Privacy Policy

PRIVACY POLICY of Schiltz & Schiltz S.A.
Last updated and effective as of 15 July 2024.

1. General

For Schiltz & Schiltz S.A. (a public limited company (société anonyme) incorporated under the laws of Luxembourg and registered with the Luxembourg Business Register (LBR) under number B 220251 and the Luxembourg Bar, whose registered office is at L-1610 Luxembourg, 24-26, avenue de la Gare,) as well as for its lawyers (hereinafter the “Company, we, us, our”), the protection of your privacy is a primary concern.
Through this Privacy Policy, we seek to inform any person, in particular our clients, whose personal data (i.e. any information relating to an identified or identifiable natural person; hereinafter “Personal Data”) are collected, stored or otherwise processed by us or on our behalf (hereinafter “you, your”) of the processing activities carried out.

2. Data controller

The Company is the legal entity responsible for the collection and processing of your Personal Data when you seek or your company seeks our services, when you contact us or when you are involved in or related to a matter on which we work.

3. Personal Data collected and processed

3.1. General

The categories of Personal Data we collect and process depend on the specific context of each situation and the list reproduced below is in all likelihood not to be considered as exhaustive.
Please note that the Company is not in a position to control the volume, extent or nature of Personal Data which are provided to us by others. Taking this into account, we shall however endeavour to process your Personal Data only in compliance with applicable data protection principles (such as purpose limitation).
We furthermore wish to draw your attention to the fact that you as well as any other person shall only provide us with information that is necessary for the intended purpose (data minimisation) in compliance with applicable data protection legislation.

3.2. Categories of Personal Data processed

Depending on the context, the Personal Data we process may include:

  • private or professional contact information (e.g. address, email address, telephone or mobile phone number);
  • identification information (e.g. first and last names, date and place of birth, identification number or gender);
  • business information (e.g. job function, job title, department or location) or contextual professional information (participation in memberships or organisations);
  • financial information, including income, assets, charges and investments (e.g. bank account information, bank guarantees, deposits, debts, financial transactions, expenses, mortgage, pension details, remunerations, salaries (or other compensation paid), possessions (also real estate));
  • educational information (e.g. curriculum vitae) and professional records and activities;
  • health data (e.g. medical records, medical reports, sick leave, information on sexual orientation, illnesses, diseases, images, videos and sounds of surgical interventions);
  • insurance data (e.g. insurances subscribed, risks covered);
  • images, videos, sounds, texts and phone call conversations;
  • data on incidents and accidents (especially in the field of medical liability and insurance matters);
  • data concerning other aspects of your life, such as your political opinions, sex life, trade union memberships, immigration status, labour law status, pension status, goods and services used or made available, accommodation, private life habits (social and family life, such as the composition of households, your hobbies, habits and interests), licences held);
  • judicial data (criminal records, court decisions, convictions);
  • contractual information (i.e. any information provided by you for the performance of the Company’s contractual obligations).

3.3. The sources from which your Personal Data stem

The Company may collect your Personal Data directly from you, namely when you contact us or request us to carry out services on your behalf, as well as from other sources such as:

  • the Company’s service providers or business partners;
  • the Company’s clients or adverse parties;
  • other auxiliaries of justice (e.g. lawyers, bailiffs);
  • regulators or public authorities;
  • other third-party or publicly available sources (e.g. trade registers, directories, social media platforms).

3.4. Possible consequences of a refusal to provide your Personal Data

Please also note that a refusal to provide us with necessary Personal Data or the exercise of your data subject rights (as detailed below) may prevent you from using our services, in whole or in part, and may lead to the termination of our business relationship.

4. Legal basis allowing to collect and process your Personal Data

Depending on the context of each specific situation, the collection and processing of your Personal Data by the Company is lawful as at least one of the following applies:

  • the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
  • the processing is necessary for compliance with a legal obligation to which the Company is subject (e.g. when storing Personal Data for compliance purposes or when complying with our AML/CTF and KYC obligations);
  • the processing is necessary for the performance of a task carried out in the public interest (namely when we exercise our role as auxiliary of justice);the processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party and those legitimate interests are not overridden by your interests or fundamental rights and freedoms; such legitimate interests namely consisting in:
    • administering claims, preparing the legal defence of clients and third parties, resolving and managing disputes or litigation proceedings, protecting any interests, of whatsoever       nature, whether tangible or not, of ourselves or others;
    • providing our clients with advice regarding their rights and obligations;
    • process your requests;
    • performing the services we are requested to perform;
    • managing and administering the relationship with our clients and prospects;
    • ensuring the efficient functioning of the Company;
    • invoicing and accountancy.
  • the processing is necessary for the purposes of carrying out the obligations and exercising specific rights of us or you in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for your fundamental rights and the interests;
  • you have given your consent to the processing of your Personal Data;
  • the processing relates to personal data which are manifestly made public by you;
  • the processing is necessary for the establishment, exercise or defence of legal claims.

