Privacy Policy

SAPSOL S.à.r.l., acting as a collector and controller of data, operates effectively and provides you (any person in relation with SAPSOL S.à.r.l.) with the best services.

Indeed, as part of our services, we collect, receive, and process personal information (i.e., any information relating to living persons) about existing and past clients, prospects, counterparts, advisors, service providers, suppliers, regulators of public authorities and other people, including their respective representatives, members, staff, and agents, whether or not we have a contractual relationship with any of them or the entity they represent or for which they work.

Therefore, SAPSOL S.à.r.l. is committed to protecting your privacy. The privacy notice covers how we can collect, use, share, protect, and retain information about you, as well as the rights you have in this regard.

1. Principles - responsible for processing your personal information:

As required by applicable data protection legislation, we inform you that we are the controller of the personal information we collect, receive and process about you.

We may also act as a processor in exceptional circumstances where we receive strict and detailed instructions to process personal information on behalf of third parties;

The "GDPR" is the General Data Protection Regulation - Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and any other national or supranational statutory law that applies to us.

"Personal Data" is information of any kind, regardless of the type of medium, including sound and image, relating to an identified or identifiable natural person (data subject).

2. The information collected:

To provide its services, SAPSOL S.à.r.l. needs to collect and process certain information about you. The data collected depends on the context of your interactions with SAPSOL, the choices you make, and the services provided to you.

It should be noted that you have choices about the data we collect. When you are asked to provide personal data, you may refuse. If you choose not to provide the documents necessary to provide the service, SAPSOL S.à.r.l. may not be able to provide the service.

3. Source and categories of data processed:

We are likely to obtain personal information in paper form or electronically from one or more sources.

When you contact us directly as a data subject or indirectly through people you ask to contact us on your behalf or when you provide us with your contact details, we obtain personal information from you. This is generally the case when you contact us to request services or when you attend events that we organize.

The information can also come from third parties. This includes our customers, prospects, counterparties, advisors, service providers, suppliers, regulators, public authorities whether or not we have a contractual relationship with any of them or the entity they represent or for which they work.

As a general rule, anyone with whom we have a business relationship can provide us with personal information about you.

We cannot always control the extent of the personal information that is provided to us or made accessible by you and third parties. The records, documents, agreements and correspondences (without limitation as to the type of support) that are provided to us may contain personal information that we have not specifically requested or that we do not need for the intended purposes.

We are not able to control the extent of the personal information that is provided to us or made accessible by you and third parties.

However, the data we collect and process may include the following, but is not limited to:

Identification data: we collect data about you such as your first and last name, national identification number, identity card, signature, email address, postal address, telephone number and other similar contact data, date and place of birth, gender, country and preferred language, marital status, name of spouse, number of children, passport, tax number, social security number

Electronic identification data: we use cookies to collect data on how you use our website and view our marketing emails. This may include, for example, information about the pages of the SAPSOL website that you visited, how long you stayed there, which items you clicked on and your IP address,

Professional contact details: we collect data about you, such as your function, job title, department, name of the organization, size and location, and whether you act or name on behalf of a client, participation in committees or think tanks, involvement in professional associations, charities, clubs, unions, groups, curriculum vitae, seniority, practice area, publications,

Financial information: we collect your financial information, such as financial account information, bank statement, tax data, debts, expenses, type of loan and amount borrowed, type of insurance, details of risks covered, insured amounts, contract status, if necessary to accept a payment or fulfill contractual obligations or for related purposes,

Public records such as business and company registers and intellectual property registers, sanction lists,

Contractual information: any information provided by the data subject allowing SAPSOL S.à.r.l. to perform its contractual obligations.

In addition to the categories of data mentioned above, SAPSOL S.à.r.l. guarantees that, except to the limited extent that may be necessary in the context of employment and in the performance of a contract with a client, or compliance with legal obligations, we do not request or collect particular categories of sensitive data (i.e. personal information specifying criminal offences/conviction, health status, biometric or genetic data, social or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the individual's sexual life).

