Data Security

Data Security

Collecting and processing personal data*

As a rule, you can visit IPConcept (Luxemburg) S.A. and IPConcept (Schweiz) AG without us needing to collect any personal data from you. We only know the name of your internet service provider, the website from which you are visiting us, and the websites belonging to us that you visit. For statistical purposes, this information is collected and stored by us in anonymized form for marketing and optimization. User profiles are generated under a pseudonym from this data. The data will not be used to personally identify the visitor to this website and will not be merged with data about the bearer of the pseudonym.

Personal data is only collected and processed for this purpose if you enter it, e.g. to order information material. This information is partially transmitted in encrypted form in order to prevent misuse by third parties.

The use of specific offers on our website, such as newsletters, requires prior registration and further processing of personal data, e.g. long-term storage of email addresses. If you register for a newsletter, the data will only be used for the purposes stated and to the extent necessary to achieve these purposes. Transmission of personal data to state institutions and authorities only takes place within the framework of mandatory national legal provisions or if transfer is necessary for legal and criminal prosecution in the event of attacks on our network infrastructure. It will not be passed on to third parties for other purposes.

Data of this nature will only be used if you have submitted it to us and consented to use in advance.

As a rule, we use the double opt-in procedure for sending the newsletters. We will only send the newsletter to you if you confirm the future receipt of the newsletter via an email sent to you by us after you have registered and provided your email address. This ensures that only you, as a user of the specified email address, can register for the newsletter service.

You can unsubscribe at any time from a newsletter to which you have subscribed. You can either send us an email or cancel using a link at the end of the newsletter.

In some areas of the website, IPConcept (Luxemburg) S.A. and IPConcept (Schweiz) AG use so-called cookies in order to provide you with our services on a more individual basis. Cookies are identifiers that a web server can send to your computer in order to identify it for the duration of your visit. It is generally possible to display cookies in the browser (e.g. in Mozilla Firefox under "Extras -> Settings -> Data protection -> Display cookies"). [Translation note: Please confirm update of how to do this and change German if necessary: (e.g. in Mozilla Firefox under "Options -> Privacy and security -> Manage data"). This is the most recent version of Firefox] You can also set your browser so that it informs you about the placing of cookies.

If you participate in the survey at, a cookie under the name vote123 (number is individual) will be set in your browser so that the survey will not be available the next time you visit the website.

The web analysis tool “Matomo” is used on the websites of IPConcept (Luxemburg) S.A. and IPConcept (Schweiz) AG. The analysis of user behaviour is important, as this way the demand for content can be anonymized and analyzed, therefore allowing an offer to be optimized. As far as this applies to the websites you use, we collect real-time data such as:


    Number of actions performed on the website

    Time spent on the website

    Country of origin

    Browser version

    Operating system

    Number of new and returning visitors

    Referring source

    Target conversion rate

    IP addresses (these are not evaluated)

The analysis tool works by setting a cookie, which is stored after the end of your visit as a so-called "first party cookie" with an anonymized ID as a small text file on your end device under namen _pk_id.12345 [Translation note: Please confirm English term] (number is individual). The cookie does not expire and allows analysis of behaviour on the website that is not associated with you as a person. For example, we can see the page from which visitors have come to our website and which internet pages of IPConcept (Luxemburg) S.A. and IPConcept (Schweiz) AG were viewed, and for how long. We can also evaluate how many and which files have been downloaded by visitors. With the help of the data ascertained, we try to adapt and optimize the service on the website according to user behaviour. Reference to a particular person cannot be established with these cookies. The cookies are used for the purpose of compiling user statistics that are not directly related to your person (“pseudonymous user profiles”). You have the right to object to this use of your data. You can exercise your right of objection as follows.

