PRIVACY AND PERSONAL DATA PROTECTION POLICY
OF “MGI FISOGEST” GROUP
Version in force as of 1st July 2022
Our Group ” MGI FISOGEST ” is composed of the following companies:
- MGI GROUPE FIDUCIAIRE Luxembourg S.à r.l. (RCS Luxembourg B124916) registered with “Ordre des Experts Comptables of the Grand-Duchy of Luxembourg” (hereinafter, the “O.E.C.”) ;
- FISOGEST S.A. (RCS Luxembourg B44696) ; and,
- mgi Valid S.à.r.l. (RCS Luxembourg B20114).
We undertake to comply with the laws and regulations governing the processing of your Personal Data, including, but not limited to, the Luxembourgish law of 1 August 2018 organising the National Commission for Data Protection and implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), amending the Labour Code and the amended law of 25 March 2015 establishing the processing regime and the conditions and procedures for the promotion of State employees, any other applicable Luxembourg law or regulation governing the processing of Personal Data as well as the obligations set out by the the O.E.C. when applicable.
1. CONTROLLER AND JOINT CONTROLLERS OF YOUR PERSONAL DATA
For our Group ” MGI FISOGEST “:
- MGI GROUPE FIDUCIAIRE Luxembourg S.à r.l. is designated as « Data Controller ». For these purposes, it determines the purposes and means of processing your Personal Data ;
- The companies FISOGEST S.A. and mgi Valid S.à.r.l. are designated as “Joint Data Controllers”. For these purposes, they jointly determine the purposes and means of processing your Personal Data
For all questions relating to the processing of your Personal Data and the exercise of your rights, You may contact Us as follows:
- By post to : MGI FISOGEST GROUP, Personal Data Processing, 681 rue de Neudorf, L-2220, Luxembourg, the Grand Duchy of Luxembourg ;
- By email to: firstname.lastname@example.org ;
- By telephone at: + 352 26 44 18 66.
2. CONTEXT OF THE PROCESSING OF YOUR PERSONAL DATA
We collect your Personal Data in various ways, including, but not limited to, when You visit our website, register with us, fill in one of our forms, sign an engagement letter (including by e-mail) in relation to one of the services we offer (accounting, tax, payroll, business services, consulting, etc.) or when You apply for one of our job offers or when You use the “FisoConnect” platform.
In order to perform these services, We need to collect and process some of your Personal Data depending on the context of Your interaction with Us, the choices You make and the services You are provided.
When You are asked to provide Personal Data, You may choose or refuse (except for applicable legal and regulatory obligations or specific requirements of the profession, in particular those imposed by the O.E.C. However, if You choose not to provide the Personal Data necessary for the performance of the services, We may not be able to provide such services.
As a Prospect, Client or Candidate, You therefore authorise Us to process on your behalf your Personal Data as defined above and necessary to provide You with the best services and only on the basis of your instructions (except for applicable legal and regulatory obligations or specific requirements of the profession, notably those imposed by the O.E.C.
3. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED – PURPOSES
Depending on the services that We are required to provide, and when strictly necessary, We may collect and process the following categories of Personal Data, without being limited to them
- Identification Data: including first name, last name, alias, e-mail address, postal address, telephone/fax number and other similar contact data, date and place of birth, gender, country and preferred language(s) ;
- Administrative data including identity documents, date of birth, personnel number, gender, language, …) ;
- Electronic identification data: use of “Cookies” to collect Personal Data and in particular on the way You use our website (e.g.: duration, clicks, your IP address, …) ;
- Professional Data: including function, job title, department, organisation name, size and location, and whether or not You are acting on Your own behalf and/or on behalf of a client ;
- Financial Data: including tax data, bank account information (IBAN/BIC), if required to make a payment or fulfil legal, regulatory, contractual or related obligations ;
- Contractual Data: including any information You provide that enables Us to perform our contractual obligations.
In addition to the above categories of data, We warrant that, except to the limited extent that it may be necessary, in particular in the context of the performance of a contract, an engagement letter, to comply with our legal and/or regulatory obligations or those imposed by the O.E.C. or as part of your job search, we do not request or collect special categories of Personal Data i.e. personal information specifying criminal offences/convictions, medical or health conditions, biometric or genetic data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual.
