Privacy Policy

Privacy Policy

Last update : Saturday, February 20, 2020



It is important that you carefully read this Privacy Policy together with the Terms and Conditions of Use before using the Website and/or the Platform.

If you do not accept the terms of this Privacy Policy, you should not click on “I agree”.

VIREO invites you to enter the Privacy Policy in PDF format before giving your acceptance in order to ensure that you give your full and free express consent, without any haste, having read and understood all the terms used.


The responsible for the processing of personal data is VIREO, a limited liability company established at 4, rue Jean-Pierre Brasseur, L-1258 Luxembourg, registered in the Luxembourg Trade and Companies Register under number B222152, (hereinafter “VIREO”) and currently represented by its acting Manager.

VIREO undertakes to do everything in its power to protect the privacy of its users.


This Privacy Policy should be read in conjunction with the Cookie Management Policy accessible via the following link : https://www.vireo.lu/en/cookies-policy/.



Article 1. Collection of personal data

As part of the relationship with VIREO, personal data is collected directly from the User, allowing VIREO to implement the purposes described below. 

The personal data requested are presented below and some of them depend on the application used by the User in the context of his relationship with VIREO.

Only the personal data strictly necessary for the fulfilment of the purposes set out below shall be processed. Within the framework of the services offered by the Platform and depending on the particular situation and the choices of the User. The following data may be processed :

  • identification data (surname, first name, sex, date of birth, nationality, …)
  • contact data (e-mail address, mobile and/or telephone number, postal address, …)
  • language used
  • mode of introduction (employer, internet, press, recommendation, …)
  • financial data and patrimonial information (list of movable and immovable assets, …)
  • data related to the profession (functions carried out, …)
  • composition of the household (marital status, number of children, …)

Certain sensitive personal data, benefiting from special protection, may be processed, such as :

  • tax identification number
  • income of any identifiable kind
  • expenses of all identifiable kinds (insurance, credits and other miscellaneous charges)
  • conclusive evidence/document
  • risk profile of the User
  • copy of valid identity document
  • bank details (IBAN and BIC number)
  • VAT number if applicable

These data are treated with the utmost care.

In some cases, personal data relating to persons other than the User but communicated by the User may be processed, such as for example :

  • the children
  • the spouse/partner

The user required to communicate such data undertakes to inform the persons concerned.

 

Article 2. How does VIREO process the User’s personal data ?
2.1. For what purposes and on what legal basis are personal data processed ?

By providing VIREO with his personal data, the User expressly authorizes VIREO to process (collect, record, organize, structure, store, adapt, modify, extract, consult, use, communicate by transmission, dissemination or other form of provision, approximation or interconnection, limitation, erasure, destruction) said data for the purpose(s) below.

VIREO uses first of all the personal information collected to perform its contractual obligations towards the User, in particular in order to :

  • enable the proper execution of the mission for which VIREO has been mandated 
  • save the data in the User’s electronic folder
  • answering questions, requests for information and/or advice by intermediaries
  • ensure the follow-up and management of the User’s file
  • allow the transmission of the User’s data to the various service providers according to his requests
  • allow the transmission of the User’s connection and navigation data for the purpose of managing his file
  • to transmit to the User any electronic communications and invitations

On the basis of its legitimate interest, VIREO may process the personal data thus collected in order to :

  • manage its User base and have a global view of its Users (for example by compiling statistics to know who they are and to know them better)
  • ensure the proper technical operation of the VIREO installations
  • prevent abuse, fraud and offences
  • protect the company assets
  • ensure the security of goods and persons as well as the company’s networks and computer systems
  • establish, exercise, defend and preserve the rights of the company or the persons it may represent, for example in disputes
  • substantiate (gather evidences)
  • ensure the invoicing of services and the proper follow-up by VIREO’s accounting department

 

2.2. Does VIREO use the personal data collected to make automated decisions ?

VIREO does not use the data for profiling purposes or to make automated decisions. Should VIREO decide to do so in the future, it will inform the User in advance, explaining the logic behind such a decision and the importance and expected consequences of this particular processing.


Article 3. Why is it necessary for the User to communicate his personal data ?

If the User refuses to provide VIREO with the data requested as part of the services offered through the applications put online on the Platform, VIREO may find itself unable to carry out the services offered.


Article 4. Where and how are personal data transferred ?

