October 2025
The DLPK Group, whose registered office is located in France and of which WAROLD BROKERAGE SERVICES is a member, constitutes an ecosystem of expertise and know-how dedicated to the design, management, and distribution of financial solutions for wealth management professionals.
WAROLD BROKERAGE SERVICES, a subsidiary of the DLPK Group, acts as an independent insurance broker serving a high-net-worth international clientele. In order to meet the needs of such clientele, WAROLD BROKERAGE SERVICES enters into international partnerships with insurance undertakings to offer products and services intended to protect the personal and professional assets of its clients.
In the context of its activities, WAROLD BROKERAGE SERVICES collects and processes personal data that may directly or indirectly identify data subjects, in its capacity as data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council (the “General Data Protection Regulation” or “GDPR”).
This Personal Data Protection Policy (hereinafter the “Policy”) is intended to inform data subjects of the conditions under which their personal data are collected and processed, in particular for the purposes of managing the commercial and contractual relationship between WAROLD BROKERAGE SERVICES and the data subjects, including, without limitation, the subscription to products and services.
The Policy sets out the categories of personal data processed, the purposes and legal bases of the processing operations, the applicable data retention periods, the security measures implemented, as well as the rights of data subjects in respect of such processing.
Additional information notices relating to the protection of personal data may be provided for each specific product or service offered. Such notices shall specify and supplement the information contained in this Policy.
OUR COMMITMENTS REGARDING THE PROTECTION OF PERSONAL DATA
Capitalized terms used in this Data Protection Policy have the meanings set out below, whether used in the singular or plural:
“Client” means any natural or legal person who has entered into a relationship with WAROLD BROKERAGE SERVICES for the purpose of being offered products and services designed to protect his, her or its assets. This definition includes natural persons acting as legal representatives of an individual Client, such as guardians or curators, as well as natural persons acting as representatives of a legal entity Client, such as corporate officers, legal representatives, or any duly authorized person, including beneficial owners and shareholders.
“Recipient” means any natural or legal person, public authority, agency, department, or any other body to which Personal Data are disclosed.
“Personal Data” means any information or set of information relating to an identified or identifiable natural person, whether directly (e.g. surname, first name, personalized email address, etc.) or indirectly (e.g. identification number, telephone number, location data, etc.).
“Partner” means any financial partner, such as a bank, financial advisor or wealth management advisor, family office, or asset management company, which has entered into a contractual relationship with WAROLD BROKERAGE SERVICES for the purpose of distributing the Products and Services. This definition includes natural persons acting as corporate officers, legal representatives, or any duly authorized natural person of the Partner, including beneficial owners, shareholders, and natural persons designated by the Partner to act as points of contact with WAROLD BROKERAGE SERVICES.
“Interested Party” means any data subject involved in the context of the distribution of the Products and Services by a Client, where the collection of such data subject’s Personal Data is necessary in order to subscribe to or benefit from the Products and Services. This may include, without limitation, family members, heirs and successors of the Client, beneficiaries of a contract, and similar persons.
“Products and Services” mean the solutions offered by WAROLD BROKERAGE SERVICES, the purpose of which is the protection of the Client’s personal and/or professional assets.
“Regulations” mean the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “General Data Protection Regulation” or “GDPR”), as well as any other applicable provisions relating to the protection of personal data in accordance with Luxembourg and European legislation.
“Data Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data and which is responsible vis-à-vis data subjects for the use of their Personal Data.
“Processor” means the natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.
In the context of the distribution of the Products and Services, WAROLD BROKERAGE SERVICES – a public limited company (société anonyme) governed by Luxembourg law, having its registered office at 29 Boulevard Prince Henri, L-1724 Luxembourg City, registered with the Luxembourg Trade and Companies Register under number B250980, and an insurance broker authorized by the Commissariat aux Assurances (CAA) under registration number 2021CM006 – acts as the Data Controller of the Personal Data.
This Data Protection Policy uses the terms “we”, “us” and “our” to refer to WAROLD BROKERAGE SERVICES.
This Data Protection Policy applies to any natural person who is the subject of Personal Data processing operations implemented by WAROLD BROKERAGE SERVICES.
