Information note on our privacy policy – RGPD

Below you will find more information about our personal data processing policy. If you have any questions, please do not hesitate to contact us at the following e-mail address:

We are committed to complying with the European General Data Protection Regulation (abbreviated as GDPR), in force since 25 May 2018 regarding the collection of your personal data.
Below you will find your legal rights and obligations.
By providing us with your personal data, you explicitly declare that you have read and accept our data processing policy.

1. Scope of application

Our data protection policy applies to all services provided and activities carried out by Apollo Services S.A. It applies to our existing and future customers (and their suppliers and customers where applicable), our customers’ agents, their economic beneficiaries, our subcontractors, partners, suppliers, and service providers.

2. Data controller and data processor

As a fiduciary member of the Ordre des Experts-Comptables du Luxembourg, we are responsible for the processing of numerous data, including personal data.
Depending on the circumstances, we may be designated as a controller, processor, or joint controller.
The personal data we process may relate to our clients, their agents, and economic beneficiaries, as well as to any temporary employee, trainee, student, potential candidate, collaborator, supplier, subcontractor, service provider, direct business relationship or business relationship of our clients (e.g., supplier, subcontractor, or client of our client).

a. Data controller
We are responsible for the processing of personal data and are obliged to comply with the legal requirements regarding data processing for the purposes we have determined in the following cases:

  • Services to our customers who are natural persons or sole traders
  • Appointment of a director/manager
  • Mandate of auditor
  • Mandate of liquidator
  • Management of our internal obligations relating to our own staff.

b. Subcontractor
We act as a subcontractor in the following cases

  • Services to our corporate clients
  • Salary management services
  • Direct debit assignments.

Our procedures require that persons authorised to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

3. Personal data

Depending on the customer’s activities and the nature of our relationship, the customer may be required to provide us with, among other things, the following data:

a. Company:

  • Name of the company
  • Address
  • VAT number
  • Various registration numbers
  • Bank account numbers
  • Certain data of the contact person or the customer’s employees (surname, first name, gender, language, date of birth, address, telephone number, e-mail address, etc.)

b. Natural person:

  • Last name
  • First name
  • Mailing Address
  • Phone number
  • E-mail address
  • Bank account number
  • Marital Status
  • Gender
  • Date of birth
  • VAT number
  • Various registration numbers
  • etc…

We process personal data that the customer has provided.
We may also process personal data relating to another person, such as personal data provided by the customer concerning his employees, directors, customers, suppliers, agents, shareholders, and beneficial owners.
Personal data may also be obtained from public sources (e.g., Luxembourg Business Registers, CSSF…).
The data are only processed if this processing is necessary for the purposes mentioned in point 4.
The client is responsible for the accuracy of the data transmitted.

4. Purposes of processing

We process personal data for the following purposes:

  • To fulfil our obligations in terms of the fight against money laundering and against the financing of terrorism
  • To fulfil our obligations towards the Luxembourg authorities, foreign authorities, or international institutions
  • In the context of the execution of our services. The processing of personal data concerns the data of the client but also of any other person linked to the client (e.g., staff members, managers…)
  • Within the framework of the development of our activity (subscription to our newsletter, contact form via our website, contact during events, …).

5. Website and cookies

Our website uses cookies to ensure that it functions properly.
These cookies do not collect any personal data, they simply allow a better browsing experience.
The customer can configure his browser to be informed each time a cookie is created or to prevent their creation.

6. Duration of processing

Personal data are processed for the period necessary for the execution of the mission. In accordance with the LCB/FT law, this data will be kept for a period of 5 years after the end of the business relationship, unless a legal obligation extends the retention period.
Once the above-mentioned periods have expired, the personal data will be deleted.

7. Access and destination of personal data

To processing personal data, we allow our employees access to this data. They are obliged to treat the data confidentially and may only use the data for the purpose for which it was provided.
We do not pass on personal data to third parties, except in the context of the assignment or in accordance with our legal obligations, e.g., to tax authorities.
If an external service provider is required to perform a task (e.g., notary, IT service provider, etc.), the service provider is obliged to respect the confidential nature of the personal data and may only use the data for the purposes for which it was provided.
We may transmit personal data at the request of any legally competent authority or on our own initiative to comply with the legislation in force.

8. Security measures

Personal data is treated confidentially. It is also stored in a secure manner.

9. Customer’s rights

In accordance with current legislation, the customer has a right of access to his personal data to check them, have them corrected or completed.

a. Right of access and rectification
The client may request access to his personal data, which will allow him to verify their accuracy and request their modification if necessary.

b. Right to object to a specific use
The customer has the right to object to the processing of his personal data for serious and legitimate reasons. However, he cannot object to the processing of data that is necessary for the fulfilment of a legal obligation or the performance of a contract. The customer always has the right to object to the processing of his data for direct marketing purposes.

c. Right to the deletion of data
The customer may request that his or her data be deleted unless the law prohibits this.

d. Right to data portability
The customer can request the transfer of his personal data to you or to another controller in an electronic and structured format (right to data portability).

e. Right of limitation
The customer may request the suspension of the processing of his personal data.
If the processing of personal data is based on prior consent, the customer has the right to withdraw this consent. The personal data will then only be processed if we have another legal basis.
The customer may exercise the above rights by e-mail to or by post to our postal address:
Apollo Services
6, rue d’Arlon, L-8399 Windhof.
We may ask the customer for specific information to help us confirm their identity and to ensure that their right of access to this information (or to exercise any other of their rights) is respected. This is a security measure to ensure that personal information is not disclosed to anyone not authorized to view it.

10. Data Protection Officer

Apollo Services has appointed Stéphane Liégeois as its Data Protection Officer (hereinafter “DPO”).
If you have any questions regarding the protection of your personal data, you may contact our DPO by mail at our postal address or by e-mail at

11. Complaints

You may lodge a complaint with the National Commission for Data Protection (“CNPD”) if you believe that your rights are not being respected.