Data protection policy GDPR

PRIVACY STATEMENT ON THE PROTECTION OF PERSONAL DATA

1. Who are we?

1.1. NMC as data controller

Through this statement (hereinafter referred to as the “Statement), we wish to inform you about the purposes of and procedures for the collection and processing of your personal data by NMC International SA who’s head office is based at Duarrefstrooss 15B, 9990 Weiswampach, Luxemburg, with the company number B 107 609 (hereinafter referred to as “we”, “us” or “NMC”).

You will find our contact details in point 10 of this Statement.

We are responsible for the processing of the personal data that we collect and use. As data controller, we take the necessary steps in order for you to:

  • be informed of the processing of your personal data and your rights;
  • retain control over the personal data that we process;
  • be able to exercise your rights with regard to personal data. You can find more information about your rights in point 9 of this Statement.

2. What data do we collect about you?

2.1. Personal data

By “personal data” we mean all information related to a living natural person.

The type of personal data that we collect depends on the services requested. If you have a business relationship with us, this includes, among other things, data about you and/or your representatives, staff, employees and/or independent directors (hereinafter commonly referred to as “you” or “your”). If you provide us with the personal data of your representatives, staff, employees and/or independent directors, you are obliged to inform them of the existence and content of this Statement, as well as of our duties, their rights and how they can exercise these rights. In addition, we collect data from people who express an interest in our services or our business operations, including, among others, people who are interested in the services offered on the websites (newsletters, contact forms, feedback, etc.).

We particularly collect administrative data and contact details. These data enable us to identify you or to contact you, or to do business with you if you are a supplier or a business partner. They may include contact details such as your name, address, telephone number or email address.
We do not intentionally collect and do not process data referred to as sensitive, namely:

  • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
  • genetic or biometric data (e.g. facial images and fingerprints);
  • health-related data;
  • data about sexual behaviour or sexual orientation.

If such sensitive data are provided to us, we will not use them and will delete them.

2.2. Minors

It is not our intention to process the personal data of minors.

3. For what purposes do we need your data?

3.1. Service offering and business relationship

  • What does this purpose consist of?

We may use your personal data to carry out our professional duties or to provide our services.

  • What personal data do we process in this context?

We collect and process the following data: your name, email address, telephone number and address.

3.2. Information and communication

  • What does this purpose consist of?

We may use your personal data to inform you about our activities, services or newsletters, which we believe may be of interest to you.

We will contact you if you explicitly ask us to do so, or if we believe that you may be interested in a service or that a given service could benefit your company/organisation.

If you do not yet have a business relationship with us, you will only receive our marketing communication if you have explicitly given us your permission to contact you.

If you already have a business relationship with us or have already provided your contact details, you could receive advertisements from us without your explicit permission. This is the case, for example, for anyone who has signed up for the newsletters and/or for contact details provided during business relationship. In this context, we are guided by our legitimate interest to conduct our business relationship.

  • What Personal Data do we process in this context?

In certain cases, we collect and process the following data: your name, profession, email address and telephone number.

3.3. Business operation

  • What does this purpose consist of?

This purpose translates into a “legitimate interest”. Specifically, data processing is based on a number of legitimate interests. However, we always ensure that the balance between our legitimate interests and their possible impact on your privacy is not disrupted.

If you nevertheless wish to raise an objection to such processing, you may exercise your right to object as mentioned in point 9.3 of this Statement.

As such, we process personal data in the following situations (non-exhaustive list):

  • they may be used as evidence (archives);
  • they may be used to establish, exercise, defend or safeguard our rights or those of the people who represent us, in the event of disputes, for example;
  • they may be used for the administration, management (of risks) and control of our organisation (e.g. compliance/prevention of money laundering and fraud, and study of these issues, risk management, high-risk positions and inspection, complaint management, internal and external audit);
  • they may be used to simplify the execution, use and termination of services by the customer to, among other things, avoid you having to again provide information that you have already submitted before.
  • Personal data and how you consult some of our websites may also be collected for the creation of customer/business relationship categories in order to get to you know better as a customer/business relationship, as well as to have a more accurate idea of your preferences and thus deliver the most relevant message to you according to your profile and the time of consultation. We call this behavioural targeting.

3.4. Legal obligation

  • What does this purpose consist of?

NMC is obliged to process personal data in certain cases, e.g. legal obligations concerning legislation on the protection of personal data.

3.5. Cookies

We use cookies (and similar technologies) on our websites and applications. With these small files that save information in your computer’s browser, we can keep certain data about you (e.g. choice of language).

We save them in order to best adapt our sites and applications to your wishes and to save your preferences for a future visit. As such, we can very quickly increase your user comfort and present you with relevant offers.

4. Do we request your consent before starting data processing?

4.1. General context

We only are only authorised to use and process your personal data if one of the following conditions is met:

  • The use of your personal data is necessary for the performance of a contract that you have entered into with us or in order to carry out, at your request, the steps necessary for the conclusion of this contract.
    The purposes of processing described in section 3.1 of this Statement are based on this principle.
  • We have your free and explicit consent to use your personal data for a certain purpose.
    Specifically, if you do not yet have a relationship with us we will ask for your permission to contact you for direct marketing purposes, as stated in point 3.2 of this Statement.
  • The use of your personal data is carried out in line with our legitimate interests and in accordance with your interests and rights.
    We base the processing necessary for the smooth operation of our company on our legitimate interest, as mentioned in point 3.3 this Statement. The same applies for the processing necessary for sending direct marketing emails to existing contact persons, as described in point 3.2 this Statement.
  • We have a legal obligation to process certain data and communicate them to the competent authorities, such as the privacy protection authority (e.g. in the context of an audit).

