We appreciate your visit on our website https://www.eips.lu and your interest in our company.
The protection of your personal data such as your ip-number, your date of birth, your name, telephone number and your address, etc. is important to us.
The controller within the meaning of Art. 4 (7) GDPR is the person who alone or jointly with others decides on the purposes and means of processing personal data.
With regard to our website the responsible person is:
European Institute for Privacy and Security S.à r.l.
9, Avenue du Blues
2. Creation of log files
Each time you access our website, our system automatically collects data and information of your accessing device. The processing of personal data carried out in this context is as follows:
- Scope of the processing and personal data processed
(1) Information concerning the browser type and the Browser version used
(2) The operating system of the accessing device
(3) The IP address of the accessing device
(4) Date and time of access
(5) Websites and resources (images, files, additional page content) which were accessed
(6) Websites which refers to our website and which directed the users device to our website (referrer tracking)
This data is stored in the log files of our system. This data is not stored together with personal data of a specific user in such a way that individual users can be identified.
- Legal basis for the processing of personal data
Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in the following, outlined purpose.
- Purpose of data processing
Logging is carried out for maintaining compatibility as far as possible, for combating misuse and for troubleshooting reasons. In order to achieve those purposes it is necessary to log the technical data of the accessing devices. We also use this technical data to optimize the website and to ensure the security of our IT-systems.
The aforementioned technical data is erased as soon as it is no longer required to achieve the aforementioned purposes, but at the latest 3 months following the use of our website.
- Possibility to object and demand deletion
3. Data security and data protection, communication by e-mail
Your personal data is protected by technical and organizational measures during collection, storage and processing such that they are not accessible to third parties. In case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so that we recommend encrypted communication or mail for information with a high confidentiality requirement.
4. Right to access and correct data - deletion of data – limitation of processing -withdrawal of consents - right to object
Right of access
You have the right to request confirmation as to whether we process your personal data. If this is the case, you have a right of access and information specified in art. 15(1) GDPR, provided that the rights and freedoms of other persons are not infringed (art. 15(1) GDPR). We will also be happy to provide you with a copy of the data.
Right to correction
Pursuant to art. 16 GDPR, you have the right to have incorrectly stored personal data (such as address, name, etc.) corrected by us at any time.
Right to erasure
Pursuant to art. 17(1) GDPR, you have the right to demand that we delete the personal data collected about you in the following cases:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing
- you have objected to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR
- the personal data have been unlawfully processed
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
- the personal data have been collected in relation to the offer of information society services referred to in art. 8 (1) GDPR
Pursuant to art. 17(3) GDPR, the right does not exist insofar as the processing is necessary for the exercise of the right to freedom of expression and information. Moreover, it does not exist if it has been collected on the basis of a legal obligation, or if the data serve the assertion, exercise or defence of legal claims.
Right to limitation of processing
According to art. 18(1) GDPR you have the right in individual cases to demand the restriction of the processing of your personal data.
This is the case if
- the accuracy of the personal data is disputed
- the processing is unlawful
- the data are no longer required for the processing purpose but are used for the assertion, exercise or defence of legal claims
- an objection has been filed against the processing pursuant to art. 21(1) GDPR and it is still unclear which interests predominate.
Right to withdraw consent
If you have given us express permission to process your personal data (art. 6(1) a GDPR or art. 9(2)(a) GDPR), you can withdraw it at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this.
Right to object to data processing
Pursuant to art. 21 GDPR, you may at any time object to the processing of your personal data if such processing is carried out on the basis of art. 6(1)(f) GDPR e.g. where the processing is carried out on the basis of the legitimate interests.
How can I obtain my rights?
You can obtain your rights, if you inform us:
European Institute for Privacy and Security S.à r.l.
9, Avenue du Blues
L-4368 Belval, Luxembourg
5. Data Portability
You have the right to receive the personal data that you have transmitted to us in a structured, common and machine-readable format and transfer it to another data controller provided that:
- the processing is based on consent pursuant to art. 6(1)(a) GDPR or a contract pursuant art. 6(1)(b) GDPR ; and
- the processing is carried out by automated means.
You can also request your personal data to be directly transferred to another controller, insofar as this is technically feasible. The exercise of this right shall not adversely affect the rights and freedoms of others.
6. Right to lodge a complaint to the CNPD or any other competent supervisory authority
If you suspect that your data is being illegally processed on our site, you can take legal actions in order bring the problem to a judicial clarification. This option does not interfere with any other legal option you might have.
Regardless of this, you have the option of contacting the CNPD or any other competent supervisory authority. You have the right to lodge a complaint to the competent supervisory authority in the EU Member State of your place of residence, workplace and/or place of alleged infringement, i.e. you can choose the supervisory authority to which you will be lodging a complaint in the above places. The supervisory authority to which the complaint was submitted will then inform you of the status and results of your complaint, including the possibility of a judicial remedy under art. 78 GDPR.