Skip to main content

Privacy policy


This privacy policy (referred to as the “Policy”) applies within BONN STEICHEN & PARTNERS S.C.S., a société en commandite simple registered with the Luxembourg bar (referred to as “BSP”).
In the role as Luxembourg legal counsel, BSP needs to collect and further process personal data about its former/existing clients, prospects, lawyers, opposing parties, service providers, suppliers, public authorities, etc…, and should the later be legal entities, their legal representatives, employees, agents, etc… (“Contact Persons”). BSP values its Contact Persons’ privacy and commits to protect their personal data. 

BSP’s processing of personal data is conducted in accordance with the General Data Protection Regulation that aims to protect individuals’ privacy in connection with processing of personal data.
The purpose of this document is to provide information regarding how BSP collects, processes and shares personal data relating to its Contact Persons. This document also provides information about the Contact Persons’ rights in relation to the processing of their personal data.


BSP processes the following types of personal data about its clients and contacts :

  • Contact information (e.g. name, surname, professional and personal addresses, email and telephone number);
  • Identification data and personal information (e.g. date and place of birth, copy ID card or passport, gender, copy of criminal records, preferred language, job functions, job title, organisation);
  • Professional information (e.g. job function, identity of your employer, job title, department, organisation name, size and location)
  • Financial information (e.g. bank and account details);
  • Any other personal data provided to BSP and allowing to BSP to perform its contractual duties.



Personal data may be collected:

  • directly from the Contact Persons (during meetings, conference calls, seminars, online application for employment on BSP’s website, etc…)
  • through the registration at events organized by BSP or lists communicated by organizers of events or conferences to which BSP participates
  • from other sources, such as business partners or other third-party sources provided that they are legally permitted to share such data with BSP
  • automatically, through Cookies, when the Contact Persons use BSP’s website ( In such case, the following data are collected:
    • Navigation and click-stream data;
    • HTTP protocol elements;
    • Search terms.

More information on how BSP processes personal data through Cookies is provided on our Cookies policy.


In order to be lawful, processing of personal data has to be based on one of the legal grounds specified in GDPR.
BSP processes clients and contact’s personal data, based on the following legal grounds and for the following purposes:

  • To provide the clients with the services requested by them 
    • Processing is necessary for the performance of a contract to which the data subject is party
    • Processing is necessary or the establishment, exercise or defence of legal claims
  • To deal with communications received from the clients, contacts via phone or email, and responding to the client’s or contact’s queries 
    • Processing is necessary for the performance of a contract to which the data subject is party
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller 
  • To comply with applicable laws and regulations, in particular to fulfil our duties as a Luxembourg legal counsel under applicable AML, KYC, MAR laws 
    • Processing is necessary for compliance with a legal obligation to which the controller is subject
  • To process clients related claims
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller
  • To maintain and update our list of contacts
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller
  • To manage BSP relationships with its clients and contacts 
    • Processing is necessary for the performance of a contract to which the data subject is party
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller
  • To provide the clients and the contacts with information about BSP and its range of services; and to send BSP’s  newsletters, communications, updates and invitations to BSP events held throughout the year
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller
    • Where required by law, the data subject has given consent to the processing of his or her personal data


BSP has taken the appropriate technical security and organisational measures to protect the personal data from loss, abuse and unauthorised access.
Furthermore, access to personal data has only been granted to the individuals at BSP that need to process the personal data in accordance with the purposes that have been stated above. 

Personal data may be shared:

  • with BSP Sàrl, the general partner and manager of BSP.
  • with any service provider to the extent necessary for such service provider to provide services to BSP and to assist BSP in providing services to the Contact Persons. BSP has entered into a contract with such service providers which have implemented safeguards with a view to comply with GDPR requirements, and in particular which commit not to further transfer to any non-authorised third party the personal data received from BSP and not to use the personal data received from BSP for any other purpose.
  • with certain authorities or similar institutions (third parties namely notaries, domiciliation agents and banks) to the extent that it is necessary for the performance of the contract or because it is required by law.
  • with any public authorities or court as might be required by law, court orders or any other valid legal process brought against BSP. 

The recipients may be located inside or outside the European Union but the personal data will not be transferred to any country outside the European Union which does not ensure an adequate level of protection unless if such transfer is based on an adequacy decision, or if appropriate safeguards have been put in place (binding corporate rules or standard data protection contractual clauses), or based on the Contact Persons’ consent.


BSP applies different retention periods for different categories of personal data. 
In general, personal data will be retained for a period deemed necessary for the purpose for which it was intended, for the purpose for BSP to perform their obligations under a contract with their clients, and for as long as required or permitted by law.
When the processing of the personal data is no longer necessary for the purpose for which it was collected, BSP will erase the personal data.


Right to access

You have the right to request information on how your personal data is processed and what personal data is processed about you. You also have the right to receive a copy of the personal data that is being processed. 

Right to correction, objection, erasure and limitation

If the personal data processed by BSP is incorrect, incomplete or irrelevant you may request to have it corrected or erased. If you do not agree with a decision to process personal data based on BSP legitimate interest you may object to such processing or request that such processing be restricted. You also have the right to request restriction of processing when it is based on other legal grounds. For example, you may request a restriction of processing if you consider the processed personal data to be incorrect or if you consider that the personal data is no longer necessary for the purposes of processing. 
Please note that a restriction or erasure of your personal data may infer that BSP does not have the possibility to fulfil its commitments. 
The right to erasure may not apply to the extent that processing is necessary for e.g. compliance with a legal obligation which requires processing by European Union or member state law to which BSP is subject.

Right to withdraw consent

If you have given your consent to processing of your personal data for an explicit purpose you may always withdraw your consent. If you want to withdraw your consent, you may contact BSP through the contact information provided in Section 10.

Right to data portability

To the extent BSP processes your personal data based on consent or if it is necessary to fulfil a contract, you have the right to receive, upon request, your processed personal data in a structured, commonly used and machine-readable format and the right to have your personal data transmitted to another controller.

Right to lodge a complaint with the supervisory authority

If you think that your personal data is processed wrongly, you are entitled to lodge a complaint with the supervisory authority, the Commission Nationale pour la Protection des Données (the “CNPD”).


BSP will notify the CNPD in case of breach of personal data no later than 72 hours after detecting the breach. 
Pursuant to the provisions of GDPR, clients and contacts will be notified of a personal data breach, without undue delay, only when the personal data breach is likely to result in a high risk to their rights and freedoms.


BSP may decide, at its own discretion, to change the Policy in order to ensure it is accurate, complete and up-to-date. 
BSP encourages you to review this Policy periodically to remain informed about your rights and how we are processing your personal data.

BSP located at 2 rue Peternelchen, L-2370 Howald, is the data controller for the processing of your personal data. 
In its capacity as data controller, BSP is responsible to ensure that the personal data is being processed in a correct manner and in accordance with applicable legislation. 
If you would like further information about your data protection rights and how BSP processes your personal data please contact our data protection officer:

Mrs Vinciane Schandeler

vschandeler [at] (subject: BSP%20Privacy%20Policy)