We may collect and process Personal Data relating to you if you are:
It is your responsibility to ensure that all persons concerned by processing operations carried out by WAROLD BROKERAGE SERVICES are informed of the information contained in this Data Protection Policy prior to the communication of their Personal Data to us.
Depending on the purposes of the processing, we may collect and process various categories of Personal Data relating to you.
As a general rule, we do not collect personal data falling within special categories of data, also referred to as “sensitive data”, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation, as well as data relating to criminal offences, criminal convictions, or security measures.
However, in certain specific cases and/or depending on the Products and Services, we may be required to collect:
All necessary measures are implemented to ensure the confidentiality and security of such data, in accordance with the Regulations.
Your Personal Data is retained for the period necessary to achieve the purposes for which it was collected, in accordance with the Regulations.
Once the purpose of processing has been achieved, we may retain certain Personal Data in order to comply with a legal obligation or to establish, exercise or defend legal claims. In such cases, your Personal Data is securely archived with restricted access limited to authorized persons only, for the retention periods required by applicable laws and regulations. These periods may vary depending on the applicable obligations, in particular those relating to document and accounting record retention, anti-money laundering and counter-terrorist financing requirements, or statutory limitation periods.
Where Personal Data is collected for several purposes, it is retained until the longest applicable retention period has expired. At the end of these periods, your Personal Data will be destroyed, deleted or anonymized.
Your Personal Data are retained for the period necessary to achieve the purposes for which they were collected, in accordance with the Regulations.
Once the purpose of the processing has been achieved, we may be required to retain certain Personal Data in order to comply with a legal obligation or to establish, exercise, or defend legal claims. In such cases, your Personal Data are securely archived, with access restricted to persons having a need to know, for the retention periods required under applicable legislative or regulatory provisions. Such periods may vary depending on the applicable obligations, in particular with regard to accounting record retention requirements, anti-money laundering and counter-terrorist financing obligations, or statutory limitation periods for evidentiary purposes.
Where Personal Data are collected for several purposes, they are retained until the expiry of the longest applicable retention period. Upon expiry of such periods, your Personal Data shall be destroyed, erased, or anonymized.
We collect and process your Personal Data on the legal basis of the performance of a contract to which you are a party or the implementation of pre-contractual measures taken at your request, for the following purposes:
|
PURPOSES |
DATA SUBJECTS |
RETENTION PERIOD |
|
Management of the establishment of the business relationship and performance of distribution partnerships for Products and services |
Partners |
10 years after termination of the relationship |
|
Management of the establishment of the business relationship and execution of subscriptions to Products and services |
Clients / Interested Parties |
5 years after termination of the relationship |
Where the processing of your Personal Data is necessary for the performance of a contract or pre-contractual measures taken at your request, the provision of such Personal Data is mandatory in order to achieve these purposes. Failure to provide all or part of the required Personal Data may prevent the performance of our contractual obligations (e.g. a request relating to a contract to which you are a party) or the implementation of pre-contractual measures taken at your request (e.g. the provision of a partnership proposal).
We collect and process your Personal Data in order to comply with the following legal and/or regulatory obligations:
|
PURPOSES |
DATA SUBJECTS |
RETENTION PERIOD |
|
Implementation of due diligence measures in relation to Clients under AML/CFT regulations and international sanctions |
Clients / Partners |
5 years after the end of the business relationship |
|
Compliance with accounting and tax obligations |
Partners / Clients / Interested Parties |
10 years from the end of the relevant financial year |
|
Management of requests for the exercise of data subject rights |
Partners / Clients / Interested Parties |
Calendar year of the request plus five (5) years |
We process your Personal Data on the legal basis of our legitimate interests, while ensuring respect for your rights and freedoms, for the following purpose:
|
PURPOSE |
DATA SUBJECTS |
RETENTION PERIOD |
|
Management of complaints and litigation |
Partners / Clients / Interested Parties |
10 years from the end of the dispute |
Where the processing of your Personal Data is based on our legitimate interests, a balancing test has been carried out between the interests pursued by WAROLD BROKERAGE SERVICES and the interests and reasonable expectations of the data subjects concerned.
