Privacy Policy

This privacy policy provides information about the processing of personal data by Tax4Expats Luxembourg Sarl-S with its registered seat in 33 - 39 rue du Puits Romain, L-8070 Bertrange (“Tax4Expats Luxembourg”, “we”, “us” or “our”).


Tax4Expats Luxembourg is committed to protecting your personal data. Our Privacy Policy contains important information about what personal details we collect, what we do with that information, who we may share it with and why, and your choices and rights when it comes to the storage of the personal information.

 

WHAT IS CONSIDERED PERSONAL DATA?

Personal data is any information that can be used to find out your identity. This includes such information as your name, address, e-mail address or telephone number and any other personal data you may have provided to us.


HOW DO WE COLLECT PERSONAL DATA?

We may process your data because


  • you give it to us, for example when contacting us by email, phone, completing our online contact form or when establishing a business relationship/ performing professional services through a contract
  • other parties give it to us, for example your employer or advisor or third-party service providers that we use to help to operate our business.
  • it is publicly available, for example information obtained from public registers, news articles, sanction lists and internet searches


WHAT INFORMATION DO WE KEEP AND FOR WHAT PURPOSE?

We may collect, record and use your personal data in physical and electronic form, and will hold, use and process that data as set out in this Privacy Statement and in accordance with the EU General Data Protection Regulation 2016/679 together with all other applicable legislation relating to privacy or data protection.


The personal data we collect may include your:


  • Contact details including name, company name, job title, telephone numbers, Email and postal address

  • Information required for the appropriate execution of the mandate/ contract/ business relationship, such as family and beneficiary details including names and date of birth, financial information including taxes, payroll, investments, pensions, assets and bank details.

    In case we do need to process sensitive personal data (eg. personal identification documents which may reveal race or ethnic origin and possibly biometric data of private individuals, beneficial owners or corporate entities or information provided by our clients in the course of a professional engagement) it is with the consent of you/ the client/ individual.


We process personal data for the purpose of


  • Execution and processing of the contract/ mandate relationship, including correspondence
  • Fulfillment of our contractual and legal obligations as tax advisor, and
  • Processing within the scope of mutual claims arising from the tax consulting contract (eg. invoicing, claims for performance, remuneration and liability etc.)

 

LEGAL BASIS FORT DATA COLLECTION

The legal basis for our data collection and processing are


  • Contract  (Art. 6 para. 1 subpara 1 letter b GDPR) - We may process personal data in order to perform our contractual obligations
  • Legal obligations and public interest (Art. 6 para 1 subpara 1 letter c GDPR) – We may process personal data in order to meet our regulatory and public interest obligations or mandates as tax consultants
  • Legitimate interest (Art. 6 (1) subparagraph 1 letter f GDPR) – insofar the data processing is necessary for the protection of legitimate interests of us or a third party; in particular, the ongoing business relationship with our clients is in our legitimate interest
  • Consent (Art. 6 (1) subparagraph 1 letter a GDPR), insofar as you have freely given us your consent to process the personal data relating to you for specific purposes.

 

TRANSFER OF PERSONAL DATA

Personal data is only transferred to third parties on your behalf and with your consent. We disclose personal data within the scope of the client relationship to the following third parties:


  • Parties that support us to facilitate our service, to provide a service on our behalf or to perform service related services to you
  • Parties that support us as we provide our services, including providers of telecommunication systems, IT system support, achiving services, document production services and cloud-based software services
  • Our professional advisors including laywers, auditors and insurers
  • Payment service providers
  • Marketing services providers
  • Professional associstions
  • Law enforcement or other government and regulatory agencies such as tax office, social security administration, courts or other public authorities or other state bodies.


These third parties who receive data as data processing contractors are also subject to data protection regulations and contractual confidentiality obligations.


You data will otherwise not be made available to third parties. We never sell your data to third parties.



DATA TRANSFER TO THIRD COUNTRIES (outside of the EEA)

Data transfer to third countries (countries outside the European Economic Area - EEA) only takes place if this is necessary for the execution of the engagement (e.g. payment orders) or if you have given us your consent or if this is otherwise permitted by law. In this case, we take measures to ensure the protection of your data, for example through contractual regulations. We only transfer to recipients who ensure the protection of your data in accordance with the provisions of the DSGVO for transfers to third countries (Art. 44 to 49 GDPR).


PROTECTING YOUR PERSONAL DATA

We have put appropriate technical and organizational security policies and procedures in place to protect personal data from loss, misuse, alteration or destruction. We use a range of measures to ensure we keep your personal data secure, accurate and up to date. These include


  • Education and training to relevant staff
  • Administrative and technical controls to restrict access to personal
  • Technological security measure, including fire walls, encryption and anti-virus software


The transmission of data over the internet (including by e-mail) is never completely secure. So although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us.


STORAGE OF YOUR PERSONAL DATA

Personal data is stored by us for the duration of the retention periods that are required by law.  As a rule, this is 5 years plus a grace period of a further 2 years to cover cases of possible expiry suspension. After 7 years, we check whether there are reasons for further storage and dispose of the personal data in a secure manner if no longer needed.


According to the Luxembourg Law we are required to keep financial records for ten years, showing any payments the contracting party (you or your organisation) made to us. This information is kept separate from your personal data. We will never use these details to contact the contracting party in regards to anything except your payments.


YOUR RIGHTS 

You have the following rights as “data subject” whose data we process


  • Right to information according to Art. 15 GDPR
  • Right to correction according to Art. 16 GDPR
  • Right to erasure ("being forgotten") according to Art. 17 GDPR
  • Right to restriction of processing according to Art. 18 GDPR
  • Right to transfer your data in a structured, common and machine-readable format according to Art. 20 GDPR
  • Right to revoke consent - Insofar as we process your personal data for certain purposes on the basis of your consent, you have the right to revoke your consent at any time in accordance with Art. 7 (3) GDPR. Upon receipt of your revocation, we will stop processing data for the purposes for which you gave us your consent. The lawfulness of the processing prior to receipt of your revocation remains unaffected. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case
  • Right to object - If we process your personal data to protect legitimate interests within the meaning of Article 6(1), first subparagraph, point (f) GDPR, you have the right under Article 21(1) GDPR to object to this processing on grounds relating to your particular situation. According to Art. 21 (2) GDPR, you may object to processing for direct marketing purposes at any time without giving reasons. To exercise your right to object, it is sufficient to send us a data request stating which data processing you object to. 


WHO CAN YOU CONTACT FOR QUESTIONS OR COMPLAINS?

If you have questions or comments about this Privacy Policy or how we handle personal data, please contact us.


You also have the right to make a complaint to the supervisory authority, the National Centre for Data Protection at: https://cnpd.public.lu/.

 

 

Share by: