Your Company is made up of not only people but also a massive amount of information: confidential information on staff, customers, providers or private individuals, all contained in documents. What is more, those documents may also include vital information going to the essence of your company, the people associated with your company, the know-how and the way your business is done. Such information needs to be archived and protected in the most appropriate way.
You need that information to be safe, but at the same time to be easily retrievable whenever you need it. In-house archiving can seem like the most obvious solution, but it can fall short of your needs.
As per the current legislation concerning the financial sector, in place since 1 April 2004, all companies that belong to the financial sector can only work with those service providers that have been approved for the financial sector.
Since Streff is a company dedicated to and specialised in not only archiving, document scanning and the destruction of all kinds of data carriers but also "in-house" transportation and relocations, we have naturally obtained the required authorisation from the Luxembourg Ministry of Finance.
All Streff employees are bound by the special safety requirements and conditions laid down by the CSSF to ensure that you receive the highest level of service.
For safety in data processing, the law states that the person responsible for the processing is to adopt any and all suitable technical and organisational measures in order to protect the processed data against accidental or illegal destruction, accidental loss, unauthorised alteration, illegal sharing or unauthorised access, especially if the data is passed on in a network as part of the processing, and against any other form of illegal processing.
If the data processing is carried out on account for the person responsible for the processing, then this person is to choose an order processor who is able to provide adequate security with regard to technical safety measures and organisational measures for the work to be carried out. The person responsible for the processing and the order processor are to ensure that these measures are observed.
Furthermore, any data processing in an order must be controlled by a contract or written legal document that binds the order processor to the individual responsible for processing, and in particular states that the order processor is acting solely on instruction of the person responsible for the processing, and that the duties contained in this item also apply to that individual.
We are fully aware of the law, abide by it, and will be pleased to take on your data.
Vast quantities of information are recorded and processed every day. Every company, organisation and individual is understandably interested in protecting this information against unauthorised access.
The law protects the basic rights and liberties of individuals in the processing of personal details, and ensures that the legally protected interests of legal persons are observed.
For more detailed information on the data protection law, click on the following link.protection des personnes à l'égard du traitement de données à caractère personnel.
Below you will find a description of some of the key elements of the law. It might be useful to understand which procedures are linked to some of these specific terms.
It is particularly important to fully understand which processes fall under the term “processing”.The processing of personal data is defined as any process or series of processes carried out with or without automatic procedures in association with data, e.g.:
The processor is described in law as the natural or legal person, public authority, centre or other facility that processes data for the account of the person responsible for the processing.
The person responsible for the process is defined as the natural or legal person, the public authority, the centre or any other facility that, alone or together, determines the purpose and means of the processing of personal details.
The law states that personal details constitute information on a specific or definable natural or legal person, irrespective of type and regardless of the data carrier.
A natural or legal person is considered definable if he/she can be identified directly or indirectly, especially by means of an identifying number or one or more specific features of his/her physical, physiological, genetic, mental, cultural, social or economic identity.
The law of 22 December 1986 made it a legal requirement for all documents concerning transactions between merchants and non-merchants, and between merchants and consumers, to be stored for a period of 10 years from the end of a business year.
The period of storage commences at the end of the calendar year in which the last amendment or addition to the file was made. In addition to this very general rule, there are also many special industry- or application-specific storage obligations for documents and data carriers that may be much longer, depending on the particular content.
Find out more information in our Document retention period guide (French Only)