“Personal data” means all information related to an identified or identifiable individual. An “identifiable” individual is one who can be directly or indirectly identified.
2. For The Data Processing Controller And Data Protection Officer
2.1 DATA CONTROLLER
Info Tech Solutions S.à.r.l.
33, rue Léon Kauffman
VAT number: LU 20393839
Tél. : +352 27 47 87 88
2.2 DATA PROTECTION OFFICER
If you have any questions about the processing of your personal or your rights to privacy, please contact the Data Protection Officer at the address indicated above, attn: Data Protection Officer, or at the following e-mail address email@example.com
3. Collecting And Storing Personal Data And How And Why We Use Such Data
Every time you open our website, your web browser will automatically send data to our website’s server for storage in server log files. Such data consist in information related to an identified or identifiable individual. The following information is stored in that way:
- your end device’s IP address,
- date and time of the website call (request to the host provider’s server),
- name and URL of the file called,
- URL of the website from which you called our website,
- type and version of the browser used,
- operating system used and the name of your access provider.
The purpose of such data processing is to ensure that our website can be properly opened and displayed on your end device. The information will also be used to optimise our website and ensure the security and stability of our systems.
The legal basis for the processing is GDPR Art. 6 (1) (f). We have a legitimate interest in providing you with a website adapted to your browser and end device. You have the right to object to supplying such information but your failure to do so may prevent you from using our website in whole or in part.
The processed information will be stored only as long as necessary for the intended purpose or for the statutory retention period.
The recipient of the information is the Server Host working in the framework of a data processing agreement.
Cookies can be used to store your input and settings on a website so that you do not have to indicate or enter the same information every time you visit a website. Cookies contain a “Cookie ID” which allows us to identify the end device on which the cookie was stored.
We use the following types of cookies on our website:
Session cookies, which make you and/or your end device identifiable while you are visiting our website. Session cookies are automatically deleted each time to leave our website.
The purpose of such processing is to make our website more convenient for you to use by allowing you to store your settings.
The legal basis for the processing is GDPR Art. 6 (1) (f). We have a legitimate interest in providing you with a website that stores your personal settings to make it easier for you to use our website.
For more information about how to delete cookies and/or change cookie settings in the most common browsers, check out the following links:
Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
Apple Safari: https://support.apple.com/kb/ph51411?locale=en_GB
Microsoft Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
3.3 Analytics tools: Google Analytics
We use Google Analytics, a web analytics service from Google Inc. (https://www.google.com/intl/en-GB/about/) (hereinafter “Google”). In that context, pseudonymised user profiles are created and cookies are used (see section 3.2.). The information generated by cookies concerning your use of our website is transferred to one of Google’s servers in the USA for storage.
You can prevent the installation of cookies by choosing the appropriate setting in your browser software (see our explanations in section 3.2).
You can download and install a browser add-on to prevent Google from recording information generated by cookies concerning your use of our website (https://tools.google.com/dlpage/gaoptout).
For more information about data protection related to Google Analytics, see the Google Analytics support page (https://support.google.com/analytics/?hl=en#topic=3544906).
3.4 Use of Google Web Fonts
We use external Google Fonts on our website.
Google Web Fonts are integrated through an interface to Google services. Integration of the Web Fonts sometimes allows Google to collect and process information (including personal data). We ourselves do not collect any data in connection with providing Google Fonts.
We integrate Google Fonts in pursuit of our legitimate interest and purpose of being able to display uniform fonts on your end device. The legal basis for the above-described processing is GDPR Art. 6 (1) (f). In addition, Google has a legitimate interest in using the collected (personal) information in order to improve its own services.
For more information, see https://developers.google.com/fonts/faq and www.google.com/policies/privacy/.
The information related to the analytics tools is used to analyse your use of our website in order to draw up reports on the website activities and provide other services related to use of our website to achieve a needs-based organisation of our website.
The above-mentioned tracking measures are used on our website on the basis of GDPR Article 6 (1) (f). The purpose of using tracking measures is to ensure a needs-based organisation and ongoing optimisation of our website in the pursuit of our legitimate interests. In addition, the tracking measures allow us to keep statistical records of the use of our website and to evaluate and optimise our goods’ and services’ offerings.
