DATA PROTECTION AND PRIVACY POLICY

Introduction

Protecting and respecting your privacy is a priority for the ParFi Group.

Our data protection policy relates to natural persons and aims to explain in clear and simple terms how we process your personal data in accordance with applicable regulations for the purposes set out below, the categories of personal data collected (whether directly or indirectly, on a mandatory or voluntary basis, manually or otherwise) from data subjects themselves, as well as their customers, third parties (including potential customers, sub-contractors, suppliers or any other stakeholder involved in a commitment with the ParFi Group and/or sources that may be accessed by the public where applicable).

This policy applies to both data collected initially when you make contact with a company within the ParFi Group, and data obtained by the ParFi Group at a later stage (for example, at the start of a business relationship, when an enquiry regarding additional services is made, or when information supplied at the outset is updated).

The processing of your personal data is subject to European Regulation (EU) 2016/679 of 27 April 2016 on data protection, known as “GDPR”, or any other legislation that amends it.  

Data subjects, personal data, processing, the data controller and data processor have the meanings provided in the General Data Protection Regulation.

Further information on data protection may be obtained from the National Commission for Data Protection (CNPD): https://cnpd.public.lu/fr/legislation/droit-lux.html

This policy is regularly updated.  

1. Who are we?

 The “ParFi Group” brand refers to a group of legal entities (Auditex S.à r.l., ParfinAccounting S.à r.l., Parfinindus S.à r.l., ParFi Accounting Éislek S.à r.l. and Figed S.A.), approved by the Luxembourg authorities and monitored by the Ordre des Experts-Comptables de Luxembourg (“OEC”), and the companies PARFIN’HR S.A., PARFINIMMO S.A., W4 Offices S.A., VASTA S.A. and FISCOBELUX S.A.

Our contact details are as follows:

ParFi Group
17, rue Léon Laval
L-3372 Leudelange

Tel. (+352) 315 150 1
Fax. (+352) 315 150 222

parfigroup@parfigroup.eu

 We make every effort to comply with current data protection legislation and implementing measures, supervised by the CNPD.

If we outsource services to our specialist partners to act as data processors, they must comply with our data protection policy and fulfil their legal obligations in this respect. We endeavour to protect your personal data with the appropriate provisions in our agreements with data processors and any other parties who may assist us with processing your personal data, or with whom we share your information.

 2. Data subjects

 The ParFi Group processes the personal data of individuals or legal entities with whom it has or may have a direct or indirect relationship.

Customers 

As a data controller, the ParFi Group processes the personal data relating to every (co-)signatory of an agreement, their representatives, beneficiaries or any other persons acting as representatives thereof. With regard to legal entities, the ParFi Group, shall, as required, process the personal data of any persons associated with a legal entity, such as representatives, managers, directors, employees and their beneficial owners.

External service providers and sub-contractors

In order to provide the service/fulfil the assignment in question, the ParFi Group may have to process personal data relating to its external service providers or sub-contractors, representatives thereof and/or employees who may interact with the ParFi Group, subject to legal and/or contractual requirements or when necessary.

Visitors

The ParFi Group collects and processes the personal data of those who visit the website or physical premises.

Third parties

Depending on the circumstances, the ParFi Group may process the data of third parties who are linked to the customer. Customers who send the ParFi Group personal data concerning third parties, such as their family members, friends, beneficiaries, representatives or employer and their representatives or their beneficial owners, shall inform these third parties that their data may be processed by the ParFi Group, and also that this Policy exists.

Prospective or potential customers who display an interest in the ParFi Group’s products and services

As part of its activities and subject to legal and/or contractual requirements, the ParFi Group may keep, use and process personal data regarding prospective or potential customers who display an interest in the group’s products and services.

 3. Nature of the personal data processed:

 As part of its commercial activities and depending on the purpose, the ParFi Group may collect and process different categories of personal data. This might be data that identifies you directly or indirectly.

The different types of personal data that we normally collect are as follows: 

  • Identification and administrative data: your surname, first names, address, ID card number, email address, telephone numbers, your age, gender, date of birth, place of birth, marital status and nationality, etc.;
  • Professional data: job title, company, etc.;
  • Financial data: your invoices, payslips, income, the value of your property, the source of your funds or assets, tax information, transaction data, etc.;
  • Household composition data: your family circumstances, details about other people in the household, etc.;
  • Data related to your investor profile: your knowledge and experience of financial instruments and your financial situation, including your ability to bear losses, your investment objectives and your risk tolerance;
  • Digital data: records of emails sent, IP address, cookies that are strictly necessary for the website to function correctly, etc.;
  • Environmental data: characteristics, habits, information on social media, etc.;
  • Data obtained from third parties: data supplied by public authorities.