4. Data Collection:

This privacy notice applies to personal data, that is, information that SAPSOL S.à.r.l. collects from you and other third parties that specifically identify you as an individual. SAPSOL S.à.r.l. may collect your personal data in different ways.

Information we collect automatically when you use our site: when you use our website, we automatically collect, through cookies, the following information:

Navigation data and browsing history,

Social media,

Subscription services or databases such as World Check,

HTTP protocol elements,

Search terms.

Cookies are small pieces of text that are downloaded to your computer or other internet-connected devices when you visit a website. SAPSOL S.à.r.l. uses cookies on its website to enhance its overall user experience.

Personal data we collect when you do business with SAPSOL: we may collect and process your data when you do business with us. "Personal data" refers to information related to an identified or identifiable individual that SAPSOL receives on behalf of the individuals concerned.

Personal data we obtain from other sources: we may also periodically obtain personal and non-personal information about you from SAPSOL's affiliated companies, business partners, or other third-party sources when they are legally authorized to share this information with us, and add it to the information we already hold about you, such as, but not limited to:

  • Update of professional address,

  • Identification data,

  • Financial information,

  • Contractual information

Purposes of collection, use, and processing of data:

For the processing to be lawful under the GDPR, a legal basis must be identified before personal data are processed.

We use or may use your personal data for the following purposes in accordance with the legal basis of the GDPR:

  • To be able to provide the service you have requested. The processing is necessary for the performance of a contract.

  • To provide you with information, access to resources, or other services that you have requested on behalf of your organizations. The processing is necessary for the performance of a contract.

  • To send you customer service-related communications (marketing). The processing is necessary for the purposes of the legitimate interests pursued by the data controller. The processing is based on your consent to receive marketing communications.

  • To process information you send to SAPSOL and respond to your questions, requests, and complaints. The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The processing is necessary for compliance with a legal obligation.

  • To fulfill our legal obligations, notably in terms of AML/TF (including KYC) and MAR. The processing is necessary for compliance with a legal obligation.

  • To carry out the recruitment process. The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  • To promote our events via photos and videos disclosed on our social networks. The processing is necessary for the purposes of the legitimate interest pursued by the data controller or by a third party.

  • To manage SAPSOL's infrastructure and business operations and comply with internal policies and procedures. The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party.

  • To comply with applicable rules, laws and regulations, codes of practice or guidelines or to assist law enforcement and investigations conducted by competent authorities. The processing is necessary for compliance with a legal obligation.

We may contact you and request your consent by mail, phone, fax, video conference, email or other electronic messaging service to inform you about special events, new features or other information that may be of interest to you based on your interaction with SAPSOL or for certain specific purposes. When applicable law requires it, your prior consent will be obtained before sending you direct marketing and you can object to or refuse to receive marketing messages from SAPSOL S.à.r.l. at any time, without this affecting the processing carried out before this withdrawal and without prejudice to any retention or processing that may be required of us by law. To unsubscribe from marketing communications, you can send an email to the email address of SAPSOL S.à.r.l. For emails, you can also unsubscribe by writing to the email address of SAPOSL S.à.r.l.

SAPSOL does not sell your information to third parties in any case.

5. Sharing of Personal Data:

Depending on the nature and scope of our mission or the service that is requested from us, SAPSOL S.à.r.l. shares your personal data if necessary to provide any service you have requested or authorized. SAPSOL S.à.r.l. may transfer personal information abroad to the extent that such transmission is deemed reasonably necessary or desirable to meet the objectives or missions entrusted, including outside the European Union/European Economic Area, in countries not recognized by the European Commission as having an adequate level of personal information protection.

