Version last updated on 17th December 2018.
IBBL, 1 rue Louis Rech L-3555 Dudelange, Luxembourg (“we”) is committed to the protection of your personal data in accordance with data protection legislation, especially the General Data Protection Regulation EU 2016/679 (the “GDPR”).
This Data Protection Notice is directed to users or visitors of our website (the “Site”), and to individuals who contact us by any means or provide services to us (together “you”). It provides you with detailed information relating to the protection of your personal data by us.
1. Who is the controller of your personal data?
IBBL, 1 rue Louis Rech L-3555 Dudelange is responsible as a data controller, for collecting and processing your personal data in relation to our activities. The purpose of this Data Protection Notice is to inform you on which personal data we collect, the reasons why we use and share such data, how long we keep it, what rights you have and how you can exercise them.
Further information may be provided where necessary when you are in contact with us for a specific activity.
2. What personal data do we process?
We collect and use your personal data to the extent necessary in relation to our activities.
We may collect various types of personal data about you, including:
- identification data (such as your name, contact details, address, telephone, email, country),
- professional details (such as company/organisation name and job title),
- electronic identification data (e.g. email address, IP address, web browser and operating system used electronic signature, remote connection data),
- details of information request, claims or other information related to Users interaction with IBBL,
- banking details (such as bank account number, IBAN.
The data collected on our Site stem exclusively from the voluntary registering of your personal data (for example by contacting us through our online contact forms, by subscribing to our newsletter, by applying to one of our job offers, or by registering to an event) or if you choose to provide unsolicited personal data (information we have not asked for) to us such as a CV.
We may also collect information about you even if you do not have a direct relationship with us. This may notably occur when your employer provides us with information about you, or when your contact details are provided by one of our clients.
With the exception of the information indicated above and in our “Cookies Policy” below, we do not collect, via freely accessible pages on this Site, personal data other than those listed above and those voluntarily entered by you, using the online forms provided for that purpose, most notably to contact us.
3. What are the purposes of and the legal bases for our processing?
We collect and use your personal data for the following purposes:
- for the provision of services or information requested by you,
- for the management of our events (registration, list of attendees),
- to send you our newsletter,
- to manage our business relationship with you,
- to provide you with a safe and comfortable experience when visiting our Site,
- to manage or improve our Site and services provided by us,
We collect your personal data on the following basis:
- to perform a contract or for pre-contractual measures with you or an organisation you represent,
- to comply with our legal and regulatory obligations,
- to perform a task carried out in the public interest,
- for our legitimate interests, or
- with your consent.
4. Who do we share your personal data with?
In order to fulfil the aforementioned purposes, we may communicate your personal data to:
- service providers/vendors that perform services on our behalf,
- law enforcement or other government and regulatory bodies or agencies, upon request and to the extent permitted by law
- certain regulated professionals such as lawyers or auditors.
We may also receive requests from third parties with authority to obtain disclosure of personal data. We will only respond to such requests where we are permitted to do so in accordance with applicable laws and regulations.
We require all third parties to respect the security of your personal data and to process it in accordance with the law.
5. Where do we transfer your personal data?
We may use third party providers to deliver our services and this may involve transfers of your personal data to countries outside of the European Union/European Economic Area (EU/EEA). In case of international transfers originating from the EU/EEA to a country outside the EU/EEA, the transfer of your personal data may occur where the European Commission has decided that the country outside the EU/EEA ensures an adequate level of data protection.
For transfers to countries outside the EU/EEA for which the level of protection has not been recognised as adequate by the European Commission, we will either implement appropriate safeguards provided for by current data protection law (e.g. the entry into standard data protection clauses) or rely on a derogation applicable to specific situations (such as your explicit consent).
You can obtain more information regarding relevant safeguards we rely on by contacting us at firstname.lastname@example.org.
6. Security of your personal data.
The processing of your personal data is carried out through IT, electronic and manual tools, with logics strictly related to the aforementioned purposes and, in any event, in compliance with the appropriate technical and organisational measures required by law to ensure a level of security that is adequate to the risk, in order to avoid unauthorised loss or access to your data.
7. How long do we keep your personal data?
We will retain your personal data as long as necessary to fulfil the purposes we collected it for, for the period defined by our operational requirements (such as facilitating our relationship management with you) and for the time necessary for compliance with our legal obligations.