Where the processing of your Personal Data requires your consent, such consent is obtained through the data collection media. You are informed in advance of the specific purposes of the processing and of the potential consequences in the event of refusal to provide or withdrawal of consent.
In order to achieve the purposes referred to in Section 6 above, your Personal Data may be accessed by certain Recipients. Only persons who, by reason of their duties within the competent internal departments responsible for the relevant processing activities, require access to such Personal Data are authorized to do so, strictly within the scope of their respective authorizations.
In addition, external Recipients may also be granted access to your Personal Data.
We undertake to disclose only Personal Data that are strictly necessary to authorized and trusted service providers processing such data on our behalf and in accordance with our instructions, and/or to our partners, solely for the specific purposes for which such data were collected.
Your Personal Data may also be disclosed to authorized third parties in compliance with applicable laws and regulations.
Service providers engaged by WAROLD BROKERAGE SERVICES are either subject by law to a professional secrecy obligation or are contractually bound to WAROLD BROKERAGE SERVICES by confidentiality agreements requiring compliance with strict confidentiality rules.
For processing operations carried out by WAROLD BROKERAGE SERVICES, and depending on the purposes pursued, your Personal Data may be accessed by duly authorized personnel on a strict need-to-know basis.
WAROLD BROKERAGE SERVICES is an entity of the DLPK Group, within which entities cooperate in the operation, management, and marketing of the Products and Services.
In this context, and for certain specific purposes, your Personal Data may be securely transmitted, on a strict need-to-know basis, to certain entities of the DLPK Group acting strictly within the scope of their respective missions.
Personal Data disclosed within the DLPK Group are processed in a secure manner to ensure their confidentiality, integrity, and availability. To this end, appropriate technical and organizational measures are implemented, including, in particular, authentication measures with individual and secure access via identifiers and passwords, connection logging, data backup measures, and other safeguards adapted to the sensitivity of the Personal Data processed and the level of risk associated with the processing activities or their implementation.
WAROLD BROKERAGE SERVICES is subject to a professional secrecy obligation pursuant to Article 300 of the Luxembourg law of 7 December 2015 on the insurance sector. Accordingly, WAROLD BROKERAGE SERVICES may not disclose to third parties any information entrusted to it in the performance of its mandate or in the course of its professional activities, except where such disclosure is made in accordance with, or is required by, applicable law, or upon the instructions or with the express consent of its Client.
In order to provide its services in an optimal manner and in accordance with high quality standards, to comply with applicable regulations, and to benefit from the technical resources of specialized service providers, WAROLD BROKERAGE SERVICES outsources certain tasks, activities, or services to third-party service providers located in France or within the European Union.
In particular, WAROLD BROKERAGE SERVICES uses the services of an IT service provider in France, namely DLPK SAS, whose registered office is located at 215 Avenue Le Nôtre, 59100 France, and which is the majority shareholder of WAROLD BROKERAGE SERVICES. The outsourcing of IT activities notably covers the following services:
management of the electronic signature process, provided by DocuSign, a trusted service provider, governed by the master agreement entered into between DocuSign and DLPK. In this context, the Personal Data necessary for the electronic signature process are collected and stored by DocuSign. DocuSign’s privacy policy is available on its website. It is specified that DocuSign may store such data outside Luxembourg but always within the European Union.
DLPK, DocuSign, and any other service providers engaged by WAROLD BROKERAGE SERVICES are not subject to the Luxembourg professional secrecy regime, or may be subject to a professional secrecy obligation that is less stringent than that applicable in Luxembourg. In certain circumstances, and notwithstanding their confidentiality undertakings, such service providers may be legally required to disclose data or information to authorized third parties or competent authorities.
Your Personal Data may also be made accessible, where necessary:
Depending on the purpose of processing, your Personal Data may be accessed by duly authorized personnel of WAROLD BROKERAGE SERVICES who have a need to know.
We process your Personal Data within the European Economic Area (EEA).
However, although your Personal Data are hosted within the EEA, we may use certain service providers whose data processing activities may involve transfers to countries that are not members of the EEA, where data protection laws may differ from those of the European Union.
