Last update : Saturday, February 20, 2020
The responsible for the processing of personal data is VIREO, a limited liability company established at 4, rue Jean-Pierre Brasseur, L-1258 Luxembourg, registered in the Luxembourg Trade and Companies Register under number B222152, (hereinafter “VIREO”) and currently represented by its acting Manager.
VIREO undertakes to do everything in its power to protect the privacy of its users.
Article 1. Collection of personal data
As part of the relationship with VIREO, personal data is collected directly from the User, allowing VIREO to implement the purposes described below.
The personal data requested are presented below and some of them depend on the application used by the User in the context of his relationship with VIREO.
Only the personal data strictly necessary for the fulfilment of the purposes set out below shall be processed. Within the framework of the services offered by the Platform and depending on the particular situation and the choices of the User. The following data may be processed :
Certain sensitive personal data, benefiting from special protection, may be processed, such as :
These data are treated with the utmost care.
In some cases, personal data relating to persons other than the User but communicated by the User may be processed, such as for example :
- the children
- the spouse/partner
The user required to communicate such data undertakes to inform the persons concerned.
Article 2. How does VIREO process the User’s personal data ?
2.1. For what purposes and on what legal basis are personal data processed ?
By providing VIREO with his personal data, the User expressly authorizes VIREO to process (collect, record, organize, structure, store, adapt, modify, extract, consult, use, communicate by transmission, dissemination or other form of provision, approximation or interconnection, limitation, erasure, destruction) said data for the purpose(s) below.
VIREO uses first of all the personal information collected to perform its contractual obligations towards the User, in particular in order to :
- enable the proper execution of the mission for which VIREO has been mandated
- save the data in the User’s electronic folder
- answering questions, requests for information and/or advice by intermediaries
- ensure the follow-up and management of the User’s file
- allow the transmission of the User’s data to the various service providers according to his requests
- allow the transmission of the User’s connection and navigation data for the purpose of managing his file
- to transmit to the User any electronic communications and invitations
On the basis of its legitimate interest, VIREO may process the personal data thus collected in order to :
- manage its User base and have a global view of its Users (for example by compiling statistics to know who they are and to know them better)
- ensure the proper technical operation of the VIREO installations
- prevent abuse, fraud and offences
- protect the company assets
- ensure the security of goods and persons as well as the company’s networks and computer systems
- establish, exercise, defend and preserve the rights of the company or the persons it may represent, for example in disputes
- substantiate (gather evidences)
- ensure the invoicing of services and the proper follow-up by VIREO’s accounting department
2.2. Does VIREO use the personal data collected to make automated decisions ?
VIREO does not use the data for profiling purposes or to make automated decisions. Should VIREO decide to do so in the future, it will inform the User in advance, explaining the logic behind such a decision and the importance and expected consequences of this particular processing.
Article 3. Why is it necessary for the User to communicate his personal data ?
If the User refuses to provide VIREO with the data requested as part of the services offered through the applications put online on the Platform, VIREO may find itself unable to carry out the services offered.
Article 4. Where and how are personal data transferred ?
4.1. Who has access to personal data and to whom is it transferred ?
In order to protect the privacy of the User, the persons who are authorized to access his data are determined precisely according to their tasks.
Under no circumstances does VIREO sell personal data to third parties. However, in order to achieve the purposes detailed above (cf. point 2.1.), VIREO may communicate certain information to authorized third parties such as :
- subcontractors of IT services
- certain national authorities and regulators in order to comply with its legal obligations
- lawyers in case of litigation
4.2 How is personal data transferred and secured ?
All data entered by the User is transferred exclusively via an encrypted connection. The lock icon in the status bar of the User’s browser allows the User to ensure that his data is sent in encrypted form to a server certified and authorized by VIREO.
VIREO implements an effective security policy in terms of computer data protection. In order to guarantee optimal security of its Platform, this security policy can only be accessible under certain conditions and at the express request of the User.
Article 5. How long is personal data kept ?
VIREO keeps the personal data collected as long as :
- necessary for the achievement of the purposes detailed above,
- a legal obligation imposes such retention,
- the applicable limitation periods have not elapsed, in order to ensure that it has the necessary information to protect itself from legal action.
Article 6. What are the rights of the User and how can he exercise them ?
As a data subject, the User has various rights that he or she may exercise in the following manner.
Right to information : the User may address to VIREO any queries regarding the registration and processing of his/her data.
Right of access : the User may, at any time, obtain confirmation as to whether or not personal data concerning him/her is being processed and, if so, access to said data as well as a free copy thereof.
Right to rectification : the User may, at any time, by sending a written request to VIREO, obtain the rectification of any personal data concerning him/her that is inaccurate, bearing in mind that, in principle, only the User has control over such data, since it is the User who fills in all the fields directly. The User may, in the same way, request that incomplete data be completed.
Right of deletion : the User may, at any time, by sending a written request to VIREO, obtain the deletion of his/her personal data, provided that one of the following reasons applies :
- the data are no longer necessary for the purposes for which they were collected and processed
- he withdrew the consent on which the treatment was based; and
- it now objects to the processing and there are no compelling legitimate grounds for it
- the data have been unlawfully processed
- the data must be deleted to comply with a legal obligation
- he contests the accuracy of the personal data
- in case of unlawful processing
- VIREO no longer needs personal data for the purposes of processing but they are still necessary for the establishment, exercise or defense of legal rights by the User.
- he has opposed the processing (the processing will be limited for the period necessary to verify the existence of legitimate reasons on the part of VIREO that would prevail over those of the User)
Right to portability : the User has the right, by sending a written request to VIREO, to receive the personal data concerning him/her provided by VIREO in a structured, commonly used and machine-readable format and to transmit these data to another data controller without VIREO being able to prevent this when :
- the treatment is based on consent or a contract, and that
- processing is carried out using automated processes.