Hintergrundbild Sophia Rein blasse Wolken

Data Protection

At Baumann & Partners S.A., data protection is of utmost importance. We take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with applicable data protection laws as well as this Privacy Notice.

1. General
This Privacy Notice applies to the following processes:

  • Use of our website and all linked external websites
  • Processing of inquiries


2. Data Controller
 The controller responsible for processing your personal data is:

Baumann & Partners S.A.
5, Heienhaff
L-1736 Senningerberg
Luxembourg
Phone: +352 24 69 35 34
Fax: +352 24 69 35 35
Email: datenschutz@bpam.lu


3. Data Protection Officer
Baumann & Partners S.A. has appointed a Data Protection Officer. You can contact the Data Protection Officer at:

Baumann & Partners S.A.
Data Protection Officer
5, Heienhaff
L-1736 Senningerberg
Luxembourg
Phone: +352 24 69 35 34
Email: datenschutz@bpam.lu


4. General Information on Data Processing
We process personal data only insofar as legally permissible. Disclosure of personal data occurs exclusively in the cases described below. Personal data is safeguarded by appropriate technical and organizational measures (e.g., pseudonymization, encryption). 

Unless we are legally required to retain or disclose data (particularly to law enforcement authorities), the type, duration, and scope of personal data processing depends on the specific purpose for which we process your data and the services you use.


5. General Information on Retention Periods
Personal data is erased once the purpose of processing no longer applies, or another reason for erasure under Article 17 (1) GDPR arises. In exceptional cases, we may continue to process your personal data where an exemption from the erasure obligation applies, in particular under Article 17 (3) GDPR. Technically necessary cookies are generally deleted once the browser is closed. You may disable these cookies in your browser under “Settings,” though this may restrict website functionality. Non-essential cookies may remain active from a few minutes up to several years but can be deleted manually via your browser settings. Data collected via Matomo (see section 11) is deleted after a maximum of 12 months. You may object to data collection at any time by blocking cookies in your browser or disabling the Matomo tracking function.


6. Data Processed for Website Provision and Log Files
The use of our website and its functions generally requires the processing of personal data.
If you access external websites via links provided on our website, please note that these are not clearly marked as such and are operated by third parties. We are not responsible for the compliance of these third-party websites with data protection laws.

6.1. What Data is Processed and for What Purpose?
Each time our website content is accessed, certain data is temporarily stored, which may allow identification. This data is used solely to analyze website usage and improve user experience.
Key objectives:

  • Improving website content and structure
  • Identifying user preferences and behavior
  • Optimizing website performance

    Collected data includes (among others):

    • Visitor IP address
    • Date and time of access
    • Title and URL of visited page
    • Referrer URL
    • Browser type/version, installed plugins
    • Operating system and device type (desktop, tablet, smartphone)
    • Screen resolution / viewport size
    • Browser language
    • Country, region, city (derived from IP via Geo-IP)
    • Data transfer volume
    • Page load time
    • External links or downloads clicked
    • Campaign parameters (e.g., UTM tags, referrer campaigns)
    • Search terms and categories used in on-site search
    • Scroll depth, time on page, and interactions
    • Event tracking (e.g., button clicks, video plays)
    • Goal/conversion tracking (e.g., newsletter sign-ups, contact forms)
    • Returning visitor ID (via cookie or cookieless fingerprinting)
    • Timestamps of first, previous, and current sessions, and total visit count

    Purposes of processing:

    • Ensuring smooth website connection
    • Ensuring convenient website use
    • Evaluating system security and stability
    • Other administrative purposes

    Legal basis: Article 6 (1) sentence 1 (f) GDPR. Our legitimate interest derives from the purposes listed above. We never use the collected data to draw conclusions about your identity.

    6.2. Are There Other Recipients of Personal Data?
    The website is hosted by Baumann & Partners S.A. The use of DepotLux is operated not by Baumann & Partners S.A., but by Investmentgate GmbH & Co. KG, processing data on behalf of Baumann & Partners S.A.