Personal information can be sent or accessed from any country where:

  • It is necessary or useful in the context of our services,

  • We travel (since we can access our files remotely via mobile devices or using a secure virtual private network),

  • For the execution of the contract we have with the person concerned or the implementation of pre-contractual measures taken at the request of the person concerned,

  • If it is necessary for the conclusion or execution of a contract concluded in the interest of the person concerned between the data controller and another natural or legal person,

  • If it is necessary for important reasons of public interest or for the establishment, exercise, or defense of legal rights (including, for example, to comply with laws applicable to us, a government or judicial injunction made to us,

  • With the explicit consent of the person concerned,

SAPSOL S.à.r.l. may also share your personal data with your consent, particularly for the following purposes to the extent that such disclosure or transmission is deemed reasonably necessary or desirable to meet the objectives or at the legitimate request of our clients, the persons concerned, or third parties with whom we deal in the context of our services and marketing activities:

  • Recruitment,

  • AML/CTF including KYC (third parties, including but not limited to, notaries, domiciliation agents, banks, auditors,...

6. Disclosure of Personal Data:

Disclosure of your personal data:

  • Service providers: we may disclose/transfer your data to third parties, including cloud service providers, whom we call service providers only to the extent necessary to enable these service providers to provide services to SAPSOL S.à.r.l. and to help us provide you with services. SAPSOL's policy is to maintain contracts with all third parties to whom we disclose/transfer these personal data, to restrict their access, use, and disclosure of personal data. In fact, service providers must respect our requirements for privacy and data security and are not allowed to use the personal data they receive from us for other purposes than the provision of services to SAPSOL and assistance to provide you with services.

  • Third parties in Luxembourg or abroad: we may disclose/transfer your data to third parties such as administration and public authorities, banking institutions, notaries, and professional advisers of SAPSOL S.à.r.l.

  • Safety, security, and compliance with the law: we will access, transfer, disclose and retain personal data to comply with applicable law or to respond to subpoenas, court orders or any other valid legal procedure, for reasons related to national security, to defend against legal claims, to protect the rights and safety of SAPSOL, employees or others. This may involve sharing your data with law enforcement, government agencies, courts, and other organizations.

  • Consent: we may share your data by other means and for new purposes if you have asked us to do so and have consented to such sharing.

The photos or videos taken during events that we organize or in which we participate are likely to be published, in paper or electronic format, including on the internet (such as press releases, national and international newspapers and magazines, our website and social networks such as YouTube, LinkedIn, and Facebook). Thus, when you agree to appear in a photograph at our events, we consider that you accept the production and publication of your image.

These recipients may be located inside and outside the European Union. Your personal data will not be transferred to a country outside the European Union that does not ensure an adequate level of protection unless you have given us your prior authorization or if specific measures (such as adequate contractual arrangements) have been taken by us or if the companies concerned have binding corporate rules to ensure that the requirements of the applicable data protection law have been respected.

7. Access to personal data:

SAPSOL S.à.r.l. ensures that you can exercise your rights at any time. SAPSOL will process any request within its technical and organizational means.

This includes the following items:

  • Right of confirmation: to obtain from us the confirmation that personal data concerning you are being processed or not,

  • Right of access to your personal data: if you wish to consult the personal data and relevant information that we hold, collect and process about you, please inform us by contacting us at the e-mail address of SAPSOL, info@sapsol.dev

  • Right of rectification: if the data we hold, collect and process about you are inaccurate or incomplete, you have the right to update or complete these data at any time by contacting us at the e-mail address of SAPSOL, info@sapsol.dev

  • Right to erasure: if at any time you decide that we should not keep the personal data we have collected from us, you can ask us to delete your data by contacting us via the e-mail address of SAPSOL. We will take reasonable steps to respond to your request in accordance with applicable laws.

  • Right to limitation of processing: if you wish to request SAPSOL to restrict or stop the processing of personal data in the future, please contact the e-mail address of SAPSOL. You should only get the right to limitation of processing as far as possible, in accordance with applicable laws.

  • Right to object: if you wish to object to the processing of personal data concerning them based on the satisfaction of the legitimate interests we pursue, at any time. If this right is exercised, we will no longer process personal information unless we demonstrate compelling legitimate grounds for processing that prevail over the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Please contact us via the e-mail address of SAPSOL, info@sapsol.dev. We will review your objections and comply with them unless we have a compelling legitimate ground as permitted by applicable law.