Right of objection:

You can prevent the analysis of user behaviour if you block the setting of cookies in your browser through the corresponding domain (, for example, by creating an exception in the browser (e.g. in the Firefox browser). If necessary, please refer to program help to see how you can set this up in your browser. Of course, you can also delete the above cookies in your browser in individual cases or periodically in order to delete tracking information. You also have the option of preventing any form of user analysis on this website in future if you set a so-called block cookie or opt-out cookie.

Use and disclosure of personal data and purpose limitations

What sources and data do we use?

We process personal data that we receive from you as part of our business contact or our business relationship with you. Furthermore, we process – to the extent necessary in order to provide our services – personal data that we have legitimately received from other third parties (e.g. to carry out orders, fulfil contracts, or on the basis of your consent). We also process personal data that we have legitimately obtained and are permitted to process from publicly accessible sources (e.g. debtor registers, land registers, trade and association registers, press, and media).

Relevant personal data consists of personal details (name, address and other contact details, date and place of birth, and nationality), legitimizing data (e.g. identity data) and authentication data, data from fulfilling our contractual obligations, information about your financial situation, advertising and sales data, documentation data, register data, data about your use of our offered telemedia (e.g. time of access to our websites, apps or newsletter; our pages clicked on, or entered data) as well as other data comparable to the categories mentioned.

Why do we process your data (purpose of processing) and what is the legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the respective national law that applies.

To fulfil contractual obligations (Article 6. Paragraph 1b GDPR)

The processing of personal data (Article 4. No. 2 GDPR) takes place for the provision and brokerage of financial services, as well as to implement our contracts or pre-contractual measures with you, and the execution of your orders as well as all activities necessary for the operation and administration of our company.

The purposes of data processing are primarily based on the specific product and can include, among other things, needs analyzes, consultation advice and carrying out transactions.

Further details on the purpose of data processing can be found in the respective contract documents and business terms and conditions.

As part of balancing interests (Article 6. Paragraph 1f GDPR)

Whenever necessary, we process your data beyond the actual fulfilment of the contract to safeguard our legitimate interests or those of third parties, such as in the following cases:

  • Consultation of, and data exchange with, credit agencies to determine creditworthiness or default risks and the need for a seizure protection account or base account;
  • Examination and optimization of procedures for needs analysis and direct customer contact;
  • Advertising or market and opinion research, provided you have not objected to the use of your data;
  • Assertion of legal claims and defence in legal disputes;
  • Ensuring IT security and IT operations of our company;
  • Prevention and investigation of criminal offences;
  • Video surveillance, which is used to collect evidence of criminal offences. This serves to protect customers and employees as well as to exercise domiciliary rights;
  • Building and installation security measures (e.g. control of access);
  • Measures to ensure domiciliary rights;
  • Business management measures and measures for further development of services and products.

Based on your consent (Article 6. Paragraph 1a GDPR)

If you have given us your consent to process personal data for specific purposes, the legality of this processing is given on the basis of your consent. Your consent can be withdrawn at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into effect, i.e. before 25 May 2018.

Please note that the revocation will only take effect in the future. Processing that took place before revocation is not affected

Due to legal requirements (Article 6. Paragraph 1c GDPR) or in the public interest (Article 6. Paragraph 1e GDPR)

In addition, we are subject to various legal obligations, i.e. legal requirements and supervisory statutory requirements (e.g. the European Central Bank, the European Banking Authority, the Commission de Surveillance du Secteur Financier, the Banque Centrale du Luxembourg, Deutsche Bundesbank and the Federal Financial Supervisory Authority). The reasons for processing include identity and age verification, prevention of fraud and money laundering, fulfilling tax control and notification obligations, as well as the assessment and control of risks.

Who receives my data?

Within our institution, departments with access to your data are those that require it to fulfil our contractual and legal obligations. Processors contracted by us (Article 28. GDPR) can also receive data for these purposes. These are companies in the categories of IT services, logistics, printing services, telecommunications, advice and consulting, as well as sales and marketing.

