Privacy Policy

This privacy policy (the “Privacy Policy”) governs the manner in which DSM, a Luxembourg law firm with offices at 55-57 rue de Merl, L-2146 Luxembourg, GRAND DUCHY OF LUXEMBOURG, (“DSM”) collects, uses, maintains and discloses information collected from clients and/or users (each, a “User” or “Users”) of its websites, mobile applications or any other services (the “Services“).

Compliance with Data Protection Law

DSM acknowledges and undertakes to comply with the laws and regulations governing the processing of personal data, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) and any other national applicable laws or regulations governing the processing of personal data in the framework of the Services.

Data protection officer

DSM acts as data controller and has appointed a data protection officer.

The data protection officer appointed by DSM shall be contacted by using the following information:

Address: 55-57 rue de Merl, L-2146 Luxembourg, GRAND DUCHY OF LUXEMBOURG

Telephone: +352 262 562 1


Personal identification information

DSM may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit DSM websites, register on such websites, fill out a form, sign a contract, purchase a product and in connection with other activities, use applications and benefit from Services proposed by DSM. Users may be asked for, as appropriate, name, date of birth, email address, mailing address, phone number, etc. In the framework of certain Services, DSM may also collect data relating to energy consumption of the Users in order to benefit from such particular Services.

Non-personal information

DSM may collect non-personal information about Users whenever they use a DSM website or application or other online service. Non-personal information may include technical information about Users means of connection, such as the operating system and the Internet service provider utilized, geographical information such as country of origin, behavioural information such as time spent on site, as well as further non-personal analytical data to improve User experience, products and services.

Each User recognizes and accepts that the performance of the Services may depend on the collection and processing of personal identification information and non-personal information.

Web browser cookies

DSM may use “cookies” to improve the User’s experience in regard of the Services. In that case, the User’s Internet navigator places cookies on his hard drive to gather a certain set of information used to customize the navigation in the framework of the Services, thus enabling certain unique functionalities. All information related to the cookies policy as available at this link.

How DSM uses collected information

Principally, personal and non-personal information is used to provide the Users with the Services and to insure a full efficiency of the Services they have registered for or they requested in any other manner.

In this framework, DSM may collect and use Users’ personal and non-personal information for the following purposes:

  • To improve Services: Information Users provided will help DSM to respond to certain Users’ requests.
  • To personalize User experience: DSM may use non-personal information to understand how Users as a group use DSM Services.
  • To improve DSM websites and other internet presence as well as other communication tools or tools for specific Services: DSM may use feedback that Users provide to improve its products and services.
  • To send periodic emails and other text messages and/or notifications: DSM may use the email address or mobile phone number provided by Users to respond to inquiries, questions, and/or other requests. If Users decide to opt-in to DSM notification list, they will receive periodic information that may include (for certain Services), company news, updates, related product or service information, private sales, information from DSM service providers on joint projects etc.(the “Periodic Information Service”). For the case that, at any time, Users would like to unsubscribe from the Periodic Information Service, DSM includes detailed unsubscribe instructions at the bottom of each such email or other text message.

How DSM protects personal identification information

DSM adopts appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of Users’ personal identification information within the limits of DSM’s role with respect to the relevant Services (as certain specific services might be rendered by third parties).

Sharing personal information

DSM does not sell, trade, or otherwise transfer to third parties Users’ personal identification information. However each User accepts that his/her personal identification information can be transmitted to website hosting and editing partners and other sub-contractors who assist DSM in providing the Services, conducting its business, or servicing the User, so long as those sub-contractors undertake to process the information only according to DSM’s instructions and to comply with the applicable law regarding the protection of personal identification information. DSM may also release Users’ personal identification information when it believes that such release is necessary to comply with the law, enforce its websites’ general terms of use, or protect its or others’ rights, property, or safety.

However, Users’ non-personal information may be provided to third parties for marketing, advertising, or other uses.

Changes to this Privacy Policy

DSM has the discretion to update this Privacy Policy at any time. DSM will therefore revise the “last update date” at the bottom of this page. DSM encourages Users to frequently check this page for any changes. Users acknowledge and agree that it is their responsibility to review this Privacy Policy periodically and become aware of modifications.

Data Retention

DSM takes all reasonable measures to ensure that Users’ personal data are processed for the minimum period necessary for the purposes set out in this Privacy Policy. The Personal Data will be retained by DSM according to the following criteria:

  1. as long as DSM maintains an ongoing relationship with the User (e.g., where the User is a recipient of DSM’s services, or is lawfully included on DSM’s mailing list and has not unsubscribed);
  2. as long as the User’s personal data are necessary in connection with the purposes set out in this Privacy Policy, for which DSM has a valid legal basis;
  3. until the expiry of a period of two (2) months following the end of any applicable limitation period under applicable law; and
  4. with the User’s prior consent, until the expiry of any additional retention period.

DSM undertakes to delete or to anonymise the User’s personal data upon expiry of the retention period as described above.

Data Security and data transfer

DSM has implemented appropriate technical and organizational security measures designed to protect the User personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.

The User is responsible for ensuring that any personal data that he/she send to us are sent securely.

DSM does not transfer personal data to any third country nor to any international organisation, except, as applicable, on the basis of:

  • adequacy decisions;
  • suitable Standard Contractual Clauses; or
  • other valid transfer mechanisms under the GDPR.

Data accuracy and minimization

We take reasonable measures to ensure that the User’s personal data are:

  • accurate and, where necessary, kept up to date and accurate; and
  • collected on an as-needed basis in connection with the purposes set out in this Privacy Policy.

Data subject rights

Each User benefits under data protection law from a right of access, modification and opposition to the processing of its personal data, a right to erasure and a right to portability of its personal data by sending an email to rights may only be exercised within the limits of any contractual or legal obligation. Each User has also a right to lodge a complaint with the Luxembourg supervisory authority, the National Data Protection Commission (Commission nationale pour la protection des données) (

Acceptance of these terms

By using the Services, Users confirm their acceptance of this Privacy Policy. If a User does not agree with this Privacy Policy, DSM recommends that such User not use the Services. The continued use of the Services following the posting of changes to this Privacy Policy will be deemed as an acceptance of those changes.

This Privacy Policy is applicable from 25 May 2018.