id Linked® Data Protection Notice
Version last up dated on February 23, 2022
id Linked S.à r.l.,
2 rue Edward Steichen, L-2540 Luxembourg, registered with the Luxembourg Trade and Companies Register under number B.249.635 (“we”, “us” or “our”) collects and processes information about individuals using our services, e.g. our b2b search match-making platform “id Ship” and the Online Service platform and marketplace “id Market”, as registered users (“Customer(s)”) or visitors of the Website “idlinked.eu” (“Visitor(s)”) who may wish to contact us (“you” or “yours”) or other id Linked customers. This notice aims at informing you about what information we collect, how we process it, why we do so and when we share it with others. This notice does not apply to information related to legal persons.
By customers and prospects we mean natural persons acting in their own right or representing, or working for or on behalf of, any undertaking (irrespective of form or jurisdiction and including any entity which forms part of the group of companies to which the Customer or prospect belongs) to whom we provide or are likely to provide services (irrespective of whether done free of charge or for remuneration).
We need to collect and process certain information about you for the purposes of entering into and performing a contract with you as well as for maintaining our commercial and contractual relationship. If you do not provide us with such information, we may not be in a position to enter into, execute or perform a contract with you nor provide our services to you.
We will inform you if, as a result of your refusal to provide certain information or your exercise of the rights afforded to you by law (as further described below), this may result in the termination of the contract we have with you or have other consequences for you.
This data protection notice will continue to produce its effects as applicable after the end of the contracts we entered into with our Customers.
1. Who is the controller of your information?
As required by applicable data protection law, we inform you that we are the controller of the information we collect about you. Such legislation includes the Regulation (EU) 2016/679 of 27 April 2016 (the “GDPR”) and any other applicable national or supranational statutory law (together the “Data Protection Legislation”).
For any questions about our processing of personal information you may contact us at the following address:
2. What information we collect?
The information we collect may include:
(a) contact information such as your name, address (private and/or professional), telephone numbers and e-mail addresses (private or professional), date of birth;
(b) government identification data such as copy of identity card or passport, official identification number (e.g. tax identification number, trade register number, VAT number);
(c) payment data such as bank details or other online payment data;
(d) professional information such as uploaded CVs, company presentations and other information related to work status and any other professional data as provided by a Customer such as trade register number, VAT number, etc. for the use of certain features offered by id Linked;
(e) access data such as login data and log-files data (e.g. IP address, time stamp); and
(f) any other personal or company data you provide us with in the course of your pre-contractual, contractual and commercial relationship (together “Client Data”).
3. What are the legal bases for and the purposes of our processing?
We collect, use, store, share and otherwise process your Client Data as following (not exhaustive examples).
|Legal bases||Purposes (together, “Purposes”)||Categories of personal data (by reference to information referred to under section 2 above)|
|The processing is necessary for us to perform our contract with you or for requested pre-contractual steps and services.||Performance of our contract with (a), (b), (c), (d), (e), (f) you (based on our applicable general terms and conditions) and, where relevant, provision of the correlated services and features or execution of the orders requested by you||(a), (b), (c), (d), (e), (f)|
|Management of subsequent payments and invoicing||(a), (b), (c), (d), (e), (f)|
|Verify your identity and those of persons related to you where necessary (KYC/AML/CTF obligations)||(a), (b), (d), (f)|
|Process personal information about third parties to provide our services to our clients.||(a), (b), (c), (d), (e), (f)|
|The processing is necessary to comply with our legal and regulatory obligations||Accounting and bookkeeping obligations||(a), (b), (c), (e), (f)|
|Prevent fraud||(a), (b), (c), (e), (f)|
|The processing is necessary for our or a third party’s legitimate interests (as listed here) and where your interests do not override these interests||Organise marketing activities and commercial communications, such as the distribution of newsletters, newsflashes and brochures or invitations to seminars and events, it being noted that data subjects have the right to object at any time and free of charge to such processing by unsubscribing or contacting the data officer at email@example.com||(a), (b), (c), (d), (e), (f)|
|Ensuring the maintenance of our IT systems or repairing any IT defects or failures; securing communication channels and IT systems|
|Conducting internal or external audits|
|Where applicable, managing disputes, complaints and litigation concerning you|
|Communicating and answering to a Visitor’s request||(a), (f)|
|Defend our own interests in case of disputes, litigation or claims arising in relation to our services|
Achieve maximum efficiency in our internal organisation, including from an administrative and information technology standpoint
Protect our tangible and intangible assets, including our premises, our information technology infrastructure and the content accessible thereon, our intellectual property rights and our reputation
Organise meetings, seminars and events, for which we may process information about your dietary requirements, hobbies and family (e.g. to adapt our invitations to your interests)
Connect and communicate through social media
Improve our marketing activities and communication, including through our website by monitoring its use
Reorganise ourselves including through mergers, acquisitions or transfers of whole or parts of our business
Perform the services requested from us
|(a), (b), (c), (d), (e), (f)|
|The processing is made with your consent||The processing is made with your consent (in which case you may withdraw your consent at any time, without this affecting the processing carried out before such withdrawal and without prejudice to retention or processing that may be required from us by law)||(a), (b), (c), (d), (e), (f)|
4. Who we share Personal Data with?
id Ship and id Market being online services, some of your Client Data may be accessed by others on a worldwide basis.