In such cases, transfers of your Personal Data are carried out either to a country recognized by the European Commission as providing an adequate level of protection (adequacy decision) or are subject to appropriate safeguards in accordance with the Regulations, in particular through the execution of standard contractual clauses approved by the European Commission.
In addition, appropriate and supplementary security measures may be implemented, where necessary, to ensure the protection of Personal Data transferred outside the EEA.
Furthermore, as our delegate DLPK has its registered office in France, we confirm that all of your Personal Data are stored on servers located in France and accessible solely by duly authorized DLPK employees. More generally, all data and information held in connection with your contract may be shared with DLPK and stored on servers located in France. Such data and information may also be used to comply with WAROLD BROKERAGE SERVICES’ legal and regulatory obligations.
We ensure that your Personal Data are processed in a secure manner in order to guarantee their confidentiality, integrity, and availability.
To this end, appropriate technical and organizational measures are implemented, including authentication mechanisms with individual and secure access via confidential user credentials and passwords, logging of access and connections, data backup procedures, and other safeguards adapted to the sensitivity of the Personal Data processed and the level of risk associated with the processing activities or their implementation.
You have rights which may vary depending on the legal basis on which the processing of your Personal Data is carried out.
The table below sets out the rights you may exercise depending on the applicable legal basis for the processing of your Personal Data.
|
Legal Basis |
Right of Access |
Right to Rectification |
Right to Object |
Right to Erasure |
Right to Restriction |
Right to Data Portability |
|
Consent |
✔ |
✔ |
❌ |
✔ |
✔ |
✔ |
|
Performance of a contract |
✔ |
✔ |
❌ |
✔ |
✔ |
✔ |
|
Legal obligation |
✔ |
✔ |
❌ |
✔ / ❌ (1) |
✔ |
❌ |
|
Legitimate interest |
✔ |
✔ |
✔ |
✔ |
✔ |
❌ |
(1) The right to erasure may not apply where the processing of Personal Data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims, in accordance with Article 17(3) of the GDPR.
You may request access to your Personal Data and obtain a copy thereof.
You may request the rectification of inaccurate Personal Data concerning you and the completion of incomplete Personal Data.
You may request the erasure of your Personal Data within the limits provided for by the Regulations, unless such data must be retained in order to comply with a legal obligation, to establish, exercise, or defend legal claims, or for reasons of public interest, such as public health, scientific research, historical research, or statistical purposes.
In certain cases provided for by the Regulations, you may request the restriction of the processing of your Personal Data, in particular where:
You may request to receive the Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and/or to have such data transmitted to another data controller, without hindrance from us. This right applies only where the processing of your Personal Data is based on your consent or on the performance of a contract and where such processing is carried out by automated means.
You may object to the processing of your Personal Data on grounds relating to your particular situation where such processing is based on our legitimate interests.
In such cases, your Personal Data will no longer be processed unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless such processing is necessary for the establishment, exercise, or defense of legal claims.
You also have the right to object at any time, free of charge and without providing any justification, to the processing of your Personal Data for direct marketing purposes.
Where the processing of your Personal Data is based on your consent, you may withdraw such consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You may exercise your rights by contacting the Data Protection Officer (DPO) by:
A response will be provided as soon as possible and, in any event, within the time limits prescribed by applicable law. We may request additional information where necessary to verify your identity and to process your request.
In the event of a complaint, you may lodge a complaint with the National Commission for Data Protection (Commission Nationale pour la Protection des Données – CNPD), Complaints Department, 15, Boulevard du Jazz, L-4370 Belvaux, which is the supervisory authority in Luxembourg responsible for ensuring compliance with personal data protection obligations.
We may update this Data Protection Policy at any time in order to reflect changes in our activities, our Products and Services, or applicable Regulations. The updated version will be communicated to you by any means deemed appropriate by us.
Courtier de référence au Luxembourg et en Europe pour la protection du patrimoine personnel et professionnel des entrepreneurs, cadres dirigeants et membres de conseil d’administration.
Copyright © 2026 Warold Brokerage Services. Tous droits réservés. | Identité et site par ANGLE
