Privacy policy

This privacy notice describes how Vescalis S.à r.l - as data controller - processes personal data relating to any individual it has a relationship with, may need to contact, or whose data must be collected, handled and stored in order to comply with all applicable data protection laws.

The aim of this notice is to inform Vescalis S.à r.l’s Data Subjects about:

  1. Who are we and how you can contact our GDPR reference person?
  2. What kinds of personal information about you do we process?
  3. What are the purposes and legal grounds for our processing of your personal information?
  4. Who we share your personal information with?
  5. For how long is your personal information retained by us?
  6. What are your rights under data protection laws?
  7. How do we protect your personal information?

1. Who are we and how you can contact our GDPR reference person?

1.1. Definitions

we” and “us” means Vescalis S.à r.l ; and its shareholder.

Data Subject” and “you” mean any identified or identifiable individual that is a representative or and employee of our prospective, present and past clients, delegated, service providers or contractors

Personal Data” or “Personal Information" means any information about a Data Subject from which or through which you could be identified and/or identifiable.

GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

1.2. Privacy

Vescalis S.à r.l processes your Personal Data fairly and in accordance with applicable laws.

In particular, Vescalis S.à r.l:

  • Tells you (either directly or in our policies) about how we will use your personal information:
  • Processes your personal data when there is a legal basis that justifies the limitation of your privacy rights;
  • Ensures that personal data is processed in an adequate, relevant and not excessive way and only for the purposes for which it was originally collected;
  • Does not keep your Personal Data for longer than necessary;
  • Keeps your Personal Data secure, and limit the people who can access it on a "need to-know" basis:
  • Ensures that you know how to access your Personal Data and exercise your rights in relation to it, including being able to keep it accurate and up to date; and
  • Ensures that any third parties we share your personal information with take appropriate steps to protect it.

For any Personal Data related query or in order to exercise your rights as Data Subject please contact: info@vescalis.com

2. What kinds of personal information about you do we process?

We may collect the following Personal Data our clients, delegated, service providers or contractors or their representatives and employees:

  • Name,
  • title,
  • place of employment,
  • Contact information including address, email address, telephone number, Passports, identity documents

3. What are the purposes and legal grounds for our processing of your personal information?

We use your personal information on the following legal bases:

  • To perform the obligations set out in our agreements;
  • To enter into a contractual relationship either with our contractors or clients;
  • To comply with Vescalis S.à r.l applicable legal and regulatory obligations;
  • Where necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom your personal data is provided.
  • We may also rely on consent if the collecting and processing of Personal Data is not covered by any of the aforementioned legal bases.

4. Who we share your personal information with?

We may disclose your Personal Data where appropriate to:

  • Employees of Vescalis S.à r.l;
  • Current suppliers of goods or services of Vescalis S.à r.l;
  • Current, past and potential recipients, customers, clients for the goods or services of Vescalis S.á r.l.

Such disclosure will only be performed on a need to know basis.

Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

For the purposes set out above, Vescalis S.à r.l may transfer your Personal Data to employees, suppliers, clients and any other kind of recipients located in a different jurisdiction than Luxembourg.

These locations may include places within the European Economic Area (EEA) or outside the EEA.

The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.

Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses on how to process your Personal Data.

5. For how long is your personal information retained by us?

We will keep your Personal Data no longer than for the purpose(s) your data has been collected for, mainly:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations;
  • For as long as you are under contractual relationship with us;

We may however hold your Personal Data based for longer periods pursuant to the following criteria:

  • For as long as someone could bring a claim against us in relation to you; and/or (this may vary on the type of claim and the length of the procedure.)
  • For as long as required by legal or regulatory requirements (e.g. 10 years as provide for by the commercial Code)

6. What are your rights under data protection laws?

As an individual, you have certain rights under data protection law. Some of the rights are complex and only apply in specific circumstances. You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

We - in accordance with GDPR - recognise a list of rights that all individuals have under data protection regulation and laws. They do not apply in all circumstances and you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

These rights are as follows:

  • The right of access
  • The right to have your Personal Data corrected if it is inaccurate and to have incomplete Personal Data completed
  • The right to object to processing of your Personal Data
  • The right to restrict processing of your Personal Data
  • The right to have your Personal Data erased (the “right to be forgotten")
  • The right to request access to your personal information and to obtain information about how we process it
  • The right to move, copy or transfer your Personal Data (“data portability")
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
  • The right to withdraw your consent
  • You have the right to lodge a complaint to the CNPD which enforces data protection laws: https://cnpd.public.lu/

7. How do we protect your personal information?

We have security arrangements in place to guard against unauthorised access, improper use. alteration, destruction or accidental loss of your personal information. You are required to help with this by ensuring that your own Personal Data and that of your colleagues and third parties are kept secure. You should not share your (or anybody else's) Personal Data unless there is a genuine business reason for doing so.

We take appropriate organisational and technical security measures.

When we use third party organisations to process information on our behalf, we ask them to demonstrate their compliance with GDPR, our security requirements, and any instructions we may give them.

8. What automated decision-taking do we carry out?

We do not use any automated decision-making in providing services to you. If we decide to use automated decision-making in future, we will inform you that we engage in this type of activity, provide further information about what is involved and explain the significance and envisaged consequences of the processing for you. Unless it is not required for by law or to perform a contract or enter into it, we will seek your consent for this.