top of page
logo TM_Luxembourg school of Etiqete_alf
PRIVACY POLICY

Contents

  1. Introduction

  2. Identity of the Data Controller and Contact Details

  3. What are the data protection rules?

  4. Special Category Data

  5. Criminal Conviction Data

  6. Type of Information Collected

  7. Technical Information We Collect on Our Website

  8. How we may use this technical information 

  9. Use of Information Collected 

  10. Marketing 

  11. Third Party Data Processors 

  12. International Transfers 

  13. Data Retention 

  14. Your Data Protection Rights 

  15. How You Exercise Your Rights 

  16. Your Right to Lodge a Complaint

  17. Consent 

  18. Security of your Personal Data 

  19. Sale of Business 

  20. Existence of Automated Decision-Making 

  21. Children’s Personal Data 

  22. Changes to the Privacy Policy 

  23. Policy Approval 

 

1. Introduction

Thank you for visiting our website (“www.luxetiquette.lu” including any mobile or other applications giving you access to websites).

This Policy sets out the obligations of Mrs. Angela Domasova, founder of Luxembourg School of Contemporary Etiquette (the LSCE), registered in Luxembourg under number № 10100844/0, (“the Controller”) regarding retention of personal data collected, held, and processed by the Controller in accordance with EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).

The GDPR gives the following definition for “personal data” - any information relating to an identified or identifiable natural person (a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The GDPR also addresses “special category” personal data (also known as “sensitive” personal data). Such data includes, but is not necessarily limited to, data concerning the data subject’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for ID purposes), health, sex life, or sexual orientation.

Under the GDPR, personal data shall be kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. In certain cases, personal data may be stored for longer periods where that data is to be processed for archiving purposes that are in the public interest, for scientific or historical research, or for statistical purposes (subject to the implementation of the appropriate technical and organisational measures required by the GDPR to protect that data).

In addition, the GDPR includes the right to erasure or “the right to be forgotten”. Data subjects have the right to have their personal data erased (and to prevent the processing of that personal data) in the following circumstances when:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or processed (see above);

  • the data subject withdraws their consent;

  • the data subject objects to the processing of their personal data and the Company has no overriding legitimate interest;

  • the personal data have been unlawfully processed;

  • the personal data has to be erased to comply with a legal obligation;

  • the personal data is processed for the provision of information society services to a child.

 

This Policy sets out the type(s) of personal data held by the Controller for reasonable business purposes relating to the provision and marketing of its services, the period(s) for which that personal data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

2. Identity of the Data Controller and Contact Details

Luxembourg School of Contemporary Etiquette a project run by Angela Domasova, a private entrepreneur registered in Luxembourg. It provides educational services and organizes events to companies and private persons.

You can contact Mrs Domasova at:

Telephone: +352 661155477

Email: info@luxetiquette.lu

Data protection provides rights to individuals with regard to the use of their Personal Data by organisations, including Luxembourg School of Contemporary Etiquette. Luxembourg and EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of Personal Data.

Compliance with the data protection rules is a legal obligation. In addition, our compliance with the data protection rules helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle personal information.

“Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any Personal Data is processed, who/which make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.

For the purposes of the GDPR, Angela Domasova is the data controller with regard to the Personal Data described in this Privacy Policy.

3. What are the data protection rules?

This Policy aims to ensure compliance with the relevant data protection laws. We aim to comply with the following:

  • Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner.

  • Purpose Limitation. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

  • Data minimisation – Personal Data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed.

  • Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate Personal Data should be corrected or deleted.

  • Retention – Personal data should be kept in an identifiable format for no longer than is necessary.

  • Integrity and confidentiality – Personal data should be kept secure.

  • Accountability – An important change for Data Controllers. Under the GDPR, we must not only comply with the above six general principles but we must be able to demonstrate that we comply by documenting and keeping records of all decisions.

 

4. Special Category Data

We will not collect special category data from you.

5. Criminal Conviction Data

We will not collect criminal conviction data from you.

6. Type of Information Collected

We collect two types of information:

“Personal data” means any information relating to and identified or identifiable natural person. We will collect this from you when you:

  • ask about our activities

  • register with us, for example, to take part in a training workshop

  • order products and services from us, such as email newsletters

  • seek assistance and support, for example, by emailing us or completing an online contact form

  • become a member

  • buy a ticket to an event

  • visit our website (this will depend on cookies and tracking) or

  • otherwise give us personal information via any of our digital platforms.

