Privacy Policy

  1. Introduction

We aware of the trust you are placing in us. Therefore, we would like to provide comprehensive information to you on how we handle your personal data at Threestones Capital Management S.A. (TSC)  In particular, we would like to inform you on the type of data we collect when you visit and/or use our website and on how we use this data. If we have received personal data from you through other communication channels (e.g. by e-mail), the following Privacy Notice applies as well.

Given that our website and the technologies on which it is based, as well as our business processes are subject to continuous development, the Privacy Notice may need to be changed too. All future changes will be published on this website.


  1. Use of the website and data protection
  2. Name and contact data of the controller of the website

We, Threestones Capital Management S.A., as the provider of this website, are the controller within the meaning of Art. 4(7) GDPR.


  1. Contact data of the data protection officer

The data protection officer of Threestones Capital Management S.A. can be reached as follows:

Threestones Capital Management S.A.
c/o the data protection officer
23, rue Aldringen, L-1118 Luxembourg


  1. Restriction of the scope of this Privacy Notice for visits to our website

Our Privacy Notice only applies to our content which is stored on our servers. It expressly does not cover any links to websites of third parties in our offerings.


  1. Collection of personal data in the context of informational use of our website
  2. Description and scope of data processing

If you only use our website for informational purposes, we do not collect any personal data aside from the data transmitted by your browser to enable you to visit the website.

That data is:

  1. Date and time of your request
  2. Duration of your visit
  3. Time zone difference compared to Greenwich Mean Time (GMT)
  4. Content of the request (specific page)
  5. Access status / HTTP status code
  6. Website & provider from/by which the request is made
  7. Browser
  8. Operating system
  9. Language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. For more details on cookies, see II. Clause 11 of this Privacy Notice.


  1. Purpose and legal basis of data processing

We store data related to the end device in order to create use statistics, for example, or to identify and trace unauthorised attempts to access our web servers. We only create profiles regarding the use of our website in anonymised form and only to improve user navigation and optimise our products and services. Our legitimate interest in data processing pursuant to Art. 6(1) lit. f GDPR also lies in these purposes. We do not create or process behavior profiles relating to a specific person from the aforementioned information.


  1. Duration of data storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.


  1. Collection of personal data during the use of our website features

We only store personal data, such as your e-mail address or your name, if you choose to provide this information to us, e.g. in the context of the personal login area or an email through the link on the website.

If you use the email-link on our website to provide a profile/resume to us, we will use that personal data to create our own professional profile for you in accordance with this Privacy Notice. Given that we will store your work history in this case, your submission must not contain any sensitive information with respect to race or ethnic origin, political opinions, religion or beliefs, trade union or political party memberships, genetic, physical or mental health status, dependencies, sexual orientation, criminal offences or criminal proceedings and related penalties or fines, social security number or national ID. If your profile contains such information regardless, you agree that we may store that information and also use it in accordance with this Privacy Notice. Please also note that where you provide information of a third party to us as a reference you are responsible for ensuring that the person involved is aware of your disclosure of his/her personal data and has provided his/her written consent to this disclosure.


  1. Disclosure to third parties

To facilitate the purposes described we may exchange your data with third parties we use to process orders and inquiries. In this context we may provide access to your information to third parties that support our provision of services to you. Examples are third parties used to manage our web servers and to analyse data who may be able to access your data in this context.

If you make your personal data available to us for the purpose of potential future cooperation, potential investments and/or to enable us to contact you, we may disclose this data to affiliated companies.

Otherwise we only provide your personal data to third parties if we are obligated to do so by compulsory legal regulations, if you ask us to do so or have consented to the disclosure, or after the data has been anonymised or pseudonymised.

We only transfer data to third parties established in a third country with your consent or to fulfil our contractual obligations pursuant to Art. 44 GDPR et seqq.


  1. Consent

By entering your personal data you consent to the processing of the data and their use, including their disclosure to third parties, as described. If you provide personal data of third parties to us, you are responsible for ensuring that the data subjects have consented to the disclosure and processing of the personal data.


  1. Data security

Threestones Capital Management S.A. and the companies affiliated with it take diligent precautions to protect your data managed by us against manipulations, loss, destruction and against access by unauthorised persons. We continuously improve our security measures in accordance with the development of technology.

Our employees are obligated to maintain data confidentiality in accordance with the provisions of the GDPR.


  1. Technologies used

Parts of this website may use technologies that are widely used on the internet, such as JavaScript, Java, Flash or ActiveX, to allow us to present the information requested in a form that is more convenient for you. We do not use these technologies in any way to spy out personal data or manipulate data on your computer.


  1. Cookies
  2. Description and scope of data processing

We need certain information to enable us to design our websites based on user needs. For the collection of this information we also use cookies. Cookies are meant to facilitate the use of the internet and communication. Cookies are stored on your PC or another end device to anonymously identify the device and to support the application when you return to our websites.

If you want to, you can suppress the storage of cookies in general through your web browser or you can decide if you want to be asked if a cookie should be stored or not. However, if you do not accept cookies, some pages may not be displayed correctly any more.

We use cookies on our website to store the following parameters, for example:

a.) Language and country

b.) Browser settings and installed plug-ins

c.) Data on the use of our website.

This website uses the following cookies:

  • Transient cookies (temporary use)
  • Persistent cookies (use for a limited time)

Transient cookies are deleted automatically when you close your browser. They specifically include session cookies. Session cookies store a "session ID" which allows to allocate various requests from your browser to a joint session. This allows the website to recognize your computer when you return to the website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are deleted automatically after a specified period which may vary depending on the type of the cookie. You can delete the cookies at any time in the security settings of your browser.

