Privacy Notice

1. Context and introduction

This Privacy Notice (the “Notice”) has been prepared following the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data (the “GDPR”) as well as national legislation enacted from time to time in Luxembourg.

Unless otherwise expressly indicated, all capitalised words used in the Notice shall have the same meaning as defined or referred to in the GDPR.

Jan Stig RASMUSSEN (“JSR”) is the Data Controller of the Personal Data of any Data Subjects with whom JSR deals in the daily performance of his duties and delivery of services, as further described herein.

JSR is committed to performing his duties hereunder and holding the Personal Data in confidence in strict compliance with the provisions of the Privacy Notice, any internal procedures, the GDPR, and any Luxembourg law.

When providing Personal Data to JSR via email, mail, or (the “Website”) or any other format, JSR will process such Personal Data in line with the GDPR and this Privacy Notice.

By using this Website or providing Personal Data in any other format, the Data Subject acknowledges that it has reviewed and agreed to the terms of this Privacy Notice. Accordingly, a Data Subject should not use the Website and cease all provision of Personal Data if the Data Subject disagrees with the terms of this Privacy Notice.

This Notice contains the information prescribed by article 12 of the GDPR.

2. Identity and contact details of the Data Controller and the Supervisory Authority

Data Controller:
11, rue de Wecker
L-6795 Grevenmacher
Grand Duchy of Luxembourg


Supervisory Authority:
Commission Nationale pour la Protection des Données
Service des plaints
15, Boulevard du Jazz
L-4370 Belvaux

3. Categories of Personal Data concerned

JSR will collect and process the following Personal Data from a Data Subject for one or several purposes outlined in section 4 below:

  • Identification documents, such as but not limited to copies of passport, ID cards, and driving licenses;
  • Contact details, e.g. name, address, telephone number, and email address;
  • Curriculum vitae, e.g. education, training, qualifications, professions;
  • Personal characteristics, e.g. age, gender, nationality, marital status, date and place of birth;
  • Evidence of tax residency;
  • Extract criminal record;
  • Bank references incl. financial information.

In addition, JSR may collect the following types of information when you access or browse the Website:

  • The personal information you provide directly when you register or join an online community or another group, inquire about the services of JSR via any e-mail messages you send, including personally identifiable information such as your name, contact information (phone, fax, address, and e-mail address);
  • Passively collected information, including through the use of cookies [1] and web beacons [2], IP addresses, web browser and operating system information, date and time of visits, and the web pages your Internet browser visits when browsing the Website, or any affiliate site; Click-through information related to JSR’s e-mails and related marketing activities; and Aggregate, non-personally identifiable information, such as the number of hits per week or per web page.

4. Purpose of the Processing and legal basis of the Processing

JSR will use Personal Data for the following purposes with the relevant associated legal basis:

  1. Compliance with a legal obligation:
    1. Ensuring compliance with anti-money laundering/combatting the financing of terrorism legislation, including, but not limited to the amended law of 12 November 2004 on the fight against money laundering and terrorist financing;
    2. Ensuring compliance with tax obligations in Luxembourg;
    3. Investigating and resolving complaints and managing contentious regulatory matters, investigations and litigation;
  2. Performance of a contract with a Data Subject or any organisation or entity which is represented by such Data Subject:
      1. Fulfilling the obligations of JSR under any agreement that JSR may have entered into with a Data Subject;
      2. Fulfilling JSR’s obligations under any agreement between a Data Subject and a third party, under which JSR has to fulfil any duties.
  3. Marketing by JSR:
    1. Developing and managing a business relationship with a Data Subject or any organisation or entity which is represented by such Data Subject;
    2. Providing customised and personalised information to a Data Subject about services and solutions proposed by JSR;
    3. Invitations and organisation of events and other professional activities.
  4. Consent of the Data Subject: JSR may use Personal Data for any other purpose expressly agreed on by the Data Subject, provided that such consent may be withdrawn at any time by the Data Subject, without affecting any Processing performed by JSR before such withdrawal.
  5. JSR’s legitimate interest: JSR’s legitimate interest results from JSR’s activities, consisting of the provision of independent directorship services and economic advice (conseil économique) as well as various commercial activities and services as Trader (Commerçant) such as:
    1. Managing and administering the relationship between JSR and a Data Subject;
    2. Maintaining a client relationship management database for communication and promoting services offered by JSR to Data Subjects;
    3. Monitoring and recording correspondence, telephone calls and emails under JSR’s IT set-up.

