for the following purposes:

Performance of the share subscription agreement and the articles of association (Art. 6 (1) b GDPR)
Compliance with statutory obligations (commercial register, money-laundering act, tax law – Art. 6 (1) c GDPR)
Protection of legitimate interests, in particular secure identification of shareholders, prevention of fraud, and direct marketing to existing investors (Art. 6 (1) f GDPR)

3. Categories of Personal Data

Full name, date of birth, nationality, address
Copy of passport or ID card
Bank account details (IBAN)
Tax ID and tax residency information
Investment amount and shareholding
Communication data (e-mail, telephone, correspondence)

4. Recipients of Personal Data

Notary public (shareholder list)
Commercial register court
Tax advisor and auditor of the GmbH
Contracted service providers (IT hosting, KYC software, e-mail provider) who are bound by strict data-processing agreements (Art. 28 GDPR)
In individual cases: competent authorities (e.g. tax authorities, law enforcement)

Personal data is not sold and is not transferred to third countries outside the EEA except to our wholly-owned subsidiaries in Switzerland (adequacy decision) and the UAE (standard contractual clauses).

5. Storage Period
Investor data is stored for the duration of the shareholding plus 10 years after complete exit from the company (statutory retention periods under German commercial and tax law – §§ 257 HGB, 147 AO).

6. Your Rights of Data Subjects
You have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing at any time. Please address requests to privacy@499x.capital.
You also have the right to lodge a complaint with the competent supervisory authority (in our case: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit).

7. No Automated Decision-Making
There is no automated individual decision-making or profiling.

8. Data Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted to a need-to-know basis and protected by two-factor authentication.

By signing the subscription agreement, you confirm that you have read and understood this GDPR information.

+ 49 160 904 966 77

info@499X.capital

Dedicated to preserving and growing private and institutional wealth during periods of economic instability and systemic risk.

Our address in the USA:

Our social: