Privacy Policy

Privacy Policy

Last update : Friday, February 19, 2021

It is important that you carefully read this Privacy Policy together with the General Terms and Conditions of Use before using the Website and/or the Platform.

VIREO invites you to enter the Privacy Policy in PDF format before giving your acceptance in order to ensure that you give your express consent freely, without any haste, having read and understood all the terminology used.

The person responsible for processing personal data is VIREO, a limited liability company established at 4, rue Jean-Pierre Brasseur, L-1258 Luxembourg, registered with the Luxembourg Trade and Companies Register under number B222152, (hereinafter “VIREO”) and currently represented by its acting Manager.

VIREO undertakes to do its utmost to protect the privacy of its users.

This Privacy Policy is to be read in conjunction with the Cookie Management Policy accessible via the following link : https://vireo.lu/en/cookies-policy/.

In the event of total or partial refusal of the provisions of this Privacy Policy, you must not click on “I accept” but inform VIREO at gdpr@vireo.lu of the provisions to which you disagree. A total refusal could make it impossible to perform the services.

Article 1. Collection of personal data :

As part of the relationship with VIREO, personal data is collected directly from the User, enabling VIREO to carry out the purposes described below. 

The personal data requested is presented below and some of it depends on the application used by the User in the context of his relationship with VIREO.

Only the personal data strictly necessary for the purposes set out below is processed. Within the framework of the services offered by the Platform and, depending on the particular situation and choices of the User, the following data may be processed :

  • identification data (surname, first name, sex, date of birth, nationality, …) ;
  • contact data (email address, mobile and/or telephone number, postal address, …) ;
  • language used ;
  • mode of introduction (employer, internet, press, recommendation, …) ;
  • financial data and asset information (list of movable and immovable assets, etc.) ;
  • data related to the profession (functions carried out, etc.) ;
  • household composition (marital status, number of children, …).

Certain sensitive personal data, benefiting from special protection may be processed, such as :

  • tax identification number ;
  • income of all identifiable kinds ;
  • expenses of all identifiable kinds (insurance, credits and other miscellaneous expenses, …) ;
  • conclusive evidence ;
  • risk profile of the User ;
  • copy of valid identity document ;
  • bank details (IBAN and BIC number) ;
  • VAT number if applicable.

These data are treated with the utmost care.

In some cases, personal data relating to persons other than the User but communicated by the User may be processed, such as for example :

  • children,
  • the spouse/partner.

The User required to communicate such data undertakes to inform the persons concerned and to obtain their authorisation.

Article 2. How does VIREO handle the User’s personal data ?

2.1. For what purposes and on what legal basis are personal data processed ?

By providing VIREO with his/her personal data, the User expressly authorises VIREO to process (collection, recording, organisation, structuring, conservation, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or other form of making available, alignment or interconnection, limitation, erasure, destruction) said data for the purpose(s) below.

VIREO first of all uses the personal information collected to fulfil its contractual obligations towards the User and this, in particular, in order to :

  • enable the proper execution of the mission for which VIREO has been mandated (updates, helpdesk, improvement of services, …) ;
  • save the data in the User’s electronic folder ; 
  • answer questions, requests for information and/or advice by intermediaries ; 
  • ensure the follow-up and management of the User’s file ;
  • allow the transmission of User data to the various service providers according to his requests ; 
  • allow the transmission of the User’s connection and navigation data for the purpose of managing his file ;
  • to transmit to the User any electronic communications and invitations ; 
  • to anonymise the data in order to use it for statistical purposes.

On the basis of its legitimate interest, VIREO may process the personal data thus collected in order to :

  • manage its User base and have a global vision of its Users (e.g. by establishing statistics in order to know who they are and get to know them better, pursue its legitimate development interests, meet their expectations as well as possible, …) ;
  • to ensure the proper technical operation of VIREO’s installations ;
  • to prevent abuse, fraud and offences ;
  • to protect the company’s assets ;
  • to ensure the security of goods and people as well as the company’s computer networks and systems ;
  • to ascertain, exercise, defend and preserve the rights of the company or the persons it may represent, for example in the event of disputes ;
  • to constitute evidence ;
  • ensure the invoicing of services and proper monitoring by VIREO’s accounting department.

2.2. Does VIREO use the personal data collected to make automated decisions ?

VIREO does not use the data for profiling purposes or to make automated decisions. Should VIREO decide to do so in the future, it will inform the User in advance, explaining the logic behind such a decision and the importance and expected consequences of this particular processing.

Article 3. Why is it necessary for the User to communicate his/her personal data ?

If the User refuses to provide VIREO with the data requested as part of the services offered through the applications put online on the Platform, VIREO may be unable to perform the services offered.

Article 4. Where and how are personal data transferred ?

