Privacy and data protection policy

This Privacy Policy governs how LuxTrust processes the Personal Data of Users of the platform, accessible from the websites www.fairandsmart.com, in the European Regulation on the protection of personal data 679/2016 of 27 April 2016 (“GDPR”), and any national transposition text (together, the “Applicable Regulations”).

1. General provisions and identity of the data controller

This privacy policy is applicable between:

On the one hand,

LuxTrust SA, 13-15 Parc d’activités, L-8308 Capellen, hereinafter the « LuxTrust » ou « we »,

On the other hand,

Any person accessing the platform or connecting to the website fairandsmart.com, hereinafter the “User” or “you”.

For the purposes of this Privacy Policy, and for the purposes of the Processing described below, LuxTrust is considered to be the Data Controller.

Legal reminder:

The data controller is, within the meaning of the Data Protection Act and the GDPR, the person who determines the means and purposes of the processing. Where two or more controllers jointly determine the purposes and means of the processing, they are joint controllers.

The processor is a person processing personal data on behalf of the controller, acting under the authority of and on the instructions of the controller.

 

2. Définitions

• « Customer »: means the organisation using the Platform and having access to the Services.

• « Account »: means the Customer’s account on the Platform allowing access to the ordered Services. Access to the Account is made through the Customer’s Identifiers.

• « Data »: means the personal data that is Processed in accordance with this Privacy Policy.

• « Personal Data »: means personal data as defined in Article 4 (1) of the GDPR.
• « Identifiers »: means the confidential identification codes and passwords allowing access to the Account. These Identifiers are chosen by the Customer. They are for the exclusive use of the Customer who is solely responsible for them.

• « Platform »: means the web application to which the Customer must connect from a browser to access the LuxTrust Services.

• « General Data Protection Regulation » ou « GDPR »: means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

• « Service »: means all the services offered by LuxTrust via the Platform: Cookies Consents, Right Consents, Right Requests, Right Data.

• « Site »: means the websites accessible at fairandsmart.com the Site includes all web pages, services and functionalities provided to Users.

• « Processor »: means the natural or legal person, public authority, department or other body that Processes Personal Data on behalf of and under the instructions of LuxTrust in accordance with Article 4 (8) of the GDPR.

• « Processing »: means any of the operations referred to in Article 4 (2) of the GDPR, carried out on Personal Data in the context of the execution of this Privacy Policy.

• « User »: means any person who logs on to the Site or has an Account.

• « Personal Data Breach »: means security breaches as referred to in Article 4 (12) of the GDPR.

 

3. Purposes of processing and legal bases

LuxTrust collects only the Data necessary for the purposes explicitly stated below:

a) Provision of the Platform Services

Details of processing operations
• User access to the Platform
• Provision of Services via the Platform
• Customer relationship management (account management, commercial management, customer relationship monitoring).

Legal basis
The performance of the contract between the Customer and LuxTrust for the provision of the Services and the management of the Customer relationship.

b) Managing the proper functioning of the Site

Details of processing operations
• Ensure the proper functioning and continuous improvement of the Site, its functionalities and the Services it provides.

Legal basis
LuxTrust’s legitimate interest in guaranteeing the best possible level of operation and quality of the Site, in particular through visitor statistics.

The User’s consent, if applicable.

c) Making contact

Details of processing operations
• Response to contacts via the form available on the Site.

Legal basis
Responses to contacts are made on the basis of the User’s consent.

d) Sending documentation (white papers, computer graphics, etc.)

Details of processing operations
• Responses to requests for documentation.

Legal basis
Documents are sent on the basis of the User’s consent.

e) Sending newsletters

Details of processing operations
• Dissemination tool allowing to send a newsletter to Users who have requested it.

Legal basis
Newsletters are sent on the basis of the User’s consent.

f) Managing the exercise of your rights

Details of processing operations
• Management of requests for the exercise of rights that you send to us.
In this regard, LuxTrust has developed a Rights Mangement Charter in order to inform you more specifically about this processing.

Legal basis
LuxTrust’s legal obligation to respond to Users’ requests to exercise their rights in relation to their personal data and the processing thereof in application of the GDPR (Article 15 et seq.)

 

4. Données collectées

The mandatory or optional nature of the Personal Data collected and the possible consequences of a failure to reply are indicated during the various contacts with the persons concerned.

Details of the Personal Information we may hold about you are set out below.

NB : the details provided below are not intended to be exhaustive and are intended primarily to inform Users of the categories of Data that LuxTrust may process.

For making contact, documentation and newsletters
• Identity and contact data : surname, first name, email address

For the provision of Platform Services
• Identity and contact data : surname, first name, email address

 

5. Login data and cookies

LuxTrust uses connection data and cookies to identify you, to memorise your visits, and to benefit from audience measurement and statistics, particularly relating to the pages consulted, for the proper functioning of the Site and the Services.

We collect this information in the following ways:

• Log files: when you use our Services, connection data may be automatically recorded in our server logs such as your IP address, your unique identifier, your operating system and its location, the type of browser you are using, the pages you have visited.

• Cookies : when you visit our site, cookies are placed on your computer. These cookies allow us to authenticate you, to identify you, to accelerate your navigation on our Site and to access its various functionalities.

If you do not want your Data to be collected through cookies, you can set your choices from the cookie management panel, which is always accessible from the bottom corner of your screen.

You can also disable cookies directly in your browser. However, this may reduce the performance and functionality of the platform and its tools.

