Privacy Policy


1. Introduction

This Privacy Policy explains how PrimeManagementConsult S.à r.l.  (“PrimeManagementConsult”, “PMC”, “we”, “us”) processes personal data when you visit our website www.primemanagementconsult.com (the “Website”) or otherwise interact with us.

We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR) and applicable Luxembourg data protection laws.

2. Controller

The controller responsible for processing your personal data is:

PrimeManagementConsult S.à r.l.
19, rue de Flaxweiler
L-6776 Grevenmacher
Grand Duchy of Luxembourg

E-mail (for all data protection questions): info@primemanagementconsult.com

3. Categories of Personal Data

When you use our Website or communicate with us, we may process the following categories of personal data:

Technical and usage data
IP address, date and time of access, pages visited, browser type and version, operating system, referrer URL, amount of data transmitted, access status (HTTP status code) and similar log data.

Contact data
Name, title, position, company, e-mail address, telephone number, postal address and any information you include in your message when you contact us (e.g. via e-mail or contact form).

Communication data
Content of correspondence and related information in the context of business relationships or enquiries (e.g. e-mails, meeting notes).

Application data (if you apply to us)
CV, cover letter, qualifications, references and other details you provide during a recruitment process.

We do not intentionally collect special categories of data (such as health data) via this Website.

4. Purposes and Legal Bases

We process your personal data only to the extent necessary and based on one of the legal bases listed in Art. 6 GDPR.

4.1 Operation and Security of the Website

We process technical and usage data to:

display the Website and ensure its functionality,

maintain IT security and prevent misuse or attacks, and

compile aggregated statistics about usage (e.g. most visited pages).

Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in providing a secure, stable and user-friendly Website).

4.2 Handling Enquiries and Communication

If you contact us by e-mail, phone or through a contact form, we use the personal data you provide to handle your request and to communicate with you.

Legal bases:

Art. 6(1)(b) GDPR where the processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract;

Art. 6(1)(f) GDPR (our legitimate interest in responding to enquiries and maintaining business relationships) in other cases.

4.3 Business Relationship Management

In the context of client, supplier or other professional relationships, we process personal data (e.g. contact details and communication history) to manage and document the relationship, including invoicing and compliance checks where required.

Legal bases:

Art. 6(1)(b) GDPR (contract performance or pre-contractual steps);

Art. 6(1)(c) GDPR (compliance with legal obligations, e.g. tax, accounting, regulatory obligations);

Art. 6(1)(f) GDPR (our legitimate interest in proper business and client relationship management).

4.4 Recruitment (if applicable)

If you apply for a position with us, we process your data to assess your application, conduct interviews and make recruitment decisions.

Legal bases:

Art. 6(1)(b) GDPR (pre-contractual measures);

Art. 6(1)(f) GDPR (our legitimate interest in efficient recruitment processes).

5. Cookies and Similar Technologies

Our Website uses cookies and similar technologies (“cookies”) to ensure basic functionality and, where applicable, to analyse usage.

Strictly necessary cookies: required for the operation of the Website (e.g. remembering your language choice, session cookies). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional Website).

Non-essential cookies (e.g. analytics, marketing), if used: set only with your prior consent via the cookie banner or settings. Legal basis: Art. 6(1)(a) GDPR (consent).

You can manage your cookie preferences via your browser settings and, where implemented, via our cookie banner/preferences tool. Disabling cookies may limit the functionality of certain parts of the Website.

If you decide not to use analytics/marketing cookies at all, you can remove references to non-essential cookies from this section.

For more details, please see our Cookie Policy (if provided on a separate page).

6. Recipients and Data Transfers

We only disclose your personal data to the extent necessary for the purposes described above or where required by law.

Possible recipients include:

IT and hosting service providers (e.g. website hosting, e-mail hosting);

professional advisers such as lawyers or auditors, where necessary;

public authorities, courts and regulators, where required by applicable law or to establish, exercise or defend legal claims.

These service providers may act as processors (“data processors”) and are bound by contractual obligations to process personal data solely on our documented instructions and to ensure appropriate data security, in line with Art. 28 GDPR. 

International Transfers

Some service providers or their sub-providers may be located outside the European Economic Area (EEA). In such cases, we ensure an adequate level of data protection, in particular through:

an adequacy decision of the European Commission, or

standard contractual clauses approved by the European Commission, or

other appropriate safeguards under Art. 46 GDPR.

You may contact us for further information and, where applicable, a copy of the safeguards in place.

7. Retention Periods

We retain personal data only for as long as necessary for the purposes described above or as required by law (e.g. commercial and tax laws).

In particular:

Server log data: typically retained for a short period necessary for security and troubleshooting (e.g. [30–90 days]) and then deleted or anonymised, unless longer retention is required for incident investigation.

Contact and communication data: retained for the duration of the business relationship and afterwards for the applicable statutory limitation periods (e.g. generally up to 10 years for certain documents under Luxembourg commercial and tax law).

Application data: generally retained for up to 6 months]after completion of the recruitment process, unless longer retention is required by law or you have consented to a longer retention (e.g. to be considered for future roles).

8. Your Rights

Under the GDPR and applicable Luxembourg law, you have the following rights in relation to your personal data, subject to conditions and limitations:

Right of access (Art. 15 GDPR) – to obtain confirmation as to whether we process your data and, if so, access to that data.

Right to rectification (Art. 16 GDPR) – to have inaccurate or incomplete personal data corrected.

Right to erasure (Art. 17 GDPR) – to request deletion of your data in certain circumstances.

Right to restriction of processing (Art. 18 GDPR).

Right to data portability (Art. 20 GDPR) – to receive your data in a structured, commonly used and machine-readable format and have it transmitted to another controller where technically feasible.

Right to object (Art. 21 GDPR) – to object, on grounds relating to your particular situation, to processing based on our legitimate interests; we will then no longer process the data unless we can demonstrate compelling legitimate grounds.

Right to withdraw consent at any time (Art. 7(3) GDPR), where processing is based on consent. The withdrawal will not affect the lawfulness of processing before withdrawal.

To exercise these rights, please contact us at matthias.pelzer@primemanagementconsult.com.

9. Right to Lodge a Complaint

If you believe that your personal data is being processed in violation of data protection law, you have the right to lodge a complaint with a supervisory authority, in particular:

Commission Nationale pour la Protection des Données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Grand Duchy of Luxembourg
Website: www.cnpd.lu
E-mail: info@cnpd.lu

10. Obligation to Provide Data

You are not legally obliged to provide personal data when visiting our Website. However, some functionalities (such as contact forms) cannot be used without providing the data marked as mandatory.

11. Automated Decision-Making

We do not use your personal data for automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example if our data processing changes or if legal requirements are updated. The version published on this Website is the current version.

 

Last updated: December 2025.

Wir benötigen Ihre Zustimmung zum Laden der Übersetzungen

Wir nutzen einen Drittanbieter-Service, um den Inhalt der Website zu übersetzen, der möglicherweise Daten über Ihre Aktivitäten sammelt. Bitte überprüfen Sie die Details in der Datenschutzerklärung und akzeptieren Sie den Dienst, um die Übersetzungen zu sehen.