- For the purpose of verifying your identity ;
- For the purpose of complying with a legal, regulatory or O.E.C. obligation, codes of conduct or applicable guidelines or to assist law enforcement and investigations by the relevant authorities, in particular in relation to the fight against money laundering and the financing of terrorism (AML/FT) and KYC/KYT ;
- To provide You with the services requested ;
- The processing of which is necessary for the performance of a contract/engagement letter to which You are a party or in order to take action at Your request before entering into a contract/engagement letter ;
- To provide information, access to resources or other requested services ;
- To send You communications or invitations or our newsletter;
- Whose processing is necessary for the purposes of the legitimate interests pursued by Us as Data Controller (or by a third party if required such as a bank, solicitor, barrister, etc.) ;
- To process communications from You to us and to respond to Your questions, requests and/or complaints ;
- To manage our infrastructure and to comply with internal policies and procedures and in particular to comply with a legal, regulatory or O.E.C. obligation.
We may contact You by mail, telephone, fax, video conference, email or other electronic messaging service or other modern means of communication to inform You of special events, new features including the “FisoConnect” application or new online features or other information that may be of interest to You.
In addition, where required by applicable law or regulation, You will be asked for Your prior consent to receive direct communications and You may object or refuse to receive messages and/or other communications from us.
Finally, in the context of the processing of Personal Data for the performance of the services requested, our engagement letter will contain the following elements in particular:
- The purpose and duration of the processing;
- The nature and purpose of the processing;
- The type of Personal Data;
- The categories of data subjects; and,
- Our / Your obligations.
4. HUMAN RESOURCES AND RECRUITMENT
When You apply online to Us through our website (or that of one of our service providers) for a job or internship opportunity You will be required to submit Personal Information to Us in order for Your application to be considered.
Your Personal Information includes, among other things, your name, address, telephone number, e-mail address, experience, education, professional skills and other information contained in your curriculum vitae (CV) and/or cover letter (see point 3. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED – PURPOSE).
We use your Personal Data only to review your application to communicate with You and to generate related correspondence, including offer letters and employment or internship contracts.
Your Personal Data may also be used, subject to applicable laws and regulations, to conduct background checks for compliance and other employment-related purposes (including evaluating your profile for a potential employment contract, to the extent permitted by applicable laws and regulations).
We will only retain Your Personal Data for as long as is necessary to process your application for employment and any issues that may arise in relation to the processing of your application.
By submitting your Personal Data through our website (or through that of one of our service providers where applicable) you consent to the collection, storage and use of your Personal Data by us and throughout the recruitment process.
5. SHARING – TRANSFER – DISCLOSURE OF PERSONAL DATA – OUR OBLIGATIONS
We only share your Personal Data with third parties to the extent necessary to enable them to provide Us with ancillary and necessary services to provide You with the requested services.
It is our policy to establish appropriate contracts with all third parties to whom your Personal Information is/will be disclosed and/or transferred (except with state/judicial authorities, judicial officers, law firms, etc.) who are bound by confidentiality obligations specific to their professions and which limit access to, use of and disclosure of your Personal Information.
These third parties must comply with our confidentiality and security requirements and are not permitted to use the Personal Information they receive from us for any purpose other than to provide Us with the ancillary or complementary services necessary to provide You with the requested services.
We will only access, transfer, disclose and retain your Personal Data to comply with the law, applicable regulations or to respond to subpoenas, court orders or other valid legal process, for reasons of national security, to defend against legal claims, to protect our rights and safety, that of our customers, employees or others. This may involve sharing your Personal Information with law enforcement agencies, government agencies, courts, tribunals and other organizations.
We will only share your Personal Information in other ways and for new purposes if You have requested or consented to such sharing (except as required by law, regulation, or as otherwise described above).
We do not transfer your Personal Data outside the European Union other than:
- Under an appropriate written agreement signed in advance with You and which contains the legal requirements for such transfer. A copy of the applicable safeguards may be requested from Us in such cases (see point 1. PERSONAL DATA PROCESSOR).
- To countries that offer an adequate level of protection of Personal Data as decided by the European Commission (based on specific measures including standard clauses; or,
- To other recipients.
Finally, we do not sell or rent your Personal Data to third parties in any way.
6. ACCESS TO YOUR PERSONAL DATA – EXERCISING YOUR RIGHTS
We will ensure that You can exercise Your rights at any time and We will respond to any request within the limits of our technical and organizational means (see point 1. PERSON RESPONSIBLE FOR PROCESSING AND JOINT RESPONSIBILITY FOR PROCESSING YOUR PERSONAL DATA).
