This privacy policy (the “Privacy Policy”) governs the manner in which Etude Duquennois Avocats, a Luxembourgish law firm with offices at 203 Route d'Esch, L-1471 Luxembourg (hereinafter referred to as “The Firm”), as data controller processes personal data collected during its legal advisory activities and through its website at www.rddpraxis.com (the “Website”).

Compliance with Data Protection Law

The Firm undertakes to comply with applicable laws and regulations governing the processing of personal data, including Regulation (EU) 2016/679 (the “GDPR”) and any national laws or regulations in force.

Data Protection Officer

The Firm has appointed a Data Protection Officer (the “DPO”), who may be contacted at the following email address: dpo [at] rddpraxis . com

Who are the Data Subjects?

The Data Subjects (the “Data Subjects”) whose personal data the Firm processes include:

- Users of the Website (the “Users”);

- Persons contacting the Firm without being clients;

- Clients, including natural persons or representatives/employees of legal entities;

- Applicants responding to employment offers or submitting spontaneous applications;

- Any other natural person whose data is submitted to the Firm by a Data Subject, partner, or opposing party in the context of legal advisory services.

What Personal Data is Collected and Why is it Used?

1. Identification and Contact Information: This includes names and email addresses provided via the Website or email signature. This data is used to respond to inquiries or fulfill mandates.

2. CV and Application Data: Data submitted by Applicants, including names, contact information, professional qualifications, and experience, is used for recruitment purposes.

3. Client Data: Personal data provided by Clients is processed to deliver legal advisory services and comply with legal obligations.

4. Communication Data: Content of messages exchanged with Data Subjects is processed to address inquiries or fulfill mandates.

5. LinkedIn Data: Personal data collected through interactions on LinkedIn may be used for professional networking and responding to inquiries or service requests.

Source of Personal Data

Personal data is obtained either directly from Data Subjects or indirectly from third parties such as search engines, public registries, LinkedIn, business directories, government databases, or opposing parties, as required for the provision of legal services.

How Does the Firm Protect Personal Data?

The Firm implements appropriate security measures to protect personal data against unauthorized access, disclosure, or destruction. Data Subjects are encouraged to send their personal data securely.

Sharing Personal Information

The Firm does not share personal data except in the following cases:

1. To fulfill a mandate (e.g., correspondence with counterparties, courts, or relevant authorities);

2. As required by law (e.g., disclosures to public authorities, tax authorities, or regulatory bodies);

3. With subcontractors and service providers under confidentiality agreements to facilitate their services;

4. With joint data controllers in the context of co-hosted events, conferences, or promotional activities, when applicable and with prior consent from the Data Subject.

The Firm does not transfer personal data to third countries or international organizations, except as strictly necessary and based on GDPR-compliant transfer mechanisms.

Electronic Communications

The Firm may send informational emails related to its services to Data Subjects who have not objected to such use. Any other unsolicited electronic communications will only be made with the explicit consent of the Data Subjects. Data Subjects may unsubscribe from such communications at any time by contacting the DPO.

Data Retention

Personal data is retained only as long as necessary for the purposes set out in this Privacy Policy. General retention periods are as follows:

- For non-clients: five (5) years after the end of the relationship;

- For clients: ten (10) years after the end of the calendar year in which representation ended, unless otherwise required by law;

- For applicants: two (2) years after the last contact with the Applicant.

Data Subject Rights

Data Subjects have the right to access, modify, delete, restrict, or object to the processing of their personal data, as well as the right to data portability. These rights can be exercised by contacting the DPO at the email address provided in the “Data Protection Officer” section. Complaints may also be filed with the National Data Protection Commission (Commission nationale pour la protection des données, CNPD) at https://cnpd.public.lu/en.html.

Changes to this Privacy Policy

The Firm reserves the right to update this Privacy Policy at any time. Data Subjects are encouraged to regularly review this Policy to stay informed of changes.

Last updated: 3 January 2025