Data protection policy

APSI is a non-profit organization whose field of activity is the protection of material and moral professional interest of its members, to extend and improve the institutions of the information society professions, we attach great importance to the protection of personal data.

The main goal of our policy is to explain how APSI is going to process the personal data of the following:

  • Natural persons who are members of APSI and representatives/executives of legal entities who are members of APSI ( “Members of APSI”)
  • Visitors of the http://www.apsi.lu/ website (the“Website”)
  • Visitors of the Website and groups of APSI on social media
  • Attendees to events organized by APSI (attendees and panellists),

APSI processes your personal data in accordance with the applicable legislations, particularly:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”);
  • The Act of 1 August 2018 on the organisation of the National Data Protection Commission and the general data protection framework.

Our personal data protection policy particularly covers the following issues:

  1. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?
  2. HOW DO WE USE YOUR PERSONAL DATA?
  3. HOW DO WE COLLECT YOUR PERSONAL DATA?
  4. WHO HAS ACCESS TO YOUR PERSONAL DATA AND WHO DO WE SHARE YOUR PERSONAL DATA WITH?
  5. HOW DO WE PROTECT YOUR PERSONAL DATA?
  6. WILL YOUR PERSONAL DATA BE TRANSFERRED?
  7. WHAT ARE YOUR RIGHTS?

We reserve the right to update our personal data protection policy in line with any changes in legislation or in the way we treat your personal data. Every modification made will be notified on the Website and by email.

Please visit our Website frequently to be aware of any changes and modification to our policy.

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

The controller of your personal data is APSI, which is established and has its head office at, L-2680 Luxembourg, 10, rue de Vianden registered at the Trade and Company Register of Luxembourg (Registre de Commerce et des Sociétés, Luxembourg) under the registration number F2052, represented by its Board of Directors.

For any further questions on how we treat your personal data, and about your rights detailed below at point 7, you can contact us here:

  • Telephone: 00352 20601110
  • Email: privacy@apsi.lu;
  • Address: APSI, 10, rue de Vianden, L-2680 Luxembourg.

The chart below explains how we use your personal data, being (i) the different types of data being processed, (ii) the persons concerned, (iii) the legitimate purpose, (iv) the legal basis of the treatment and (v) the duration of the storage.

HOW DO WE USE YOUR PERSONAL DATA?

WHAT? Types of data processed WHO? Persons concerned WHY? Purpose ON WHAT GROUNDS? Legal basis FOR HOW LONG? Maximum duration of storage
Identification and contact data (family name, first name, address (street name and number, zip code, town, post office box), Website address, telephone and fax number, email, signature);Data in relation to professional life (position, field of activity, member of a legal entity);Data in relation to the membership (date of membership to APSI, position held within APSI);Financial Data  (banking details, amount of the contribution due, date of payment, payment delays for the contribution, reminder of possible payment delays for the contribution).   Members of APSI   Bureaucratic management of the members and of the contributions;   Bureaucratic management of APSI, being:The publication of the list of members on the Website;The organization of the general assembly and the organization of the board of directors;the management of complaints and disputes. The processing is necessary to: the execution of a contract to which the person concerned is a signatory or the execution of pre-contractual measures taken at the request of the person concerned;for the legitimate interests pursued by APSI, namely the interest in ensuring the optimal management of  APSI. 2 year after: having left APSI;the expulsion of a Member of APSI.
Data contained in the contract form (name, email, corporate affiliation, messages, Website);   Members of APSI; Visitors of the Website. Management of the Website     The processing is necessary to: the execution of a contract to which the person concerned is signatory or the execution of pre-contractual measures taken at the request of the person concerned; for the legitimate interests pursued by APSI, namely the interest in improving the functioning of the Website. 6 months after the processing of the contact request.    
Identification and contact data (family name, first name, email address);Data associated with the profile on social networks (e.g. photos);Comments, observations;Content shared on the page/within the APSI group.   Members of APSI; Visitors to the APSI Website and groups on social networks (e.g. LinkedIn, Facebook and Twitter. Management of the Website pages and groups on social media (Twitter, LinkedIn, Facebook) The processing is necessary to: the execution of a contract to which the person concerned is a signatory or the execution of pre-contractual measures taken at the request of the person concerned; for legitimate interests pursued by APSI, namely the interest in sharing information (news, events, initiatives) related to APSI’s field of activity. To be determined on a case-by-case basis.  
Pictures taken during events. Members of APSI; Attendees of events organized by APSI (attendees and panellists). Publications of pictures on the APSI Website and on social media.   The processing is based on the consent of each data subject. Until the withdrawal of the consent.
Identification and contact data (family name, first name, email address);Data in relation to professional life (position, field of activity, member of a legal entity);Data in relation to the intervention within the framework of the event (addressed subject matter, content of the presentation, comments, observations);Food preferences (if a meal is offered).  Members of APSI; Attendees of events organized by APSI (attendees and panellists). Organisation and management of events (conferences, workshops, training, work meetings)     The processing is necessary for the execution of a contract to which the person concerned is a signatory or the execution of pre-contractual measures taken at the request of the person concerned. 6 months after the end of the event.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data:

  • directly from you;
  • from members of APSI presenting their application to APSI;
  • from members/participants to APSI events;
  • through the use of certain features on the Website and social media (Twitter, LinkedIn, Facebook).

