top of page

Privacy Policy

SYL Consulting Luxembourg S.à r.l.

Last Updated: December 26, 2025

1. Introduction
SYL Consulting Luxembourg S.à r.l. ("SYL Luxembourg," "we," "us," or "our") is committed to protecting your privacy and complying with data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information.
Who We Are:

  • Legal Entity: SYL Consulting Luxembourg S.à r.l.

  • Registration: [Luxembourg Company Number]

  • Business: Research and investment intelligence services

  • Website: sylluxembourg.com

Data Controller: SYL Consulting Luxembourg S.à r.l.
12, Rue du Chateau D'eau
L-3364 Leudelange
Luxembourg
Email: info@sylluxembourg.com
Data Protection Officer: Email: dpo@sylluxembourg.com
Scope: This policy applies to clients, research participants, website visitors, business contacts, and job applicants.
Legal Framework: We comply with the General Data Protection Regulation (GDPR) and Luxembourg data protection laws.
2. Information We Collect
2.1 Information You Provide
Contact Information:

  • Name, title, organization

  • Email address, phone number

  • Business address

Research Client Information:

  • Organization details and industry

  • Research requirements and objectives

  • Investment criteria and focus areas

Research Participation Information:

  • Interview responses

  • Survey data

  • Market expertise and professional insights

  • Industry opinions

Professional Information:

  • Employment applications

  • CVs and academic credentials

  • Professional qualifications

  • References

2.2 Information Collected Automatically
Technical Data:

  • IP address (anonymized)

  • Browser type and version

  • Device information

  • Pages visited and interaction patterns

  • Referral sources

  • Geographic location (country/city level)

Cookies:

  • Strictly necessary cookies

  • Analytics cookies (with consent)

  • Preference cookies (with consent)

2.3 Information from Third Parties

  • Professional networking platforms (LinkedIn, with consent)

  • Publicly available business databases

  • Financial information providers

  • Research data providers

  • Business referrals

3. How We Use Your Information
3.1 Purposes of Processing
Research Services:

  • Conducting market research and analysis

  • Investment research and intelligence

  • Sector analysis and competitive intelligence

  • Due diligence investigations

  • Preparing research reports and deliverables

Data Analysis:

  • Analyzing interview and survey responses

  • Aggregating market intelligence

  • Creating anonymized research outputs

  • Developing sector expertise

Business Operations:

  • Managing research projects

  • Processing payments and invoices

  • Administering contracts

  • Maintaining business records

  • Improving research methodologies

Communications:

  • Delivering research updates and reports

  • Responding to inquiries

  • Sharing market insights (with consent)

  • Research newsletters (with consent)

Legal Compliance:

  • Meeting EU and Luxembourg legal obligations

  • Complying with financial regulations

  • Preventing fraud and ensuring security

3.2 Legal Basis (GDPR Article 6)
Contract Performance (Art. 6(1)(b)): Necessary to perform research services
Legitimate Interests (Art. 6(1)(f)):

  • Conducting research and market intelligence

  • Business development and client management

  • Improving research quality

  • Security and fraud prevention

  • Internal administration

Legal Obligations (Art. 6(1)(c)): Compliance with EU/Luxembourg laws and regulations
Consent (Art. 6(1)(a)):

  • Marketing communications

  • Optional research participation

  • Non-essential cookies

4. How We Share Your Information
We do not sell, rent, or trade your personal information.
4.1 Research Clients
We share aggregated, anonymized research findings with clients who commissioned the research. Individual-level data is shared only with explicit consent.
4.2 Service Providers
We engage third-party providers for:

  • Cloud hosting (EU-based servers)

  • IT infrastructure and support

  • Payment processing

  • Professional services (legal, accounting, audit)

  • Research databases and analytics tools

All providers are bound by GDPR-compliant data processing agreements.
4.3 Professional Advisors
We may share information with lawyers, accountants, and auditors when necessary for business operations or legal compliance.
4.4 Regulatory Authorities
We may disclose information to:

  • Luxembourg data protection authority (CNPD)

  • European supervisory authorities

  • Tax authorities

  • Law enforcement (when legally required)

4.5 Business Transfers
In the event of a merger, acquisition, or asset sale, your information may be transferred subject to GDPR requirements and confidentiality obligations.
4.6 With Your Consent
We share information with third parties when you provide explicit consent.
5. International Data Transfers
We are based in the EU (Luxembourg). When transferring data outside the European Economic Area, we ensure appropriate safeguards:
Standard Contractual Clauses (SCCs): EU Commission-approved clauses with non-EEA processors
Adequacy Decisions: Transfers to countries with EU adequacy recognition
Supplementary Measures: Additional technical and organizational safeguards
You may request copies of transfer safeguards we have in place.
6. Data Security
We implement comprehensive security measures:
6.1 Technical Measures

  • End-to-end encryption (TLS 1.3)

  • Data encryption at rest (AES-256)

  • Multi-factor authentication

  • Regular penetration testing

  • Intrusion detection systems

  • Secure EU-based data centers

  • Regular security audits

6.2 Organizational Measures

  • ISO 27001-aligned security management

  • Strict access controls (need-to-know basis)

