Legally required information for business correspondence


360 Treasury Systems AG
Grüneburgweg 16-18
60322 Frankfurt am Main

Phone: +49 69 900 289 0
eMail: [email protected]


Registered Office: Frankfurt

Commercial Register Frankfurt, No. HRB 49874

Relevant fiscal authority: Finanzamt Frankfurt III, company tax no.: 014 225 76708
VAT identification number: DE 21 21 37 654

Competent supervisory authority:
Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), Bonn

360 Treasury Systems AG is assigned to the Compensatory Fund of Securities Trading Companies (EdW).

Executive Board

Carlo Kölzer
Thomas Spaun
David Hable

Supervisory Board

Andreas Preuss

Data protection information under the EU General Data Protection Regulation

The following information provides an overview of how we process your personal data and your rights under data protection law.

Who is responsible for the data processing and who can I contact in this regard?

360 Treasury Systems AG (360T) is acting as a data controller and determines the purposes and means of the processing of personal Data in the context of providing services to all customers. 

360T AG has responsibility for compliance with the obligations under the GDPR vis-a-vis the Data Subjects. A Data Subject may exercise its rights (such as access right, right to rectification, right to restriction, right to object, right to data protability and right to be forgotten) in respect of the controller. 

360 Treasury Systems AG
Grüneburgweg 16-18
60322 Frankfurt am Main

Phone: +49 69 900 289 0
Fax: +49 69 900 289 29

You can reach the data protection officer via the above address or via email [email protected]

What sources and data do we use?

We process personal data which we receive from our clients in the context of our business relationship. This includes personal data we receive from persons acting as representative/agent of the legal entity of a prospective and/or existing client. 

To the extent necessary in order to provide our services, we also process personal data which we lawfully (e. g., for executing orders, performing contracts or on the basis of your consent) receive from you, other entities in 360T or Deutsche Börse Group, or from business partners. 

In some cases, we may be required to collect additional information based on legal and regulatory requirements from publicly available sources (e. g., debtor directories, land registers, commercial registers and registers of associations, press, media, Internet) which we lawfully obtain and are permitted to process. 

We only use data that is required to execute the business relationship, to provide the trading platform, and fulfil our contractual, legal, and regulatory requirements. Relevant personal data are personal details (name, address and other contact data) and legitimisation data (such as data from ID cards). In addition, these may also be contract data (such as an order), data resulting from the performance of our contractual obligations (such as a trade), information about your financial status (such as data on credit standing, scoring/rating, data relevant for loans (income and expenditure), documentation data (such as an excerpt from the Commercial Register) and other data comparable with the above-mentioned categories.

How is data processed when I use your services? 

As a trading platform, we primarily process data as controllers in order to comply with stringent regulatory requirements. In addition, we are bound by the agreements we sign with parties accessing the platform. Running the platform involves the processing of personal data of employees of clients and clients of client organisations. Where required, we will process more detailed information about users relying on our services to comply with our obligations under Know Your Client (KYC) rules and other applicable regulations. 

Purpose for processing data

Legal basis which permits the processing 

Categories of personal data used for the purpose 

To provide 360T’s non-ITEX services including:

  • the EMS service
  • the Bridge service
  • Supersonic Trader
  • Active Trading Suite
  • Analytics services 

Performance of the contract per art 6(1)b) GDPR 

Personal data processed will depend on the type of transactions taking place. More sensitive transactions will require elevated KYC checks and the processing of more sensitive data. It is not expected that special category data will be processed.

In general, personal data processed on our platform will be limited to name, email address and telephone number. This data is processed to allow delivery of platform services

Where required by law/applicable financial regulations, we may collect and store identity documents and dates of birth. Additional data are collected and processed where required by applicable financial regulations in the European Union and United Kingdom.

To provide 360T’s ITEX services 

Legal obligation per art 6(1)(c) GDPR 

Email addresses 

To carry out analytics for the purposes of product improvements 

Legitimate interests of the data controller per art 6(1)(f) 

360T may process personal data to analyse server and device logs to identify vulnerabilities, crashes and to then correct them. During this review, personal data may be processed including usage patterns 

The delivery of Marketing, email newsletters, client satisfaction surveys and other uses of personal data where we request your consent.  

