CRM Privacy Notice

Last revised: August 2021

1. An overview of data protection

The Luxembourg Institute of Science and Technology (hereafter “LIST”, “We”) is committed to ensure the highest standards of data protection in compliance with the applicable legislation, notably with reference to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”).

The present document aims at illustrating what personal data we collect about you, the reason why LIST uses your data and, as the case may be, share your data and the applicable retention periods. Additionally, the notice also provides you with information regarding your rights, how to exercise them and whom you can contact in case of any query.

2. Scope of the notice

The present notice is directed to all individuals whose personal data are recorded in our Customer Relationship Management tool (hereinafter, the “tool”).

3. Identity of the data controller

The data controller is LIST, having its registered office at 5, Avenue des Hauts-Fourneaux L-4362 Esch-sur-Alzette, Luxembourg.

4. Categories of personal data we collect

We collect personal data about qualified contacts, who have been in contact with us and shown interest in LIST. These data will only be added to the tool after the occurrence of a first meeting with LIST.

Please find here below a list of personal data we may collect and process. Those may at times include:

  • Contact details (such as name, surname, professional e-mail address, professional telephone number),
  • Professional information (such as company/organisation, current role).

5. Purpose and legal basis for processing

Please find here below a list of the purposes for which LIST collects and processes your personal data:

  • To manage our relationship with you,
  • To provide and improve our services,
  • To manage and facilitate coordination of business partnership and service opportunities,
  • To document LIST relationships with external organizations, persons, meetings and opportunities,
  • To internally report about partnership development activities.

Please find here below a list of the legal basis on whose grounds LIST collects and processes your personal data:

  • LIST’s legitimate interest: in accordance to LIST mission as defined by legislation, LIST has the specific mission to perform activities for the needs and interests of public and private stakeholders. Therefore, LIST needs to ensure continuous contacts with businesses to meet its mission and grow its impact. Colleting contact details from individuals that demonstrated having an interest in LIST is necessary for this purpose.

Please kindly note that you can object to the processing of your personal data by sending an e-mail to crm@list.lu.

6. Share of your personal data with third parties

Please kindly note that LIST will not share any of your personal data with any third part. Moreover, access to your personal data will only be accessible is strictly limited to LIST’s employees who are authorised to process them for the purposes mention in Section 5 of this document and based on their professional role.

7. Ensuring personal data security and integrity

In compliance with the applicable data protection legislation, LIST has put in place appropriate technical and organisational measures in order to prevent or act upon any unauthorised and unlawful processing or disclosure, accidental loss, modification or destruction of personal data. These measures are implemented based on the current state of art, an evaluation of the risks derived by the processing activity and the need to protect personal data. Such technical and organisation measures are regularly updated and/or adjusted to new technical developments or any organisational change that may affect LIST.

8. Data retention periods

LIST will only retain your personal for a period of three (3) years from the creation of your account. Upon expiration of this period, your account shall be retained only on justified basis due to an ongoing relationship with you or to the existence of a business partnership or service opportunity. In such cases, LIST ensures to perform an annual review of the persistence of such justifications.

9. Your rights and how to exercise them

With regards to your personal data collected and processed by LIST, you may exercise at any time the following rights:

  • Right to access: You have the right to receive confirmation about whether or not your personal data is being processed by LIST. If that is the case, you have the right to know what data is being collected and processed and to obtain of copy of it;
  • Right to rectification: If the personal data we hold about you is inaccurate or incomplete, you have the right to request to have it rectified;
  • Right to erasure: Subject to certain conditions specified in art. 17 of the GDPR, you have the right to have your personal data deleted by LIST;
  • Right to restriction of processing: Subject to certain conditions specified in art. 18 of the GDPR, you have the right to obtain restriction of the processing of your personal data performed by LIST;
  • Right to data portability: Subject to certain conditions specified in art. 20 of the GDPR, you have the right to obtain a copy of the personal data you provided to LIST in in a structured, commonly used and machine-readable format and to request the transfer of these data to another data controller;
  • Right to object: You have the right to object the processing of your personal data when the conditions set out in art. 21 of the GDPR apply;
  • Right to withdraw consent: If LIST is processing your personal data based on your consent, you have the right to withdraw that consent at any time. The withdrawal of such consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (CNPD). More information on how to lodge a complaint are available on CNPD’s website:https://cnpd.public.lu.

You may exercise any of these rights by contacting our Data Protection Officer (DPO):

  • by email at the following address: dpo@list.lu,
  • or by post at:

Luxembourg Institute of Science and Technology
Attn. Data Protection Officer
5, Avenue des Hauts-Fourneaux
L-4362 Esch-sur-Alzette, Luxembourg.

Please kindly note that your rights are not absolute and they may be withheld in accordance with applicable data protection laws. In such event, LIST will provide you with the reasons for not complying with your request. In such case, you may lodge a complaint with the CNPD and seek a judicial remedy against such decision.

10. Changes to this notice

LIST may make changes to this privacy notice from time to time, to reflect our current privacy practices or to comply with changes in the applicable data protection legislation. LIST encourages you to regularly visit this page in order to remain informed on how LIST collects and processes personal data.

Partager cette page :