We do not process sensitive data, including personal data revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health-related data or data concerning a person’s sex life or sexual orientation.

Nevertheless, we may, in the context of certain legal obligations and when necessary, process data related to convictions and offences and the holding of public/political office.

 4. When and how do we collect this data?

 The ParFi Group may collect this personal data in the following situations:

When you become a customer and you send us your personal data yourself by any means, or when a third party or your advisor sends us your details, including prior to entering into an agreement;

  • When you have made your personal data public by any means;
  • When the ParFi Group obtains data from external sources in the context of monitoring measures in respect of the fight against money laundering and terrorist financing (such as UN/EU consolidated sanctions list, OFAC, HM Treasury, SECO, Rosfinmonitoring, Interpol);
  • When you visit our website;
  • When you visit our premises or contact our departments by telephone;
  • When you complete one of our forms or sign an agreement with a company within the ParFi Group.

 5. Purposes of the personal data processing 

 The ParFi Group may process personal data pursuant to applicable law and solely for the following purposes (collectively, the “Purposes”):

  • To supply professional services, including:
  • Auditing and insurance;
  • Tax, accounting and reporting (tax advice, consolidation, global tax compliance, tax services for individuals, accounting and bookkeeping, setting salaries, employment contracts, etc.) and
  • Consultancy (advice, corporate finance, individuals and organizations, regulations and compliance, technology, etc.);
  • Coaching and HR consultancy;
  • Assistance with property matters (finding property/offices, advice, lease, etc.).
  • Maintaining administrative and customer/supplier relationship management systems, in particular:
  • issuing proposals/bids and drafting contracts;
  • monitoring and managing customers/suppliers;
  • invoicing and paying invoices;
  • advertising, communication and public relations;
  • organizing events;
  • quality inspections; and
  • improving the customer or user experience and personalizing the provision of services.
  • Applying acceptance and ongoing support procedures (including the fight against money laundering, corruption and terrorist financing);
  • Facilitating compliance with legal, regulatory, professional and/or contractual obligations (including independence and archiving requirements);
  • Maintaining and protecting buildings, equipment, IT infrastructure and data (including access and authentication management, security and performance monitoring, etc.);
  • Maintaining the continuity of operations;
  • Managing risks and disputes;
  • Processing applications from data subjects; and/or
  • Managing websites.

 6. Legal basis

6.1 Legal obligations

 The companies within the ParFi Group are bound by a number of legal and regulatory obligations requiring the processing of your data. These obligations fall mainly under the following legal and regulatory domains:

  • The obligation to respond to any legitimate request from a public, legal, supervisory review or tax authority based in Luxembourg or abroad;
  • The obligation to assist with the prevention of money laundering and the financing of terrorist activities, by identifying customers, representatives and beneficial owners, profiling and monitoring operations and transactions.
  • The obligation to comply with legislation on embargoes decided by the competent authorities in Luxembourg or abroad, against individuals, organizations or nationals of certain States, including by identifying the persons and assets concerned;
  • The obligation to save and archive certain types of data.

 The list of legal and regulatory areas by virtue of which companies in the ParFi Group process your data is non-exhaustive and may change.

As regards its legal obligations relating to the fight against money laundering and terrorist financing, the ParFi Group performs automatic checks, using external sources or data that is specifically requested from you. Such automatic checks may subsequently lead to a refusal to enter into contract, or a request for additional information, as the case may be, but in any case, human intervention will validate the decision.

 6.2 Contractual relationships

 Before concluding contracts/letters of engagement, companies in the ParFi Group may and, in some cases, must obtain and process certain types of data, in particular in order to:

  • Answer your questions;
  • Respond to a request/application, assess its advisability and evaluate the risks related to a potential contract/letter of engagement.

 6.3 Legitimate interests

 The ParFi Group also processes your data in its own legitimate interests. To this end, the ParFi Group ensures that it maintains the proper balance between the need to process data and respect for your rights and freedoms, in particular the protection of privacy.

Personal data is thus processed for:

  • The organization of promotional events;
  • The organization of themed conferences.

