- For the websites luxembourg-internet-days.com and https://datacenters-in-europe.com: LU-CIX ASBL, a non-profit organisation (association sans but lucratif) formed under the laws of Luxembourg with registered offices at 202, Z.A.E. Wolser F, L-3290 Bettembourg, Grand Duchy of Luxembourg, registered within the Registre de Commerce et des Sociétés in Luxembourg under the number F7911; and
- For the website lu-cix.lu: LU-CIX Management G.I.E., an economic interest group (groupement d’intérêt économique) formed under the laws of Luxembourg with registered offices at 202, Z.A.E. Wolser F, L-3290 Bettembourg, Grand Duchy of Luxembourg, registered within the Registre de Commerce et des Sociétés in Luxembourg under the number C86;
(hereinafter “LU-CIX”, “us” or “our”, for either one or the other following entity depending on the concerned website).
Any processing is made by LU-CIX, which acts as data controller (i.e. the organisation which determines why and how to process personal data), within the meaning of and in accordance with applicable data protection laws, including but not limited to, the European General Data Protection Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“personal data” which means any information allowing the direct or indirect identification of an individual natural person;
“processing” which means any act made in relation to such data (e.g. collecting, storing, and transferring data);
“data subjects”, “you” and “your” refer to any individual using our websites and/or our services provided through our websites and any other third party being individuals on whom we may collect personal data.
1. COLLECTION OF PERSONAL DATA
When do we collect personal data? We will notably collect personal data:
- When you navigate through our websites and therefore when you use our services;
- When you request that we contact you to answer any of your questions including on technical and support related issues;
- When you download material such as documents and videos;
- When you apply to become a member, sponsor, joining company or a speaker notably via our registration forms;
- When you log in to our services;
- When you participate to or attend events referenced in our websites.
Update of personal data. We will endeavour to keep the personal data in our possession or control accurate. Data subjects providing personal data are however responsible for promptly informing us of any change to their personal data.
Refusal to provide your personal data. You have the right to refuse to provide us with your personal data but you are aware that not providing us with some specific personal data (e.g. data requested for contacting us) would unfortunately prevent LU-CIX from answering to you, from providing you with our services, or from entering into an agreement or maintaining the related ongoing agreement with you.
2. TYPES OF PERSONAL DATA
We aim to be transparent about what we process and why. We request that you provide us with personal data that is only necessary for us to carry out our services in the context of the related website, such as the following types of personal data but not limited to:
- identification information, such as your first name, your last name and your picture;
- contact information, such as e-mail address, phone number, address, postal code, city and country of residence;
- business-related information such as company you work for or represent, role, position and country of work;
- record of your correspondence including e-mail address;
- types of services or product received or purchased;
- IT-related information, such as your IP address, the name of your internet service provider, the operating system and the browser you used, the date and duration of your visit, the name(s) of the visited page(s) and your login information;
- financial and banking information such as for payment of membership’s fees;
- your relationship with us such as your membership, your sponsorship and your inclusion in our connected network and your status of joining company or your role of speaker during our events; and
- any other type of personal data related to the conduct of LU-CIX’s business.
Usage data — when you visit our site, we will store: the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more. We process this usage data in Matomo Analytics for statistical purposes, to improve our site and to recognize and stop any misuse.
3. LEGAL BASIS AND PURPOSES OF THE PROCESSING
In most cases, personal data will be processed for at least one of the following:
- it is necessary for LU-CIX to take measures at your request prior to entering into a contract or for the performance of any contractual obligations towards you;
- you have given prior consent to the processing of your personal data and your consent has been obtained pursuant to applicable laws, such as to receive commercial communications from us;
- it is necessary for LU-CIX to be able to perform an obligation according to law or any decision by a public authority, such as to allow us to comply with applicable commercial laws and any regulatory obligations and to respond to requests and comply with requirements from public authorities; or
No automated decisions will be made in relation to the personal data processed.
4. DISCLOSURE OF PERSONAL DATA
To achieve the above purposes, we may disclose personal data to the following recipients: other entities members of LU-CIX Group, our commercial partners, members, sponsors, clients, external services providers, subcontractors, third parties to which we provide services, professional advisors, purchasers or sellers of our assets and entities linked to LU-CIX if any, as well as public organisations, administrative or legal authorities and supervisory bodies if applicable.
Transfer of personal data. You are informed that certain recipients may be located outside the territory of the European Economic Area in countries that do not offer a level of protection equivalent to the one granted in the European Union. Any personal data transfer to such recipients will, depending on the nature of the transfer:
- be covered by appropriate safeguards such as standard contractual clauses approved by the European Commission, in which case you may obtain a copy by contacting us; or
- be otherwise authorised under data protection law, as the case may be, as such transfer is necessary for the performance or execution of a contract concluded in your interest or for the establishment, exercise or defence of legal claims or for the performance of a contract between you and us.
LU-CIX will store your personal data only for as long as necessary for the relevant processing activity to be completed and/or for the retention period permitted under applicable law.
6. YOUR RIGHTS
In relation to your personal data, you have the right to:
- access the personal data held about you and receive additional information about how it is processed;
- rectify or complete any inaccurate or incomplete personal data;
- seek the erasure of your personal data when its processing is no longer necessary for the purposes described above, when the processing is not or no longer lawful for any reasons, when you have withdrawn your consent to the processing according to applicable laws, when the erasure is necessary to comply with applicable laws or when you object to the processing in the absence of any overriding legitimate ground for such processing;
- object, on grounds relating to your particular situation, to any processing based on LU-CIX’s legitimate interest;
- receive your personal data and transmit it to another data controller to the extent that the legitimacy of the processing lies on contractual performance and is carried out by automated means;
- withdraw any consent given to the processing at any time to the extent that your consent justified such processing; and
- seek the restriction of the processing, for instance, when you contest the accuracy of the personal data or when the processing is not or no longer compliant with the exception of storage, only processed in specific cases (e.g. for the establishment, exercise or defence of LU-CIX’s legal claims).
LU-CIX will respond to individual complaints and questions relating to privacy and will investigate and attempt to resolve all complaints. We will only be able to answer favourably to any of the above requests related to the right to oppose, right of erasure and right of restriction provided that it does not interfere with or contradict a legal obligation of LU-CIX (e.g. legal obligation to keep the related personal data) or due to any other impediment that would justify that LU-CIX would not be able to grant such requests. LU-CIX undertakes to handle each request free of charge and within a reasonable timeframe (in any case no longer than 1 month).
You may also lodge a complaint with the data protection authority in Luxembourg, the Commission Nationale pour la Protection des Données (the “CNPD”), or with your local data protection authority if you do not reside in Luxembourg. The CNPD can be contacted as follows:
– Telephone: (+352) 26 10 60 – 1
– Website: https://cnpd.public.lu/en.html
– Web-form: https://cnpd.public.lu/en/particuliers/faire-valoir/formulaire-plainte.html
– Address: 1, avenue du Rock’n’Roll, L-4361 Esch-sur-Alzette, Luxembourg
7. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
Ensuring that personal data is appropriately protected from data breaches is a top priority for LU-CIX. We implement adequate technical and organizational security measures, such as, depending on the equipment, password protection, physical locks, etc., to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected.
Access to personal data is permitted to employees for the sole purpose of performing their professional duties. They are subject to a confidential obligation and are notably provided with training and documentation in order to improve their practical skills and knowledges on data protection issues.
9. CONTACT AND EXERCISE OF YOUR RIGHTS