Connecting Experienced Professionals with the Right Clients

Certitude Services privacy policy is relevant to your use of its website. This policy also documents the rights of individuals and representatives of legal entities that engages in business with Certitude Services in respect of personal data under the European Union General Data Protection Regulation (2016/679) (GDPR). Please read them carefully as they affect your rights and liabilities under the law. If you do not agree to this Privacy Policy, please do not use Certitude Services ’s website, or engage with us. If you have any questions on the Terms and Conditions, please contact us.

General Data Protection Regulation (GDPR)

The General Data Protection Regulations defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This Policy sets out the procedures that are to be followed when dealing with personal data.  The procedures and principles set out herein must always be followed by Certitude Services, its employees, agents, contractors, or other parties working on behalf of Certitude Services.

What Information Do We Collect and How Is That Information Used?

Certitude Services may collect your personal details including, but not limited to, your name and contact details including your e-mail address and any other relevant information with your express permission. This information is held, used, and disclosed by us in the following ways until permission is withdrawn:

  • To continue to provide our services to you.
  • To maintain our business relationship throughout the lifetime of that relationship, where you are a client or user of our website or services.
  • To enable us to answer any queries you may have.
  • To market our products and services to you; to keep you updated on any relevant industry news; to update you on any events, promotions and competitions, reports, and any other information we feel may be relevant or of interest to you. You retain the right to unsubscribe from such communications at any time.
  • To fulfil contractual obligations with you.
  • To enable the development and marketing of other products and services by Certitude Services.
  • To continually improve our customer service efforts and to make our services more valuable to you.
  • Certitude Services may also release personal information to regulatory or law enforcement agencies if they require us to do so. We will also only disclose your information where we are permitted and requested to do so by law.

Certitude Services will also seek your consent to collect, hold, use, and disclose your personal information for any other purpose not listed above, but will continue to do so only if your permission is given and from which you understand you can withdraw permission.

If we are holding historic data about you or your Certitude Services that no longer is of use or has any significance it will be deleted unless you have given consent, or there is legal obligation, to retain it.

Only members of Certitude Services staff that need to have access to your information to carry out their normal duties will be allowed access to the information.

Any concerns over the retention, use or disclosure of your information should be addressed to our administrative team.

How long do we hold personal data?

Certitude Services will retain personal data for as long as a candidate is active and for 12 months afterwards, unless required to retain for a longer period by Luxembourg Labour Law.

Data Processing for Specific Purposes Only

Certitude Services collects and processes the personal data set out in this Policy. This may include personal data received directly from Data Subjects.

Certitude Services only processes personal data for the specific purposes set out in this Policy or for other purposes expressly permitted by GDPR. The purposes for which we process personal data will be informed to Data Subjects at the time that their personal data is collected, where it is collected directly from them.

Certitude Services will only collect and process personal data for and to the extent necessary for the specific purpose(s) informed to Data Subjects.Certitude Services shall ensure that all personal data collected and processed is kept accurate and up to date, so far as reasonably practicable. Where any inaccurate or out-of-date data is found, all steps will be taken without delay to amend or erase that data, so far as reasonably practicable.Certitude Services shall ensure that all personal data collected and processed is kept secure and protected against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Data Subjects may request that Certitude Services ceases processing the personal data it holds about them.  If a data subject makes such a request, Certitude Services shall retain only the amount of personal data pertaining to that data subject that is necessary to ensure that no further processing of their personal data takes place.

Your Right to Access

The European Union General Data Protection Regulation (2016/679) ensures that Data Subjects have the right at any time to ask us to share with you the information that we hold that you have supplied to us. If you make such a request, we will ask you to verify your identity and possibly ask you to give us more information about such a request. We will only refuse your request if we are legally permitted or required to do so. If this is the case, then we will give you reasons for doing so. To make a request for information, please contact us.

Please be aware that you also have the right to ask Certitude Services to stop using the information that you supplied us. Under the right to erasure, you can also request for deletion of your file, although you should be aware that in some circumstances we may not be required or able to do so, particularly where your file also holds information about our clients or financial information that we need to keep for periods of up to six years,i.e.,information which relate to tax matters. If, under any circumstances, we cannot comply with your request for information we will provide a full explanation as to why this is so.

