Fiduciaire Di Fino & associés S.à r.l.

We can crack every tough nut

Privacy policy

This policy explains how Fiduciaire Di Fino processes personal data (hereafter “Data”) in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
 

1. Who is the Data Controller?

The Data Controller is Fiduciaire Di Fino & Associés S.à r.l.:

  • Address: 6, Boulevard Pierre Dupong, L-1430 Luxembourg
  • RCS: B103178
  • Email:
  • Phone: +352 26 18 73 79
     

2. Who does this policy apply to?

This policy applies in particular to:

  • Clients, including their directors, employees, beneficial owners and authorised representatives
  • Prospects and professional contacts
  • Visitors to our website
  • Job applicants (recruitment)
  • Suppliers and partners
     

3. What personal data do we process?

The categories of Data we process depend on the relationship we have with the data subject.
 

3.1 Client data

  • Contact and professional details of clients (natural persons) and of persons representing our clients (legal entities)
  • Administrative and legal information: identity documents, national registration / social security numbers, VAT numbers, trade registry data, licences, articles of association, mandates, beneficial ownership information, share/unit registers, KYC documents
  • Financial and accounting data: IBAN, transactions required for the engagement, supporting documents, invoices, annual accounts, payroll data, tax/VAT returns
  • AML/CFT data (anti-money laundering / counter-terrorist financing): results of checks, source of funds information, sanctions/freeze lists screening, alerts, due diligence information

Information related to the services provided and the engagements entrusted to us.
 

3.2 Prospects and professional contacts

  • Contact and professional details
  • Information about the services you are interested in
     

3.3 Job applicants

  • Contact details and information included in CVs, cover letters and interviews
  • Assessment and recruitment-related notes
     

3.4 Suppliers and partners

  • Contact and professional details
  • Information about services provided
  • Financial information (where relevant)
     

4. Where do the data come from?

  • Depending on the relationship, Data may come from various sources, including:
  • Directly from the data subject (contact forms, emails, contracts, documents provided)
  • From the data subject’s company, employer and/or authorised representatives
  • From public sources or authorities (e.g., RCS, beneficial owner registers, statutory publications)
  • From KYC/AML service providers, banks, notaries, lawyers and public administrations
     

5. Purposes and legal bases for processing

We only process Data where a legal basis applies.
 

5.1 Contract performance / pre-contractual steps

  • Setting up and managing client relationships; engagements in accounting, tax, social security and legal matters
  • Delivering services and work products (accounting, annual accounts, filings, payroll, corporate/secretarial services, etc.)
  • Invoicing, collection and client support
  • Managing recruitment applications
     

5.2 Legal obligations

  • Accounting and commercial law obligations (record keeping and retention)
  • AML/CFT obligations (identification, due diligence, retention, reporting where applicable)
     

5.3 Legitimate interests

  • IT security, fraud prevention and quality controls
  • Internal administration, audits, legal defence and evidentiary archiving
     

6. Who do we share data with?

  • Our staff only access Data to the extent necessary for their duties.
  • Where necessary, we may disclose Data to:
  • Public administrations and authorities (ACD, CCSS, Inspectorate, RCS, etc.) to comply with legal obligations
  • Banks, where required for the engagement or for payments
  • External advisers (lawyers, notaries, statutory auditors/revisors) on instruction or where necessary
  • IT service providers (hosting, email, backups, document management, accounting/payroll/CRM software)
  • Other fiduciaries/partners where the matter requires it and appropriate safeguards are in place
  • Where recipients act as processors, we enter into data processing agreements and require appropriate security measures.
     

7. Transfers outside the European Union

If we transfer Data to service providers or other recipients outside the European Union (e.g., cloud providers, IT support, foreign authorities), we do so only where:

  • the destination country benefits from an adequacy decision, or
  • appropriate safeguards are implemented (e.g., Standard Contractual Clauses) and, where required, supplementary measures are adopted
     

8. How long do we keep data?

We retain Data only as long as necessary for the relevant purpose. Retention periods depend on the purpose and applicable legal requirements, including:

  • Client contact details: 2 years after the end of the contractual relationship, unless included in records subject to longer retention
  • Accounting records/supporting documents/financial information: 10 years in accordance with statutory retention requirements
  • AML/KYC data: 5 years after the end of the business relationship; statutory extensions of up to an additional 5 years may apply
  • Prospects: 2 years after the last contact, unless a contractual relationship is entered into
  • Recruitment applications: 1 year after last contact (unless you object)
     

9. Data subject rights

Individuals whose Data are processed by Fiduciaire Di Fino may have the following rights, where applicable:

  • Right of access and rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to object (in particular to processing based on legitimate interests)
  • Right to data portability (where processing is based on a contract or consent)
  • Right to withdraw consent at any time without affecting past processing (where processing is based on consent)
  • You also have the right to lodge a complaint with the competent supervisory authority. We invite you to contact us first to exercise your rights. In Luxembourg, the competent authority is the CNPD: https://cnpd.public.lu/en.html

 

10. How to exercise your rights

To exercise your rights, you may contact Fiduciaire Di Fino:

  • By post: 6, Boulevard Pierre Dupong, L-1430 Luxembourg
  • By email:
  • By phone: +352 26 18 73 79

We respond within one month, unless exceptional circumstances apply, in which case we will inform you within the same time limit.
 

11. Cookies

We only use cookies that are necessary for website navigation, such as a cookie that stores your language preference between pages. None of these cookies contains personal data.

We only use necessary cookies on this website. These cookies cannot be refused. Learn more

Ok