The European Institute
for Privacy & Security SARL

Belval: Global Data Security & Privacy from the Heart of Europe

Privacy protection

Privacy Policy

We appreciate your visit on our website https://www.eips.lu and your interest in our company.

The protection of your personal data such as your ip-number, your date of birth, your name, telephone number and your address, etc. is important to us.

The purpose of this Privacy Policy is to inform you about the personal data we collect when you visit our site and how we use it.

The purpose of this privacy policy is to inform you about the processing of your personal data that we collect when you visit our website. Our data protection practice is in accordance with the legal regulations of the EU General Data Protection Regulation (GDPR). The following data protection declaration serves to fulfil the information obligations resulting from the GDPR. These can be found, for example, in Art. 13, Art. 14 GDPR.

1. Controller

The controller within the meaning of Art. 4 (7) GDPR is the person who alone or jointly with others decides on the purposes and means of processing personal data.

With regard to our website the responsible person is:

European Institute for Privacy and Security S.à r.l.
9, Avenue du Blues
L-4368 Belval
Luxembourg

E-Mail: contact@eips.lu
Tel.: +49-6445-4189978

2. Creation of log files

Each time you access our website, our system automatically collects data and information of your accessing device. The processing of personal data carried out in this context is as follows:

  • Scope of the processing and personal data processed

(1) Information concerning the browser type and the Browser version used
(2) The operating system of the accessing device
(3) The IP address of the accessing device
(4) Date and time of access
(5) Websites and resources (images, files, additional page content) which were accessed
(6) Websites which refers to our website and which directed the users device to our website (referrer tracking)

This data is stored in the log files of our system. This data is not stored together with personal data of a specific user in such a way that individual users can be identified.

  • Legal basis for the processing of personal data
Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in the following, outlined purpose.

  • Purpose of data processing
Logging is carried out for maintaining compatibility as far as possible, for combating misuse and for troubleshooting reasons. In order to achieve those purposes it is necessary to log the technical data of the accessing devices. We also use this technical data to optimize the website and to ensure the security of our IT-systems.

  • Duration of storage
The aforementioned technical data is erased as soon as it is no longer required to achieve the aforementioned purposes, but at the latest 3 months following the use of our website.

  • Possibility to object and demand deletion
You may object to this processing according to art. 21 GDPR and demand deletion of data according to art. 17 GDPR by following the indications under point 9 of this Privacy Policy.

3. Data security and data protection, communication by e-mail

Your personal data is protected by technical and organizational measures during collection, storage and processing such that they are not accessible to third parties. In case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so that we recommend encrypted communication or mail for information with a high confidentiality requirement.

4. Right to access and correct data - deletion of data – limitation of processing -withdrawal of consents - right to object

Right of access

You have the right to request confirmation as to whether we process your personal data. If this is the case, you have a right of access and information specified in art. 15(1) GDPR, provided that the rights and freedoms of other persons are not infringed (art. 15(1) GDPR). We will also be happy to provide you with a copy of the data. Right to correction Pursuant to art. 16 GDPR, you have the right to have incorrectly stored personal data (such as address, name, etc.) corrected by us at any time.

Right to erasure

Pursuant to art. 17(1) GDPR, you have the right to demand that we delete the personal data collected about you in the following cases:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing
  • you have objected to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR
  • the personal data have been unlawfully processed
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
  • the personal data have been collected in relation to the offer of information society services referred to in art. 8 (1) GDPR

Pursuant to art. 17(3) GDPR, the right does not exist insofar as the processing is necessary for the exercise of the right to freedom of expression and information. Moreover, it does not exist if it has been collected on the basis of a legal obligation, or if the data serve the assertion, exercise or defence of legal claims.

Right to limitation of processing

According to art. 18(1) GDPR you have the right in individual cases to demand the restriction of the processing of your personal data.
This is the case if

  • the accuracy of the personal data is disputed
  • the processing is unlawful
  • the data are no longer required for the processing purpose but are used for the assertion, exercise or defence of legal claims
  • an objection has been filed against the processing pursuant to art. 21(1) GDPR and it is still unclear which interests predominate.

Right to withdraw consent

If you have given us express permission to process your personal data (art. 6(1) a GDPR or art. 9(2)(a) GDPR), you can withdraw it at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this.

Right to object to data processing

Pursuant to art. 21 GDPR, you may at any time object to the processing of your personal data if such processing is carried out on the basis of art. 6(1)(f) GDPR e.g. where the processing is carried out on the basis of the legitimate interests.

How can I obtain my rights?

You can obtain your rights, if you inform us:
European Institute for Privacy and Security S.à r.l.
9, Avenue du Blues
L-4368 Belval, Luxembourg

E-Mail: contact@eips.lu
Tel.: +49-6445-4189978

5. Data Portability

You have the right to receive the personal data that you have transmitted to us in a structured, common and machine-readable format and transfer it to another data controller provided that:
  • the processing is based on consent pursuant to art. 6(1)(a) GDPR or a contract pursuant art. 6(1)(b) GDPR ; and
  • the processing is carried out by automated means.
You can also request your personal data to be directly transferred to another controller, insofar as this is technically feasible. The exercise of this right shall not adversely affect the rights and freedoms of others.

6. Right to lodge a complaint to the CNPD or any other competent supervisory authority

If you suspect that your data is being illegally processed on our site, you can take legal actions in order bring the problem to a judicial clarification. This option does not interfere with any other legal option you might have.

Regardless of this, you have the option of contacting the CNPD or any other competent supervisory authority. You have the right to lodge a complaint to the competent supervisory authority in the EU Member State of your place of residence, workplace and/or place of alleged infringement, i.e. you can choose the supervisory authority to which you will be lodging a complaint in the above places. The supervisory authority to which the complaint was submitted will then inform you of the status and results of your complaint, including the possibility of a judicial remedy under art. 78 GDPR.