    6.3. How Long is the Data Stored?
    Data is deleted once it is no longer required for its intended purpose. For website provision, this is when the session ends. Log files for technical use are retained only for administrators. Afterward, they are accessible solely through backup restoration before being permanently erased.
    Non-essential data is stored based on your consent (see section 10 on cookies).Data submitted with inquiries is stored for as long as necessary to fully process the request.


    7. Data Disclosure
    We do not transfer your personal data to third parties for purposes other than those listed below. Data is shared only if:

    • You have given explicit consent (Article 6 (1) (a) GDPR)
    • Disclosure is necessary to assert, exercise, or defend legal claims (Article 6 (1) (f) GDPR) and there is no overriding legitimate interest against disclosure
    • There is a legal obligation (Article 6 (1) (c) GDPR)
    • Disclosure is lawful and necessary for contract performance (Article 6 (1) (b) GDPR) 


    8. Transfers to Third Countries
    No data is transferred to third countries outside the EU or EEA.


    9. Processing of Inquiries
    Personal data is processed in connection with the asset management agreement (including contract initiation, communication, billing and termination of the contractual relationship). If you contact us by email, telephone or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. This data is processed on the basis of Article 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time. The data you send us via contact enquiries will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected. 


    10. Cookies
    We use cookies to operate our website. These are files that your browser stores on your device when you visit our website. They are used to store data about your visit and for recognition purposes, as well as for statistical recording, improvement and to ensure the operation of our website. A distinction is made between transient cookies, which are deleted as soon as your browser is closed, and persistent cookies, which are stored beyond the respective session and recognise you the next time you visit the website. In terms of function, a distinction is made between technically necessary and non-necessary cookies. 

     

    10.1. Technisch notwendige Cookies
    Here you will find all cookies that are necessary for the operation of our website and its functions (technically necessary cookies). The legal basis for this is Article 6(1)(f) GDPR. These are usually set in response to an action you have taken. This includes registration, login or settings such as language or cookie preferences. It is possible to deactivate these cookies in your browser. In this case, however, we cannot guarantee that our website will function properly. The following cookies are necessary for the operation of the website and therefore cannot be deselected.

    1. WSESSIONID
      Storage duration: session
      Standard cookie required to use session data with PHP.

    2. hideCookieNotice
      Storage period: Up to 30 days, depending on selection
      Stores that the cookie or data protection notice is not displayed again each time the page is accessed.

    3. websitezoom
      Storage duration: session
      Remembers the size at which fonts should be displayed.

    4. allowLoadExternRessources
      Storage period: Up to 30 days, depending on selection
      Remembers the user's decision on whether external components may be loaded automatically.

    5. allowTracking
      Storage period: Up to 30 days, depending on selection
      Remembers the user's decision that visitor behaviour may be tracked.

    6. wDisableWaNextReqest
      Storage duration: Session
      Prevents re-recording in Weblication® statistics when the page is accessed.

    7. hasShownInfo
      Storage duration: Session
      Prevents a notification box that is only to be displayed once from being displayed multiple times.

    10.2. Cookies that are not technically necessary
    Here you will find all cookies that are not strictly necessary for the operation of our website and its functions (technically unnecessary cookies). The use of such cookies constitutes data processing that is only permitted with your active consent (Article 6(1)(a) GDPR). This also applies to the transfer of your personal data to third parties. You can delete individual or all cookies via your browser settings. In addition, you have the option of generally deactivating cookies or restricting them to certain domains via your browser settings.

    We use technically non-essential cookies, known as optional marketing cookies, to display targeted content to you.
    The use of the following marketing cookies is based exclusively on your prior consent in accordance with Article 6(1)(f) GDPR.

    1. bpam_counter_career
      Storage period: 30 days
      Measures user interest in the topic of ‘career’. The cookie does not contain any personal data.
       
