Privacy Policy

Introduction

AdronH is committed to ensuring the protection of personal data in compliance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679). This regulation aims to guarantee the confidentiality and security of EU citizens’ personal data by regulating its processing and transfer. 
 

Scope and Applicability

This policy applies to all individuals associated with AdronH, including consultants, interns, suppliers, clients, strategic partners, and other stakeholders, in Luxembourg and any other country where AdronH operates. Compliance with this policy is mandatory for all AdronH employees and collaborators. 

About AdronH

AdronH is a cybersecurity consulting company offering the following key services: 

  • Identity & Access Governance 
  • NIS2 Compliance Implementation 
  • Shared Chief Information Security Officer (CISO) services 
  • Microsoft 365 Security 

Legal Framework

AdronH is subject to GDPR regulations and maintains an internal record of data processing activities to ensure compliance. The company does not process or store any sensitive personal data under GDPR definitions. 

To enhance its information security standards, AdronH is aligning its practices with the ISO 27001 framework, reinforcing security measures and ensuring best practices in data management. 

Data Protection Principles

AdronH ensures that personal data is processed in accordance with the core GDPR principles: 

  • Lawfulness, fairness, and transparency: Data is collected and processed in a legal, fair, and transparent manner. 
  • Purpose limitation: Data is processed only for clearly defined and legitimate purposes. 
  • Data minimization: Only necessary data is collected and used. 
  • Accuracy: Measures are in place to ensure data is accurate and up-to-date. 
  • Storage limitation: Data is retained only for as long as necessary for its intended purpose. 
  • Security and integrity: Adequate technical and organizational measures protect data from unauthorized access, loss, or alteration. 

Responsibilities and Policy Review

  • This policy applies to all personal data processed by AdronH. 
  • The Data Protection Officer (DPO) is responsible for monitoring compliance. 
  • This policy is reviewed annually to ensure continued compliance with legal and organizational changes. 

Data Processing: Transparency and Purposes

AdronH maintains a Data Protection Register documenting the types of data collected, processing purposes, recipients, and retention periods. 

The following categories of data are processed: 

  • HR Data (employees, candidates) 
  • Commercial and client invoicing data 
  • Recruitment-related data 
  • Commercial prospecting data 

Note: AdronH does not collect or store sensitive personal data as defined by GDPR. 

Data Subject Rights

Under GDPR, individuals have the right to: 

  • Access their personal data 
  • Rectify inaccurate information 
  • Request the erasure of their data under certain conditions 
  • Object to data processing 
  • Restrict processing 
  • Request data portability 

Requests to exercise these rights should be sent to privacy@adronh.com.
AdronH will respond within 30 days, subject to identity verification. 

Data Retention and Deletion

AdronH applies retention periods based on legal and operational requirements.
An archiving process ensures the secure deletion of expired data. 

  • Commercial and HR data is retained according to legal requirements. 
  • Candidate CVs are stored for 2 years unless otherwise requested. 
  • A secure deletion process ensures that removed data is irretrievable. 

Data Security

AdronH implements strong security measures to protect personal data, including: 

  • Up-to-date secure software solutions 
  • Multi-Factor Authentication (MFA) and data encryption 
  • Restricted access based on the “need-to-know” principle 
  • Secure storage of physical and digital documents 
  • Regular backups and a disaster recovery plan 

Incident and Data Breach Management

In the event of a data breach, AdronH follows a structured response plan: 

  1. Assess the impact and risks.
  2. Implement immediate corrective actions. 
  3. Notify the National Data Protection Commission (CNPD) within 72 hours if required. 
  4. Inform affected individuals if their rights and freedoms are at risk. 

International Data Transfers

AdronH does not transfer data outside the European Union without appropriate safeguards in place, in compliance with GDPR requirements. 

Third-Party Data Processors

Where AdronH engages third-party processors to handle personal data, a data processing agreement is established to ensure compliance with GDPR requirements. 

Policy Enforcement and Compliance

This policy is an integral part of AdronH’s commitment to data protection. It applies across all organizational levels and is regularly updated. 

Non-Compliance and Sanctions

Failure to comply with this policy may result in disciplinary actions, including access restrictions, suspension, or termination. In severe cases, non-compliance may be reported to regulatory authorities. 

Contact & Exercising your rights

📧 Data Protection Officer: Bernard Fritsch 
📧 Contact: privacy@adronh.com