Privacy Policy

Roosevelt & Partners Sarl, acting as data controller, and Roosevelt Services SA acting as a data controller or data processor, (altogether “Roosevelt”, “we”, “us”, or “our”) collect data to operate effectively and provide you (any data subject in relation with Roosevelt) with the best services. This is why, at Roosevelt we are highly committed to safeguarding your privacy. We have developed a Privacy Notice that covers how we may collect, use, share, protect and keep information about you as well as the rights to which you are entitled in this respect.

01 WHAT INFORMATION WE COLLECT

To provide its services, Roosevelt needs to collect and process certain information about you. The data we collect depends on the context of your interactions with Roosevelt, the choices you make including the services which are provided to you.

It is to be noted that you have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary to provide the service, we may not be able to deliver the service.

02 CATEGORIES OF DATA PROCESSED

The data we collect and process can include the following, but is not limited to:

  • Identification data: we collect data about you such as your first and last name, email address, postal address, phone number, and other similar contact data, date and place of birth, gender, country, and preferred language;
  • Electronic identification data: we use Cookies to collect data on how you use our website and view our marketing emails. This may include, for example, information on which Roosevelt’s website pages you have visited, how long you stayed on them, which items you clicked on and on your IP-address;
  • Business contact information: we collect data about you such as job function, job title, department, organisation name, size and location, and whether or not you are acting on behalf of a client;
  • Financial information: we collect your financial information, such as financial account information, if needed to take payment or fulfil contractual obligations or for related purposes;
  • Contractual information: any information provided by the data subject allowing to Roosevelt to perform its contractual duties.

Further to the categories of data mentioned above, Roosevelt guarantees that, except to the limited extent that may be necessary in the context of employment and in the context of performing a contract with a client, we neither request nor collect special categories of data (i.e., personal information specifying criminal offences/convictions, medical or health conditions, biometric or genetic data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual).

03 HOW WE COLLECT CLIENTS’ DATA

This Privacy Notice applies to personal data, which is information that we collect from you and other third parties that specifically identifies you as an individual. Roosevelt may collect your personal data in various manners.

04 WAYS OF COLLECTING DATA

Information that we automatically collect when you use our Website: when you use our Website, we automatically collect, through Cookies, the following information:

  • Navigation and click-stream data;
  • HTTP protocol elements;
  • Search terms.

Personal data that we collect when you do business with Roosevelt: we may collect and process your data when you conduct business with us. “Personal data” means information relating to an identified or identifiable natural person that Roosevelt receives on behalf of the client himself/herself/itself. Examples of categories of such personal data can be found in the above section.

Personal data we obtain from other sources: we also may periodically obtain both personal and non-personal information about you from Roosevelt’s subsidiaries, affiliates, business partners or other third-party sources where they are legally permitted to share such information with us, and add it to the information we already hold about you, such as, but not limited to:

  • Updated business address information;
  • Identification data;
  • Financial information;
  • Contractual information.

05 PURPOSES FOR COLLECTION, USE AND PROCESSING OF CLIENT’S DATA

For processing to be lawful under the General Data Protection Regulation (the “GDPR”), a lawful basis needs to be identified before processing personal data.

We use or may use your personal data for the following purposes (or as otherwise described at the point of collection) in line with the lawful basis under the GDPR:

  • To provide you with the service you have requested;
    • Processing is necessary for the performance of a contract with the data subject.
  • To provide you with information, access to resources or other services that you have requested from us on behalf of your organisation;
    • Processing is necessary for the performance of a contract with the data subject.
  • To send you client service-related communications (marketing);
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller.
  • To deal with communications that you send to Roosevelt and responding to your queries, requests and complaints;
    • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    • Processing is necessary for compliance with a legal obligation.
  • To fulfil our legal obligations namely in respect to AML/KYC/KYT;
    • Processing is necessary for compliance with a legal obligation.
  • To carry out the recruitment process;
    • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Promote our events and conferences via pictures and videos disclosed on our social medias;
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
  • To manage the infrastructure and business operations of Roosevelt and to comply with internal policies and procedures;
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
  • To comply with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities.
    • Processing is necessary for compliance with a legal obligation.

We may contact you by mail, telephone, fax, video conference, email or other electronic messaging service to notify you about special events, new features or other information that may be of interest to you in accordance with your interaction with Roosevelt. Where required by applicable law, your prior consent will be obtained before sending you direct marketing and you may object or opt out of receiving marketing messages from Roosevelt.

Roosevelt does not in any way sell, lease or rent your information to third parties.

06 SHARING PERSONAL DATA

Roosevelt shares your personal data as necessary to render any service you have requested or authorised.
Roosevelt may also share your personal data with your consent namely for the following purposes:

  • AML/KYC (third parties namely notaries, lawyers, accountants, domiciliation agents and banks).

