MOLITOR AVOCATS A LA COUR is a leading independent business law firm in Luxembourg serving local and international corporate clients doing business in the Grand Duchy (“MOLITOR).
- Who is responsible for your personal data?
- Why do we process your personal data?
- What personal data do we collect?
- How do we collect personal data?
- How do we use your personal data and what is the legal basis of each processing
- How long do we keep your personal data for?
- Who do we share your personal data with?
- Where do we transfer your personal data?
- How do we protect your personal data?
- Your rights
- Any further questions or concerns?
1. Who is responsible for your personal data?
MOLITOR Avocats à la Cour, a Luxembourg private limited liability company, registered with the Luxembourg Bar (List V), and established at L-2763 Luxembourg, 8, rue Sainte-Zithe, registered with the Luxembourg Trade and Companies Register under number B 211810 is the data controller responsible for your personal information.
2. Why do we process your personal data?
- For the performance of a contract you or your organisation is a part of and to provide our services based on your instructions;
- For the compliance of our legal obligations and to keep records of our compliance processes or tax records;
- To pursue our legitimate interests, or those of a third party recipient of your personal data, in a way which is reasonably expected as part of running MOLITOR, which is not detrimental to you and would have a minimum impact on your privacy;
- To provide you with information you have registered for, i.e. where you have expressly provided us with your consent to process your personal data in that manner, for example, if you have subscribed to MOLITOR’s newsletters or registered to join our events.
3. What personal data do we collect?
We collect and process personal data, such as:
- Identity and Contact Data: name, address, telephone number, date of birth, marital status, passport number, employment history, educational or professional background, tax status, employee number, job title and function, and other personal data concerning your preferences relevant to our services;
- Financial and Payment Data: bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Business Information: information provided in the course of the contractual or client relationship between you or your organisation and MOLITOR, or otherwise voluntarily provided by you or your organisation;
- KYC information: relevant information as required by Anti-Money Laundering regulations. This may include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from you or through the use of online sources or both;
- Physical Access Data: relating to details of your visits to our office or information you provide to us for the purposes of attending meetings and events, or your image (including dietary requirements which may reveal information about your health or religious beliefs, use of video surveillance at the entrance to our offices);
- Sensitive personal data: In the course of our legal services, we may represent you and/or your organisation in legal matters that require us to collect and use sensitive personal information relating to you (information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual orientation, or details of criminal offences, or genetic or biometric data).
The purposes of processing will be different depending on our relationship, as detailed in section 5.
4. How do we collect personal data?
We collect personal data directly from you or your organisation when:
- You or your organisation seek(s) legal advice from us or use any of our services and provide(s) us with personal data relating to you, your company, your employees, your suppliers or other involved third parties;
- You or your organisation seek(s) legal assistance to represent you or your organisation in legal disputes.
- You or your organisation offer(s) to provide or provide(s) services to us;
- You correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our lawyers and staff;
- You or your organisation browse(s), complete(s) a form or make(s) an enquiry or otherwise interact(s) on our website or other Social Media;
- You attend our seminars or other events or sign up to receive information from us.
Personal data may also be obtained from third party sources i.e.:
- Public registers and Public registers of company directors and shareholdings;
- Regulatory bodies;
5. How do we use your personal data and what is the legal basis of each processing?
We use your personal data for the following purposes:
Ground(s) for processing
Purpose of the processing
Who is concerned
The performance of pre-contractual measures, and
The performance of a contract with you or your organisation.
- Register you or your company as a client of MOLITOR;
- Register you or your company as a supplier of MOLITOR;
- Establish, perform or terminate engagements relating to our services;
- Make assessment and decision about the terms of our engagement;
- Manage our relationship with you including payments, accounting, billing and other steps linked to the performance of our relationship, including identifying individuals authorised to represent our clients, suppliers or service provides;
- Provide and manage our legal services or other services, as instructed by you or your organisation
- Prospective clients
The establishment , exercise of defence of legal claims or whenever courts are acting in their judicial capacity.
- Provide you or your organisation with our legal services, including assistance before Courts, administrations, and representation for which we may process sensitive personal data.
Necessary for complying with our legal obligations.
- Perform KYC checks, including maintaining records, compliance checks or screening and recording
- (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection).This may include automated checks of personal data provided directly by you, your counsel, your organisation or access through public register and contacting you to confirm your identity, or making records of our communications with you for compliance purposes.
- Prospective clients
Our legitimate interest, and
Necessary to comply with our legal obligations.
- To exercise or defend our legal rights, or to comply with court orders;
- To protect the security of our communications and other IT systems;
- To protect our premises by video surveillance;
- For insurance purposes;
- To prevent and detect security threats, frauds or other criminal or malicious activities.