 6.4 Consent

 In some cases, the ParFi Group will process your personal data only if it has specifically obtained your consent in this regard.

As an example:

The ParFi Group will not send you advertising communications by email or text message and will only process your electronic communication data for that purpose if you have specifically consented thereto (see 6.5).

Important: your consent is required only for communications of a commercial nature by email. In any case, we reserve the right to contact you through all communication channels and, in particular, by email in performance of your contract or if the law obliges us to do so.

 6.5 Commercial prospection

 The ParFi Group offers you a wide range of products and services, and as a company, it has a legitimate interest in being able to inform you of the products or services that it provides or promotes. In this regard, it may sometimes use your personal data, and in particular your contact details, to send you communications of a commercial or informative nature.

In practice, this means that you may be contacted, for example, in the following cases:

  • About products in which you have expressed an interest (for example by registering for an information session);
  • When the ParFi Group launches new products or services;
  • When you have initiated the process to subscribe to a product or service and have not completed that process.

 For the purposes of such prospection, the ParFi Group may contact you by traditional methods such as the telephone or ordinary post. The ParFi Group will only use such traditional communication methods if you have not exercised your right to object to the use of your data for direct marketing purposes (see 12.6).

The ParFi Group may also contact you by electronic means (email, fax or text message). It will, however, only do so if you have expressed your agreement in this regard.

Under no circumstances will the ParFi Group communicate your data to third parties to enable them to send you marketing communications regarding their own products and services. Moreover, the ParFi Group never processes sensitive data for marketing purposes.

Lastly, the ParFi Group does not use profiling or similar identification technologies.

 7. The ParFi Group acting as processor

 As a processor, the ParFi Group undertakes to only process personal data upon lawful and documented instructions from the data controller, included in the contractual documents applying to the services and in this information notice, and undertakes to ensure that its employees authorized to access personal data are subject to an appropriate confidentiality obligation. To avoid any ambiguity, this notice is designed to meet the requirements of Articles 28 and 29 of the General Data Protection Regulation.

The ParFi Group makes available to the data controller the legal information necessary to demonstrate compliance with the obligations laid down in this notice. The data controller may perform audits and inspections, to the extent that the law allows them to do so, subject to reasonable advance notice. Audits/inspections are carried out during normal opening hours of the ParFi Group and no more than once a year. The ParFi Group hereby informs inspectors that audits/inspections may not infringe the legal, regulatory and contractual obligations incumbent upon the ParFi Group, such as professional secrecy. Consequently, the data controller and the latter’s potential auditors are not authorized to access (i) data or information relating to other customers of the ParFi Group, (ii) any data exclusive to the ParFi Group or (iii) any other confidential information held by the ParFi Group which is not relevant or strictly necessary for the purposes of the audit/inspection.

The ParFi Group assists the data controller by taking the appropriate technical and organizational measures according to the nature of the processing, to the extent possible, that are necessary in order to meet the data controller’s obligation:

  • Replying to data subjects’ requests to exercise their rights, as defined in this notice;
  • Carrying out and/or assisting the data controller with data protection impact assessments as laid down in Article 35 of the GDPR and performing upstream consultations with a monitoring authority or other governmental authority where applicable laws so require;
  • Serving notice of a breach of personal data on the competent monitoring authority and/or the data subject(s). To this end, the ParFi Group shall immediately notify the data controller of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data; and
  • Supplying information that the data controller reasonably requests to enable them to comply with their obligations by virtue of applicable law if the information requested is in the possession or under the control of the ParFi Group and the data controller has no other reasonable way of obtaining such information.

 If the ParFi Group takes on other data processors to carry out specific processing tasks on the data controller’s behalf, it shall impose upon them the same data protection obligations as those set forth herein by means of a contract or other legal instrument by virtue of the laws of the European Union or of the Member States. Any change envisaged concerning the addition or replacement of such data processors shall be communicated to the data controller.

8. Obligations of customers

 According to the aims sought, the provision of personal data is a legal and/or contractual obligation; failure to supply such personal data may render execution of services by the ParFi Group impossible.

