1.What is this Data protection Privacy Statement?
With effect from 25 May 2018, the protection of personal data in the European Union has been strengthened by the introduction of the General Data Protection Regulation – EU Regulation 2016/679 of 27 April 2016 (GDPR). This Regulation increases the responsibility of companies and gives new rights to individuals.
With the entry into force of the GDPR, YLP is committed to strengthening the protection of personal data through the implementation of a Personal Data protection Policy. In accordance with Article 24 of the GDPR, and in conformity with the commitment of YLP, this Policy represents the firm commitment of YLP's management to the protection of the personal data of its customers and employees, and of third parties.
At YLP where we collect personal information about you, we are committed to protecting this information and your privacy. Set out below is an explanation of how we use, collect and safeguard your personal information.
2.What personal information do we collect?
YLP collects and processes the personal data provided by its clients (natural persons), the representatives and beneficial owners of its clients (legal entities), and its employees, partners and suppliers, such as their identity and contact information, work situation, financial or bank information.
This data includes:
- Identity data: this includes but is not limited to first name, last name, date of birth, place of birth, nationality, passport or national identity card details, national identity number or social security number;
- Contact Data: this includes email address, telephone number(s) and postal address;
- Financial Data: this includes banking details, income details, tax information and source of wealth;
- Employment Details; this includes job titles, employment history;
- Any personal data about the data subject which has been included in the forms requested by YLP;
3.Why do we collect your information?
YLP only collects and processes the personal data that if it is strictly necessary in the context of its activities to offer high-quality services that meet its clients' requirements, and for the purposes of optimum management of human resources, partnerships and purchases.
You are a client, we use your personal information to provide a service to you in our capacity as a data controller;
If you are a candidate for a job, we use your personal information as part of our recruitment process in our capacity as a data controller.
4.What is the legal basis associated with the main purpose?
In the context of its activities, YLP has the right to process any personal data only if it has a legal basis: when the data subject consents to the processing of his or her personal data for one or more specific purposes;
- the processing is necessary for the performance of a contract to which you are a party;
- complying with the legal and regulatory obligations, particularly combating money laundering and terrorist financing, combating fraud, obligations related to financial markets, and determining tax status ( refer to AML/FT regulation);
- where is in YLP’s legitimate interest ( the processing of disputes, recovery or transfers of debt, and more generally managing payment incidents) ;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In addition, we are required by law to obtain “know your client” information as detailed in our service contract, or other relevant information sources and this includes certain personal information.
If you do not provide information, in the circumstances detailed above, we will be unable to offer you the service required or interact with you for normal business purposes.
5.Who we share personal information with?
We will only disclose your personal information in accordance with applicable laws and regulations applicable in Luxembourg. We will disclose your information to the following third parties:
- Any person with legal or regulatory power over us (Ordre des Experts Comptables (OEC), Cellule de renseignement financier (CRF), Administration des Contribution Directes or the police that may require disclosure on legal grounds, or other relevant Government departments where reasonably necessary for financial crime and sanction prevention purposes).
- Service providers engaged by us to help us run our business and perform the Services/our contract with you. Such service providers will include, for example, cloud storage providers (engaged by us to provide electronic storage facilities for our business data and your information). Other services providers such as IT system suppliers, auditors, lawyers, document management providers.
- Your relatives, powers of attorney, guardians acting on your behalf or other people or organisations associated with you such as your financial advisor or your lawyer whenever you have given us permission to share your personal information with them.
6.How do we keep your information secure?
We store the information you provide about yourself in a secure database and take appropriate security measures to protect such information from unauthorized access.
We take protection of your personal information and our system security very seriously. Any personal information which is collected, recorded or used in any way will have appropriate safeguards applied in line with our data protection obligations.
7.How long will we store your information for?
We generally hold your personal data on our systems for as long is necessary to provide services to you.
We will retain your personal data for a period of five years after the end of your business relationship with us.
If you were in contact with us for a potential business relationship and for any reason it has been decided to not conclude a contractual relation, we will retain your data for a period of 6 month after the decision to not enter into a contract.
You have the following rights in relation to how we use your information. If you’d like to exercise these rights please contact us using the contact details listed below:
Att: Data Protection Officer
2C Rue Nicolas Bové,
Right of access
You have the right to know if we are using your information and, if so, the right to access it and information about how we are using it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing.
Right of rectification
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case you have the right to require us to rectify any errors in the information we hold about you.
Right to erasure
You have the right to require us to delete your information if our continued use is not justified. However, this will need to be balanced against other factors, depending upon the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations, which mean we cannot comply with your request.
Right to restrict processing
In some circumstances, although you may not be entitled to require us to erase your information, but may be entitled to limit the purposes for which we can use your information.
Right to object
For certain limited uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
Right of data portability
You have the right to require us to provide you with a copy of the personal information that you have supplied to us in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours). Once transferred, the other party will be responsible for looking after your personal information.
Rights related to automated decision making including profiling
YLP does not carry out automated profiling and will not make any decisions based on the automated processing of data.
In some circumstances exercising some of these rights will mean we are unable to continue providing you with our services or maintaining a business relationship with you.
You can make any of the requests set out above using the contact details in this Privacy Notice. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make and if we can't comply with your request, we will tell you why.