GDPR Charter
What is the use of this policy?
The personal data processing policy demonstrates A.T.E.S.'s desire to enforce the applicable rules regarding the protection of personal data and, in particular, those of the General Data Protection Regulation ("GDPR") 1. In particular, the GDPR policy aims to inform our customers and partners about how and why we process personal data in the context of the services we provide.
Who is this policy aimed at?
The GDPR policy implemented by A.T.E.S applies to our customers, our potential customers, our partners (particularly business providers), a candidate for an open position within our company, etc.
Why do we process your data?
As part of the services offered by our company, we are necessarily required to process the personal data of the aforementioned persons for the following reasons and bases:
● So that you can benefit from our services and to respond to your requests in accounting and tax matters, on the basis of our general and specific conditions as recommended by the Order of Chartered Accountants in Luxembourg.
● So that you can follow us on social networks and share your opinions based on the general conditions of use of the platform used (eg: Facebook, LinkedIn, etc.) and our legitimate interest in benefiting from a dedicated page on social networks.
● So that you can register and receive our newsletter which will inform you of all news regarding our services based on your consent.
● So that you can apply for a position at A.T.E.S.
● To guarantee and strengthen the security and quality of our services, on the basis of the legal obligations weighing on our sector of activity (obligation of vigilance in the context of the fight against money laundering and the financing of terrorism in particular) and our legitimate interest in ensuring the proper functioning of our services.
What data do we process and for how long?
Below we summarize the categories of personal data that we collect directly from you, as well as their respective retention periods.
If you would like more details on retention periods, you can contact us at s.bernier@ates.lu.
● Identification data and contact details of individual clients, directors/managers, partners/shareholders (e.g.: surname, first name, date of birth, place of birth, personal address, N.I.F.) of a client company and its intermediary entities , and its subsidiaries, retained for the duration of the business relationship and an additional five years upon its completion (for professional compliance purposes in the fight against money laundering and terrorist financing).
● Data indicated in the CV and cover letter kept for the duration of the recruitment process then two months at the end of the recruitment process subject to your consent.
At the end of these periods, the data will be destroyed unless you request in writing to recover them.
What rights do you have to control the use of your data?
The applicable data protection regulations grant specific rights which can be exercised, at any time and free of charge, in order to control the use we make of your personal data.
● Right of access and copy of your personal data as long as this request is not in contradiction with business secrecy, confidentiality, or even the secrecy of correspondence.
● Right to rectify personal data that is erroneous, obsolete or incomplete.
● Right to object to the processing of your personal data, it being specified here that A.T.E.S. does not engage in commercial prospecting.
● Right to request erasure (“right to be forgotten”) of your personal data which is not essential to the proper functioning of our services.
● Right to limitation of your personal data which allows the use of your data to be frozen in the event of a dispute over the legitimacy of processing.
● Right to portability of your data which allows you to recover part of your personal data in order to store them or transmit them easily from one information system to another.
● Right to give instructions on the fate of your data in the event of death either through you, or through a trusted third party or a beneficiary. For a request to be taken into account, it is imperative that it is made directly by you to the address s.bernier@ates.lu.
Any request that is not made in this manner cannot be processed. We will respond to your request as soon as possible, within two months of receipt.
Who can have access to your data?
We only communicate your data to people duly authorized to use them to implement our services. This may include our staff responsible for implementing the services provided by A.T.E.S. or one of our possible subcontractors, subject to your information and consent.
We may also communicate your data to public and judicial authorities in order to meet our legal and professional obligations.
How do we protect your data?
We implement all technical and organizational means required to guarantee the security of your data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or unauthorized disclosure of your data.
Can your data be transferred outside the European Union?
Unless strictly necessary and on a marginal basis, we do not transfer data outside the European Union and the data is always hosted on European soil.
In addition, we make every effort to use providers hosting data within the European Union. In the event that our service providers are nevertheless required to transfer personal data concerning you outside the European Union, we scrupulously ensure that they implement appropriate guarantees to ensure the confidentiality and protection of your data. .
Who can you contact for more information?
Our Data Protection Officer (“DPO”) is always available to explain in more detail how we process your data and to answer your questions on the subject at: s.bernier@ates. read.
How can you contact the CNPD?
You can contact the Luxembourg supervisory authority for the protection of personal data at any time (the “National Commission for Data Protection” or “CNPD”) at the following contact details: 15, Boulevard du Jazz, L-4370 Belvaux or by telephone at: (+352) 26 10 60 -1.
Can the policy be changed?
We may modify our GDPR policy at any time to adapt it to new legal requirements as well as new processing that we may implement in the future.
1 REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95 /46/EC (general data protection regulation)