“Personal data” means all information related to an identified or identifiable individual. An “identifiable” individual is one who can be directly or indirectly identified.
2. For The Data Processing Controller And Data Protection Officer
2.1 DATA CONTROLLER
The personal data processing controller is:
Tareno (Luxembourg) S.A.
3, rue de la Poste L-2346 Luxembourg
Tel : +352 26 86 67 1
E-mail : firstname.lastname@example.org
RCS Luxembourg B 107055
N° TVA LU 20592366
2.2 DATA PROTECTION OFFICER
If you have any questions about the processing of your personal or your rights to privacy, please contact the Data Protection Officer at the address indicated above, attn: Data Protection Officer, or at the following e-mail address email@example.com
3. Collecting And Storing Personal Data And How And Why We Use Such Data
Each time you open our website, the browser you are using on your end device will automatically send data to our website’s server for storage in server log files. Such data consist in information related to an identified or identifiable individual. The following information is stored in that way:
- your end device’s IP address,
- date and time of the website call (request to the host provider’s server),
- name and URL of the file called,
- URL of the website from which you called our website,
- type and version of the browser used,
- operating system used and the name of your access provider.
The purpose of such data processing is to ensure that our website can be properly opened and displayed on your end device. The information will also be used to optimise our website and ensure the security and stability of our systems.
The legal basis for the processing is GDPR Art. 6 (1) (f). We have a legitimate interest in providing you with a website adapted to your browser and end device. You have the right to object to supplying such information but your failure to do so may prevent you from using our website in whole or in part.
The processed information will be stored only as long as necessary for the intended purpose or for the statutory retention period.
The recipient of the information is the Server Host working in the framework of a data processing agreement.
Cookies can be used to store your input and settings on a website so that you do not have to indicate or enter the same information every time you visit a website. Cookies contain a “Cookie ID” which allows us to identify the end device on which the cookie was stored.
We use the following types of cookies on our website:
Session cookies, which make you and/or your end device identifiable while you are visiting our website. Session cookies are automatically deleted each time to leave our website.
The purpose of such processing is to make our website more convenient for you to use by allowing you to store your settings.
The legal basis for the processing is GDPR Art. 6 (1) (f). We have a legitimate interest in providing you with a website that stores your personal settings to make it easier for you to use our website.
For more information about how to delete cookies and/or change cookie settings in the most common browsers, check out the following links:
Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
Apple Safari: https://support.apple.com/kb/ph51411?locale=en_GB
Microsoft Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
4. Third Party Website Links
Our website may contain links to external third-party websites. Data processing on other websites is carried out under the responsibility of the relevant third party, and such processing is therefore beyond our control. For more information, please refer to the privacy policies of the relevant third-party websites.
5. Data Security
We protect our website and other systems by taking appropriate technical and organisational measures against the loss, destruction, access, modification or dissemination of your data by unauthorised persons. Despite such measures, complete protection against all risks is not possible given the nature of the internet.
6. Data Subjects’ Rights
Data subjects have certain rights subject to the conditions defined in the GDPR. Every data subject generally has the following rights:
- Right of access by the data subject (GDPR Art. 15): you have the right to obtain information about the processing of your personal data and its main components.
- Right to rectification (Art. 16 GDPR): you have the right to demand rectification of data concerning you and/or completion of incomplete data.
- Right to object (GDPR Art. 21): insofar as your personal data is processed on the basis of legitimate interests within the meaning of GDPR Article 6 (1) (f), you have the right to object to such processing on grounds relating to your particular situation (without prejudice to our compelling legally protected interests) and/or to object to direct advertising. If you wish to exercise your right to object, you may send us an e-mail at the following address: firstname.lastname@example.org. We will keep a file in which the relevant information of the persons who have exercised their right to object will be processed in order to respect the data subject’s wishes. The information in the opt-out list will be stored for 3 years and then deleted.
- Right to erasure (GDPR Art. 17): under certain conditions, you have the right to erasure of your personal data stored by us, e.g., in case the personal data are no longer necessary in relation to the purposes for which they were collected or if you have made a legitimate objection to the data processing. The right to erasure is not always applicable, especially not if the processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing (GDPR Art. 18 et seq.): you have the right to obtain the restriction of the processing of your personal data under certain conditions, in particular if you contest the accuracy of the data but you do not wish to obtain erasure of the data; the information is no longer needed by us but you need the information for the establishment, exercise or defence of legal claims, or you have made a legitimate objection to the data processing.
- Right to data portability (GDPR Art. 20): in certain cases defined by law, you have the right to receive your personal data that you supplied to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller.
We further inform you that the consent you may have given may be withdrawn at any time, in which case we will not be allowed to continue the data processing based on such consent in the future, without prejudice to the lawfulness of the processing that was performed on the basis of such consent prior to the time of withdrawal.
We reserve the right to obtain confirmation of your identity when you ask us for information and documents.
We encourage you to send us any requests or queries you may have concerning your rights to email@example.com e-mail address (of the Data Protection Officer if applicable)]. If you believe that the processing of your data is not compliant with the GDPR, you have the right to file a complaint with the competent data protection authority (cf. www.cnpd.lu).