  • Information about your location when you access the Site.

We hold many types of data about you, including:

  • your personal details including your name, email address, phone number, date of birth and type of business

 

7. Technical Information We Collect on Our Website

“Non-Personal Data”. Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This non-Personal Data comprises information that cannot be used to identify or contact you. We will collect this from you when you visit our website and accept cookies. This information includes standard information from you (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on our website (such as the web pages viewed and links clicked). Our use of cookies to process information is explained within this policy.

This site uses cookies to enable us to improve our service to you and to provide certain features that you may find useful.

Cookies are small text files that are transferred to your computer’s hard drive through your web browser to enable us to recognise your browser and help us to track visitors to our site. A cookie contains your contact information and information to allow us to identify your computer when you travel around our site for the purpose of helping you accomplish your goal. Most web browsers automatically accept cookies, but, if you wish, you can set your browser to prevent it from accepting cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. The cookies we use do not detect any information stored on your computers.

We use cookies to monitor customer traffic patterns and site usage to help us develop the design and layout of the websites. This software does not enable us to capture any personal information.

Certain information in relation to web usage is revealed via our internet service provider who records some of the following data. The information we receive depends upon what you do when visiting our site:

  • The logical address of the server you are using.

  • The date and time you access our site.

  • The pages you have accessed and the documents downloaded.

  • The previous Internet address from which you linked directly to our site.

  • Some of the search criteria you are using

 

8. How we may use this technical information

Aggregate cookie and tracking information may be shared with third parties.

The technical information is used to allow us improve the information we are supplying to our users, to find out how many people are visiting our sites and for statistical purposes.

Some of the above information is used to create summary statistics which allow us to assess the number of visitors to the different sections of our site, discover what information is most and least used, inform us on future design and layout specifications, and help us make our site more user friendly.

We will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. We will only use the technical information for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, are not “Personal Data” within the meaning of the GDPR.

9. Use of Information Collected

We collect and use your information for the following purposes:

  • To perform the services requested, for example, if you fill out the “How can we help you?” Web form, we will use the information provided to contact you about your request. This data processing is necessary to provide or fulfil a service requested by or for you.

  • To perform marketing purposes, for example, we may use information you provide to contact you to further discuss your interest in the service and to send you information regarding the organisation such as our products, services, or events. This data processing for marketing purposes is a legitimate business interest.

  • To operate and improve our Website, for example, we may analyse and process information for the purpose of improving the customer experience. Information collected may include your browser type and language, or the city or region or country from which you accessed the Website, as well as the ways you interact with the Website, such as pages visited, time spent on pages, the number of clicks and the domain names. We may use third-party analytic providers and technologies, including cookies and similar tools, to assist. We process this information given our legitimate business interest to improve the [organisation name] Website and our customer’s experience with it.

  • For payment purposes, for example, to collect payment from you where applicable. This data processing is necessary to provide or fulfil a service requested by or for you.

 

10. Marketing

We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. At the point at which you provide us with your Personal Data you will be asked whether you wish to receive any marketing communications from us.

We may use your Personal Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

We will not share your Personal Data with any third party for marketing purposes.

You may object to direct marketing by using the contact details herein to opt-out.

11. Third Party Data Processors

We may use trusted third parties as data processors.  We require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with Irish and EU laws on data protection. Any such organisation or individual will have access to personal information needed to perform these functions but may not use it for any other purpose.

Specifically, we need to have written agreements in place with all of our data processors and, before we sign each agreement, we need to have vetted and be satisfied with the processor’s data security. The agreements also need to contain specific clauses that deal with data protection.

We use the following categories of data processors in the course of our business:

  • Cloud Service Provider, Cloud-based Support Services, Cloud-based Email Notification Services.

 

These categories may be updated from time to time and for an updated list of categories of data processors you should check this Privacy Policy periodically.

We use the following third party data processors in the course of our business:

  • Google GSuite for Business (incl. Gmail)

  • Zapier

  • 20i

  • Webflow

  • Paypal

  • Stripe

  • Plasso

  • MailChimp

  • Eventbrite

  • Content Cal

 

We may pass on your details if we are under a duty to disclose or share a Data Subject’s Personal Data in order to comply with any legal obligation, or in order to enforce or apply any contract with the Data Subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes reporting information about incidents (as appropriate) to the law enforcement authorities and responding to any requirements from law enforcement authorities to provide information and/or Personal Data to them for the purposes of them detecting, investigating and/or prosecuting offences or in connection with crime sentencing.  

