Short Privacy Statement for customers and service providers of itrust consulting s.à r.l.

Last updated: 20/05/2021

---

itrust consulting is committed to protecting your privacy and ensuring the protection of your personal information. itrust consulting takes privacy seriously. In accordance with the GDPR we implemented a privacy policy in our company that follows all principals and requirements of the GDPR. We use your PII in the context of the overall management of our business activity, only:

1. to manage information (potentially including PII) according to contracts (consulting, audit, training, research…);
2. to learn from past experience in our projects for upcoming projects (knowledge management), or to train new staff;
3. to carry out contracts including invoicing and justification of work performed (e.g. with timesheets and progress reports);
4. to manage IT activities with the aim of information security (including service availability), and to detect and handle threats, vulnerabilities, risks, and incidents;
5. to manage employment contracts, to ensure workplace safety, and to manage application information;
6. to demonstrate consistency of our accounting system to tax authorities and interested parties;
7. to perform forensic analysis and propose effective reactions to security events, to detect frauds and vulnerabilities, to understand malware and malware producers, and to share this knowledge with other security experts fighting against cybercrime;
8. trace the validity of our reports and advice for justifying professionalism.

To apply your rights for access, correction, reporting misuse, or withdrawing consent, please send an email to dpo@itrust.lu. For detailed explanation, read our Privacy Statement in English or French.