We greatly value the confidentiality of your information. This privacy notice explains what data we collect about you and how we use them as well as the rights you have and how you can exercise them. We are committed to implementing all appropriate means to maintain the confidentiality and integrity of your personal data.
1. Who are we?
Association Professionnelle des Courtiers en Assurance au Luxembourg a.s.b.l. (“APCAL” or “we”) collect your personal data for its own account as a data controller.
You can reach us via the following contact information:
Mail: 3, rue des Foyers
Tel: 00 352 621 17 26 76
Personal data is any information about an identified or identifiable individual (e.g., person’s name, photo, phone number, contract number, password, etc.).
The data controller, within the meaning of European privacy regulation, is the person who determines the purposes and means of processing personal data.
2. What personal data do we collect?
Only the personal data that is strictly necessary for the performance of the following purposes will be processed. As part of our business, and based on your particular situation, we may process the following data:
- your identification and contact data
- your ID on our website;
- your bank account number
- your annual revenue and membership level, if this information can be connected to a single person;
- information about the training you may be enrolled in with the APCAL;
- and any other information that you provide to us with spontaneously.
- In some cases we have to use personal data relating to people other than you, and for example data relating to your employees, your legal/statutory representatives, shareholders/partners. If you provide us with such data, you agree to inform the data subjects and, if the data relates to the health of those individuals, you agree to collect their explicit consent.
Under no circumstances will we process sensitive data.
3. How do we use your personal data?
3.1. For what purposes and on which legal basis do we use personal data?
We use your personal information based on our legitimate interest in:
ensuring the administrative management of our members;
ensuring the management of contributions
managing our website;
managing our contact list;
managing the training we offer you;
managing the accounting of our association.
3.2. Do we use your personal data to make automated decisions?
We do not use your data for profiling purposes or to make automated decisions. If we decide in the future to do so, we will let you know beforehand and expose the logic behind such decision, as well as the importance and expected consequences of this processing.
4. Why is it necessary to provide us with your personal data?
If you refuse to provide us with the data requested for certain services (such as the management of membership applications, training, etc.), we may be unable to carry out your requests.
5. Where and how do we transfer your personal data?
5.1. Who has access to and to whom is your personal data transferred?
To protect your privacy, people who are authorised to access your data are determined accurately based on their tasks.
Under no circumstances will we sell your personal data to third parties.
5.2. To where do we transfer your personal data?
Under no circumstances will we transfer your personal data outside of the European Economic Area (“EEA”).
6. For how long will your personal data be kept?
We will keep your data for as long as:
- it is necessary for the fulfilment of the purposes detailed above, or;
- if a legal obligation requires such keeping (e.g. the retention of accounting documents);
- the applicable statute of limitations will not expire to ensure that we have the information necessary to protect us from any legal action.
7. What are your rights and how can you exercise them?
As a data subject, you have different rights. Below is a brief description of these rights and how you can exercise them.
Right to Information – You may contact us with any questions regarding the registration and processing of your data.
Right of Access – You may at any time obtain confirmation about whether or not your personal data is processed and, if applicable, access to such data and a free copy thereof. Any additional copies will be provided to you with the prior payment of the administrative fees.
Right to Rectification – You may, at any time, by sending us a written request, obtain rectification of your personal data that is inaccurate. You can also request that incomplete data be completed.
Right to Erasure – You may, at any time, by sending us a written request, obtain the erasure of your personal data, provided that any of the following reasons apply:
- the data is no longer necessary for the purposes for which it was collected and processed;
- You have withdrawn your consent on which the processing was based;
- you oppose the processing and there is no compelling legitimate reason for it;
- the data has been subject to unlawful processing;
- data must be erased to comply with a legal obligation.
Right to restriction of processing – When the restriction of processing is granted, personal data may no longer be processed with the consent of the data subject, or for the finding, exercise or defence of legal rights, or for the protection of the rights of another individual or legal person, or for important reasons of public interest.
You may request restriction of processing for any of the following reasons:
you challenge the accuracy of the personal data;
in the event of unlawful processing;
when we no longer need your personal data for the purposes of processing, but these are still necessary for the establishment, exercise or defence of legal rights;
when you have objected to processing (processing will be limited during the period necessary to check for legitimate grounds on our principle, which shall prevail over yours).
Right to Object – You have the right to object, at any time, by sending us a written request, for reasons relating to your particular situation, to the processing of your personal data based on the performance of a task that is in the public interest or that is necessary for the purposes of the legitimate interests we pursue.
We will no longer process said personal data unless it is shown that there are legitimate and compelling grounds for processing that prevail over your interests and your rights and freedoms, or for the finding, exercise or defence of legal rights.
Where your personal data is processed for purposes of prospecting, you have the right to object to this processing at any time.
Right to Portability – You have the right, by sending us a written request, to receive the personal data about you that you have provided us in a structured, commonly used and machine-readable format, and to transmit this data to another data controller without any obstruction, when:
- the processing is based on your consent or on a contract; and
- processing is performed using automated processes.
Right to Withdraw Consent – When the processing is based on your consent, you have the right to withdraw your consent at any time by sending us a written request. Withdrawal of your consent will not harm the lawfulness of processing based on consent carried out prior to withdrawal.
Right to lodge a complaint – We make our best efforts to ensure compliance with our legal obligations on data protection and to promptly respond to any claims we may have in this regard. In the event that you are not satisfied with the response received, you have the option to lodge a complaint with the Data Protection Authority.
Commission nationale pour la protection des données
[National Data Protection Authority]
1, avenue du Rock’n’Roll
Tel: (+352) 26 10 60 -1