Privacy Policy
For the attention of people who consult and use the INDR websites and online accounts and people who subscribe to the INDR Newsletter.
The purpose of this notice is to define the conditions under which personal data are processed and collected in accordance with Regulation 2016/679 of April 27, 2016 relating to the protection of individuals with regard to the processing of personal data and to the free movement of this data (“GDPR”).
What personal data is processed?
Personal data or personal data is information which makes it possible to identify, directly or indirectly, a natural person (referred to as the “data subject”). The data that the INDR is currently likely to process are the following:
- name, first name, gender, institution or company, position, postal address, email address, telephone number, date of membership,
- information on connections to INDR sites and social media accounts (Google Analytics and associated cookies, MailChimp, etc.) such as pages consulted, date and time of consultation, IP address, source sites having allowed access to INDR sites and online accounts, the geographic area, and the computer equipment used.
This information is mainly provided by the person concerned directly, in particular by contacting an INDR representative or employee or via the INDR sites and online accounts. As an exception, the surname, first name, institution or company, position, postal address, email address, telephone number may also be obtained by consulting information freely accessible to the public, such as telephone directories, websites, press releases or information.
For what purposes are personal data processed and what is the legal basis for the processing?
The data is processed as part of the overall management of INDR activity, namely
- for the usability and optimization of sites and online account
- for sending Newsletters
- for administrative management
- for statistical purposes.
When the INDR has not concluded a contract with the data subject, the processing is not based on the consent of the data subject or a legal obligation, the INDR processes the personal data on the basis of a legitimate interest, depending on its mission (see section “Who are we?”) unless the interests or fundamental freedoms and rights of the person concerned prevail.
To whom are personal data transferred? How long are they kept?
Personal data is reserved for internal use without commercial purposes. They may be shared only for IT needs with service providers in Europe and in third countries subject to providing sufficient guarantees with regard to the GDPR, for the execution of the contract between the INDR and its members within the framework of its mission (see “Who are we?” section) or for any other legitimate legal reason.
The INDR draws attention to the fact that information about connections to the sites and online accounts of the INDR as well as the IP address may be collected and processed by Internet operators, such as Google to evaluate the use of the site and provide other services related to the use of the Internet. It is up to the person concerned to manage or deactivate cookies using the options of the browser they are using.
Personal data may be kept, copied to servers or backup systems or archived by the INDR for as long as necessary for the aforementioned activities or for legitimate legal reasons, respectively as long as the person concerned does not request unsubscription. from the Newsletters mailing list.
What are your rights ?
The INDR takes all reasonably possible measures at the technical and organizational level to ensure the protection of personal data against loss, misuse, unauthorized access, disclosure, modification or destruction of this data.
Under the conditions provided for by the GDPR, you can access the data concerning you and obtain a copy (article 15), obtain the rectification of inaccurate or incomplete data (article 16), object to the processing of your data (article 21), obtain the erasure of these (article 17), and benefit from a right to portability (article 20) and limitation of processing (article 18).
If consent constitutes the legal basis for the processing of personal data, you can withdraw your consent at any time by contacting the INDR without affecting the lawfulness of the processing based on the consent given before its withdrawal. .
The INDR processes personal data for professional purposes. If it is informed that data concerns a child, it undertakes to remove it from its systems as soon as possible.
Please find below the contact details to ask questions, assert your rights or submit a complaint:
National Institute for Sustainable Development and Corporate Social Responsibility (Data Protection)
7, rue Alcide de Gasperi, B.P. 3024 L-1030 Luxembourg-Kirchberg
Tel: +352 27 330 1
Email: info@indr.lu
Website: www.indr.lu
If you consider that the processing of your personal data carried out by the INDR constitutes a violation of the GDPR, you can also lodge a complaint with the CNPD (www.cnpd.lu).
Disclaimer
The INDR does everything possible to ensure that the information and data available on its sites and online accounts are correct and up to date. This information and data have been collected and compiled from sources which, to the best of INDR’s knowledge, are reliable. The INDR cannot, however, be held responsible for any error, omission, alteration or delay in updating this information and data. Users of INDR sites and online accounts are therefore asked not to base their decisions on this information and data without verifying their accuracy. They acknowledge that they use this information and data at their own risk.
INDR sites and online accounts provide links to third party sites for information purposes only. The INDR assumes no responsibility for the management and content of these sites nor for the level of data protection. Users of INDR sites and online accounts acknowledge that they access these third-party sites at their own risk.
Modification of the notice
The INDR reserves the right to modify this notice at any time and without notice. It is up to the person concerned to ensure that they have the most recent notice in force.
GDPR – Notice October 2020.