Compliance

Complaints Register

Introduction

MOORE Audit S.A. (“MA”) is a member firm of Moore Global which is a worldwide network of independent accounting and consulting firms. Each member firm of the Moore Global network is a separate legal entity. For further details of the locations of each member firm please see www.moore-global.com, where you can see the list of firms and countries in which member firms of the Moore International network operate.

This privacy statement applies only to the www.moore-audit.lu website which is provided by MA and not to the various separate websites as per each location where Moore network entities are present.

By using www.moore-audit.lu and submitting any personal information to us, you agree to the use of your personal information in accordance with the terms of this privacy statement.

Purpose of this Privacy Policy

This privacy notice aims to give you information on how Moore (“MA”) collects, uses, shares and otherwise processes your personal data in connection with your relationship with MA, in accordance with applicable data privacy laws and regulations, which include the General Data Protection Regulation 2016/679 (“GDPR”) which took direct effect in Luxembourg on 25 May 2018. Luxembourg passed a new law on 1 August 2018 which repealed the former Luxembourg law on data protection of 2 August 2002: the 1 August 2018 Act concerning the organisation of the CNPD (the Luxembourg Data Protection Authority) and the General Data Protection Regulation (the “Data Protection Act”). The Data Protection Act took effect on 20 August 2018.

This privacy statement defines how MA, acting as data controller, may process information relating to identified or identifiable natural persons (called “data subjects”) collected from time to time from the data subjects themselves as well as from its clients, third parties and from publicly available sources where applicable.

Why does MA process personal data?

MA may process personal data for the following purposes:

• to establish, administer and implement a business relationship;
• to strengthen the existing business relationship or to develop a new business relationship or to approach interested parties including information on current legal developments and our range of services (marketing);
• to provide our services to you and manage our relationship with you, including communicating with you in relation to the products and services you obtain from us;
• to fulfil our administrative purposes and protect our business interests;
• to comply with our legal obligations (such as laws of the financial sector, anti-money-laundering and tax laws), including disclosures to the tax authorities, financial service regulators and other regulatory and governmental bodies, and investigating or preventing crime;
• to ensure the safety of our clients, employees and other stakeholders;
• any other purposes we notify from time to time.

We only use your personal data for the purposes based on at least one of the following legal grounds:

• our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses (provided these do not interfere with your rights);
• to satisfy any legal and regulatory obligations to which we are subject;
• to perform our obligations under the contractual terms of any contract you (or an entity to are connected to or affiliated with) may have with MA , or any website or other terms you agree with MA.

What personal data does MA process?

When you provide personal information to us, we may use it for any of the purposes described in this privacy notice or as stated at the point of collection (or as obvious from the context of collection), such as corresponding to the following categories of personal data:

Personal identification data:

• Name and Surname
• Title, Salutation (Mr, Mrs, Ms)
• Postal and/or e-mail address
• Phone numbers
• Identification number
• Date of birth
• Publicly available information (such social media)
• KYC documents (including a copy of your passport or national ID card)
• Content you provide (such as CV, education history, ..)

Professional information:

• Job title
• Department and name of organisation

Financial information:

• Transactional data
• Information relating to our assets

Tax information:

• Tax domicile and other tax related documents and information

Technical Information:

• Information from your visit to our web site or in relation to materials and communication we send to your electronically (logs, IP address, biometric data such as pictures, sound, video,..)

Does MA share personal data to third parties?

Please note that we may use or disclose personal data if we are required by law or if we reasonably belief that the use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court or other legal process.

MA may also share your personal data to the following categories of recipients in accordance with contractual arrangements in place with them, such as:

• Subcontractors, business partners and experts;
• IT service providers;
• Other MA entities;
• MA’s external counsels, agents or auditors;
• Supervisory bodies or public authorities.

Does MA transfer personal data outside the European Union?

