Tailor-Made S.A., acting and acting for and behalf of its affiliated directors and on behalf of directorship.lu as data controller and or data processor, (altogether “Tailor-Made”, “we”, “us”, or “our”) collect data to operate effectively and provide you (any data subject in relation with Tailor-Made) with the best services. Therefore, at Tailor-Made we are highly committed to safeguarding your privacy. We have developed a privacy notice that covers how we may collect, use, share, protect and retain your information and your rights regarding it.
Privacy notice
To provide its services, Tailor-Made needs to collect and process information about you. The data we collect depends on the context of your interactions with Tailor-Made and the choices you make including the services which are provided to you.
Note that you can choose what data you allow us to collect. When you are asked to provide personal data, you may decline. If you choose not to provide the data necessary to provide the service, we may not be able to provide the service.
01 What information we collect
The data we collect and process can include the following, but is not limited to:
• Identification data: we collect data about you such as your first and last name, email address, postal address, phone number, and other similar contact data, date and place of birth, gender, country, and preferred language;
• Electronic identification data: we use Cookies to collect data on how you use our website and view our marketing emails. This may include, for example, information on which Tailor-Made’s website pages you have visited, how long you stayed on them or which items you clicked on;
• Business contact information: we collect data about you such as job function, job title, department, organisation name, size and location, and whether or not you are acting on behalf of a client
• Financial information: we collect your financial information, such as financial account information, if needed to take payment or fulfil contractual obligations or for related purposes;
• Contractual information: any information provided by the data subject allowing to Tailor-Made to perform its contractual duties.
Further to the categories of data mentioned above, Tailor-Made guarantees that, except to the limited extent that may be necessary in the context of employment and in the context of performing a contract with a client, we neither request nor collect special categories of data (i.e., personal information specifying criminal offences/convictions, medical or health conditions, biometric or genetic data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual).
Please also refer to the HR section (point 16).
02 Categories of data processed
This Privacy Notice applies to personal data, which is information that Tailor-Made collects from you and other third parties that specifically identifies you as an individual. Tailor-Made may collect your personal data in various manners.
We collect your personal data when you consent to the use of different categories of cookies by visiting our website. Cookies are small bits of text that are downloaded to your computer or other internet enabled devices when you visit a website. They enable Tailor-Made to collect information related to the use of a website with the intent of improving the overall user experience.
Cookies can be classified in two different ways, by ‘life span’ and by ‘domain’. There are two types of cookies categorized by life span:
• Session cookies, which are deleted once the browser is closed and are therefore not saved on user’s device.
• Persistent cookies which do remain stored on the user’s terminal device for a certain duration. They are not automatically erased. Your browser sends these cookies back to the website every time you visit it again, so it can remember your preferences and tailor what you see on the screen.
When it comes to the domain, a distinction is made between:
• First-party cookies that are cookies set by the website you’re visiting. No other website can read them.
• Third-party cookies that are set by websites when they are using external services, which drop their own cookies.
03 How we collect data
04 What are the cookies we use on our website?
Cookie Name
Purpose
Duration
Cookie Type
XSRF-TOKEN
hs
svSession
SSR-caching
_wixCIDX
_wix_browser_sess
consent-policy
smSession
TS*
bSession
fedops.logger.X
Used for security reasons
Used for security reasons
Used in connection with user login
Used for system monitoring/debugging
Used for system monitoring/debugging
Used to indicate the system from which the site was rendered
Used for stability/effectiveness measurement
Used for system effectiveness measurement
Used for security and anti-fraud reasons
Used to identify logged in site members
Used for cookie banner parameters
wixLanguage
Used on multilingual websites to save user language preference
12 months
Session
Session
1 minute
3 months
12 months
Session
Session
Session
30 minutes
12 months
12 months
Functional
Essential
Essential
Essential
Essential
Essential
Essential
Essential
Essential
Essential
Essential
Essential
By visiting our website and accepting the use of certain categories of cookies, some data may be transmitted to us (these data will depend on the categories of cookies that have been accepted). However, regardless of which cookies you have consented to use, all data transmitted are anonymized.
Personal data that we collect when you do business with Tailor-Made: we may collect and process your data when you conduct business with us. "Personal data" means information relating to an identified or identifiable natural person that Tailor-Madereceives on behalf of the client himself/herself/itself. Examples of categories of such personal data can be found in the previous section.