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

More information on how cookies work can be found on the following website:


  1. Purpose and legal basis of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

The legal basis for the processing of personal data using cookies is Art. 6(1) lit. f GDPR


  1. Duration of storage objection and elimination options

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to use all functions of the website to their full extent.


  1. Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses “cookies”. As mentioned above, cookies are text files that are stored on your computer and enable us to analyse your use of the website. The information on your use of this website generated by the cookie is transferred to a Google server in the USA and is stored there. Google will use this information to analyse your use of the website, prepare reports on the website activities for website operators and provide other services related to the use of the website and the internet. This is also where our legitimate interest in data processing lies. The legal basis for the use of Google Analytics is § 15 para. 3 TMG and Art. 6(1)  f. GDPR. The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. Google may also transfer information to third parties if this is required by law or if this data is processed by third parties on behalf of Google. Google will not connect your IP address with other Google data under any circumstances. By using this website you agree that Google may process the data collected about you in the above described manner and for the above specified purpose. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at:

By activating the add-on that can be downloaded through this link you effectively object to the collection, use and processing of your data by Google Analytics.

This website uses the anonymisation option provided by Google Analytics. We only collect your IP address in shortened form which means it cannot be traced back to you.

If you object to the use of cookies, we place a simple cookie which expires after your browser session and only memorises that data should not be collected about you.


  1. Your rights

You have the following rights with respect to your personal data:

  • right of access,
  • right to rectification or erasure,
  • right to restriction of processing,
  • right to withdraw the consent or objects to the processing
  • right to object to processing,
  • right to data portability.

You can contact us or our data protection officer to assert your rights (for contact details see II. Clause 1 and 2 of this Privacy Policy).

You also have the right to complain with a data protection supervisory authority about our processing of your personal data.


III. General data processing at Threestones Capital Management S.A. (data protection information according to Art. 13 GDPR)

The privacy, protection and processing of your personal data is very important to TSC Group. In the following we would like to inform you about the processing of your personal data at TSC and your rights regarding personal data protection. Which specific personal data will be processed and/or use significant depends on the specific existing business relationship or other factors. You do not have to do anything in connection with GDPR.


  1. Name and contact data of the controller

Controller within the meaning of GDPR and/or other European data protection laws or regulations, is Threestones Capital Management S.A. with which you maintain a business relationship, that collects personal data from you or to which you provide personal data.

The data controller can be reached as follows:

Threestones Capital Management S.A.

23, rue Aldringen, L-1118 Luxembourg

Tel.: +352 248 471 0


  1. Contact data of the data protection officer of TSC  

The data protection officer can be reached as follows:

Threestones Capital Management S.A.
c/o the data protection officer
23, rue Aldringen, L-1118 Luxembourg

Tel.: +352 248 471 0


  1. Purpose of personal data processing and legal basis

We process personal data in accordance with the relevant rules and regulations, in particular with GDPR. The processing of personal data is necessary for the performance of a contract with you (Art. 6(1) lit. b. GDPR).

The processing of personal data is necessary for the purposes of the legitimate interests pursued by you or by a third party (Art. 6(1) lit. f. GDPR).

If you have declared your consent in the processing of personal data for certain purposes, we process such data on the basis of your consent (Art. 6(1) lit. a. GDPR.

In addition, we are subject to a large number of legal obligations (money- laundering act, tax law etc.) as well as regulatory regulations. For this purpose we can use and process your personal data (Art. 6(1) lit. c. GDPR).


  1. Recipients or categories of recipients of the personal data

Your personal data will be transmitted within the TSC framework to all entities, which need these data for contractual and regulatory purposes. For these purposes we also may transmit your personal data to processors (Art. 28 GDPR) if applicable. To comply with certain contractual obligations we may transmit personal data to other recipients, e.g. public authorities or organisations in case of legal obligations. A transfer of personal data to third parties with a registered office in a third country will only take place with your consent or in order to fulfil our contractual obligations pursuant to Art. 44 et seq GDPR.


  1. Duration of storage

Where required, we process and store your personal data for the period of our business relation. The retention period of personal data within the Know Your Costumer process shall be 5 years. The retention period shall begin upon conclusion of the calendar year in which the business relationship is terminated. In all other cases, it shall begin upon conclusion of the calendar year in which the respective information was gathered (see Sec. 8 para 4 Money Laundering Act). Furthermore, we are subject to miscellaneous safekeeping and documentation.

Pursuant to the provisions of these laws, personal data must be retained for a period of ten years.


  1. Automated decision-making including profiling

We do not use automated decision-making within the meaning of Art. 22 GDPR for establishing and fulfilling the business relationship with you. We do not use procedures based solely on automated processings. Your personal data will be partially processed automatically, to analyse certain personal aspects (profiling). Profiling is used in the following areas: We are subject to certain legal and regulatory requirements, e.g. anti-money laundering, terrorist financing and asset risk offenses. Concurrently, this measures are for your protection.


  1. Your rights

As data subject within the meaning of GDPR you have a number of rights in relation to your data. In the following, we will inform you about your rights. You will find further details in Art. 15-21 GDPR.

  • right of access to personal data
  • right to rectification or erasure
  • right of restriction of processing
  • right to withdraw the consent or objects to the processing
  • right to data portability

Please contact us or our data protection officer (see contact details under II. Clause 1 and 2). to assert our rights.

In addition you have the right to lodge a complaint with the Data Protection Supervisory Authority.