Privacy Policy

The Luxembourg Finance Labelling Agency a.s.b.l. (hereinafter “LuxFLAG”, “we”, “us”, “our”) is an independent and international non-profit association established in Luxembourg. At LuxFLAG, we value the right to privacy and we are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (hereinafter “GDPR”) and any applicable national data protection laws.

This Privacy Policy outlines how we collect, process, use, disclose and safeguard personal data. Furthermore, this Privacy Policy describes how you can exercise your rights with regard to your personal data. Therefore, it should be read carefully.

This Privacy Policy may be amended from time to time, if new developments require it. All updates and amendments are immediately effective by posting a revised version of this Privacy Policy on our website. Therefore, we encourage you to consult the Privacy Policy regularly to stay informed of any changes.

In the context of our activities, we may collect personal data from, but not limited to:
• clients, i.e. label applicants;
• the LuxFLAG associate members;
• people interacting with the LuxFLAG website, whether by visiting it or contacting us via the dedicated contact form;
• participants to the events (physical and/or virtual) and/or trainings organised by LuxFLAG;
• internal stakeholders, including the LuxFLAG governing members, employees and label eligibility committee members;
• applicants for a job at LuxFLAG;
• business contacts, including business partners, service providers and/or professionals providing us with their business card or otherwise contact details.

The personal data that we collect may vary depending on the interaction you have with LuxFLAG and may include without limitation the following:
• Identification data: we collect personal data, such as first and last name, email address, phone number, date and place of birth, gender, country, identification number or passport;
• Business contact information: we collect data concerning your job title, organisation name and/or email address;
• Electronic identification data: we use cookies aimed at collecting statistical data on how our website is used. Cookie-related information is stored in our browser to provide you with the best user experience;
• Financial information: we collect financial information relating to billing purposes, such as billing address and payment details;
• Event information: we collect information relating to your participation in our events, including first and last name, organisation name, short biographies (for speakers) and dietary requirements;
• Sensitive data: in the context of employment or performance and/or execution of a legal agreement, we collect sensitive data relating to criminal offences/convictions, medical or health conditions, identification number or passport.

We collect and process personal data whenever:
• you express interest in our association and services;
• you visit our website or social media pages;
• you apply for a position at LuxFLAG;
• your organisation becomes our client, associate member, business partner or supplier.
By interacting with us, directly or indirectly, you accept that we process your personal data.

We will only process your personal data when we have a legal basis to do so within the meaning of the GDPR. This includes processing your personal data in the context of the performance of a contract, compliance with legal obligations under European and national law, a legitimate interest or your explicit consent.

Contract/Pre-contract: We process your personal data when it is necessary to fulfil the terms of a contract to which you are a party or to fulfil pre-contractual arrangements before entering into such a contract. Purposes for collecting, using and processing your data include without limitation:
• managing business relationships with our clients, associate members and providers;
• managing and processing payments and fees;
• enabling the exchange of information with our clients, associate members and business partners.

Legal Obligation: We process your personal data when it is necessary to comply with a legal obligation to which we are subject. Purposes for collecting, using and processing your data include without limitation:
• complying with laws, regulations, court orders or other legal requirements;
• responding to lawful requests by public authorities, including meeting national security or law enforcement requirements;
• maintaining records for tax, audit and other regulatory purposes.

Legitimate Interest: We process your personal data when it is in our legitimate interest to do so and this interest is not overridden by your data protection rights. Purposes for collecting, using and processing your data include without limitation:
• enhancing understanding on how our products and services are used;
• improving our products, services and communications, as well as users’ online experience when visiting our website;
• ensuring the security of our services, networks and systems.

Consent: We process your personal data based on your explicit consent in specific circumstances. Purposes for collecting, using and processing your data include without limitation:
• contacting you in case of applying for a position at LuxFLAG;
• sending you marketing communications about our products and services if you have agreed to receive them;
• managing the expression of interest in our products and services throughout our website, social media pages or other means.

We do not sell, trade or rent your personal data to third parties.

We may share your personal data with trusted service providers who assist us in conducting our activities. We ensure that such third parties are GDPR compliant and perform their activities in the context of professional secrecy.

We will disclose your personal data, if required by law, a government body or a private party, in connection with a lawsuit, court decision, investigation or similar proceedings.
Furthermore, we may share your personal data with third parties when you have authorised us to do so.

We recognise your trust and we are dedicated to implementing appropriate IT technical and organisational standards to safeguard the personal data you provide to us against unauthorised access, alteration, disclosure or destruction.
Despite our efforts, no security measures are impenetrable. We cannot guarantee the security of your information transmitted to us over the internet.

We will retain your personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer or shorter retention period is required or permitted by law.

You have the right to access, rectify or erase your personal data held by us. You also have the right to restrict or object to certain processing activities.

You have the right to withdraw your consent at any time, where we rely on consent for processing your personal data.

If you have any questions or concerns about this Privacy Policy or our practices regarding your personal data, please contact us at legal@luxflag.org.

By using our website or participating in our events, you consent to the collection and use of your personal data as described in this Privacy Policy.