Consent per art 6(1)(a)

Legitimate interest per art 6(1)(f)

360T processes data to deliver marketing and service information in accordance with consent granted by each respective data subject.

Where processing activities are carried out outside of the scope of consent, processing shall be on the basis of the 360T’s legitimate interest as controller. Details of our reliance on legitimate interest are provided in paragraph d. below (Why do we process your data).

Why do we process your data (purpose of the processing) and on what legal basis? 

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR). We rely on the following lawful bases to process your personal data depending on the purpose: 

a. in connection with the performance of a contract to which 360T is a party (Art. 6 para. 1b of the GDPR) and where it is necessary for the purpose of 360T’s legitimate interests (Art. 6 para 1f of the GDPR). 

For example, to identify, provide access, and facilitate trading on the TEX platform, mapping of User-IDs to external systems, monitor and improve the user experience. This lawful basis is relied upon in connection with the delivery of the services provided by 360T

b. to comply with legal obligations to which 360T AG are subject (Art. 6 para. 1c of the GDPR) or in the public interest (Art. 6 para. 1e of the GDPR)

As we are a regulated entity in the financial sector, we are subject to various legal obligations, meaning statutory requirements (e.g. Anti-Money Laundering Act) and bank regulatory requirements. Examples of the purposes of processing include the assessment of creditworthiness, identity and age checks, fraud and money laundering prevention, fulfilling control and reporting obligations under fiscal laws, and measuring and managing risks. We are also required to keep records according to section 83 para 1 and 2 of the German Securities Trading Act (WpHG) in conjunction with German Securities Administration and Organisation Regulation (WpDVerOV). Depending on the instrument and trading venue, additional provisions may apply. 360T may store data for the purpose of establishing, exercising or defending legal claims for the period that such claims may be brought. 

c. on the basis of your consent (article 6 (1) a) GDPR)

Insofar as you have granted us consent to the processing of personal data for specific purposes (e.g., marketing, email newsletters, client satisfaction surveys, request demo), the lawfulness of such processing is based on your consent. Any consent granted may be revoked at any time. This also applies to the revocation of declarations of consent that are granted prior to the entry into force of the EU General Data Protection Regulation, i.e., prior to 25 May 2018. Please be advised that the revocation will only take effect in the future and does not apply to processing carried out prior thereto. 

d. Legitimate interest (article 6 (1) (f) GDPR)

When you interact with members of our sales team your contact details will be shared with other members of the sales/marketing team to more effectively manage your account. We may inform you of other services linked to those that you have already bought. Please contact us either via your sales contact or directly through the data protection contact method to be opted out of any marketing  communications. Our marketing emails will also include unsubscribe links.  

Who receives my data?

Within 360T, those units will be granted access to your data that need them in order to comply with our contractual and statutory obligations. Where 360T subsidiaries need to access your data, appropriate contracts, including the latest standard contractual clauses where appropriate, are in place to safeguard the data. 

Access may also be given to service providers as processors which  comply with directions under the respective contracts in accordance with data protection law. 

We may also disclose data to 3rd parties if we are legally required to do so. This includes: 

User Mapping Reports that are sent to market makers, market takers, and liquidity providers 
Notifications on executed or failed trades to counterparties 
Audit logs and reports on trading activities to regulators and appointed regulatory service providers (e.g. BaFin, the European Central Bank, Tax offices, the CFTC, National Futures Association etc.) insofar as a statutory or official obligation exists 

We may also need to disclose your data to regulators, auditors, and other companies in the Deutsche Börse Group for the purposes of risk management on the basis of statutory or official obligations. 

Is data transferred to a third country or to an international organisation?

For 360T AG to provide its services and carry out business activities globally and on a 24/7 basis it is necessary to transfer data to various countries and international organisations (including suppliers, customers and others). 360T takes the protection of your personal data and your rights in relation to your personal data seriously. As such, we seek to meet best practice standards for data protection and security in relation to your data.  

Data will only be transferred to countries which are not deemed to be ‘adequate’ by the European commission where 360T AG has taken additional measures to ensure an adequate level of protection for such transfers. Data will only be transferred in this context (to so called third countries) if this is required for the execution of the business relationship, and in accordance to GDPR Chapter 5 on “Transfers of personal data to third countries or international organisations”. 

