Privacy Policy

Roosevelt & Partners S.A., acting as a data controller, and Roosevelt Services S.A., acting as a data controller or data processor (together “Roosevelt”, “we”, “us” or “our”), collect data to operate effectively and provide you (as any data subject in relation to Roosevelt) with the best possible services.

This is why, at Roosevelt, we are highly committed to safeguarding your privacy. We have developed a Privacy Notice that covers how we may collect, use, share, protect and keep information about you as well as the rights to which you are entitled in this respect.

01. What information we collect

To provide its services, Roosevelt needs to collect and process certain information about you. The data we collect depends on the context of your interactions with Roosevelt and the choices you make, including the services provided to you.

It is to be noted that you have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary to provide the service, we may not be able to deliver the service.

02. Categories of data processed

The data we collect and process can include the following, but is not limited to:

  • Identification data: we collect data such as your first and last name, email address, postal address, phone number, and other similar contact details, as well as your date and place of birth, gender, country, and preferred language;
  • Electronic identification data: we use cookies to collect data on how you use our website and interact with our marketing emails. This may include information about which Roosevelt website pages you have visited, how long you stayed on them, which items you clicked on, and your IP address;
  • Business contact information: we collect data about you such as job function, job title, department, organization name, size and location, and whether or not you are acting on behalf of a client;
  • Financial information: we collect your financial information, such as financial account information, if needed to take payment or fulfil contractual obligations or for related purposes;
  • Contractual information: any information provided by the data subject allowing Roosevelt to perform its contractual duties.

In addition to the categories of data mentioned above, Roosevelt guarantees that, except to the limited extent necessary in the context of employment or in performing a contract with a client, we neither request nor collect special categories of personal data (i.e., information specifying criminal offences or convictions, medical or health conditions, biometric or genetic data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying an individual’s sexual life).

03. How we collect clients' data

This Privacy Notice applies to personal data, which is information that we collect from you and other third parties that specifically identifies you as an individual. Roosevelt may collect your personal data in various ways.

04. Ways of collecting data

Information that we automatically collect when you use our website: when you use our Website, we automatically collect, through Cookies, the following information:

  • Navigation and click-stream data;
  • HTTP protocol elements;
  • Search terms.

Personal data that we collect when you do business with Roosevelt: we may collect and process your data when you conduct business with us. “Personal data” means information relating to an identified or identifiable natural person that Roosevelt receives on behalf of the client himself/herself/itself. Examples of categories of such personal data can be found in the above section.

Personal data obtained from other sources: we may also periodically obtain both personal and non-personal information about you from Roosevelt’s subsidiaries, affiliates, business partners or other third-party sources where they are legally permitted to share such information with us, and add it to the information we already hold about you, such as, but not limited to:

  • Updated business address information;
  • Identification data;
  • Financial information;
  • Contractual information.

05. Purposes for collection, use and processing of clients' data

For processing to be lawful under the General Data Protection Regulation (the “GDPR”), a lawful basis needs to be identified before processing personal data.

We use or may use your personal data for the following purposes (or as otherwise described at the point of collection) in line with the lawful basis under the GDPR:

  • To provide you with the service you have requested;
    • Processing is necessary for the performance of a contract with the data subject.
  • To provide you with information, access to resources or other services that you have requested from us on behalf of your organization;
    • Processing is necessary for the performance of a contract with the data subject.
  • To send you client service-related communications (marketing);
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller.
  • To deal with communications that you send to Roosevelt and responding to your queries, requests and complaints;
    • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    • Processing is necessary for compliance with a legal obligation.
  • To fulfil our legal obligations, namely with respect to AML/KYC/KYT;
    • Processing is necessary for compliance with a legal obligation.
  • To carry out the recruitment process;
    • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • To promote our events and conferences through pictures and videos published on our social media channels;
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
  • To manage the infrastructure and business operations of Roosevelt and to comply with internal policies and procedures;
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
  • To comply with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities.
    • Processing is necessary for compliance with a legal obligation.

We may contact you by mail, telephone, fax, video conference, email or other electronic messaging service to notify you about special events, new features or other information that may be of interest to you in accordance with your interaction with Roosevelt. Where required by applicable law, your prior consent will be obtained before sending you direct marketing and you may object or opt out of receiving marketing messages from Roosevelt.

Roosevelt does not in any way sell, lease or rent your information to third parties.

06. Sharing personal data

Roosevelt shares your personal data as necessary to render any service you have requested or authorized.

Roosevelt may also share your personal data with your consent namely for the following purposes:

  • AML/KYC (third parties namely notaries, lawyers, accountants, domiciliation agents and banks).