With regard to the transfer of data to recipients outside our institution, it should first be noted that we are obliged to maintain secrecy about all customer-related facts and assessments of which we become aware, according to the relevant legal provisions or the terms and conditions agreed between you and us. We are only allowed to pass on information about you if this is required by law or if you have given your consent. Under these conditions, recipients of personal data can, for example, be:

  • Public bodies and institutions (e.g. Deutsche Bundesbank, Federal Financial Supervisory Authority, Commission de Surveillance du Secteur Financier, Banque Centrale du Luxembourg, European Banking Authority, European Central Bank) if there is a legal or official obligation.
  • Other credit and financial services institutions or comparable institutions to which we transmit personal data in order to conduct the business relationship with you (depending on the contract: e.g. correspondent banks, depositary banks, stock exchanges, credit agencies).

Other data recipients can be those bodies for which you have given us your consent to transfer data.

How long will my data be stored?

If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. It should be noted that our business relationship can last for many years.

In addition, we are subject to legal and regulatory retention and documentation obligations. The periods for storage and documentation specified by these are up to ten years after creation or 5 years after the end of the business relationship.

Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years in individual cases.

What are my data protection rights?

Each person affected has the right to:

  • Information according to Article 15. GDPR,
  • Correction according to Article 16. GDPR,
  • Deletion according to Article 17. GDPR,
  • Restriction of processing according to Article 18. GDPR,
  • Data portability from Article 20. GDPR,
  • A right to lodge a complaint with a data protection supervisory authority from Article 77. GDPR.

Is there an obligation to provide data?

As part of our business relationship, you only need to provide the personal data that is necessary for the establishment, implementation and termination of a business relationship or data that we are legally obliged to collect. Without this data, we will usually have to reject contract conclusion or carrying out a contract, or we will no longer be able to carry out an existing contract and, if necessary, will have to terminate it.

In particular, according to the anti-money laundering regulations, we are obliged to identify you, for example by means of your identity document, before establishing the business relationship and to collect at least your name, your place of birth, your date of birth, your nationality and your home address. In order for us to be able to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the applicable regulations for the prevention of money laundering and terrorist financing and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we are not permitted to enter into the desired business relationship.

To what extent is there automated decision-making in individual cases?

In principle, we do not use fully automated decision-making in accordance with Article 22. GDPR to establish and implement the business relationship. If we use this procedure in individual cases, we will inform you about this separately, insofar as this is required by law.

To what extent will my data be used for profiling (scoring)?

We partially process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:

  • Due to legal and regulatory requirements, we are obliged to combat money laundering, the financing of terrorism, and criminal offences that endanger assets. Data evaluations are also carried out (e.g. in payment transactions). These measures also serve to protect you.
  • In order to be able to provide you with targeted information and advice on products, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.

Data Security

IPConcept (Luxemburg) S.A. and IPConcept (Schweiz) AG take technical and organizational security measures to protect the data from coincidental or deliberate manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

Information about your right to object according to Article 21. of the General Data Protection Regulation (GDPR)

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data taking place that concerns you based on Article 6. Paragraph 1e GDPR (data processing in the public interest) and Article 6. Paragraph 1f GDPR (data processing based on a balancing of interests); This also applies to profiling based on this provision within the meaning of Article 4. No. 4 GDPR that we use to assess creditworthiness or for advertising purposes.

If you object, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.

In individual cases we process your personal data in order to use direct mailing. You have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and should be addressed to:


IPConcept (Luxemburg) S.A.

4, rue Thomas Edison

L-1445 Strassen, Luxembourg


Mailing address

IPConcept (Luxemburg) S.A.

4, rue Thomas Edison

L-1445 Strassen, Luxembourg

Tel. +352 260 248-1

Fax. +352 260 248-4955


Privacy concerns

Who is responsible for data processing and who can I contact?

Responsible body is:

IPConcept (Luxemburg) S.A.

4, rue Thomas Edison

L-1445 Strassen, Luxembourg


Postal address

IPConcept (Luxemburg) S.A.

