What personal data does Startup Luxembourg process and for what purposes?
Startup Luxembourg does not collect personal data other than those Visitors voluntarily provide on the Website (i.e. name, first name, contact details including the email address, function and organisation, texts) (the Personal Data), either when they sign up for newsletters or send a contact request.
Personal Data collected on the Website will be processed by Startup Luxembourg for the following purposes:
- promote Startup Luxembourg activities (sending of newsletters, magazines and brochures, sending of invitations to events, etc.). If Visitors do not wish to receive marketing emails, they may follow the “unsubscribe” instructions included within each email communication ;
- communicate with the Visitors and provide them with the information requested ;
- processing of access, rectification and opposition requests, and other rights with respect to Personal Data;
- claims and litigation management.
The processing of the Visitors’ Personal Data is necessary for Startup Luxembourg to provide them with the services they requested, as well as to enable Startup Luxembourg to fulfil its public service missions. These purposes constitute the legal basis for the data processing carried out by Startup Luxembourg.
Who are the data recipients?
Visitors’ Personal Data will be processed internally by duly authorised persons, within the limits of their respective attributions.
They may also be communicated to Luxinnovation (representing Startup Luxembourg) data processors (including IT service providers) and external services providers such as web designers, marketing solutions providers, communication agencies, to the strictest extent necessary and subject to the existence of contractual guarantees to ensure the security and confidentiality of the data.
How does LUXINNOVATION ensure the security of Personal Data?
Visitors’ Personal Data will be processed by Luxinnovation (for Startup Luxembourg) as a data controller, in compliance with the applicable data protection legislation (i.e. for the time being the Law of 2 August 2002 on the protection of individuals with regard to the processing of personal data, as amended, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, – the GDPR -, which will enter into force on 25 May 2018, as well as any other subsequent regulation).
LUXINNOVATION undertakes to implement technical and organisational security measures to ensure the protection of Visitors’ Personal Data against the risks associated with the use of information systems.
LUXINNOVATION follows generally accepted security standards to help protect Visitors’ Personal Data. However, no method of transmission over the Internet, or of electronic storage, is 100% secure. Therefore, LUXINNOVATION cannot guarantee the absolute security of the Personal Data.
Personal Data is kept for a period of three years from their collection by LUXINNOVATION or the last contact from the Visitor.
What are the Visitors’ rights?
In accordance with the current data protection legislation, the Visitor or, as the case may be, his beneficiaries who can prove they have a legitimate interest, are entitled to obtain, free of charge:
- access to the personal data concerning the Visitor,
- confirmation that the Visitor Personal Data is or is not being processed,
- information concerning at least the purposes of the processing, the categories of data to which the processing relates and the recipients or categories of recipients to whom the data are communicated,
- communication, in an intelligible form, of the data being processed, as well as any available information on the origin of the data.
The Visitor (or, as the case may be, his beneficiaries) also has a right to rectify his/her personal data and a right to object to the collect and processing of such data, on the basis of compelling legitimate grounds.
These rights may be exercised by an email addressed to the following address: firstname.lastname@example.org. As of 25 May 2018, the Visitor will also be entitled to request the erasure of all or part of the data or a restriction of the processing, object to the processing or make use of its right to data portability, within the limits provided by the applicable rules. In the event of a breach of the data protection rules, the Visitor may also lodge a complaint before a supervisory authority such as the National Commission for Data Protection (CNPD).