Confidentiality and personal data protection policy
This policy is applied throughout the CDCL group (hereafter “CDCL”) and by all its subsidiaries, of which the main entities are as follows:
The policy is applied in accordance with the General Data Protection Regulation (hereafter “GDPR”), in force since 25 May 2018.
In light of the GDPR, personal data and the processing thereof are defined as follows:
Any information relating to an identified or identifiable natural person (hereafter the “data subject”). The term “identifiable natural person” shall be taken to mean a natural person who may be directly or indirectly identified, notably with reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Any operation or set of operations carried out via an automated or other process involving personal data, such as collecting, recording, collating, structuring, retaining, adapting, modifying, extracting, viewing, using, communicating via transfer, distributing, making available, reconciling, interconnecting, limiting, deleting or destroying.
CDCL undertakes to:
Personal data is processed in compliance with applicable EU law. When developing and designing our services, which are based on the treatment of personal data or the processing of such data, we guarantee the security, transparency and legality of the processing systems. The information collected is strictly necessary, adequate and appropriate for the purpose notified to the data subjects in advance. Only information strictly necessary for the proper fulfilment of our contractual and legal obligations is collected.
We guarantee to protect personal data against all unauthorised or illegal processing and access and against loss, theft, destruction and damage of all kinds, by employing appropriate and proven technical means.
Personal data is only retained for the period necessary for us to fulfil our contractual and legal obligations.
As a matter of course we do not share any personal data, unless in exceptional circumstances to enable us to meet our legal obligations or where required for effective delivery of our services.
In addition to demanding compliance with applicable personal data protection regulations, we require our service providers to use personal data within the strict limits of performing the tasks entrusted to them, in accordance with instructions issued by us.
All data subjects enjoy the following rights:
In order to exercise these rights, please forward an e-mail to datamanagement@cdclux.com, specifying:
Your request will be retained on file for 10 years.
You may also submit a complaint to the supervisory authority, namely the Commission nationale pour la protection des données (CNPD).
You may view all the relevant information on the CNPD website: https://cnpd.public.lu/fr.html
CDCL will adapt its processing to the nature of the request (contract, job application, access to personal data protection rights, etc.). Each form of processing will be specifically notified with regard to its purpose, data category and the data subjects in question. As part of our recruitment process, we collect and process the personal data you provide to us (CV, cover letter, email exchanges, etc.). This data is processed for the purpose of managing applications and recruitment. It is only accessible to authorized personnel within the CDCL Group. Unsuccessful applications are kept for a maximum period of one year from the end of the recruitment process, in order to contact you again should a relevant opportunity arise. After this period, your data will be deleted or anonymized, unless you object before the end of this term.
CDCL also uses your personal data to notify you about future events, to send newsletters, for business development purposes, to keep you informed about property sales and to update its client/partner file.