Privacy Policy

Privacy Policy of Lumena Partners

With this data protection statement (“Privacy Policy”) we, Lumena Partners – Florian Pollner, Im Bungert 2, 8704 Herrliberg, Switzerland (hereinafter referred to as “we” or “us”), describe how we collect and further process personal data in the course of our business activities, the provision of our services, and the operation of our website lumena partners.com (“Website”) and our presences on social media platforms (“Social Media Presences”, together with the Website hereinafter “Online Presences”). This Privacy Policy is not necessarily a comprehensive description of our data processing. lt is possible that other data protection statements are applicable to specific circumstances. The term “personal data” in this Privacy Policy shall mean any information that identifies, or could reasonably be used to identify any natural person.

lf you provide us with personal data of other individuals (such as family members, work colleagues etc.), we assume that you are authorized to do so, that this personal data is accurate, and that you have informed the respective individuals about this Privacy Policy within the legally required timeframe. By providing personal data about other individuals, you confirm this to us. Please make sure the respective individuals are aware of this Privacy Policy and only provide us with their personal data if you are allowed to do so and such personal data is correct.

We process your personal data in accordance with the applicable data protection legislation, including the European Union's General Data Protection Regulation (“GDPR”) and the Swiss Federal Act on Data Protection Act (“FADP”), to the extent applicable. This Privacy Policy does not apply to any third party websites that can be accessed through our Online Presences. We have no influence over the data processing carried out by any of these third party providers and disclaim any responsibility for ensuring that the websites linked to our Online Presences comply with data protection regulations. The use of external links from our Online Presences is at your own risk.

+ Read more- Read less

Data Controller(01)Addressees of this Privacy Policy(02)Categories of Personal Data Collected and Processed(03)Collection and Processing of Personal Data(04)Purposes of Processing and Legal Grounds(05)Recipients of Personal Data(06)Data Transfer Abroad(07)Duration of Storage(08)Data Security(09)Your Rights(10)Changes to this Privacy Policy(11)

(01)

Data Controller

The entity responsible for the data processing activities as described in this Privacy Policy (i.e. the responsible person) is Florian Pollner, Lumena Partners. You can notify us of any data protection related concerns using the following contact details:

Lumena Partners – Florian Pollner
Data Protection Officer
Im Bungert 2
8704 Herrliberg ZH, Switzerland
info@lumena-partners.com

(02)

Addressees of this Privacy Policy

We may collect and process personal data from the following categories of concerned individuals:

clients;
users/visitors of Website and/or Social Media Presences;
participants in events organized and/or attended by us;
recipients of newsletters or other communication from us;
service providers and other business partners;
authorities and public officials;
authorised representatives, contact persons and correspondence recipients of the aforementioned persons;
other involved individuals.

(03)

Categories of Personal Data Collected and Processed

1. In General

We may collect and process the following categories of personal data:

personal details (e.g., first and last name);
contact information (e.g., address, email address, telephone number);
communication and content data;
contract data;
bank and payment details;
information about third parties;
preference and behaviour data (e.g., use of our Social Media Presences);
additional information.

You are not obliged to disclose your personal data to us. However, without certain information, we may not be able to provide certain services, or the full functionality of our Website and/or Social Media Presences may not be available.

2. Log Files

When you visit our Website, the following information is collected:

date and time of access as well as duration of access;
name of the files or information accessed;
IP address of your device;
internet address of the website from which our Website is accessed (so-called origin or referrer URL);
amount of data transferred;
name of the service provider through which access to the Website is made;
operating system and information about the internet browser used, including installed add-ons (e.g., for a password manager);
HTTP status code (e.g., “request successful” or “requested file not found”).

This information, which may also constitute personal data, is stored in server log files. The information is necessary to ensure reliable operation and data security. We do not have access to this technical data.

3. Cookies

We use cookies on our Website. For more information on the use of cookies, please refer to our Cookie Policy.

4. Web Analytics

We use on the Website Plausible Analytics, a privacy‑focused, cookie‑free web analytics service operated by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia (“Pausible”). Plausible does not use cookies, does not store personal data, and processes only aggregated, anonymized usage information. For more information, please refer to Plausible’s privacy policy:

https://plausible.io/privacy.