  • Employee confidentiality agreements

  • Regular security and privacy training

  • Data breach response procedures

  • Vendor security assessments

  • Secure data disposal procedures

6.3 Research Data Protection

  • EU-based encrypted servers for research data

  • Segregated client data with access controls

  • Anonymization techniques for outputs

  • Secure transmission protocols

7. Data Retention
We retain personal information in accordance with legal requirements:
Research Client Data:

  • 10 years after project completion (Luxembourg commercial law)

Research Participant Data:

  • Identifiable data: Project duration + 12 months

  • Anonymized/aggregated data: Indefinitely for research purposes

Business Contacts:

  • 3 years after relationship ends

Website Analytics:

  • 26 months from collection

Job Applications:

  • 12 months after application

Marketing Data:

  • Until consent withdrawn (plus 30 days for processing)

When retention periods expire, we securely delete or anonymize data.
8. Cookies and Tracking Technologies
8.1 Types of Cookies
Strictly Necessary Cookies: Essential for website functionality (no consent required)
Analytics Cookies: Google Analytics with IP anonymization and privacy-enhanced mode (requires consent)
Preference Cookies: Remember your settings and language preferences (requires consent)
8.2 Cookie Management
Cookie Consent Tool: We provide a consent management tool on our website.
Browser Controls: You can manage cookies through browser settings.
Note: Blocking necessary cookies may affect website functionality.
9. Your Rights Under GDPR
9.1 Right of Access (Article 15)
Request confirmation of processing and obtain a copy of your data.
9.2 Right to Rectification (Article 16)
Correct inaccurate or incomplete personal information.
9.3 Right to Erasure (Article 17)
Request deletion of your data when:

  • No longer necessary for purposes collected

  • You withdraw consent (where consent is the basis)

  • No overriding legitimate grounds exist

  • Processing is unlawful

  • Required by legal obligation

9.4 Right to Restriction (Article 18)
Restrict processing when:

  • You contest data accuracy

  • Processing is unlawful but you oppose erasure

  • We no longer need data but you need it for legal claims

  • You objected to processing (pending verification)

9.5 Right to Data Portability (Article 20)
Receive your data in structured, machine-readable format and transmit to another controller (where technically feasible).
9.6 Right to Object (Article 21)

  • Object to processing based on legitimate interests

  • Object to direct marketing (absolute right)

  • Object to research purposes (unless necessary for public interest)

9.7 Rights Regarding Automated Decision-Making (Article 22)
Right not to be subject to solely automated decisions with legal or significant effects. We do not engage in automated decision-making.
9.8 Right to Withdraw Consent (Article 7(3))
Withdraw consent at any time without affecting prior lawful processing.
9.9 How to Exercise Your Rights
Contact:

Response Time: Within one month (may be extended by two months for complex requests)
Verification: We may request proof of identity to prevent unauthorized access.
Free of Charge: First request is free; excessive requests may incur administrative fees.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with the Luxembourg supervisory authority:
Commission Nationale pour la Protection des Données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Luxembourg
Website: https://cnpd.public.lu
Email: info@cnpd.lu
Phone: (+352) 2610 60 1
You may also complain to the supervisory authority in your EU member state.
11. Research Participant Privacy
11.1 Confidentiality
If you participate in our research:

  • Your identity and responses remain confidential unless you consent to attribution

  • Responses are aggregated and anonymized in research outputs

  • Direct quotes require your explicit permission

11.2 Your Rights

  • Access your interview responses

  • Request correction or deletion (subject to research integrity)

  • Withdraw from future research participation

11.3 Secondary Research
When collecting publicly available information for research:

  • We rely on legitimate interests as legal basis

  • Data used only for professional research purposes

  • Personal data aggregated and anonymized where possible

12. Children's Privacy
Our services are directed to business and institutional clients. We do not knowingly collect information from individuals under 16 years of age (GDPR threshold). If we discover such collection, we will delete the information immediately.
13. Third-Party Links
Our website may link to external websites. This Privacy Policy does not apply to those sites. We encourage you to review their privacy policies.
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in practices or legal requirements.
Notification:

  • Material changes: Email notification and opt-in consent where required

  • Minor updates: Website notification and updated "Last Updated" date

Your Rights:

  • Review changes before they take effect

  • Object to changes affecting your data

  • Exercise right to erasure if you disagree

15. Contact Us
General Inquiries:

  • Email: info@sylluxembourg.com

  • Mail: SYL Consulting Luxembourg S.à r.l., 12, Rue du Chateau D'eau, L-3364 Leudelange, Luxembourg

Data Protection Officer:

Research Privacy:

16. Governing Law
This Privacy Policy is governed by Luxembourg law and the General Data Protection Regulation (GDPR). Disputes are subject to Luxembourg court jurisdiction.
By using our website or services, you acknowledge that you have read and understood this Privacy Policy. Where required by law, we will obtain your explicit consent for specific processing activities.
Document Version: 1.0
Effective Date: December 26, 2025
GDPR Compliance Review: December 26, 2025

bottom of page