4.1. Who has access to personal data and to whom is it transferred ?  

In order to protect the privacy of the User, the persons who are authorized to access his data are determined precisely according to their tasks.
Under no circumstances does VIREO sell personal data to third parties. However, in order to achieve the purposes detailed above (cf. point 2.1.), VIREO may communicate certain information to authorized third parties such as :
  • subcontractors of IT services
  • certain national authorities and regulators in order to comply with its legal obligations
  • lawyers in case of litigation
 
4.2 How is personal data transferred and secured ?
 
All data entered by the User is transferred exclusively via an encrypted connection. The lock icon in the status bar of the User’s browser allows the User to ensure that his data is sent in encrypted form to a server certified and authorized by VIREO.
VIREO implements an effective security policy in terms of computer data protection. In order to guarantee optimal security of its Platform, this security policy can only be accessible under certain conditions and at the express request of the User.
 
 
Article 5. How long is personal data kept ?
 
VIREO keeps the personal data collected as long as :
  • necessary for the achievement of the purposes detailed above,
  • a legal obligation imposes such retention,
  • the applicable limitation periods have not elapsed, in order to ensure that it has the necessary information to protect itself from legal action.
 
 
Article 6. What are the rights of the User and how can he exercise them ?
 
As a data subject, the User has various rights that he or she may exercise in the following manner.
 
Right to information : the User may address to VIREO any queries regarding the registration and processing of his/her data.
 
Right of access : the User may, at any time, obtain confirmation as to whether or not personal data concerning him/her is being processed and, if so, access to said data as well as a free copy thereof.
 
Right to rectification : the User may, at any time, by sending a written request to VIREO, obtain the rectification of any personal data concerning him/her that is inaccurate, bearing in mind that, in principle, only the User has control over such data, since it is the User who fills in all the fields directly. The User may, in the same way, request that incomplete data be completed.
 
Right of deletion : the User may, at any time, by sending a written request to VIREO, obtain the deletion of his/her personal data, provided that one of the following reasons applies :
 
  • the data are no longer necessary for the purposes for which they were collected and processed
  • he withdrew the consent on which the treatment was based; and
  • it now objects to the processing and there are no compelling legitimate grounds for it
  • the data have been unlawfully processed
  • the data must be deleted to comply with a legal obligation
 
Right to limitation of processing : where limitation of processing is granted, personal data may only be processed with the consent of the User or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or for important public interest reasons.
 
The User may request the limitation of the processing for one of the following reasons :
 
  • he contests the accuracy of the personal data
  • in case of unlawful processing
  • VIREO no longer needs personal data for the purposes of processing but they are still necessary for the establishment, exercise or defense of legal rights by the User.
  • he has opposed the processing (the processing will be limited for the period necessary to verify the existence of legitimate reasons on the part of VIREO that would prevail over those of the User)
 
Right of opposition : the User has the right to oppose, at any time and by sending a written request to VIREO, for reasons relating to his/her particular situation, the processing of his/her personal data necessary for the legitimate interests pursued by VIREO.
 
VIREO will no longer process such personal data, unless it is demonstrated that there are legitimate and compelling reasons for the processing that prevail over the interests of the User and his/her rights and freedoms, or for the establishment, exercise or defence of legal rights.
 
If the User’s personal data should be processed for canvassing purposes, the User shall have the right to oppose such processing at any time.
 
 

Right to portability : the User has the right, by sending a written request to VIREO, to receive the personal data concerning him/her provided by VIREO in a structured, commonly used and machine-readable format and to transmit these data to another data controller without VIREO being able to prevent this when :

  • the treatment is based on consent or a contract, and that 
  • processing is carried out using automated processes.
 
Right of withdrawal of consent : when the processing is based on consent, the User has the right to withdraw consent at any time by sending a written request to VIREO at 4, rue Jean-Pierre Brasseur, L-1258 Luxembourg or by electronic means to gdpr@vireo.lu. Withdrawal of consent shall not affect the lawfulness of the processing based on consent carried out prior to the withdrawal of consent.
 
 
Right to lodge a complaint : VIREO shall use its best efforts to ensure compliance with its legal obligations in terms of data protection and to respond as quickly as possible to any complaint addressed to it in this respect. In the event that the user is not satisfied with the response received, the user has the possibility to lodge a complaint with the Data Protection Authority :
 
 
Commission Nationale pour la Protection des Données
1, Avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette
Tél.: (+352) 26 10 60 – 1
www.cnpd.public.lu/fr/support/contact.html