Other than the above, we will not disclose personal information to any third party without your consent except in incidences where an individual is potentially at risk or where the law requires it.

 

12. International Transfers

When we transfer your Personal Data out of the EEA, we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.

  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.

  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US.

 

Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

 

13. Data Retention

We have a documented data retention schedule. We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for and for up to seven (7) years afterwards or otherwise permitted by applicable laws. We may also retain your information during the period of time needed to complete our legitimate business operations, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

14. Your Data Protection Rights

Under certain circumstances, by law you have the right to:

  • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.

  • Request access to your personal information (commonly known as a “Data Subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

  • Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.

  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.

 

15. How You Exercise Your Rights

We monitor compliance with our data protection obligations and with this policy and our related policies. If you have any questions about this policy or about our data protection compliance, please contact the Data Controller referred to earlier.

Data subjects must make a formal request for Personal Data we hold about them or otherwise to exercise their data protections rights whether to make an access request or otherwise by contacting our Data Controller who will respond to the request within 30 days.

We are obliged to comply with exceptions to your requests where laid out in law. Such exceptions relate to health data, disclosures that would be likely to cause serious harm to your physical or mental health or emotional condition and opinions given in confidence.

 

16. Your Right to Lodge a Complaint

You as the Data Subject have the right to complain at any time to a data protection supervisory authority in relation to any issues related to our processing of your Personal Data. As our organisation is located in Luxembourg and we conduct our data processing here, we are regulated for data protection purposes by the National Data Protection Commission (CNPD).

You can contact the Data Protection Commissioner as follows:

Use their website https://cnpd.public.lu

Address: 1, avenue du Rock’n’Roll, L-4361 Esch-sur-Alzette

Telephone: (+352) 26 10 60 -1

Fax: (+352) 26 10 60 29

E-mail: info@cnpd.lu

 

17. Consent

By consenting, where this is the appropriate grounds, to our processing your Personal Data in line with this Privacy Policy you are giving us permission to process your Personal Data specifically for the purposes identified.

You may withdraw consent at any time by providing an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify withdrawal of consent to the processing of Personal Data relating to you. If you have any queries relating to withdrawing your consent, please contact our Data Protection Officer using the contact details set out below.

Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.  

18. Security of your Personal Data

We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data.

We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if they agree to comply with those procedures and policies, or if they put in place adequate measures himself. In addition, we have appropriate written agreements in place with all of our data processors.

We maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:

  • Confidentiality means that only people who are authorised to use the data can access it.

  • Integrity means that Personal Data should be accurate and suitable for the purpose for which it is processed.

  • Availability means that authorised users should be able to access the data if they need it for authorised purposes.

 

We follow strict security procedures in the storage and disclosure of your Personal Data, and to protect it against accidental loss, destruction or damage. We use third party vendors and hosting partners to provide the necessary hardware, software networking, storage, and related technology required to run. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques.

19. Sale of Business

Situations may arise where it is necessary to transfer information (including your Personal Data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our organisation provided that the third party agrees to adhere to the terms of the Privacy Policy and provided that the third party only uses your Personal Data for the purposes that you provided it to us. The Personal Data transferred will be limited to that which is absolutely necessary. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.

20. Existence of Automated Decision-Making

Automated Decision Making refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.

As Profiling uses automated processing, it is sometimes connected with automated decision making. Not all profiling results in automated decision making, but it can do.

As a responsible company, we do not use automatic decision-making or profiling.

21. Children’s Personal Data

If you would like to make use of our services and you are not yet 18 years old, we require that an adult is present when you register. Where consent is required to process your Personal Data as a child, we will obtain that consent from the adult who is authorised to give the consent on your behalf.

You must be at least 18 years old to create an account and engage in activities and transactions on our digital and social media. By creating an account or engaging in activities or transactions on our digital and social media, you affirm that you are at least 18 years old and are fully able to enter into and comply with our regular Terms of Use and this Privacy. If we are notified or learn that a child has submitted Personal Data to us through our digital or social media, we will delete such Personal Data.

22. Changes to the Privacy Policy

Any changes to this Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Policy, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your information in the new manner.

23. Policy Approval

This Policy has been approved and authorised by:

NAME: Angela Domasova

POSITION: Founder

DATE: 19/06/2019

POLICY IMPLEMENTATION DATE: 19/06/2019

bottom of page