• Personal data means any information which can be used to identify a person directly or indirectly by reference to various identifiers. Typical examples of direct personal data are the name, address, email addresses, telephone numbers, location data, date of birth. Typical examples of indirect personal data are IP addresses or user data which are stored in server log files.
  • Data subject means an identified or identifiable natural person whose personal data is being processed.
  • Processing means any operation or set of operations which is performed on personal data whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
  • Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient means a natural or legal person, public authority, agency or another body to which the personal data is disclosed, whether a third party or not.  However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of that data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • Third party means a natural or legal person, public authority agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Please note:

  • data transfer over the internet (for example, communication by email) may be vulnerable to security issues and complete protection of data from third party access is not possible.
  • your browser communicates your IP address when you visit our website. The IP address is necessary to be able to clearly identify the device you are using for data transport.

This privacy policy applies to processing by:

Forum EUROPA Luxembourg asbl
24, rue Saint-Mathieu
2138 Luxembourg
represented by: Klaus-Peter Beck
info@forum-europa.eu

Forum EUROPA Luxembourg
-Data Protection-
24, rue Saint-Mathieu
2138 Luxembourg

Our website does not use cookies.

Our website is hosted at our processor, IONOS SE, Elgendorfer Str. 57 | 56410 Montabaur, Germany.

Connection data is processed for the purpose of providing and delivering the website. For the purpose of merely providing and delivering the website, the data is not stored beyond the visit.

The lawful basis for the processing of data is the legitimate interest (absolute technical necessity for providing and delivering the “website” service explicitly requested by you through your visit) in accordance with Art. 6 (1) f of the EU GDPR.

In addition, the connection data and further personal data is processed to operate the website within the framework of various other functions and services. More detailed information is provided within the scope of this privacy policy under the individual functions and services.

Where personal data, such as name, address, email addresses, telephone numbers, etc., is collected directly on contact forms on our website, this is always carried out, where possible, on a voluntary basis. This data is not disclosed to third parties without your express consent and is erased after your enquiry has been dealt with.

The processing is carried out for the purpose of making contact and sending a statement.

The lawful basis is your consent given voluntarily in accordance with Art. 6 (1) first sentence (a) of the EU GDPR.

No transfer of your direct personal data such as name, address, email addresses, telephone numbers, date of birth, etc. to a third country is intended. However, technical data such as IP addresses or other technical user data (such as cookies) is also transferred when using the internet.

A)  RIGHT OF ACCESS

Any data subject has the right granted by the European legislature and regulator to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. If a data subject wishes to exercise this right of access, they can contact an employee of the controller for this purpose at any time.

B)  RIGHT TO BE INFORMED

Any data subject whose personal data is being processed has the right granted by the European legislature and regulator to obtain free of charge from the controller at any time information about personal data stored about him or her and to receive a copy of such information. Furthermore, the European legislature and regulator has granted the data subject the right of access to the following information:

  • the purposes of the processing.
  • the categories of personal data concerned.
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations.
  • where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period.
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing or to object to such processing.
  • the existence of the right to lodge a complaint with a supervisory authority.
  • where personal data is not collected from the data subject: any available information as to the source of the data.
  • the existence of automated decision-making, including profiling referred to in Article 22 (1) and (14) of the EU GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and envisaged consequences of such processing for the data subject.
  • Furthermore, the data subject has a right to be informed whether personal data has been transferred to a third country or international organisation. Where this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right to be informed, they can contact the controller’s data protection officer for this purpose at any time.

C)  RIGHT TO RECTIFICATION

Any data subject whose personal data is being processed has the right granted by the European legislature and regulator to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, they can contact an employee of the controller for this purpose at any time.

D)  RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)

Any data subject whose personal data is being processed has the right granted by the European legislature and regulator to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and provided the processing is not necessary:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based in accordance with Art. 6 (1) a or Art. 9 (2) a of the EU GDPR and where there is no other lawful basis for the processing.
  • The data subject objects to the processing pursuant to Art. 21 (1) of the EU GDPR and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Art. 21 (2) of the EU GDPR.
  • The personal data has been unlawfully processed.
  • The personal data has to be erased to comply with a legal obligation according to Union or Member State law, which the controller is subject to.
  • The personal data has been collected in relation to the offer of information society services referred to in Art. 8 (1) of the EU GDPR.

Where one of the aforementioned grounds applies and a data subject wishes to obtain the erasure of personal data which is stored at Forum EUROPA Luxemburg, they can contact the controller’s data protection officer for this purpose at any time. The data protection officer at Forum EUROPA Luxemburg will arrange for compliance with the erasure request without undue delay.

Where Forum EUROPA Luxemburg has made the personal data public and our entity, as the controller, is obliged pursuant to Art. 17 (1) of the EU GDPR to erase the personal data, Forum EUROPA Luxemburg, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by such other controllers of any links to, or copies or replications of, that personal data, unless processing is necessary. The data protection officer at Forum EUROPA Luxemburg will make the necessary arrangements on a case-by-case basis.

E)  RIGHT TO RESTRICTION OF PROCESSING

Any data subject whose personal data is being processed has the right granted by the European legislature and regulator to obtain from the controller the restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Art. 21 (1) of the EU GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.

