Privacy policy

General purpose and objectives

This privacy policy will inform you on our internal procedures and the way we manage your personal data while interacting with us.

THE RECRUITER (“we“, “us” or “our“) respects your privacy and is committed to protecting your personal data regarding the Reg. 2016/679 (called hereafter “GDPR”).

This policy applies to all our services. We will ensure that the personal information you submit to us via our website or through our office is only used for the purposes set out in this policy.

This version of our privacy policy was last updated on 20th January 2020.
It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes in your personal data during your relationship with us.

1. Who is responsible for the processing of your personal data?

The Data Controller (hereinafter referred to as “THE RECRUITER” or “we”) in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

Address : 83 rue de Bonnevoie
L-1260 Luxembourg

Data protection officer: Mrs. Cyrielle Rimlinger

A complaint can be reported at any time to the CNPD (Commission Nationale de Protection des Données), the Luxembourgish supervisory authority for data protection issues ( Before approaching the CNPD, we invite you to contact us in first instance in case of concerns.

Third-party links
The website of HR Advisory does not include links to any third-party websites, plug-ins and applications. You can browse our jobs, read contents and advices that are published on our website. No data about you or your activity on our website is stored.

2. How do we collect personal information and what kind of information?

There are several ways in our activities to be in contact with you, which lead us to collect data from and about you, including through:

We may collect the information that you provide to us, such as:

It is not our objective to collect sensitive data such as political opinions, religion, race…etc. Theoretically, it could only happen if we had to recruit for the public sector or any sector needing sensitive information that would be key to the business activity. In this case, this information has a specific protection regarding the GDPR (article 9).

3. Why we use the information we collect?

We will only process your personal data in the execution of our activities that are conducted in the following context:

4. How we process with your personal information?

While executing our activities, we may proactively contact you. In this specific case, when we have initiated the contact by active solicitation, your consent will be priory requested for registering your personal data in our database. When uploading your CV or applying to a job advert, we may consider that it is a tacit authorization that allow us to proceed with you personal data.

We may use your data

5. Disclosures of your Personal Data

We collect Personal Data only for the purposes of our activity, by providing recruitment services; in-house services, evaluation, assessment and background check services.

Employees of THE RECRUITER

Information will be shared within the company and each employee of the company is under privacy respect and data protection obligations.


Information will be shared with our person of contact in the organization, being most of the time the HR Department and/or the Top Management.

We do not sell, license or share information that individually identifies our customers / clients / applicants…etc. with companies, organisations or individuals outside of our firm and organisation.

6. Security and Emergency procedures

We apply and maintain adequate technical and organisational security measures related to the personal data stored on our devices, the nature of the data, the confidentiality and sensitivity of the data and associated risks. We foresee regular tests to make sure that any security measures put in place as well as the processes foreseen for emergency situations are adapted to the risk.

Emergency procedures

Any breach or incident affecting the personal data will be reported within the shortest period of time and latest within 24 hours of the moment in which the incident has been detected.

7. Personal Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Specific procedures are in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Personal Data transfer

When you enter into contract with us, you consent to the data processing, sharing, transferring and uses of your information as outlined in this Privacy Policy.

Regardless of the country where you reside, you allow us to transfer, process, store and use your information in countries other than your own, in accordance with this Privacy Policy. We may process information related to individuals in the EU/EEA that submit to the GDPR.
The same guarantee as in the EU should be guaranteed to you. Our data is stored in a datacenter based in Luxembourg.

We still ensure that our service provider respect the standards of the GDPR.
If we have to transfer your Personal Data into a non EU/EEA Country, we will collect your prior consent before processing.

9. Data retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We keep basic information about our Clients for a period of time that is based on our legitimate business interests to collaborate on a long-term basis.

We keep basic information about our candidates (including Identity, Contact, Financial and Profile Data) for a period of time that is based on our legitimate business interest to work on a long-term basis, 36 months being the maximum if no contact has been initiated since the first contact.

The Background Check report is available for re-edition for a period of 6 months from the first edition. After this period of time, all the collected data received for performing the reference check are erased from the server with no back-up solution.

The Assessment Center report is available for re-edition during a period of 12 months from the first edition. After this period of time, the report is erased from the server with no back up solution.

10. Personal Data management

Right of access

This enables you to receive a copy of the personal data we hold about you and obtain from us confirmation whether Personal Data relating to you are processed. If such processing is taking place, you can request the following:

Any other Data we have collected and resulting from testing, references, …etc. and not provided by you are ‘THE RECRUITER’ property.

Right to rectification of the personal data that we hold about you

This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Right to erasure of your personal data

This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data.

Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

Right to restriction of processing of your personal data

This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to data portability

You have the right to receive your Personal Data in a commonly used and machine-readable format and send it to another Data Controller.

In this case:

The right to data portability does not apply to the processing of Personal Data, which is required for a task that is performed in the public interest or in the exercise of official authority vested in us.

The right to data portability is strictly limited to the Personal Data you are providing to us. Any other Data we have collected and resulting from testing, references, …etc. and not provided by you are our property. If you want to use your portability right, this additional Data will be deleted or made anonymous for statistical purposes or other.

Right to object

Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms.

11. Other important information

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12. Changes in our Privacy Policy

This Privacy Policy may be changed at any time. If we change our Privacy Policy in the future, we will advise you of changes or updates in our Privacy Policy on our website. Continued use of our website or our services after such changes will constitute your acceptance of such changes. If, at any time, you have questions or concerns about our online privacy commitment, please feel free to e-mail us at contact (at) therecruiter (.)lu