07 DISCLOSURE OF YOUR PERSONAL DATA

  • Service providers: we may disclose/transfer your data with third parties that we refer as service providers solely to the extent necessary to enable such service providers to provide services to Roosevelt and to assist us in providing services to you. Roosevelt’s policy is to maintain contracts with all third parties with whom we disclose/transfer personal information that restrict their access, use and disclosure of personal data. Service providers must, in fact, abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
  • Third parties: we may disclose/transfer your data with third parties such as administration and public authorities, banking institutions, notaries, domiciliation agents and to professional advisors of Roosevelt.
  • Affiliates/branches/subsidiaries: we may disclose/transfer your data, as provided in our General Terms & Conditions, with other companies under common ownership or control with Roosevelt who will process your information in a manner consistent with this Privacy Policy.
  • Safety, security and compliance with law: we will access, transfer, disclose and preserve personal data to comply with applicable law or respond to subpoenas, court orders or other valid legal process, for reasons relating to national security, to defend against legal claims, to protect the rights and safety of Roosevelt, Roosevelt’s clients, employees or others. This may involve the sharing of your data with law enforcement, government agencies, courts and other organisations.
  • Consent: we may share your data in other ways and for new purposes if you have asked us to do so and have consented to such sharing.

Those recipients may be located in and outside the European Union. Your personal data will not be transferred to any country outside the European Union which does not ensure an adequate level of protection unless you gave us prior authorization to do so or specific measures (such as adequate contractual arrangements) have been taken by us in order to ensure that the requirements of the applicable data protection law have been fulfilled.

Where personal data is transferred/disclosed to Roosevelt’s affiliates/branches/subsidiaries, such transfer is based on specific measures, specifically the model clauses issued by the European Commission with regards to transfer of personal data outside the European Union. Should you wish to consult the latter, please let us know by contacting us to the contact information provided in the section “CONTACT US” of this policy.

08 ACCESS TO PERSONAL DATA

Roosevelt seeks to ensure that you are able to exercise your rights at any time. We will address any request within the limits of its technical and organizational means.
These include:

  • Right to access your personal information: should you want to review the data we hold, collect and process about you, please let us know by contacting us at the contact information provided in the section “CONTACT US” of this policy.
  • Right to rectification: should the data we hold, collect and process about you be inaccurate or incomplete, you have the right to update such data at any time by contacting us at the contact information provided in the section “CONTACT US” of this policy.
  • Right to erasure: if at any time you decide you do not want us to retain any personal data we collected from you, you may request we delete your data by contacting us at the contact information provided in the section “CONTACT US” of this policy. We will take reasonable measures to comply with your request in accordance with applicable laws.
  • Right to restriction of processing: should you wish to exercise this right, please contact us at the contact information provided in the section “CONTACT US” of this policy. You should obtain the right to restriction of processing only where in accordance with applicable laws.
  • Right to object: should you wish to exercise this right, contact us at the contact information provided in section the section “CONTACT US” of this policy. We will consider your objection and we will comply with it unless we have a compelling legitimate ground as permitted by applicable law.
  • Right to data portability: you may have the right to have your personal data transmitted directly from us to another controller only when you have asked us to do so and have consented to such sharing, and when technically feasible. Should you wish to exercise this right, please contact us at the contact information provided in the section “CONTACT US” of this policy.
  • Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (the “CNPD”), where you believe that your data is being processed in a way that does not comply with the GDPR.

Please be aware that these rights are not always absolute and there may be some situations in which, technically or legally, Roosevelt may not be able to comply with your request.

09 HOW WE PROTECT YOUR DATA

Roosevelt acknowledges your trust and is committed to protecting the data you provide to us. Roosevelt pays a particular attention to work from home ethics. We avoid any hard copy to be taken at home and require from our employees that any task requiring the use of hard copies to be done from the office. We maintain appropriate organisational, physical and technical security measures (including with respect to personnel, facilities, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, incident response, encryption of personal data) to protect against unauthorised or accidental access, loss, alteration, disclosure or destruction of personal data.

10 NOTIFICATION OF PERSONAL DATA BREACH

Roosevelt will notify its client of any personal data breach by Roosevelt, its processors, or any other third-parties acting on Roosevelt’s behalf without undue delay, only where the personal data breach is likely to result in a high risk to the rights and freedoms of the client.

11 RETENTION PERIOD OF PERSONAL DATA

Roosevelt will only retain your personal data:

  • For as long as it is necessary for the purpose or purposes for which it was intended;
  • For the purposes of performing or fulfilling a contractual obligation with you or the organisation that you represent and, therefore, legitimate business purposes;
  • For as long as required or permitted by law.

12 WHAT DO WE EXPECT FROM YOU

We expect you to inform us in writing and without undue delay of changes in the information you provided to us or others about you, so that we can keep it up-to-date.

If you provide us with personal information not relating to you (e.g. information about your respective representatives, staff members and agents, beneficial owners, shareholders, etc. or about any third party), you must first inform them about this fact and make sure they acknowledge that we can use such information as set out in this privacy policy. In particular, you must provide them with the information relating to their rights as data subjects. We assume that these third parties are informed of the processing of any personal information relating to them that we may carry out and of the disclosure of the same to third parties and countries as described herein and that, as far as necessary, you obtained these data subjects‘ prior written consent.

13 CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and used practices, and to ensure it is accurate, complete and up-to-date* . You are advised to check this Privacy Policy from time to time.

14  CONTACT US

If you have any questions or concerns about our use of your information or regarding our Privacy Policy, you may contact us by sending an email to info@roosevelt.lu or by writing to us at:

Roosevelt & Partners sarl
Attention: Tobias Faber, Data Protection Officer
17 Blvd. Roosevelt
L-2450 Luxembourg
Grand Duchy of Luxembourg