Protection of your personal data in accordance with GDPR

Last updated: January 2025

1) Who we are

Data Controller: Fiduciaire Expert S.à r.l.

15, avenue de la Liberté, L-1931 Luxembourg

Contact: contact@fiduciaire-expert.lu

GDPR Contact Point / DPO: dpo@fiduciaire-expert.lu

2) What data do we process?

As part of our activities, we collect and process the following categories of data:

  • Identification and contact data
  • Professional data
  • Contractual and billing data
  • Accounting and tax documents
  • Social data (payroll/declarations)
  • KYC/AML data (know your customer and anti-money laundering)
  • Communications and appointments
  • Recruitment data (CV, cover letter, communications)

3) Purposes and legal bases

Contract performance (Art. 6-1-b GDPR):

Accounting and tax services, file management, invoicing.

Legal obligations (Art. 6-1-c):

Tax and social security, AML/CFT (KYC), keeping and storing accounting documents.

Legitimate interests (Art. 6-1-f):

Internal management, IT security, fraud prevention, debt collection, service improvement.

Consent (Art. 6-1-a):

Email marketing to non-clients, non-essential cookies.

4) Recipients

Your data may be shared with the following recipients, in strict compliance with professional secrecy:

  • Competent authorities and organizations (ACD, AED, CCSS, CRF)
  • Banking institutions
  • Legal professionals on mandate
  • Subcontractors (cloud tools, IT) bound by GDPR-compliant contracts

Professional secrecy is strictly respected in all cases.

5) Transfers outside EU/EEA

Any international transfer of your data is subject to appropriate safeguards in accordance with GDPR.

6) Retention periods

  • Accounting/tax files: 10 years
  • Social files: 10 years
  • AML/CFT (KYC) data: 5 years after the end of the relationship (extendable if required by law)
  • Unsuccessful applications: 2 months after notification

7) Your rights

In accordance with GDPR, you have the following rights:

  • Right of access to your data
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object

To exercise your rights:

Contact us at dpo@fiduciaire-expert.lu or by mail to our registered office. Proof of identity may be required.

Complaints:

CNPD, 15 Boulevard du Jazz, L-4370 Belvaux – www.cnpd.public.lu

Limitations:

Certain rights may be restricted due to legal obligations, including AML/CFT and legal retention requirements.

8) Security

We implement proportionate technical and organizational measures to ensure the confidentiality, integrity and availability of your data.

Incident management procedures are in place and we provide notifications required by law in case of data breach.

9) Data origin

The data we process comes from:

  • Data provided directly by you or your representatives
  • Public/professional sources (registers, administrations)
  • Mandated third parties (banks, advisors, technical partners) according to file needs

10) Updates

We may modify this privacy policy to remain compliant with regulations or improve the protection of your data.

The last update date appears at the top of the page.

We use cookies to improve your experience and analyze site traffic. Learn more