5. Social Media Presences

We may operate our own Social Media Presences on third party social media platforms. If you communicate with us through such Social Media Presences or comment on or share content, we may collect relevant information.

We have the right, but not the obligation, to review content before or after its publication and to delete content without notice, as far as technically possible, or to report it to the provider of the relevant platform. In case of violation of decency and conduct rules, we may also report the relevant user account to the platform provider.

When visiting our Social Media Presences, data may also be directly transmitted to the relevant provider or collected by them and processed together with other data already known to that provider. This data processing is the sole responsibility of the relevant provider. Further information on data processing by social network providers can be found in the privacy policies of the respective social networks. Currently, we use the following platforms:

LinkedIn: The responsible entity for operating the platform for users from Europe is LinkedIn Ireland Unlimited Company, Dublin, Ireland. Their privacy notice can be accessed at https://de.linkedin.com/legal/privacy-policy;

YouTube: YouTube is part of Google LLC, USA, and is therefore subject to the privacy policy and principles of Google LLC, USA. Their privacy notices can be accessed at https://policies.google.com/privacy;

6. Newsletter

If you sign up for our newsletter, you need to provide us with your name and email address that will be used to send you information about our services. You can object to this use at any time by clicking the unsubscribe link in the email.

(04)

Collection and Processing of Personal Data

1. Personal Data Obtained from You

We primarily process personal data that we obtain directly from you in the context of our business relationships with our clients and other business partners as well as other individuals or that we collect from you when accessing our Website and/or Social Media Presences, including, but not limited to:

your personal details and contact information;
communication data;
information in connection with your professional role and activities (e.g., in order to conclude and carry out contracts with your employer).

7. Personal Data Obtained from Public Sources and Third Parties

Insofar as it is legally permitted to us, we obtain certain personal data from publicly accessible sources (e.g., debt registers, land registries, commercial registers, press, internet) or we may receive such information from third parties (e.g., persons authorized by you). Apart from data you provided to us directly, the categories of personal data we receive about you from third parties include, but are not limited to,

information from public registers, data received in connection with administrative or court proceedings,
information in connection with your professional role and activities (e.g., in order to conclude and carry out contracts with your employer);
information about you in correspondence and discussions with third parties, credit rating
information (if we conduct business activities with you personally);
information about you given to us by individuals associated with you (family, consultants,
legal representatives etc.) in order to conclude or process contracts with you or with your involvement (e.g., references, your delivery-address, powers of attorney);
information regarding legal regulations such as anti-money laundering and export restrictions, bank details, information regarding insurances, our distributors and other business partners for the purpose of ordering or delivering services to you or by you (e.g., payments made, previous purchases).

(05)

Purposes of Processing and Legal Grounds

1. Purposes of Processing

We primarily use collected personal data in order to conclude and process contracts with our clients and business partners, in particular in connection with advising our clients and for the procurement of products and services from our suppliers and subcontractors, as well as in order to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a client or business partner. In addition, in line with applicable law and where appropriate, we may process your personal data and personal data of third parties for the following purposes, which are in our (or, as the case may be, any third parties’) legitimate interest, such as:

providing and developing our products and services, and operating our Website and Social Media Presences;
communication with you;
communication with third parties and processing of their requests (e.g., inquiries);
review and optimization of procedures regarding needs assessment for the purpose of direct customer approach as well as obtaining personal data from publicly available sources for customer acquisition;
analysis and improvement of our services, products and Online Presences;
advertisement and marketing (including organizing events), provided trat you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a black list against further advertising mailings);
market and opinion research, media surveillance;
invoicing and debt collection;
asserting legal claims and defense in legal disputes and official proceedings;
prevention and investigation of criminal offences and other misconduct (e.g., conductin internal investigations, data analysis to combat fraud);
fulfilment of legal and regulatory obligations (e.g., conduct of KYC clarifications);
ensuring our operations, including operation of our infrastructure, IT, our websites, apps and other appliances, and their security;
video surveillance to protect our domiciliary rights and other measures to ensure the safety of our premises and facilities as well as protection of our employees and other individuals and assets/values owned by or entrusted to us (e.g., access controls, visitor logs, network and mail scanners, telephone recordings).
corporate transactions (e.g., purchase/sale of business units or companies, sale of our company or parts thereof, other corporate transactions);
other purposes according to separate information or as apparent from the circumstances.