Personal data we obtain from other sources: we also may periodically obtain both personal and non-personal information about you from Tailor-Made‘s subsidiaries, affiliates, business partners or other third-party sources where they are legally authorized to share such information with us, and add it to the information we already hold about you, such as, but not limited to:
• Updated business address information;
• Identification data;
• Financial information;
• Contractual information.
Personal data that we collect when you apply online for employment: please refer to the HR section.
05 Ways of collecting data
For a processing of personal data to be compliant with the General Data Protection Regulation (the “GDPR”), a legal basis must be identified prior to its implementation.
We use or may use your personal data for the following purposes (or as otherwise described at the point of collection) in line with the lawful basis under the GDPR:
• To provide you with the service you have requested;
→ Processing is necessary for the performance of a contract with the data subject.
• To provide you with information, access to resources or other services that you have requested from us on behalf of your organisation;
→ Processing is necessary for the performance of a contract with the data subject.
• To send you client service-related communications (marketing);
→ Processing is necessary for the purposes of the legitimate interests pursued by the controller.
• To deal with communications that you send to Tailor-Made and responding to your queries, requests and complaints;
→ Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
→ Processing is necessary for compliance with a legal obligation.
• To fulfil our legal obligations namely in respect to AML/KYC/ MAR;
→ Processing is necessary for compliance with a legal obligation.
• To carry out the recruitment process;
→ Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• To promote our events and conferences via pictures and videos disclosed on our social medias;
→ Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
• To manage the infrastructure and business operations of Tailor-Made and to comply with internal policies and procedures;
→ Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
• To comply with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities;
→ Processing is necessary for compliance with a legal obligation.
We may contact you by mail, telephone, fax, video conference, email or other electronic messaging service to notify you about special events, new features or other information that may be of interest to you in accordance with your interaction with Tailor-Made. Where required by applicable law, your prior consent will be obtained before sending you direct marketing and you may object or opt out of receiving marketing messages from Tailor-Made.
Tailor-Made does not in any way sell, lease or rent your information to third parties.
06 Purposes for collection, use and processing of client’s data
Tailor-Made shares your personal data as necessary to render any service you have requested or authorized.
Tailor-Made may also share your personal data with your consent namely for the following purposes:
• Recruitment;
• AML/KYC (third parties namely notaries, domiciliation agents and banks).
07 Sharing personal data
• Service providers: we may disclose/transfer your data with third parties that we refer as service providers solely to the extent necessary to enable such service providers to provide services to Tailor-Made and to assist us in providing services to you. Tailor-Made’s policy is to maintain contracts with all third parties with whom we disclose/transfer personal information that restrict their access, use and disclosure of personal data. Service providers must, in fact, abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
• Third parties: we may disclose/transfer your data with third parties such as administration and public authorities, banking institutions, notaries, domiciliation agents and to professional advisors and auditors of Tailor-Made.
• Affiliates/branches/subsidiaries: we may disclose/transfer your data, as provided in our General Terms & Conditions, with other companies under common ownership or control with Tailor-Made who will process your information in a manner consistent with this Privacy Policy.
• Safety, security and compliance with law: we will access, transfer, disclose and preserve personal data to comply with applicable law or respond to subpoenas, court orders or other valid legal process, for reasons relating to national security, to defend against legal claims, to protect the rights and safety of Tailor-Made, Tailor-Made’s clients, employees or others. This may involve the sharing of your data with law enforcement, government agencies, courts and other organizations.
• Consent: we may share your data in other ways and for new purposes if you have asked us to do so and have consented to such sharing.
The recipients may be located inside or outside the European Union. Your personal data will not be transferred to any country located outside the European Union that does not provide an equivalent level of protection, unless:
• You gave us prior authorization to do so;
• If specific measures, such as Standard Contractual Clauses (SCCs), have been signed, or if the concerned companies have adopted binding corporate rules, ensuring that the of the applicable data protection law have been fulfilled.
Where personal data is transferred/disclosed to Tailor-Made’s affiliates/branches/subsidiaries, such transfer is based on specific measures, specifically the model clauses issued by the European Commission with regards to transfer of personal data outside the European Union. Should you wish to consult the latter, please let us know by contacting us to the contact information provided in the section “HOW TO CONTACT US” of this policy.
08 Disclosure of personal data
Tailor-Made seeks to ensure that you are able to exercise your rights at any time. Tailor-Made will address any request within the limits of its technical and organizational means.