4.1. Who has access to personal data and to whom are they transferred ?

Apart from the data processing carried out by VIREO, the User may give access to his/her data to VIREO’s business partners within the framework of the proper execution and continuity of the service. These partners (intermediaries / subcontractors) are for example (non-exhaustive list) :

  •  
  • tax specialists / persons in charge of tax monitoring with whom the User can interact within the framework of the myTax service ;
  • wealth advisors with whom the User can interact within the framework of the myNeed service ;
  • coaches and health professionals with whom the User can interact within the framework of the myHealth service ;
  • lawyers with whom the User may interact as part of the myLawyer service.

In order to protect the User’s privacy, the persons who are authorized to access the User’s data are determined precisely according to their tasks.

Apart from authorized persons, VIREO does not pass non-anonymised personal data to third parties. However, in order to achieve the purposes detailed above (cf. point 2.1.), VIREO may be required to communicate certain information to authorized third parties such as :

  • subcontractors of IT services ;
  • certain authorities and regulators in order to comply with its legal obligations ; 
  • lawyers in the event of litigation.

4.2. How are personal data transferred and secured ?

All data entered by the User are transferred exclusively via an encrypted connection. The lock icon in the status bar of the User’s browser enables him to ensure that his data are sent in encrypted form to a server certified and authorized by VIREO.

VIREO implements an effective security policy in terms of computer data protection. In order to guarantee optimal security of its Platform, this security policy is only accessible under certain conditions.

Article 5. How long is personal data kept ? 

VIREO keeps the personal data thus collected for as long as :

  • necessary for the achievement of the purposes detailed above ;
  • a legal obligation imposes such conservation ; 
  • the applicable limitation periods have not elapsed, in order to ensure that it has the necessary information to protect itself from legal action.

Article 6. What are the User’s rights and how can they be exercised ?

As the person concerned, the User has various rights which can be exercised in the following manner.

Right to information : the User may address to VIREO any questions concerning the registration and processing of his/her data.

Right of access : the User may, at any time, obtain confirmation as to whether or not personal data concerning him/her are being processed and, if so, access to said data as well as a free copy thereof.

Right of rectification : the User may, at any time, by sending a written request to VIREO, obtain the rectification of any personal data concerning him/her that are inaccurate, bearing in mind that, in principle, only the User has control over data since it is he/she who fills in all the fields (answers to the questions) directly. The User may, in the same way, request that incomplete data be completed.

Right of deletion : the User may, at any time, by sending a written request to VIREO, obtain the partial or total deletion of his/her personal data, provided that one of the following reasons apply :

  1. Data are no longer necessary for the purposes for which they were collected and processed.
  2. The User has withdrawn the consent on which the processing was based.
  3. The User now objects to the processing and there is no compelling legitimate reason for it.
  4. The data has been processed unlawfully.
  5. The data must be deleted to comply with a legal obligation.
Right to limitation of processing : when the limitation of processing is granted, personal data may only be processed with the consent of the User or for the establishment, exercise or defence of legal rights or for the protection of the rights of another natural or legal person, or for important reasons of public interest.
 
The User may request the limitation of the processing for one of the following reasons :
 
  1. He contests the accuracy of the personal data.
  2. In case of unlawful processing.
  3. VIREO no longer needs the personal data for the purposes of the processing but they are still necessary for the establishment, exercise or defence of legal rights by the User.
  4. The User has objected to the processing (the processing will be limited for the period necessary to verify the existence of legitimate reasons on the part of VIREO which would prevail over those of the User).
Right of opposition : the User has the right to oppose, at any time and by sending a written request to VIREO, for reasons relating to the particular situation, the processing of his/her personal data necessary for the legitimate interests pursued by VIREO.
 
VIREO will no longer process such personal data unless it is shown that there are legitimate and compelling reasons for the processing that prevail over the interests of the User and his rights and freedoms, or for the establishment, exercise or defence of legal rights.
 
Should his personal data be processed for canvassing purposes, the User shall have the right to oppose such processing at any time.
 
Right of portability : the User has the right, by sending a written request to VIREO, to receive the personal data concerning him/her that he/she has provided, in a structured, commonly used and machine-readable format, as well as to transmit the data to another data controller without VIREO being able to prevent this when : 
 
  • the processing is based on consent or on a contract and that
  • processing is carried out using automated processes.
Right to withdraw consent : where the processing is based on consent, the User has the right to withdraw his consent at any time by sending a written request to VIREO at 4, Rue Jean-Pierre Brasseur, L-1258 Luxembourg, or by electronic means to gdpr@vireo.lu. Withdrawal of consent shall not affect the lawfulness of the processing based on the consent given prior to its withdrawal.
 
Right to submit a complaint : VIREO will use its best efforts to ensure compliance with its legal obligations in terms of data protection and to respond as quickly as possible to any complaint in this respect. In the event that the User is not satisfied with the response received, he/she may submit a complaint to the Data Protection Authority :
 
National Commission for Data Protection 
1, Avenue du Rock’n”Roll 
L-4361 Esch-sur-Alzette – 
+352 26 10 60 – 1

www.cnpd.public.lu/fr/support/contact.html