Privacy

This Privacy Notice describes how this website process personal data. It applies if you:

  • use EcoCitizen SARL-SIS’s websites:
  • communicate with EcoCitizen SARL-SIS (for example, by e-mail or phone);
  • access EcoCitizen SARL-SIS’s cloud products or services as an authorized employee of a EcoCitizen SARL-SIS customer;
  • participate in EcoCitizen SARL-SIS’s forums, portals and other events or are another data subject from whom EcoCitizen SARL-SIS receives personal data.

This Privacy Notice only applies when EcoCitizen SARL-SIS processes personal data in its role as a data controller. It does not apply if EcoCitizen SARL-SIS processes personal data as a processor (in which case, we enter into Data Processing Agreements with our customers to ensure compliance). EcoCitizen SARL-SIS may change this Privacy Notice at any time. EcoCitizen SARL-SIS provides access to archived prior versions via the link above in this Privacy Notice.

  1. Who is responsible for your data and how to contact EcoCitizen SARL-SIS’s data protection officer? EcoCitizen SARL-SIS, 562, rue de Neudorf, L-2220 Stad Lëtzebuerg, LËTZEBUERG (LU) is the data controller in accordance with Article 4 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). EcoCitizen SARL-SIS’s Data Protection Officer can be reached by email at privacy[at]ecocitizen.lu or by post at the following address: EcoCitizen SARL-SIS, 562, rue de Neudorf, L-2220 Stad Lëtzebuerg, LËTZEBUERG (LU).
  2. Which kinds of personal data does EcoCitizen SARL-SIS process? EcoCitizen SARL-SIS collects personal data directly from you, your contacts and public sources. Customers and suppliers may provide personal data to EcoCitizen SARL-SIS. In this case, the customer or supplier ensures that the personal data is transferred to EcoCitizen SARL-SIS in accordance with applicable data protection law. Below you will find a list of the categories of personal data which EcoCitizen SARL-SIS processes:
  • Computer Internet Protocol (IP) address, date and time of use, operating system and information on the Internet browser used including installed add-ons, internet address of the website from which the online offer was accessed (so-called origin or referrer URL) (“device data”);
  • Name, e-mail, employer, business address, profession, gender, contact details (“business data”);
  • Name, username, passwords (“account login data”);
  • Personal data of employees and other contacts of customers, billing details (“customer data”);
  • Event registrations and participation, user behavior, service requests, downloads (“marketing data”);
  • Communication data, documents and materials exchanged in the course of conducting customer business (“conduct data”);
  • CVs, cover letters and other data exchanged in connection with a job application to EcoCitizen SARL-SIS (“applicant data”);
  • Passports or other identification documents, date of birth (“verification data”).

Special categories of personal data, such as health data, trade union membership, religious affiliation, will only be processed if required by law (Art. 9(2)(b) GDPR) or if you have given your explicit consent (Art. 9(2)(a) GDPR). We do not routinely process special categories unless strictly necessary.

For which purposes do we process data and on what legal basis? EcoCitizen SARL-SIS processes personal data for the following purposes and on the following legal bases under GDPR Article 6. We do not engage in automated decision-making, including profiling, that produces legal effects or similarly significantly affects you (Art. 22 GDPR). If this changes, we will update this Notice and notify you where required.

  • Providing services: Equipment, business, account login, and customer data are processed to provide services and fulfill contracts with customers. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
  • Internal business processes and customer/supplier management: Business, account login, and customer data are processed to manage operations efficiently. Legal basis: Our legitimate interests in maintaining effective business operations and relationships (Art. 6(1)(f) GDPR).
  • Marketing: Business, account login, marketing, and device data are processed to provide information about events, products, services, news, conferences, forums, portals, and networking opportunities, and to respond to your requests. You can object to marketing at any time. Legal basis: Our legitimate interests in promoting our business (Art. 6(1)(f) GDPR), or your consent (Art. 6(1)(a) GDPR) where required (e.g., for electronic marketing). In some countries, prior consent is requested.
  • Website usability: Device data is processed to make our websites user-friendly and tailored to your needs. Legal basis: Our legitimate interests in improving user experience (Art. 6(1)(f) GDPR), or your consent (Art. 6(1)(a) GDPR).
  • Security and stability: Business, account login, conduct, and device data are processed to detect illegal behavior. Legal basis: Our legitimate interests in protecting our systems and users (Art. 6(1)(f) GDPR).
  • Legal compliance: Business, verification, account login, conduct, and device data are processed to meet legal obligations (e.g., tax or anti-fraud requirements). Legal basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR).
  • Applicant management: Applicant and verification data are processed to fill vacancies. Legal basis: Steps necessary to enter into an employment contract (Art. 6(1)(b) GDPR), our legitimate interests in recruitment (Art. 6(1)(f) GDPR), or legal obligations (Art. 6(1)(c) GDPR).
  • Portals and forums access: Account login data is processed to enable use of our portals and forums. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) or our legitimate interests in providing community features (Art. 6(1)(f) GDPR).
  • Forum contributions: Account login and device data are processed to publish your posts and defend against liability for illegal content. Legal basis: Our legitimate interests in facilitating discussions and mitigating risks (Art. 6(1)(f) GDPR), or your consent (Art. 6(1)(a) GDPR).

