Data protection

Notice regarding the data protection


The most practical overview to the news introduced by the EU General Data Protection Regulation 2016/679 (GDPR) entering into force the 25th May 2018, can be summarised in the six principles expressed by Article 5 of the GDPR.

According to Article 5, the data protection shall be:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).



With the entry into force of the European Regulation 2016/679, all companies are obliged to comply with the GDPR. Our firm will therefore be required to process your personal data in accordance with the provisions of the GDPR for the following activities:

  1. As a result of legal provisions (article 6, paragraph 1 c) of the GDPR)
  2. For the execution of the contractual obligations (article 6, paragraph 1 b) of the GDPR)
  3. Following your consent (Article 6, paragraph 1 a) of the GDPR)
  4. Being a firm of experts, the PEYMAN ASSASSI EXPERTISE OFFICE is subject to various legal obligations or requirements including, but not limited to, accounting and fiscal matters, but also with regard to labour and social security laws. One of the purposes of your data processing will be to issue and pay invoices, as well as the accounting of our office and for the employees, the establishment of pay slips and the payment of source deductions and social contributions.
  5. We process your data in order to provide you with energy expertise, forensic and extrajudicial expertise services in connection with the execution of contracts concluded with us or in order to proceed with the preparation of offers or in the case of requests made to this effect by you, for example in the framework of a candidacy for a position within our firm.
  6. Our office may use your personal data as part of a marketing campaign or market research. The processing of your data for this purpose is legal as long as you will have given us your consent to this end. However, you may withdraw your consent at any time in accordance with the instructions at section 7 below.



There are several ways to collect your personal information: you can directly send them to us either physically or electronically. Or maybe they are collected at the moment the business relations starts, when you request an offer, when you receive a business proposal or when we realize a project for you. Finally you can send your candidature (spontaneously or in reply to a announce) for a post in our expertise firm. We may also receive your data from external sources, such as public databases, websites, social networks and third parties.

Personal data shall be kept in a form permitting your identification for no longer than is necessary for the business purposes of our firm.



The personal data processed by our office are merely related to your identity, but our intervention is limited to the processing of data obtained in the context of our commercial relations or work, namely for example:

  • Name and surname
  • Role
  • Details (email address, telephone number, postal address)
  • Bank account.


In the frame of a possible recruiting, we are equally led to collect the following personal information:

  • Diplomas
  • Social security number
  • Tax card
  • Photo



All departments that will need your data to meet our contractual and legal obligations will have access to your personal data and therefore all employees at our office have received specific training to understand the importance of the confidentiality of your data and have signed a confidentiality clause.

Our office will also be required to process your personal information for administrative or contractual scope in the frame of the contractual relationship established with you. In this context, we may therefore be required to transmit certain information to third-party providers (for example, for the recovery of claims, the keeping of accounts or the preparation of employee payslips), or where legal provisions so require, or if you gave your consent. For the sake of clarity we undertake to verify that concerned third-party providers complies with our same level of confidentiality and processes your personal data in accordance with the provisions of the GDPR.

It is important to specify that your personal data are not transferred outside the European Union. Our firm will also not be required to transfer your personal data to an international organization of a third country.



You may contact the responsible of the data protection through our office at the following coordinates:



M. Peyman Assassi

28, Côte d’Eich

L-1450 Luxembourg


Par mail :

Par téléphone : (+352) 40 58 86

Par Fax: (+352) 40 58 87



Do you know that you can withdraw your consent at any time by contacting our responsible for data controlling at the contact details mentioned above? This rule also applies to any consent statement given before the entry into force of the GDPR, ie before May 25, 2018. The withdrawal of consent does not affect the legality of the processing of the data that occurred prior to this withdrawal.

One of the programs that this website is using is Google Analytics (Cookies, Way to navigate)


We remain at your disposal for any further information you may need.


Your team Bureau d’Expertise Peyman Assassi


This text has been written by the luxembourgish law firm Justlex and is under their property. 

Back to top