Privacy Policy

For INCERT GIE it is an essential goal to ensure that we protect the information entrusted to us by you, our customers and the users of our INCERT website and services.

INCERT GIE committed to process your personal data in compliance with applicable data protection laws, including as of 25 May 2018:

• The General Data Protection Regulation (“GDPR”); and

• The amended Luxembourg Law of 30 May 2005 on the protection of persons with regard to the processing of personal data in the field of electronic means of communication.

This Policy sets out the principles and guidelines for the protection of your Personal Data, which include the Personal Data collected on – or by means of – the Websites. INCERT GIE collects Personal Data online (including by e-mail) or offline; this Policy is applicable regardless of the means of collection or processing.

The notion of Personal Data refers to all information relating to an identified or identifiable natural person. An “identifiable” person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to them.

INCERT GIE, a Luxembourg public organization, established at L-3372 Leudelange, 15 rue Léon Laval, and registered with the Luxembourg Trade and Companies Register under the number C101 is the data controller responsible for your Personal Data.

We process your personal data for one of the following purposes:

• For the performance of a contract that you or your organization are a part of and to provide our services based on your instructions;

• For the compliance of our legal obligations and to keep records of our compliance processes or tax records;

• To pursue our legitimate interests, or those of a third-party recipient of your personal data, in a way which is reasonably expected as part of running INCERT GIE, which is not detrimental to you and has minimal impact on your privacy;

• To provide you with information you have registered for, i.e. where you have expressly provided us with your consent to process your personal data in that manner.

INCERT GIE processes the following types of personal data about its clients and contacts:

• Contact information (e.g. name, surname, professional and personal addresses, mail and telephone number);

• Identification data and personal information (e.g. preferred language, job title, organization);

• Professional information (e.g. job function, identity of your employer, department, organization name);

• Any other personal data provided to INCERT GIE and allowing INCERT GIE to perform its contractual duties.

We collect personal data directly from you or your organization when:

• You, or your organization uses any of our services and provides us with personal data relating to you, your company, your employees, your suppliers or other involved third parties;

• You or your organization offer(s) to provide or provide(s) services to us;

• You correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our staff.

• You or your organization browse(s), complete(s) a form or make(s) an enquiry or otherwise interact(s) on our website or other Social Media;

INCERT GIE processes client’s and contact’s Personal Data, based on the following legal grounds and for the following purposes:

• To provide the clients with the services requested by them;

  • Processing is necessary for the performance of a contract to which the data subject is party.

  • Processing is necessary for the establishment, exercise or defense of legal claims.

• To deal with communications received from clients and contacts via phone or email, and responding to client’s or contact’s queries;

  • Processing is necessary for the performance of a contract to which the data subject is party.

  • Processing is necessary to pursue the legitimate interests of the controller.

• To comply with applicable laws and regulations;

  • Processing is necessary for compliance with a legal obligation to which the controller is subject.

• To process clients related claims;

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller.

• To maintain and update our list of contacts;

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller.

• To manage INCERT GIE relationships with its clients and contacts;

  • Processing is necessary for the performance of a contract to which the data subject is party.

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller.

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for INCERT GIE to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.

If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us at dpo@incert.lu.

Upon expiry of the applicable retention period, we will securely destroy your personal data in accordance with applicable laws and regulations.

INCERT GIE has taken the appropriate technical security and organizational measures to protect the personal data from loss, abuse and unauthorized access.

Furthermore, access to personal data has only been granted to the individuals at INCERT GIE that need to process the personal data in accordance with the purposes that have been stated above.

INCERT GIE does not disclose any client related information unless we are required by law or with your prior consent.

We have also put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.

The law gives you certain rights in respect of the information that we hold about you. Below are your rights:

• Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal Personal Data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the Personal Data held about you. If you wish to do this, please contact us using the contact details provided above.

• Accuracy: We aim to keep your Personal Data accurate, current, and complete. We encourage you to contact us to let us know if any of your Personal Data is not accurate or changes, so that we can keep your Personal Data up-to-date.

• Objecting: In certain circumstances, you also have the right to object to processing of your Personal Data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your Personal Data, please contact us.

• Porting: You have the right to request that some of your Personal Data is provided to you, or to another data controller, in a commonly used, machine-readable format.

• Erasure: You have the right to ask us to erase your Personal Data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.

• Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority (https://cnpd.public.lu/fr.html), or to seek a remedy though the courts.

• Right to withdraw consent: If you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent at any time.

When we transfer your information to other countries, we will use, share and safeguard that information as described in this Policy. To our services, we may transfer the personal information we collect to countries outside of the EEA which do not provide the same level of data protection as Luxembourg and are not recognized by the European Commission as providing an adequate level of data protection.

We only transfer Personal Data to these countries when it is necessary for the services, we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses.

What are cookies?

Cookies are small text files that website stores on a browser when they visit the website. Websites use them for multiple purposes like storing login statuses, remembering the cart items in an e-commerce store, identifying whether a user is a new visitor or returning user, or analyzing the user behavior on the website, etc.

Why do we use cookies?

Incert.lu does not collect any cookies.

We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your Personal Data or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.

If you have any questions about our use of your Personal Data, or if you want to exercise your rights, you can contact our data privacy team. The best way to do this is by email to dpo@incert.lu, but if you prefer you can also write to us at: Data Protection Team, 15 rue Léon Laval, Leudelange, Luxembourg.