These include:
· Right to access your personal information: should you want to review the data we hold, collect and process about you, please let us know by contacting us at the contact information provided in the section “HOW TO CONTACT US” of this policy.
· Right to rectification: should the data we hold, collect and process about you be inaccurate or incomplete, you have the right to update such data at any time by contacting us at the contact information provided in the section “HOW TO CONTACT US” of this policy.
· Right to erasure: if at any time you decide you do not want us to retain any personal data we collected from you, you may request we delete your data by contacting us at the contact information provided in the section “HOW TO CONTACT US” of this policy. We will take reasonable measures to comply with your request in accordance with applicable laws.
· Right to restriction of processing: should you wish to exercise this right, please contact us at the contact information provided in the section “HOW TO CONTACT US” of this policy. You should obtain the right to restriction of processing only where in accordance with applicable laws.
· Right to object: should you wish to exercise this right, contact us at the contact information provided in section the section “HOW TO CONTACT US” of this policy. We will consider your objection and we will comply with it unless we have a compelling legitimate ground as permitted by applicable law.
· Right to data portability: you may have the right to have your personal data transmitted directly from us to another controller only when you have asked us to do so and have consented to such sharing, and when technically feasible. Should you wish to exercise this right, please contact us at the contact information provided in the section “HOW TO CONTACT US” of this policy.
· Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (the “CNPD”), where you believe that your data is being processed in a way that does not comply with the GDPR.
Please be aware that these rights are not always absolute and there may be some situations in which, technically or legally, Tailor-Mademay not be able to comply with your request.
09 Access to personal data
Tailor-Made acknowledges your trust and is committed to protecting the data you provide to us. Tailor-Made pays a particular attention to work from home ethics. We avoid any hard copy to be taken at home and require from our employees that any task requiring the use of hard copies to be done from the office. We maintain appropriate organizational, physical and technical security measures (including with respect to personnel, facilities, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, incident response, encryption of personal data) to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of personal data.
10 How we Protect your data
Tailor-Made will notify its client of any personal data breach by Tailor-Made, its processors, or any other third-parties acting on Tailor-Made’s behalf without undue delay, only where the personal data breach is likely to result in a high risk to the rights and freedoms of the client.
11 Notification of personal data breach
Tailor-Made will only retain your personal data:
• For as long as it is necessary for the purpose or purposes for which it was intended;
• For the purposes of performing or fulfilling a contractual obligation with you or the organization that you represent and, therefore, legitimate business purposes;
• For as long as required or permitted by law.
12 Retention period of persona data
We expect you to inform us in writing and without undue delay of any changes of the information you provided to us, so that we can keep it up to date.
If you provide us with personal information not relating to you (e.g. information about your respective representatives, staff members and agents, beneficial owners, shareholders, etc. or about any third party), you must first inform them about this and make sure they acknowledge that we can use such information as set out in this privacy policy. In particular, you must provide them with the information relating to their rights as data subjects. We assume that these third parties are informed of the processing of any personal information relating to them that we may carry out and of the disclosure of the same to third parties and countries as described herein and that, as far as necessary, you obtained these data subjects‘ prior written consent.
13 What do we expect from you
We reserve the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and used practices, and to ensure it is accurate, complete and up to date*. You are advised to check this Privacy Policy from time to time.
*Last update on 24/08/2023
14 Changes to this privacy policy
If you have any questions or concerns about our use of your information or regarding our Privacy Policy, you may contact us by sending an email to dpo@Tailor-Made.com or by writing to us at:
Tailor-Made S.A.
Attention: Carlo Schneider, Data Protection Officer
16, rue des Primevères
L-2351 Luxembourg
Grand Duchy of Luxembourg
15 How to contact us
Personal data that we collect when you apply online for employment: you may submit personal data through the use of our website to be considered for employment at Tailor-Made. Such information includes, amongst others, your name, your address, your phone number, your email address, experience, education, job skills and other information contained on your curriculum vitae (CV) and/or your cover letter. Tailor-Made uses such data solely for consideration of your candidacy for employment, to communicate with you and to generate related correspondence, including offer letters and employment agreements. Such data may also be used, subject to applicable local laws, to conduct necessary background checks for compliance and other employment related purposes (including the assessment of your profile in view of the conclusion of a potential employment contract, to the extent permitted by applicable laws and regulations). Finally, Tailor-Made only retains such data for as long as is necessary to address your employment application and any questions that may arise regarding your application’s processing.