Discover our commitment to protecting your data.

The data controller is the natural or legal person who determines the means and purposes of processing of your personal data. In simple terms, it is the entity that decides why and how your personal data are collected and used. In this case, it is the law firm Ad.Astra – Avocats à la Cour, a de facto partnership  (“association de fait”) managed by Florian Poncin and Marc-Olivier Zarnowski.

If you have any questions about this Policy or the processing of your data, please contact our team via one of the following means:

BY EMAIL
contact@adastra.lu

BY PHONE
0035226897875

BY POST

16, rue du Fort Bourbon
L-1249 Luxembourg
Grand-Duché de Luxembourg

The categories of data subjects (i.e. the types of people) from which we collect and process personal data can be the following, depending on each case:

• 1.

  Individual physical clients

• 2.

  Natural person representatives of a legal person client

• 3.

  Opposing parties (lawyers and their own clients)

• 4.

  Judicial or administrative staff (including judges and court clerks)

• 5.

  Members of the public prosecutor's office (judicial police, public prosecutor)

• 6.

  Representative of a public authority (including the Bar)

• 7.

  Supplier or service provider - natural person

• 8.

  Natural person representative of a legal entity supplier or service provider.

• 9.

  Members of the firm (whether lawyers or not) [not currently applicable].

• 10.

  Only partners of the firm [not currently applicable].

• 11.

  Only lawyers of the firm [not currently applicable].

• 12.

  Only employees of the firm [not currently applicable].

• 13.

  Candidates for employment (lawyers or not)

• 14.

  Website visitors

The types of information (« personal data ») we can collect and process are the following, depending on each case :

• I.

  Naming data (surnames, forenames, initials, nicknames)

• II.

  Contact details (e-mail, telephone, postal address, fax, e-mail or videoconferencing application accounts, etc.)

• III.

  Identification data (signatures, file number, professional position)

• IV.

  Illustrative data (image, photograph, video, sound recording)

• V.

  Bank details (IBAN, card numbers, VAT number, invoice number)

• VI.

  Identity card and/or passport

• VII.

  Data relating to the case of a client (documents, correspondence, witness statements, etc.)

• VIII.

  Forms, certificates and other supporting documents to be declared (sickness certificate, overtime, etc.)

• IX.

  Cookies and other tracers, logs

We only collect and process ‘sensitive’ data (data relating to health, sexuality, beliefs, criminal convictions, etc.) where this is strictly necessary for the purposes of working on our client’s case/file or where the data subject has expressly given his or her consent. We will also sometimes be required to process such sensitive data if we are obliged to do so by law (for example to combat money laundering).

Depending on the processing purpose and the circumstances of each case, we may sometimes be obliged to transfer the above data to recipients:

• A.

  Cloud hosting providers (servers and management software)

• B.

  Competent authorities (CRF, judicial police, CNPD, Luxembourg Bar, etc.)

• C.

  The firm's accountant

• D.

  The firm's bank

• E.

  Client's accountant and trustee

• F.

  Customer's bank or third-party bank

• G.

  Bailiffs

• H.

  Translators

In accordance with the relevant legislation and in particular Article 6 of the EU General Data Protection Regulation (« GDPR »), we collect and process personal data only if we have a legal basis to do so. Such bases can be either of the following:

• a.

  the data subject has given consent to the processing of his or her personal data for one or more specific purposes

• b.

  processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

• c.

  processing is necessary for compliance with a legal obligation to which the controller is subject

• d.

  processing is necessary in order to protect the vital interests of the data subject or of another natural person

• e.

  processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

• f.

  processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child

You personal data are only kept for the time necessary for the purpose for which they have been collected. These durations can vary, depending on the relevant purpose, as follows:

• i.

  for as long as necessary for the intended purpose, without it being possible to give a precise duration

• ii.

  for 5 years as required by law

• iii.

  for 10 years as required by law

• iv.

  for another period (specified in the table) due to a legal obligation

• v.

  between 10 years and 30 years depending on the type of liability (commercial or civil) and the applicable limitation period

• vi.

  for a period which the firm has fixed as a matter of principle and which does not exceed the period strictly necessary to pursue the purpose (specified in the table)

With the help of the following table, you will be able to see which personal data we collect and process, for which purpose, depending on the categories of data subject you are part of, and to which recipients we will transfer your date:

The recipients of your data (bailiffs, judges, etc., as appropriate) are listed in the section above.

We do not trade your personal data and do not pass it on to third parties for commercial use.

The prosecution of criminal offences, and in particular the fight against money laundering and the financing of terrorism, are among the rare circumstances in which we are sometimes obliged to communicate some of your personal data.

The personal data we process is kept secure and access to it is restricted to only those people who need it in order to best protect your interests.

We have put in place both physical and technical security measures to ensure the confidentiality and integrity of your personal data.

For example, access to our law firm and our files is strictly monitored and documents concerning you are kept safe from intrusion and damage, to the best of our ability and means.

When you communicate with us and also when you provide us with your personal data, it is important that you protect yourself against any attempt at ill-intentioned people (e.g. stealing of your data). Use strong passwords, disconnect from your computer after each use and encrypt your messages and documents as often as possible.

When you wish to access your own personal data, we may also ask for proof of your identity in order to ensure the security of this data.

You have a number of rights concerning your personal data:

• The right to ask us for access to your personal data.
• The right to request rectification of your personal data.
• The right to request the deletion of your personal data.
• The right to request the restriction of the processing of your personal data and to know the impact of such a restriction.
• The right to object to the processing of your personal data and to know the impact of such objection.
• The right to portability of your personal data.
• Where the processing of your data is based on your consent, the right to withdraw your consent at any time without this affecting the lawfulness of the previous processing.
• The right to lodge a complaint before the competent supervisory authority.

In Luxembourg, the authority usually responsible for receiving complaints about data protection is the ‘Commission Nationale pour la Protection des Données’ (‘CNPD’). You can contact it via the following link:

https://cnpd.public.lu/en/particuliers/faire-valoir/formulaire-plainte.html

or to its postal address:

Commission nationale pour la protection des données
Service des réclamations
15, Boulevard du Jazz
L-4370 Belvaux

Please note that we may have to limit or refuse the exercise of one or more of these rights for reasons relating either to a legal obligation or to specific legal or factual circumstances.For example, we are subject to a strict obligation of professional secrecy. In addition, we are sometimes required to cooperate with the law enforcement authorities in the fight against money laundering and the financing of terrorism, without being able to pass on to you any information that could harm the investigation.