The data controller is the natural person or legal entity who determines the means and the purposes of processing your personal data.
In this case, the data controller is the law firm MBONYUMUTWA | AVOCATS, and more specifically Maître Patrice MBONYUMUTWA and Maître Ysaline PEUGEOT.
MBONYUMUTWA | AVOCATS is a legal practice based in Luxembourg with their office currently located at:
1 avenue de la Gare
Should you have any questions in relation to this policy or in relation to the processing of your data, please contact our team by using the following contact details:
(+352) 2620 3006
(+352) 2620 3007
The data we collect
The data we collect only concerns our clients.
In accordance with the applicable legislation and in particular with Article 6 of the General Data Protection Regulation (“GDPR”), we collect and process our clients’ data in order to serve their best interest.
We thus process your data by virtue of our status as an agent of the law and/or as a provider of legal services.
We collect the information that you provide to us verbally, in writing, via our website or by other means. Evidently, the confidentiality of the information thus provided is of the utmost importance within our firm.
The type of information thus collected includes, in particular:
• First name, last names;
• Postal address;
• Email address;
• Telephone and fax number;
• VAT number;
• Bank account number;
• Personal information required to handle a situation in which legal advice needs to be provided or in which a party needs legal representation.
Do we share the data we thus collect?
Given the confidential nature of our profession as lawyers, we do not pass on your personal data to any third parties, except if you expressly request it or for the strict purpose of defending your legal interests.
For instance, it could happen that within the context of a legal action we might have to provide some of your personal data to our bailiff, with a view to serving a document to an opposing party.
Of course, there is a strict legal framework for such disclosures, and data is only disclosed in such a manner when it proves to be necessary to comply with a formal or procedural rule.
We do not sell your personal data and we do not provide it to third parties with a view to it being used for commercial purposes.
On rare occasions, it may also be the case that a court ruling forces us to disclose part of your personal data held by us, but such disclosures take place within the very strict framework laid down by both the Luxembourg Order of Lawyers and by the recommendations that are set out by law.
The prosecution of criminal offences, and in particular the fight against money laundering and the funding of terrorism, constitute some of the rare circumstances in which we are sometimes obligated to disclose some of your personal data.
The security of your data
The personal data we process is kept in a secure manner and access to it is restricted solely to the people who need to obtain it so as to defend your interests in the best manner.
We implemented both physical and technical security measures to ensure the confidentiality and the integrity of your personal data. For instance, your data is regularly saved to a back-up server, which enables us to ensure that your data is not damaged or lost.
In addition, access to our firm and to our files is strictly monitored, and documents concerning you are protected from intrusions and from physical damage, insofar as is possible.
When you communicate with us and also when you provide us with your personal data, it is important that you protect yourself against attempted data capturing and intrusions. Use safe passwords, log out from your computer after each use and encrypt your messages and documents as often as possible.
When you want to access your own personal data, we may ask you for a proof of your identity, in order to ensure the security of your data.
Lastly, your data is only kept on file for the time necessary for us to carry out our role as an agent of the law and/or our role as a provider of legal advice. The exception to this rule is in cases where the law requires from us to keep your data on file for a longer period. For instance, within the framework of our obligation to keep on file tax and invoicing documents, we are forced to keep such data on file for a minimum period of 10 (ten) years.
You have several rights concerning your personal data, as follows:
1. The right to access solely the personal data concerning you;
2. The right to request that your personal data be corrected;
3. The right to request that your personal data be deleted;
4. The right to request that processing of your personal data be restricted, and to be informed of the impact of such restrictions;
5. The right to object to the processing of your personal data, and to be informed of the impact of such an objection;
6. The right to personal data portability;
7. When processing of your data arises out of your consent, the right to withdraw your consent at any time without said withdrawal affecting the lawfulness of the previous processing;
8. The right to make a complaint to the competent authority;
Please note that we may have cause to limit or to refuse you exercise of one or several of these rights, for reasons relating either to a legal obligation, or to special circumstances pertaining to law or to facts.
For instance, we are subject to a strict client confidentiality obligation.
In addition, we sometimes have cause to collaborate with authorities that fight against money laundering and the funding of terrorism.