Black logo on transparent

Policy from confidentiality

Home / Privacy Policy

RGPD

Below you will find more information about our personal data processing policy. If you have any questions, please do not hesitate to contact us at the following e-mail address: GDPR@watfiduciary.lu

We are committed to complying with the European General Data Protection Regulation (abbreviated as GDPR), in force since 25 May 2018 regarding the collection of your personal data.

Below you will find your rights and legal obligations.

By providing us with your personal data, you explicitly declare that you are aware of our personal data processing policy with its conditions and limitations, and you explicitly accept the content and the processing itself.

  1. Fields of application

This information note on our data protection policy applies to all services provided and activities carried out by WAT Fiduciary S.à r.l.. This notice applies to our existing and future clients (as well as their suppliers and our clients' clients, if any), our clients' agents, economic beneficiaries, our subcontractors, partners, suppliers and service providers.

  1. Data controller and processor

As a fiduciary member of the Ordre des Experts-Comptables du Luxembourg, we are responsible for the processing of numerous data, including personal data. The responsible entity is the Luxembourg company "WAT Fiduciary S.à r.l.".

Depending on the circumstances, we may be designated as a controller, processor or joint controller.

The personal data we process may relate to our clients, an agent of one of our clients, an economic beneficiary, a temporary worker, a trainee, a student, a potential candidate, an employee, a supplier, a subcontractor, a service provider, but also as a direct business relationship or a relationship of our clients (if you are a supplier, subcontractor or client of our client, for example).

a. Data controller

As a data controller, we are obliged to comply with the legal requirements regarding the processing of data for the purposes we have determined. We are responsible for processing personal data in the following cases:

  • Services to our clients who are individuals or one-person companies;
  • Director/Manager mandate;
  • Mandate of the auditor;
  • Mandate of liquidator;
  • Management of our internal obligations relating to our own staff.

b. Subcontractor

We will act as a subcontractor in the following cases:

  • Services to our corporate clients;
  • Salary management mission;
  • Direct debit mission.

We have procedures in place to ensure that those authorised to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

  1. Personal data

Depending on your activities and your relationship with our trustee, you may provide us with the following data:

a. You are a company

The information is extensive and may include:

  • Name of the company ;
  • Address;
  • VAT number ;
  • Various personnel numbers ;
  • Bank account number ;
  • Some data of your contact person or collaborators (surname, first name, gender, language, date of birth, address, telephone number, e-mail address, etc.);
  • ...

b. You are a natural person

The information is extensive and may include:

  • Name ;
  • First name ;
  • Postal address;
  • Telephone number ;
  • E-mail address;
  • Bank account number ;
  • Family situation ;
  • Sex ;
  • Date of birth ;
  • VAT number ;
  • Various personnel numbers ;
  • etc...

We process personal data that the data subject has provided.

We may also process personal data provided by another person, such as personal data provided by the customer about their employees, directors, customers, suppliers, or shareholders.

Personal data can also come from public sources (e.g. Luxembourg Business Registers, CSSF,...).

Data shall only be processed if such processing is necessary for the purposes mentioned in point 4.

You are responsible for the accuracy of the data you provide.

  1. Purposes of the processing

We process personal data for the following purposes:

  1. In order to fulfil our obligations in terms of anti-money laundering and countering the financing of terrorism;
  2. In order to fulfil our obligations towards the Luxembourg authorities, foreign authorities or international institutions;
  3. Within the framework of the execution of our services. The processing of personal data concerns the data of customers but also of any other person linked to the customers (e.g. staff members, managers,...);
  4. As part of the development of our activity (newsletter registration, contact form via our website, contact during events, etc.).
  1. Website and cookies

Our website uses cookies to ensure that it functions properly.

These cookies do not collect any personal data, they simply enable a better browsing experience.

You can set your browser to notify you when cookies are set or to prevent them from being set.

By blocking cookies on your browser, access to our site will not be denied but some features may not be available.

  1. Duration of treatment

Personal data are processed for the period necessary to perform the service/task. In accordance with the LCB/FT law, this data will be kept for a period of 5 years after the end of the business relationship. The retention period of personal data may also be extended due to legal obligation.

Once the above-mentioned periods have expired, the personal data are deleted, unless other applicable legislation provides for a longer retention period.

  1. Access and destination of personal data

In order to process your personal data, we allow our employees access to this data. They are obliged to treat the data confidentially and may only use the data for the purposes for which it was provided.

We do not pass on any personal data collected to third parties, except in the context of the performance of the service (e.g. to tax authorities).

When an external service provider has to intervene to carry out a task (e.g. notary, IT service provider, etc.), the said service provider is obliged to respect the confidential nature of your personal data and may only use this data for the purposes for which it was provided.

We may transmit personal data at the request of any legally competent authority. We may also pass on personal data on our own initiative in order to comply with applicable legislation.

  1. Security measures

Your personal data is treated confidentially. They are also stored in a secure manner.

  1. Your rights

In accordance with the legislation in force, you have the right to access your data processed by our company in order to check them, have them corrected or completed.

a. Right of access and rectification  

You can request access to your personal data which will allow you to receive a copy of the personal information we hold about you.

You can also request that this personal information be changed.

b. Right to object to a specific use

You have the right to object to the processing of your personal data on serious and legitimate grounds. However, you cannot object to the processing of data that is necessary for the fulfilment of a legal obligation or the performance of a contract. You always have the right to object to the processing of your data for direct marketing purposes.

c. Right to have data deleted

You can request that your data be deleted. However, there are situations in which we will not be legally permitted to delete this data.

d. Right to portability

You can request the transfer of your personal information to you or to another controller in an electronic and structured format (right to data portability). This allows you to retrieve and transfer your data in an electronically usable format.

e. Right of limitation

You may request that we limit the processing of your personal information. This allows you to ask us to suspend the processing of your personal information.

If the processing of personal data is based on prior consent, you have the right to withdraw this consent. This personal data will then only be processed if we have another legal basis.

You may exercise the above rights by sending an e-mail to the following address GDPR@watfiduciary.lu or by post to our postal address.

We may ask you for specific information to help us confirm your identity and to ensure that your right of access to that information (or to exercise any other of your rights) is respected. This is a security measure to ensure that your personal information is not disclosed to anyone who is not authorised to view it.

  1. Data Protection Officer

WAT Fiduciary has appointed Mr. Julien Turcksin as Data Protection Officer (hereafter "DPO"). If you have any questions regarding the protection of personal data, please contact our DPO by mail at our postal address or by e-mail (contact : GDPR@watfiduciary.lu).

  1. Complaints

You can lodge a complaint with the National Commission for Data Protection ("CNPD") if you feel that your rights are not being respected.

URL: https://cnpd.public.lu/fr.html