As an essential condition for providing services, the ParFi Group considers that customers (and parties to an undertaking with the ParFi Group, for which the customers concerned act as guarantors) will ensure that:

  • Personal data that they supply (or to which they give access) to the ParFi Group is accurate, appropriate, relevant and limited to the extent necessary to meet the specific aim for which it is disclosed, and is saved adequately in their systems;
  • They comply with applicable law on personal data processing by the ParFi Group (including the lawful nature of data supplied and, where applicable, the collection and management of consent of the data subject as a result thereof);
  • Data subjects are informed of conditions and methods according to which their personal data is processed by the ParFi Group, as described in this notice, in the form required by applicable law; and
  • They shall inform the ParFi Group immediately if any of the above conditions ceases to be met.

9. Retention period

 We make every effort not to retain your personal data beyond the period required for the processing for which it was collected. When assessing the period for which your personal data will be retained, we must also take into account the applicable regulatory requirements (for example: the requirements arising out of the law on the fight against money laundering and terrorist financing).

 10. Data security

 We take the appropriate technical and organizational measures to ensure that your personal data is adequately secured against accidental loss or disclosure to unauthorized persons.

We have put in place technical security measures in compliance with the international rules and standards in force in order to protect your personal data.

You can also ensure the security of your personal data by following this advice:

  • Use the latest operating system on your computer and install all security updates;
  • Use the most recent version of your browser and install all security updates;
  • Install antivirus software, anti-spyware software and a firewall, and set your preferences so that these programs are regularly updated;
  • Do not leave your device or connection equipment unsupervised;
  • Ensure that your passwords are confidential;
  • Connect only using a device that you trust and avoid using shared computers/devices for communications about sensitive transactions.

 If you are unsure about a website, do not use it and do not enter codes/passwords.

Do not open email attachments that you are not expecting.

Emails may contain viruses or malware, even if you know the sender. Ensure that your antivirus software also checks attachments to your incoming email. Activate where applicable the email filter on your browser.

If you contact us with a question relating to the execution of instructions, we will ask you personal questions in order to identify you.

 11. Who are the recipients of your personal data? To whom can your personal data be transferred?

 At the ParFi Group, your personal data can be accessed only by individuals whose work requires access to that data.

In some cases, the law requires us to disclose your personal data to third parties:

  • To Luxembourg or foreign tax authorities where the ParFi Group is required to disclose the customer’s personal data;
  • To public or judicial authorities such as the police, public prosecutors, courts, etc., and only when expressly requested by them;
  • To lawyers (for example in the context of bankruptcy), notaries (for example when a company is incorporated), etc.

 In some cases, the ParFi Group enlists data processors to provide you with services that you have subscribed to, or to process your personal data. This may be, for example:

  • Specialized financial sector suppliers who must also comply with their legal obligations as data processors or joint data controllers (for example: banking institutions, etc.);
  • Service providers assisting us in:
  • Designing and maintaining our tools;
  • Marketing our activities, organizing events and managing customer communications;
  • Developing and/or managing our products and services.

 In that case, we ensure that such data processors only have access to the personal data necessary to complete the specific tasks requested. We also ensure that our data processors undertake to use the data in a secure and confidential manner, and use it in line with our instructions.

Under no circumstances will we sell your personal data to third parties.

 12. Cross-border data transfers

 In principle, the ParFi Group never transfers personal data outside the EEE except:

  • To countries that provide an adequate level of personal data protection as determined by the European Commission; or
  • To recipients under an appropriate agreement containing the requirements of applicable law for such a transfer. A copy of the applicable safeguards can be requested from the ParFi Group’s data protection officer.

 13. What are your rights?

13.1 Right of access and rectification

 You have the right to access your personal data. The ParFi Group can inform you about:

  • the nature of the personal data processed;
  • the reasons why we collect your data;
  • the categories of recipients of your personal data;
  • how long your data will be kept;
  • the reason for the potential automatic processing of your personal data;
  • the source of personal data processed, if it was not collected from you.

 If you find your data to be inaccurate or incomplete, you may ask us to rectify it.

We make every effort to ensure that your personal data is correct, up-to-date, complete and relevant. This is why we ask that you inform us of any changes (change of address, new ID card, acquiring a new nationality, etc.).

If we correct your data and we had previously shared it with a third party, we shall also notify the third party concerned.

13.2 Right to be forgotten

 In certain specific cases, legislation enables you to have your personal data deleted.

This is the case namely if the data is no longer necessary for the purposes for which we collected it (for example, because you sent us your contact details in order to take part in an event which has ended), if the processing of your data is based exclusively on your consent which you have subsequently withdrawn, or if you have objected to the processing of your data and we have no legitimate reasons that prevail over your reasons.