We generally do not perform profiling or automated individual decisions. If we make a decision about you in an individual case that is based solely on automated processing and has legal consequences for you or significantly affects you, we will inform you accordingly. In this case, you will have the right to request a review of the relevant automated individual decision by a natural person.

2. Legal Grounds for Processing

We may process personal data on the basis of the following legal grounds, where such a basis is required under applicable law:

processing is necessary for precontractual measures or for the performance of a contract to which you are a party;

processing is necessary for compliance with legal obligations;

processing is carried out on the basis of your consent;

processing is necessary for the purposes of legitimate interests (e.g., security and protection of our trade secrets, assets, systems and buildings; organization of business operations; operation of our Website and Social Media Presences; compliance with legal requirements and internal policies; prevention of misconduct and criminal offences; handling complaints and claims against us; establishment, exercise or defense of legal claims).

(06)

Recipients of Personal Data

We may disclose your personal data to other recipients as necessary for the purposes mentioned above, possibly with your separate consent. Disclosure may particularly occur to the following categories of recipients:

service providers who process personal data on our behalf and for our purposes (e.g., IT providers);
business partners with whom our services may need to be coordinated;
third parties who collect personal data about visitors to our Website or Social Media Presences via our Website or Social Media Presences (e.g., using cookies and similar technologies);
legal representatives;
authorities, courts, and other public bodies;
other possible third parties.

(07)

Data Transfer Abroad

In principle, we process your personal data within our area of responsibility in Switzerland or in other countries with equivalent regulations for the protection of personal data (i.e., particularly EU and EEA countries). However, some of our service providers (e.g., IT providers) and other recipients listed above may also be located in the EU or in any country worldwide, including those that do not guarantee a level of data protection comparable to Swiss law. Also, under certain circumstances, we may process personal data in countries outside of Switzerland and the EU/EEA — including, for example, in Asian markets such as Thailand and Singapore — in connection with our business activities.

If personal data is transferred to a country without adequate data protection, we ensure adequate protection through the use of sufficient guarantees (e.g., EU standard contractual clauses) or rely on one of the legal exceptions (e.g., consent).

(08)

Duration of Storage

Unless otherwise agreed, we store personal data only as long as necessary for the processing purpose, or as long as a legal retention or documentation period exists, a statute of limitations applies, or an overriding private or public interest exists. Once the personal data we have collected are no longer required for the mentioned purposes, they are generally deleted or anonymized as far as possible. An agreement with you to the contrary, whereby the personal data can be stored for a longer period, remains reserved.

(09)

Data Security

We take appropriate technical and organizational measures to protect your personal data from loss, accidental disclosure, unauthorized or unlawful processing, misuse, or unauthorized access by third parties.

We use certain IT services and communication tools that may be associated with data security risks (e.g., email, video conferences). If you communicate with us via these communication tools, it is up to you to inform us of your desire for special security measures.

(10)

Your Rights

Within the framework of applicable law and subject to the corresponding prerequisites, you have the following rights:

right to information about the personal data we process about you;
right to correction of incorrect personal data;
right to deletion of your personal data;
right to restriction of the processing of your personal data;
right to object to the processing of your personal data;
right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (data portability);
right to withdraw consent to the processing of your personal data at any time with effect for the future, if the processing of personal data is based on your consent.
Please note that there are prerequisites, exceptions, and restrictions for these rights. As far as legally permissible or required, we may refuse or restrict requests to exercise these rights.

Thus, we may or must retain or otherwise continue to process personal data despite a request for deletion or restriction of their processing for legal reasons.

Requests related to these rights should be directed in writing or by email, including proof of identity, to the contact point mentioned at the beginning.

You are also free to complain to the competent data protection authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

(11)

Changes to this Privacy Policy

We review this Privacy Notice regularly and update it where necessary. Changes apply from the announcement of the amended Privacy Policy. The version published on our Website is valid. We will inform you of any major changes to this Privacy Notice (e.g., through our Website). You are asked to regularly inform yourselves of the content of this Privacy Notice.
This Privacy Notice appears in English accompanied by a German translation. In case of discrepancies, the English version prevails.

(Status as of 1 March 2026)