How does EcoCitizen SARL-SIS process your personal data by using cookies? Through the use of cookies and related technologies (“cookies”), we process data, which may include personal data, for advertising and analysis purposes, to tailor our website to your interests, to display or send you information about us where necessary with your consent, and to keep you informed about our products and services that may be of interest to you. We also use cookies to understand how our services are used so that we can improve them. For example, we use cookies for analytics and diagnostic purposes to improve our products and services, and to measure and analyze the use and performance of our services. Based on this technology, we may receive evaluations from our service providers, which may include personal data – if you have given your consent – or aggregated data. Aggregated data cannot be used to draw any conclusions about your person. Below you will find general descriptions of the types of cookies used on our websites, including the purposes and legal basis.

  • Required cookies: Necessary cookies enable navigation and basic functions of the websites, e.g., access to protected areas. Legal basis: Our legitimate interests in ensuring website functionality (Art. 6(1)(f) GDPR).
  • Functional cookies: Functional cookies allow us to analyze your use of the website and your defaults (e.g., login name, language, or region) to remember preferences and provide a personalized experience. Legal basis: Your consent (Art. 6(1)(a) GDPR).
  • Advertising cookies: We use third-party vendors to track usage and display interest-based ads across devices. This helps analyze marketing effectiveness. Legal basis: Your consent (Art. 6(1)(a) GDPR).
  • Cookie settings: You can choose how we use functional and advertising cookies by changing the cookie settings in “Cookie Preferences” at the bottom of this page. Consent is granular and easy to withdraw. You can also control cookies via browser settings, though this may restrict functionalities. Required cookies are set automatically as they are essential.

To which recipients do we transfer your data and what happens in case of transfer outside the EEA? EcoCitizen SARL-SIS shares personal data with other EcoCitizen SARL-SIS companies and service providers. All recipients only receive personal data that is required for the performance of the commissioned service or fulfillment of the respective required purpose. Therefore, personal data will only be transferred to:

  • Affiliates of EcoCitizen SARL-SIS, to process communications and enquiries;
  • Service providers in countries where EcoCitizen SARL-SIS operates, for IT, administration, hosting, analytics, marketing, and customer management;
  • EcoCitizen SARL-SIS’s customers, to resolve account issues;
  • Third parties hosting forums, portals, events;
  • Consultants, for legitimate interests or legal compliance;
  • All users of forums/chat groups, for your posts;
  • Authorities, where legally required or to enforce/defend rights.

All service providers are bound by contracts to process data only on our instructions (Art. 28 GDPR). Transfers to recipients outside the EU/EEA (without an adequacy decision) use safeguards under GDPR Chapter V, e.g., EU Standard Contractual Clauses, Binding Corporate Rules, or the EU-US Data Privacy Framework (for US transfers). Examples of third countries include the US (for certain analytics providers).

  1. How long do we store your data? EcoCitizen SARL-SIS anonymizes or deletes personal data as soon as it is no longer required for the purposes above, unless legally required to retain it (e.g., billing data for up to 10 years under tax laws). For legal claims, data is retained until statutes of limitations expire (typically 3-10 years) or proceedings end. Marketing data is stored until you unsubscribe. Forum/portal account data is stored while registered; public posts remain visible (as “Guest” after deletion), with IP addresses stored for 14 days. Contact form data is stored until the purpose is fulfilled or you request deletion/revoke consent, subject to legal holds.
  2. To whom can you address your right to object to processing of personal data? You may object at any time to processing based on legitimate interests (Art. 21 GDPR), including marketing or profiling. We will stop processing unless we demonstrate compelling legitimate grounds overriding your interests. To object, contact our Data Protection Officer as above.
  3. What other rights do you have? You may contact EcoCitizen SARL-SIS’s Data Protection Officer at any time and free of charge (unless requests are manifestly unfounded or excessive) to exercise your rights (Arts. 15-22 GDPR):
  • Request information about personal data we process (access);
  • Request rectification of inaccurate or incomplete data;
  • Request erasure, unless processing is necessary for freedom of expression, legal obligations, public interest, or legal claims;
  • Request restriction if accuracy is contested, processing is unlawful, or during objection verification;
  • Receive your data in a structured, common, machine-readable format (portability) or have it transferred to another controller;
  • Not be subject to automated decision-making with legal effects (none currently applies);
  • Lodge a complaint with a supervisory authority, such as the Commission Nationale pour la Protection des Données (CNPD) in Luxembourg (website: cnpd.public.lu; address: 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg).

For more details, contact our DPO.

  1. Who can you contact if EcoCitizen SARL-SIS processes your personal data on behalf of a customer? Your data may be processed as part of cloud products/services provided to customers. The customer is the controller; we act as processor under a Data Processing Agreement. Direct enquiries to the customer; we provide information only per their instructions.
  2. What additional foreign regulations apply? For residents of non-EU countries, respective local privacy notices apply in addition to this Privacy Notice.