5. Conditions applicable to your consent (if applicable)

Please note that if the processing of your Personal Data has been rendered lawful on the basis of your consent, you have, at any time, the right to withdraw your consent to the processing
of your Personal Data. The withdrawal of your consent shall however not affect the lawfulness of processing based on your consent before its withdrawal.

6. The purposes of the processing

The Company processes your Personal Data for various purposes, in particular:

  • to meet or comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies (including the Bar Associations to which the Company or its lawyers are members) which are applicable to us (e.g. respond to regulatory requests, disclose facts to regulatory bodies, conduct audits and checks, perform due diligence, investigations and identity checks), in particular for compliance purposes (such as AML/CTF and KYC obligations);
  • to respond to requests from public and government authorities and in particular to respond to a verified request relating to a criminal investigation (e.g. subpoena, court order or substantially similar legal procedure) or alleged illegal activity or any other activity that may expose the Company or any of the Company’s service providers, or you to any legal proceeding or legal liability;
  • to prevent any harm, financial loss or any other risk for the Company or any of the Company’s service providers or any other individual or entity related to the Company and to prevent, detect and investigate, to analyse and manage commercial risks and to deal with actual or potential illicit or illegal acts (e.g. to pursue available remedies or limit the damages that the Company or its service providers may sustain);
  • to protect the Company, its operations and its contractual and legal rights and obligations or those of others as well as the rights, privacy, safety and property of the Company or others;
  • to perform the contract to which you are party or to take steps at your request prior to entering into a contract and to perform the services we are requested by you, our clients or third parties for the protection of their interests;
  • to exercise our role as auxiliary of justice and to communicate with other auxiliaries of justice (e.g. lawyers, bailiffs) involved or to be involved in a subject matter dealt with by the Company;
  • to administer claims, prepare the legal defence of clients and third parties, resolve and manage disputes or litigation proceedings, protect any interests, of whatsoever nature, whether tangible or not, of ourselves or others;
  • to provide our clients with advice regarding their rights and obligations, information requested by them and solutions to their questions, and perform the services we are requested to perform;
  • to ensure the efficient functioning of the Company, including by managing, assessing and improving our internal organisation and functioning;
  • to provide you with any other information regarding the Company and its services, to contact you and to send you administrative information, such as information concerning changes to the Privacy Policy or any other legally binding document;
  • to respond to inquiries and support needs and to fulfil other requests;
  • to prevent any data breach or circumvention of the Company’s security measures or to mitigate their possible adverse effects;
  • to invoice the work performed and manage the accountancy of the Company;
  • for troubleshooting, statistical or archiving purposes.

7. Keeping your Personal Data up-to-date

You shall ensure that all your Personal Data processed by the Company are accurate, complete, true, correct and up to date. The Company shall not be liable for keeping and processing inaccurate information in case that you did not respect your obligation to keep your Personal Data up-to-date.

8. Your data protection rights

8.1. General

To exercise your data protection rights outlined in this section, you can contact the Company by sending an email to schiltz@schiltz.lu or by contacting us via phone under the following number: +325 45 64 80.

Please make clear in your request which Personal Data you would like to access or to rectify or of which Personal Data you request the restriction of processing or their erasure.

Please be aware that your data protection rights are not absolute and it remains that, in accordance with applicable data protection laws, your rights may be withheld. In such event, the Company will provide you with the reasons for not complying with your request.

The Company is inclined to process your request as soon as reasonably practicable and the Company will provide you with information on actions taken without undue delay and in any event within one month of receipt of your request. This period may be extended by a further two months where necessary, taking into account the complexity and number of your request. In this event the Company will inform you of any such extension within one month of the receipt of your request, together with the reasons for the delay.

In the event the Company would decide to not comply with your request or has not processed your request within the aforesaid timeframe, you can lodge a complaint with the national supervisory authority (see point 15.) and you can seek a judicial remedy against the Company’s decision.

