Trust & Compliance
Trust and compliance are core principles embedded in every project we undertake.
Scope & commitments
Trust and compliance underpin how we work, from first contact to final delivery. This page outlines the principles, controls, and governance frameworks that guide our operations across all projects.
These include data protection and confidentiality, information security, quality assurance, independence and procurement readiness.
Our commitments apply consistently to staff, experts, and partners, and are embedded throughout the project lifecycle. By formalising these practices, we ensure transparency, accountability and reliability for our clients, while meeting high professional, ethical and regulatory standards.
GDPR & data protection
Committed to data privacy and protection
We strictly comply with Regulation (EU) 2016/679 (GDPR) and apply robust personal data protection measures across all projects.
- Purpose limitationPersonal data is processed solely for clearly defined, project-related purposes.
- Data locationBy default, data storage and processing are carried out exclusively within the EU/EEA, and where possible in Luxembourg, unless different requirements apply to a specific project.
- Access controlAccess to personal data is strictly limited to authorised personnel.
- Data protection measuresData minimisation, limited retention, pseudonymisation, and encryption are applied where appropriate.
- Accountability and traceabilityDetailed records of processing activities, access requests and incidents are maintained.
Information security
Procurement ready and contract compliant
Information security is a core operational priority, supported by technical and organisational safeguards.
Secure data storage and transmission
All sensitive data is encrypted both in transit and at rest, ensuring confidentiality and integrity across all environments.
Regular testing and review of security measures
Security controls are reviewed and tested on a regular basis to ensure ongoing compliance, resilience, and system reliability.
Secure remote access
Remote access is protected through secure authentication methods and controlled permissions, ensuring safe connectivity for distributed teams.
Incident response and recovery procedures
Defined incident response protocols enable rapid containment, transparent reporting, and efficient recovery to minimize operational disruption.

Quality Assurance governance
Quality is embedded throughout our project lifecycle
- Clear accountability and oversightProjects operate under defined roles, with Project Manager oversight and independent quality verification.
- Standards, methods, and review gatesMethodologies, assumptions, acceptance criteria and limitations are clearly documented. Key deliverables are subject to peer and senior review at defined quality gates.
- Traceability and controlDeliverables are managed through version control, evidence repositories and change logs to ensure full traceability.
- Risk management and continuous improvementRisks are monitored through registers and mitigation plans reviewed at milestones, with lessons learned feeding continuous improvement.
- Clarity and complianceOutputs are stakeholder-ready and aligned with institutional formats and quality expectations.
Independence, ethics & conflicts of interest
We safeguard independent judgment and ethical integrity in all assignments
- Conflicts of interestScreening at proposal and kick-off; declarations for staff, experts, and partners; separation between analytical work and client interests.
- EthicsCode of conduct; safeguarding; respectful stakeholder engagement; alignment with international good practice in evaluation, statistics and research.
- Governance transparencyClear roles and responsibilities; transparent decision-making processes.
- Research integrityCitation standards; limits and assumptions clearly stated.

Procurement readiness
Procurement ready and contract compliant
Our organisation is fully equipped to operate in formal procurement and contractual environments.
Procurement experience
EU and internationally funded projects; framework contracts.
Tender governance
Structured internal processes for tendering, contracting and mobilisation.
Compliance controls
Clear documentation; pricing transparency; compliance checks.
Operational readiness
Stable, compliant teams mobilised within defined timelines.
Certifications & statements
Certified standards, recognised commitments
Our commitments are supported by formal internal policies, documented procedures and recognised labels.
Standards & frameworks
Identify, access and collect data from multiple sources, including administrative systems, surveys, and external providers.
Attestations
Combine heterogeneous datasets, align definitions and transform data into consistent and usable formats
Values charter
Apply validation rules, accuracy, consistency and plausibility checks.
Recognised labels
Holder of the ‘Made in Luxembourg’ label, confirming our establishment and activities in Luxembourg.

Audit history & results
Transparency and reliability in our audit processes
Our organisation operates within a robust audit framework, in line with applicable regulations, and uses audit feedback to continuously strengthen governance and controls:
- Statutory auditAnnual statutory audit conducted by an independent approved statutory auditor, in line with Luxembourg legal requirements for public limited companies.
- Audit cooperationTimely provision of all required documents and information; audits conducted in accordance with applicable professional standards.
- Audit readinessRetention of project documentation; full traceability ensured across assignments to support audit requirements.
FAQ
Frequently asked questions
Is compliance applied to every project?
Yes. All projects follow the same baseline standards for data protection, confidentiality, security, and quality.
How do you ensure team continuity?
With a named project manager and core team, with backups and knowledge transfer.
Where is data processed and stored?
Within the EU/EEA, with controlled access and secure infrastructure.
Can confidentiality be contractually formalised?
Yes. With NDAs and data processing agreements when required.