5. Recipients of Personal Data

JSR may share Personal Data with the following Recipients:

  1. Any service providers of JSR and any service providers of the Data Subjects;
  2. Any lawyers, accountants, consultants, or other professionals whom JSR may consult to obtain advice or assistance for the performance of its duties to a Data Subject or any organization or entity which is represented by such Data Subject;
  3. The CSSF or other governmental or supervisory authorities, tax authorities, law enforcement agencies, judicial authorities, self-regulatory or industry bodies to allow JSR to comply with any local, foreign or supranational law, regulation, directive, guidance injunction or request for disclosure or another form of obligation, advice, recommendation binding or applying to JSR;
  4. Any actual or proposed assignee of JSR or participant or sub-participant or transferee of JSR’s rights in respect of Data Subject or any organization or entity which is represented by such Data Subject;
  5. Any party in respect of which such disclosure is requested and/or consented to by the Data Subject or any organisation or entity represented by such Data Subject.
  6. This Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the Website analyse how users use the site. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your website use, compiling reports on Website activity for website operators and providing other services relating to website activity and internet usage.
  7. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this Website. By using this Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

6. Transfer of Personal Data to Third Countries

JSR may transfer Personal Data to recipients outside the European Economic Area (“EEA”) or International Organisations.

When sharing the Personal Data of a Data Subject with Recipients that are located outside the European Economic Area (EEA), Personal Data of a Data Subject will only be transferred on one of the following bases:

  1. The transfer is to a recipient in a country or territory approved by the European Commission as providing an adequate level of protection for personal data;
  2. The transfer is to a Recipient that has entered into European Commission standard contractual clauses with JSR;
  3. The Data Subject has explicitly consented to the transfer of Personal Data. In this regard, and as detailed above, JSR will, from time to time, need to pass specific identity-related data (including the name, title, gender, nationality and date of birth, and copies of passport, driver’s license, tax ID, social security number, and/or government-issued identification document of a Data Subject) to supervisory authorities or service providers of JSR located outside of the EEA for the purposes of (1) “know your client”, (2) controls related to anti-money laundering/combatting the financing of terrorism or (3) for the receipt and maintenance of any regulatory licenses granted to JSR.

7. Period for which the Personal Data of the Data Subject is stored by JSR

JSR will store the Personal Data of the Data Subject in line with applicable legal and regulatory requirements in Luxembourg.

8. Rights of information and access to Personal Data by a Data Subject under the GDPR

A Data Subject has the following principal rights under GDPR:

  1. To obtain confirmation from JSR as to whether or not JSR is processing Personal Data concerning the Data Subject;
  2. As the case may be, to get access to, and copies of, the Personal Data JSR holds about the Data Subject;
  3. To get the following information:
    1. The purposes of the Processing of Personal Data and the categories of Personal Data concerned;
    2. The recipients or categories of recipients of Personal Data to whom Personal Data has been or will be disclosed, in particular, if such Recipients are located outside the European Economic Area (“EEA”) or to International Organisations;
    3. Insofar as possible, the envisaged period for which Personal Data will be stored, or, if not possible, the criteria used by JSR to determine that period;
  4. To require that JSR rectifies or erases Personal Data;
  5. To request a restriction of the Processing of Personal Data or to object to such Processing;
  6. To obtain the Personal Data concerning the Data Subject, which the Data Subject provided, in a structured, commonly used, and machine-readable format that can be transmitted to another Data Controller in certain circumstances;
  7. To complain with the Supervisory Authority is indicated in section 2.

9. Disclosure of Personal Data

Before disclosing any Personal Data relating to its employees, contractors and other individuals, JSR shall (1) ensure that those natural persons are duly notified and made aware of JSR’s obligations under the GDPR and (2) undertake and represent those natural persons will process such Personal Data in line with the provisions of the GDPR.

10. Miscellaneous

  1. This Privacy Notice shall be deemed an integral part of all contracts, agreements, facility offer letters, account mandates, and other binding arrangements that Data Subjects or any organisation or entity represented by such Data Subjects have entered into or intend to enter into with the Company.
  2. This Privacy Notice may be updated from time to time to reflect changes and/or developments in data protection and banking secrecy laws, regulations, guidelines, codes and industry practices in Luxembourg.
  3. The list of the above rights is not absolute, and requests may be refused where exceptions apply.

Luxembourg, May 2022

[1] Cookies are small text files that store information about your interactions with a particular website, either temporarily (known as a “temporary” or “session” cookie and deleted once you close your browser window) or more permanently on the hard drive of your computer (known as a “permanent” or “persistent cookie”). Cookies can make it easier to use a website by allowing servers to access certain information quickly. If cookies are disabled in your browser, you may not have access to the totality of our offers and services.

[2] A web beacon is an electronic image embedded in a web page or email, which allows for tracking web page views/hits or opening an email containing a beacon. JSR may use a web beacon in conjunction with cookies to track website activity, the Website and associated websites. Web beacon tracking by JSR does not identify the name or email address of the web user or mail recipient.