Deleting of Your Data

Data Subjects may request that Certitude Services erase the personal data it holds about them in the following circumstances:

  • It is no longer necessary for Certitude Services to hold that personal data with respect to the purpose for which it was originally collected or processed.
  • The data subject wishes to withdraw their consent to Certitude Services holding and processing their personal data.
  • The data subject objects to Certitude Services holding and processing their personal data (and there is no overriding legitimate interest to allow Certitude Services to continue doing so).
  • The personal data has been processed unlawfully.
  • The personal data needs to be erased for Certitude Services to comply with a particular legal obligation.
  • Unless Certitude Services has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request (this can be extended by up to two months in the case of complex requests, and in such cases the data subject shall be informed of the need for the extension).

Right to Suspend or Cancel Your Registration

We may suspend or cancel your registration immediately at our reasonable discretion or if you breach any of your obligations under these Terms and Conditions:

  • You can cancel your registration at any time by logging onto Certitude Services website through the “unsubscribe” link. The suspension or cancellation of your registration and your right to use Certitude Services website shall not affect either party’s statutory rights or liabilities.
  • Data Subjects have the right to object to Certitude Services processing their personal data based on legitimate interests (including profiling), direct marketing (including profiling).
  • Where a data subject objects to Certitude Services processing their personal data based on its legitimate interests, Certitude Services shall cease such processing forthwith, unless it can be demonstrated thatCertitude Services legitimate grounds for such processing override the data subject’s interests, rights, and freedoms; or the processing is necessary for the conduct of legal claims.
  • Where a data subject objects to Certitude Services processing their personal data for direct marketing purposes, Certitude Services shall cease such processing forthwith.
  • Where a data subject objects to Certitude Services processing their personal data for scientific and/or historical research and statistics purposes, the data subject must, under GDPR, demonstrate grounds relating to his or her situation. Certitude Services is not required to comply if the research is necessary for the performance of a task carried out for reasons of public interest.

Notification of a Data Breach

All personal data breaches must be reported immediately to Certitude Services administration through our contact details.

If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of Data Subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the data protection officer who is also the registered manager, must ensure that the National Commission for Data Protection – Grand-Duchy of Luxembourg isinformed of the breach without delay, and in any event, within 72 hours after having become aware of it.

If a personal data breach is likely to result in a high risk to the rights and freedoms of Data Subjects, the data protection officer must ensure that all affected Data Subjects are informed of the breach directly and without undue delay.

Data breach notifications shall include the following information:

  • The categories and approximate number of Data Subjects concerned.
  • The categories and approximate number of personal data records concerned.
  • The name and contact details of Certitude Services data protection officer (or other contact point where more information can be obtained)
  • The likely consequences of the breach
  • Details of the measures taken, or proposed to be taken, by Certitude Services to address the breach including, where appropriate, measures to mitigate its possible adverse effects.

This Policy aims to ensure compliance with the GDPR. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:

  • Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes.
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased, or rectified without delay.
  • Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

GDPR seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. The Regulation states that processing of personal data shall be lawful if at least one of the following applies:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary to protect the vital interests of the data subject or of another natural person.

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, where the data subject is a child.

Our Obligations

Certitude Services shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:

  • All employees, agents, contractors, or other parties working on behalf of Certitude Services shall be made fully aware of both their individual responsibilities and Certitude Servicesresponsibilities under the GDPR and under this Policy and shall be provided with a copy of this Policy.
  • Only employees, agents, sub-contractors, or other parties working on behalf of Certitude Services that need access to, and use of, personal data to carry out their assigned duties correctly shall have access to personal data held by Certitude Services.
  • All employees, agents, contractors, or other parties working on behalf of Certitude Services handling personal data will be appropriately trained to do so.
  • All employees, agents, contractors, or other parties working on behalf of Certitude Services handling personal data will be appropriately supervised.
  • The performance of those employees, agents, contractors, or other parties working on behalf ofCertitude Services handling personal data shall be regularly evaluated and reviewed.
  • All employees, agents, contractors, or other parties working on behalf of Certitude Services handling personal data will be bound to do so in accordance with the principles of the Regulation and this Policy by contract.

Amendments

We may update our GDPR Privacy Policy from time to time for legal or regulatory reasons or to allow the proper operation of Certitude Services website. We will make reasonable efforts to notify you of any changes. The changes will apply to the use of Certitude Services website after we have given notice. If you do not wish to accept the new Terms and Conditions, you should not continue to use Certitude Services website. If you continue to use Certitude Services website after the date on which the change comes into effect, your use of Certitude Services website indicates your agreement to be bound by the new Terms and Conditions.