Privacy

Privacy Policy

Last updated: January 2026. This Privacy Policy explains how Joh. Berenberg, Gossler & Co. KG collects, uses, and protects your personal data.

1. Controller and Contact Information

Data Controller:
Joh. Berenberg, Gossler & Co. KG
Überseering 28
22297 Hamburg
Germany
VAT: DE118509931

Contact:
Email: Finance-sup@berengberg.de.com
Phone: +49 40 350 60-0

2. Legal Basis and Scope

This Privacy Policy applies to the processing of personal data by Joh. Berenberg, Gossler & Co. KG in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws. We are committed to protecting your privacy and ensuring you have a positive experience on our website and in our business relationships.

3. What Personal Data We Collect

We collect personal data in various forms, including:

  • Identification Data: Name, title, address, phone number, email address
  • Business Data: Company name, position, department, professional qualifications
  • Financial Information: Banking details, transaction history, investment preferences (where applicable)
  • Communication Data: Records of correspondence, meeting notes, preferences regarding communication channels
  • Technical Data: IP address, browser type, device information, cookies, usage patterns on our website
  • Legal and Compliance Data: Documentation related to regulatory compliance, sanctions screening results, beneficial ownership information

4. How We Collect Your Data

We collect personal data through:

  • Direct provision by you through contact forms, applications, or correspondence
  • Automatic collection through our website (cookies, analytics, web logs)
  • Third parties such as public registers, credit agencies, or business partners
  • Your employer or authorized representatives in the context of business relationships
  • Publicly available sources for business purposes

5. Purposes of Processing

We process your personal data for the following purposes:

  • Service Delivery: Providing financial advisory, asset management, and banking services
  • Relationship Management: Maintaining and developing business relationships with clients and partners
  • Legal Compliance: Fulfilling regulatory obligations, anti-money laundering (AML) requirements, and sanctions compliance
  • Risk Management: Assessing creditworthiness, fraud prevention, and operational risk management
  • Marketing and Communication: Sending news, updates, and marketing materials (where you have consented or where permitted by law)
  • Website Optimization: Analyzing usage patterns to improve our website and services
  • Legal and Tax Obligations: Meeting statutory requirements for record-keeping and reporting

6. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Consent (Article 6(1)(a)): Where you have explicitly consented to specific processing activities
  • Contract Performance (Article 6(1)(b)): To provide the services you have requested
  • Legal Obligation (Article 6(1)(c)): To comply with German and international financial regulations
  • Legitimate Interests (Article 6(1)(f)): For business purposes, fraud prevention, and improving our services

7. Data Sharing and Recipients

We may share your personal data with:

  • Internal Departments: Different business units within Joh. Berenberg, Gossler & Co. KG for service delivery and compliance
  • Service Providers: Third-party vendors who provide IT, legal, accounting, or other services on our behalf (under data processing agreements)
  • Regulatory Authorities: Government agencies, financial regulators, and law enforcement when required by law
  • Financial Institutions: Banks, custodians, and other financial partners necessary for service delivery
  • Group Companies: Other entities within the Berenberg group for administrative and business purposes
  • Professional Advisors: Lawyers, auditors, and tax advisors who assist us in our operations

All recipients are contractually bound to process your data in accordance with GDPR and this Privacy Policy.

8. International Data Transfers

As an international financial institution, we may transfer personal data outside the European Economic Area (EEA). Such transfers are made only:

  • To countries with an adequacy decision by the European Commission
  • With appropriate safeguards such as Standard Contractual Clauses (SCCs)
  • With your explicit consent where necessary

We implement additional technical and organizational measures to protect data during international transfers.

