Skip to main content

Privacy policy

DATA PROTECTION – GDPR – Information notice (July 2019)

For the attention of individuals who access and use UEL websites and online accounts and subscribers of the UEL Newsletter

The purpose of this notice is to define the conditions under which personal data is processed and collected in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, or “GDPR”).

Which types of personal data are processed?

Personal data is any information that allows a natural person (referred to as the “data subject”) to be identified, either directly or indirectly.

UEL can currently be expected to process the following types of data:

  • surname, first name, gender, institution or company, job title, postal address, email address, telephone number, membership date;
  • information on connections to UEL websites and social media accounts (Google Analytics and related cookies, MailChimp, ) such as pages viewed, the date and time of access, the IP address, the sites that directed people to UEL websites and online accounts, the geographical area and the computer equipment used.

This information is primarily supplied by the data subject directly, in particular through contact with a UEL representative or employee or via UEL websites and online accounts. By way of exception, surnames, first names, institutions or companies, job titles, postal addresses, email addresses and telephone numbers may also be obtained by consulting information readily available to the public, such as telephone directories, websites, press reports and press releases.

For what purpose is the personal data processed and what is the legal basis for the processing?

Data is processed within the framework of the overall management of UEL’s activities, namely:

  • for the usability and optimisation of the sites and online accounts
  • for the sending of newsletters
  • for administrative management purposes;
  • for statistical purposes.

Where UEL has not entered into a contract with the data subject, and the processing neither requires the consent of the data subject nor is in reponse to a legal obligation, UEL processes the personal data on the basis of a legitimate interest, according to its mission (see “A propos de l’UEL” [About UEL), unless the interests or fundamental rights and freedoms of the data subject prevail.

Who is the personal data communicated to and for how long is it stored?

The personal data is for non-commercial internal use only. It may be shared for information technology purposes only with service providers in Europe and in third countries subject to producing sufficient guarantees in line with the GDPR, to perform the contract between UEL and its members within the framework of its mission (see “A propos de l’UEL” [About UEL] or for any other legitimate legal reason.

UEL draws attention to the fact that information on connections to UEL websites and online accounts as well as the IP address can be collected and processed by internet operators such as Google to evaluate site usage and provide other services in connection with internet use. The data subject is responsible for managing or disabling cookies using their browser options.

The personal data may be stored, copied to servers or back-up servers or archived by UEL for as long as necessary to complete the aforementioned activities or for legitimate legal reasons, respectively as long as the concerned person has not asked to be unsubscribed from the distribution list of the Newsletters.

What are your rights?

UEL will take all reasonably practicable technical and organisational measures to protect the personal data against loss, misuse, unauthorised access, disclosure, modification or destruction.

Under the conditions laid down in the GDPR, you have the right to access and obtain a copy of your data (Article 15), to obtain the rectification of any inaccurate or incomplete data (Article 16), to object to the processing of your data (Article 21), to have your data erased (Article 17), to data portability (Article 20) and to restriction of processing (Article 18).

If consent constitutes the legal basis of the personal data processing, you can withdraw your consent at any time by notifying UEL without prejudice to the legality of the processing carried out prior to consent being withdrawn.

UEL processes personal data for business purposes. Should UEL be informed that the data concerns a child, it will be deleted from the systems as quickly as possible.

Should you have any questions or wish to assert your rights or lodge a complaint, please contact:

Union des Entreprises Luxembourgeoises (Protection des données)

7, rue Alcide de Gasperi, B.P. 3024 L-1030 Luxembourg-Kirchberg

Phone: +352 26009-1




If you believe that the UEL is processing your data in breach of the GDPR, you can also submit a complaint to the National Data Protection Commission (CNPD) (



UEL shall make every effort to ensure that the information and data available on its websites and online accounts is accurate and up to date. To the best of UEL’s knowledge, this information and data has been collected and compiled from reliable sources. UEL cannot however be held responsible for any errors in, omissions from, alterations to or delays in updating said information and data. Users of UEL websites and online accounts should therefore check the accuracy of this information and data before using it to make any decisions. They agree to use this information and data at their own risk.

UEL websites and online accounts provide links to third-party websites for information purposes only. UEL shall not be held responsible in any way for the management and content of such websites nor for their level of data protection. Users of UEL websites and online accounts acknowledge that they access such third-party websites at their own risk.

Amendment of the notice

UEL reserves the right to amend this notice at any time and without prior notice. Data subjects are responsible for ensuring that they have access to the most recent version.

GDPR – July 2019 Notice – the French version shall prevail over any translation