However, the ParFi Group may keep your personal data when it is needed to establish, exercise or defend its legal claims or for the ParFi Group to meet its legal obligations. The ParFi Group shall also be bound by the retention periods stipulated in various laws, namely when the data was collected in the context of our obligations in respect of anti-money laundering and anti-terrorist financing (see point 6.1).

13.3 The right to restrict processing

 This particular right allows you to request that the ParFi Group temporarily lock your data in specific cases set out by regulations: the ParFi Group will then no longer be able to process your data at issue for a specified period of time.

Such locking may be requested:

  • If the data in question is incorrect, incomplete, equivocal, or outdated, for the time necessary to enable us to check the accuracy of your data;
  • If its collection, use, disclosure or retention is prohibited;
  • If it is no longer necessary in relation to the purposes for which it was processed;
  • For the period needed by the ParFi Group to examine the well-founded nature of an objection.

 If you have exercised this right, we may retain your personal data but we will no longer be able to process it except with your consent, or to establish, exercise or defend our rights (or those of another person).

13.4 Right to data portability

 By virtue of this right, you can ask the ParFi Group to send you your personal data or to send it directly to another data controller, where this is technically possible for the ParFi Group. Said right concerns only data that you have supplied to the ParFi Group yourself and which is the subject of automatic processing, on the basis of the contract or on the basis of your consent.

You can make a request by sending it to dpo@parfigroup.eu.

13.5 Right to withdraw your consent

 If the processing of your personal data is based on your consent, you are entitled to withdraw such consent at any time. Said withdrawal shall not, however, call into question the lawful nature of the processing carried out in the period prior to your withdrawal of consent.

13.6 Right to object

 You always have the right to object, without needing to provide grounds and free of charge, to the use of your personal data for commercial prospection purposes (see 15). In that case, your data will no longer be used for such purpose.

In addition, you are also entitled to object, for reasons relating to your own situation, to any processing of your personal data which is based on our legitimate interests. However, your request will not be acceded to if our legitimate interests prevail over your own, or if the processing of your data is required in order to establish, exercise or defend our rights in the courts.

 14. How can you exercise your rights?

 In order to exercise your rights, you can send us your request, dated and signed, accompanied by a legible recto/verso copy of your identity card, being as specific as possible:

By post to:

ParFi Group
c/o Data Protection Officer
17, rue Léon Laval
L-3372 Leudelange

by email to:

dpo@parfigroup.eu

 Once your full request has been received, we will reply as quickly as possible and at the latest within one month.

Nevertheless, if your request is complex and requires a significant amount of resources, we may extend this to a two-month period, in accordance with Article 12.3 of the GDPR.

We may bill you a reasonable amount on the basis of administrative costs for any additional copy(ies) requested in respect of the exercising of your right to access your personal data, or if your request is manifestly unfounded or excessive.

15. How can you let us know that you no longer wish to receive marketing/commercial offers?

 If you no longer wish to receive marketing offers from us or to limit them, you can let us know by writing to us by post or email as stated in point 13.6. You can, for example, ask us to send you only some of our newsletters or let us know your preferences in terms of method of communication.

 16. Who should you contact in the event of a dispute?

 If there is a dispute concerning the processing of your personal data, you can submit a request for mediation to the National Commission for Data Protection at the following address:

COMMISSION NATIONALE POUR LA PROTECTION DES DONNÉES

1, avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette

Tel: +352 2610601
Fax: +352 26106029

Special provisions apply to ParFi Group employees.

APPENDIX: Use of cookies and other technologies

The ParFi Group uses cookies and similar identification technologies.

A cookie is a small data file copied onto your computer’s hard disk by a website. It records information concerning the browsing of a website by your computer (such as, for example, pages visited or date and times consulted), which can be read when you subsequently visit the site.

The ParFi Group may send cookies when you visit the website or when you register to access an online service.

Cookies in place on the website are only those cookies necessary to the site to allow it to function optimally.

You can refuse or accept the installation of cookies selectively by configuring the browser used by your terminal. You can restrict the use of cookies by modifying your browser settings. You can block them and delete them by using your browser settings, but this may negatively affect your user experience.

 Links to other websites/third-party content

If the ParFi Group website includes links to external websites and resources, this does not constitute approval and the ParFi Group accepts no liability as regards the content (or information contained therein) of any linked website.