In principle, id Linked may disclose client data for all of its services to the following recipients (the “Recipients“) to the extent we deem such disclosure or transmission to be necessary or desirable for satisfying the Purposes:
(a) other Customers as provided for in the general terms and conditions of the id Ship and id Market services and other services provided by id Linked;
(b) our internal and external auditors and legal or other advisers located in Luxembourg or in EU foreign countries;
(c) our employees
(d) any legal or natural person (in Luxembourg or abroad) to whom our Customer directs or permits us to disclose personal information;
(e) administrative, regulatory, governmental or judicial bodies in Luxembourg or abroad as may be required by the laws of any jurisdiction applicable to us;
(f) our service providers as follows:
|Service Provider / Activity||Industry/sector||Location|
|Billing and invoicing||Payment and debt collection agency||Luxembourg and EU countries|
|Insurance service provider||Insurance||Luxembourg and abroad|
|Information technology service providers and consultants located in Luxembourg for hosting, back-up, and maintenance IT security and IT support purposes||Information technology/hosting, Telecom operator||Luxembourg and EU countries|
|Third-party service providers who assist us in organising seminars and events and who host such events;|
Third parties, on a confidential basis, for the purposes of collecting your feedback on our services.
|Marketing||Luxembourg and abroad|
|Accountants, advisers, auditors or fiduciary firms and other service providers or other third parties related to our customers||Luxembourg and abroad|
(g) public, governmental, administrative (such as the Administration des contributions directes and the Enregistrement des domaines) or judicial entities in Luxembourg or EU/EEA foreign countries.
Photos or videos taken during events we host or participate in are likely to be published, in paper or electronic format, including on the internet (such as press releases, national and international newspapers and magazines, our website and social networks such as YouTube and LinkedIn). Thus, when you agree to appear on a photograph at our events, we consider that you agree to the reproduction and publication of your image (as indicated above).
5. For how long do we keep Personal Data for?
We will not keep Client Data for longer than the time necessary for satisfying the Purposes, subject to the legal periods of limitation (in principle 10 years for commercial matters) and to the situations where applicable laws require or allow Client Data to be retained for a certain period of time after the termination of the contractual and commercial relationship (such as the legal obligation to keep accounting documents for a period of 10 years).
Without prejudice to the generality of the foregoing:
(a) Log-files data are erased on a 14-days basis;
(b) personal information processed for the purpose of performing the services requested from us will be retained as long as we need to retain such client information in order to fully accomplish our assignment without prejudice to the possibility of keeping records of such personal client information based on the permitted legal limitation periods (either in civil or criminal law);
(c) personal client information processed for the purpose of complying with our legal and regulatory obligations may be retained on the basis of the statutory limitation periods (either in civil or criminal law);
(d) personal client information processed for the purpose of dealing with customer relationship management will be kept for as long as necessary or useful for the performance of the services requested from us;
(e) personal information processed for the purpose of our marketing activities will be kept for as long as we receive no “opt-out” or “undeliverable” message;
(f) personal information processed for the purpose of issuing invoices will be kept on the basis of the aforementioned legal obligation to keep accounting documents for a period of 10 years after the end of the accounting period to which they relate.
We may also keep and process Client Data about you after the termination of our contractual and commercial relationship for specific purposes such as the compliance with legal obligations or the establishment, exercise or defence of legal claims.
6. What are your rights?
Subject to the conditions of the Data Protection Legislation, you may:
(a) obtain from us confirmation as to whether or not personal data relating to you is being processed, and, where that is the case, access the personal data and relevant information in that regard;
(b) obtain from us without undue delay the rectification of inaccurate Client Data relating to you and, taking into account the purposes of the processing, the right to have incomplete Client Data completed;
(c) obtain from us that we erase Client Data relating to you, although we might not always do so for example if we have a legal obligation to keep such Personal Data;
(d) ask a restriction of the processing of Client Data relating to you (i.e. the marking of stored Client Data with the aim of limiting their processing in the future);
(e) where relevant, request to receive Client Data concerning you which you have provided to us on the basis of the contract with us in a structured, commonly used, machine-readable format, and to transmit it to another controller;
(f) on grounds relating to your particular situation, object to the processing of Client Data relating to you that we carry out on the basis of the legitimate interest we pursue; in such a situation we shall stop processing such Client Data except if we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You can exercise your above-mentioned rights by contacting our data protection officer at firstname.lastname@example.org.
You also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or of an alleged infringement of the GDPR (i.e. the “Commission Nationale pour la Protection des Données” in Luxembourg – www.cnpd.lu).
In case you do not wish your image to be captured or disclosed, you shall inform us before the event at email@example.com or during the event by approaching one of our staff members or one of the organisers. Otherwise, we will consider that we have your agreement to process your image for the purposes disclosed herein.
7. What we expect from you?
We request that you inform us in writing and without undue delay about changes in the information you provided us about you so that we can keep it up to date.
If you provide us with Client Data not relating to you (e.g. information about your directors, employees or other staff members and/or agents, representatives, beneficial owners, shareholders, etc.), you must first inform them about this fact and make sure they acknowledge that we can use such information as set out in this data protection notice. In particular, you must provide them with the information relating to their rights as data subjects. We will consider that these individuals are informed of the processing of Client Data relating to them that we may carry out and of the transfer of their Client Data to third parties as described above and that, as far as necessary, our Customers obtained these data subjects prior written consent.
8. How you can obtain more information?
If you would like to receive more information on how we process Client Data relating to you, please contact firstname.lastname@example.org.
9. How we will update this data protection notice?
Changes may occur in the way we process information about you. In case these changes oblige us to update this data protection policy, we will bring this to your attention and may do so by any means such as by email, letter, hyperlink to our intranet or otherwise. The latest version will always be available here www.idlinked.eu/dataprotection-policy.
10. Third party links, social media and cookies
The “id Linked” Website may include links to third-party websites, plug-ins and applications while id Ship and id Market may also use cookie/tracking technology. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites (and in particular the subsequent processing operations they may carry out after having received the personal data) and are not responsible for their own privacy statements or general conditions as applicable. When you leave the “id Linked” Website, we encourage you to read the privacy notice and general conditions of every third-party website you visit.