WELCOME TO THE NEW AGE OF ACCOUNTING
Social media

© 2026 Fisogest S.A. | Privacy Notice (FR|DE) | Conditions générales de vente | General Terms & Conditions | Allgemeinen Geschäftsbedingungen

© 2026 MGI GROUPE FIDUCIAIRE Luxembourg S.à r.l. | Privacy Notice (FR|DE) | Conditions générales de vente | General Terms & Conditions | Allgemeinen Geschäftsbedingungen

MGI Worldwide is a leading international network of separate and independent accounting, legal and consulting firms that are licensed to use “MGI” or “member of MGI Worldwide” in connection with the provision of professional services to their clients. MGI Worldwide is the brand name referring to a group of members of MGI-CPAAI, a company limited by guarantee and registered in the Isle of Man with registration number 013238V, who choose to associate as a network as defined in IFAC (IESBA) and EU rules. MGI Worldwide itself is a non-practising entity and does not provide professional services to clients. Services are provided by the member firms of MGI Worldwide. MGI Worldwide and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions.

PRIVACY AND PERSONAL DATA PROTECTION CHARTER
OF THE “MGI FISOGEST” GROUP

The “Privacy Charter”

This Privacy Charter is in force as of 09 February 2026 (latest amendments).

 

Our “MGI FISOGEST” Group is composed of the following companies:

    • MGI GROUPE FIDUCIAIRE Luxembourg S.à r.l. (RCS Luxembourg B124916), registered with the Luxembourg Order of Chartered Accountants;
    • FISOGEST S.A. (RCS Luxembourg B44696); and
    • mgi Valid S.à r.l. (RCS Luxembourg B20114)

 

Hereinafter referred to as “We”.

Concerned with ensuring transparent and ethical use, We have implemented a framework common to all companies within our Group, aimed at ensuring adequate security and confidentiality with respect to data (hereinafter referred to as “Personal Data”) that may directly or indirectly identify You. We have therefore drawn up this Privacy Charter, which sets out how We may collect, use, share, protect and retain Your Personal Data (hereinafter referred to as “You”), whether provided by You, obtained about You, or collected when You visit our website.

This Privacy Charter forms part of the contractual framework defined by the engagement letter and the General Terms and Conditions of the MGI FISOGEST Group, which are made available to Clients and data subjects on our website and may be freely consulted there.

We undertake to comply with the laws and regulations governing the processing of Your Personal Data, including, without limitation, the Luxembourg law of 1 August 2018 on the organisation of the National Commission for Data Protection and the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), amending the Labour Code and the amended law of 25 March 2015 governing data processing regimes and the terms and conditions of advancement of State civil servants, any other applicable Luxembourg law or regulation governing the processing of Personal Data, as well as any obligations imposed by the Luxembourg Order of Chartered Accountants, where applicable.

To familiarise You with our Privacy Charter, We invite You to read the information below.

1. DATA CONTROLLER AND JOINT DATA CONTROLLERS OF YOUR PERSONAL DATA

For our “MGI FISOGEST” Group:

MGI GROUPE FIDUCIAIRE Luxembourg S.à r.l. is designated as the Data Controller. For this purpose, it determines the purposes and means of processing Your Personal Data.

FISOGEST S.A. and mgi Valid S.à r.l. are designated as Joint Data Controllers. For this purpose, they jointly determine the purposes and means of processing Your Personal Data.

For any questions relating to the processing of Your Personal Data and the exercise of Your rights, You may contact Us as follows:

    • By post: MGI FISOGEST, Personal Data Processing, 681 rue de Neudorf, L-2220 Luxembourg, the Grand Duchy of Luxembourg;
    • By email: datacontroller@mgifisogest.lu ;
    • By telephone: +352 26 44 18 66.

2. CONTEXT OF THE PROCESSING OF YOUR PERSONAL DATA

We may collect Your Personal Data in various ways, including, without limitation, when You visit our website, register thereon, complete one of our forms, sign an engagement letter (including by email) in connection with one of the services We provide (accounting, tax, payroll, corporate services, advisory, etc.), apply for one of our job offers, or use the “FisoConnect” platform.

To provide these services, We must collect and process certain Personal Data, depending on the context of Your interaction with Us, the choices You make and the services provided to You.

When You are asked to provide Personal Data, You may choose to do so or refuse (except where legal or regulatory obligations apply or where required by specific professional obligations, particularly those imposed by the Luxembourg Order of Chartered Accountants (the “O.E.C.”)). However, if You choose not to provide the Personal Data required, We may not be able to provide the relevant services.

