Information to be collected by Rubicon
In relation to its activity, Rubicon needs to collect and process certain information about you. The data collected depends on the context of your interactions with our company, the choices you make including the services which are provided to you.
When Rubicon requests personal data, such request may be declined, in such case we may not be able to, or deny to deliver the service.
Processed personal data
In relation with your situation we process the following data:
- personal identification data (name, gender, marital status, date of birth, nationality, address, telephone/fax numbers, identity card number, fiscal number);
- electronic identification data (email address, electronic signature);
- bank and financial identification data (bank account numbers, credit card numbers);
- financial transactions;
- data relating to the client’s financial situation (income, assets, credits, expenses);
- data relating to the activity of the person concerned (identity of representatives and other business contacts).
Data collection procedure
Personal data may be collected in various ways.
Unless required by the law and with the consent of the concerned person, no specific data such as personal information specifying criminal offences/convictions, medical or health conditions, biometric or genetic data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual shall be collected by us.
Use of your personal data
For processing to be lawful under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – the General Data Protection Regulation (“GDPR”) -, a lawful basis needs to be identified before processing personal data.
Rubicon uses or may use your personal data for the following purposes (or as otherwise described at the point of collection) in line with the lawful basis under the GDPR:
In relation with your situation, the purposes are:
– Providing services you have requested;
– Performance of a contract;
– Providing information, access to resources or other services that you have requested from us on behalf of your organisation;
– Dealing with communications sent to Rubicon and responding to queries, requests and complaints;
– Complying with legal obligations in respect to Anti Money Laundering (“AML”)/KYC/Market Abuse Regulation (“MAR”);
– Managing the infrastructure and business operations of Rubicon and complying with internal policies and procedures;
– Compliance with any applicable rules, laws and regulations, codes of practice or guidelines or assistance in law enforcement and investigations by relevant authorities;
– Treatment of client communications sent to Rubicon and responding to queries, requests and complaints.
Rubicon will not in any way sell, lease or rent your information to third parties.
Disclosure of your personal data
Rubicon discloses your personal data with the following recipients to the extent that such disclosure or transmission is deemed reasonably necessary or desirable for rendering any service you have requested or authorized:
– our lawyers, employees, service providers, agents, external consultants or other persons acting on our behalf;
– information technology service providers;
– accountants;
– advisers;
– auditors;
– fiduciary firms/domiciliation agents;
– administration and public authorities;
– banking institutions;
– notaries;
– correspondent law firms;
– tax advisors;
– law enforcement;
– government agencies;
– social security agency (Centre Commun de la Sécurité Sociale);
– courts;
– co-investors;
– your direct and indirect shareholders;
– your ultimate beneficial owners;
– administrative bodies;
– regulatory bodies;
– governmental bodies ;
– judicial bodies;
– notaries public;
– bailiffs;
– legal directories.
The above list is construed so as to include any authorised employees, agents or other persons acting on behalf of the mentioned entities or bodies.
Those recipients may be located in and outside the European Union. Your personal data will not be transferred to any country outside the European Union which does not ensure an adequate level of protection unless you gave us prior authorization to do so or specific measures (such as adequate contractual arrangements) have been taken by us in order to ensure that the requirements of the applicable data protection law have been fulfilled.
Rubicon policy is to maintain contracts with all third parties with whom personal information is disclosed/transferred. Service providers must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
Access to personal data
Rubicon wants to ensure that you can always exercise your rights. Rubicon will address any request within the limits of its technical and organizational means as soon as possible.
These include:
– Right to access your personal information: if you want to review the data we hold, collect and process about you, please let us know by contacting us;
– Right to rectification: should the data we hold, collect and process about you be inaccurate or incomplete, you have the right to update such data at any time by contacting us;
– Right to erasure: if at any time you decide you do not want us to retain any personal data we collected from you, you may request we delete your data by contacting us, unless required by the applicable laws;
– Right to restriction of processing: if you wish to exercise this right, please contact us , you may obtain the right to restriction of processing only if allowed by applicable laws;
– Right to object: if you wish to exercise this right, please contact us. Rubicon will consider your objection and we will comply with it unless there is a compelling legitimate ground as permitted by applicable law;
– Right to data portability: Your personal data may be transmitted directly from us to another controller only when you have asked us to do so and have consented to such sharing, and when technically feasible. If you wish to exercise this right, please contact us;
– Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (the “CNPD”), where you believe that your data is being processed in a way that does not comply with the GDPR.
How Rubicon protects your personal data
Rubicon commits to protecting the data you provide to us, in accordance to applicable laws. Appropriate organisational, physical and technical security measures (personnel, facilities, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, incident response, encryption of personal data) are being implemented to protect against unauthorised or accidental access, loss, alteration, disclosure or destruction of personal data.
Notification in case of a personal data breach
Any personal data breach by Rubicon, its processors, or any other third-parties acting on our behalf will be notified without undue delay, and where the data breach is likely to result in a high risk to the rights and freedoms of the concerned person.
Retention period of personal data
Rubicon will only retain your personal data:
– For as long as it is necessary for the purpose or purposes for which it was intended;
– For the purposes of performing or fulfilling a contractual obligation with you or the organization that you represent and, therefore, legitimate business purposes;
– For as long as required or permitted by law.
How to contact us
If you have any questions or concerns about our use of your information or regarding our Privacy Policy, you may contact us by sending an email to gdpr@rubicon-accounting.lu or by writing to us at:
Rubicon Law Firm SA
8A Boulevard de la Foire
L-1528 Luxembourg
Grand Duchy of Luxembourg
Changes to this policy
Rubicon reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and used practices, and to ensure it is accurate, complete and up-to- date. You are advised to check this data protection policy from time to time.