For more information on the specific purposes of data processing and data categories, see the privacy policies of the relevant analytics tools’ service providers.
3.5. Newsletters and other advertising
Subject to giving your consent pursuant to GDPR Article 6 (1) (a), we will use your e-mail address and other contact details in order to send you our newsletters and other advertisements with information about us, our products, services, activities and events. If you are already one of our customers, we are entitled to send you the above-mentioned information so long as you do not object.
In addition, we may send you advertising by post, subject to our right to object.
You may exercise your right to object at any time by sending an e-mail to firstname.lastname@example.org or by clicking on the unsubscribe link in the relevant communication.
3.6. Job applications
We also give you the option of sending us a job application.
If you wish to use that option to get in touch with us, we will collect your e-mail address and the relevant information concerning your job application. The purpose of such processing is to process your job application.
The legal basis for processing your e-mail address is GDPR Article 6 (1) (f) and (b). We have a legitimate interest in accepting and processing job applications and, if so desired, to take pre-contractual measures related to possible employment.
The applicant’s e-mail address and job application documents sent to us will be kept on file until we decide for or against hiring. In case the application is turned down, the related data will be deleted. In case of employment, the data processing information notice for employees will apply.
4. Subcontracted data processing
We work with the following web hosting and with analytics tools service providers:
These service providers work under data processing subcontracts that comply with the provisions of GDPR Article 28.
Personal information is not processed by us outside the EU.
The transmission and processing of personal data outside the EU by the service providers is performed in accordance with the rules of the GDPR on the basis of the adequate data protection measures described in the relevant third party privacy policies https://www.ovh.com/fr/protection-donnees-personnelles/gdpr.xml
5. Third party website links
Our website may contain links to external third-party websites. Data processing on other websites is carried out under the responsibility of the relevant third party, and such processing is therefore beyond our control. For more information, please refer to the privacy policies of the relevant third-party websites.
6. Data security
We protect our website and other systems by taking appropriate technical and organisational measures against the loss, destruction, access, modification or dissemination of your data by unauthorised persons. Despite such measures, complete protection against all risks is not possible given the nature of the internet.
7. Data subjects’ rights
Data subjects have certain rights subject to the conditions defined in the GDPR. Every data subject generally has the following rights:
- • Right of access by the data subject (GDPR Art. 15): you have the right to obtain information about the processing of your personal data and its main components.
- Right to rectification (Art. 16 GDPR): you have the right to demand rectification of data concerning you and/or completion of incomplete data.
- Right to object (GDPR Art. 21): insofar as your personal data is processed on the basis of legitimate interests within the meaning of GDPR Article 6 (1) (f), you have the right to object to such processing on grounds relating to your particular situation (without prejudice to our compelling legally protected interests) and/or to object to direct advertising. If you wish to exercise your right to object, you may send us an e-mail at the following address: email@example.com. We will keep a file in which the relevant information of the persons who have exercised their right to object will be processed in order to respect the data subject’s wishes. The information in the opt-out list will be stored for 3 years and then deleted.
- Right to erasure (GDPR Art. 17): under certain conditions, you have the right to erasure of your personal data stored by us, e.g., in case the personal data are no longer necessary in relation to the purposes for which they were collected or if you have made a legitimate objection to the data processing. The right to erasure is not always applicable, especially not if the processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing (GDPR Art. 18 et seq.): you have the right to obtain the restriction of the processing of your personal data under certain conditions, in particular if you contest the accuracy of the data but you do not wish to obtain erasure of the data; the information is no longer needed by us but you need the information for the establishment, exercise or defence of legal claims, or you have made a legitimate objection to the data processing
- Right to data portability (GDPR Art. 20): in certain cases defined by law, you have the right to receive your personal data that you supplied to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller.
We further inform you that the consent you may have given may be withdrawn at any time, in which case we will not be allowed to continue the data processing based on such consent in the future, without prejudice to the lawfulness of the processing that was performed on the basis of such consent prior to the time of withdrawal.
We reserve the right to obtain confirmation of your identity when you ask us for information and documents.
We encourage you to send us any requests or queries you may have concerning your rights to firstname.lastname@example.org. If you believe that the processing of your data is not compliant with the GDPR, you have the right to file a complaint with the competent data protection authority (cf. www.cnpd.lu).