INVENTUM SARL – Data Protection and Privacy Policy (GDPR)

Purpose of this Policy

This policy demonstrates INVENTUM SARL's commitment to respecting and complying with the rules governing the protection of personal data, particularly those set forth by the General Data Protection Regulation (GDPR). It serves to inform our clients, partners, and stakeholders about how and why we collect, process, and safeguard personal data in the course of providing our services.

Who is this policy for?

This GDPR policy applies to all individuals who interact with INVENTUM SARL, including our clients, potential clients, partners (such as business introducers), job applicants, and any other parties engaging with us.

Why do we process your data?

As part of our service offering, we may process your personal data for the following reasons, based on the legal grounds detailed below:

To provide our services: We process your data to fulfill our contractual obligations, such as accounting, tax, and compliance services, in accordance with the terms set forth by the Luxembourg Order of Chartered Accountants.
For newsletters and updates: With your consent, we process your data to send you updates and relevant information about our services.
For recruitment: We process candidate data as part of our hiring procedures.
To ensure security and compliance: We process data based on legal obligations (such as anti-money laundering and counter-terrorism financing rules) and our legitimate interest in safeguarding our operations.

What data do we process and how long do we keep it?

Here is a summary of the categories of personal data we process and the applicable retention periods. For more details, you can contact us at info@inventum.lu.

Category of Data	Retention Period
Identification and contact details of individual clients, directors/managers, shareholders, and beneficial owners of client companies (e.g., name, date and place of birth, personal address, tax ID)	Retained for the duration of the business relationship and five additional years thereafter for compliance with anti-money laundering and counter-terrorism laws
Job application data (CV, cover letter)	Retained for the duration of the recruitment process, then for two months unless consent for longer retention is obtained. After that, data is deleted unless you request its return in writing.

Your Rights Over Your Data

Under data protection regulations, you have specific rights that you can exercise at any time, free of charge:

•Right of access and copy of your personal data, subject to confidentiality, business secrecy, and professional privilege.
•Right to rectify inaccurate, outdated, or incomplete data.
•Right to object to the processing of your data (INVENTUM SARL does not engage in commercial prospecting).
•Right to erasure ('right to be forgotten') for data that is not essential for service provision.
•Right to restrict processing in cases of dispute over the legitimacy of processing.
•Right to data portability to retrieve and transfer your data in a structured format.
•Right to define instructions for the handling of your data in the event of death via a trusted person or directly by you.

Who can access your data?

Your data is only shared with authorized personnel strictly necessary to perform the services of INVENTUM SARL. This may include our employees, partners, or subcontractors, subject to your consent where applicable.

We may also share your data with public and judicial authorities when required by law.

How do we protect your data?

We implement robust technical and organizational measures to protect your data from unauthorized access, loss, alteration, or disclosure. Security is a core priority in all our processes.

Do we transfer your data outside the EU?

As a rule, your data remains within the European Union. Any exceptional and strictly necessary transfers outside the EU are subject to stringent safeguards, ensuring the protection and confidentiality of your data, in compliance with GDPR standards.

Cookies Policy – How we use Cookies and Tracking Technologies

INVENTUM SARL uses cookies and similar technologies to enhance your experience on our website and provide tailored services. Cookies may be used for:

Essential functionality and navigation
Performance analytics (e.g., Google Analytics) to improve our services
Personalization and content optimization
Security and fraud prevention

You can manage your cookie preferences at any time through your browser settings or our cookie consent banner. Non-essential cookies are only activated with your explicit consent.

Who to contact for more information?

Our Data Protection Officer (DPO) is available to provide further details and address any questions at info@inventum.lu.

Contacting the Luxembourg CNPD

For matters related to data protection, you can contact the Luxembourg National Commission for Data Protection (CNPD) at:

CNPD

15, Boulevard du Jazz

L-4370 Belvaux, Luxembourg

Tel: (+352) 26 10 60 - 1

Updates to this policy

We may revise this policy at any time to reflect legal changes or the introduction of new services. Please consult the latest version available on our website or upon request.