07. Disclosure of your personal data

  • Service providers: We may disclose or transfer your data to third parties that we refer as service providers solely to the extent necessary to enable such service providers to provide services to Roosevelt and to assist us in providing services to you. Roosevelt’s policy is to maintain contracts with all third parties with whom we disclose/transfer personal information that restrict their access, use and disclosure of personal data. Service providers must, in fact, abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
  • Third parties: we may disclose/transfer your data with third parties such as administration and public authorities, banking institutions, notaries, domiciliation agents and to professional advisors of Roosevelt.
  • Affiliates/branches/subsidiaries: we may disclose/transfer your data, as provided in our General Terms & Conditions, with other companies under common ownership or control with Roosevelt who will process your information in a manner consistent with this Privacy Policy.
  • Safety, security and compliance with law: we will access, transfer, disclose and preserve personal data to comply with applicable law or respond to subpoenas, court orders or other valid legal process, for reasons relating to national security, to defend against legal claims, to protect the rights and safety of Roosevelt, Roosevelt’s clients, employees or others. This may involve the sharing of your data with law enforcement, government agencies, courts and other organizations.
  • Consent: we may share your data in other ways and for new purposes if you have asked us to do so and have consented to such sharing.

Those recipients may be located in and outside the European Union. Your personal data will not be transferred to any country outside the European Union which does not ensure an adequate level of protection unless you gave us prior authorization to do so or specific measures (such as adequate contractual arrangements) have been taken by us in order to ensure that the requirements of the applicable data protection law have been fulfilled.

Where personal data is transferred/disclosed to Roosevelt’s affiliates/branches/subsidiaries, such transfer is based on specific measures, specifically the model clauses issued by the European Commission with regards to transfer of personal data outside the European Union. Should you wish to consult the latter, please let us know by contacting us at the contact information provided in the section “CONTACT US” of this policy.

08. Access to personal data

Roosevelt seeks to ensure that you are able to exercise your rights at any time. We will address any request within the limits of its technical and organizational means. These include:

  • Right to access your personal information: should you want to review the data we hold, collect and process about you, please let us know by contacting us at the contact information provided in the section “CONTACT US” of this policy.
  • Right to rectification: should the data we hold, collect and process about you be inaccurate or incomplete, you have the right to update such data at any time by contacting us at the contact information provided in the section “CONTACT US” of this policy.
  • Right to erasure: if at any time you decide you do not want us to retain any personal data we collected from you, you may request we delete your data by contacting us at the contact information provided in the section “CONTACT US” of this policy. We will take reasonable measures to comply with your request in accordance with applicable laws.
  • Right to restriction of processing: should you wish to exercise this right, please contact us at the contact information provided in the section “CONTACT US” of this policy. You may exercise the right to restriction of processing only in accordance with applicable laws.
  • Right to object: should you wish to exercise this right, contact us at the contact information provided in section the section “CONTACT US” of this policy. We will consider your objection and we will comply with it unless we have a compelling legitimate ground as permitted by applicable law.
  • Right to data portability: you may have the right to have your personal data transmitted directly from us to another controller only when you have asked us to do so and have consented to such sharing, and when technically feasible. Should you wish to exercise this right, please contact us at the contact information provided in the section “CONTACT US” of this policy.
  • Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (the “CNPD”), where you believe that your data is being processed in a way that does not comply with the GDPR.

Please be aware that these rights are not always absolute and there may be some situations in which, technically or legally, Roosevelt may not be able to comply with your request.

09. How we protect your data

Roosevelt acknowledges your trust and is committed to protecting the data you provide to us. Roosevelt pays particular attention to work-from-home ethics. We avoid having any hard copies taken home and require our employees to perform any tasks involving hard copies in the office. We maintain appropriate organizational, physical and technical security measures (including with respect to personnel, facilities, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, incident response, encryption of personal data) to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of personal data.

10. Notification of personal data breach

Roosevelt will notify its clients of any personal data breach by Roosevelt, its processors, or any other third parties acting on Roosevelt’s behalf, without undue delay and only where the breach is likely to result in a high risk to the rights and freedoms of the client(s).

11. Retention period of personal data

Roosevelt will only retain your personal data:

  • For as long as necessary for the purpose or purposes for which it was collected;
  • For the purpose of performing or fulfilling a contractual obligation with you or the organization you represent, and for related legitimate business purposes;
  • For as long as required or permitted by law.

12. What do we expect from you

We expect you to inform us in writing, and without undue delay, of any changes in the information you have provided to us or to others about you, so that we can keep it up to date.

If you provide us with personal information that does not relate to you (e.g. information about your representatives, staff members, agents, beneficial owners, shareholders, or any other third parties), you must first inform them of this fact and ensure that they acknowledge and accept that we may use such information as set out in this Privacy Policy. In particular, you must provide them with information relating to their rights as data subjects. We assume that these third parties have been informed of the processing of any personal data relating to them that we may carry out, as well as of any disclosure to third parties or countries as described herein, and that, where necessary, you have obtained their prior written consent.

13. Changes to this privacy policy

We reserve the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and usage practices, and to ensure it remains accurate, complete, and up to date. You are advised to check this Privacy Policy periodically.

14. Contact us

If you have any questions or concerns about our use of your information or regarding our Privacy Policy, you may contact us by sending an email to info@roosevelt.lu or by writing to us at:

Roosevelt & Partners S.A.
Att.: Tobias FABER, Data Protection Officer
17 Blvd. Franklin D. Roosevelt, L-2450 Ville-Haute Luxembourg
G.-D. Luxembourg

Contact us

Contact us to find out more about our services and how we can help you and your business.

Phone +352 288 004
Fax +352 288 004 09
Email info@roosevelt.lu