These additional measures may not be taken when transfers are to the EU, the EEA or those countries where there is a so called ‘Adequacy Decision’.  

How long will my data be stored?

We process and store your personal data as long as it is necessary for the performance of our contractual and statutory obligations. In this regard, it should be noted that our business relationship is a continuing obligation designed to last for several years. 

If the data are no longer required for the performance of our contractual and statutory obligations, they are regularly deleted, unless their further processing (for a limited time) is necessary for the following purposes: 

Compliance with records retention periods under commercial and tax law, such as the German Commercial Code (Handelsgesetzbuch – HGB); the German Tax Code (Abgabenordnung – AO); the Banking Act (Kreditwesengesetz – KWG); the Money Laundering Act (GeldwäschegesetzGwG); and the Securities Trading Act (WertpapierhandelsgesetzWpHG). The records retention periods prescribed therein range from two to 10 years. 
Preservation of evidence within the scope of statutes of limitations. Under section 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), these limitation periods may be up to 30 years, whereby the regular limitation period is three years. 

What data protection rights do I have?

Every data subject has a right of access (article 15 GDPR), a right to rectification (article 16 GDPR), a right to erasure (article 17 GDPR), a right to restriction of processing (article 18 GDPR), a right to object (article 21 GDPR) and a right to data portability (article 20 GDPR) and Right to withdraw consent (Article 7(3) GDPR). The right of access and right to erasure are subject to the restrictions under sections 34 and 35 BDSG. Data subjects also have a right to lodge a complaint with a supervisory authority (article 77 GDPR in conjunction with section 19 BDSG).

You can request that your information is updated, corrected or deleted by sending an e-mail to [email protected].

You may revoke your consent to the processing of personal data at any time. Please note, such an objection will only apply to processing where the relied on lawful basis is consent. This also applies to the revocation of declarations of consent that are granted prior to the entry into force of the EU General Data Protection Regulation, i.e., prior to 25 May 2018. Please be advised that the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby. 

Via the below link you may change your privacy settings Cookie Settings

Am I under any obligation to provide data?

Within the scope of our business relationship, you must provide personal data which is necessary for the initiation and execution of a business relationship and the performance of the associated contractual obligations or which we are legally obligated to collect. As a rule, we would not be able to enter into any contract or execute the order without these data or we may no longer be able to carry out an existing contract and would have to terminate it. 

In particular, provisions of money laundering law require that we verify your identity before entering into the business relationship, for example, by means of your identity card and that we record your name, place of birth, date of birth, nationality and your residential address. In order for us to be able to comply with this statutory obligation, you must provide us with the necessary information and documents in accordance with section 4 (6) GWG and notify us without undue delay of any changes that may arise during the course of the business relationship. If you do not provide us with the necessary information and documents, we will not be allowed to enter into or continue your requested business relationship. 

To what extent is automated decision making (including profiling) carried out?

As a rule, we do not make decisions based solely on automated processing as defined in article 22 GDPR to establish and implement the business relationship. If we use these procedures in individual cases, we will inform you of this separately, provided that this is prescribed by law. 

Is “profiling” used?

In some cases, we process your data automatically with the aim of evaluating certain personal aspects (profiling). For instance, we use profiling in the following cases: 

We are required by law to take anti-money laundering and anti-fraud measures. 
In order to provide you with targeted information and advice on products, we use evaluation tools. These enable demand-oriented communication and advertising, including market and opinion research. 

Information on your right to object under article 21 of the EU General Data Protection Regulation (GDPR) 
  1. Ad hoc right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on article 6 (1) e) GDPR (processing in the public interest) and article 6 (1) f) GDPR (processing for the purposes of safeguarding legitimate interests); this includes any profiling based on those provisions within the meaning of article 4 (4) GDPR. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims. 
  2. Right to object to the processing of data for marketing purposes In certain cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. 

If you object to processing for direct marketing purposes, we will no longer processes your personal data for such purposes. 

There are no formal requirements for lodging an objection. 

Use of Matomo

This website uses Matomo, a web analytics service and an open source project.  

