The purpose of this privacy policy is to provide you with clear and transparent information about how we collect, use, store and protect your information when you use our site. We are committed to complying with current data protection legislation and to ensuring the security and confidentiality of your information.
Article 1 - Purpose
The present Charter has been drawn up by CIGL Hesperange (hereinafter referred to as "the data controller").
The purpose of this Charter is to inform visitors and users of the website hosted at www.arc-en-ciel.lu (hereinafter referred to as the "website") of the manner in which their data is collected and processed by the data controller.
The present Charter is part of the data controller's desire to act with complete transparency, in compliance with the law of December 8, 1992 relating to la protection de la vie privée à l'égard des traitements de données à caractère personnel et du règlement (UE) 2016/679 du Parlement européenen and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").
The data controller pays particular attention to the protection of the privacy of website users and therefore undertakes to take the reasonable precautions required to protect the data collected.cautions required to protect the personal data collected against loss, theft, disclosure or unauthorized use.
Should the user wish to react to any of the practices described below, he/she is invited to contact as a matter of priority the data controller at the postal address or e-mail address specified in the "contact details" section of this Charter.
Article 2 - Consent
By accessing and using the website, the user declares that he/she has read the information described below, accepts the present Charter and expressly consents to the data controller collecting and processing data in accordance with the methods and principles described in the present Charter.in accordance with the terms and principles described in this Charter, the personal data communicated via the website and/or in connection with the services offered on the website, for the purposes indicated below.
Where the processing of personal data is based on the user's consent, the user has the right to withdraw consent at any time. Withdrawal of consent does not compromise the lawfulness of processing prior to withdrawal.
Article 3 - What data do we collect?
By visiting the website and/or using the services offered by the data controller, the user expressly consents to the data controller collecting and processing the following personal data in accordance with the methods and principles described below:
the user's IP address (automatically detected by the data controller's server), including dynamic IP address ;
the user's e-mail address, if the user has previously disclosed it, for example by communicating with the data controller by e-mail, ... ;
all information concerning the pages consulted by the user on the website
The data controller may also collect non-personal data. This data is considered non-personal because it does not directly or indirectly identify a specific individual. It may therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered or the advertising of the data controller.
In the event of non-personal data being combined with personal data in such a way as to enable identification of the persons concerned, such data will be processed in such a way as to enable identification of the persons concerned.if non-personal data is combined with personal data in such a way as to make it possible to identify the persons concerned, such data will be treated as personal data until such time as it is impossible to associate it with a specific person.
Article 4 - Collection methods
The data controller collects personal data in the following ways:
via the contact form ;
via registration on the website;
by using the services offered by the data controller on the website.
Article 5 - Purposes of processing
Personal data is collected and processed solely for the purposes mentioned below:
The data controller may be required to carry out processing operations that are not yet provided for in the present Charter. In this case, the data controller will contact the user before re-using his/her personal data, in order to inform him/her of the changes and give him/her the opportunity, where applicable, to refuse such re-use.
Article 6 - Retention period
The data controller keeps personal data only for as long as is reasonably necessary for the purposes for which it is to be used and in accordance with legal and regulatory requirements.
Where personal data is collected and processed as part of the performance of a contract, the user's data is kept for a maximum of 3 years after the end of the contractual relationship between the user and the data controller.
At the end of the retention period, the data controller makes every effort to ensure that the personal data has been rendered unavailable (anonymous).
Article 7 - Data access and copying
By means of a written, dated and signed request sent to the data controller at the address given in the "contact details" section of this Charter, the user may, after providing proof of identity (e.g., by sending an e-mail to the address given in the "contact details" section of this Charter), obtain a copy of his or her personal data.s identity (by enclosing a copy of his or her identity card), the user may obtain, free of charge, written communication or a copy of the personal data concerning him or her that has been collected.
The data controller may charge a reasonable fee based on administrative costs for any additional copies requested by the user.
Where the user makes such a request electronically, the information will be provided in a commonly used electronic form, unless the user requests otherwise.
The user will be sent a copy of his or her data no later than one month after receipt of the request. This period may be extended by two months, depending on the complexity and number of requests. The data controller will inform the user of this extension and the reasons for the postponement within one month of receipt of the request.
Article 8 - Right of rectification
A written, dated and signed request may be sent to the data controller at the address given in the "contact data" section of this Charter.of the present Charter, the user may, after providing proof of identity (by enclosing a copy of his or her identity card), obtain free of charge, within a period of three months from the date of receipt of the request.within one month at the latest, to rectify any personal data that may be inaccurate, incomplete or irrelevant, and to complete such data if it proves to be incomplete. The one-month period may be extended by two months, depending on the complexity and number of requests. The data controller will inform the user of this extension and the reasons for the postponement within one month of receipt of the request.
Article 9 - Right to object to processing
By means of a written, dated and signed request sent to the data controller at the address given in the "contact details" section of the present Charter, the user may, at any time, for reasons relating to his or her particular situation and after proving his or her identity (e.g. by sending a letter to the address given in the "contact details" section of the present Charter), object to the processing of his or her personal data.s identity (by enclosing a copy of his or her identity card), object free of charge to the processing of his or her personal data, where such processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party. The data controller may refuse to implement the user's right to object if it establishes the existence of compelling and legitimate grounds for the processing, which are necessary for the purposes of the legitimate interests pursued by the data controller or by a third party.legitimate reasons justifying the processing, which override the interests or rights and freedoms of the user, or for the establishment, exercise or defense of legal claims. In the event of a dispute, the user may lodge a complaint in accordance with the "Complaints" section of this Charter.