5. With whom do we share your data?

  • The employees of the group companies who must have access to personal data to carry out their professional duties can access such data. These people act under our supervision and responsibility.
  • We also call on external suppliers who handle certain types of processing so that we can offer you our products and services, namely IT, legal, financial, accounting and other services. Given that these third parties have access to personal data in the context of the performance of the requested services, we have taken technical, organisational and contractual steps in order to ensure that your data are only processed and used for the purposes mentioned in point 3 of this Statement.
  • When we have a legal obligation to do so, we may provide your personal data to supervisory authorities, tax authorities and search services.

6. Where do we store and process your personal data?

Personal data will not be transferred outside the EU. If the employer plans to store and/or process them outside the EU, it must explicitly provide notification of this and ensure that the same level of protection is guaranteed.

If we use subcontractors, the data will be forwarded to the countries where the data centres of these subcontractors are located.

We enter into an agreement with these subcontractors based on a model approved by the European Commission and by which these subcontractors guarantee the same level of protection as that guaranteed by NMC for data stored within the EU.

7. How long do we retain your personal data?

We will not keep your data for a longer period than the time required to achieve the objectives mentioned in point 3 of this Statement. Any clarification or exemption to this principle are explicitly indicated under the different purposes mentioned in point 3 of this Statement.

Given that the need to retain data depends on the type of data and the purpose of the processing, retention periods may vary considerably.

Below you will find the criteria we use as a basis to define the length of retention periods:

  • How long do we need the data to be able to provide the requested service?
  • Have we defined and announced a specific retention period?
  • Have we been granted permission to extend the retention period?
  • Are we subject to a legal or contractual obligation, or a comparable obligation?

As soon as we no longer need your data and are no longer legally obliged to retain them, we will permanently delete them or, if this is not possible, anonymise them in our systems.

Your personal data will, however, be retained and used for the period necessary for the fulfilment of our legal obligations, the settlement of disputes or the conclusion of contracts.

8. How do we secure your personal data?

Your personal data are considered strictly personal. We take appropriate technical and organisational actions in order to protect provided and collected personal data from any accidental destruction, loss or alteration, as well as from any damage, accidental, unlawful access, or other unwarranted data processing.

9. What are your rights?

9.1. Right to access, to object, to rectification, to withdraw and to data portability

9.1.1. Right to access

You have access to the personal data that we process and have a right to view them. If you wish, we will provide you with a copy of these data free of charge.

To exercise your rights, we refer to point 9.3 of this Statement.

9.1.2. Right to rectification

You have the right to request the deletion or rectification of erroneous, fragmented, inadequate or obsolete data.

To exercise your rights, we refer to point 9.3 of this Statement.

9.1.3. Right to withdraw your consent

When the processing is based on your consent, as described in point 4.1, you have the right to withdraw such consent at any time.

To exercise your rights, we refer to point 9.3 of this Statement.

9.1.4. Right to object to certain types of processing

When your personal data are processed for legitimate reasons, you have the right to object to the processing of your data for reasons relating to your specific situation.

To exercise your rights, we refer to point 9.3 of this Statement.

9.1.5. Right to be forgotten

You have the right to obtain the erasure of your personal data. If you wish to terminate the working relationship with NMC, you may therefore ask us to stop using your personal data. We may, nevertheless, retain the data required for evidentiary purposes.

In addition to this right to be forgotten, you also have the right to ask us at any time to stop processing the data processed on the basis of your consent or of our legitimate interest. However, in case of a legitimate interest we may continue to process your personal data, unless you decide to terminate the existing business relationship.

To exercise your rights, we refer to point 9.3 of this Statement.

9.1.6. Right to data portability

With regards to personal data processed on the basis of your consent or considering these being required for the delivery of the requested products or services, you may ask us to transfer directly to a third party or to you the personal data that you communicated to us. However, the data protection law places some limits on this right, which therefore does not apply to all data.
To exercise your rights, we refer to point 9.3 of this Statement.

9.2. Right to object to direct marketing

You have the right to object to the processing of your data for direct marketing purposes if you do not (any longer) wish to receive such communication from us. Your request will be processed as quickly as possible and we will no longer process your data for direct marketing purposes.

To exercise your rights, we refer to point 9.3 of this Statement.

Even if you have exercised your right to object, you may, if you wish, once again accept direct marketing activities through the same channels.

We draw your attention to the fact that exercising your right to object does not prevent us from contacting you for any other purpose, including the performance of the contract, in accordance with this Statement.

9.3. How can you exercise your rights?

To exercise the above-mentioned rights, you may send us a written request by email or by post for the attention of the privacy team to the address of your country.

We ask that you clearly indicate the right you wish to invoke and to which processing you wish to object or which consent you wish to withdraw.

9.4. Points of attention on the exercising of rights

We inform you that objecting to certain types of processing or the withdrawal of your consent for different types of processing of your personal data may result in you no longer being informed about the activities or services offered or in you no longer be able to use them.

10. How to ask questions or lodge a complaint?

If you have any questions or wish to lodge a complaint concerning the processing of your data, you may contact us via the channels specified under point 9.3.

If you are not satisfied with our answer, if you have any comments regarding the exercise of your rights or if you believe that our processing of your personal data does not comply with legislation, you have the right to lodge a complaint with the local Data Protection Authority.

11. Modification to this Statement

We reserve the right to modify or supplement this Statement if necessary.

In case of significant changes, the date will be updated accordingly and we will inform you.

We encourage you to consult this Statement periodically in order to learn how we process and protect your personal data.

This website uses cookies. By continuing to use this website, you agree to the use of cookies.

at elit. Curabitur eget Lorem id elit. ultricies elementum id accumsan