As a Prospect, Client or Candidate, You therefore authorise Us to process your Personal Data, as defined above, on your behalf and solely in accordance with your instructions, insofar as necessary to provide the best possible services (except where legal or regulatory obligations apply or where professional requirements imposed by the OEC apply).

The processing of Personal Data is carried out within the framework of the contractual relationship formalised by the engagement letter and the General Terms and Conditions in force, which are available and may be consulted on the MGI FISOGEST Group website.

3. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED – PURPOSES

Depending on the services that We are required to provide, and where strictly necessary, We may collect and process the categories of Personal Data listed below, without limitation:

    • Identification data: in particular first name, last name, alias, email address, postal address, telephone/fax number and other similar contact details, date and place of birth, gender, country and preferred language(s);
    • Administrative data: in particular identity documents, date of birth, registration number, gender, language, etc.;
    • Electronic identification data: use of “Cookies” to collect Personal Data, in particular information relating to how You use our website (e.g. duration, clicks, IP address, etc.);
    • Professional data: in particular job function, job title, department, name of the organisation, its size and location, and whether You act on Your own behalf or on behalf of a client;
    • Financial data: in particular tax data and banking information (IBAN/BIC), where necessary to make a payment or to comply with legal, regulatory, contractual obligations or related purposes;
    • Contractual data: in particular any information that You provide which enables Us to perform our contractual obligations.

In addition to the categories of data listed above, We guarantee that, except to the limited extent necessary in particular for the performance of a contract or an engagement letter, to comply with our legal or regulatory obligations or those related to the O.E.C., or in the context of a job application, We do not request or collect special categories of Personal Data, namely personal data revealing criminal offences or convictions, medical or health conditions, biometric or genetic data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data relating to a person’s sex life.

We use and process Your Personal Data solely for the purposes described in this Privacy Charter, and in particular:

    • For the purposes of verifying Your identity;
    • Where processing is necessary to comply with a legal or regulatory obligation or obligations related to the O.E.C., applicable codes of conduct or directives, or to assist law enforcement and investigations by competent authorities, in particular in the context of anti-money laundering and counter-terrorist financing (“AML/CFT”) and “KYC/KYT” requirements;
    • To provide You with the requested services;
    • Where processing is necessary for the performance of a contract or engagement letter to which You are a party, or in order to take steps at Your request prior to entering into a contract or engagement letter;
    • To provide information, access to resources or other requested services;
    • To send You communications, invitations or our newsletter;
    • Where processing is necessary for the purposes of the legitimate interests pursued by Us in our capacity as Data Controller (or by a third party where required, such as a bank, a notary, a lawyer, etc.);
    • To process communications sent by You and to respond to Your questions, requests and/or complaints;
    • To manage our infrastructure and to comply with internal policies and procedures, in particular in order to meet a legal or regulatory obligation or obligations related to the O.E.C.

We may contact You by post, telephone, fax, videoconference, email or any other electronic messaging service or modern means of communication to inform You of special events, new features, in particular relating to the “FisoConnect” application, new online functionalities or other information that may be of interest to You.

Furthermore, where required by applicable legislation or regulation, Your prior consent will be requested before sending any direct communications, and You may object to or refuse to receive messages and/or other communications from Us.

Finally, in the context of the processing of Personal Data for the performance of the requested services, our engagement letter shall in particular specify the following elements:

    • The subject matter and duration of the processing;
    • The nature and purpose of the processing;
    • The type of Personal Data;
    • The categories of data subjects; and
    • Our / Your obligations.

4. HUMAN RESOURCES AND RECRUITMENT

When You apply online with Us via our website (or via the website of one of our service providers) for a job or internship position, You are required to submit Personal Data so that Your application may be taken into consideration.

Your Personal Data include, among others, Your name, address, telephone number, email address, professional experience, education, professional skills and other information contained in Your curriculum vitae (CV) and/or cover letter (see Section 3. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED – PURPOSES PURSUED).

We use Your Personal Data solely to review Your application, to communicate with You and to generate related correspondence, including offer letters and employment or internship contracts.

Your Personal Data may also be used, subject to applicable laws and regulations, to carry out background checks necessary for compliance purposes and for other employment-related purposes (including the assessment of Your profile with a view to the potential conclusion of an employment contract, insofar as permitted by applicable laws and regulations).