9. Data Retention

We retain your personal data only as long as necessary to achieve the purposes outlined above and to comply with legal obligations. Retention periods vary depending on the type of data and purpose:

  • Client Data: Retained for the duration of the business relationship and typically 6 years after termination (German commercial law)
  • Compliance Data: Retained for 10 years or as required by AML/KYC regulations
  • Website Data: Analytics data typically retained for up to 12 months
  • Marketing Data: Retained until you withdraw consent or object to processing

After the retention period expires, data is securely deleted or anonymized.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access (Article 15): You may request a copy of the personal data we hold about you
  • Right to Rectification (Article 16): You may request correction of inaccurate or incomplete data
  • Right to Erasure (Article 17): You may request deletion of your data (subject to legal exceptions)
  • Right to Restrict Processing (Article 18): You may request that we limit how we use your data
  • Right to Data Portability (Article 20): You may request your data in a structured, machine-readable format
  • Right to Object (Article 21): You may object to processing based on legitimate interests or marketing
  • Right to Withdraw Consent: You may withdraw consent at any time without affecting the lawfulness of prior processing
  • Right to Lodge a Complaint: You may file a complaint with the German Data Protection Authority (Landesbeauftragte für Datenschutz)

11. How to Exercise Your Rights

To exercise any of the rights above, please contact us at:

Email: Finance-sup@berengberg.de.com
Mail: Joh. Berenberg, Gossler & Co. KG, Überseering 28, 22297 Hamburg, Germany
Phone: +49 40 350 60-0

We will respond to your request within 30 days. In cases requiring investigation, this period may be extended by an additional 60 days.

12. Security Measures

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Employee training on data protection and confidentiality
  • Incident response procedures and breach notification protocols
  • Regular backups and disaster recovery plans

However, no security measure is completely impenetrable. While we strive to protect your data, we cannot guarantee absolute security.

13. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver personalized content. Cookies are small text files stored on your device. We use:

  • Essential Cookies: Required for website functionality and security
  • Performance Cookies: Used to analyze how visitors use our website
  • Marketing Cookies: Used to deliver targeted advertisements and measure campaign effectiveness

You can control cookie settings in your browser preferences. Please note that disabling cookies may affect website functionality. For more information, please see our Cookie Policy.

14. Third-Party Links

Our website may contain links to third-party websites and services. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of linked websites. We encourage you to review the privacy policies of any third-party sites before providing personal information.

15. Children's Privacy

Our website and services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will promptly delete such information and take appropriate measures to prevent further collection.

16. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities without undue delay, as required by GDPR Article 33 and Article 34. We will provide details of the breach, the data affected, and the measures we are taking to address it.

17. Data Protection Impact Assessment

For processing activities that pose a high risk to your privacy rights, we conduct Data Protection Impact Assessments (DPIA) as required by GDPR Article 35 to identify and mitigate risks.

18. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our website or services following such notification constitutes your acceptance of the changes.

19. Contact and Complaints

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Joh. Berenberg, Gossler & Co. KG
Überseering 28
22297 Hamburg
Germany
Email: Finance-sup@berengberg.de.com
Phone: +49 40 350 60-0

If you are not satisfied with our response or believe your data protection rights have been violated, you may lodge a complaint with the German Data Protection Authority:

The Hamburg Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien und Hansestadt Hamburg)
Kurt-Schumacher-Allee 4
20097 Hamburg
Germany
Phone: +49 40 428 54-4040
Email: mailbox@datenschutz.hamburg.de

20. Additional Information for EU Residents

If you are a resident of the European Union, you benefit from additional protections under GDPR. Your personal data will not be transferred outside the EU without appropriate safeguards, and you have the right to lodge a complaint with your national data protection authority.

This Privacy Policy is effective as of January 2026 and shall remain in effect until modified. For the most current version, please visit our website regularly.

Disclaimer: The information on this website is for informational purposes only and does not constitute financial advice. Past performance is not indicative of future results. Joh. Berenberg, Gossler & Co. KG is not authorised to provide financial advice. Always seek independent financial advice from a qualified professional before making any investment or financial decisions.
We use cookies Joh. Berenberg, Gossler & Co. KG uses cookies to enhance your experience. Privacy · Cookies