    2. bpam_counter_family_office
      Storage period: 30 days
      Measures user interest in the topic of ‘Family Office Services’. The cookie does not contain any personal data. 

    3. bpam_counter_private_wealth
      Storage period: 30 days
      Measures user interest in the topic of ‘private wealth’. The cookie does not contain any personal data.


    11. Analyse-Tools
    For the purpose of optimising and analysing our online offering within the meaning of Article 6(1)(f) GDPR, we use the analysis service Matomo on-premise (https://matomo.org/matomo-on-premise/) (hereinafter referred to as ‘Matomo’), an open-source web analysis tool. This is a so-called self-hosted system, which is operated on B&P's own servers, i.e. there is only a relationship between the visitor to the website (you) and the operator of the website (B&P), without external third parties having access to this data. Matomo uses cookies that are stored on your device to collect information about user behaviour on our website. 

    The IP address is anonymised when using Matomo. This means that the last digits of the IP address are removed before they are stored and processed, so that Matomo cannot directly identify you. The data collected by Matomo (e.g. anonymised IP address, browser used, pages visited, length of stay, etc.) is stored by Baumann & Partners S.A. on its own server. Although the data is anonymised, it is technically possible to reconstruct the IP addresses, as Baumann & Partners S.A. has the necessary information and technical means to re-identify users in individual cases. However, this only happens in justified exceptional cases (e.g. to investigate misuse or attacks on the website) and in compliance with the applicable data protection laws. The data collected within the framework of Matomo is not passed on to third parties and is used exclusively for the analysis and improvement of our online offering.

    You can object to the anonymous recording of your visit by Matomo at any time. In this case, a so-called opt-out cookie will be stored in your browser, which prevents Matomo from recording your visit.


    12. Profiling
    We do not use automated processing to make decisions.


    13. Rights of affected individuals
    Below, we explain your rights as a data subject in relation to the processing of personal data. You can exercise these rights at any time and free of charge.

    • Right to information under Article 15 of the GDPR 
    • Right to rectification under Article 16 of the GDPR 
    • Right to erasure under Article 17 of the GDPR 
    •  Right to restriction of processing pursuant to Article 18 GDPR 
    • Right to data portability pursuant to Article 20 GDPR 
    • Right to object pursuant to Article 21 GDPR 
    • Right to lodge a complaint with the data protection supervisory authority pursuant to Article 77 GDPR

    The data protection supervisory authority responsible for us is:
    Commission nationale pour la protection des données
    15, Boulevard du Jazz
     L-4370 Belvaux
    Phone: +352 26 10 60- 1
    Fax: +352 26 10 60- 6099
    Email: info@cnpd.lu 

    However, you are free to lodge a complaint with another data protection supervisory authority.


    14. Withdrawal of consent
    If we base data processing on your express consent in accordance with Article 6(1)(a) GDPR, you have the right to withdraw your consent at any time with future effect. All consents can be revoked independently of each other at any time. Revocation means that we will no longer process your data for the above-mentioned purposes at the earliest possible date and that, where applicable, you will no longer be able to enjoy the corresponding benefits, etc. To revoke your consent, please contact dtnschtzbpml.


    15. Data security
    To ensure data security, the content of our website is transmitted in encrypted form using state-of-the-art TLS 1.3 encryption. To secure the data, we and the contracted service providers with whom corresponding contractual agreements have been made use appropriate state-of-the-art measures, in particular to restrict access to the data, to protect against changes and loss, and to ensure confidentiality in accordance with the state of the art.


    16. Status and updating of this privacy policy
    This privacy policy is current as of September 2025. We reserve the right to update this privacy policy from time to time in order to improve and/or adapt data protection.

    As of September 2025

    Data Protection Notice

    We use cookies to optimise our website for you and to provide certain functions. Some are technically necessary and are always stored. Others are used for statistical and marketing purposes and are only used with your consent. Find out more in our privacy policy.

    Necessary cookies are always loaded.
    Impressum