Data Protection Policy 

Stone Sourcing (an Alegra Group AG Company) are fully committed to Data Protection and recognise its significance and importance. This policy ensures the protection of all personal information controlled or processed by the organisation and ensures an adequate level of awareness to ensure Data Protection principles are applied across all areas of operation within Stone Sourcing (an Alegra Group AG Company). 

Personal data is identified and managed in accordance with the Data Protection risk assessment methodology that endorses acceptable risk levels. 

The Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures, software and hardware functions. These controls are monitored, reviewed and improved by the Board to ensure that specific data protection, security and business objectives are met. This is operated in conjunction with other business management processes and incorporates applicable statutory, regulatory and contractual requirements. 

In particular, Stone Sourcing (an Alegra Group AG Company) is committed to compliance with all Data Protection requirements and good practice to include: 

  • Processing personal information only when strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes 
  • Processing only the minimum relevant and adequate personal information required for the above purposes, and doing so fairly and lawfully
  • Providing clear information to candidates and clients about how their personal information can be used and by whom
  • Maintaining a documented inventory of the categories of personal information processed by the organisation
  • Keeping personal information accurate, and where necessary, up-to-date
  • Retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes and ensuring timely and appropriate disposal
  • Respecting candidates and clients rights in relation to their personal information
  • Keeping all personal information secure
  • Only transferring personal information outside Luxembourg in circumstances where it can be adequately protected
  • Where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organisation’s database  
  • Identify workers with specific responsibility and accountability for the database 
  • Maintain records of processing of personal information.

Our Data Protection Policy Training Programme is incorporated in our staff induction and training programmes. The Data Protection Policy is readily accessible internally and presented to existing and prospective clients. In addition to employees, suppliers and contractors of Stone Sourcing (an Alegra Group AG Company) are expected to adhere to our Data Protection Policy. 

Stone Sourcing (an Alegra Group AG Company) is committed to continual improvement and all employees are empowered to take responsibility for Data Protection, with a robust process for identifying and reporting data breaches in place and subject to regular review. 

Through compliance to applicable statutory, regulatory and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Stone Sourcing (an Alegra Group AG Company) will demonstrate confidence, integrity and credibility internally and externally. 

Please contact our Data Protection Officer (DPO), Leander Pflueger at leander@stone-sourcing.com if you wish to receive or know more about: 

  • Policy on retention of data 
  • Withdraw/consent forms 
  • Data protection procedures.