8.2. Your right to access, rectification, restriction of processing and erasure of your Personal Data & your right to data portability

You have, if applicable and within the limits of applicable data protection laws, the ability to request access to your Personal Data processed by the Company and to seek the rectification or erasure of your Personal Data or to request the restriction of their processing.
You have, within the limits of applicable data protection laws, the right to receive the Personal Data you have submitted to the Company in a structured, commonly used and machine-readable format and to transmit such Personal Data to another controller without hindrance. The Company will, where applicable and technically feasible, transmit your Personal Data directly to the data controller of your choice.

8.3. Your right to object

IN ACCORDANCE WITH APPLICABLE DATA PROTECTION LEGISLATION, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME, TO THE PROCESSING OF YOUR PERSONAL DATA BY THE COMPANY, UNLESS:

  • THERE EXIST COMPELLING LEGITIMATE GROUNDS FOR SUCH PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS; OR
  • THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

9. International transfers of Personal Data

As a matter of principle, the Company processes your Personal Data within the European Union. This shall, however, apply without prejudice to our right to transfer and process your Personal Data outside of the European Economic Area in accordance with the General Data Protection Regulation when this is required to accomplish the purposes set forth in point 6. of the present Privacy Policy.

Please be aware that the transfer of your Personal Data outside the European Union entails the risk that your Personal Data may be subject to laws and regulations which do not guarantee an equivalent level of protection for your rights and freedoms as it would normally be the case within the European Union.

10. Disclosure of Personal Data

The Company may disclose your Personal Data to the following categories of recipients when this is required to accomplish the purposes set forth in point 6. of the present Privacy Policy and only in accordance with applicable laws and regulations:

  • the Luxembourg Bar;
  • public and government authorities (e.g. judicial authorities such as courts and tribunals or the public prosecutor, the CCSS, CSSF, CNPD, tax authorities);
  • the Company’s service providers (e.g. IT support service providers);
  • auxiliaries of justice (e.g. lawyers, bailiffs);
  • any third party, if such disclosure is necessary for the fulfilment of the purposes set forth in this Privacy Policy.

11. Security of Personal Data

The Company protects your Personal Data by using appropriate administrative, technical and organisational security measures to reduce the risks of loss, theft, misuse, unauthorised access, disclosure, destruction and alteration of your Personal Data. Please be, however, aware that today no processing, transmission or storage of data, including Personal Data – even in high security environments and notwithstanding any appropriate security measure – ensures an absolute protection and can for example be subject to hacks or attacks.

If you have reason to believe that your Personal Data is no longer secure, you shall immediately notify such risk to the Company by contacting us at schiltz@schiltz.lu.

12. Storage of your Personal Data

Without prejudice to the Company’s right to further process your Personal Data for purposes that are not incompatible with the initial purpose, and subject to the Company’s own legal and regulatory obligations, the Company retains your Personal Data only for as long as necessary to fulfil the purposes described in the present Privacy Policy and as long as required by the laws of Luxembourg.

In this vein, the Company keeps client documents for at least 10 years as from the termination of the relevant contractual relationship.

13. Updates to this Privacy Policy

The present Privacy Policy has been made available to you prior to your use of the Company Services.
The Company reserves the right to revise, change, modify, update, supplement, add or remove parts of the Privacy Policy, at any time, in an exercise of its sole discretion. When the Company makes such changes to the Privacy Policy, the Company will notify such changes to you by making the amended Privacy Policy available on the Company’s website. It is your responsibility to review the amended Privacy Policy.

14. Merger/Corporate Acquisition

If the Company merges with another company or entity, of whatsoever form, or is partially or entirely acquired by such company or entity, the acquiring company or entity shall have access to all your Personal Data in the Company’s possession. Without prejudice to the right to update the present Privacy Policy, the acquiring company or entity shall be bound by this Privacy Policy.

15. Questions or complaints

If you have questions or concerns about this Privacy Policy or seek additional information about the processing activities carried out by the Company when providing the Company Services, you can contact us via phone under the following number: +325 45 64 80 or write us by sending an email to schiltz@schiltz.lu.

If you do not feel satisfied with the response given or actions taken, you have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (the data protection authority in Luxembourg) having its seat at 15, Boulevard du Jazz, L-4370 Belvaux (Luxembourg).