4, rue Thomas Edison

L-1445 Strassen, Luxembourg


Tel. +352 260 248-1

Fax. +352 260 248-4955


You can contact our company data protection officer at:

Frank Meyer

Data protection officer

IPConcept (Luxemburg) S.A.

4, rue Thomas Edison

L-1445 Strassen, Luxembourg


Postal address

IPConcept (Luxemburg) S.A.

Data protection officer

4, rue Thomas Edison

L-1445 Strassen, Luxembourg


Tel. +352 44 903 1

Fax. +352 44 903 2001



* Collection and processing of personal data

* Information about Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called "cookies", text files that are saved on your computer and allow your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the agreement for the European Economic Area.

The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link and installing it: Browser add-on to deactivate Google Analytics.[Translation note: Link here?]

You can prevent collection by Google Analytics here. An opt-out cookie is set which prevents the future collection of your data when you visit this website:

Your visit is currently being recorded by Google Analytics. Remove the check mark on the left to deactivate Google Analytics.

You can find more information on terms of use and data protection at or at We would like to point out that Google Analytics has been expanded to include the code “anonymizeIp” on this website in order to guarantee anonymous collection of IP addresses (so-called IP masking).



Supplementary data protection information when using Twitter

IPConcept (Luxemburg) S.A. and IPConcept (Schweiz) AG, hereinafter IPConcept, uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service.


The Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the data processing of the data of persons living outside the U.S.A.

IPConcept has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties. In this respect, IPConcept also has no effective control capabilities.

Data processed by Twitter

When you use Twitter, your personal data will be recorded, transmitted, stored, disclosed and used by Twitter Inc., and transmitted there, stored and used regardless of your place of residence in the United States, Ireland and any other country in which Twitter Inc. does business.

In doing so, Twitter processes your voluntarily entered data such as name and user name, email address, and telephone number.

Twitter also evaluates the content you share to determine which topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location using GPS data, information about wireless networks or via your IP address in order to send you advertising or other content.

For evaluation purposes, Twitter Inc. may use analysis tools such as Twitter or Google Analytics.

IPConcept has no influence on the use of such tools by Twitter Inc. and was not informed about such potential use. If tools of this kind are used by Twitter Inc. for the IPConcept account, IPConcept has neither contracted this nor agreed to it or otherwise supported it in any way. Nor is the data obtained during the analysis made available to IPConcept. Furthermore, IPConcept has no way of preventing or turning off the use of such tools on its Twitter account.

Ultimately, Twitter also receives information, for example, when you view content, even if you have not created an account. This so-called "log data" can be the IP address, the browser type, the operating system, information about the website previously accessed and the pages you visited, your location, your mobile phone provider, the end device you are using (including device ID and application ID), the search terms you used and cookie information.

Twitter buttons or widgets integrated into websites and the use of cookies enable Twitter to record your visits to these websites and assign them to your Twitter profile. This data can be used to offer content or advertising tailored to you.

Because Twitter Inc. is a non-European provider with a European branch only in Ireland, according to its own interpretation, it is not bound by national data protection regulations. Due to the establishment principle in Article 3. Para. 1 GDPR, Twitter Inc. is bound to the regulations of the GDPR.

You can find more information about the points "data protection and data security" on the following Twitter support pages:

  • You can find out more about the possibility of viewing your own data with Twitter here:
  • Information about the inferences that Twitter has made about you can be found here:
  • Information on available options for personalization and data protection settings can be found here (with further references):
  • You also have the option of requesting information using the Twitter data protection form or archive requests:


Data processed by IPConcept

IPConcept also processes your data. But it does not collect any data itself via your Twitter account. We do not integrate Twitter as a plugin, but only as an image-text link. The data you enter on Twitter, in particular your user name and the content published under your account, will be processed by us insofar as we may retweet or reply to your tweets, or we may also compose tweets that refer to your account. The data freely published and disseminated by you on Twitter will be included in your offer by IPConcept and made available to your followers.