 

6. Data recipients

Only the authorised and persons specifically mentioned below may have access to User Data.
• Authorised LuxTrust personnel;
• The Site host;
• The publisher and host of our CRM solution;
• Where appropriate, the authorised personnel of our processors ;
• Where appropriate, LuxTrust’s DPO
• Where appropriate, supervisory bodies, relevant courts, mediators, accountants, auditors, lawyers, bailiffs;
• Third parties who may place cookies on your terminals (computers, tablets, mobile phones, etc.) when you consent to them.

Certain categories of processors have access to the data collected:

• The Site host: OVH, 2 rue Kellermann, 59100 ROUBAIX
o Storage location: France
• The publisher and host of our CRM solution: HubSpot France SAS, 277 rue Saint-Honoré, 75008 PARIS
o Storage location: European Union
• The publisher and host of our emailing solution: Sendinblue, 55 rue d’Amsterdam, 75008 PARIS
o Storage location: European Union
• The platform host: OVH, 2 rue Kellermann, 59100 ROUBAIX
o Storage location: France
• The host of the data backup copies: Scaleway, 8 rue de la Ville l’évêque 75008 PARIS
o Storage location: France
• The publisher and host of our technical support solution: Atlassian, 341 George Street, Sydney NSW2000, Australia
o Storage location: World

Your data will not be passed on, exchanged, sold or rented to anyone other than those mentioned above.

 

7. Data retention period

LuxTrust s’engage à ce que les Données collectées soient conservées sous une forme permettant votre identification pendant une durée qui n’excède pas la durée nécessaire aux finalités pour lesquelles ces Données sont collectées et traitées.

Pour la fourniture des Services de la Plateforme
Les données sont conservées pendant toute la durée nécessaire à l’exécution du contrat et jusqu’à trente (30) jours après la fin du contrat.

Pour la gestion du bon fonctionnement du Site
Les données de navigation sont conservées pendant six (6) mois.

Pour l’envoi de documentation, la prise de contact et la gestion de la base clients
LuxTrust undertakes to ensure that the Data collected is kept in a form that allows your identification for no longer than is necessary for the purposes for which the Data is collected and processed.

For the provision of Platform Services
The data is kept for the duration necessary for the execution of the contract and up to thirty (30) days after the end of the contract.

For managing the proper functioning of the Site
Navigation data is kept for six (6) months.

For sending documentation, making contact and managing the customer base
The data is kept for a period of three (3) years from the date of the last contact with LuxTrust.

For sending newsletters
The data is kept until the User unsubscribes via the link provided for this purpose.

For managing your rights
The data is kept for a period of six (6) years from the date of LuxTrust’s response to your request.

 

8. Vos Droits

In accordance with the Data Protection Act and the GDPR, you have the following rights:

• Right of access (article 15 GDPR), rectification (article 16 GDPR) and update;
• Right to block or erase your personal data (article 17 GDPR), when it is inaccurate, incomplete, ambiguous, out of date, or whose collection, use, communication or storage is prohibited;
• Right to withdraw your consent at any time (article 13-2c GDPR) ;
• Right to restrict the processing of your data (article 18 GDPR) ;
• Right to object to the processing of your data (article 21 GDPR) ;
• Right to the portability of the data you have provided to us, when your data is subject to automated processing based on your consent or on a contract (article 20 GDPR) ;
• Right to lodge a complaint with the CNIL (article 77 GDPR) ;
• Right to define the fate of your data after your death and to choose whether or not we communicate your data to a third party that you have previously designated.

In the event of your death and in the absence of instructions from you, we undertake to destroy your data, unless its retention is necessary for evidential purposes or to meet a legal obligation.

These rights can be exercised by post: DPO FAIR & SMART, HAAS Avocats, 32 Rue La Boétie 75008 Paris, by email to dpo@fluxtrust.lu, by proving your identity by any mean.

To find out more, consult our Rights Management Charter

To find out more about your rights, you can also consult the website of the Luxembourg Data Protection Authority (CNPD) at the following address: Commission nationale pour la protection des données – Luxembourg (public.lu)

 

9. Security

LuxTrust and its possible Processors undertake to implement all technical and organisational measures in order to ensure the security of the Processing of Personal Data and the confidentiality of your Data, according to current technical means and in application of the European Data Protection Regulation (GDPR).

Your data relating to the use of the platform and the navigation of our websites is stored in a secure manner, through our hosting service providers OVH and Scaleway.

LuxTrust takes the necessary precautions, with regard to the nature of your Data and the risks presented by our Processing, to preserve the security of the Data and, in particular, to prevent it from being deformed, damaged or accessed by unauthorised third parties (physical protection of the premises, authentication process for our customers with personal and secure access via confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).

 

10. Absence de transferts hors UE

The Personal Data collected by LuxTrust is stored and processed in the European Union, where LuxTrust or its Processors are located or operate facilities.

The data from our CRM solution (Hubspot) is hosted in the European Union. Any transfers outside the EU (https://legal.hubspot.com/fr/dpa) are governed by different mechanisms implementing appropriate safeguards:

• the development by Hubspot of approved Binding Corporate Rules;

• the conclusion of Standard Contractual Clauses with Hubspot.

The data of our technical support solution (JIRA Service Management) is hosted within and outside the European Union. Any transfers outside the EU (https://www.atlassian.com/fr/trust/privacy/country/europe-and-gdpr) are governed by different mechanisms implementing appropriate safeguards:

• the development by Atlassian of approved Binding Corporate Rules;

• the conclusion of Standard Contractual Clauses with Atlassian.

 

11. Update of our privacy policy

This Privacy Policy is subject to change, in particular in accordance with various legislative and regulatory developments. To this end, the User may consult the update directly on the Site.