8. What are you rights regarding your personal data?
In accordance with applicable data protection law, you may exercise at any time, in respect of us, the following rights in relation to your personal data:
- right to access, which enables you to obtain from us confirmation of whether personal data is being processed or not and, if so, obtain access to such data; we process a large quantity of information, and can thus request, in accordance with GDPR, that before the information is provided, you specify the information or processing activities to which your request relates;
- right to rectification, which enables you to obtain from us the correction and/or integration of any of your personal data that are incorrect and/or incomplete; and
in certain limited cases (in which case we will analyse whether the conditions for the exercise of such rights are fulfilled, in line with GDPR):
- right to erasure, which enables you, in specific cases provided for by art. 17 GDPR, to obtain from us the erasure of your personal data;
- right to restriction of processing, which enables you, in the specific cases provided for by art. 18 of the GDPR, to restrict the processing of your personal data by us;
- right to object, which enables you to object to the processing of your personal data when certain conditions are met;
- right to data portability, which enables you, in certain cases and with regard only to the data you have provided to us, to request receipt of your personal data in a structured and commonly machine-readable format.
If you have provided your consent to the processing of your personal data, you can withdraw such consent at any time.
To exercise any of these rights, you may contact our Data Protection Officer by email email@example.com or by postal mail:
Data Protection Officer
1 rue Louis Rech
You have the right to lodge a formal complaint with the Commission nationale pour la protection des données (CNPD). Full details may be accessed on the complaints section of CNPD’s website (https://cnpd.public.lu).
If you wish to learn more about cookies, please read our “Cookies Policy” available on our website https://www.biobank.lu
Changes to this Data Protection Notice.
Changes may occur in the way we process personal data. In case these changes oblige us to update this Data Protection Notice, we will clearly communicate it to you, either via our Site or via other appropriate means. The latest applicable version will always be available on our Site.
What is a cookie?
This Site uses ‘cookies’ and similar tools. Cookies are small text files that are placed and stored on your computer or mobile device when you visit a website. Cookies are widely used in order to make websites work, improve the navigation experience and provide information to the owners of the site.
Type of cookies used
Technical and functional cookies
The cookies in this category are used to check the technical settings of your browser and to record your preferences as identified during a previous visit to the Site. Their purpose is to
ensure you enjoy an optimal experience.
These cookies are essential to the functioning of our Site. They enable you to use the main website features. Without these cookies, you will not be able to enjoy normal use of our Site.
Audience measurement cookies
The cookies in this category enable us to analyse how visitors browse our Site. Thanks to these data, we are able to better understand how our Site is used, in particular based on visitor profiles, how they reached the Site (direct access, via a search engine, etc.), what pages they search, how long they stay on the website, etc. Accordingly, we are able to optimise and improve the Site and services offered.
This Site uses Google Analytics, a website analysis service provided by Google Inc. (“Google”), to analyse how you engage with our website and with a view to improving it.
So-called “social” cookies are linked to the services provided by third parties, such as Facebook, Twitter, LinkedIn, etc.
Social cookies are only stored if you decide to click on the available social platform buttons.
We have no control over the process used by social networks to gather information related to your browsing of our website and linked to the personal data in their possession. We invite you to check the data protection policies implemented by these social networks in order to understand the intended purpose, in particular of a promotional nature, of the browsing information they are able to collect through these application buttons. These data protection policies should enable you to exercise your choices in these social networks, in particular by adjusting the settings of your user accounts for each of these networks.
Your choices concerning cookies
You may choose to configure your browser to accept all cookies, reject all cookies, notify you when cookies are issued, provide you with information on their period of validity and content, enable you to refuse to store the cookies on your device, and delete your cookies regularly.
You can set your Internet browser to deactivate cookies. However, you should bear in mind that if you deactivate cookies, some of our Site features (and even some websites as a whole) will no longer work properly.
How to configure your browser
For more information on the methods enabling you to delete and control the cookies stored on your computer, consult the following website: http://www.allaboutcookies.org/
Alternatively, consult your browser’s help sections:
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: https://support.apple.com/kb/PH19214?locale=fr_FR&viewlocale=en_US
Give or withdraw consent