Your rights include the following:
- The right to information: We will obtain your prior consent in plain language at the time of collection of the Personal Data (or if not collected from the individual him/herself, within a reasonable time) ;
- The right to challenge a decision made on the basis of automated processes: If We make decisions on the basis of automated processes, We will give You the opportunity to express Your views and challenge, if appropriate, Our decision within a reasonable time. We may also inform you of the logic behind such a decision (e.g. AML/FT, KYC, annual audit, etc.) ;
- The right of access: You have a right of access to your Personal Data processed or stored by our Group. You must make your request in writing as described above ;
- Right to rectification: if the Personal Data held, collected and processed is inaccurate, incomplete or out of date, You have the right to update it at any time by contacting Us, within a reasonable time ;
- Extended right to erasure – Right to be forgotten: at any time, You may decide that we should not retain the Personal Data collected and processed about You. In such a case, You may request to have it deleted by contacting Us as described above. We will take reasonable and necessary steps to comply with your request and in accordance with applicable laws and regulations ;
- Right to limit processing: You may exercise this right in the manner described above and You will be able to obtain the right to restrict processing beforehand only if this is in accordance with applicable laws and regulations. In case of limitation, your Personal Data may no longer be processed. Limitation may be carried out in various ways (temporary transfer to another file, blocking of data, temporary removal from a website etc.) ;
- Right to object: You may exercise this right at any time in the manner described above. We will examine your request and respond to it, within a reasonable time, unless we have a compelling legitimate reason, in accordance with applicable laws and regulations ;
- Right to the portability of Personal Data: You have the right to have your Personal Data transmitted directly from us to another Controller only where You have previously requested and consented to such sharing, and where technically possible. You may exercise this right as described above. We shall respond to You within a reasonable time and in a structured, commonly used and readable format (e.g. an Excel table) ;
- Image rights and events, demonstrations, workshops, training courses or others that We may organise: one or more photographers may be present to take photos and/or videos that are not targeted and that reflect the “general atmosphere” in full view of all the participants and persons present. However, the photographer(s) may offer to take targeted photos and/or videos in which You are the main subject, either by appearing alone, or by being put in the foreground, or by posing or being interviewed. Insofar as You do not object to being photographed and/or recorded in this way, this will constitute Your deemed consent to the taking of the photograph and its publication in any of FISOGEST’s internal media, on its website or in any other media, including social networks such as LinkedIn, Fabebook, Instagram, Tweeter, etc.
- Right to lodge a complaint with the Luxembourg supervisory authority: where You believe that Your Personal Data is processed in a manner that is not in compliance with the GDPR, You have the right to lodge a complaint with the Luxembourg supervisory authority, namely with the “Commission Nationale pour la Protection des Données” (hereinafter, the “CNPD”):
15, boulevard du Jazz
The Grand Duchy of Luxembourg
You will note that the rights as described above are not always absolute and that there may be certain situations in which, technically, legally or by regulation, We may not be able to comply with your request.
7. CASE OF PERSONAL DATA RELATING TO PERSONS OTHER THAN YOU – YOUR OBLIGATIONS
We assume that these third parties are aware of the processing of their Personal Data and that You are duly authorized to transmit it to Us, to disclose it to Us and that, to the extent necessary, these “data subjects” have given You their prior consent.
8. SECURING YOUR PERSONAL DATA
Taking into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data as well as the risks, which vary in probability and severity, to the rights and freedoms of natural persons, we undertake, throughout the retention period (see Point 9. PERIOD OF RETENTION OF YOUR PERSONAL DATA), to protect all your Personal Data transmitted and/or collected and to ensure their confidentiality and security, to prevent their damage, deletion or access by unauthorized third parties.
We also pay particular attention to the ethics and confidentiality of working from home ; our employee(s) are contractually bound to do so.
We maintain appropriate organizational, physical and technical security measures (including personnel, facilities, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, incident response, encryption of your Personal Data to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of your Personal Data.
9. PERIOD OF RETENTION OF YOUR PERSONAL DATA
We will only keep your Personal Data :
- In a form that allows you to be identified for no longer than is necessary for each purpose for which it was collected, without prejudice to automatic computer back-ups and legal and regulatory obligations for internal archiving;
- For as long as it is necessary for the purpose or purposes for which it was intended;
- For the purpose of performing or fulfilling a contractual obligation with You or the organisation You represent or assist and therefore for legitimate business purposes ;
- As long as required or permitted by law or regulation ; and,
- In accordance with our internal (Electronic) Record Retention Policy.
We undertake to delete or cancel access to or anonymise your Personal Data upon expiry of the retention periods described above, plus a few days or weeks if necessary to ensure deletion or anonymisation.
The date of the most recent update will appear on this page. We therefore invite You to consult it regularly.