Confidentiality policy - WAT Fiduciary

Confidentiality policy


Below you will find more information about our personal data processing policy. If you have any questions, do not hesitate to contact us at the following email address:

We are committed to respecting the general European regulation of personal data protection (abbreviated GDPR), in force since May 25, 2018 concerning the collection of your personal data.

You will find your rights and legal obligations below.

By communicating your personal data to us, you explicitly declare that you have read our personal data processing policy with its conditions and limits, and you explicitly accept the content and the processing itself.

  1. Application fields

This information note relating to our data protection policy concerns all the services provided and all the activities carried out by WAT Fiduciary S.à rl. This note is applicable to our existing and future customers (as well as their suppliers and our clients’ clients where applicable), our clients’ agents, economic beneficiaries, our subcontractors, our partners, our suppliers and service providers.

  1. Data controller and processor

In our capacity as a fiduciary member of the Ordre des Experts-Comptables du Luxembourg, we are responsible for the processing of a large number of data, including personal data. The responsible entity is the company incorporated under Luxembourg law “WAT Fiduciary S.à r.l.”

Depending on the circumstances, we may be designated as controller, processor or joint controller.

The personal data that we process may concern our customers, agent of one of our customers, economic beneficiary, temporary worker, intern, student, potential candidate, employee, supplier, subcontractor, service provider but also as a direct business relationship or relationship of our customers (if you are a supplier, subcontractor or customer of our customer, for example).

a. Responsible for processing

As data controller, we are required to comply with legal requirements regarding data processing for the purposes we have determined. We are responsible for the processing of personal data in the following cases :

  • Services to our clients who are individuals or sole proprietorships;
  • Director / manager mandate;
  • Mandate of statutory auditor;
  • Mandate of liquidator;
  • Management of our internal obligations relating to our own personnel.

b. Subcontractor

We will act as a subcontractor in the following cases:

  • Services to our corporate clients;
  • Salary management mission;
  • Domiciliary mission.

We have procedures in place so that persons authorized to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

  1. Personal data

Depending on your activities and your relationship with our fiduciary, you potentially provide us with the following data :

a. You are a company

The information are extensive and may include :

  • Company Name;
  • Address;
  • VAT number;
  • Various registration numbers;
  • Bank account number;
  • Certain data of your contact person or of your employees (name, first name, sex, language, date of birth, address, telephone number, email address, etc.);

b. You are a natural person

The information are extensive and may include :

  • Last name;
  • First name;
  • Adress;
  • Phone number;
  • Mail address;
  • Bank account number;
  • Family situation;
  • Gender;
  • Date of Birth;
  • VAT number;
  • Various registration numbers;
  • etc…

We process personal data provided by the data subject himself.

We may also process personal data provided by another person, such as personal data transmitted by the client and concerning his employees, directors, clients, suppliers, or even shareholders.

Personal data can also come from public sources (example: Luxembourg Business Registers, CSSF, etc.).

The data are only processed if this processing is necessary for the purposes mentioned in point 4.

You are responsible for the accuracy of the data transmitted.

  1. Purposes of processing

We process personal data for the following purposes :

  1. In order to fulfill our obligations in terms of the fight against money laundering and the financing of terrorism;
  2. In order to fulfill our obligations towards the Luxembourg authorities, foreign authorities or international institutions;
  3. As part of the performance of our services. The processing of personal data concerns the data of customers but also of any other person related to customers (example: staff member, managers, etc.);
  4. As part of the development of our activity (subscription to our newsletter, contact request form via our website, contact during events, etc.).
  1. Website and cookies

Our website uses cookies to ensure that it works properly.

These cookies do not collect any personal data, they simply allow a better browsing experience.

You can configure your browser to be informed each time cookies are created or to prevent their creation.

By blocking cookies on your browser, access to our site will not be refused, but some features may not be available.

  1. Duration of the treatment

Personal data is processed for the period necessary for the performance of the service / task. These data will, in accordance with the AML / CFT law, be kept for a period of 5 years after the end of the business relationship. The retention period for personal data may also be extended due to legal obligation.

Once the aforementioned periods have expired, the personal data will be erased, unless another legislation in force provides for a longer retention period.

  1. Access and destination of personal data

For the processing of your personal data, we allow access to this data to our employees. They are required to treat it confidentially and may only use this data for the purposes for which it was provided.

We do not pass on personal data collected to third parties, except as part of the performance of the service (such as tax authorities).

When an external service provider has to intervene for the performance of a task (example notary, IT service provider, etc.) said service provider is required to respect the confidential nature of your personal data and may only use this data for purposes for which they were provided.

We may transmit personal data at the request of any legally competent authority. We can also transmit these on our own initiative in order to comply with the legislation in force.

  1. Security measures

Your personal data is treated confidentially. They are also kept secure.

  1. Your rights

In accordance with the legislation in force, you have a right of access to your data which is processed by our company in order to verify them, have them rectified or supplemented.

a. Right of opposition to a specific use

You can request access to your personal data which will allow you to receive a copy of the personal information we hold about you.

You can also request the modification of this personal information.

b. Right of opposition to a specific use

You have the right to object to the processing of your personal data for serious and legitimate reasons. However, you cannot object to the processing of data necessary for the fulfillment of a legal obligation or the fulfillment of a contract. You always have the right to object to the processing of your data for direct marketing purposes.

c. Right to delete data

You can request that your data be deleted. However, there are situations in which we will not be legally allowed to delete this data.

d. Right of portability

You can request the transfer of your personal information for your benefit or for the benefit of another controller in an electronic and structured format (right to data portability). This allows you to recover and transfer your data in an electronically usable format.

e. Right of limitation

You can request the restriction of the processing of your personal information. This allows you to ask us to suspend the processing of your personal information.

If the processing of personal data is based on prior consent, you have the right to withdraw that consent. This personal data will then be processed only if we have another legal basis.

You can exercise the aforementioned rights by e-mail to the following address : or by mail to our postal address.

We may ask you for specific information to help us confirm your identity and ensure that your right to access that information (or to exercise any of your other rights) is respected. This is a security measure designed to ensure that your personal information is not disclosed to anyone who is not authorized to view it.

  1. Data Protection Officer

WAT Fiduciary has appointed Mr. Julien Turcksin as Data Protection Officer (hereinafter “DPO”). For any questions relating to the protection of personal data, please contact our DPO, by post or by email (contact :

  1. Complaints

You can lodge a complaint with the National Commission for Data Protection (“CNPD”) if you feel that your rights have not been respected.