1. Introduction

This Privacy Notice (the “Privacy Notice”) has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) as well as domestic legislation enacted from time to time in Luxembourg.

​Monika Barrnes, Managing Director of IMBarnes consult SARL (“IMBC”) is the Data Controller of the Personal Data of a Data Subjects with whom IMBC interacts in the daily performance of its duties as further described herein.

IMBC is committed to perform its duties hereunder and to hold the Personal Data in strict compliance with the provisions of the Privacy Notice, any internal procedures, the GDPR, as well as any relevant Luxembourg law.

When providing Personal Data to IMBC via email, mail, IMBC’s company website or any other format, IMBC will process such Personal Data in line with the GDPR and this Privacy Notice.

By using this Website or providing Personal Data in any other format, a Data Subject acknowledges that it has reviewed, and agreed to, the terms of this Privacy Notice.

This Privacy Notice contains the information prescribed by article 12 of the GDPR.

  1. Identity and Contact Details of the Data Controller and the Supervisory Authority

Data Controller:

IMBarnes consult SARL
Monika Barnes
3, Impasse Jaeger
L-5540 Remich
Grand Duchy of Luxembourg
Email: [email protected]

Supervisory Authority:

Commission Nationale pour la Protection des Données
Service des plaintes
15, boulevard du Jazz
L-4370 Belvaux

  1. Categories of Personal Data Concerned

IMBC may collect and process the following Personal Data from a Data Subject for one or several purposes outlined in section 4 below:

  • Identification documents, such as, but not limited to copies of passport, ID cards, driving licenses;
  • Contact details e.g. name, address, telephone number, email address;
  • Personal data such as age, gender, nationality, date and place of birth;
  • Evidence of tax residency;
  • Extract of the criminal record;
  • Bank references incl. financial information.

In addition, IMBC may collect the following information when you access or browse the Website:

  • Personal Information you provide directly when you register, inquire about our services via any e-mail messages you send, including personally identifiable information such as your name, contact information (phone, fax, address, and email address);
  • Passively collected information, including through the use of cookies, IP addresses, web browser and operating system information, date and time of visits, and the web pages your Internet browser visits when browsing the Website.
  1. Purpose of the Processing and Legal Basis for Processing

IMBC will use Personal Data for the following purposes:

  • Compliance with a legal obligation:
  1. a) Ensuring compliance with anti-money laundering/combatting financing of terrorism legislation, including, but not limited to the amended law of 12 November 2004 on the fight against money laundering and terrorist financing;
  2. b)  Ensuring compliance with tax obligations in Luxembourg;
  3. c)  Investigating and resolving complaints and manage contentious regulatory matters, investigations and litigation;
  • Performance of a contract with a Data Subject or any entity which is represented by such Data Subject:
  1. a) Providing customised and personalised information to a Data Subject about services and solutions proposed by IMBC.
  2. b) Fulfilling IMBC’s obligations under any agreement that IMBC may have entered into with a Data Subject or any entity which is represented by such Data Subject;
  3. c) Fulfilling IMBC’s obligations under any agreement between a Data Subject or any entity which is represented by such Data Subject and a third party, under which IMBC has to fulfil any duties;
  • Consent of the Data Subject:

IMBC may use Personal Data for any other purpose expressly agreed on by the Data Subject, provided that such consent may be withdrawn at any time by the Data Subject, without however affecting any Processing performed by IMBC prior to such withdrawal.

  • IMBC‘s legitimate interest:
  1. a)  Managing and administering the relationship between IMBC and a Data Subject or any entity which is represented by such Data Subject;
  2. b)  Maintaining a client relationship management database for communication and promoting services offered by IMBC to Data Subjects or any entity which is represented by such Data Subjects;
  3. c)  Monitoring and recording, correspondence, telephone calls and emails in accordance with IMBC’s IT set-up.

IMBC’s legitimate interest results from IMBC’s activities consisting in the provision of independent directorship services and associated tasks for corporate entities, as well as advice on operation and organisation of its clients.

  1. Recipients of Personal Data

IMBC may share Personal Data with the following Recipients:

  • Any service providers of IMBC which provide administrative, telecommunications, information technology, transaction and data processing, operational or other services to IMBC;
  • Any lawyers, accountants, consultants, or other professionals which IMBC may consult to obtain advice or assistance for the performance of its duties to a Data Subject or any entity which is represented by such Data Subject;
  • Relevant governmental or supervisory authorities, tax authorities, law enforcement agencies, judicial authorities, self-regulatory or industry bodies in order to allow IMBC to comply with any local, foreign or supranational law, regulation, directive, guidance injunction or request for disclosure or other form of obligation, advice, recommendation binding or applying to IMBC;
  • Any actual or proposed assignee of IMBC or participant or sub-participant or transferee of IMBC’s rights in respect of Data Subject or any entity which is represented by such Data Subject;
  • Any party in respect of which such disclosure is requested and/or consented to by the Data Subject or any entity which is represented by such Data Subject.
  1. Transfer of Personal Data to Third Countries

IMBC may transfer Personal Data to Recipients that are located outside the European Economic Area (“EEA”) or to International Organisations.

When sharing the Personal Data of a Data Subject with Recipients that are located outside the European Economic Area (EEA), Personal Data of a Data Subject will only be transferred on one of the following bases:

  • The transfer is to a recipient in a country or territory approved by the European Commission as providing an adequate level of protection for personal data;
  • The transfer is to a Recipient that has entered into European Commission standard contractual clauses with IMBC;
  • The Data Subject has explicitly consented to the transfer of Personal Data. In this regard.
  1. Retention of Personal Data

IMBC will store the Personal Data of the Data Subject in line with applicable legal and regulatory requirements in Luxembourg.

  1. Rights of Information and Access to Personal Data by a Data Subject

A Data Subject has the following principal rights under the GDPR:

  • To obtain confirmation from IMBC as to whether or not Personal Data concerning the Data Subject is being Processed by IMBC;
  • As the case may be, to obtain access to, and copies of, the Personal Data IMBC holds about the Data Subject;
  • To obtain the following information:
    • The purposes of the Processing of Personal Data and the categories of Personal Data concerned;
    • The recipients or categories of recipient of Personal Data to whom Personal Data has been or will be disclosed, in particular if such Recipients are located outside the European Economic Area (“EEA”) or to International Organisations;
    • Insofar as possible, the envisaged period for which Personal Data will be stored, or, if not possible, the criteria used by IMBC to determine that period;
  • To require that IMBC rectifies or erases Personal Data;
  • To request a restriction of the Processing of Personal Data or to object to such Processing;
  • To obtain the Personal Data concerning the Data Subject, which was provided by the Data Subject, in a structured, commonly used and machine-readable format that can be transmitted to another Data Controller in certain circumstances;
  • To lodge a complaint with the Supervisory Authority indicated in section 2.
  1. Disclosure of Personal Data

Before disclosing any Personal Data relating to its contractors and other individuals, IMBC shall (1) ensure that those natural persons are duly notified and made aware of IMBC’s obligations under the GDPR, and (2) undertake and represent those such Personal Data will be processed in line with the provisions of the GDPR.

  1. Miscellaneous
  • This Privacy Notice may be updated from time to time to reflect changes and/or developments in data protection laws, regulations, guidelines, codes and industry practices in Luxembourg.
  • The list of the above rights is not absolute and requests may be refused where exceptions apply.


Updated: 15 September 2021