Matomo uses so-called “cookies”, text files that are stored on the computer of the respective visitor of this website and that allow an analysis of the use of the website by this visitor. The cookies do not give us any information about your identity. Your data will not be transmitted to servers outside our control. We will use this information to evaluate the use of the website by visitors, to compile reports on website activity and to provide other services related to website activity and internet usage to 360 Treasury Systems AG

If you voluntarily agree to the analysis via Matomo, the following data will be processed: 

(1) 2 octets of the IP address of the user’s calling device.

(2) The accessed website

(3) The website from which the user accessed the accessed website (referrer).

(4) The sub-pages accessed from the accessed website

(5) The time spent on the website

(6) The frequency with which the website is accessed

(7) Clicks and downloads within the page

Visitors of the website can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.  

Opt-out of website tracking

You can opt out of being tracked by our Matomo Analytics instance below at any time: 

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again. 

To exercise any of the rights mentioned in this Privacy Policy and/or in the event of questions or comments relating to the use of Personal Data you may contact Matomo’s support team: [email protected].

Use of Talents Connect

Object of data protection

Talents Connect provides tools for optimizing recruiting processes. In order to manage your application process, personal data may be processed..Examples of the personal data processed include name, postal address, e-mail address or telephone number, but possibly also usage data. Usage data is the kind of data required to use our websites, such as information about the beginning, end and extent of the use of our website and login data. More detail as to the data Talents Connect collects and how it is processed is provided below:

Collection and use of data

Automated data collection 

When accessing the web pages of 22CONNECT, in this case the careers page of 360T AG, the Internet browser automatically transmits data for technical reasons. The following information is stored separately from any other information that may be submitted: 

type / version Used operating system
URL of previously visited web page
IP address
Amount of data sent

This data is stored for technical reasons only and is never assigned to a specific person. Talents Connect reserves the right to check this data retrospectively, if they become aware of specific indications for illegal use. 

More Information on Talents Connects data protection regulations can be found here:

Use of Clever Reach

Object of data protection

Clever Reach provides tools to manage the subscription process and regular sending of a Thought Leadership-Publication, issued by 360T AG. 

Collection and use of data

Automated data collection

When accessing and registering to the Thought Leadership-Publication with the subscription form visitors are using a plugin provided by Clever Reach. The plugin allows 360T to connect the Thought Leadership-Publication- software with the WordPress backend and it enables subscribers to sign-up to the publication in compliance with data protection regulations. 360T AG’s free Thought Leadership-Publication “FX Spotlight” provides regular Thought Leadership articles via e-mail, edited by 360T AG. Any data entered here will only be used to personalise the email and will not be passed on to third parties beyond 360T AG and the service providers used to facilitate this publication service. 

Subscribers can unsubscribe from the publication at any time or revoke their consent by e-mail to [email protected]. Subscriber’s data will be deleted after the end of the publication reception, provided that the deletion does not conflict with any statutory storage requirements. When using the subscription form the Internet browser automatically transmits data for technical reasons. The following information is stored separately from any other information that may be submitted: 

type / version Used operating system
IP address

This data is stored for technical purposes only. Clever Reach reserves the right to check this data retrospectively, if they become aware of specific indications for illegal use. 

More Information on Clever Reach data protection regulations can be found here:

Use of reCaptcha by Google (Only for CleverReach registration forms) 

We use Google’s reCaptcha service to determine whether a human or a computer is making a particular entry in our newsletter form. The following data may be processed as part of this activity : IP address of the terminal device used, the website you visit on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images.  

The legal basis for the processing is Art. 6(1) lit. f of the General Data Protection Regulation. The relied upon legitimate interest is to ensure the security of our systems and, in particular to protect us from automated entries (attacks). 

Request demo 

Where a potential customer requests a demonstration their information will be stored centrally and passed to the relevant regional team including marketing and sales teams. An individual team member will then review the request and get in touch.  

Can’t find what you’re looking for?

For additional information on regulatory matters please contact us

Global Head:
Regulatory Affairs

[email protected]
360 Trading Networks
Grüneburgweg 16-18/ Westend Caree
60322 Frankfurt am Main
+49 69 900 289 0