Where one of the aforementioned conditions applies and a data subject wishes to obtain the restriction of personal data which is stored at Forum EUROPA Luxemburg, they can contact the controller’s data protection officer for this purpose at any time. The data protection officer at Forum EUROPA Luxemburg will arrange the restriction of processing.

F)  RIGHT TO DATA PORTABILITY

Any data subject whose personal data is being processed has the right granted by the European legislature and regulator to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Art. 6 (1) a or Art. 9 (2) a of the EU GDPR or on a contract pursuant to Art. 6 (1) b of the EU GDPR and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Art. 20 (1) of the EU GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided it does not adversely affect the rights and freedoms of others.

The data subject may contact the data protection officer at Forum EUROPA Luxemburg at any time to exercise their right to data portability.

G)  RIGHT TO OBJECT

Any data subject whose personal data is being processed has the right granted by the European legislature and regulator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 (1) e or f of the EU GDPR. This also applies to profiling based on those provisions.

Forum EUROPA Luxemburg will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing is for the establishment, exercise or defence of legal claims.

Where Forum EUROPA Luxemburg processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data for the purpose of such marketing. This also applies to profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for purposes of direct marketing by Forum EUROPA Luxemburg, then Forum EUROPA Luxemburg will no longer process the personal data for these purposes.

Furthermore, where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) of the EU GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

The data subject may contact any employee of Forum EUROPA Luxemburg directly at any time to exercise their right to object. Furthermore, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may also exercise his or her right to object by automated means using technical specifications.

H)  AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

Any data subject whose personal data is being processed has the right granted by the European legislature and regulator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless (1) the decision is necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller or (2) it is based on the data subject’s explicit consent, Forum EUROPA Luxemburg will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise rights with respect to automated decisions, they can contact an employee of the controller for this purpose at any time.

I)  RIGHT TO WITHDRAW CONSENT

Any data subject whose personal data is being processed has the right granted by the European legislature and regulator to withdraw consent to processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact the data protection officer at Forum EUROPA Luxemburg for this purpose at any time.

Our organisation’s legal basis for processing operations where we obtain consent for a specific purpose is Art. 6 (1) a of the EU GDPR.

If processing of personal data is necessary for the performance of a contract to which the data subject is party, such as in the case of processing operations which are necessary for the supply of goods or rendering of other services or services in return, then the processing is based on Art. 6 (1) b of the EU GDPR. The same applies to such processing operations that are necessary to take steps prior to entering into a contract such as in cases of enquiries relating to our products or services.

If processing of personal data is necessary for our organisation due to a legal obligation to which we are subject, for example to comply with tax obligations, then the processing is based on Art. 6 (1) c of the EU GDPR.

In rare cases, processing of personal data could become necessary in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were to be injured on our premises and their name, age, health insurance details or other vital information then needed to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 (1) d of the EU GDPR.

Finally, the processing operation could be based on Art. 6 (1) f of the EU GDPR. Processing operations not covered by any of the above legal bases would be based on this legal basis, if the processing was necessary to protect a legitimate interest of our organisation or of a third party except where such interests are overridden by the interests, fundamental rights and freedoms of the data subject. We are permitted to carry out such processing operations in particular because they have been mentioned specifically by the European legislature who were of the opinion that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47, second sentence of the EU GDPR).

If processing of personal data is based on Article 6 (1) f of the EU GDPR, our legitimate interest is the conduct of our business activities for the benefit of the welfare of all our employees and shareholders.

The criterion for how long personal data is stored is the statutory retention period in each case. The relevant data is routinely erased after the retention period has expired, provided it is no longer needed to perform or initiate a contract.

Necessity for entering into a contract; data subject’s obligation to provide personal data; possible consequences of failure to provide.

We would like to clarify that the provision of personal data is sometimes a legal requirement (such as tax regulations) or might emerge from contractual regulations (such as details of the contractual partner). Sometimes it might be necessary, in order to enter into a contract, for a data subject to provide us with personal data, which subsequently needs to be processed by us. For example, the data subject is obliged to provide us with personal data if our organisation enters into a contract with him or her. Failure to provide the personal data would have the consequence that it would not be possible to enter into the contract with the data subject. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject in relation to the individual case whether the provision of personal data is regulated by law or by contract or is necessary to enter into a contract, whether there is an obligation to provide the personal data and what the consequences of a failure to provide the personal data would be.

As a responsible organisation, we do not use automated decision-making or profiling.

You have the right to lodge a complaint with the supervisory authority of your place of residence (Art. 77 of the EU GDPR).

In Luxembourg:

National Commission for Data Protection, 15 Boulevard du Jazz, L-4370 Belvaux, Luxembourg (https://cnpd.public.lu/)

You are neither obliged by law nor by contract to provide us with your personal data. However, the provision of your indirect personal data (IP address, cookies) is necessary for visiting our website.

Further processing is not carried out for purposes other than those for which the personal data was collected. Should this become necessary, we will provide you with information about such other purpose and any other pertinent information prior to such further processing.

We use the SSL method (Secure Socket Layer) on our website. Data is 256-bit encrypted whilst it is being transferred, provided your browser supports this. Otherwise 128-bit encryption is used. A padlock symbol on your browser indicates encrypted transfer.

In addition, we have taken technical and organisational measures to ensure the ongoing security of your data.

This privacy policy was last updated on 7 April 2022. It is subject to amendment if our website content changes, statutory provisions change or official regulations need to be implemented.