1.INTRODUCTION
The most practical overview to the news introduced by the EU General Data Protection Regulation 2016/679 (GDPR) entering into force the 25th May 2018, can be summarised in the six principles expressed by Article 5 of the GDPR.
According to Article 5, the data protection shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
2.WHAT IS THE LEGAL BASIS AND WHY DO WE PROCESS YOUR DATA?
With the entry into force of the European Regulation 2016/679, all companies are obliged to comply with the GDPR. Our firm will therefore be required to process your personal data in accordance with the provisions of the GDPR for the following activities:
3.HOW DO WE COLLECT YOUR PERSONAL DATA AND FOR HOW LONG
There are several ways to collect your personal information: you can directly send them to us either physically or electronically. Or maybe they are collected at the moment the business relations starts, when you request an offer, when you receive a business proposal or when we realize a project for you. Finally you can send your candidature (spontaneously or in reply to a announce) for a post in our expertise firm. We may also receive your data from external sources, such as public databases, websites, social networks and third parties.
Personal data shall be kept in a form permitting your identification for no longer than is necessary for the business purposes of our firm.
4.WHAT PERSONAL DATA ARE PROCESSED?
The personal data processed by our office are merely related to your identity, but our intervention is limited to the processing of data obtained in the context of our commercial relations or work, namely for example:
In the frame of a possible recruiting, we are equally led to collect the following personal information:
5.WHO RECEIVES YOUR DATA?
All departments that will need your data to meet our contractual and legal obligations will have access to your personal data and therefore all employees at our office have received specific training to understand the importance of the confidentiality of your data and have signed a confidentiality clause.
Our office will also be required to process your personal information for administrative or contractual scope in the frame of the contractual relationship established with you. In this context, we may therefore be required to transmit certain information to third-party providers (for example, for the recovery of claims, the keeping of accounts or the preparation of employee payslips), or where legal provisions so require, or if you gave your consent. For the sake of clarity we undertake to verify that concerned third-party providers complies with our same level of confidentiality and processes your personal data in accordance with the provisions of the GDPR.
It is important to specify that your personal data are not transferred outside the European Union. Our firm will also not be required to transfer your personal data to an international organization of a third country.
6.WHO IS RESPONSIBLE FOR PROCESSING THE DATA AND HOW CAN YOU CONTACT IT?
You may contact the responsible of the data protection through our office at the following coordinates:
BUREAU D’EXPERTISE PEYMAN ASSASSI
M. Peyman Assassi
28, Côte d’Eich
L-1450 Luxembourg
Par mail : info@expertise-assassi.lu
Par téléphone : (+352) 40 58 86
Par Fax: (+352) 40 58 87
7.HOW TO RETRACT YOUR CONSENT
Do you know that you can withdraw your consent at any time by contacting our responsible for data controlling at the contact details mentioned above? This rule also applies to any consent statement given before the entry into force of the GDPR, ie before May 25, 2018. The withdrawal of consent does not affect the legality of the processing of the data that occurred prior to this withdrawal.
One of the programs that this website is using is Google Analytics (Cookies, Way to navigate)
We remain at your disposal for any further information you may need.
Sincerely,
Your team Bureau d’Expertise Peyman Assassi
info@expertise-assassi.lu
This text has been written by the luxembourgish law firm Justlex and is under their property.