  • Right to data portability: you may have the right to have your personal data transferred directly from us to another data controller only when you have asked us to do so and you have consented to such sharing, and when it is technically possible in a commonly used and machine-readable format. If you wish to exercise this right, please contact us at the e-mail address of SAPSOL, info@sapsol.dev

  • Right to lodge a complaint with the supervisory authority: when you believe that your data is processed in a manner not in accordance with GDPR, you have the right to file a complaint with the competent authority as follows: Luxembourg - National Commission for Data Protection, (CNPD). You can do this via the CNPD complaint form, available at the following address: http://cnpd.public.lu/en/particuliers/faire-valoir/formulaire-plainte.html.

To exercise their rights, the persons concerned can send a written request to info@sapsol.dev.

If you do not wish your image to be captured or disclosed, you must inform us before the event at info@sapsol.dev or during the event by approaching one of the organizers. Otherwise, we will consider that we have your agreement to process your image for the purposes disclosed herein.

8. How your data are protected:

SAPSOL S.à.r.l. recognizes your trust and commits to protect the data you provide to us. SAPSOL S.à.r.l. pays particular attention to the ethics of working from home. We avoid any paper copy to be taken home and require our employees that any task requiring the use of paper copies be performed from the office. We maintain appropriate organizational, physical and technical security measures (including regarding personnel, facilities, equipment and software, storage and networks, access controls, monitoring and logging, detection of vulnerabilities and violations, incident response, encryption of personal data) to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of personal data.

9. Notification of a personal data breach:

When SAPSOL S.à.r.l. acts as a data controller, it will inform its customer of any personal data breach by SAPSOL, its subcontractors or any other third party acting on behalf of SAPSOL without undue delay, only when the personal data breach is likely to result in a high risk to the rights and freedoms of the customer.

10. Duration of retention of personal data:

SAPSOL S.à.r.l. will retain your personal data:

  • As long as necessary for the purposes for which it was intended, always subject to legal prescription periods and situations where applicable laws require or allow personal information to be retained for a certain period after the end of the commercial or contractual relationship such as the legal obligation to retain accounting documents for a period of 10 years after the end of the financial year to which they relate, the contractual limitation of liability with respect to customer mandates after 10 years from the end of the relevant contractual relationship, justifying that we retain the documents relating to our missions or objectives during this period,

  • For the purposes of performing a contractual obligation with you or the organization you represent and, therefore, for legitimate business purposes.

Without prejudice to the generality of the foregoing, the persons concerned are informed in particular that:

  • The personal information processed for the purpose of carrying out the services requested from us will be retained as long as we need to retain this personal information in order to fully accomplish our mission, without prejudice to the possibility of retaining records of this personal information on the basis of the legal prescription periods allowed in civil or criminal law,

  • The personal information processed for the purpose of complying with our legal and regulatory obligations can be retained based on legal prescription periods (civil and criminal law),

  • The personal information processed for the purpose of dealing with customer relationship management will be retained as long as necessary or useful for the exercise of the services entrusted to us.

We may also retain and process personal information after the end of our contractual and commercial relationship for specific purposes such as complying with legal and regulatory obligations or the establishment, exercise or defense of legal rights.

11. Expectation:

We expect you to inform us in writing and without undue delay of changes made to the information you have provided us or about other people about you, so that we can keep them up to date.

If you provide us with personal information about yourself (for example, information about your representatives, staff members and respective agents, beneficial owners, shareholders, etc. or about a third party), you must first inform them of this fact and ensure that they acknowledge that we may use this information as indicated in this privacy notice. In particular, you must provide them with information relating to their rights as data subjects. We assume that these third parties are informed of the processing of personal information about them that we may perform and the disclosure of this to third parties and countries as described above and to the extent necessary, you have obtained the prior written consent of these data subjects.

12. Changes to the privacy policy:

We reserve the right to change this privacy notice from time to time to reflect changes to the law, our data collection and use practices, and to ensure that it is accurate, complete and up to date. We advise you to review this privacy notice periodically on our website. The latest version will always be available.