WHO HAS ACCESS TO YOUR PERSONAL DATA AND WHO DO WE SHARE YOUR PERSONAL DATA WITH?

APSI process personal data in an absolute confidentiality in order to meet the purposes described in the table above. APSI is committed in all circumstances, towards the data subject, to an obligation of discretion, and to ensure that all its employees and collaborators act under the same restriction.

We might share your personal data with some of our trusted third parties or specific receivers, including:

  • other members of APSI, visitors or guests involved in the activities of APSI;
    • panellists and guests of events;
    • third party service providers (catering, event organization, valet parking etc.);
    • the IT system provider based in Luxembourg.

Finally, if necessary, we may transmit certain personal data to administrations, our advisors, bailiffs, police officers, etc., in order to comply with legal or regulatory requirements to which we are subject, to assert or exercise our rights in court. These third parties may receive or have access to certain personal data for different purposes, each according to their roles, in accordance with such purposes.

HOW DO WE PROTECT YOUR PERSONAL DATA?

We commit to implement appropriate technical and organisational measures to ensure an appropriate level of security to prevent the destruction, loss, alteration, unauthorised disclosure or unauthorised access to your personal data that is transmitted, stored or processed in any other way.

WILL YOUR PERSONAL DATA BE TRANSFERRED?

In general, your personal data is not transferred to a third country outside the European Economic Area (“EEA”), or any international organisation.

However, if strictly necessary for the purposes defined in this policy, we may transfer your personal data to countries outside the European Economic Area, which may not offer the same level of data protection as in the Grand Duchy of Luxembourg.

WHAT ARE YOUR RIGHTS?

The GDPR gives you specific rights according to the legal basis on which APSI bases the processing of your personal data.

In this context, you have the following rights:

A right of access: upon request you have the right to receive from us:

  • the confirmation that your personal data is being processed or not;
  • if we are processing your personal data, a copy of your personal data and information on how we process the data (e.g. purposes of the processing, categories of data, beneficiaries, storage period).

A right of rectification: upon request you have the right to receive from us:

  • the rectification of wrongful personal data concerning you;
  • the completion of any personal data concerning you that is incomplete, including through a supplementary statement.

A right to the erasure of your data: upon request you have the right to receive from us the erasure of your personal data if:

  • that personal data is no longer needed, or
  • if the data has been processed illegally. This right is not absolute: in some cases your personal data will not be deleted, for example if we need it to exercise and defend our legal rights.

A right to limit the processing: upon request you have the right to receive from us a limitation on the processing of your personal data in certain situations, for example:

  • when you dispute the accuracy of the data, or
  • when you inform us of an objection.

Where processing has been limited, we may still retain your personal data, but we are not allowed to use it in any other way, unless:

  • you have given your consent in this regard; or
  • we need it for the recognition, exercise and defence of our legal rights; or
  • the processing is necessary for the protection of the rights of another natural or legal person; or
  • the processing is necessary on important grounds of public interest of the European Union or a Member State.

A right to request the transfer of your data: when we process your personal data on the basis of your consent or on the basis of a contract, you have the right:

  • to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format and to forward them to a third party of your choice; or
  • to obtain from us the transmission of such data to a third party of your choice.

A right of opposition: you may object to the processing of your personal data, and we will stop such processing:

  • when it is based on a legitimate interest or that of a third party. In this case, we may continue processing if it meets our overriding legitimate interests or if it is necessary for the establishment, exercise and defence of our legal rights; or
  • when it is carried out for prospecting purposes (including profiling related to such prospecting).

A right to withdraw your consent: when we use your personal data on the basis of your consent, you have the right to withdraw your consent at any time. Such withdrawal will not affect the legality of the processing operation based on the consent given before the withdrawal.

A right to lodge a complaint: if you believe that your data protection rights have been violated, you have the right to:

  • file a complaint with the competent supervisory authority, in particular in the Member State in which the violation is alleged to have been committed, in which you have your residence, or in which you work; and/or
  • bring an action before the competent court.

The competent supervisory authority in the Grand-Duchy of Luxembourg is: Commission Nationale pour la Protection des Données https://cnpd.public.lu/fr/particuliers/faire-valoir/formulaire-plainte.html

To exercise your rights listed above, you can contact us via APSI by:

  • Telephone: 00352 20601110
  • Email: info@apsi.lu;
  • Address: APSI, 10, rue de Vianden, L-2680 Luxembourg.

Where requests relating to these rights are manifestly unfounded or excessive, in particular because of their repetitive nature, we reserve the right:

to require the payment of reasonable fees that take into account the administrative costs incurred in providing the information, making the communications or taking the measures requested; or to refuse to comply with these requests.