Privacy Policy

Introduction

CrimsonDirector SARL ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

As a data controller, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the European Union and Luxembourg.

Data Controller Information

The data controller responsible for your personal data is:

Data Collection

The data we collect may include the following types of personal information:

Information You Provide

• Contact information (name, email address, phone number, postal address)
• Company information (company name, job title, industry)
• Communication preferences and enquiry details
• Information provided in forms, surveys, or correspondence
• Marketing and communication preferences

Information Automatically Collected

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, click patterns)
• Location data (general geographic location based on IP address)
• Cookies and tracking technologies data

How We Use Your Information

We process your personal data for the following purposes, based on legitimate legal grounds:

• Service Provision: To provide our business consulting services, respond to enquiries, and fulfill contractual obligations
• Communication: To communicate with you about our services, respond to your requests, and provide customer support
• Marketing: To send you relevant marketing communications about our services (with your consent)
• Website Improvement: To analyse website usage, improve our services, and enhance user experience
• Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements
• Business Operations: For internal business purposes such as data analysis, audits, and fraud prevention

The legal basis for processing your data includes your consent, performance of a contract, legitimate interests, and compliance with legal obligations as applicable under GDPR.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our website and providing services
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Consent: With your explicit consent for specific purposes

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Our data retention periods are as follows:

• Contact Information: Retained for 7 years after last contact or until you request deletion
• Marketing Data: Retained until you withdraw consent or opt out
• Website Analytics: Retained for 26 months (Google Analytics default)
• Legal Documentation: Retained as required by applicable laws and regulations

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of processing your data
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing of your data for direct marketing
• Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection and security
• Secure data storage and backup procedures

International Data Transfers

Your personal data may be processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard contractual clauses approved by the European Commission
• Binding corporate rules for multinational companies
• Certification schemes and codes of conduct

Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

You also have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD) if you believe our processing of your personal data violates applicable data protection laws.