Last revised: 23 May 2018
Your privacy is important to us. This Privacy Statement explains what information we gather about you, what we use it for and who we share it with. It also sets out your rights and who you can contact for more information or queries.
1. Who this privacy statement applies to and what it covers
This Privacy Statement applies to Analie Sarl with registered office at 36 Op der Tonn, Gonderange, L-6188, Luxembourg ("Analie", "we", "us" or "our").
This Privacy Statement explains how we will collect, handle, store and protect information about you when:
- providing services to you, or to our clients;
- you use our Website; or
- performing any other activities that form part of the operation of our business.
When we refer to “our Website” or “this Website”, we mean www.analietax.com, and all associated websites linked to www.analietax.com.
2. Who can you contact for privacy questions or concerns?
If you have questions or comments about this Privacy Statement or how we handle personal data, please contact us. We aim to respond to privacy-related communications within 30 days.
You may also contact the Luxembourg National Commission for Data Protection to report concerns you may have about our data handling practices.
3. How do we collect personal data?
We may collect, record and use your personal data in physical and electronic form, and will hold, use and process that data as set out in this Privacy Statement and in accordance with the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection.
We may process your data because:
- you give it to us, for example, including from individuals who contact us by email or telephone, provide us their business card, complete our online forms, attend a meeting, visit our offices or apply for jobs. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.
- other people give it to us, for example, your employer or adviser, or third-party service providers that we use to help operate our business. We may obtain personal data about candidates from an employment agency and other parties including former employers.
- it is publicly available, for example, information obtained from public registers, news articles, sanctions lists and Internet searches.
4. What personal data do we collect?
The personal data that we process may include your:
- Contact details, including name, company name, job title, telephone numbers, email and postal addresses.
- Professional details, including your job and career history, educational background and professional memberships.
- Family and beneficiary details, including names and dates of births.
- Financial information, including taxes, payroll, investment interests, pensions, assets and bank details.
- CCTV footage and other information we collect when you access our premises.
We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes.
Examples of sensitive personal data that we may obtain include:
- Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.
- Expense receipts or invoices submitted for individual tax or accounting advice that reveal affiliations with trade unions or political opinions.
- Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information.
- Information provided to us by our clients in the course of a professional engagement.
If you choose not to provide, or object to us processing, the information we collect, we may not be able to continue to provide some or all of our services to you or to our client.
5. What lawful reasons do we have for processing personal data?
We are required by law to set out in this Privacy Statement the legal grounds on which we rely on in order to process your personal data. We rely on one or more of the following lawful grounds:
- Contract – We may process personal data in order to perform our contractual obligations.
- Consent - We may rely on your freely given consent at the time you provided your personal data to us.
- Legitimate Interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include delivering the professional services our clients have engaged us to provide, to prevent fraud and to protect our business interests.
- Legal Obligations and Public Interests – We may process personal data in order to meet regulatory and public interest obligations or mandates.
Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.
6. Why do we need personal data?
We need personal data to enable us to provide our services to you, or to our clients, and to meet our legal or regulatory obligations. Examples include:
- Providing professional services to our clients.
- Promoting our professional services, products and capabilities to existing and prospective clients.
- Conducting due diligence checks relating to the services.
- Administering, maintaining and ensuring the security of our information systems, applications and Websites.
- Authenticating registered users to certain areas of our Websites.
- Seeking qualified recruitment candidates.
- Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
- Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud and other forms of financial crime.
7. Sharing your personal data
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data that we entrust to them.
We may engage with several or all of the following categories of recipients:
- Parties that support us as we provide our services, including providers of telecommunication systems, IT system support, archiving services, document production services and cloud-based software services.
- Our professional advisers, including lawyers, auditors and insurers.
- Payment services providers.
- Marketing services providers.
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
- Recruitment agencies.
8. Transferring your personal data outside of the EEA
Information we hold about you may be transferred to other countries (which may include countries outside the European Economic Area (“EEA”)) :
- where we do business;
- which are linked to your engagement with us;
- from where you regularly receive or transmit information; or
- where our third parties conduct their activities.
These countries may have less stringent privacy laws than we do, so any information they hold can become subject to their laws and disclosure requirements, including disclosure to governmental bodies, regulatory agencies and private persons. In addition, a number of countries have agreements under which information is exchanged with other countries for law enforcement, tax and other purposes.
When we, or our permitted third parties, transfer your personal data outside the EEA, we will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. We or they may also require the recipient to subscribe to international frameworks intended to enable secure data sharing.
We may also transfer your personal data when:
- the transfer is to a country deemed to provide adequate protection of your personal data by the European Commission; or
- where you have consented to the transfer.
If we transfer your personal data outside the EEA in other circumstances (for example, because we have to by law), we will make sure it remains adequately protected.
9. Protecting your personal data
We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We use a range of measures to ensure we keep your personal data secure, accurate and up to date. These include:
- education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- administrative and technical controls to restrict access to personal data to a ‘need to know’ basis;
- technological security measures, including fire walls, encryption and anti- virus software; and
- physical security measures to access our premises.
The transmission of data over the internet (including by e-mail) is never completely secure. So although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us.
10. How long do we keep your personal data for?
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, we seek to ensure that we only keep your personal data for the longest of:
- the period necessary for the relevant activity or services;
- any retention period that is required by law; or
- the period in which litigation or investigations might arise in respect of the services.
We dispose of personal data in a secure manner when we no longer need it.
11. Your rights
You have various rights in relation to your personal data. In particular, you have a right to:
- Access – You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
- Correction – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
- Erasure – You can ask us to delete your personal data after you withdraw your consent to processing, or when we no longer need it for the purpose it was originally collected.
- Processing restrictions – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
- Data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
- Automated Individual Decision-making – You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
- Right to Object to Direct Marketing including Profiling – You can object to our use of your personal data for direct marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you.
- Right to Withdraw Consent – You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
To submit a data request please contact us.
12. Changes to our Privacy Statement
We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Statement, we will amend the revision date at the top of this page, and such modified or amended Privacy Statement shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Privacy Statement to be informed about how we are protecting your information.