1. An overview of data protection
The Luxembourg Institute of Science and Technology (hereafter “LIST”, “We”) is committed to ensure the highest standards of data protection in compliance with the applicable legislation, notably with reference to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”).
The present document aims at illustrating what personal data we collect about you, the reason why LIST uses your data and, as the case may be, share your data and the applicable retention periods. Additionally, the notice also provides you with information regarding your rights, how to exercise them and whom you can contact in case of any query.
2. Scope of the notice
The present notice is directed to:
- users or visitors of LIST Ventures website (hereafter the “website”),
- external visitors accessing our premises,
- individuals who contact us by any means for any purposes,
Hereafter together “you”.
3. Identity of the data controller
The data controller is LIST, having its registered office at 5, Avenue des Hauts-Fourneaux L-4362 Esch-sur-Alzette, Luxembourg.
LIST is responsible for collecting and processing your personal data in relation with LIST’s activities.
Our contact details are set out in Section 9 (“Your rights and how to exercise them”) below.
4. Categories of personal data we collect
We collect personal data about you in the course of our activities and business, including through your use of our website. The categories of personal data that we may collect or obtain may vary depending on the services we provide you or on how you use our website.
Please find here below a list of personal data we may collect and process. Those may at times include:
- Contact details (such as name, surname, address, e-mail address, telephone number, fax number etc.),
- Professional information (such as company/organisation, current role, professional e-mail etc.),
- Technical data (such as IP address, your browser type and language, access logs including access times, websites use and monitoring thereof),
- Participation to LIST’s activities and events,
- Pictures or videos taken during LIST’s activities or events,
- External visitors’ data (name and surname of the visitors, company/organisation, name of LIST’s employee organising the meeting, date and place of meeting)
We collect personal data through our website based on your voluntary submission of personal information, for example by registering to LIST’s events or by contacting LIST via our online form.
We may also collect information about you in an indirect way from our employees or from third parties, for instance, when one of LIST’s clients or suppliers provides us with your personal data.
5. Purpose and legal basis for processing
Please find here below a list of the purposes for which LIST collects and processes your personal data:
- To communicate with you,
- To provide and improve our services,
- To manage our events and activities,
- To ensure and improve the functioning and the security of our website and network,
- To ensure the security of our premises and facilities,
- To manage complaints, feedback and queries,
- To grant external visitors with access to our premises,
- To comply with applicable laws and regulatory obligations,
- To establish and/or defend our legal rights.
Please find here below a list of the legal basis on whose grounds LIST collects and processes your personal data:
- Your consent, for instance we shall require your consent to process your personal data in order to send you our newsletter or invitations to events and conferences,
- Performance of a contract or of pre-contractual measures to which you are party or representative,
- Compliance with a legal or regulatory obligation to which we are subject,
- LIST’s legitimate interest, which may generally consist of (i) the pursuit of our business activity and objectives; (ii) the protection of our activity, of our premises, of our information systems security, of our employees, partners and supplier; (iii) the improvement or further development of our services; (vi) the establishment and/or defence of our legal rights.
Please note that the purposes and legal basis of our processing activities may vary based on the services we provide you or on how you use our website.
6. Share of your personal data with third parties
In order to fulfil the purposes mentioned in Section 5 (“Purposes and legal basis for processing”), LIST may transfer your personal data to:
- External service providers that perform services on LIST behalf,
- Government or other regulatory bodies, upon request and to the extent permitted by law,
- Certain regulated professionals such as auditors or lawyers,
- Institutional or non-institutional partners, with whom LIST collaborates in the context of its core activities.
In case of disclosure of your personal data to the aforementioned subjects, LIST shall take appropriate steps to ensure that third parties will apply adequate protection to this data as required by the applicable data protection legislation.
Some of the mentioned recipients of your personal data may be located in countries outside the European Union or the European Economic Area (EU/EEA). In such cases, transfers to a county outside EU/EEA may take place when the European Commission has decided that the third country ensures an adequate level of protection.
In the absence of such adequacy decision, LIST will only proceed to such transfer after having implemented appropriate safeguards to protect your personal data (such as the use of standard data protection clauses adopted by the European Commission) or where a derogation established by art. 49 of the GDPR exists (such as your explicit and informed consent).
Further information about the mentioned transfers and the safeguard measures applied by LIST can be obtained by contacting us at dpo(at)list.lu.
7. Ensuring personal data security and integrity
In compliance with the applicable data protection legislation, LIST has put in place appropriate technical and organisational measures in order to prevent or act upon any unauthorised and unlawful processing or disclosure, accidental loss, modification or destruction of personal data. These measures are implemented based on the current state of art, an evaluation of the risks derived by the processing activity and the need to protect personal data. Such technical and organisation measures are regularly updated and/or adjusted to new technical developments or any organisational change that may affect LIST.
8. Data retention periods
LIST will only retain your personal for a period of time that is strictly necessary for the purposes for which we collect your data, to comply with a legal or regulatory obligation to which LIST is subject or to manage our relationship with you.
9. Your rights and how to exercise them
With regards to your personal data collected and processed by LIST, you may exercise at any time the following rights:
- Right to access: You have the right to receive confirmation about whether or not your personal data is being processed by LIST. If that is the case, you have the right to know what data is being collected and processed and to obtain of copy of it;
- Right to rectification: If the personal data we hold about you is inaccurate or incomplete, you have the right to request to have it rectified;
- Right to erasure: Subject to certain conditions specified in art. 17 of the GDPR, you have the right to have your personal data deleted by LIST;
- Right to restriction of processing: Subject to certain conditions specified in art. 18 of the GDPR, you have the right to obtain restriction of the processing of your personal data performed by LIST;
- Right to data portability: Subject to certain conditions specified in art. 20 of the GDPR, you have the right to obtain a copy of the personal data you provided to LIST in in a structured, commonly used and machine-readable format and to request the transfer of these data to another data controller;
- Right to object: You have the right to object the processing of your personal data when the conditions set out in art. 21 of the GDPR apply;
- Right to withdraw consent: If LIST is processing your personal data based on your consent, you have the right to withdraw that consent at any time. The withdrawal of such consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (CNPD). More information on how to lodge a complaint are available on CNPD’s website: https://cnpd.public.lu.
You may exercise any of these rights by contacting our Data Protection Officer (DPO):
- by e-mail at the following address: dpo(at)list.lu,
- or by post at:
Luxembourg Institute of Science and Technology
Attn. Data Protection Officer
5, Avenue des Hauts-Fourneaux
L-4362 Esch-sur-Alzette, Luxembourg.
Please kindly note that your rights are not absolute and they may be withheld in accordance with applicable data protection laws. In such event, LIST will provide you with the reasons for not complying with your request. In such case, you may lodge a complaint with the CNPD and seek a judicial remedy against such decision.
10. Link to other websites
Please be aware that LIST website may contain links to other website that are not governed by this privacy notice. We encourage users to review the privacy notice of each website before disclosing any personal data.
11. Changes to this notice
LIST may make changes to this privacy notice from time to time, to reflect our current privacy practices or to comply with changes in the applicable data protection legislation. LIST encourages you to regularly visit this page in order to remain informed on how LIST collects and processes personal data.