The data controller is obliged to respond to the user's request as soon as possible, and within one month at the latest, and to give reasons if it intends not to comply with such a request. This period may be extended by two months, depending on the complexity and number of requests. The data controller will inform the user of this extension and the reasons for the postponement within one month of receipt of the request.
Article 10 - Right to limit processing
By means of a written, dated and signed request sent to the data controller at the address given in the "contact details" section of this Charter, the user may, after providing proof of his identity (e.g., by sending a letter to the address given in the "contact details" section of this Charter), request that the data processing be restricted.s identity (by enclosing a copy of his or her identity card), obtain the limitation/suspension of the processing of his or her personal data in the cases listed below:
Where processing has been suspended in accordance with this provision, the user's personal data may, with the exception of storage, only be processed with the user's consent, or for the purpose of ascertaining the identity of the user.or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or on important grounds of public interest of the European Union or one of its Member States.
The data controller will inform the user when the limitation/suspension of processing is lifted.
Article 11 - Right to erasure (right to be forgotten)
By means of a written, dated and signed request sent to the data controller at the address referred to in the "contact details" section of this Charter, the user may, after providing proof of his or her identity (e.g., by sending a letter to the address referred to in the "contact details" section of this Charter), request the data controller to delete it.s identity (by enclosing a copy of his or her identity card), obtain the deletion of personal data concerning him or her, when one of the following reasons applies:
However, data erasure does not apply in the following 5 cases:
The data controller is obliged to respond to the user's request as soon as possible, and within one month at the latest, and to give reasons if it intends not to comply with such a request. This period may be extended by two months, depending on the complexity and number of requests. The data controller will inform the user of this extension and of the reasons for the postponement within one month of receipt of the request.
The user also has the right, under the same terms and conditions, to obtain, free of charge, the deletion or prohibition of use of any personal data concerning him or her which, given the purpose of the processing, is incomplete or irrelevant, or the use of which is incompatible with the purpose of the processing.the recording, communication or storage of which would be prohibited or which would have been stored beyond the necessary and authorized period.
Article 12 - Right to data portability
By means of a written, dated and signed request sent to the data controller at the address referred to in the "contact details" section of this Charter, and after having provided proof of identity (by enclosing a legible copy of his or her identity card), the user may, at any time, request the processing of his or her personal data.identity card), the user may, at any time, request to receive, free of charge, his/her personal data in a structured, commonly used and machine-readable format, with a view, in particular, to transmitting it to another data controller, when :
Under the same conditions and according to the same procedures, the user has the right to obtain from the data controller that personal data concerning him be transmitted directly to another data controller, insofar as this is technically possible.
Article 13 - Recipients of data and disclosure to third parties
The recipients of the data collected and processed are, in addition to the data controller itself, its employees or other subcontractors, its carefully selected commercial partners, located in Belgium or abroad.located in Belgium or in the European Union, who collaborate with the data controller in the context of marketing products or providing services on the website.
In the event that the user has consented to his/her data being disclosed to third parties for direct marketing or prospecting purposes, he/she may - by means of a written, dated and signed request - opt out of such disclosure. by means of a written, dated and signed request sent to the data controller at the address given in the " contact details" of this Charter - withdraw his or her consent at any time, after providing proof of identity (by enclosing a copy of his or her identity card), and thus oppose the future transmission of his or her data to third parties for direct marketing or canvassing purposes.
The data controller complies with the legal and regulatory provisions in force, and will in all cases ensure that its partners, employees, subcontractors and other third parties with access to personal data comply with the present Charter.
The data controller reserves the right to disclose the user's personal data in the event that a law, legal proceedings or an order from a public authority makes such disclosure necessary.
No personal data is transferred outside the European Union.
Article 14 - Security
The data controller implements appropriate technical and organizational measures in order to guarantee a level of security for the processing and data collected that is appropriate to the risks presented by the processing and the nature of the data to be protected. It takes into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks to users' rights and freedoms.
The data controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.
The data controller has implemented appropriate security measures to protect and prevent the loss, misuse or alteration of information received via the website.
Article 15 - Complaints
If the user considers that the data controller is not complying with this Charter or with the relevant regulations, he/she is invited to contact the data controller as a matter of priority at the address given in the "contact details" section of this Charter.
The user may lodge a complaint with the Commission luxembourgeoise pour la Protection de la Vie Privée at the following address:
COMMISSION NATIONALE POUR LA PROTECTION DES DONNÉES
1, avenue du Rock'n'Roll
L-4361 Esch-sur-Alzette
Tel: +352 26 10 60 1
For further information on complaints and possible means of redress, the user is invited to consult the following address of the Commission luxembourgeoise pour la Protection de la Vie Privée:
https://cnpd.public.lu/fr/droits/faire-valoir/formulaire-plainte.html
Article 16 - Contact details
For any questions and/or complaints, in particular concerning the clarity and accessibility of this Charter, the user may contact the data controller:
Article 17 - Applicable law and jurisdiction
The present Charter is governed by Luxembourg law.
Any dispute relating to the interpretation or execution of this Charter shall be subject to Luxembourg law.
Article 18 - Final provision
The data controller reserves the right to modify the provisions of this Charter at any time. Amendments will be published with a notice of their entry into force.
Last update: May 14, 2018