Last Updated 1 December 2025
1. Data Controller
In Depth SARL-S (B248183), with a registered office at 18, rue des sources, 7253 Walferdange, luxembourg, is the Data Controller for the personal data processed in accordance with this policy. Our Data Protection Officer (DPO) can be contacted at: annelisa.dangelo@in-depth.eu or at our postal address.
2. General Data Protection Regulation (GDPR) Compliance
This Privacy Policy has been prepared to comply with the EU General Data Protection Regulation (GDPR) 2016/679. For data subjects in the European Economic Area (EEA), the GDPR is the primary law governing our processing of your personal data.
3. Information we collect & our legal basis for processing
We collect and process personal data only where we have a valid legal basis. The table below outlines our purposes, data categories, and the corresponding legal basis under GDPR.
| Purpose of Processing | Categories of Personal Data | Legal Basis for Processing |
| To provide services & respond to enquiries | Name, contact details, message content. | Necessary for the performance of a contract or to take steps at your request. |
| Marketing communications | Name, email address, company. | Your explicit consent (which you can withdraw at any time). |
| Recruitment & employment | CV, employment history, qualifications, national ID/visa, financial details for payroll. | Necessary for taking steps prior to entering a contract; Legal obligation for payroll. |
| Quality Assurance & Security | Website usage data (IP address, browser type, pages visited) via cookies. | Our legitimate interest in improving our services and securing our website. |
4. International data transfers
We store data within the European Economic Area (EEA). Should we need to transfer your personal data to countries outside the EEA, we will ensure an appropriate transfer mechanism is in place as required by GDPR, such as:
-
- An Adequacy Decision by the European Commission.
- The implementation of Standard Contractual Clauses (SCCs).
You can obtain details on these safeguards by contacting our DPO.
5. Data Retention
We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Retention periods are determined based on the purpose of processing and in accordance with applicable laws.
6. Your Data Subject Rights
Under GDPR, you have the right to:
-
- Access your personal data.
- Rectify inaccurate data.
- Erasure (‘right to be forgotten’).
- Restrict processing of your data.
- Data portability.
- Object to processing based on legitimate interests.
- Withdraw consent at any time (where processing is based on consent).”
To exercise any of these rights, please contact us using the details in Section 1.
7. Complaints
If you have a complaint about our handling of your personal data, please contact us first using the details in Section 1.
If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority:
- Luxembourg: Commission nationale pour la protection des données (CNPD).
- EEA: You can find the authority for your EEA country here https://edpb.europa.eu/about-edpb/about-edpb/members_en
8. Changes to This Policy
We may update this policy. The “Last Updated” date, at the top of this page, will reflect changes. We will notify you of significant changes where required by law.