- Prospective clients
Our legitimate interest in the context of client relationship, or
Your consent (you have expressly given us your consent to process your personal data in that manner)
- To communicate with you, to keep you up-to-date on the latest developments, announcements, and other information about our services (briefings, newsletters and other information);
- To inform you in relation to our events and other initiatives;
- To optimize our marketing campaigns;
- To offer you appropriate services in relation with your particular business.
- Prospective clients
The performance of pre-contractual measures, and
Our legitimate interest to make users experiences more efficient and improve our services.
- To improve website user experiences;
- To comply with any request you may make in relation to your marketing preferences.* (also refer to section 6 Cookies)
What are cookies?
Cookies are small text files that are placed on your computer when visiting a website.
Cookies gather information about your operating system including, but not limited to, browser type and Internet Protocol (IP) address.
MOLITOR use two types of cookies:
- Cookies that are essential when you visit our website to benefit from all the functionality available on it.
- If you opt to block these cookies, you will not be able to access all of the content of our website.
- Cookies that are used to collect information about how visitors use our website. This information may then be used by MOLITOR to improve the site and to provide visitors with a better service.
- You can also block our cookies using your browser directly with the web browser.
7. How long do we keep your personal data for?
We will only retain your personal data in accordance with applicable laws, regulations and guidelines provided by Supervisory Authorities and as long as necessary to fulfil the purposes for which we collected it.
MOLITOR will not retain your information for longer period than necessary, based on the following criteria:
- the nature and sensitivity of the data and the purpose of the processing;
- the time during which it is necessary in the event of a claim or litigation;
- the compliance with our legal, regulatory obligations, reporting requirements.
If you want more information about specific retention periods for your personal data, you may contact us at firstname.lastname@example.org
8. Who do we share your personal data with?
We may share your personal data with:
- Trusted third parties including certain service providers we have retained in connection with the legal services we provide, such as lawyers, consultants, mediators, experts and other legal specialists such as law firms for obtaining specialist or foreign legal advice, translators, education evaluation services, couriers, bailiffs and foreign enforcement authorities, or other necessary entities;
- Courts, regulators, government officials, public administrations or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
- Our clients: if we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those legal services;
- Service providers who we engage, locally or abroad, e.g. IT service providers, recruitment firms or communication agencies, to process personal data for any of the purposes listed above on our behalf and only in accordance with our instructions.
9. Where do we transfer your personal data?
As a business law firm, MOLITOR may transfer certain personal data we collect to countries outside of the European Economic Area which do not provide the same level of data protection as Luxembourg and are not recognised by the European Commission as providing an adequate level of data protection.
We only transfer personal information to these countries with your prior authorization or if specific measures (such as European Commission approved standard contractual clauses) have been taken by us in order to ensure that the requirements of the applicable data protection law have been fulfilled, or if it is necessary for the establishment, exercise or defence of legal claims.
10. How do we protect your personal data?
MOLITOR, its staff and the lawyers working on its behalf have a strict obligation to confidentiality and are subject to professional secrecy under Luxembourg law and the rules of the Luxembourg Bar. The breach of our professional secrecy may lead to criminal sanctions.
MOLITOR do not disclose any client related information unless we are required by law and the professional rules of the Luxembourg Bar, or with your prior consent.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
These measures are based on the highest technical standards, taking into account all the risks of processing, and the need to protect the personal data. Furthermore, these technical and organisational measures for protecting personal data will regularly be adjusted to the technical developments and organisational changes.
11. Your rights
You have the following rights with respect to our use of your personal data:
Right of access
If you ask us, we’ll confirm whether we’re processing your personal data and, if necessary, provide you with a copy of that personal data. If you require additional copies, we may need to charge a reasonable fee. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.
Right to rectification
If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we’ve shared your personal data with others, we’ll let them know about the rectification where possible.
Right to object
You can ask us to stop processing your personal data, and we will do so, if we are:
- relying on our own or someone else’s legitimate interests to process your personal data, unless we can demonstrate compelling legal grounds for the processing; or
- processing your personal information for direct marketing purposes.
Right to withdraw consent
If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent at any time. To withdraw your consent please follow the opt-out links on any marketing message sent to you or send us an email at email@example.com
Right to erasure
You can ask us to delete or remove your personal data in some circumstances such as when the personal data is no longer necessary for the purposes for which it was collected, or when your personal data has been unlawfully processed or if you withdraw your consent (where applicable).
Right to restrict processing
You can ask us to restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal information or you object to us using it.
Right to data portability
You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
Any further questions or concerns?
You may, at any time, exercise any of the above rights, by sending us an email at firstname.lastname@example.org together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.
If you believe that your personal data may have been breached or we have not resolved your query, the GDPR also gives you a right to lodge a complaint with the supervisory authority:
The Luxembourg Supervisory Authority is:
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’Roll
Tél.: (+352) 26 10 60 -1