MA does not transfer any personal data outside the European Union other than:

• to countries which provide an adequate level of protection for personal data as decided by the European Commission or
• to recipients under a suitable agreement which contains the legal requirements for such transfer. Copy of the applicable safeguards may be requested to the Data Protection Officer of MA.

How long does MA keep personal data?

We will retain your personal data on our systems only for as long as we need it, given the purposes for which it was collected, or as required to do so by operation of law or regulation.

We keep contact information (such as mailing list information) until a recipient unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honour your request.

Rights in relation to your personal data:

To the extent permitted by the laws, you may have the right to:

• request a copy of the personal data we hold about you;
• ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
• ask that we delete personal information that we hold about you, or restrict the way in which we use such personal data. Please note that we may not always be able to comply with a request for deletion of personal data for legal reasons which will be notified to you, if applicable, at the time of your request;
• object to our processing of your personal data; and/or
• withdraw your consent to our processing of your personal data (to the extent such processing is based on consent and consent is the only permissible basis for processing).

If you would like to ensure these rights, please contact us by sending an email demonstrating your identity and specifying the right you want to exercise to the Data Protection Officer at MA.

 We may charge for a request to access details of your information, if permitted by law. If your request is clearly unfounded, repetitive or excessive we may refuse to comply with your request.

We may need to request specific information from you to help us confirm your identity and ensure your rights to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex.    In this case, we will notify you and keep you updated.

You may also have the right to lodge a complaint with your local data protection regulator, the lead supervisory authority competent for personal data processed by MA being the Commission Nationale de Protection des Données (CNPD).

Security of your Personal Data

To protect your personal data against unauthorized or unlawful processing and against loss, misuse, destruction or damages, we have implemented appropriate technical and organisational measures. We require all employees and principals to keep personal information confidential and only authorized personnel have access to this information.

Your personal data is stored in Luxembourg in electronic and in physical form. Any physical documentation is kept under lock and key in a secure location on our premises, electronic files that contain personal data are stored within a secured IR infrastructure.

Update

In order to comply with the applicable laws and regulations, we may modify or update this privacy statement from time to time. You will be able to see when the last update was performed (see last modification date), changes and additions to this privacy statement are effective from the date on which they are posted.

It is important that you read this privacy statement together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

Complaints Register

We are committed to delivering the highest quality services and take complaints seriously. If you are dissatisfied with our activities, services, or employees, you may contact us by email at [email protected] or by letter at:
 5, rue de Turi
L-3378 Livange

All complaints will be promptly acknowledged, and a response will follow after investigation. 

In case your concern is related to a legal audit mandate and if within one month, you have not received a reply or are unsatisfied with our response, you may submit an out-of-court complaint to the Commission de Surveillance du Secteur Financier (CSSF) via www.cssf.lu or by post or email to the following address: 

Commission de Surveillance du Secteur Financier
283 Route d’Arlon, 
1150 Luxembourg, 
Email: [email protected]

Additional information on the out-of-court complaint resolution of the CSSF can be found on the CSSF Website.

Whistleblowing

As part of our internal compliance framework, all individuals including employees and representatives are encouraged to report any suspicions of money laundering, terrorist financing, confirmed charges against corruption and bribery or any other breaches of the Law of 23 July 2016 concerning the audit profession or Regulation (EU) No 537/2014, in accordance with the procedures and protections outlined by CSSF Regulation N° 16-13 on the reporting of infringements.

Reports can be submitted confidentially via:

[email protected]

Or directly to the Commission de Surveillance du Secteur Financier (CSSF) or the Cellule de Renseignement financier (Financial Intelligence Unit) where applicable.

All whistleblowers are protected against retaliation, threats, or discriminatory actions under applicable law, including the safeguards guaranteed by CSSF Regulation N° 16-13, which ensures confidentiality and secure handling of reports.

In line with Article 5 of the amended Law of 12 November 2004, our firm as a réviseur d’entreprises (statutory auditor) may, within legal limits, inform professionals within our network about communications with authorities or ongoing investigations, unless otherwise instructed by the FIU.