Last update : Friday, February 19, 2021
The person responsible for processing personal data is VIREO, a limited liability company established at 4, rue Jean-Pierre Brasseur, L-1258 Luxembourg, registered with the Luxembourg Trade and Companies Register under number B222152, (hereinafter “VIREO”) and currently represented by its acting Manager.
VIREO undertakes to do its utmost to protect the privacy of its users.
Article 1. Collection of personal data :
As part of the relationship with VIREO, personal data is collected directly from the User, enabling VIREO to carry out the purposes described below.
The personal data requested is presented below and some of it depends on the application used by the User in the context of his relationship with VIREO.
Only the personal data strictly necessary for the purposes set out below is processed. Within the framework of the services offered by the Platform and, depending on the particular situation and choices of the User, the following data may be processed :
Certain sensitive personal data, benefiting from special protection may be processed, such as :
These data are treated with the utmost care.
In some cases, personal data relating to persons other than the User but communicated by the User may be processed, such as for example :
The User required to communicate such data undertakes to inform the persons concerned and to obtain their authorisation.
Article 2. How does VIREO handle the User’s personal data ?
2.1. For what purposes and on what legal basis are personal data processed ?
By providing VIREO with his/her personal data, the User expressly authorises VIREO to process (collection, recording, organisation, structuring, conservation, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or other form of making available, alignment or interconnection, limitation, erasure, destruction) said data for the purpose(s) below.
VIREO first of all uses the personal information collected to fulfil its contractual obligations towards the User and this, in particular, in order to :
- enable the proper execution of the mission for which VIREO has been mandated (updates, helpdesk, improvement of services, …) ;
- save the data in the User’s electronic folder ;
- answer questions, requests for information and/or advice by intermediaries ;
- ensure the follow-up and management of the User’s file ;
- allow the transmission of User data to the various service providers according to his requests ;
- allow the transmission of the User’s connection and navigation data for the purpose of managing his file ;
- to transmit to the User any electronic communications and invitations ;
- to anonymise the data in order to use it for statistical purposes.
On the basis of its legitimate interest, VIREO may process the personal data thus collected in order to :
- manage its User base and have a global vision of its Users (e.g. by establishing statistics in order to know who they are and get to know them better, pursue its legitimate development interests, meet their expectations as well as possible, …) ;
- to ensure the proper technical operation of VIREO’s installations ;
- to prevent abuse, fraud and offences ;
- to protect the company’s assets ;
- to ensure the security of goods and people as well as the company’s computer networks and systems ;
- to ascertain, exercise, defend and preserve the rights of the company or the persons it may represent, for example in the event of disputes ;
- to constitute evidence ;
- ensure the invoicing of services and proper monitoring by VIREO’s accounting department.
2.2. Does VIREO use the personal data collected to make automated decisions ?
VIREO does not use the data for profiling purposes or to make automated decisions. Should VIREO decide to do so in the future, it will inform the User in advance, explaining the logic behind such a decision and the importance and expected consequences of this particular processing.
Article 3. Why is it necessary for the User to communicate his/her personal data ?
If the User refuses to provide VIREO with the data requested as part of the services offered through the applications put online on the Platform, VIREO may be unable to perform the services offered.
Article 4. Where and how are personal data transferred ?
4.1. Who has access to personal data and to whom are they transferred ?
Apart from the data processing carried out by VIREO, the User may give access to his/her data to VIREO’s business partners within the framework of the proper execution and continuity of the service. These partners (intermediaries / subcontractors) are for example (non-exhaustive list) :
- tax specialists / persons in charge of tax monitoring with whom the User can interact within the framework of the myTax service ;
- wealth advisors with whom the User can interact within the framework of the myNeed service ;
- coaches and health professionals with whom the User can interact within the framework of the myHealth service ;
- lawyers with whom the User may interact as part of the myLawyer service.
In order to protect the User’s privacy, the persons who are authorized to access the User’s data are determined precisely according to their tasks.
Apart from authorized persons, VIREO does not pass non-anonymised personal data to third parties. However, in order to achieve the purposes detailed above (cf. point 2.1.), VIREO may be required to communicate certain information to authorized third parties such as :
- subcontractors of IT services ;
- certain authorities and regulators in order to comply with its legal obligations ;
- lawyers in the event of litigation.
4.2. How are personal data transferred and secured ?
All data entered by the User are transferred exclusively via an encrypted connection. The lock icon in the status bar of the User’s browser enables him to ensure that his data are sent in encrypted form to a server certified and authorized by VIREO.
VIREO implements an effective security policy in terms of computer data protection. In order to guarantee optimal security of its Platform, this security policy is only accessible under certain conditions.
Article 5. How long is personal data kept ?
VIREO keeps the personal data thus collected for as long as :
- necessary for the achievement of the purposes detailed above ;
- a legal obligation imposes such conservation ;
- the applicable limitation periods have not elapsed, in order to ensure that it has the necessary information to protect itself from legal action.
Article 6. What are the User’s rights and how can they be exercised ?
As the person concerned, the User has various rights which can be exercised in the following manner.
Right to information : the User may address to VIREO any questions concerning the registration and processing of his/her data.
Right of access : the User may, at any time, obtain confirmation as to whether or not personal data concerning him/her are being processed and, if so, access to said data as well as a free copy thereof.
Right of rectification : the User may, at any time, by sending a written request to VIREO, obtain the rectification of any personal data concerning him/her that are inaccurate, bearing in mind that, in principle, only the User has control over data since it is he/she who fills in all the fields (answers to the questions) directly. The User may, in the same way, request that incomplete data be completed.
Right of deletion : the User may, at any time, by sending a written request to VIREO, obtain the partial or total deletion of his/her personal data, provided that one of the following reasons apply :
- Data are no longer necessary for the purposes for which they were collected and processed.
- The User has withdrawn the consent on which the processing was based.
- The User now objects to the processing and there is no compelling legitimate reason for it.
- The data has been processed unlawfully.
- The data must be deleted to comply with a legal obligation.
- He contests the accuracy of the personal data.
- In case of unlawful processing.
- VIREO no longer needs the personal data for the purposes of the processing but they are still necessary for the establishment, exercise or defence of legal rights by the User.
- The User has objected to the processing (the processing will be limited for the period necessary to verify the existence of legitimate reasons on the part of VIREO which would prevail over those of the User).
- the processing is based on consent or on a contract and that
- processing is carried out using automated processes.