We retain Your Personal Data only for the period necessary to process Your job application and to address any issues that may arise in connection with the processing of Your application.

By submitting Your Personal Data via our website (or, where applicable, via that of one of our service providers), You consent to the collection, storage and use of such data by Us throughout the recruitment process.

We will only disclose or transfer Your Personal Data to companies within the MGI FISOGEST Group. Such data shall be processed in accordance with this Privacy Charter, our General Terms and Conditions and the specific professional requirements, in particular those imposed by the O.E.C.; such information being regularly updated and available on our website.

5. SHARING – TRANSFER – DISCLOSURE OF PERSONAL DATA – OUR OBLIGATIONS

We only share Personal Data with third parties where strictly necessary to enable them to provide ancillary services required to deliver the requested services.

We enter into appropriate agreements with all third parties to whom Personal Data is disclosed or transferred, except for public authorities, judicial authorities, ministerial officers or law firms subject to their own professional confidentiality obligations.

Such third parties must comply with our confidentiality and security requirements and may not use Personal Data for purposes other than providing the required services.

We may access, transfer, disclose or retain Personal Data solely to comply with applicable law or regulation, court orders or legal proceedings, national security requirements, or to protect our rights, security, clients or employees.

We do not transfer Personal Data outside the European Union except:

    • Under an appropriate written agreement containing the required legal safeguards;
    • To countries recognised by the European Commission as providing an adequate level of protection; or
    • To other authorised recipients.

We do not sell or rent Personal Data to third parties.

Personal Data are processed, shared and, where applicable, transferred in accordance with this Privacy Charter and the General Terms and Conditions in force, strictly within the limits necessary for the performance of the entrusted engagements.

6. ACCESS TO YOUR PERSONAL DATA – EXERCISE OF YOUR RIGHTS

We ensure that You may exercise Your rights at any time and We will respond to any request within the limits of our technical and organisational capabilities (see Section 1 – Data Controller and Joint Data Controllers).

Your rights include the following:

    • Right to information: We obtain Your prior consent, using clear and plain language, at the time Personal Data are collected (or, where the data have not been collected directly from the data subject, within a reasonable period);
    • Right to challenge a decision based on automated processing: Where decisions are taken based on automated processing, We will give You the opportunity to express Your point of view and, where applicable, to contest such decision within a reasonable timeframe. We may also provide You with information regarding the underlying logic of such decision-making (e.g. AML/CFT, KYC, annual audit, etc.);
    • Right of access: You have the right to access Your Personal Data processed or stored by our Group. Requests must be submitted in writing as described above;
    • Right to rectification: Where Personal Data held, collected and processed are inaccurate, incomplete or outdated, You have the right to request their correction or update at any time by contacting Us, within a reasonable timeframe;
    • Extended right to erasure – Right to be forgotten: At any time, You may decide that We no longer retain Your Personal Data. In such case, You may request their deletion by contacting Us as described above. We will take all reasonable and necessary measures to comply with Your request, in accordance with applicable laws and regulations;
    • Right to restriction of processing: You may exercise this right in accordance with the modalities described above, provided such restriction is permitted under applicable laws and regulations. Where processing is restricted, Your Personal Data shall no longer be subject to processing. Restriction may be implemented through various measures (temporary transfer to another file, data locking, temporary removal from a website, etc.);
    • Right to object: You may exercise this right at any time in accordance with the modalities described above. We will review Your request and respond within a reasonable timeframe, unless We can demonstrate compelling legitimate grounds, in accordance with applicable laws and regulations;
    • Right to data portability: You have the right to request that Your Personal Data be transmitted directly by Us to another Data Controller, provided that You have expressly requested such transfer, consented thereto, and where technically feasible. We will respond within a reasonable timeframe and provide the data in a structured, commonly used and machine-readable format (e.g. Excel file);
    • Right to image and events: During events, meetings, workshops, training sessions or other activities organised by Us, photographers and/or videographers may be present to take non-targeted photographs and/or videos reflecting the “general atmosphere”, with the knowledge of all participants and attendees.
    • However, it is possible that such photographers or videographers may propose to take targeted photographs and/or videos in which You are the main subject, whether appearing alone, being placed in the foreground, posing, or being interviewed. Where You do not object to being photographed and/or recorded in such manner, this shall constitute Your presumed consent to the capture and publication of such images in all internal media of FISOGEST, on its website or on any other media, including social networks such as LinkedIn, Facebook, Instagram, Twitter (X), etc.;
    • Right to lodge a complaint with the Luxembourg supervisory authority: Where You consider that Your Personal Data are processed in a manner that does not comply with the GDPR, You have the right to lodge a complaint with the Luxembourg supervisory authority, namely the National Commission for Data Protection (Commission Nationale pour la Protection des Données – “CNPD”):

