top of page

Issued by Martin & Condrotte


89 Route de Longwy,

8080 Bertrange, Luxembourg 

This Privacy Policy explains how Martin & Condrotte collects, uses, shares, and protects your personal data, in accordance with the General Data Protection Regulation (GDPR), the Luxembourg Law of 1 August 2018 on data protection, and all other applicable laws and regulations.

We acknowledge the importance of protecting your personal data and are committed to processing it with care, in full respect of individuals' rights and best practices in data protection.

 

I. Data Controller

Martin & Condrotte acts as the data controller for the personal data collected. For any questions regarding your personal data, please contact us:

  • Postal Address: 89 Route de Longwy, 8080 Bertrange, Luxembourg

  • Email: sec.martin@mc-avocats.lu

  • Phone: +352 460246 60  

  • Data Protection Officer (DPO): If applicable, our DPO can be contacted for any questions related to your rights or the compliance of our data processing practices.

 

II. Categories of Data Collected

The types of personal data we collect include:

  • Identification data: name, first name, date of birth, nationality, address, phone number, email address.

  • Financial data: bank details, billing information.

  • Professional data: position, employer, role.

  • Sensitive data: For example, health-related data (with explicit consent).

  • Technical data: IP addresses, cookies, and connection logs.

 

III. Purposes of Processing and Legal Bases

We use your personal data for the following purposes, based on the legal grounds detailed below:

 

Purpose
Legal Basis

  • Providing legal advice and contractual services.
    Performance of a contract (Article 6(1)(b) GDPR): necessary to fulfill our contractual obligations.

  • Managing payments, accounting, and invoicing.
    Performance of a contract (Article 6(1)(b)) and Legal obligation (Article 6(1)(c)): compliance with tax obligations.

  • Complying with legal obligations (e.g., anti-money laundering).
    Legal obligation (Article 6(1)(c)): in accordance with Luxembourg regulations (AML/FT).

  • Protecting our IT systems and preventing fraud.
    Legitimate interest (Article 6(1)(f)): ensuring the security of our services.

  • Sending marketing communications or event invitations (with consent).
    Consent (Article 6(1)(a)): only if you have given your prior explicit consent.

  • Responding to your inquiries or support requests.
    Legitimate interest (Article 6(1)(f)): enabling efficient communication with clients and partners.

  • Recruitment and processing job applications.
    Legitimate interest (Article 6(1)(f)) and Pre-contractual measures (Article 6(1)(b)): evaluating your qualifications and arranging interviews.

  • Pre-litigation and litigation activities, including defending our rights.
    Legitimate interest (Article 6(1)(f)): protecting our legal and contractual interests.

IV. Sharing of Data

Your personal data may be shared with:

  • Internal parties: employees of Martin & Condrotte.

  • External parties: IT providers, legal partner firms, accountants, or expert advisors, all subject to contractual confidentiality obligations.

  • Public authorities: CNPD, tax authorities, courts, or other regulatory bodies, where required by law.

For data transfers outside the European Economic Area (EEA), we ensure the use of appropriate safeguards (e.g., Standard Contractual Clauses).

 

V. Data Security

We implement strict technical and organizational measures to protect your data:

  • Restricted access to sensitive data.

  • Data encryption, access controls, and regular audits.

  • Frequent backups and testing of security systems.

 

VI. Your Rights

In accordance with the GDPR and Luxembourg law, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Correct any inaccurate or incomplete information.

  • Erasure: Request the deletion of your data, subject to certain legal conditions.

  • Restriction: Temporarily limit the processing of your data (e.g., while contesting its accuracy).

  • Data portability: Receive your data in a structured and commonly used format.

  • Objection: Object to certain types of processing, including for direct marketing purposes.

  • Withdrawal of consent: If processing is based on your consent, you can withdraw it at any time.

You have the right to file a complaint with the CNPD (www.cnpd.lu).

 

VII. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described above:

  • Contractual data: 10 years after the contract ends, in compliance with civil law and tax obligations.

  • KYC data: 5 years after the end of the business relationship, in compliance with AML/FT regulations.

  • Job application data: 6 months after the recruitment process (unless you provide explicit consent for longer retention).

  • Marketing data: Until you withdraw your consent or the maximum retention period defined in our internal policies.

Once the retention period expires, data will be securely deleted or anonymized.

 

VIII. Updates to This Policy

We reserve the right to modify this policy to reflect regulatory or technological changes. We will notify you of any significant updates through our usual communication channels (website, email, etc.).

 

IX. Anti-Money Laundering and Countering the Financing of Terrorism (AML/FT)

In compliance with Luxembourg laws and regulations regarding anti-money laundering and countering the financing of terrorism (AML/FT), Martin & Condrotte is required to collect and process specific personal data to perform due diligence on our clients and their representatives.

This data may include:

  • Identification documents (e.g., passports, national ID cards).

  • Proof of address (e.g., utility bills, residence certificates).

  • Information on the ultimate beneficial owner (UBO) of legal entities or arrangements.

  • Details of transactions or services that could be subject to enhanced monitoring.

The processing of such data is carried out in accordance with legal obligations under the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as amended, and in compliance with the requirements of the Commission de Surveillance du Secteur Financier (CSSF) and other competent authorities.

Martin & Condrotte ensures that this data is securely stored and processed only for the purposes of compliance with AML/FT obligations. Data collected under these regulations will be retained for a period of five years following the termination of the business relationship or the completion of the relevant transaction, as mandated by Luxembourg law.

Failure to provide the requested data may result in the inability to establish or continue a business relationship or provide services.

Luxembourg, 16/09/2024

bottom of page