Privacy Policy

Privacy Policy

This document is applicable for all ThoughtLabs SRL legal entities composing the ThoughtLabs SRL Group (see below)

This document defines how ThoughtLabs SRL entities, acting as data controller, may process, in accordance with the applicable laws, including, the General Data Protection Regulation (the “GDPR“) and for the purposes defined below, information relating to identified or identifiable natural persons (called “data subjects”) collected from time to time (directly or indirectly, on a compulsory or voluntary manner, manually or otherwise) from the data subjects themselves as well as from its clients, third parties (such as potential clients, subcontractors, providers or any stakeholders involved in an engagement with ThoughtLabs) and/or from publicly available sources where applicable.

Why does ThoughtLabs SRL process personal data?

ThoughtLabs SRL process personal data in accordance with applicable laws and solely for the following purposes (together the “Purpose(s)”) :

  • To provide professional services including:
    • Analysis, Design, Development, Consultancy, Sales, Delivery, Installation, Services and Support activities related to the provision of IT solutions
  • To maintain its administrative and clients/suppliers relationships management systems, including:
    • Bid issuance and contract drafting;
    • Clients/suppliers/alumni follow up and management;
    • Invoicing and payments of invoices;
    • Advertising, communication and public relations;
    • Event organisation;
    • Quality reviews; and
    • Client ou user experience improvement and personalisation of services delivery (for example via authentification, monitoring of the performance and use of Arhs Group applications where applicable).
  • To apply acceptance and continuance procedures (including anti-money laundering, anti-bribery and counter-terrorist financing);
  • To facilitate compliance with its legal, regulatory, professional and/or contractual obligations (including independence and archiving requirements…);
  • To maintain and protect its buildings, equipment, IT infrastructure and data (including access management and authentification, security and performance monitoring…);
  • To ensure its business continuity;
  • To manage risks and litigations;
  • To process the data subjects’ requests; and/or
  • To manage its websites.

The Purposes above are based on at least one of the following legal basis:

  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • The processing is necessary for compliance with a legal obligation to which ThoughtLabs SRL is subject;
  • The processing is necessary for the purposes of the legitimate interests pursued by ThoughtLabs SRL or by a third party (such as the protection of ThoughtLabs SRL asset, the understanding of its clients’s needs and expectations or the fulfillment of the ThoughtLabs’s purpose or social interest); and/or
  • The data subject has given consent to the processing for one or more specific purposes

What personal data does ThoughtLabs SRL process?

  • Depending on, and when necessary for, the Purpose(s) above, ThoughtLabs SRL may process the following categories of personal data:
  • Identification data (e.g. name, surname, alias…);
  • Professional data (e.g. position, company…);
  • Administrative data (e.g. proof of identity documents, birthdate, gender, language …);
  • Relation data (e.g. relation history, attendance sheets…);
  • Environment data (e.g. characteristics, habits, social media information…);
  • Financial data (e.g. tax data, transactional data…);
  • Numeric data (e.g. logs, IP address…); and
  • Biometric data (e.g. picture and/or sound, video…).
Does ThoughtLabs SRL share personal data to third parties?

Depending on the Purpose(s) above, and besides the data subjects themselves, ThoughtLabs SRL may share the personal data to the following categories of recipients:

  • Processors and sub-processors such as IT suppliers (including systems administrators, cloud services providers, hosting providers…);
  • Between ThoughtLabs SRL entities;
  • ThoughtLabs SRL external counsels, agents or auditors;
  • Entities or individuals in relation with the data subjects (employers, relatives, counsels, business or potential business partners…); and/or
  • Oversight bodies or public authorities.
Does ThoughtLabs SRL transfer personal data outside the European Union?

ThoughtLabs SRL shall not transfer any personal data outside the European Union otherwise that:

  • To countries which provide an adequate level of protection for personal data as decided by the European Commission or:
  • To recipients under a suitable agreement which contains the legal requirements for such transfer. Copy of the applicable safeguards may be requested to the Data Protection Officer of ThoughtLabs.
How long does ThoughtLabs SRL keep the personal data?

The personal data will be kept in a form which permits identification of the data subjects for no longer than is necessary for each Purpose for which they have been collected, without prejudice to automatic IT back-ups and ThoughtLabs’s legal and regulatory archiving obligations.

What are your rights as data subject?

To the extent permitted by the laws, you may have the right, to:

  • request access to and rectification or the erasure of your personal data or restriction of processing concerning them;
  • object the processing of your personal data; as well as
  • data portability.

Should the processing be exclusively based on your consent, you shall have the right to withdraw it at any time, without affecting the lawfulness of the processing based on your consent before such withdrawal.

To exercise the rights listed above, you are invited to send an email demonstrating your identity and specifying the right you want to exercise to the Data Protection Office of ThoughtLabs.

Please note that you shall also have the right to lodge a complaint with the competent supervisory authority, the lead supervisory authority competent for personal data processed by ThoughtLabs SRL being the Commission Nationale de Protection des Données (CNPD).

For all question about privacy contact us by-email via:

Updates to our Privacy Notice:

We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the Controller or your rights.