CNPD
15, boulevard du Jazz
L-4370 Belvaux
Grand Duchy of Luxembourg
https://cnpd.public.lu

 

Please note that the rights described above are not absolute, and there may be situations in which, for technical, legal or regulatory reasons, We are unable to comply with Your request.

The exercise of the data subject’s rights shall be without prejudice to the legal, regulatory and professional obligations applicable to MGI FISOGEST, in particular as provided for under the General Terms and Conditions and the engagement letter.

7. PERSONAL DATA RELATING TO OTHER PERSONS – YOUR OBLIGATIONS

Where Personal Data relate to persons other than You, such as legal representatives of a legal entity, members of its staff and/or respective agents, beneficial owners, shareholders/partners, etc., You must first inform them thereof and ensure that they acknowledge that We may use such information as described in this Privacy Charter. In particular, You must provide them with the information relating to their rights as “data subjects”.

We assume that such third parties are informed of the processing of their Personal Data and that You are duly authorised to transmit and disclose such data to Us and that, to the extent required, such “data subjects” have given You their prior consent.

8.SECURITY OF YOUR PERSONAL DATA

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data, as well as the risks, whose likelihood and severity vary, to the rights and freedoms of natural persons, We undertake, throughout the entire retention period (see Section 9. RETENTION PERIOD OF YOUR PERSONAL DATA), to protect all Personal Data transmitted and/or collected and to ensure their confidentiality and security so as to prevent damage, erasure or access by unauthorised third parties.

We also pay particular attention to ethics and confidentiality in the context of remote working; our employees are contractually bound in this respect.

We maintain appropriate organisational, physical and technical security measures (including with regard to personnel, premises, equipment and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, incident response, and the encryption of Your Personal Data) to protect against unauthorised or accidental access, loss, alteration, disclosure or destruction of Your Personal Data.

We will notify You of any breach of Your Personal Data, including any breach identified at the level of our potential processors or any other third party acting on our behalf, under the conditions provided for in this Privacy Charter, without undue delay and only where such breach is likely to result in a high risk to Your rights and freedoms.

9. RETENTION PERIOD OF YOUR PERSONAL DATA

We retain Your Personal Data only:

    • In a form permitting Your identification for a period not exceeding that which is necessary for each purpose for which the data were collected, without prejudice to automatic IT backups and legal and regulatory internal archiving obligations;
    • For as long as they are necessary for the purpose or purposes for which they were intended;
    • For the performance of or compliance with a contractual obligation with You or with the organisation that You represent or assist and, consequently, for legitimate business purposes;
    • For as long as required or permitted by law or regulation; and,
    • In accordance with our internal Records Retention Policy (Electronic).

We undertake to delete, restrict access to, or anonymise Your Personal Data upon expiry of the retention periods described above, extended by a few days or weeks where necessary to ensure effective deletion or anonymisation.

Certain Personal Data may be retained after termination of the contractual relationship in order to comply with applicable legal, regulatory, accounting, tax or professional obligations, in accordance with the General Terms and Conditions in force.

Upon completion of the engagement and subject to applicable legal and regulatory obligations, MGI FISOGEST assumes no obligation to communicate, update or respond to requests relating to Personal Data.

10. DECLARATION

This Privacy Charter has been specifically and exclusively designed and implemented for the MGI FISOGEST Group; it is its exclusive property and may therefore not be used or duplicated for any purpose other than that of our Group.

11. AMENDMENTS TO THIS PRIVACY CHARTER

We reserve the right to amend this Privacy Charter from time to time in order to reflect changes in applicable laws and/or regulations, internal practices or specific professional requirements, in particular those imposed by the O.E.C., relating to the collection and use of Your Personal Data, and to ensure that it remains accurate, complete and up to date.

The date of the most recent update will appear on this page. We therefore invite You to consult it regularly.

12. ENTRY INTO FORCE OF THIS PRIVACY CHARTER

This Privacy Charter first entered into force on 01 July 2022.

The latest amendments were made on 09 February 2026.