This privacy notice describes how Duke Sàrl (Duke) - as data controller - processes personal data relating to any individual it has a relationship with, may need to contact, or whose data must be collected, handled and stored in order to comply with all applicable data protection laws.
The aim of this notice is to inform Duke's Data Subjects about
"Duke" "we" and "us" means Duke Sàrl; and its shareholder Manufacture Grand-Ducale SA. "Data Subject" and "you" mean any identified or identifiable individual that is a representative or and employee of our prospective, present and past clients, delegated, service providers or contractors. "Personal Data" or "Personal Information" means any information about a Data Subject from which or through which you could be identified and/or identifiable. "GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Duke processes your Personal Data fairly and in accordance with applicable laws. In particular, Duke:
For any Personal Data related query or in order to exercise your rights as Data Subject please contact: firstname.lastname@example.org
We may collect the following Personal Data our clients, delegated, service providers or contractors or their representatives and employees:
We use your personal information on the following legal bases:
Duke may disclose your Personal Data where appropriate to:
Such disclosure will only be performed on a need to know basis.
Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
For the purposes set out above, Duke may transfer your Personal Data to employees, suppliers, clients and any other kind of recipients located in a different jurisdiction than Luxembourg.
These locations may include places within the European Economic Area (EEA) or outside the EEA.
The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.
Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses on how to process your Personal Data.
Duke will keep your Personal Data no longer than for the purpose(s) your data has been collected for, mainly:
Duke may however hold your Personal Data based for longer periods pursuant to the following criteria:
As an individual, you have certain rights under data protection law. Some of the rights are complex and only apply in specific circumstances. You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Duke in accordance with GDPR recognises a list of rights that all individuals have under data protection regulation and laws. They do not apply in all circumstances and you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
These rights are as follows:
We have security arrangements in place to guard against unauthorised access, improper use. alteration, destruction or accidental loss of your personal information. You are required to help with this by ensuring that your own Personal Data and that of your colleagues and third parties are kept secure. You should not share your (or anybody else's) Personal Data unless there is a genuine business reason for doing so.
We take appropriate organisational and technical security measures.
When we use third party organisations to process information on our behalf, we ask them to demonstrate their compliance with GDPR, our security requirements, and any instructions we may give them.
We do not use any automated decision-making in providing services to you. If we decide to use automated decison-making in future, we will inform you that we engage in this type of activity, provide further information about what is involved and explain the significance and envisaged consequences of the processing for you.
Unless it is not required for by law or to perform a contract or enter into it, we will seek your consent for this.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email@example.com
Matricule: N°2014 2455 197
N° TVA: LU27 228 332
Last updated: Mar 14, 2023